CSDDD: due diligence at the heart of new European regulations

CSDDD: due diligence at the heart of new European regulations

The CSDDD introduces into European law the notion of corporate duty of care with regard to environmental protection and respect for human rights. This new tool, which will reinforce the CSRD, will also make companies operating in the EU more aware of the potential impact of their operations and of the activities of their entire value chain.

François Tréfois

François Tréfois

CSR & ESG Expert


The Corporate Sustainability Due Diligence Directive, currently under discussion between the European Parliament, the European Commission and the European Council, should be adopted in the course of 2024.

This new directive is fully in line with the CSRD, and introduces at European level the concept of due diligence to which companies will soon be subject in terms of human rights and environmental protection.

It will also harmonize the various national legislations within the European Union that have already incorporated this concept.

What is the CSDDD?

The CSDDD, for Corporate Sustainability Due Diligence Directive, is a European directive designed to impose a duty of care on companies in terms of sustainability, linked to respect for human rights and environmental protection.

This directive will oblige companies to ensure that their activities do not harm the environment, and that they respect the Universal Declaration of Human Rights. This duty of care applies not only to companies' direct activities, but also to their entire value chain, i.e. their subsidiaries, their supply chain and the activities of all their business partners.

Companies subject to the CSRD will have to publish information on the risks identified, the measures taken to mitigate these risks and the results observed as a result of these measures in their CSRD sustainability reporting.

Those not subject to the CSRD will have to publish an annual declaration on the subjects covered by the CSDD on their website.

The key concept of due diligence

In concrete terms, what is the corporate duty of care?

While this notion has relatively different scopes of application around the world, in the context of the CSDD, it can be defined as the obligation for companies to prevent human rights, environmental and governance risks associated with their operations and those of their subsidiaries, subcontractors and suppliers.


The notion of prevention is key. It implies that companies must be able to anticipate these risks, and not simply deal with problems once they have arisen. This requires companies to carry out a complete mapping of the risks they and their stakeholders are likely to face, and to set up a vigilance plan aimed at preventing the risks identified.

Failure to comply with these obligations may result in sanctions. In the event of an actual problem, the company will have to be able to prove that it occurred, despite having put in place a reliable prevention process designed to reduce its occurrence and mitigate its impact.

What obligations do companies have?

The CSDDD therefore introduces new obligations for companies, in line with the duty of care and the objectives set by the European Union as part of the Green Pact for Europe.

Concerning the duty of care with regard to human rights and the environment, companies will have to :

  • Integrate the duty of care into their governance policy (code of conduct, procedures, etc.) and risk management system
  • Identify actual or potential negative impacts related to their operations and those of their value chain
  • Develop a system to anticipate, mitigate or h alt potential or actual negative impacts
  • Implement procedures for receiving and managing complaints
  • Monitor the effectiveness of our vigilance policies and measures
  • Communicate publicly on the duty of vigilance and the policy implemented in this area

The CSDDD also includes obligations concerning a company's environmental policy. They must commit to adopting a transition plan aligned with the objective of maintaining global warming at 1.5 degrees, in line with the ambition set out in the 2015 Paris Agreements. This is an obligation of means. To achieve this, they must :

  • Identify the risks posed by climate change to their activities
  • Implement concrete actions to monitor the transition plan underway
  • Draw up a financial plan to support these actions and anticipate the risks associated with climate change.

Finally, the European Parliament wanted to add a specific obligation for companies with over 1,000 employees. This will link the remuneration of company directors to the effective implementation of the climate transition plan. The aim is to step up the pressure on managers to ensure that the actions they take are more than just announcements.

Strong links with CSRD

The Corporate Sustainability Due Diligence directive is closely linked to the CSRD, which comes into force on January 1, 2024. In a way, it complements this directive on extra-financial reporting on ESG indicators, by making it compulsory for companies to report on certain elements within the framework of the CSRD.

The most obvious links concern, unsurprisingly, the environmental dimension. The due diligence process requires companies to map the sustainability risks associated with their operations. In the context of the CSRD, this is a subject on which they are obliged to report in their double materiality analysis.

Similarly, the CSDD requires companies to have a climate transition plan. This is also a subject on which they are obliged to report as part of the CSRD, by setting targets for reducing their GHG emissions by 2030 and 2050, in line with the European Green Pact itself linked to the Paris Agreements.

Who is affected by the directive

As negotiations currently stand, the CSDDD should concern several tens of thousands of European and non-European companies, according to various criteria of size, sales and sectors of activity.

All European companies meeting the following criteria will be affected in the first instance:

  • More than 500 employees
  • Sales in excess of 150M euros worldwide

The CSDDD will also apply to companies operating in certain sectors deemed to be at risk (textiles, agriculture, the food industry, mining, trade in agricultural raw materials, construction activities, etc.), which are still being defined. To be subject to the CSDDD, these companies will have to meet the following criteria:

  • More than 250 employees
  • sales in excess of 40M euros worldwide, provided that more than 20M of these sales come from their activities in the sectors concerned

Finally, as with the CSRD, certain non-European companies will be subject to the same obligations. This concerns companies meeting one of the following two criteria:

  • Sales generated within the EU in excess of 150M euros
  • If the company is active in one of the above-mentioned risk sectors, sales generated within the EU in excess of 40M euros, including at least 20M euros from operations in these sectors.

Controls and penalties

Implementation of the CSDDD obligations will of course be monitored. Each member state of the European Union will have to designate the supervisory authority in charge of monitoring compliance with all obligations under the directive.

In parallel, the European Commission will set up a European network made up of representatives of the supervisory authorities in each member state.

EU Member States remain free to define the penalties applicable to companies operating on their territory which fail to meet the obligations set out in the CSDDD.

Nevertheless, the European Commission has opened the door to a relatively heavy range of sanctions, which may well exceed those implemented under the CSRD.

The framework set by the European Commission indicates that financial penalties will have to be proportional to the worldwide sales of the company concerned, reminiscent of the types of penalties already implemented under the RGPD. However, this penalty must not exceed 5% of the company's turnover.

The Commission also relies on the "Name and Shame" principle, which involves publicly naming companies that fail to meet their obligations, in order to increase pressure from their various stakeholders.

Corporate responsibility

In addition to this package of sanctions, there are also those linked to the company's civil liability in the event of actual damage to the environment or proven violation of human rights.

The company will therefore be considered liable for damage caused to a natural or legal person under certain conditions:

  • it has been proven that the company has intentionally or negligently breached its duty of care to prevent, mitigate or halt potential or actual negative impacts
  • as a result of the breach referred to above, it will have caused damage to the legal interest protected by the national law of the natural or legal person concerned

This liability does not apply if the damage was caused solely by one or more of the commercial partners making up its value chain.

Once the company's liability has been established, the natural or legal person who has suffered the damage will be entitled to full compensation in accordance with the national law of the country in which the damage was reported.

What's the timetable for implementation?

As the CSDDD is still being negotiated between the various European institutions, the timetable for implementation has not yet been set.

The draft directive is due to be voted on during 2024. EU member states will then have 2 years to transpose it into their national legislation.

Effective application is therefore not expected before 2026.

Regulations already applied across Europe

The concept of due diligence has already been incorporated into national legislation in several European countries.

In France, it has existed since February 21, 2017, the date of adoption of the law N° 2017-399. This concerns French companies with more than 5,000 employees and foreign companies with more than 10,000 employees in France. This law requires the companies concerned to set up a vigilance plan on social and environmental issues concerning their activities and those of their subsidiaries and business partners in France and abroad. However, there is no mention of a mandatory environmental transition plan.

Germany has introduced a similar regulation in 2021 via the LkSG (Lieferkettensorgfaltspflichtengesetz), known as the Supply Chain Due Diligence Act. This requires companies with at least 3,000 employees (1,000 from January 1, 2024) in Germany to implement a plan to prevent and mitigate environmental risks and potential human rights violations within their business. This obligation also takes into account the entire value chain of the companies concerned, in Germany and abroad.

Similar regulations also exist outside the EU. These include the Modern Slavery Act in the UK, effective since 2015, and the ULFPA in the USA, to be implemented in 2021.

The CSDDD will therefore also have the task of harmonizing existing regulations within the EU.

Far from being a mere copycat of national regulations, the CSDDD broadens their scope of application and increases the possibility of sanctions against companies that fail to comply with its rules, although these remain subject to the will of the member states in charge of enforcement.

Sources :

On the same theme

Let's talk about your decarbonisation challenges

Request a demo