POLICY & GOVERNANCE / MANDATORY — TRANSFORMATION
CSDDD
Corporate Sustainability Due Diligence Directive
The EU law that moves beyond reporting into action. Where CSRD requires companies to disclose their supply chain impacts, CSDDD requires them to identify those impacts and take steps to prevent or remedy them. The difference matters: one is a transparency obligation, the other is a duty of care.
In 30 seconds
CSDDD (Directive 2024/1760) is EU law requiring large companies to conduct human rights and environmental due diligence across their operations and value chains — and to prevent, mitigate, or remedy adverse impacts they identify. It entered force in July 2024 and applies from 2028 for the largest companies.
It applies to EU companies with 1,000+ employees and €450m+ turnover, and to non-EU companies with equivalent EU revenue. Enforcement includes fines of up to 5% of worldwide turnover. A civil liability mechanism (allowing affected parties to sue in EU courts) is included in the text, though its scope remains politically contested.
The supply chain effect: A UK business supplying a CSDDD-obligated EU company sits inside that company's value chain. The buyer's due diligence obligation flows upstream — through contracts, audits, and data requests — to the supplier. You do not need to be directly subject to CSDDD for it to affect you.
CSDDD vs CSRD — the critical distinction
These two directives are frequently confused. They were designed as a pair: CSRD produces the disclosure; CSDDD produces the action. Companies subject to both do one integrated process and report it once.
| CSRD — reporting | CSDDD — due diligence | |
|---|---|---|
| What it is | A reporting obligation. Discover what your supply chain does and disclose it. | A due diligence duty. Identify what your supply chain does and take steps to stop the harm. |
| Core question | What are your sustainability impacts, risks, and opportunities? | Are you causing harm through your operations or supply chain — and are you doing something about it? |
| Standard used | ESRS (European Sustainability Reporting Standards) — detailed disclosure templates | OECD Guidelines for Multinational Enterprises + UN Guiding Principles on Business and Human Rights |
| Value chain scope | Disclosure covers full value chain where material. No obligation to change supplier behaviour. | Active due diligence required across own operations, subsidiaries, and established business relationships. Obligation to act where harm is identified. |
| Enforcement | Regulatory supervision and audit by national competent authorities. No direct civil liability. | Administrative fines (up to 5% of worldwide turnover). Civil liability provisions included (contested but present). |
| Who it applies to | Large EU companies (post-Omnibus: 1,000+ employees); large non-EU companies with EU operations | Large EU companies (1,000+ employees, €450m+ turnover); non-EU companies with €450m+ EU turnover — narrower than CSRD |
Six due diligence obligations
CSDDD specifies what “due diligence” means in practice. It is a process, not a destination: integrate, identify, prevent, remediate, communicate, and monitor. The process runs continuously, not as a one-off exercise.
Embed human rights and environmental due diligence into corporate policies and management systems. Requires a published due diligence policy and a code of conduct for suppliers.
Map and assess actual and potential adverse impacts across own operations, subsidiaries, and established business relationships in the value chain. Risk-based approach: focus on the most severe and likely impacts first.
Where an adverse impact has not yet materialised, take preventive action: adjust sourcing, contractual requirements, supplier capacity building. Termination of the relationship is a last resort after prevention efforts fail.
Where an adverse impact has already occurred, provide or contribute to remediation. This may be financial compensation, operational changes, or participation in broader remedy mechanisms (e.g. grievance procedures, multi-stakeholder initiatives).
Create or participate in accessible, legitimate processes for affected people and communities to raise complaints. The mechanism must be effective and must lead to genuine engagement.
Assess the effectiveness of due diligence measures at least annually. Report publicly on the due diligence process. This reporting overlaps with CSRD disclosure, allowing a single reporting cycle to serve both.
Who it applies to — and how the supply chain reach works
The direct scope is narrower than CSRD. The indirect reach is considerably broader.
Post-Omnibus thresholds (current direction)
- ✓EU companies: 1,000+ employees AND €450m+ net worldwide turnover
- ✓Non-EU companies: €450m+ net EU turnover (a subsidiary or branch must exist)
- ✓Parent companies: may fulfil obligations on behalf of subsidiaries where they share policies and systems
These thresholds apply to the first phase of application (from 2028). Lower thresholds for wider rollout were proposed in the original directive but are under active revision via the Omnibus process.
What counts as the "value chain"
- ✓Own operations and subsidiaries: always in scope
- ✓Direct suppliers (Tier 1): always in scope
- ✓Indirect suppliers (Tier 2+): in scope where the company has "established business relationships" — defined as durable, direct, and substantial
- ✓Downstream distribution and retail: in scope for some sectors (financial services excluded from downstream in current text)
The practical effect: a UK food company buying from an EU-regulated buyer is in that buyer's value chain. The EU buyer's CSDDD obligations flow upstream to the UK supplier through contractual requirements and audit demands.
Timeline
Omnibus note: EU Omnibus I came into force on 18 March 2026, raising CSDDD thresholds and easing timelines, and is still adjusting the scope of civil liability. The outline above reflects the current best understanding; check the current Omnibus status before advising on CSDDD compliance planning.
The Pandion view on CSDDD
CSRD tells you what to say. CSDDD tells you what to do. They are not the same obligation.
The confusion between reporting and due diligence is widespread. A company can complete a CSRD disclosure of its supply chain human rights risks without being obligated under CSDDD to change anything. CSDDD is the legal duty that actually requires action. For upstream suppliers, the practical difference is: CSRD creates a data request; CSDDD creates an audit, a contractual obligation, and potentially a remediation demand.
If your buyer is CSDDD-obligated, their due diligence obligation flows to you.
A UK farm or estate supplying a large EU food company is upstream of a CSDDD-obligated entity. That entity must assess and address adverse impacts in its supply chain. In practice, this means: supplier questionnaires, site visits, contractual clauses requiring compliance with environmental and human rights standards, and potential de-listing if issues are found and not remediated. Building verified sustainability credentials now makes that audit easier.
The civil liability clause is contested but present.
The original CSDDD text includes civil liability provisions allowing affected parties to sue companies in EU member state courts for harm caused by failure to conduct adequate due diligence. This provision is under active political pressure and may be weakened further. It matters because it means CSDDD is not purely an administrative compliance exercise — it carries potential litigation exposure, particularly for companies operating in or sourcing from high-risk jurisdictions.
CSDDD and CSRD are designed to work together, not separately.
The due diligence process required under CSDDD generates exactly the information that CSRD requires to be disclosed. Companies subject to both do one integrated process: identify impacts (CSDDD), then disclose what you found and what you did about it (CSRD). The reporting overlap means companies that invest in genuine CSDDD compliance have most of their CSRD content produced as a by-product.
Where to go next
CSRD & UK SRS
CSRD is CSDDD's reporting partner — the disclosure obligation that works alongside the due diligence duty
EUDR
The specific deforestation due diligence regulation — complementary to CSDDD for agricultural and forestry supply chains
TNFD
CSDDD's due diligence process generates the nature dependency and impact data that TNFD requires for disclosure