CSDDD Is Coming: How Smart Companies Are Preparing for New Compliance Requirements

When the EU adopted the Corporate Sustainability Due Diligence Directive (CSDDD), the message was clear: corporate sustainability isn’t optional anymore.

For years, companies have published glossy ESG reports and value statements. Now, they need a real, actionable framework that embeds sustainability into their business model, actively managing human rights and environmental impacts across operations and supply chains.

Across Europe, sustainability leads, compliance officers, and legal teams are asking the same question: “What does real CSDDD compliance look like in practice?”

This guide breaks down the CSDDD’s key requirements, what the new report must include, and how forward-thinking companies are already getting ready.

Understanding the EU’s Corporate Sustainability Due Diligence Directive 

The Corporate Sustainability Due Diligence Directive sets legally binding standards for large companies operating in the European Union, holding them legally accountable for their impact on human rights, climate change, and the environment. 

The CSDDD intends to make corporate sustainability more than a shiny slogan. That means you’re not just talking about responsible practices, you’re living them.

It turns sustainability from a reporting checkbox into a governance-driven business model that requires measurable action, performance tracking, and proactive risk management.

Who does it apply to?

• EU companies with 1,000+ employees and €450M+ net worldwide turnover
• Non-EU companies with similar turnover generated in the EU

Even if your company doesn’t meet these thresholds, you’ll likely feel the ripple effect. Suppliers and partners will expect detailed data from you, and your organization may still be accountable in downstream activities. 

Large companies will expect business partners and stakeholders in their value chains to provide data and demonstrate compliance readiness, so smaller businesses along the chain of activities need to be prepared, too.

What the CSDDD Requires

Before jumping into preparation, let’s clarify what the directive actually asks for. The common thread: companies must act proactively, not just report after the fact.

1. Due Diligence Process

The CSDDD is all about active environmental due diligence and human rights oversight. Companies can’t just report after something goes wrong. Compliance equals integrating a due diligence process into everyday risk management.

This process covers six key areas:

1. Embedding due diligence into policies: Make sustainability part of your governance framework, not just a side note.
2. Identifying actual and potential adverse impacts: Understand existing risks across your operations and supply chain.
3. Preventing or mitigating potential impacts: Take steps to stop harm before it happens.
4. Ending or minimizing actual impacts: Respond effectively when problems arise.
5. Establishing a complaints mechanism: Provide a safe way for employees, suppliers, or other stakeholders to raise concerns.
6. Monitoring and publicly communicating progress: Track results, adjust as needed, and report transparently.

These steps turn sustainability from a PR exercise into a real governance function, requiring collaboration across legal, HR, procurement, and sustainability teams. It’s about making due diligence a day-to-day practice, not just an annual report item.

2. The CSDDD Report

CSDDD adds a new annual reporting obligation. Companies must publish a CSDDD report on their website and submit it to the European Single Access Point (ESAP) each financial year to meet CSDDD reporting requirements.

Reports should cover:

• The company’s policies and risk assessment procedures
• Identified impacts and measures taken
• Effectiveness tracking and key metrics
• How stakeholder engagement and remediation were handled

This report complements (but doesn’t replace) Corporate Sustainability Reporting Directive (CSRD) disclosures. Integrating both without duplicating effort is one of the biggest challenges.

A central compliance dashboard combining CSRD reporting data, supply chain risk mapping, whistleblowing insights, and remediation tracking can streamline reporting and maintain CSDDD compliance across all operations.

Preparing for Compliance

Getting CSDDD-ready isn’t just about paperwork. It’s about operationalizing due diligence across your organization. Companies need value chain visibility, integrated governance, and robust reporting systems.

Step 1: Clarify Scope and Exposure

Boards often ask: “Are we in scope?”

Start by mapping which parts of your organization and which business relationships are covered under the scope of the CSDDD.

Even if you don’t meet the thresholds, you may still be exposed through clients or investors. Suppliers to large EU companies will need to provide due diligence policy information, so many organizations are mapping corporate structures and value chains early.

Timeline to keep in mind:

Most EU Member States are expected to transpose the directive around 2027–2028, meaning your transition plan should be actionable well before that. Early preparation gives you time to train teams, align systems, and engage partners without last-minute pressure.

Step 2: Assess Current Processes

Many companies already conduct ESG risk assessments, but the CSDDD demands greater traceability and proactive monitoring, especially across the supply chain. Integrating these checks into daily operations helps maintain CSDDD compliance and strengthen due diligence practices.

A common challenge is data visibility. Procurement teams often rely on self-declarations or occasional audits, leaving gaps in oversight. Review your current processes to identify where transparency and accountability can be improved across your operations and business relationships.

Tools like FaceUp can help. Whistleblowing and reporting systems capture real-time information on human rights or environmental issues, allowing companies to spot and address risks before they escalate.

Learn more about how whistleblowing can improve your ESG score.

Step 3: Build Cross-Functional Ownership

CSDDD isn’t just a legal issue. Procurement, HR, operations, risk, and sustainability teams all play a role. Strong cross-functional ownership helps integrate CSDDD into everyday decisions rather than treating it as a compliance formality.

Early adopters are forming CSDDD steering committees, blending compliance officers with sustainability and supply chain leads. The goal: embed due diligence into everyday decision-making.

Employee awareness is just as critical. Many companies are expanding training and integrating ethics and sustainability reporting tools into daily workflows.

Step 4: Engage Your Value Chain

CSDDD expects companies to involve business partners in risk mitigation. For global supply chains, that’s easier said than done.

Forward-looking organizations are:

• Sharing supplier codes of conduct
• Running joint risk workshops
• Offering capacity-building for smaller partners

Step 5: Plan for Complaints and Remediation

One of CSDDD’s unique requirements is a formal complaints mechanism. Stakeholders, including employees, trade unions, communities, and NGOs, must be able to submit concerns safely and confidentially.

Platforms like FaceUp help companies meet this obligation:

• Secure digital channels for reporting issues
• Multilingual support
• Protected whistleblower identities
• Auditable record for compliance and reporting

Having a clear, secure, and auditable complaints process helps demonstrate accountability and builds trust with internal and external stakeholders.

Integrating CSDDD with Existing ESG Frameworks

The CSDDD doesn’t replace existing legislation like the CSRD or national due diligence laws. Instead, it complements them by focusing on processes and governance rather than reporting alone.

To stay ahead, companies should align their ESG, CSRD, and CSDDD systems now to save significant time and cost later. 

A good practice is to create a central compliance dashboard, combining:

• CSRD reporting data
• Supply chain risk mapping
• Whistleblowing insights
• Remediation tracking

Digital tools designed for navigating best practices for global compliance make it easier to manage these overlaps, particularly for organizations operating across multiple jurisdictions.

The Cost of Inaction

Treating the CSDDD as just “another checkbox” is a risky strategy. Non-compliance with the CSDDD comes with real, escalating consequences: financial, legal, and reputational.

Investors, clients, regulators, and consumers will ask how you’re proving compliance, not just whether you’re talking about sustainability.

Financial & Legal Risk

Every EU Member State will designate a supervisory authority to monitor compliance and issue sanctions. These sanctions can include:

• Fines tied to global turnover: For serious breaches, penalties can reach at least 5 % of net worldwide turnover.
• Civil liability: Companies may be held responsible in national courts if they fail to meet due diligence obligations and cause harm.
• Public disclosure of penalties: Supervisory authorities must publish decisions and retain records for at least five years.

Reputational & Market Risk

The costs go beyond fines. Investors, clients, regulators, and consumers aren’t asking “Are you talking about sustainability?” They’re asking: “How are you proving it?”

• Compliance may become a criterion for public contracts and concessions, meaning companies that fail could lose market opportunities.
• Many organizations are exposed to hidden human rights or environmental risks in complex supply chains. Once enforcement begins, these gaps will be harder to justify publicly.

Vague commitments won’t cut it. For companies already under pressure from investors and fast-moving competitors, doing nothing is a strategic misstep.

The real question isn’t whether companies will need to comply, it’s whether they’ll be ready when enforcement starts. With deadlines approaching and enforcement frameworks already being set up, the window to act is shrinking.

National Differences

Because the CSDDD is a directive, each EU Member State will implement it through national law in its own way. That means timelines, reporting formats, and enforcement could differ slightly. Companies with operations in multiple EU Member States should plan for the strictest national law requirements to avoid gaps.

It’s better to be fully covered than caught off guard. Integrating European Commission guidance into your due diligence process ensures alignment with EU expectations.

How FaceUp Supports CSDDD Readiness

FaceUp helps companies strengthen the foundations the CSDDD demands: transparency, accountability, and trust. Using secure whistleblowing and reporting tools ensures that insights feed seamlessly into both the CSDDD report and broader ESG reporting systems.

Through these channels, organizations can:

• Detect human rights or environmental issues early
• Provide a compliant, accessible complaints mechanism
• Track investigations and remediation steps
• Feed insights into broader ESG and compliance reporting

This makes due diligence something companies do every day, not just report on once a year.

Using secure whistleblowing and reporting tools ensures that insights feed seamlessly into both the CSDDD report and broader ESG reporting systems.

Ready to Build a Stronger Due Diligence Framework?

CSDDD will challenge how companies view sustainability, but it’s also an opportunity to:

• Strengthen supply chains
• Earn stakeholder trust
• Turn compliance into a strategic advantage

Those who act early will lead their industries, showing integrity, transparency, and reliability.

Book a demo to see how FaceUp can help your organization meet CSDDD requirements and strengthen your sustainability strategy.