Corporate Sustainability Due Diligence Directive (CSDDD)

What Is the Corporate Sustainability Due Diligence Directive?

The Corporate Sustainability Due Diligence Directive (CSDDD), formally known as Directive (EU) 2024/1760, represents the EU’s most significant mandatory human rights and environmental due diligence law. The Omnibus I Directive significantly narrowed the CSDDD’s scope, raised thresholds, modified the due diligence framework, and extended the application timeline.

Member States must transpose the CSDDD's Omnibus I amendments by 26 July 2028, with the due diligence requirements applying from 26 July 2029.

The Directive requires in-scope companies to embed due diligence into their governance structures, identify actual and potential human rights and environmental impacts across their operations and value chains, and take risk-based action to prevent, mitigate, or remedy them.

CSDDD meaningfully overlaps with other EU regulations. It amends the EU Whistleblower Directive by extending its scope to cover breaches of CSDDD obligations. In practice, this means that workers who report failures in due diligence are entitled to the same anti-retaliation protections as other whistleblowers under EU law.

Additionally, the CSDDD directly complements the Corporate Sustainability Reporting Directive (CSRD). Where the CSRD requires companies to report on sustainability matters, the CSDDD requires them to act, resulting in comprehensive coverage of governance matters at large.

Who Is Responsible for the CSDDD?

Enforcement sits entirely at the Member State level. Each state must designate one or more national supervisory authorities responsible for monitoring compliance with the CSDDD and imposing penalties for violations. These authorities have powers of investigation, access to company records, and the authority to issue administrative sanctions.

At the EU level, the European Commission oversees transposition and may adopt guidelines and delegated acts, including model contractual clauses to support value chain due diligence.

The Omnibus I amendment removed the original directive's harmonized EU-wide civil liability regime. Civil liability for harm caused by failure to fulfill due diligence obligations is instead governed by national law, meaning that the procedural rules, burden of proof, and standing requirements for claims will vary considerably across Member States.

What Are the Possible Penalties Under the CSDDD?

The CSDDD does not prescribe penalties at the EU level, although the Omnibus I amendment set the maximum administrative fine that Member States must make available at 3% of the company’s net worldwide annual turnover in the financial year preceding the decision, reduced from the 5% cap set out in the original CSDDD.

The CSDDD also requires the penalties set by Member States to be effective, proportionate, and dissuasive. Penalties may be made public by competent authorities under the “naming and shaming” approach. However, companies may not be held liable for harm caused solely by a business partner in their value chain, if they took appropriate due diligence measures.

Because the CSDDD's transposition deadline does not fall until 26 July 2028, no Member State has yet enacted CSDDD-specific national penalties. Several states with pre-existing national due diligence frameworks are in the process of aligning their legislation with the amended directive, but final national penalty figures have not yet been established. 

What Does the Corporate Sustainability Due Diligence Directive Require?

Under the CSDDD, as amended by the Omnibus I, companies are required to adopt a purely risk-based due diligence approach, focusing scrutiny on areas of their operations, subsidiaries, and value chains where adverse impacts are most likely to occur and are most severe, rather than conducting comprehensive end-to-end mapping. Covered organizations include:

• EU companies with more than 5,000 employees on average and a net worldwide annual turnover exceeding 15 billion EUR
• Non-EU companies generating more than 15 billion EUR in net annual turnover within the EU.
• EU parent companies of groups meeting these thresholds on a consolidated basis.

Why Is the CSDDD Important?

The CSDDD marks a significant structural shift from voluntary corporate responsibility to legally enforceable due diligence. For the largest companies operating in the EU, it means that human rights and environmental risk management in supply chains is no longer optional. It is a compliance obligation with civil and administrative consequences.

For companies that have built supplier codes of conduct, sustainability reporting, and social auditing programs, the CSDDD formalizes and raises the bar for what those programs must achieve. For those starting from scratch, it requires genuine governance infrastructure, not a policy document on the intranet.

How FaceUp Helps Comply with the CSDDD

Despite not being a direct whistleblowing regulation, the CSDDD’s Article 14 for notification and complaint mechanisms places specific focus on reporting, requiring companies to establish accessible, anonymous channels that workers, union representatives, and other stakeholders can use to raise concerns regarding misconduct without fear of retaliation.

FaceUp helps organizations meet this need with a ready-to-deploy reporting solution covering web forms, iOS/Android mobile apps, and 24/7 live, automated, and AI-powered hotlines in 113+ languages, with customizable triage rules to route cases appropriately.

Beyond intake, FaceUp’s case management supports companies in securing data from prying eyes with role-based access controls, audit-ready data logging, and real-time analytics dashboards for monitoring use, resolution times, and outcomes.