CSDDD
CSDDD

Understanding CSDDD: How the Corporate Sustainability Due Diligence Directive Could Impact You

Lauren Burnside |

Have you heard? The EU’s latest legislation, CSDDD, will directly apply to EU companies and non-EU companies operating in the EU internal market.

On May 24, the Council of the European Union gave final approval to the Corporate Sustainability Due Diligence Directive (CSDDD). The adoption of the CSDDD is a significant step in mandating companies to embed responsible business conduct into due diligence policies and procedures.

What does this mean? Who is affected? When do you need to be compliant? What are the penalties for noncompliance? You’re not the only one asking.

Thankfully, you’re in the right place, and we’ll dive into everything you need to know about CSDDD, including if (and how) it will impact your organization.

What is CSDDD?

The Corporate Sustainability Due Diligence Directive (CSDDD) is a new piece of legislation that will require both EU and non-EU companies to conduct environmental and human rights due diligence across their operations, subsidiaries, and value chains. The purpose of the legislation is to oblige companies to demonstrate what action they are taking to protect the environment and human rights. This does not just fall onto their own operations, either, but also onto the activities of any other entities within their value chains with which they have direct and indirect established business relationships.

CSDDD

Application to Both EU and Non-EU Companies

CSDDD establishes a corporate due diligence standard on sustainability issues for businesses operating in the EU. The new due diligence requirements apply not only to the direct actions of the company, but also to their subsidiaries and supply chain. EU-based companies, as well as non-EU companies that conduct a set level of business in the EU, could become liable for the actions of their suppliers.

Two types of EU-incorporated companies will be covered:

(a) those with more than 1,000 employees and an annual net worldwide turnover in excess of €450 million (or ultimate parent companies of such a corporate group); and

(b) companies with: (i) EU franchising or licensing agreements for annual royalties that exceed €22.5 million; and (ii) an annual net worldwide turnover in excess of €80 million (or ultimate parent companies of such a corporate group).

Two types of non-EU incorporated companies will be covered:

(a) those with an annual net turnover of €450 million generated in the EU (or ultimate parent companies of such a corporate group); and

(b) companies with: (i) EU franchising or licensing agreements for annual royalties that exceed €22.5 million in the EU; and (ii) an annual net turnover of more than €80 million in the EU (or ultimate parent companies of such a corporate group).

Understanding CSDDD’s Key Compliance Obligations

To comply with CSDDD, companies must implement robust risk management systems to identify, prevent, and address significant human rights and environmental risks within their own operations, as well as those of their subsidiaries and business partners. This requires conducting thorough risk assessments, prioritizing risks, engaging with stakeholders, maintaining transparent communication, and establishing effective monitoring mechanisms.

The Implementation Timeline of CSDDD

The CSDDD will be phased in over the next five years.

  • Companies with 5,000 employees and €1,500 million turnover will be impacted in 2027.
  • Companies with 3,000 employees and €900 million turnover will be impacted in 2028.
  • Companies with 1,000 employees and €450 million turnover will be impacted in 2029.

Failure to comply comes with significant penalties with a maximum sanction of at least 5% of revenues.

Next Steps for Your Organization in CSDDD Compliance

Even though companies won’t be required to fully comply until 2027, the process of designing and conducting due diligence is intricate and time-consuming, even for those who have already initiated implementation.

Here are a few steps businesses should consider to prepare:

  1. Conduct an assessment of your current state
  2. Engage internal stakeholders to define roles and responsibilities
  3. Develop an approach to engage external stakeholders in a meaningful way
  4. Map value chain and conduct risk assessments
  5. Develop an implementation roadmap

Complying with new legislation doesn’t have to be stressful. Connect with our GRC team today to help prepare for CSDDD compliance.

More Blogs You May Enjoy:

  1. 5 GRC Trends and Resolutions for a More Secure 2024
  2. The Timeline of the EU AI Act (And a Look Ahead)
  3. 25 Tips and Tools for an Integrated GRC Tech Stack

Our focus? On your success.

Schedule a demo, or learn more about Mitratech’s products, services, and commitment.

Contact Us