CSDDD: A step in the right direction, but not the end of the road

By Maya Nirula, Spring Fellow, Investor Alliance for Human Rights

Last week marked a long-awaited milestone: On April 24 the EU Parliament approved the Corporate Sustainability Due Diligence Directive, commonly referred to as the CSDDD, legislation that will require certain EU and non-EU companies to conduct environmental and human rights due diligence across their operations, subsidiaries, and parts of their value chains. While there were challenges around reaching agreement, it is widely seen as a significant breakthrough as it will incentivize companies to address environmental and social risks before they become liabilities, and ultimately enable individuals, groups, and states to hold, if needed, businesses accountable for their adverse impacts. It is anticipated that the introduction of accountability, and the potential for civil liability, will have global implications for responsible business conduct.

The approval of the CSDDD has been positively received by the Business and Human Rights (BHR) community, despite prevailing critiques that it is a heavily “watered down” version of previous proposals. The UN Guiding Principles on Business and Human Rights (UNGPs) are the inspiration behind the CSDDD and reflect the first comprehensive legal framework outlining a global standard for preventing and addressing the adverse impacts of businesses. The compromise text negotiated by EU member states largely aligns with the UNGPs, however, there are some fundamental differences:

Companies covered

There was already a discrepancy between the previous proposed text of the CSDDD and the UNGPs in relation to the scope of companies covered – a discrepancy that has widened in the compromise text. The UNGPs clearly outline that the “responsibility to respect human rights is a global standard of expected conduct for all business enterprises wherever they operate” (UNGP 11) and that this responsibility applies to “all enterprises regardless of their size, sector, operations context, ownership and structure” (UNGP 14). Under the CSDDD, the qualifying thresholds are:

  1. EU companies with a minimum of 1000 employees and EUR 450 million net worldwide turnover; and
  2. Non-EU companies with a minimum of EUR 450 million net turnover inside the EU.

Critically, the higher threshold for EU companies represents a nearly 70% reduction in scope from the previous text, now precluding over 11,000 EU companies. Previous proposals also sought to include companies that operate in ‘high-risk sectors’; an aspect that has now been shelved into a review clause, with an opportunity to re-visit it at a later stage. Placing a large number of companies outside the direct scope of application has a crucial impact on investors’ ability to do their own due diligence of portfolio companies to ensure they are effectively managing human rights and environmental risks. This in turn could pose risks to investors themselves.

Scope of supply chain (downstream and upstream)

Another salient difference is a limitation on the scope of application to the value chain. The compromise text now excludes downstream activities performed by indirect business partners and downstream activities performed at the sale, use, and product disposal stages. This diverges from the UNGPs, which require companies to consider any activities that are caused or contributed to through their own activities and those that they are directly linked to by their business relationships (UNGP 13, 16, 17, 19). The preclusions in the compromise text limit the consideration across a business’s entire value chain such as to dilute an essential aspect of the UNGPs. Since investors depend on reliable information to aid their investment decision-making, the absence of complete data about companies’ human rights and environmental risk profiles, and their efforts to manage them along the entire value chain, poses a limitation.

Exclusion of downstream due diligence for financial firms

Regulated financial firms/undertakings, whilst obligated to fulfil compliance in their own operations and their upstream operations, are exempt from downstream due diligence obligations (i.e. due diligence relating to their downstream business partners including clients, customers, and investees) (Recital 36(b) and 43, CSDDD). Since the exclusion of downstream includes the investment and lending activities of these institutions, the decision to preclude is one of the most criticized aspects of the CSDDD. In effect, the potential leverage that financial institutions, as one of the most influential actors driving business behaviour, could have exercised on their downstream business partners has been diluted. This is unfortunate given that benchmarks repeatedly flag the financial sector as a poor performer in addressing risks in the supply chain. The review clause, however, provides that the Commission should within a two-year period prepare a report on the need for additional due diligence in the financial sector. Moreover, the obligation to adopt and give effect to a ‘transition plan’ for the mitigation of climate change continues to apply to financial firms (Article 15, CSDDD).

Tracking/Reporting requirements 

It is notable that while companies are required to produce annual reports on their compliance with obligations outlined in the CSDDD, they are exempted from specific CSDDD reporting if they are already subject to mandatory reporting under the Corporate Sustainability Reporting Directive (CSRD) (Article 11, CSDDD). In effect, companies subject to the CSRD will satisfy their communication obligations, as well as their required reporting on climate transition plans under the CSRD and are not required to communicate compliance with the CSDDD on an ongoing basis, as foreseen in the UNGPs.

Civil Liability

The Directive has a civil liability provision where companies that “intentionally or negligently” failed to comply with their due diligence obligations (prevent potential adverse impacts or end actual adverse impacts) may be held financially liable (Article 22, CSDDD). This is only in relation to their own activities and does not extend to the broader acts of their business partners. The CSDDD, interestingly, also allows trade unions, NGOs and similar bodies to bring action on behalf of affected persons, which will significantly increase the risk of litigation for companies.


The CSDDD authorizes supervisory authorities to adopt interim measures and to impose penalties for non-compliance. This gives the Directive teeth in a different way from the UNGPs and is seen as a promising step. The penalties, similar to those in the General Data Protection Regulation (GDPR), “shall be not less than 5% of the net worldwide turnover of the company” in the previous financial year (Article 20, CSDDD).


A few of the above-mentioned discrepancies are a cause for concern, especially: (1) the limitation on the number of companies that fall within the scope of the CSDDD, and (2) the exclusion of downstream activities (especially where financial firms are exempt from conducting mandatory due diligence on their business partners). Given reliable and complete information is essential to investors seeking to make rights-respecting, sustainable investment decision-making, such carve-outs will impact investors seeking to meet their own due diligence responsibilities. Fortunately, since both these aspects are addressed in the review clause, subsequent insertion of these obligations is anticipated. Notwithstanding these concerns, the compromise text of the CSDDD is robust and largely aligned with the UNGPs. Consequently, it is indisputable that the CSDDD will have significant impacts on responsible business conduct and can be seen as a positive development with possible global implications.

Additional Resources:

  • Join the Investor Alliance for Human Rights on May 2 for an Investor Briefing, Mandating Due Diligence in the EU and Beyond: Where are we now, how did we get here, and where do we go? Learn more and register here.
  • Principles for Responsible Investment, Investor Briefing: EU Corporate Sustainability Due Diligence Directive
  • SHIFT, FAQs on the EU Corporate Sustainability Due Diligence Directive
  • Danish Institute for Human Rights, The EU Corporate Sustainability Due Diligence Directive: Maximizing Impact through Transposition and Implementation