About
The Directive requires large enterprises to carry out due diligence assessments in accordance with the OECD Due Diligence Guidance for Responsible Business Conduct. This encompasses the following actions: (1) integrating due diligence into the company's policies and management systems, (2) identifying and assessing actual and potential adverse impacts on human rights and the environment, (3) preventing, ceasing and minimising actual and potential adverse impacts on human rights and the environment, (4) establishing and maintaining a complaints procedure, (5) monitoring the effectiveness of measures, and (6) communicating publicly on the due diligence.
The assessments must encompass not only the company's own operations but also those of its subsidiaries, as well as the operations conducted by business partners within the company's chains of activities. The CSDDD defines "chains of activities" as the activities undertaken by a company's upstream business partners that are related to the production of goods or the provision of services by the company. This definition extends to include the activities of downstream business partners involved in the distribution, transport, and storage of products, particularly when these partners perform such activities for or on behalf of the company. Consequently, companies are obligated to perform due diligence on certain downstream activities conducted by their direct business partners.
Following the Omnibus I amendments, the due diligence approach has been modified. Companies must first conduct a "scoping" exercise based on reasonably available information to identify general areas across their own operations, subsidiaries and, where related to their chains of activities, those of their business partners where adverse impacts are most likely to occur and are most severe. In-depth assessments are limited to these identified areas, giving priority to the assessment of impacts associated with direct business partners. Information requests to business partners should occur only where necessary and as a last resort for partners with fewer than 5,000 employees, and in all cases requests should be "targeted, reasonable and proportionate". The obligation to terminate a business relationship as a last resort has been removed; suspension is now the only last-resort measure.
Enterprises that fall within the scope of the Norwegian Transparency Act should be aware that, while both regulations are built on the same international principles and guidelines, the Transparency Act does not require enterprises to carry out due diligence assessments with regards to environment.
Main aspects of the Directive (as amended by Omnibus I)
The CSDDD, as amended by the Omnibus I Directive, is aimed at large EU-based companies with over 5,000 employees and a global net turnover exceeding EUR 1.5 billion, and non-EU companies generating more than EUR 1.5 billion in net turnover within the EU. This represents a significant narrowing of the original scope, which applied to companies with over 1,000 employees and EUR 450 million in turnover. The revised thresholds are estimated to reduce the number of in-scope companies by approximately 70%.
The original phased enforcement approach (starting in 2027 with the largest companies and expanding through 2029) has been replaced by a single application date. The CSDDD will apply to all in-scope companies from 26 July 2029. The first annual statements on sustainability due diligence matters must cover financial years starting on or after 1 January 2030. EU Member States must transpose the CSDDD-related provisions by 26 July 2028.
The Directive requires that the due diligence process is done regularly and that potential adverse impacts to human rights or the environment are prevented and mitigated. Actual adverse impact shall be brought to an end and the consequences minimized. Under the amended framework, the monitoring frequency has been reduced from annually to once every five years. Moreover, the companies must publish an annual statement on sustainability due diligence matters, for which the European Commission will issue guidelines on content and criteria by 31 March 2029.
The original requirement for companies falling within the scope of CSDDD to adopt and put into effect a transition plan for climate change mitigation aligned with the Paris Agreement has been deleted in its entirety by the Omnibus I amendments. However, companies in scope of the CSRD are still required to report on their climate transition plans where they have such plans. The nature of environmental impacts covered by the Directive is clarified as any measurable environmental degradation, such as harmful soil change, water or air pollution, harmful emissions or excessive water consumption or other impacts on natural resources.
The directors of the companies covered by the Directive, will be responsible for overseeing that the due diligence assessments are carried out and to report to the board of directors in that respect. It also include a duty for the directors to take into account the consequences of their decisions with regards to sustainability matters.
The CSDDD also includes the obligation for companies to carry out meaningful engagement including a dialogue and consultation with the affected stakeholders, although the Omnibus I amendments narrow the definition of "stakeholders" (for example, consumers are no longer in scope) and tighten the stakeholder consultation obligation. Compliance with the CSDDD could also be qualified as a criterion for the award of public contracts and concessions, giving positive incentives for the companies to comply with the due diligence obligations.
The relevant national authorities will have the competence and authority to monitor the compliance with the obligations pursuant to the Directive. Where a breach of the Directive is proven, the supervisory authority may impose orders and sanctions. The Omnibus I amendments have reduced the maximum financial penalties from a minimum ceiling of 5% to a maximum ceiling of 3% of the company's net worldwide turnover (or, for ultimate parent companies, 3% of the net consolidated worldwide turnover). The amended text also clarifies that, given the risk-based prioritisation approach, the fact that a company has not yet addressed a less significant adverse impact shall not expose the company to penalties. Companies applying for public support are obliged to certify that no sanctions have been imposed on them for a failure to comply with the obligations of this Directive.
The EU-wide harmonised civil liability regime has been removed under the Omnibus I amendments. This means that civil liability for non-compliance with the CSDDD will be governed by the general tort law regimes of individual Member States. The requirement to review the effectiveness of rules on civil liability has also been removed from the CSDDD, although Article 36 provides for a review clause to assess the effectiveness of existing enforcement mechanisms by July 2031, and every five years thereafter, which could lead to an EU-wide civil liability framework being revisited in the future. The Directive establishes a period of five years to bring claims by those concerned by adverse impacts.
The Omnibus I amendments further extend maximum harmonisation to core due diligence obligations, including provisions governing prioritisation, monitoring and reporting, meaning that Member States can no longer introduce national rules diverging from the Directive in those areas.
Who does it impact?
The Directive will apply to larger companies, determined on the basis of the number of employees and the net turnover worldwide. Both EU-companies and non-EU companies active in the EU market may fall within the scope. The Commission will publish a list of non-EU companies that fall under the scope of the Directive.
Large EU companies
Under the revised thresholds following the Omnibus I amendments, the CSDDD applies to large EU companies if they meet any of the following conditions:
- They have more than 5,000 employees and exceed EUR 1.5 billion in worldwide net turnover in the last financial year for which annual financial statements have been or should have been adopted; or
- they are the ultimate parent company of a group exceeding those employee and turnover thresholds on a consolidated basis; or
- they or their parent group entered into or is the ultimate parent company of a group that entered into franchising or licensing agreements in the EU in return for royalties where these royalties amount to more than EUR 75 million and provided that the company had or is the ultimate parent company of a group that had a net worldwide turnover of more than EUR 270 million.
Where the ultimate parent company mainly holds shares in operational subsidiaries and does not engage in management, operational, or financial decisions, it may be exempt from the due diligence obligations if one of the subsidiaries carries out the obligations on the parent's behalf. Also, parent companies subject to CSDDD may fulfil the due diligence obligations on behalf of their subsidiaries.
Non-EU companies
The CSDDD will apply to non-EU companies that meet any of the following criteria:
- They generated a net turnover of more than EUR 1.5 billion in the EU in the financial year preceding the last financial year; or
- they are the ultimate parent company of a group exceeding that turnover threshold; or
- they entered into or is the ultimate parent company of a group that entered into franchising or licensing agreements in the EU in return for royalties where these royalties amount to more than EUR 75 million in the EU and provided that the company had or is the ultimate parent company of a group that had a net turnover of more than EUR 270 million in the EU.
The final text also removes any possibility of review of the exclusion of regulated financial undertakings from the scope of the CSDDD.
Small and medium-sized enterprises are not subject to the proposed rules. However, the Directive will also have implications for companies who are subsidiaries or within the value chain of companies covered by the Directive. To fulfil the obligations in the Directive, the companies covered by the Directive, will have to collect information from its subsidiaries and companies in their value chain. Companies not directly in scope may still be affected by information requests, although safeguards for smaller business partners have been strengthened; companies may contact business partners with under 5,000 employees only when public information is not available and when necessary to address salient issues.
Status: In force
The Council's formal adoption of the Directive 24 May 2024 marked the end of the initial legislative process. On 26 February 2025, the European Commission proposed amendments to the CSDDD as part of the Omnibus I package. After negotiations between the European Parliament, the Council and the Commission, a provisional agreement was reached on 9 December 2025. The European Parliament adopted the agreed text on 16 December 2025, and the Council gave final approval on 24 February 2026. The Omnibus I Directive (EU) 2026/470 was published in the Official Journal of the EU on 26 February 2026 and will enter into force on 18 March 2026.
Member States must transpose the CSDDD-related provisions by 26 July 2028, with in-scope companies required to comply from 26 July 2029. The first guidelines on how to fulfil the due diligence obligations shall be published by the European Commission by July 2027. The Commission will also review the implementation and effectiveness of the CSDDD by 26 July 2031, including assessing whether to revise the scope and whether a sector-specific approach needs to be introduced in high-risk sectors.
The directive has been designated as relevant to the European Economic Area (EEA). If the directive is ratified and integrated into the EEA Agreement, Norway will be required to incorporate its provisions into national law. This will involve amending Norwegian regulations to align with the directive. The process of implementing the directive within the EEA can be lengthy, and it is currently unclear when the EEA member states will commence this task.
In Norway, the directive will most likely influence the Norwegian Transparency Act, which mandates that large companies carry out due diligence assessments and provide information on how they manage actual and potential adverse impacts when requested. The requirements of the CSDDD are expected to be integrated into the Transparency Act to ensure compliance with the new sustainability obligations. The Norwegian government has already started the work of preparing the implementation of CSDDD by initiating an evaluation of the Norwegian Transparency Act. The evaluation report from the Ministry of Children and Family Affairs was published on 26 June 2025. The Ministry of Finance has announced that it will submit a proposal for the implementation of the Omnibus changes for consultation in early 2026.
Companies that already comply with the Norwegian Transparency Act and the OECD Guidelines for Multinational Enterprises will most possibly be well positioned to comply with the obligations in the Directive. Due to the differences in scope between the two regulations, it is important that the affected companies take these differences into consideration.
Thommessen's comments
The CSDDD forms part of a greater shift in the field of compliance and sustainable corporate governance, where large enterprises are expected to take more responsibility in terms of human rights and environmental impact. The Directive also ties in with, amongst other initiatives, the goals and commitments of EU's "Fit for 55" Package and the "EU Action Plan on Human Rights and Democracy 2020-2024". The Directive will contribute to the EU framework on sustainable corporate governance and shall apply alongside other EU regulations such as the EU Taxonomy, the SFDR and the CSRD.
The Directive also complements the Norwegian Transparency Act, and the Transparency Act is likely to be revised when transposing CSDDD into Norwegian legislation. Both regulations require companies to carry out due diligence with regards to human rights and labour conditions. However, CSDDD also require due diligence with regards to environmental impacts.