EU Supply Chain Directive (CSDDD)

On February 23, 2023, the EU published the draft of the so-called Supply Chain Directive (“Directive on corporate sustainability due diligence”) or CSDD Directive (Corporate Sustainability Due Diligence Directive). The “EU Supply Chain Act”, as it is often referred to, is expected to come into force in 2025 following national implementation of the directive. If necessary, the EU directive could also be converted into an EU regulation, so that no national transpositions would be necessary and there would therefore be uniform requirements throughout the EU.

The purpose of the CSDDD is to prevent violations of human rights and environmental standards in the supply chain in order to maximize profits. In future, large European companies will have to identify, monitor, prevent, mitigate and remedy ESG performance in the global supply chain – including issues such as child labor, worker exploitation, safe working conditions, biodiversity loss and environmental pollution. The individual relevant negative impacts on the environment and human rights are specifically listed in the Annex to the Directive. In addition, companies must report on their activities, which should contribute to greater transparency.

Which companies are affected?

According to the draft adopted by the EU Parliament at first reading, the CSDDD covers companies with an average of more than 250 employees and a worldwide net turnover of more than EUR 40 million. In addition, it also obliges the ultimate parent company of a group of companies if the group has more than 500 employees and a worldwide net turnover of more than EUR 150 million. Depending on the size of the company, there will be staggered transition periods of up to 5 years. If these employee and turnover thresholds are reached by companies from third countries in the EU area, these non-EU companies are also affected by the regulations (with a 2-year transition period). The CSDDD therefore applies not only to EU companies but also to third-country groups operating in the EU. The regulations are to apply to direct or indirect “established business relationships”.

What happens in the event of violations?

In the event of breaches of the CSDD Directive, companies are to be sanctioned by the national supervisory authorities, for example with fines of up to 5% of net turnover. Non-EU companies could be excluded from public contracts in the EU. Of particular interest to company management, i.e. managing directors, board members and supervisory board members, is the provision that compliance with the CSDDD should also be part of the duty of care of company management.

The CSDDD therefore enables civil liability and thus the assertion of a direct claim by affected parties against companies for compensation for human rights violations and environmental damage in the value chain.

Duty of care

The prerequisite for liability is that non-compliance with the specified due diligence obligations has resulted in adverse environmental and human rights impacts that should have been recognized, avoided, mitigated, remedied or reduced in their extent if the due diligence obligations had been observed and that have caused damage. The most important obligations with regard to human rights and environmental due diligence (“due diligence”) for companies under the CSDD Directive are:

  • Incorporate due diligence into their corporate policy (strategy, code of conduct, description of procedures for implementing and monitoring due diligence, at least annual assessment of “established” business relationships)
  • Identification of actual or potential negative impacts (in accordance with the Annex to the Directive)
  • Avoiding and mitigating potential negative impacts, remedying actual negative impacts and minimizing their extent (action plan, obtaining contractual assurances from business partners on the Code of Conduct and action plans and reviewing them, termination of business relationships in the event of non-fulfilment of agreed actions by partners, payment of compensation for damages)
  • Establishment and maintenance of a complaints procedure
  • Monitoring the effectiveness of their due diligence strategies and measures (based on quantitative indicators)
  • Public communication on due diligence (either in the CSRD report or, if such a report is not required, an annual declaration on the website by April 30 of the following year)
  • Definition of emission reduction targets (“climate plan”) if climate change has been identified as a main impact of the company’s activities (for companies with more than 500 employees and more than 150 million turnover)
  • Inclusion of emissions reduction targets in the variable remuneration of the company management (if variable remuneration is paid)
  • Appointment of an authorized representative based in the EU for companies from third countries

German Supply Chain Act

The “Act on Corporate Due Diligence in Supply Chains” (LkSG) has been in force in Germany since January 1, 2023. According to this law, German companies with more than 3,000 employees in Germany (reduced to 1,000 from 2024) are obliged to ensure compliance with human rights and environmental protection in global supply chains.

In many respects, the German Supply Chain Act is less strict than the CSDDD, meaning that the German Supply Chain Act will need to be amended once the CSDDD comes into force.

Aspects for which the German LkSG has lower requirements than the CSDDD:

  • Only companies with more than 1,000 employees in Germany are affected (compared to 250 globally in the CSDDD)
  • Indirect suppliers are not to be included
  • Downstream partners in the value chain (e.g. waste disposal companies) are not to be included
  • There is no civil liability for companies for damage in the supply chain
  • No duty of care for biodiversity, endangered species and the ozone layer
  • No climate protection plan required

What’s next for the CSDDD?

The European Commission’s proposal of February 23, 2022 was adopted by the European Parliament on June 1, 2023. The so-called trilogue negotiations between the Commission, Council and Parliament are currently underway. The final adoption is expected in 2023. After the directive comes into force, the member states have two years to transpose the CSDDD into national law.

As a result, companies will have to start applying the requirements of the directive in 2025 or 2026. That sounds long, but it’s not. This is because the companies concerned have to set up a management system that ensures the implementation of the requirements of the directive. And, experience has shown that this can also take 1-2 years.

We are happy to support you with the following topics

  • Identifying the regulatory requirements for your company
  • As-is analysis of the existing system for due diligence in the supply chain
  • Identification of the liability risks arising from the CSDDD for the company and the company management
  • Conducting supplier audits / supply chain audits / supply chain due diligence audits
  • Identification and tracking of optimization measures in the supply chain

  • Establishment of a management system (or integration into an existing management system) to fulfill the requirements of CSDDD – see below

Our offer


We are happy to support you with our many years of experience, particularly in the areas of management systems, supplier audits and legal compliance.

Contact us – we’ll make sure you don’t have to worry about due diligence in the supply chain!

Contact us now

Development of a management system to fulfill the CSDDD

According to our concept, a management system to fulfill the CSDDD requirements includes the following elements:

  • Definition of corporate policy and strategy
  • Development of a Code of Conduct
  • Definition of the organizational and operational structure
  • Creation of procedures for the implementation and monitoring of due diligence
  • Annual assessment of “established” business relationships
  • Preparation of the risk analysis to identify actual or potential negative impacts (in accordance with the Annex to the Directive)
  • Development of due diligence targets (action plan)
  • Obtaining contractual assurances from business partners
  • Design and implementation of the complaints procedure
  • Development of the due diligence KPIs
  • Preparation and implementation of the management review
  • Elaboration and external communication on the duty of care
  • Definition of emission reduction targets (“climate plan”)