About
The Directive requires large enterprises to carry out due diligence assessments in accordance with the OECD Due Diligence Guidance for Responsible Business Conduct. This encompasses the following actions: (1) integrating due diligence into the company's policies and management systems, (2) identifying and assessing actual and potential adverse impacts on human rights and the environment, (3) preventing, ceasing and minimising actual and potential adverse impacts on human rights and the environment, (4) establishing and maintaining a complaints procedure, (5) monitoring the effectiveness of measures, and (6) communicating publicly on the due diligence.
The assessments must encompass not only the company's own operations but also those of its subsidiaries, as well as the operations conducted by business partners within the company's chains of activities. The CSDDD defines "chains of activities" as the activities undertaken by a company’s upstream business partners that are related to the production of goods or the provision of services by the company. This definition extends to include the activities of downstream business partners involved in the distribution, transport, and storage of products, particularly when these partners perform such activities for or on behalf of the company. Consequently, companies are obligated to perform due diligence on certain downstream activities conducted by their direct business partners.
Enterprises that fall within the scope of the Norwegian Transparency Act should be aware that, while both regulations are built on the same international principles and guidelines, the Transparency Act does not require enterprises to carry out due diligence assessments with regards to environment.
Main aspects of the Directive
The CSDDD is aimed at large EU-based companies with over 1,000 employees and a global turnover exceeding EUR 450 million, and non-EU companies with over 1,000 employees that generate more than EUR 450 million within the EU.
The Directive will be enforced in stages – starting in 2027, it will apply to EU companies with more than 5,000 employees and a global turnover greater than EUR 1.5 billion, as well as non-EU companies with more than EUR 1.5 billion net turnover generated in the EU. In 2028, the Directive will apply to EU companies with over 3,000 employees and a worldwide turnover of EUR 900 million, and non-EU companies with more than EUR 900 million net turnover generated in the EU. By 2029, the CSDDD will extend to include all other companies subject to the Directive.
The Directive requires that the due diligence process is done regularly and that potential adverse impacts to human rights or the environment are prevented and mitigated. Actual adverse impact shall be brought to an end and the consequences minimized. Moreover, the companies must publish an annual report of the requirements in the Directive by 30 April each year, covering the previous calendar year.
Additionally, companies falling within the scope of CSDDD are obliged to adopt a plan to ensure that the business model and strategy of the company are compatible with the transition to a sustainable economy and with the limiting of global warming to 1.5 °C in line with the Paris Agreement. The nature of environmental impacts covered by the Directive is clarified as any measurable environmental degradation, such as harmful soil change, water or air pollution, harmful emissions or excessive water consumption or other impacts on natural resources.
The directors of the companies covered by the Directive, will be responsible for overseeing that the due diligence assessments are carried out and to report to the board of directors in that respect. It also include a duty for the directors to take into account the consequences of their decisions with regards to sustainability matters.
The CSDDD also includes the obligation for companies to carry out meaningful engagement including a dialogue and consultation with the affected stakeholders. Compliance with the CSDDD could also be qualified as a criterion for the award of public contracts and concessions, giving positive incentives for the companies to comply with the due diligence obligations.
The relevant national authorities will have the competence and authority to monitor the compliance with the obligations pursuant to the Directive. Where a breach of the Directive is proven, the supervisory authority may impose orders and sanctions. If a company fails to pay the fines imposed on them based on a violation of the Directive, the Directive includes different injunction measures which also takes into consideration the turnover of the company to impose pecuniary penalties. The supervisory authority will be able to launch inspections and investigations and impose penalties on non-compliant companies. This includes “naming and shaming” and fines of up to 5 % of the company's net worldwide turnover. Companies applying for public support are obliged to certify that no sanctions have been imposed on them for a failure to comply with the obligations of this Directive.
Companies that fail to comply with the due diligence requirements set out in the Directive may also be subject to civil liabilities. The CSDDD reinforces the access to justice of persons affected. It establishes a period of five years to bring claims by those concerned by adverse impacts, and limiting the disclosure of evidence, injunctive measures, and cost of the proceedings for claimants.
Companies that identify adverse impacts on the environment or human rights by some of their business partners will have to end those business relationships if these adverse impacts cannot be prevented or ceased through other measures.
Who does it impact?
The Directive will apply to larger companies, determined on the basis of the number of employees and the net turnover worldwide. Both EU-companies and non-EU companies active in the EU market may fall within the scope. The Commission will publish a list of non-EU companies that fall under the scope of the Directive.
Large EU companies
The CSDDD applies to large EU companies if they meet any of the following conditions:
- They have more than 1,000 employees and exceeds EUR 450 million in worldwide net turnover in the last financial year; or
- They are the parent company of a group exceeding those employee and turnover thresholds; or
- They or their parent group entered into or is the ultimate parent company of a group that entered into franchising or licensing agreements in the EU in return for royalties where these royalties amount to more than EUR 22.5 million and provided that the company had or is the ultimate parent company of a group that had a net worldwide turnover of more than EUR 80 million.
Non-EU companies
The CSDDD will apply to non-EU companies that meet any of the following criteria:
- They have more than 1,000 employees and generated a net turnover of more than EUR 450 million in the EU in the financial year preceding the last financial year; or
- They are the parent company of a group exceeding those employee and turnover thresholds; or
- They entered into or is the ultimate parent company of a group that entered into franchising or licensing agreements in the EU in return for royalties where these royalties amount to more than EUR 22.5 million in the EU and provided that the company had or is the ultimate parent company of a group that had a net turnover of more than EUR 80 million in the EU.
Small and medium-sized enterprises are not subject to the proposed rules. However, the Directive will also have implications for companies who are subsidiaries or within the value chain of companies covered by the Directive. To fulfil the obligations in the Directive, the companies covered by the Directive, will have to collect information from its subsidiaries and companies in their value chain. Thus, companies not covered by the Directive directly may be imposed contractual obligations to provide information to the companies covered by the Directive.
Status: In force
The Council's formal adoption of the Directive 24 May 2024 marked the end of the legislative process, setting a two-year deadline for EU member states to integrate the directive into their national laws.
The directive has been designated as relevant to the European Economic Area (EEA). If the directive is ratified and integrated into the EEA Agreement, Norway will be required to incorporate its provisions into national law. This will involve amending Norwegian regulations to align with the directive. The process of implementing the directive within the EEA can be lengthy, and it is currently unclear when the EEA member states will commence this task.
In Norway, the directive will most likely influence the Norwegian Transparency Act, which mandates that large companies carry out due diligence assessments and provide information on how they manage actual and potential adverse impacts when requested. The requirements of the CSDDD are expected to be integrated into the Transparency Act to ensure compliance with the new sustainability obligations. The Norwegian government has already started the work of preparing the implementation of CSDDD by initiating an evaluation of the Norwegian Transparency Act.
Companies that already comply with the Norwegian Transparency Act and the OECD Guidelines for Multinational Enterprises will most possibly be well positioned to comply with the obligations in the Directive. Due to the differences in scope between the two regulations, it is important that the affected companies take these differences into consideration.
On 26 February 2025, the European Commission proposed amendments to the CSDDD as part of the Omnibus package. These amendments include postponing the transposition deadline by one year to 26 July 2027 and the first phase of application to 26 July 2028, giving companies more time to prepare. Due diligence requirements have been significantly narrowed, limiting them to direct business partners and reducing the frequency of assessments from annually to every five years. Additionally, information requests from larger companies to SMEs and small midcaps are limited to reduce burdens, specifically limiting them to information specified in the CSRD voluntary sustainability reporting standards. The harmonised EU conditions for civil liability have been removed, deferring to national regimes. Furthermore, the proposal extends maximum harmonisation to core due diligence obligations, preventing member states from imposing stricter requirements, aligns climate mitigation transition plans with the CSRD, and deletes the review clause on including financial services in the scope of the directive. These changes aim to simplify implementation while maintaining the directive's core objectives.
On 13 November 2025 the European Parliament adopted its negotiating position on the Omnibus simplification proposals. The negotiations between the European Parliament, the Council and the European Commission started on 18 November 2025, with an aim of finalising the legislation by the end of 2025. There is a growing alignment on scope and extraterritorial thresholds, stronger harmonisation and penalties guidance, but key disagreements remain on timing, due‑diligence scope and methodology and the mandatory climate transition plan requirement. The Parliament favours a broader risk‑based, two‑step scoping and higher SME information caps. The final result of the Omnibus proposal is expected by early 2026.
Thommessen's comments
The CSDDD forms part of a greater shift in the field of compliance and sustainable corporate governance, where large enterprises are expected to take more responsibility in terms of human rights and environmental impact. The Directive also ties in with, amongst other initiatives, the goals and commitments of EU's “Fit for 55” Package and the “EU Action Plan on Human Rights and Democracy 2020-2024”. The Directive will contribute to the EU framework on sustainable corporate governance and shall apply alongside other EU regulations such as the EU Taxonomy, the SFDR and the CSRD.
The Directive also complements the Norwegian Transparency Act, and the Transparency Act is likely to be revised when transposing CSDDD into Norwegian legislation. Both regulations require companies to carry out due diligence with regards to human rights and labour conditions. However, CSDDD also require due diligence with regards to environmental impacts.