Supply Chain Due Diligence: CSDDD and Its Impact on Sustainability Reporting

The EU Corporate Sustainability Due Diligence Directive (CSDDD) represents the most significant expansion of corporate liability for supply chain impacts in European regulatory history. While the CSRD tells companies what to disclose, the CSDDD tells them what to do — mandating concrete actions to identify, prevent, mitigate, and account for adverse human rights and environmental impacts throughout their value chains. For sustainability reporting teams, the CSDDD fundamentally changes the depth and quality of supply chain data they must collect.

This guide provides a practical overview of the CSDDD, its timeline and scope, how it interacts with CSRD reporting obligations, and the steps companies should take now to build compliance-ready supply chain due diligence processes.

CSDDD Overview: From Disclosure to Action

The CSRD requires companies to disclose sustainability information. The CSDDD goes further: it imposes a legal duty to conduct ongoing human rights and environmental due diligence across the value chain, and it creates civil liability for companies that fail to do so.

Core Obligations

Under the CSDDD, in-scope companies must:

Integrate due diligence into corporate policy and governance. This means board-level oversight of due diligence processes, not delegation to a sustainability department operating in isolation.
Identify and assess actual and potential adverse impacts on human rights (including labor rights, health, and safety) and the environment (including biodiversity, pollution, and climate) across their own operations, subsidiaries, and business partners in the chain of activities.
Prevent and mitigate potential adverse impacts. Companies must take appropriate measures, which may include modifying business practices, contractual requirements for suppliers, investment in supplier capability building, or collaborative industry initiatives.
Bring actual adverse impacts to an end or minimize their extent. When harm has occurred, companies must take remedial action.
Establish and maintain a complaints mechanism accessible to affected stakeholders, including workers in the value chain.
Monitor the effectiveness of due diligence measures on an ongoing basis.
Publicly communicate on due diligence — which dovetails directly with CSRD reporting obligations.
Adopt a climate transition plan aligned with the Paris Agreement’s 1.5 degree C objective.

Civil Liability Provision

The CSDDD’s most consequential feature is its civil liability mechanism. Affected persons — including individuals and communities harmed by corporate supply chain failures — can bring legal claims for damages against in-scope companies in EU courts. This is not theoretical risk; it creates a direct financial incentive for robust due diligence.

Timeline and Scope

The CSDDD was formally adopted in 2024 and enters into force through a phased approach:

Phase	Application Date	Companies in Scope
Phase 1	July 2027	EU companies with 5,000+ employees and EUR 1.5 billion+ net worldwide turnover; non-EU companies with EUR 1.5 billion+ net turnover in the EU
Phase 2	July 2028	EU companies with 3,000+ employees and EUR 900 million+ turnover; non-EU companies with EUR 900 million+ EU turnover
Phase 3	July 2029	EU companies with 1,000+ employees and EUR 450 million+ turnover; non-EU companies with EUR 450 million+ EU turnover

Critical note for non-EU companies: The turnover thresholds for non-EU companies refer to turnover generated in the EU. Japanese, American, and other non-EU multinationals with significant European revenue are squarely in scope.

Financial Sector

After intense lobbying, the financial sector received a partial exemption: downstream due diligence obligations (i.e., for portfolio companies and borrowers) are deferred pending a future review. However, financial institutions must still conduct due diligence on their own operations and upstream supply chains.

CSDDD and CSRD: The Reinforcing Loop

The CSDDD and CSRD are designed as complementary instruments, and understanding their interaction is essential for efficient compliance.

CSRD Feeds CSDDD Reporting

CSRD’s ESRS standards already require due diligence-related disclosures:

ESRS S1 (Own Workforce): Policies and processes for engaging with workers, due diligence on labor rights.
ESRS S2 (Workers in the Value Chain): Due diligence processes for identifying and addressing adverse impacts on supply chain workers.
ESRS S3 (Affected Communities): Community engagement and impact assessment.
ESRS S4 (Consumers and End-Users): Product safety and consumer rights due diligence.
ESRS E1-E5 (Environmental standards): Environmental due diligence across the value chain.

Companies that have built robust CSRD reporting processes already have much of the informational infrastructure the CSDDD requires. The CSDDD adds the requirement to demonstrate that this information drives actual preventive and corrective action.

CSDDD Raises the Bar for CSRD Data Quality

Conversely, the CSDDD’s due diligence obligation forces companies to collect deeper, more granular supply chain data than CSRD alone might require. Under CSRD, a company might report on Scope 3 emissions using industry-average emissions factors. Under the CSDDD, the same company must demonstrate that it has identified specific high-risk suppliers and taken concrete steps to address adverse environmental impacts — which requires supplier-specific data.

Scope 3 and the Data Convergence

Scope 3 emissions reporting under ESRS E1 and SSBJ/ISSB standards is where the CSDDD and CSRD converge most acutely. Credible Scope 3 reporting requires supply chain mapping, supplier engagement, and primary data collection — the same capabilities needed for CSDDD environmental due diligence.

Companies that invest in supply chain data infrastructure for CSDDD compliance will automatically improve the quality of their Scope 3 disclosures. Those that treat the two requirements as separate workstreams will duplicate effort and risk inconsistency between their due diligence documentation and sustainability reports.

Practical Compliance Steps

Step 1: Determine Your Scope and Timeline

Calculate your employee count and net worldwide turnover (or EU turnover for non-EU companies) to determine which phase applies to your organization. Factor in subsidiary consolidation rules — the CSDDD uses the group-level figures.

Step 2: Map Your Value Chain

Create a comprehensive map of your chain of activities, including:

Tier 1 suppliers (direct contractual relationships).
Tier 2+ suppliers (sub-suppliers, raw material providers) — the CSDDD extends beyond Tier 1 where risks are foreseeable.
Downstream business partners (distributors, franchisees, customers using your products as inputs).

Prioritize mapping depth based on risk: sectors and geographies with known human rights or environmental risks warrant deeper tracing.

Step 3: Conduct Risk-Based Impact Assessments

Apply a risk-based approach to prioritize due diligence efforts:

Sector risk screening: Use resources like the OECD Due Diligence Guidance sector supplements, the ILO’s child labor risk model, and SASB materiality maps to identify inherently high-risk sectors.
Geographic risk screening: Cross-reference supplier locations against human rights indices (Freedom House, Transparency International CPI), environmental risk databases, and conflict area maps.
Severity assessment: For identified risks, assess severity based on scale (number of people affected), scope (geographic or systemic extent), and irremediability (ability to restore affected persons to pre-impact status).

Step 4: Develop Appropriate Measures

The CSDDD requires “appropriate measures” proportionate to the severity and likelihood of impacts, the company’s ability to influence the business partner, and the nature of the business relationship. Appropriate measures may include:

Contractual cascading: Embedding due diligence requirements in supplier contracts and codes of conduct, with meaningful enforcement mechanisms.
Supplier capacity building: Providing training, technical assistance, or financial support to help suppliers address identified risks.
Collaborative initiatives: Participating in industry-wide due diligence programs, multi-stakeholder initiatives, or joint auditing schemes.
Business relationship modification: Adjusting procurement practices, diversifying suppliers, or — as a last resort — suspending or terminating relationships with non-compliant partners.

Step 5: Build Monitoring and Complaints Infrastructure

Establish ongoing monitoring mechanisms:

Periodic assessments at defined intervals (annual for high-risk areas, biennial for medium-risk).
Event-triggered reassessments when significant changes occur (new supplier relationships, geopolitical events, natural disasters).
Complaints mechanism accessible to workers, communities, and other stakeholders throughout the value chain. This can be an operational-level grievance mechanism, a shared industry mechanism, or engagement with a multi-stakeholder initiative that includes a grievance function.

Step 6: Integrate with CSRD Reporting

Align your CSDDD due diligence documentation with ESRS disclosure requirements from the outset. Build data collection processes that serve both purposes:

Due diligence findings feed directly into ESRS S1-S4 and E1-E5 disclosures.
Remedial actions documented under CSDDD processes provide the “actions taken” content required by ESRS standards.
Monitoring data supports the “metrics and targets” requirements across relevant ESRS standards.

Step 7: Prepare for Enforcement and Liability

The CSDDD establishes two enforcement channels:

Administrative supervision by designated national authorities, with powers to impose fines up to 5% of net worldwide turnover.
Civil liability allowing affected persons to claim damages in EU courts, with a five-year limitation period.

Companies should involve legal counsel in designing due diligence processes, ensure documentation standards meet evidentiary requirements, and review insurance coverage for supply chain liability exposure.

The Strategic Opportunity

Companies that view the CSDDD purely as a compliance cost miss its strategic implications. Robust supply chain due diligence generates intelligence that improves procurement decisions, reduces supply disruption risk, strengthens supplier relationships, and builds brand resilience. Leading companies are discovering that the data infrastructure built for CSDDD compliance also enables more accurate Scope 3 reporting, better risk-adjusted supplier selection, and stronger narratives for ESG-oriented investors.

The companies that will thrive under this new regulatory architecture are those that integrate due diligence into their core business processes — procurement, risk management, strategic planning — rather than treating it as a standalone compliance project.

How Socious Report Supports CSDDD Compliance

Managing the data complexity of CSDDD supply chain due diligence — supplier assessments, risk screening results, remedial action tracking, complaints mechanism records — alongside CSRD reporting obligations requires integrated technology infrastructure.

Socious Report provides automated mapping between due diligence findings and ESRS disclosure requirements, ensuring consistency between your CSDDD documentation and sustainability reports. The platform processes supplier data from multiple sources, flags high-risk areas using configurable screening criteria, and maintains the audit trails that both administrative supervisors and legal counsel require.

Explore Socious Report to see how integrated due diligence and reporting automation can streamline your CSDDD and CSRD compliance.