CSDDD requirements are raising the bar on responsible sourcing. It’s no longer enough to publish a supplier code of conduct, you must prove how you identify, prioritize, and address human rights and environmental risks across your supply chain. This article explains the core CSDDD requirements and how to operationalize them at scale.
If you’re leading procurement, compliance, or sustainability in a global business, the Corporate Sustainability Due Diligence Directive (CSDDD) changes the question you’re expected to answer. It’s no longer “Do we have supplier policies?” It’s “Can we prove—consistently—that we identify, prioritize, prevent, and address human rights and environmental impacts across our chain of activities?”
That shift illustrates the essence of the CSDDD. The EU’s due diligence directive is designed to foster sustainable and responsible corporate behavior across global value chains, with expectations that companies in scope identify and address adverse impacts within Europe and beyond.
And because this is an EU directive, companies also have to manage an added layer of complexity: transposition into national law which entails variations across countries, supervisory enforcement, and practical interpretation across business units and supplier tiers.
This guide breaks down the CSDDD requirements that matter in practice—especially if you need to operationalize them across thousands of suppliers.
At a high level, CSDDD requires in-scope companies to embed due diligence into governance and day-to-day workflows. They must demonstrate how they identify and address actual and potential adverse human rights and environmental impacts connected to their own operations, subsidiaries, and relevant business partners in their “chain of activities.”
But “high level” is where many programs get stuck. To execute, it helps to translate legal obligations into a repeatable operating model with clear ownership, workflows, and evidence.
In practice, CSDDD requirements usually become six connected capabilities:
The CSDDD isn’t a standalone questionnaire project. It’s an enterprise risk discipline. Companies must integrate due diligence into relevant policies and risk management systems and maintain a due diligence policy that is risk-based.
What this means operationally:
One of the most important practical distinctions in the CSDDD is the chain of activities concept. It covers upstream business partners tied to the production and provision of services (extraction, sourcing, design, manufacture, transport, storage, supply) and downstream partners linked to the distribution, transport, and storage of products under certain conditions.
That means your “scope” is not just Tier 1 supplier onboarding. You need a structured way to map categories, regions, and business relationships—then focus effort where adverse impacts are most likely.
Most companies can produce a heatmap. Fewer can explain—clearly and consistently—why they assessed Supplier A this quarter but not Supplier B, and what evidence drove that decision.
A defensible approach typically combines:
The CSDDD’s logic is not “assess everything equally.” It’s prioritize intelligently, then show your prioritization criteria and actions.
A common mistake is to treat supplier risk as a “rating output.” The CSDDD pushes companies to act: prevention plans, corrective action plans, timelines, and follow-up. Your program needs to produce measurable change, not just documentation.
Practically, that means:
Even strong supplier programs struggle with “incoming signals”: worker feedback, NGO allegations, media reports, whistleblower reports, and internal escalations. The CSDDD expects companies to be able to receive concerns and act on them.
To make this real, you need:
6. Monitoring and audit-ready communication
The CSDDD doesn’t reward heroics at year-end. It favors continuous monitoring and clear evidence trails.
Your core deliverables should be:
CSDDD scope: The CSDDD applies to certain EU-incorporated companies and certain non-EU companies. It covers EU companies with more than 5,000 employees and a global net turnover above EUR 1.5 billion. Non-EU companies fall under the CSDDD if they have a net turnover of at least EUR 1.5 billion in the EU (no applicable employee threshold).
Timeline: The Omnibus amendments adopted by the European Parliament in December 2025 have yet to be published in the Official Journal of the EU before they enter into force. However, due diligence obligations are now expected to apply from July 26, 2029.
National transposition: EU member states must transpose the CSDDD into national law by July 2028. While national laws may introduce some variations, the core obligations and timelines are set at EU level.
Why this matters for procurement teams:
According to the Omnibus amendments adopted by the European Parliament in December 2025, transition plans ensuring a company’s business model is compatible with the shift to a sustainable economy and the 1.5°C goal of the Paris Agreement will no longer be required.
Key takeaway: Note that the adoption of transition plans remains a cornerstone of the CSRD. Companies falling under the reporting directive, which applies to businesses with at least 1,000 employees and a net annual turnover of over EUR 450 million, will still need to demonstrate alignment with broader policy objectives on climate change mitigation.
Most failures are not about intent. They’re about operating design.
Here’s a field-tested way to implement CSDDD requirements without turning procurement into a legal department.
Start with:
Segment suppliers by inherent risk + business criticality. Then define what “in-depth assessment” means for high-risk segments versus low-risk segments.
Design supplier engagement so it can:
Use one operating model to support both:
If your program can’t produce “what we assessed, what we found, what we changed, and what evidence proves it,” it won’t scale.
CSDDD requirements become manageable when they’re treated as a system—not a one-off project. IntegrityNext helps companies operationalize CSDDD obligations by turning the directive’s expectations into a scalable workflow:
Book a demo to see how IntegrityNext supports a risk-based, evidence-driven CSDDD program from supplier onboarding through remediation.
Discover IntegrityNext CSDDD solution
Embed due diligence into governance, map and prioritize risks across your chain of activities, take preventive and corrective actions, enable grievance handling, and maintain audit-ready evidence that shows progress over time.
The directive applies to EU companies with >5,000 employees and >EUR 1.5 billion net worldwide turnover, and to non-EU companies with an annual net turnover of >EUR 1.5 billion in the EU (no employee threshold).
It covers relevant upstream partners tied to production/provision and certain downstream partners tied to distribution/transport/storage—forming the practical scope for due diligence beyond just Tier 1.
The CSRD focuses on reporting, while the CSDDD focuses on due diligence. The two connect strongly through policies, risk management, data collection requirements, and supplier engagement.
Start with risk-based segmentation, then scale depth over time: prioritize high-risk categories and geographies, build a repeatable supplier engagement workflow, and standardize evidence capture.
December 19, 2025
On December 16, 2025, the European Parliament approved sweeping changes to the CSRD and CSDDD. While fewer companies are now formally in scope, supply chain due diligence and sustainability reporting remain essential. This article explains what the Omnibus changes mean in practice and how businesses can respond strategically.
March 18, 2025
Join us for a timely webinar where industry experts from Fugro will share their proactive approach to CSDDD compliance.
December 9, 2025
Discover five key supply chain sustainability trends emerging in 2026 – from regulatory shifts and AI agents to product traceability and supplier enablement. Gain insight into how leading companies are building resilience, driving innovation, and staying ahead in a fast-changing business environment.
