The EU corporate sustainability due diligence law – what is it?

May 2022

On the 23rd of February 2022, the European Commission presented a long-awaited proposal for a directive on Corporate Sustainability Due Diligence. You better get familiar with this new abbreviation to add to your sustainability vocabulary. CSDD.  

The point of the directive is to increase corporate accountability of companies, and to harmonise legal requirements across European countries. Companies operating in the EU market will be required by law to respect human rights and the environment. Decision makers in the EU have decided that time for voluntary action has come to an end. Too little, too long.  

We have boiled down the core content for you! 

Which companies?  

Not all companies will be forced to comply with this law. Initially it is only “very large” (500 + employees and 150 M E net turnover) and “large” (250 + employees and 40 M E net turnover) EU companies in certain high-risk sectors. There are similar size-focused thresholds for non-EU companies that place products and services onto the EU market. Small and medium sized companies are for now excluded from the scope, but the idea of the proposal is that they will largely be covered through the due diligence pushed upon them – by the larger companies through the value chain approach. 


  1. Act diligently – towards humans and the environment  

The core requirement of the proposed law is the requirement on companies to conduct due diligence. Companies must: 

  • Have a due diligence policy 
  • Identify harms to people and environment 
  • Manage those harms and risks; preventing and mitigating all possible, and bringing ongoing harms to an end. 
  1. The Board needs to legally care 

Directors of a company are mandated with a “duty of care” which means that when making decisions, they have to ensure that the decisions account for consequences for humans and environment – in the short, medium and long term. Although this might sound obvious – it is actually quite a huge deal. In Sweden, for example, we have nothing similar in our laws. Companies (aktiebolag) merely have an obligation to maximise profits for the shareholders. 

  1. Sued in court 

If a company fails to prevent or mitigate harm – and harm happens to a person, or the environment, then that company can be sued in court.  This liability is civil (and not criminal) – meaning that a victim can get financial compensation like a tort, but that the company cannot be found to be a criminal. 

  1. The State will check up on companies 

EU States will appoint an authority to supervise and check up on company’s performance. They will investigate compliance and order stopping of certain activities. It will also impose sanctions such as fines or administrative sanctions for companies that fail to comply. 

  1. Up and down 

Companies must ensure good performance of their business partners – not only suppliers. So, due diligence has to be carried out upstream, and downstream. Currently, the proposal suggests that the main focus in the value chain should be on a company’s “established business relationships”. It is suggested that contracts and verifications of performance are two ways to ensure good behaviour of your business partners. (As you might imagine, this is a main point for contention!) 

What do stakeholders think? 

Many stakeholders find the proposal to take many steps away from the human rights-centric approach of the UN Guiding Principles on Business and Human Rights, or the OECD Guidelines for Multinational Enterprises. In comparison, for example, it tones down the requirement on stakeholder consultation, on the need for remedy for victims of harm and to focus corporate priorities on the severity of an impact (there is now instead a focus on established business relationships). 


We are yet to see the final proposal. Currently, there are stakeholder consultations on the proposed text, and fierce negotiations taking place in the EU institutions. We can therefore expect to see changes. It is likely that negotiations will take place for at least one more year, and once the Directive is approved, countries will be given 2 years to implement it into their domestic laws. Thereafter – companies will be given a period before they are expected to live up to the requirement. So – we are likely looking at a time period of 3-5 years before companies will be legally required to act responsibly.  

The question is – are you going to wait, or have you already started?  

Let us know! Or join one or our trainings, see our calendar for more info.