Navigating CSDDD: Practical implications for in scope companies and their business partners

Introduction 

The EU’s Corporate Sustainability Due Diligence Directive (CSDDD) has been significantly revised by the provisions of the Omnibus I Directive published in February 2026. While the framework has been simplified and the number of companies that will fall directly within scope has been greatly reduced, the revised due diligence obligations will have far-reaching implications for companies. Although the application date is a few years away (26 July 2029), companies should, as a first step, be taking action to determine whether (i) their corporate group will fall within scope; and/or (ii) any of their business partners will be in scope.

Legislative background

The Omnibus I Directive forms part of the Omnibus I package on sustainability published in February 2025. Coming under the new European Commission (Commission)’s “competitiveness” strategic priority, this package is one of a number intended to simplify legislative requirements with the ultimate aim being to make EU businesses more competitive including by reducing regulatory complexity and administrative burdens.

The passage of this legislation through the EU’s legislative process was anything but smooth. These reforms have, at least in the short term, created uncertainty and unpredictability for companies seeking to conduct sustainability due diligence as part of their plans to implement long-term sustainability strategies. However, despite the amendments introduced to CSDDD, its aim continues to be to foster sustainable and responsible corporate behaviour in companies’ operations, those of their subsidiaries and across their global value chains. 

Article 19 of CSDDD requires the Commission to issue practical guidance, intended to support companies in implementing due diligence measures and enforcement by EU member states, as well as setting stakeholder expectations. On 12 June 2026, the Commission launched a consultation seeking stakeholder input to inform the development of these guidelines. Responses to the consultation are due by 24 July 2026, with adoption of the guidelines expected in Q1 2027.

What has changed? 

Scope

The amendments introduced by the Omnibus I Directive significantly narrowed the scope of CSDDD, with those in scope including the largest EU corporate groups and companies and those non-EU groups with substantial EU revenue. While micro companies and SMEs are not directly in scope, they may be indirectly impacted where they form part of the value chain of an in scope company.

The following entity types fall within the revised scope:

Key obligations

In scope companies

Sustainability due diligence obligations are imposed on in scope companies, focused on actual and potential adverse human rights and environmental impacts linked with their operations, those of their subsidiaries and the operations carried out by their business partners in their chains of activities.

Business partners include entities directly or indirectly connected to a company’s operations, products or services, including suppliers, contractors and indirect value chain actors. Companies must consider both those they do business with directly and wider “chain of activities” actors whose operations may pose human rights or environmental risks.

The chain of activities covers relevant upstream activities, including design, extraction, sourcing, manufacturing, transport, storage and product or service development, as well as downstream activities such as distribution, transport and storage performed for or on behalf of the company.

As the amendments introduced by the Omnibus I Directive have resulted in the obligation to adopt and implement a transition plan for climate change mitigation being removed, the focus is now solely on due diligence obligations and liability for violations of these obligations.

The below checklist provides a practical, high-level overview of the key environmental and human rights due diligence obligations under the revised CSDDD. Factors that will inform the measures that businesses should take to identify, assess, prevent, mitigate, bring to an end and/or minimise adverse impacts are highlighted in the relevant provisions of CSDDD. These should be considered as in scope companies prepare to comply with these due diligence obligations. 

Integrate due diligence into policies and risk management systems

• Integrate due diligence into relevant policies and risk management systems
• Develop a specific risk‑based due diligence policy, noting that CSDDD sets out specific information that needs to be included in this policy
• Consult employees and their representatives as part of the development of the due diligence policy
• Update the due diligence policy after any significant change occur and, review and, where necessary, update the policy at least every 2 years

Identify and assess actual or potential adverse impacts

Identify actual and potential adverse human rights and environmental impacts across business operations as well as those of subsidiaries and business partners. Certain risk factors need to be taken into account including the facts, situations and circumstances at the level of the business partner when:  

• mapping operations, subsidiaries and business partners to identify general areas where adverse impacts are most likely to occur and to be most severe
• conducting targeted in‑depth assessments of the areas where adverse impacts were identified to be most likely to occur and most severe

Prioritise identified actual and potential adverse impacts

Where it is not feasible to prevent, mitigate, bring to an end or minimise all identified adverse impacts, companies must:

• first address the most severe and most likely impacts
• subsequently address less severe and less likely impacts within a reasonable time

Prevent and mitigate potential adverse impacts

• Take appropriate measures to prevent or adequately mitigate potential adverse impacts identified
• Where necessary, develop and implement a prevention action plan
• Seek contractual assurances from direct business partners, verify compliance and provide targeted support to prevent or mitigate potential adverse impacts

Bring actual adverse impacts to an end and minimising their extent

• Take appropriate measures to bring actual adverse impacts to an end, or where not possible, minimise their extent
• Where the impact cannot be immediately ended, develop and implement a corrective action plan
• Seek contractual assurances from business partners, verify compliance and provide targeted support to facilitate the cessation or minimisation of adverse impacts

Provide remediation for actual adverse impacts

• Provide remediation where the company has caused or jointly caused an actual adverse impact
• Where the impact is only caused by a business partner, use influence with this business partner to ensure remediation and consider whether to voluntarily remediate

Suspension of a business relationship is a measure of last resort, to be considered only where a company has identified adverse impacts that cannot be prevented, mitigated or ended. In scope companies must only resort to suspending a business relationship once all other due diligence measures have been unsuccessfully exhausted, including the use of contractual leverage, prevention action plans and targeted support to business partners.

In addition to the obligations set out above, in scope companies must, on an ongoing basis:

• monitor the effectiveness of their due diligence policy
• publicly communicate on due diligence
• engage with stakeholders.

Companies are required to establish and maintain a notification mechanism and a complaints procedure to enable stakeholders to raise concerns pertaining to actual or potential adverse human rights or environmental impacts arising from the company’s operations or its value chain.

Business partners

Although the revised framework targets the largest companies posing the greatest human rights and environmental risks and seeks to limit trickle-down effects, the legislation will continue to have practical consequences for many companies outside its immediate scope. The revised CSDDD retains a risk-based approach, meaning due diligence extends beyond direct business partners and targets activities with the most likely and severe impacts.

Smaller companies could still be affected where they are business partners in an in scope company’s chain of activities, particularly through information requests, updates to contractual provisions and to support stakeholder engagement requirements. Such companies may be approached for information where necessary to enable the identification and assessment of actual and potential adverse impacts. They may be subject to information requests, based on reasonably available information, that are focused on areas where adverse impacts are most likely to occur or most severe, following a risk-based scoping and assessment process.

Set out below are some practical tips that companies outside the immediate scope of the revised CSDDD should be thinking about:

• Understand your place in the value chain: Companies should consider the value chains they form part of and engage with their business partners to identify where sustainability information may be requested
• Expect contractual obligations to cascade through the value chain: Companies outside the immediate scope of CSDDD may still be required to comply with supplier codes of conduct and contractual assurances imposed by in scope business partners, whether direct or indirect
• Prepare for targeted and reasonable information requests: Business partners should expect in scope companies to seek specific information on human rights and environmental risks
• Cooperate on prevention, mitigation and remediation: Where adverse impacts are identified by in scope companies, business partners may be asked to engage with action plans, provide supporting evidence and work collaboratively with those companies to prevent, mitigate or bring those impacts to an end.

Next steps

CSDDD forms part of a broader regulatory trend requiring companies to better understand where adverse human rights and environmental impacts may arise across their value chains. This creates opportunities for companies to build resilience by identifying where material risks sit within their value chains and taking steps to mitigate those risks.

Those businesses that align their due diligence processes with the Due Diligence Guidance for Responsible Business Conduct published by the Organisation for Economic Cooperation and Development (OECD) should have a good basis for preparing to comply with CSDDD’s due diligence obligations. In addition, the guidance currently being consulted on is designed to assist businesses as they consider their existing due diligence processes and what changes are needed to comply with these obligations.

Penalties of up to 3% of net worldwide turnover may be imposed for non-compliance with it being left to individual member states to set out the specific rules around penalties. With the provisions relating to a harmonised EU framework for civil liability removed in the revised CSDDD, now where a company is liable for damage caused by a failure to comply with the due diligence requirements, the actions that can be taken will be left to the relevant member state to determine.

As the transposition deadline is not until 26 July 2028, clarity will be needed from member states on how they intend to implement CSDDD’s provisions into national law. From an Irish perspective, the government has yet to provide any implementation details. In scope companies should monitor developments in the member states they do business in.      

With thanks for Maria Hughes for her assistance in the preparation of this article.

For further information on how CSDDD obligations may impact your business, please contact Jill Shaw, ESG & Sustainability Lead, Erin Ward, Solicitor, or any other member of the ALG ESG & Sustainability team.

Date published: 30 June 2026