CSDDDChain of activitiesEU

CSDDD chain of activities and supplier due diligence

Use this page to separate the CSDDD legal boundary from the practical supplier map used for human-rights and environmental due diligence.

It focuses on upstream and downstream coverage, subsidiaries, business partners, risk-based prioritisation, supplier engagement, and evidence that should survive review.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
6

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

Under the Corporate Sustainability Due Diligence Directive (CSDDD), the chain of activities is not a generic value-chain slogan. It is a defined boundary for due diligence over a company's own operations, subsidiaries, and business partners where those partner activities relate to the company's production, services, distribution, transport, or storage.

Section 1

What does chain of activities mean under the CSDDD?

Article 3 defines the chain of activities in two parts. Upstream coverage includes business-partner activities related to producing goods or providing services for the company, including design, extraction, sourcing, manufacture, transport, storage, supply of raw materials, products or product parts, and product or service development.

Downstream coverage is narrower. It covers business partners that distribute, transport, or store the company's product for the company or on its behalf. It does not turn every customer use, product disposal route, or downstream service relationship into CSDDD chain-of-activities scope.

  • Treat raw materials, components, contract manufacturing, logistics into production, and service-development inputs as upstream mapping candidates.
  • Treat distribution, transport, and storage of the company's product as downstream candidates only when the partner performs those activities for or on behalf of the company.
  • Exclude product disposal from the CSDDD chain-of-activities definition rather than forcing waste-stage actors into this page's supplier map.
  • For regulated financial undertakings, keep the chain-of-activities boundary to upstream activities; downstream recipients of financial services and products are not included in that definition.
  • Keep export-controlled product scenarios separate because the Directive excludes certain distribution, transport, storage, and disposal activities after export authorisation.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Article 3 defines chain of activities, direct and indirect business partners, subsidiaries, appropriate measures, risk factors, and severity.
Official ELI text for Directive (EU) 2024/1760
Durable ELI source for the same CSDDD legal text and article references used to define the chain-of-activities boundary.
Recommended next step

Turn the CSDDD supplier map into evidence

Use Sorena to connect CSDDD chain-of-activities boundaries, supplier segmentation, impact evidence, and review records before teams update policies or questionnaires.

Research workflow
Open Research Copilot

Answer CSDDD supplier-scope questions with cited source material.

Explore next step
Talk to Sorena
Discuss CSDDD implementation

Review chain-of-activities boundaries, supplier records, and evidence gaps with Sorena.

Explore next step
Section 2

How should subsidiaries and business partners be classified?

The CSDDD separates subsidiaries from business partners. A subsidiary is part of the corporate group definition, while a business partner is an entity connected to the company's operations, products, or services. Direct business partners have a commercial agreement with the company or receive services from it; indirect business partners are not direct partners but still perform related business operations.

This classification matters because group-level due diligence support is possible, but subsidiaries remain subject to supervisory powers and civil liability. Supplier maps should therefore record whether a risk sits in the company's own operation, a subsidiary, a direct business partner, or an indirect business partner.

  • Create one record per legal entity or site, not one vague supplier-family label.
  • Tag each record as own operation, subsidiary, direct business partner, or indirect business partner.
  • Record the commercial link: contract, purchase order, logistics arrangement, service-development role, distribution appointment, or other relationship.
  • For subsidiaries covered through parent-company due diligence, retain the subsidiary's adapted policy, cooperation record, and any local measures it still performs.
  • Do not assume an indirect partner is out of view; Articles 8, 10, and 11 still refer to direct and indirect partners where their activities are part of the chain of activities.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Article 3 defines subsidiaries and direct and indirect business partners; Article 6 explains parent-company support for subsidiary due diligence.
Official ELI text for Directive (EU) 2024/1760
Supports the distinction between group-level due diligence support and continuing subsidiary responsibility under the Directive.
Section 3

How should supplier segmentation work in practice?

The Directive does not require every supplier to receive the same questionnaire or the same contractual package. Article 8 requires mapping of own operations, subsidiaries, and business partners to find areas where adverse impacts are most likely to occur and most severe. Article 9 then allows prioritisation when all impacts cannot be addressed at the same time and to their full extent.

A useful segmentation model starts with legal relationship and activity boundary, then adds risk factors: sector, geography, product or service, business operation, company-level factors, stakeholder information, complaints, and known impact history. The output should tell teams where an in-depth assessment is needed, not merely rank suppliers by spend.

  • Boundary segment: upstream production input, upstream service input, downstream product distribution, downstream product transport, downstream product storage, or out of CSDDD chain-of-activities scope.
  • Relationship segment: own operation, subsidiary, direct business partner, indirect business partner, SME business partner, or regulated financial undertaking upstream-only case.
  • Risk segment: severe or likely adverse impact indicators, sector and geography risk, product or service risk, business-model and purchasing-practice risk, and complaint or notification signals.
  • Assessment segment: no current in-depth assessment needed, targeted information request, site or partner assessment, prevention action plan, corrective action plan, or escalation for suspension or termination review.
  • Evidence segment: source of the risk signal, data owner, date of last review, information gaps, supplier response status, stakeholder input, and next review trigger.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 8 and 9 support risk-based mapping, in-depth assessment, and prioritisation by severity and likelihood.
Official ELI text for Directive (EU) 2024/1760
Article 3 defines risk factors and severity, which are the basis for supplier segmentation beyond spend or tier alone.
Section 4

What controls belong in supplier due diligence?

Supplier controls should follow the impact finding. Potential adverse impacts point to prevention or mitigation measures; actual adverse impacts point to bringing the impact to an end, minimising its extent, and remediation where the company caused or jointly caused the impact.

The CSDDD examples include prevention and corrective action plans, contractual assurances from direct partners with cascading to relevant partners, verification of those assurances, investments or operational changes, purchasing-practice changes, collaboration, and targeted support for SME business partners where necessary.

  • Use contractual assurances as one control, not as the whole programme; pair them with verification and impact-specific measures.
  • When an SME business partner is involved, check whether terms are fair, reasonable, and non-discriminatory and whether targeted capacity, management-system, or financial support is needed.
  • Separate potential-impact prevention plans from actual-impact corrective action plans so timelines, indicators, and remediation duties are clear.
  • Before suspending or terminating a relationship as a last resort, assess whether the suspension or termination would create manifestly more severe adverse impacts.
  • Keep stakeholder engagement, complaints, and notification mechanisms connected to the supplier map because they can surface new or better evidence of chain-of-activities impacts.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 10 to 14 describe prevention, corrective action, contractual assurances, SME support, remediation, stakeholder engagement, complaints, and notifications.
Official ELI text for Directive (EU) 2024/1760
Supports the requirement to verify contractual assurances and distinguish potential-impact and actual-impact measures.
Section 5

What evidence should prove the chain-of-activities assessment?

Evidence should show why a partner is inside or outside the chain of activities, why a risk was prioritised or deferred, and which measure was selected. A reviewer should be able to trace the decision from the CSDDD definition to supplier facts, impact evidence, owner approval, and monitoring results.

Do not keep only supplier self-attestations. The Directive points to quantitative and qualitative information, independent reports, complaints and notifications, stakeholder input, qualitative and quantitative indicators, and periodic assessments after significant changes and at least every 12 months under the current Directive text.

  • Chain-of-activities boundary memo for each material supplier or partner category, including upstream/downstream classification and any exclusion rationale.
  • Supplier and subsidiary register showing legal entity, site, activity, direct or indirect status, SME status where relevant, and connected product or service.
  • Risk segmentation worksheet with sector, geography, product or service, business-operation, complaint, notification, and stakeholder inputs.
  • In-depth assessment file for higher-risk areas, including source data, information gaps, supplier responses, independent reports, and baseline environmental or human-rights context where relevant.
  • Prevention or corrective action plan with owner, timeline, qualitative and quantitative indicators, contractual-assurance status, SME support decision, verification method, and monitoring result.
  • Complaints, notification, stakeholder-engagement, remediation, suspension, termination, and no-suspension rationale records linked back to the affected chain-of-activities record.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 8, 13, 14, and 15 support evidence from mapping, stakeholder engagement, complaints, notifications, and monitoring.
Official ELI text for Directive (EU) 2024/1760
Article 15 supports maintaining periodic assessment evidence for own operations, subsidiaries, and business partners related to the chain of activities.
Section 6

How should teams handle the 2025 Omnibus proposal?

The current binding CSDDD text covers direct and indirect business partners where their activities fall within the chain of activities. The 2025 Omnibus material in the grounding set describes proposed simplifications, including a proposal to focus normal due diligence on direct business partners with exceptions where there is plausible information about adverse impacts beyond tier 1.

Because that material is a proposal, do not rewrite live supplier policies as if the tier-1 limitation were already the binding rule unless national implementation or adopted EU amendments require it. A practical evidence file can track both views: current Directive basis and proposed-change watch item.

  • Label tier-1-only language as proposed if relying on the Omnibus proposal rather than adopted law.
  • Keep indirect-business-partner data where it supports current CSDDD mapping, product safety, reporting, contractual cascading, complaint handling, or known adverse-impact management.
  • Record plausible-information triggers that would justify looking beyond a direct partner, such as complaints, media reports, audit findings, stakeholder input, high-risk sourcing regions, or known sector risks.
  • Review supplier questionnaires for proportionality so low-risk SMEs are not asked for unnecessary evidence while higher-risk chain points still receive enough assessment.
Sources for this answer
Commission proposal COM(2025) 80 on CSRD and CSDDD dates
Commission proposal source used only to label 2025 Omnibus changes as proposed, not as the current binding chain-of-activities rule.
Directive (EU) 2024/1760 on corporate sustainability due diligence
Current binding source for direct and indirect business-partner references in the chain-of-activities due diligence obligations.
Primary sources

References and citations

Official ELI text for Directive (EU) 2024/1760
data.europa.eu
Referenced sections
  • Article 15 supports maintaining periodic assessment evidence for own operations, subsidiaries, and business partners related to the chain of activities.
"at least every 12 months"
Related guides

Explore more topics

CSDDD adverse impact prioritisation workflow
A CSDDD workflow for identifying actual and potential adverse human rights and environmental impacts, ranking severity and likelihood, and documenting prevention, mitigation, remediation, and stakeholder evidence.
CSDDD Applicability Test: EU and Non-EU Company Scope
Test whether Directive (EU) 2024/1760 may apply to an EU or non-EU company using grounded CSDDD employee, turnover, group, franchise, royalty, exclusion, and phase-in checks.
CSDDD Chain of Activities Boundaries
Define CSDDD upstream and downstream chain of activities boundaries for subsidiaries, direct and indirect business partners, distribution, transport, storage, and records.
CSDDD chain of activities boundaries: upstream and downstream FAQ
FAQ on how the CSDDD defines chain of activities boundaries for subsidiaries, direct and indirect business partners, upstream activities, downstream logistics, and evidence.
CSDDD civil liability under Article 29: what companies should check
FAQ on CSDDD Article 29 civil liability: liability conditions, protected legal interests, causation, compensation, limitation periods, and evidence disclosure.
CSDDD Climate Transition Plan Requirements
Article 22 CSDDD guidance for climate transition plans: business model alignment, targets, actions, funding, governance, and 12-month progress updates.
CSDDD complaints and notifications FAQ
FAQ on Article 14 CSDDD complaint and notification mechanisms, who may complain, follow-up rights, confidentiality, retaliation, and evidence.
CSDDD compliance duties and evidence guide
A grounded CSDDD compliance guide covering due diligence policy, adverse impact identification, prevention, corrective action, complaints, monitoring, reporting, climate plans, and supervisory evidence.
CSDDD contractual assurances FAQ for Articles 10 and 11
How CSDDD Articles 10 and 11 use contractual assurances with business partners, verification, SME support, action plans, and suspension or termination escalation.
CSDDD deadlines and compliance calendar after Directive (EU) 2025/794
Current CSDDD calendar for transposition, application phases, Article 16 reporting exceptions, Commission guidance dates, and practical compliance evidence.
CSDDD due diligence checklist
A grounded CSDDD checklist for scope, due diligence policy, chain-of-activities risk mapping, impact prioritisation, action plans, complaints, monitoring, communication, climate planning, and evidence.
CSDDD Due Diligence Steps Playbook for Articles 5 and 7-16
A grounded playbook for the CSDDD due diligence sequence: policy integration, impact assessment, prioritisation, prevention, correction, remediation, stakeholder engagement, complaints, monitoring, communication, and evidence.
CSDDD FAQ: scope, dates, duties, liability, and evidence
Practical answers on CSDDD scope, current application dates, chain of activities, due diligence duties, complaints, remediation, civil liability, climate plans, and evidence.
CSDDD franchising and licensing scope FAQ
FAQ on when franchise or licensing networks can fall within Article 2 of the EU CSDDD, including royalties, turnover, EU and non-EU treatment, and evidence.
CSDDD grievance and remediation workflow guide
Build a CSDDD grievance, notification, stakeholder engagement, and remediation workflow around Articles 12, 13, and 14 of Directive (EU) 2024/1760.
CSDDD Liability and Penalties: enforcement, fines, and civil claims
A grounded guide to CSDDD supervisory enforcement, penalty mechanics, civil liability, compensation limits, evidence records, and national transposition caveats.
CSDDD non-EU turnover threshold FAQ
How non-EU companies should assess CSDDD scope using EU-generated turnover, group thresholds, authorised representative records, and competent authority evidence.
CSDDD Non-EU Turnover Thresholds and Scope Waves
Article 2 and Article 37 CSDDD scope guide for non-EU Union turnover, group routes, franchise and licensing routes, and current application dates after Directive (EU) 2025/794.
CSDDD Omnibus timing changes after Directive (EU) 2025/794
FAQ answer on current CSDDD Article 37 dates after Directive (EU) 2025/794 and how to separate adopted timing changes from proposal-stage Omnibus simplification.
CSDDD penalties and fines under Article 27
How CSDDD Article 27 sets penalty rules, turnover-based fine caps, public decision publication, supervisory authority powers, and national transposition caveats.
CSDDD prevention vs mitigation: potential and actual adverse impacts
CSDDD FAQ on when to prevent or mitigate potential adverse impacts, when to end or minimise actual adverse impacts, and what evidence records to keep.
CSDDD remediation FAQ: when companies must remedy adverse impacts
FAQ on CSDDD remediation: when Article 12 requires remedy, how complaints and stakeholder engagement affect the response, and what evidence to keep.
CSDDD Remediation Plan Template: Article 12, 13 and 14 evidence
A CSDDD remediation plan template for actual adverse impacts, complaint inputs, stakeholder engagement, action records, and monitoring evidence.
CSDDD requirements: scope, due diligence, climate plan, and evidence
A grounded map of the Corporate Sustainability Due Diligence Directive requirements across scope, due diligence policy, impact assessment, complaints, remediation, monitoring, communication, and climate transition planning.
CSDDD risk prioritisation FAQ: severity, likelihood, and evidence
How to prioritise CSDDD adverse impacts when teams cannot address everything at once, using severity, likelihood, stakeholder evidence, and a reviewable rationale.
CSDDD Scope Thresholds: EU, Non-EU, Group and Franchise Routes
Article 2 CSDDD scope thresholds for EU companies, non-EU Union turnover, ultimate-parent groups, franchise and licensing routes, consecutive-year tests, and evidence records.
CSDDD scope waves: current Article 37 dates and thresholds
FAQ on the current CSDDD phase-in after Directive (EU) 2025/794: 26 July 2028, 26 July 2029, Article 2 scope thresholds, and evidence to retain.
CSDDD Supplier Contract Clause Review Workflow
Review supplier contract clauses against CSDDD Articles 10 and 11: contractual assurances, verification, SME fairness, support, action plans, and escalation evidence.
CSDDD Supplier Contract Clauses: Articles 10 and 11 Evidence
How to use CSDDD supplier contract clauses without treating clauses as a substitute for due diligence: contractual assurances, verification, SME support, action plans, limits, and evidence.
CSDDD supplier human rights impact scoring template
A CSDDD supplier impact scoring template for Article 8 identification, Article 9 prioritisation, severity, likelihood, stakeholder input, chain-of-activities boundaries, and evidence records.
CSDDD transition plans FAQ: Article 22 climate plan requirements
FAQ on CSDDD Article 22 climate transition plans: targets, decarbonisation levers, investment and funding, governance, CSRD overlap, and evidence records.
CSDDD vs CSRD: Due Diligence and Reporting Compared
Compare CSDDD due diligence duties with CSRD sustainability reporting, including scope, timing, Article 16 reporting, evidence overlap, assurance, and enforcement.
CSDDD vs German LkSG Comparison
Compare the EU CSDDD with Germany's LkSG without mixing directive duties, national-law duties, chain boundaries, complaints, reporting, and enforcement routes.
CSDDD vs OECD Guidelines
Compare the binding EU CSDDD with the OECD Guidelines for responsible business conduct across scope, due diligence duties, business relationships, remediation, and evidence.
How CSDDD overlaps with OECD, UNGP, and ILO standards
FAQ on how OECD responsible business conduct guidance, the UN Guiding Principles, and ILO labour standards inform CSDDD due diligence without being the same legal instrument.