A checklist for turning Directive (EU) 2024/1760 into operating controls: scope assessment, due diligence policy, risk mapping, prevention, corrective action, remediation, complaints, monitoring, public communication, and climate transition planning.
Use it to test whether a CSDDD programme has the required records and decision points before management review, supplier engagement, or public reporting.
Structured answer sets in this page tree.
Cited legal and guidance references.
CSDDD readiness starts with a scope answer, but it cannot stop there. The directive links risk-based human rights and environmental due diligence to company policies, chain-of-activities mapping, impact prioritisation, action plans, stakeholder engagement, complaints handling, monitoring, public communication, and a climate transition plan for in-scope companies.
Record the legal entity, group position, financial year, employee count where relevant, worldwide turnover, EU turnover for non-EU companies, and any franchising or licensing model. Do not treat supplier pressure or customer requests as proof that the company itself is directly in scope.
For EU companies, check whether the company or ultimate parent exceeds the Article 2 employee and turnover thresholds. For third-country companies, check EU net turnover and group status. For franchising or licensing models, capture royalty and turnover facts separately because the directive treats them as a distinct route into scope.
The policy step is not a standalone statement. Article 7 requires due diligence to be integrated into relevant policies and risk management systems, with a due diligence policy developed after prior consultation with employees and their representatives.
The checklist should verify that the policy explains the company's long-term due diligence approach, includes a code of conduct for the company, subsidiaries, and relevant business partners, and describes how due diligence processes are implemented, verified, and extended to business partners.
Build the risk map around the CSDDD chain of activities, not an undefined supply-chain label. The directive covers own operations, subsidiaries, and, where related to chains of activities, business partners.
For goods and services, record upstream production or service inputs and covered downstream distribution, transport, and storage activities. Keep regulated financial undertakings separate because the directive describes a narrower chain-of-activities treatment for them.
CSDDD prioritisation is allowed when not all identified impacts can be addressed at the same time and to their full extent. The record should therefore show why an impact was addressed first, not only that it appeared on a risk register.
Use severity and likelihood as the prioritisation test. Severity should capture scale, scope, and irremediable character, including how many people may be affected, environmental extent, irreversibility, and the ability to restore people or the environment within a reasonable period.
Separate potential adverse impacts from actual adverse impacts. Potential impacts need prevention or mitigation measures under Article 10; actual impacts need measures to bring the impact to an end, minimise its extent, and, where the company caused or jointly caused the impact, provide remediation under Articles 11 and 12.
The action-plan record should explain the company's involvement, whether the issue sits in own operations, a subsidiary, a direct business partner, or an indirect business partner, and what influence the company can reasonably exercise.
Stakeholder engagement should be attached to due diligence decisions, not treated as an annual communications exercise. Article 13 calls for engagement when gathering information, developing action plans, deciding on suspension or termination, adopting remediation measures, and developing monitoring indicators where appropriate.
Article 14 also requires a notification mechanism and complaints procedure for legitimate concerns about actual or potential adverse impacts in own operations, subsidiaries, or business partners in the chain of activities.
CSDDD monitoring should test whether the due diligence policy and measures are adequate and effective across own operations, subsidiaries, and relevant business partners. It should use qualitative and quantitative indicators where appropriate and update the policy, identified impacts, and measures when assessments show that change is needed.
Public communication should distinguish companies that must publish an annual CSDDD statement from companies already covered by sustainability reporting requirements under Directive 2013/34/EU. The evidence file should support whichever reporting route applies.
Use this checklist to connect CSDDD scope, risk mapping, action plans, complaints, monitoring, communication, and climate planning to maintained records before management review or public reporting.
For companies in scope of Article 22, the checklist should confirm that a climate transition plan has been adopted and put into effect, or that the company is covered by a parent transition plan reported under the relevant sustainability reporting provisions.
The plan should be connected to business strategy, governance, funding, and operational decarbonisation work. A target table without implementation actions is not enough for the CSDDD control record.
"adopt and put into effect a transition plan"
"companies in scope identify and address adverse human rights and environmental impacts"