CSDDDCompliance guideEU

CSDDD compliance guide

Use this page to translate Directive (EU) 2024/1760 into operating controls, evidence records, and supervisory-ready documentation.

The focus is the core due diligence cycle: policy integration, impact identification and prioritisation, prevention, corrective action, remediation, complaints, stakeholder engagement, monitoring, communication, and climate planning.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
6

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

CSDDD compliance is not a supplier questionnaire alone. Directive (EU) 2024/1760 applies to EU companies formed under Member State law with more than 1,000 employees and net worldwide turnover above EUR 450 million, as well as certain non-EU companies with more than EUR 450 million net turnover in the Union. It applies on a staggered timetable, with the first group in scope from 26 July 2027, the next from 26 July 2028, and full application from 26 July 2029. In scope, companies must embed risk-based human rights and environmental due diligence into policies and risk management systems, identify and prioritise adverse impacts across their operations, subsidiaries, and chains of activities, act on potential and actual impacts, maintain complaint channels, monitor effectiveness, communicate publicly, and adopt and put into effect a climate transition plan where the Directive applies.

Section 1

Build the compliance baseline around Articles 7 to 16 and Article 22

A defensible CSDDD programme starts by mapping each obligation to an internal control owner and an evidence record. Article 7 is the anchor: due diligence must be integrated into relevant policies and risk management systems, and the company must have a due diligence policy that supports risk-based due diligence.

The policy record should include the company's long-term due diligence approach, a code of conduct for the company, subsidiaries, and relevant business partners, and the processes used to implement due diligence and verify code-of-conduct compliance. Keep phase-in dates and national transposition status in a separate legal tracker, because timing can change through EU amendments and Member State implementation.

  • Board or executive governance record: confirms who owns CSDDD implementation, escalation, and resourcing.
  • Due diligence policy: states the long-term approach, code of conduct, and procedures for integrating due diligence into business processes.
  • Risk management link: shows how CSDDD impact work connects to enterprise risk, procurement, legal, sustainability, HR, and site-level controls.
  • Employee consultation record: documents consultation with employees and their representatives before adopting or updating the due diligence policy.
  • Policy update trigger: captures significant changes and the scheduled review of the policy at least every 24 months.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Article 7 requires companies to integrate due diligence into policies and risk management systems and maintain a due diligence policy.
European Commission corporate sustainability due diligence page
The Commission describes the Directive as covering adverse human rights and environmental impacts in company operations and global value chains.
Section 2

Identify, assess, and prioritise adverse impacts

Article 8 requires companies to take appropriate measures to identify and assess actual and potential adverse human rights and environmental impacts. The operational record should therefore start with a chain-of-activities map, not with a generic supplier score. It should cover own operations, subsidiaries, and, where related to the chain of activities, business partners.

Article 9 allows prioritisation when all identified impacts cannot be handled at the same time and to their full extent. Prioritisation must be based on severity and likelihood, and the record should show why the most severe and most likely impacts were handled first.

  • Map operations, subsidiaries, and chain-of-activities business partners where adverse impacts are most likely and most severe.
  • Use quantitative and qualitative inputs, including independent reports, site data, worker or community information, complaints, and notification-channel evidence.
  • Record each identified impact as actual or potential, human rights or environmental, affected stakeholder group, location, business relationship, severity, likelihood, and information source.
  • Prioritise only when simultaneous full treatment is not feasible, and document the severity and likelihood criteria used.
  • After the most severe and likely impacts are addressed, keep a backlog for less severe or less likely impacts with owners and next review triggers.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 8 and 9 establish identification, assessment, and severity-and-likelihood prioritisation duties.
EUR-Lex summary of corporate sustainability due diligence
The EUR-Lex summary explains that companies must identify actual or potential impacts and prioritise them based on severity and likelihood.
Section 3

Prevent potential impacts and correct actual impacts

CSDDD separates potential and actual impacts. For potential impacts, Article 10 requires appropriate measures to prevent them or, where prevention is not possible or not immediately possible, adequately mitigate them. For actual impacts, Article 11 requires appropriate measures to bring them to an end or, where immediate termination is not possible, minimise their extent.

A useful compliance file should show whether the impact is caused by the company, jointly caused with a subsidiary or business partner, or caused only by a business partner in the chain of activities. That causation and leverage analysis drives the choice of action: prevention plan, corrective action plan, contractual assurances, verification, operational changes, SME support, collaboration, suspension, termination, or remediation.

  • Prevention action plan: use for potential impacts that require structured measures, timelines, and qualitative or quantitative improvement indicators.
  • Corrective action plan: use for actual impacts that cannot immediately be brought to an end and need staged action.
  • Business partner controls: document contractual assurances, code-of-conduct flow-down, verification method, and any independent third-party verification.
  • Operational changes: record changes to purchasing practices, design, distribution, facilities, production, infrastructure, business plans, or overall strategies.
  • SME support: where relevant, show targeted and proportionate support such as capacity-building, training, management-system upgrades, financing support, or continued sourcing guarantees.
  • Last-resort disengagement: before suspension or termination, document whether disengagement would create adverse impacts that are manifestly more severe than the unresolved impact.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 10 and 11 distinguish prevention and mitigation of potential impacts from bringing actual impacts to an end or minimising their extent.
EUR-Lex summary of corporate sustainability due diligence
The EUR-Lex summary lists prevention, mitigation, bringing actual impacts to an end, minimisation, and remediation as core due diligence steps.
Section 4

Handle remediation, complaints, and stakeholder engagement as operating controls

Article 12 requires remediation where the company caused or jointly caused an actual adverse impact. Article 13 requires meaningful stakeholder engagement at specific due diligence stages, including identification, prioritisation, prevention and corrective action plans, suspension or termination decisions, remediation, and monitoring indicators.

Article 14 requires a notification mechanism and complaints procedure. The procedure should be fair, publicly available, accessible, predictable, and transparent. It should allow eligible affected persons, representatives, trade unions, worker representatives, and experienced civil society organisations to raise concerns, and it should protect confidentiality and guard against retaliation in line with national law.

  • Remediation record: impact, affected person or community, company implication, chosen remedy, proportionality rationale, owner, status, and close-out evidence.
  • Stakeholder engagement file: consulted stakeholder group, information shared, additional information requests, barriers to engagement, confidentiality measures, and how input changed the decision.
  • Complaints procedure: public channel, eligibility categories, acknowledgement, assessment, founded or unfounded decision, reasons, follow-up, meeting option, and remediation discussion record.
  • Notification mechanism: anonymous or confidential intake route for information about actual or potential adverse impacts.
  • Retaliation control: records measures taken to protect complainant or notifier identity and safety where information must be shared.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 12, 13, and 14 support remediation, meaningful stakeholder engagement, complaints handling, confidentiality, and anti-retaliation controls.
EUR-Lex summary of corporate sustainability due diligence
The EUR-Lex summary confirms remediation, stakeholder engagement, and accessible notification and complaints procedures as required due diligence elements.
Section 5

Monitor, communicate, and maintain climate-plan evidence

Article 15 requires periodic assessment of the company's own operations and measures, subsidiaries, and relevant business partners in the chain of activities. The assessment must test implementation and the adequacy and effectiveness of identification, prevention, mitigation, bringing impacts to an end, and minimisation. It must occur after a significant change, at least every 12 months, and when reasonable grounds indicate new risks.

Article 16 requires public communication through an annual statement unless an exemption applies. Article 22 requires covered companies to adopt and put into effect a transition plan for climate change mitigation aligned, through best efforts, with a sustainable economy and limiting global warming to 1.5 C in line with the Paris Agreement. The climate-plan evidence should be tied to targets, decarbonisation levers, investment and funding, governance roles, and annual progress updates.

  • Monitoring pack: assessment date, significant-change trigger, indicators used, findings, stakeholder information considered, and updates to policy, impact register, or measures.
  • Annual due diligence statement: publication language, website location, reporting boundary, covered matters, approval record, and European single access point (ESAP) submission readiness where applicable.
  • Climate transition plan: 2030 target and five-year steps to 2050, scope 1, 2, and where appropriate scope 3 emissions categories, decarbonisation levers, and product or service portfolio changes.
  • Climate implementation evidence: investment and funding assumptions, governance-body roles, annual progress update, and whether CSRD transition-plan reporting is being relied on for the adoption obligation.
  • Document retention: keep identified impacts, assessments, action plans, contracts, verifications, remediation measures, monitoring records, notifications, and complaints together for at least five years.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 15, 16, and 22 support monitoring, annual public communication, and climate transition-plan evidence requirements.
EUR-Lex summary of corporate sustainability due diligence
The EUR-Lex summary confirms annual public due diligence communication, five-year documentation retention, and climate transition-plan content.
Recommended next step

Turn CSDDD obligations into an evidence workflow

Use this CSDDD guide to connect due diligence duties, impact records, complaint channels, climate-plan evidence, and supervisory response files before teams publish or report compliance claims.

Research workflow
Open Research Copilot

Answer CSDDD implementation questions with cited source material.

Explore next step
Talk to Sorena
Discuss CSDDD implementation

Review scope, due diligence controls, evidence records, and next implementation steps with Sorena.

Explore next step
Section 6

Prepare for supervisory and enforcement review

CSDDD compliance evidence should be built for supervisory review, not only internal assurance. Member States must designate supervisory authorities to supervise compliance with national provisions adopted under Articles 7 to 16 and Article 22. Supervisory authorities must have powers to require information, carry out investigations, order cessation of infringements, require action or remediation where appropriate, impose penalties, and adopt interim measures for imminent risk of severe and irreparable harm.

Do not publish unsupported penalty caps or definitive enforcement outcomes on a compliance page unless the adopted national law and current EU amendments are in the source set. For this page, the grounded claim is the enforcement architecture: administrative supervision, substantiated concerns, investigation records, remedial-action periods, penalties that are effective, proportionate, and dissuasive, and possible public statements for unpaid pecuniary penalties.

  • Authority-response file: designated supervisory authority, contact point, information requests, submissions, response dates, and legal review notes.
  • Substantiated-concern register: concerns received from authorities or stakeholders, objective basis, competence routing, assessment outcome, and protective measures for identity information.
  • Investigation record: nature and result of investigation, remedial-action period, enforcement action, and evidence supplied to the authority.
  • Penalty factors file: gravity, duration, severity of impacts, prevention or corrective investments, collaboration, prioritisation rationale, previous infringements, remedial action, and financial benefit or loss avoided.
  • Non-EU company file: authorised representative designation, accepted appointment, contact details, powers and resources, and supervisory authority notification.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 23 to 27 support authorised representatives, supervisory authorities, investigations, substantiated concerns, and penalty mechanics.
European Commission corporate sustainability due diligence page
The Commission page describes administrative supervision through Member State authorities and coordinated EU-level supervision.
Primary sources

References and citations

EUR-Lex summary of corporate sustainability due diligence
data.europa.eu
Referenced sections
  • The EUR-Lex summary confirms annual public due diligence communication, five-year documentation retention, and climate transition-plan content.
"keeping all documentation on their due diligence compliance for at least five years"
Related guides

Explore more topics

CSDDD adverse impact prioritisation workflow
A CSDDD workflow for identifying actual and potential adverse human rights and environmental impacts, ranking severity and likelihood, and documenting prevention, mitigation, remediation, and stakeholder evidence.
CSDDD Applicability Test: EU and Non-EU Company Scope
Test whether Directive (EU) 2024/1760 may apply to an EU or non-EU company using grounded CSDDD employee, turnover, group, franchise, royalty, exclusion, and phase-in checks.
CSDDD chain of activities and supplier due diligence
Explain CSDDD chain-of-activities scope, upstream and downstream boundaries, subsidiaries, direct and indirect business partners, supplier risk segmentation, and evidence.
CSDDD Chain of Activities Boundaries
Define CSDDD upstream and downstream chain of activities boundaries for subsidiaries, direct and indirect business partners, distribution, transport, storage, and records.
CSDDD chain of activities boundaries: upstream and downstream FAQ
FAQ on how the CSDDD defines chain of activities boundaries for subsidiaries, direct and indirect business partners, upstream activities, downstream logistics, and evidence.
CSDDD civil liability under Article 29: what companies should check
FAQ on CSDDD Article 29 civil liability: liability conditions, protected legal interests, causation, compensation, limitation periods, and evidence disclosure.
CSDDD Climate Transition Plan Requirements
Article 22 CSDDD guidance for climate transition plans: business model alignment, targets, actions, funding, governance, and 12-month progress updates.
CSDDD complaints and notifications FAQ
FAQ on Article 14 CSDDD complaint and notification mechanisms, who may complain, follow-up rights, confidentiality, retaliation, and evidence.
CSDDD contractual assurances FAQ for Articles 10 and 11
How CSDDD Articles 10 and 11 use contractual assurances with business partners, verification, SME support, action plans, and suspension or termination escalation.
CSDDD deadlines and compliance calendar after Directive (EU) 2025/794
Current CSDDD calendar for transposition, application phases, Article 16 reporting exceptions, Commission guidance dates, and practical compliance evidence.
CSDDD due diligence checklist
A grounded CSDDD checklist for scope, due diligence policy, chain-of-activities risk mapping, impact prioritisation, action plans, complaints, monitoring, communication, climate planning, and evidence.
CSDDD Due Diligence Steps Playbook for Articles 5 and 7-16
A grounded playbook for the CSDDD due diligence sequence: policy integration, impact assessment, prioritisation, prevention, correction, remediation, stakeholder engagement, complaints, monitoring, communication, and evidence.
CSDDD FAQ: scope, dates, duties, liability, and evidence
Practical answers on CSDDD scope, current application dates, chain of activities, due diligence duties, complaints, remediation, civil liability, climate plans, and evidence.
CSDDD franchising and licensing scope FAQ
FAQ on when franchise or licensing networks can fall within Article 2 of the EU CSDDD, including royalties, turnover, EU and non-EU treatment, and evidence.
CSDDD grievance and remediation workflow guide
Build a CSDDD grievance, notification, stakeholder engagement, and remediation workflow around Articles 12, 13, and 14 of Directive (EU) 2024/1760.
CSDDD Liability and Penalties: enforcement, fines, and civil claims
A grounded guide to CSDDD supervisory enforcement, penalty mechanics, civil liability, compensation limits, evidence records, and national transposition caveats.
CSDDD non-EU turnover threshold FAQ
How non-EU companies should assess CSDDD scope using EU-generated turnover, group thresholds, authorised representative records, and competent authority evidence.
CSDDD Non-EU Turnover Thresholds and Scope Waves
Article 2 and Article 37 CSDDD scope guide for non-EU Union turnover, group routes, franchise and licensing routes, and current application dates after Directive (EU) 2025/794.
CSDDD Omnibus timing changes after Directive (EU) 2025/794
FAQ answer on current CSDDD Article 37 dates after Directive (EU) 2025/794 and how to separate adopted timing changes from proposal-stage Omnibus simplification.
CSDDD penalties and fines under Article 27
How CSDDD Article 27 sets penalty rules, turnover-based fine caps, public decision publication, supervisory authority powers, and national transposition caveats.
CSDDD prevention vs mitigation: potential and actual adverse impacts
CSDDD FAQ on when to prevent or mitigate potential adverse impacts, when to end or minimise actual adverse impacts, and what evidence records to keep.
CSDDD remediation FAQ: when companies must remedy adverse impacts
FAQ on CSDDD remediation: when Article 12 requires remedy, how complaints and stakeholder engagement affect the response, and what evidence to keep.
CSDDD Remediation Plan Template: Article 12, 13 and 14 evidence
A CSDDD remediation plan template for actual adverse impacts, complaint inputs, stakeholder engagement, action records, and monitoring evidence.
CSDDD requirements: scope, due diligence, climate plan, and evidence
A grounded map of the Corporate Sustainability Due Diligence Directive requirements across scope, due diligence policy, impact assessment, complaints, remediation, monitoring, communication, and climate transition planning.
CSDDD risk prioritisation FAQ: severity, likelihood, and evidence
How to prioritise CSDDD adverse impacts when teams cannot address everything at once, using severity, likelihood, stakeholder evidence, and a reviewable rationale.
CSDDD Scope Thresholds: EU, Non-EU, Group and Franchise Routes
Article 2 CSDDD scope thresholds for EU companies, non-EU Union turnover, ultimate-parent groups, franchise and licensing routes, consecutive-year tests, and evidence records.
CSDDD scope waves: current Article 37 dates and thresholds
FAQ on the current CSDDD phase-in after Directive (EU) 2025/794: 26 July 2028, 26 July 2029, Article 2 scope thresholds, and evidence to retain.
CSDDD Supplier Contract Clause Review Workflow
Review supplier contract clauses against CSDDD Articles 10 and 11: contractual assurances, verification, SME fairness, support, action plans, and escalation evidence.
CSDDD Supplier Contract Clauses: Articles 10 and 11 Evidence
How to use CSDDD supplier contract clauses without treating clauses as a substitute for due diligence: contractual assurances, verification, SME support, action plans, limits, and evidence.
CSDDD supplier human rights impact scoring template
A CSDDD supplier impact scoring template for Article 8 identification, Article 9 prioritisation, severity, likelihood, stakeholder input, chain-of-activities boundaries, and evidence records.
CSDDD transition plans FAQ: Article 22 climate plan requirements
FAQ on CSDDD Article 22 climate transition plans: targets, decarbonisation levers, investment and funding, governance, CSRD overlap, and evidence records.
CSDDD vs CSRD: Due Diligence and Reporting Compared
Compare CSDDD due diligence duties with CSRD sustainability reporting, including scope, timing, Article 16 reporting, evidence overlap, assurance, and enforcement.
CSDDD vs German LkSG Comparison
Compare the EU CSDDD with Germany's LkSG without mixing directive duties, national-law duties, chain boundaries, complaints, reporting, and enforcement routes.
CSDDD vs OECD Guidelines
Compare the binding EU CSDDD with the OECD Guidelines for responsible business conduct across scope, due diligence duties, business relationships, remediation, and evidence.
How CSDDD overlaps with OECD, UNGP, and ILO standards
FAQ on how OECD responsible business conduct guidance, the UN Guiding Principles, and ILO labour standards inform CSDDD due diligence without being the same legal instrument.