CSDDDPlaybookEU

CSDDD Due Diligence Steps Playbook

A step-by-step operating sequence for the CSDDD duties in Article 5 and Articles 7-16.

Use it to structure policy integration, impact assessment, prioritisation, prevention, corrective action, remediation, engagement, complaints, monitoring, communication, and evidence.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
5

Structured answer sets in this page tree.

Primary sources
2

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

Article 5 of Directive (EU) 2024/1760 defines CSDDD due diligence as a risk-based human rights and environmental process carried out through Articles 7 to 16. The practical sequence is not a generic compliance checklist: it starts with company policy and risk systems, then moves through impact mapping, prioritisation, prevention or correction, remediation, stakeholder engagement, complaints, monitoring, and public communication.

Section 1

Step 1: integrate due diligence into policy and risk systems

Start with Article 7. The company needs a due diligence policy embedded into relevant policies and risk management systems, not a standalone statement that procurement, operations, product, legal, and sustainability teams do not use.

The policy should describe the company's due diligence approach, include a code of conduct for the company, subsidiaries, and direct or indirect business partners where relevant, and explain the processes used to implement and verify the code. Article 7 also requires prior consultation with employees and their representatives when developing the policy.

  • Owner: board or executive sponsor for the policy; legal, sustainability, procurement, operations, and HR for implementation.
  • Evidence: approved due diligence policy, employee consultation record, code of conduct, risk-system mapping, business-partner flow-down approach, and verification process.
  • Review trigger: significant change; Article 7 also requires review and, where necessary, update at least every 24 months.
  • Do not treat Article 7 as only document control. It is the control layer for the later Article 8-16 steps.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Article 7 supports the policy, code-of-conduct, consultation, verification, and 24-month review requirements for the first playbook step.
Section 2

Step 2: identify, assess, and prioritise adverse impacts

Article 8 turns the policy into a risk scan. Map the company's own operations, subsidiaries, and business partners related to the chain of activities to find where adverse human rights or environmental impacts are most likely and most severe. Then perform an in-depth assessment in those higher-risk areas.

Article 9 applies when the company cannot address every actual or potential impact at once. Prioritisation is based on severity and likelihood, not on which issue is easiest, cheapest, or closest to an existing audit cycle.

  • Inputs: internal site and activity data, subsidiary data, business-partner and chain-of-activities mapping, independent reports, complaints and notification data, and stakeholder information.
  • Assessment fields: impact type, affected people or environment, severity, likelihood, source of information, business relationship, and whether the company may cause, jointly cause, contribute to, or be linked to the impact.
  • Prioritisation record: ranked impacts, rationale based on severity and likelihood, information gaps, and the next Article 10 or Article 11 action.
  • Evidence: risk map, in-depth assessment files, information requests to high-risk business partners, complaint inputs, and prioritisation minutes.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 8 and 9 support mapping, in-depth assessment, use of quantitative and qualitative information, and prioritisation by severity and likelihood.
Section 3

Step 3: prevent potential impacts and correct actual impacts

Split potential and actual impacts. Article 10 is for potential adverse impacts: prevent them where possible or adequately mitigate them where prevention is not possible or not immediately possible. Article 11 is for actual adverse impacts: bring them to an end, or minimise their extent if they cannot immediately be ended.

Both articles require the company to consider whether the impact is caused only by the company, jointly with a subsidiary or business partner, or only by a business partner in the chain of activities; where the impact occurs; and the company's ability to influence the relevant business partner.

  • Potential-impact controls: prevention action plan, contractual assurances, verification, operational or infrastructure changes, changes to business plans or purchasing practices, SME support, collaboration, and last-resort suspension or termination where the Article 10 conditions are met.
  • Actual-impact controls: neutralisation or minimisation, corrective action plan, contractual assurances, verification, operational or infrastructure changes, changes to business plans or purchasing practices, SME support, collaboration, remediation, and last-resort suspension or termination where the Article 11 conditions are met.
  • Action-plan fields: impact, root cause, responsible function, business partner, timeline, qualitative and quantitative indicators, support offered to SMEs, verification method, escalation route, and review status.
  • Evidence: prevention action plans, corrective action plans, contract clauses, verification reports, purchasing-practice changes, SME support records, suspension or termination assessments, and supervisory-authority rationale where the company decides not to suspend or terminate.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 10 and 11 support the distinction between potential-impact prevention or mitigation and actual-impact corrective measures, including action plans, contractual assurances, verification, SME support, and last-resort business relationship decisions.
Section 4

Step 4: provide remediation and engage stakeholders

Article 12 requires remediation where the company caused or jointly caused an actual adverse impact. If the impact was caused only by a business partner, the company may provide voluntary remediation and may use its influence over the business partner to support remediation.

Article 13 makes stakeholder engagement part of the due diligence process, not a communications add-on. Consultation is required when gathering information for identification, assessment, and prioritisation; when developing prevention, corrective, enhanced prevention, or enhanced corrective action plans; when deciding on suspension or termination; when adopting remediation measures; and, where appropriate, when developing monitoring indicators.

  • Remediation fields: affected rightsholders or environmental harm, company involvement, remedy type, responsible owner, timeline, stakeholder input, completion evidence, and follow-up.
  • Engagement fields: stakeholder group, consultation stage, information shared, additional information requested, response or written refusal rationale, barriers to participation, confidentiality or anonymity measures, and anti-retaliation safeguards.
  • Escalation: if effective stakeholder engagement is not reasonably possible, Article 13 points to additional consultation with experts who can provide credible insights.
  • Evidence: remediation approvals, remedy delivery records, stakeholder consultation notes, information packets, written refusal justifications, expert consultation records, and confidentiality safeguards.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 12 and 13 support the remediation duty for impacts caused or jointly caused by the company and the required points for meaningful stakeholder engagement.
Section 5

Step 5: run complaints, monitoring, communication, and evidence controls

Article 14 requires a notification mechanism and complaints procedure for legitimate concerns about actual or potential adverse impacts in the company's own operations, subsidiaries, or business partners in the chain of activities. The procedure must be fair, publicly available, accessible, predictable, and transparent, with confidentiality and anti-retaliation measures.

Articles 15 and 16 close the loop. Monitoring assesses implementation, adequacy, and effectiveness using qualitative and quantitative indicators where appropriate. Communication requires an annual website statement unless the Article 16 reporting exemption applies.

  • Complaints intake: affected persons, legitimate representatives, trade unions, workers' representatives, and experienced civil society organisations for environmental complaints can be eligible complainants under Article 14.
  • Complaint workflow: receive complaint or notification, protect confidentiality, assess whether founded, record reasons, meet at appropriate level where requested, identify Article 10, 11, or 12 follow-up, and communicate steps taken or planned where required.
  • Monitoring record: assessment date, significant-change trigger if any, indicators used, operations and business partners covered, measures tested, stakeholder information considered, findings, and updates to policy, impacts, or measures.
  • Communication record: annual statement owner, language check, publication date, balance-sheet-date deadline check, Article 16 exemption analysis if relying on CSRD-style sustainability reporting, and evidence linking public claims to monitored measures.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 14, 15, and 16 support complaint and notification mechanisms, periodic effectiveness monitoring, and public annual communication duties.
European Commission CSDDD overview
The Commission overview supports the page context that Directive (EU) 2024/1760 addresses adverse human rights and environmental impacts in companies' operations and global value chains.
Recommended next step

Turn CSDDD duties into a usable evidence register

Use this playbook to align each Article 7-16 step with accountable owners, impact records, stakeholder inputs, complaints, monitoring, and public communication evidence.

Research workflow
Open Research Copilot

Answer CSDDD implementation questions with cited source material.

Explore next step
Talk to Sorena
Discuss CSDDD implementation

Review CSDDD due diligence scope, evidence gaps, and implementation priorities with Sorena.

Explore next step
Primary sources

References and citations

European Commission CSDDD overview
commission.europa.eu
Referenced sections
  • The Commission overview supports the page context that Directive (EU) 2024/1760 addresses adverse human rights and environmental impacts in companies' operations and global value chains.
"identify and address adverse human rights and environmental impacts"
Related guides

Explore more topics

CSDDD adverse impact prioritisation workflow
A CSDDD workflow for identifying actual and potential adverse human rights and environmental impacts, ranking severity and likelihood, and documenting prevention, mitigation, remediation, and stakeholder evidence.
CSDDD Applicability Test: EU and Non-EU Company Scope
Test whether Directive (EU) 2024/1760 may apply to an EU or non-EU company using grounded CSDDD employee, turnover, group, franchise, royalty, exclusion, and phase-in checks.
CSDDD chain of activities and supplier due diligence
Explain CSDDD chain-of-activities scope, upstream and downstream boundaries, subsidiaries, direct and indirect business partners, supplier risk segmentation, and evidence.
CSDDD Chain of Activities Boundaries
Define CSDDD upstream and downstream chain of activities boundaries for subsidiaries, direct and indirect business partners, distribution, transport, storage, and records.
CSDDD chain of activities boundaries: upstream and downstream FAQ
FAQ on how the CSDDD defines chain of activities boundaries for subsidiaries, direct and indirect business partners, upstream activities, downstream logistics, and evidence.
CSDDD civil liability under Article 29: what companies should check
FAQ on CSDDD Article 29 civil liability: liability conditions, protected legal interests, causation, compensation, limitation periods, and evidence disclosure.
CSDDD Climate Transition Plan Requirements
Article 22 CSDDD guidance for climate transition plans: business model alignment, targets, actions, funding, governance, and 12-month progress updates.
CSDDD complaints and notifications FAQ
FAQ on Article 14 CSDDD complaint and notification mechanisms, who may complain, follow-up rights, confidentiality, retaliation, and evidence.
CSDDD compliance duties and evidence guide
A grounded CSDDD compliance guide covering due diligence policy, adverse impact identification, prevention, corrective action, complaints, monitoring, reporting, climate plans, and supervisory evidence.
CSDDD contractual assurances FAQ for Articles 10 and 11
How CSDDD Articles 10 and 11 use contractual assurances with business partners, verification, SME support, action plans, and suspension or termination escalation.
CSDDD deadlines and compliance calendar after Directive (EU) 2025/794
Current CSDDD calendar for transposition, application phases, Article 16 reporting exceptions, Commission guidance dates, and practical compliance evidence.
CSDDD due diligence checklist
A grounded CSDDD checklist for scope, due diligence policy, chain-of-activities risk mapping, impact prioritisation, action plans, complaints, monitoring, communication, climate planning, and evidence.
CSDDD FAQ: scope, dates, duties, liability, and evidence
Practical answers on CSDDD scope, current application dates, chain of activities, due diligence duties, complaints, remediation, civil liability, climate plans, and evidence.
CSDDD franchising and licensing scope FAQ
FAQ on when franchise or licensing networks can fall within Article 2 of the EU CSDDD, including royalties, turnover, EU and non-EU treatment, and evidence.
CSDDD grievance and remediation workflow guide
Build a CSDDD grievance, notification, stakeholder engagement, and remediation workflow around Articles 12, 13, and 14 of Directive (EU) 2024/1760.
CSDDD Liability and Penalties: enforcement, fines, and civil claims
A grounded guide to CSDDD supervisory enforcement, penalty mechanics, civil liability, compensation limits, evidence records, and national transposition caveats.
CSDDD non-EU turnover threshold FAQ
How non-EU companies should assess CSDDD scope using EU-generated turnover, group thresholds, authorised representative records, and competent authority evidence.
CSDDD Non-EU Turnover Thresholds and Scope Waves
Article 2 and Article 37 CSDDD scope guide for non-EU Union turnover, group routes, franchise and licensing routes, and current application dates after Directive (EU) 2025/794.
CSDDD Omnibus timing changes after Directive (EU) 2025/794
FAQ answer on current CSDDD Article 37 dates after Directive (EU) 2025/794 and how to separate adopted timing changes from proposal-stage Omnibus simplification.
CSDDD penalties and fines under Article 27
How CSDDD Article 27 sets penalty rules, turnover-based fine caps, public decision publication, supervisory authority powers, and national transposition caveats.
CSDDD prevention vs mitigation: potential and actual adverse impacts
CSDDD FAQ on when to prevent or mitigate potential adverse impacts, when to end or minimise actual adverse impacts, and what evidence records to keep.
CSDDD remediation FAQ: when companies must remedy adverse impacts
FAQ on CSDDD remediation: when Article 12 requires remedy, how complaints and stakeholder engagement affect the response, and what evidence to keep.
CSDDD Remediation Plan Template: Article 12, 13 and 14 evidence
A CSDDD remediation plan template for actual adverse impacts, complaint inputs, stakeholder engagement, action records, and monitoring evidence.
CSDDD requirements: scope, due diligence, climate plan, and evidence
A grounded map of the Corporate Sustainability Due Diligence Directive requirements across scope, due diligence policy, impact assessment, complaints, remediation, monitoring, communication, and climate transition planning.
CSDDD risk prioritisation FAQ: severity, likelihood, and evidence
How to prioritise CSDDD adverse impacts when teams cannot address everything at once, using severity, likelihood, stakeholder evidence, and a reviewable rationale.
CSDDD Scope Thresholds: EU, Non-EU, Group and Franchise Routes
Article 2 CSDDD scope thresholds for EU companies, non-EU Union turnover, ultimate-parent groups, franchise and licensing routes, consecutive-year tests, and evidence records.
CSDDD scope waves: current Article 37 dates and thresholds
FAQ on the current CSDDD phase-in after Directive (EU) 2025/794: 26 July 2028, 26 July 2029, Article 2 scope thresholds, and evidence to retain.
CSDDD Supplier Contract Clause Review Workflow
Review supplier contract clauses against CSDDD Articles 10 and 11: contractual assurances, verification, SME fairness, support, action plans, and escalation evidence.
CSDDD Supplier Contract Clauses: Articles 10 and 11 Evidence
How to use CSDDD supplier contract clauses without treating clauses as a substitute for due diligence: contractual assurances, verification, SME support, action plans, limits, and evidence.
CSDDD supplier human rights impact scoring template
A CSDDD supplier impact scoring template for Article 8 identification, Article 9 prioritisation, severity, likelihood, stakeholder input, chain-of-activities boundaries, and evidence records.
CSDDD transition plans FAQ: Article 22 climate plan requirements
FAQ on CSDDD Article 22 climate transition plans: targets, decarbonisation levers, investment and funding, governance, CSRD overlap, and evidence records.
CSDDD vs CSRD: Due Diligence and Reporting Compared
Compare CSDDD due diligence duties with CSRD sustainability reporting, including scope, timing, Article 16 reporting, evidence overlap, assurance, and enforcement.
CSDDD vs German LkSG Comparison
Compare the EU CSDDD with Germany's LkSG without mixing directive duties, national-law duties, chain boundaries, complaints, reporting, and enforcement routes.
CSDDD vs OECD Guidelines
Compare the binding EU CSDDD with the OECD Guidelines for responsible business conduct across scope, due diligence duties, business relationships, remediation, and evidence.
How CSDDD overlaps with OECD, UNGP, and ILO standards
FAQ on how OECD responsible business conduct guidance, the UN Guiding Principles, and ILO labour standards inform CSDDD due diligence without being the same legal instrument.