CSDDD prevention vs mitigation: potential and actual adverse impacts
When should suspension, termination, or disengagement be considered?
Articles 10 and 11 treat suspension or termination as last-resort measures, not the first response. For potential impacts that cannot be prevented or adequately mitigated, an enhanced prevention action plan may use or increase leverage through temporary suspension if there is a reasonable expectation that the effort will succeed. If there is no such expectation, or if the enhanced plan fails and the potential adverse impact is severe, termination may be required where the law governing the relationship allows it.
For actual impacts, the parallel last-resort route is an enhanced corrective action plan and, where necessary, termination if the actual adverse impact is severe. Before suspension or termination, the company must assess whether the adverse impacts of doing so can reasonably be expected to be manifestly more severe than the impact that could not be addressed.
Record why ordinary Article 10 or Article 11 measures were insufficient.
Record the enhanced prevention or corrective action plan and its timeline.
Assess expected adverse impacts of suspension or termination before acting.
Provide reasonable notice to the business partner when suspension or termination is chosen.
Keep the decision under review and continue monitoring where the relationship is not suspended or terminated.
Articles 10(6) and 11(7) set last-resort steps for severe unresolved potential or actual impacts, including enhanced action plans, suspension, termination, notice, and review.
CSDDD prevention vs mitigation: potential and actual adverse impacts
What evidence records should be kept?
The useful record is an impact file, not a generic memo. It should let a reviewer see the identified impact, the Article 10 or Article 11 classification, the prioritisation basis, stakeholder input, measures selected, implementation status, and monitoring result.
Article 15 requires periodic assessments of operations and measures, including subsidiaries and relevant business partners, to monitor the adequacy and effectiveness of identification, prevention, mitigation, bringing to an end, and minimisation. Those assessments should be based where appropriate on qualitative and quantitative indicators and be updated after significant changes, at least every 12 months, and when reasonable grounds indicate new risks may arise.
Impact register entry with potential or actual status and Article 8 mapping evidence.
Severity, likelihood, and prioritisation rationale under Article 9.
Prevention action plan or corrective action plan, including timelines and indicators.
Contractual assurances, verification records, SME support records, and operational-change evidence.
Stakeholder engagement notes for information gathering, plan development, termination or suspension decisions, remediation, and monitoring indicators.
Complaint and notification records, including founded or unfounded outcomes and actions taken or planned.
Periodic assessment record showing effectiveness, updates after significant changes, and open residual issues.
Articles 13 to 15 support stakeholder-engagement, complaints, notification, and monitoring records for prevention, mitigation, ending impacts, and minimising their extent.
CSDDD remediation FAQ: when companies must remedy adverse impacts
When does the CSDDD require remediation?
The mandatory remediation trigger is narrow: the company must provide remediation when it has caused or jointly caused an actual adverse impact. The directive describes remediation as restoring affected persons, communities, or the environment to a situation equivalent or as close as possible to the one that would have existed without the impact, proportionate to the company's implication.
Do not treat every supplier incident as an automatic company-funded remedy. If the actual adverse impact was caused only by a business partner, the company may provide voluntary remediation and may use its influence over that business partner to enable remediation.
Mandatory: the company caused or jointly caused the actual adverse impact.
Voluntary or leverage-based: only the business partner caused the actual adverse impact.
Not enough by itself: a potential impact, a weak allegation, or a general supply-chain risk without an identified actual adverse impact.
Remediation can include financial or non-financial compensation and, where applicable, reimbursement of public-authority remedial costs.
Article 12 sets the mandatory remediation trigger and distinguishes company-caused or jointly caused impacts from impacts caused only by a business partner.
CSDDD remediation FAQ: when companies must remedy adverse impacts
How should teams decide whether the company caused or jointly caused the impact?
Start with the factual link between the company's own operations, its subsidiaries, and business partners in the chain of activities. The remediation file should explain what happened, who was affected, which activity or omission created the harm, and whether the company was one of the causes.
For a jointly caused impact, the remedy should be proportionate to the company's implication. For a business-partner-only impact, the file should explain what leverage is available, what the company asked the partner to do, and whether voluntary support is appropriate.
Record the actual impact, location, affected persons, communities, workers, or environmental resource.
Map the company activity, subsidiary activity, or business-partner activity linked to the impact.
State the causation view: caused by the company, jointly caused, caused only by a business partner, or still unresolved.
Define the remediation measure, the affected-stakeholder engagement step, the owner, and the follow-up date.
Keep the analysis separate from civil-liability conclusions, which depend on national law and Article 29 conditions.
CSDDD remediation FAQ: when companies must remedy adverse impacts
How do complaints and affected stakeholders change the remediation response?
Complaints are a remediation input, not just a mailbox. Article 14 requires companies to enable complaints from affected persons, people with reasonable grounds to believe they may be affected, their legitimate representatives, relevant trade unions or workers' representatives, and experienced civil-society organisations for environmental impacts.
If a complaint is well founded, the adverse impact is treated as identified and the company must take the relevant measures under the directive, including remediation where Article 12 applies. Complainants can request follow-up, meet company representatives about severe impacts and potential remediation, and receive reasons for a founded or unfounded decision.
Make the complaints procedure fair, public, accessible, predictable, and transparent.
Protect confidentiality and take reasonably available steps to prevent retaliation against complainants or notifying persons.
Do not require a complaint or notification before affected persons can use supervisory-authority procedures, civil-liability procedures, or other non-judicial mechanisms.
When adopting remediation measures, consult relevant stakeholders under Article 13 and address barriers to engagement.
CSDDD remediation FAQ: when companies must remedy adverse impacts
What evidence should teams keep for CSDDD remediation?
The evidence should let a later reviewer see why remediation was required, what was done, and what was left outside the remedy. Recital 61 says compliance documentation should include remediation measures, periodic assessments, notifications, and complaints where relevant.
Keep enough detail to support the causation view and the remedy design without turning the file into unsupported legal conclusions. The most useful record is a compact remediation log tied to the underlying impact assessment, complaint file, stakeholder consultation, and implementation proof.
Impact record: actual impact, affected stakeholders, date discovered, source of discovery, and chain-of-activities link.
Causation record: caused, jointly caused, business-partner-only, or unresolved, with reasons and evidence.
Complaint record: complainant category, confidentiality handling, follow-up, meeting notes where applicable, outcome, and reasons.
Stakeholder record: who was consulted, information shared, barriers addressed, refusal reasons for additional information if any, and retaliation safeguards.
CSDDD remediation FAQ: when companies must remedy adverse impacts
What are the limits of remediation under the CSDDD?
Remediation under Article 12 does not supersede every other route to remedy. Affected stakeholders do not have to seek company remediation before bringing claims in court, and a company complaint procedure does not block access to supervisory-authority, judicial, or other non-judicial mechanisms.
Civil liability is a separate question. Article 29 says a company cannot be held liable if damage was caused only by its business partners in its chain of activities, and full compensation under the directive must not lead to punitive, multiple, or other overcompensation.
Do not promise that the company complaint procedure is the exclusive remedy route.
Do not present voluntary remediation for a business-partner-only impact as an admission that Article 12 required company remediation.
Do not use remediation language to hide unresolved prevention, mitigation, or corrective-action duties.
Do not publish penalty amounts or damages thresholds unless they are supported by the applicable national transposition and the source file.
Recital 58 and Articles 14 and 29 support the limits: remediation is not a precondition to court claims, complaints do not block other mechanisms, and civil liability has separate conditions.
CSDDD risk prioritisation FAQ: severity, likelihood, and evidence
When can CSDDD teams prioritise adverse impacts instead of addressing everything at once?
Article 9 applies after Article 8 identification and assessment. If it is not feasible to prevent, mitigate, bring to an end, or minimise all identified adverse impacts at the same time and to their full extent, the company must prioritise the impacts so it can fulfil the prevention and mitigation duties in Articles 10 and 11.
The priority order must be based on the severity and likelihood of the adverse impacts. After the most severe and most likely impacts have been addressed within a reasonable time, the company must move on to less severe and less likely impacts.
Start from identified actual and potential adverse human rights and environmental impacts, not from supplier spend, contract value, media exposure, or convenience.
Use prioritisation to sequence action when capacity, access, or timing prevents simultaneous full response.
Record when each lower-priority impact will be revisited so prioritisation does not become permanent deferral.
CSDDD risk prioritisation FAQ: severity, likelihood, and evidence
How should teams score severity and likelihood for CSDDD prioritisation?
Severity should focus on the impact on people or the environment. The CSDDD definition points to scale, scope, and irremediable character, including gravity, number of affected people, environmental extent, irreversibility, and limits on restoring affected people or the environment within a reasonable period.
Likelihood should capture credible indicators that the impact has occurred or may occur, such as prior assessments, notifications, complaints, high-risk geographies, product or service risks, sector risks, business-model risks, or changed operating conditions. For human rights impacts, the rationale should not let low estimated probability bury an impact that would be severe or hard to remedy.
Severity fields: affected right or environmental interest, scale, scope, irremediability, affected groups, affected sites, and restoration limits.
Likelihood fields: known incidents, complaints, credible external reports, supplier or site assessment results, operating context, sector risk, product or service risk, and change triggers.
Outcome field: ranked priority tier, immediate action, action owner, planned follow-up for lower-ranked impacts, and the reason the ranking changed or stayed the same.
CSDDD risk prioritisation FAQ: severity, likelihood, and evidence
What stakeholder evidence belongs in a CSDDD prioritisation file?
Stakeholder evidence should help test the company's view of severity and likelihood. Article 13 requires stakeholder consultation when gathering information to identify, assess, and prioritise adverse impacts, and again for prevention or corrective action plans, suspension or termination decisions, remediation, and monitoring indicators.
The file should distinguish direct stakeholder evidence from expert input. If effective stakeholder engagement is not reasonably possible, the company should consult experts who can provide credible insight into actual or potential impacts.
Record who was consulted: employees, workers' representatives, affected communities, consumers, civil society organisations, environmental or human rights institutions, or legitimate representatives.
Record how barriers were handled: language, access, retaliation risk, confidentiality, anonymity, vulnerable groups, and overlapping vulnerabilities.
Record what changed: priority score, action plan, indicator, escalation, or explanation for why stakeholder evidence did not change the ranking.
CSDDD risk prioritisation FAQ: severity, likelihood, and evidence
What makes a CSDDD prioritisation rationale audit-ready?
An audit-ready rationale should let a reviewer trace the decision from identified impact to priority ranking to action. It should explain why the selected impacts were treated first, which evidence was used, which stakeholders or experts informed the assessment, and when lower-ranked impacts will be addressed.
The rationale should also separate prioritisation from response design. Articles 10 and 11 ask different questions after prioritisation, including whether the company caused, jointly caused, or is linked to the impact, where the impact occurs in the chain of activities, and what influence the company can exercise.
Impact record: description, actual or potential status, affected people or environmental area, activity, subsidiary, direct or indirect business partner, and chain-of-activities location.
Priority record: severity analysis, likelihood analysis, stakeholder or expert evidence, missing information, assumptions, and the reason for the final rank.
Action record: prevention, mitigation, ending, minimisation, remediation, business partner engagement, contractual assurance, verification, support to SMEs, or escalation path.
Review record: monitoring indicator, responsible owner, next review event, and evidence showing less severe or less likely impacts are not forgotten.
The OECD guidance supports risk-based due diligence, prioritising the most significant risks where immediate action on every impact is not possible, and then moving to less significant impacts.
CSDDD scope waves: current Article 37 dates and thresholds
What are the current CSDDD scope waves after Directive (EU) 2025/794?
The current CSDDD phase-in is no longer the original 26 July 2027, 26 July 2028, and 26 July 2029 sequence. Directive (EU) 2025/794 amended Article 37 so Member States must transpose by 26 July 2027 and apply the national measures from 26 July 2028 for the larger wave and from 26 July 2029 for all other in-scope companies.
For the 26 July 2028 wave, Article 37 covers EU companies and EU-parent groups in Article 2(1), points (a) and (b), that had more than 3,000 employees on average and more than EUR 900 million net worldwide turnover in the relevant financial year. It also covers third-country companies and groups in Article 2(2), points (a) and (b), that generated more than EUR 900 million net turnover in the Union.
26 July 2027: Member States' transposition deadline under the amended Article 37 text.
26 July 2028: first application wave for the larger EU and third-country Article 2(1)(a)-(b) and Article 2(2)(a)-(b) cohorts above the EUR 900 million threshold.
26 July 2029: application for all other companies in Article 2(1)(a)-(b), Article 2(2)(a)-(b), and the franchise or licensing categories in Article 2(1)(c) and Article 2(2)(c).
Article 16 communication duties are delayed separately: financial years starting on or after 1 January 2029 for the 2028 wave, and financial years starting on or after 1 January 2030 for the 2029 wave.
CSDDD scope waves: current Article 37 dates and thresholds
Which companies move into the 26 July 2029 CSDDD wave?
The 26 July 2029 wave is the catch-up wave for companies that are in Article 2 scope but are not in the larger 26 July 2028 EUR 900 million cohorts. For EU companies, the main Article 2(1)(a) threshold remains more than 1,000 employees on average and more than EUR 450 million net worldwide turnover. Ultimate parent companies of groups meeting those thresholds are also covered.
The 2029 wave also includes the CSDDD franchise and licensing categories. For EU companies or groups, Article 2(1)(c) uses royalties above EUR 22.5 million and net worldwide turnover above EUR 80 million where the arrangements involve a common identity, business concept, and uniform business methods. For third-country companies or groups, Article 2(2)(c) uses the same royalty amount in the Union and an EU net turnover threshold above EUR 80 million.
EU company threshold: more than 1,000 employees on average and more than EUR 450 million net worldwide turnover.
Third-country company threshold: more than EUR 450 million net turnover generated in the Union.
EU and non-EU parent groups can be in scope when the group reaches the relevant Article 2 threshold on a consolidated basis.
Franchise or licensing categories can be in scope even when the main employee-and-turnover test is not met.
Supports that all other Article 2 in-scope companies move to the 26 July 2029 application date, with Article 16 from financial years starting on or after 1 January 2030.
CSDDD scope waves: current Article 37 dates and thresholds
How should a company check its CSDDD wave?
Start with Article 2 scope, then apply Article 37 timing. A company outside Article 2 is not pulled in merely because a business partner asks for CSDDD information. A company inside Article 2 still needs the amended Article 37 test to identify whether its first application date is 26 July 2028 or 26 July 2029.
Keep the EU and third-country tests separate. EU companies use employee and net worldwide turnover thresholds. Third-country companies use net turnover generated in the Union, and no employee threshold is listed for the main Article 2(2)(a) test.
Classify the entity: EU company, EU ultimate parent group, third-country company, third-country ultimate parent group, or franchise/licensing category.
Measure the relevant Article 2 threshold using the financial year specified for that category.
Check whether the company reaches the larger 26 July 2028 wave: EU Article 2(1)(a)-(b) companies need more than 3,000 employees and more than EUR 900 million net worldwide turnover; third-country Article 2(2)(a)-(b) companies need more than EUR 900 million net turnover in the Union.
If the company is in Article 2 scope but not in the 2028 wave, treat 26 July 2029 as the application date for the due diligence measures.
CSDDD scope waves: current Article 37 dates and thresholds
What evidence should teams retain for CSDDD scope waves?
Retain evidence that lets a reviewer reconstruct both parts of the analysis: why the company is or is not within Article 2, and why the selected application date follows from the amended Article 37 text. The record should not rely on the superseded 26 July 2027 first-wave date from the original directive text.
The evidence file should be refreshed when consolidated group numbers, EU turnover, franchise or licensing royalties, or national transposition rules change.
Article 2 scope memo identifying the tested entity, group relationship, EU or third-country status, financial year, employee count where relevant, net turnover measure, and franchise or licensing royalty amount where relevant.
Article 37 wave conclusion naming 26 July 2028 or 26 July 2029 and explaining why the company is or is not in the larger EUR 900 million wave.
Article 16 note showing whether communication duties start for financial years beginning on or after 1 January 2029 or 1 January 2030.
Source extracts from Directive (EU) 2024/1760 and Directive (EU) 2025/794, with the date when the legal team last checked the current consolidated text.
Owner and review trigger list for annual financial statement adoption, group restructuring, EU turnover changes, and material changes to franchise or licensing arrangements.
CSDDD scope waves: current Article 37 dates and thresholds
What mistake should teams avoid with CSDDD scope waves?
The main mistake is using the original Directive (EU) 2024/1760 phase-in schedule as if it were still current. That can incorrectly leave a 26 July 2027 first wave in calendars and supplier requests. Current planning should use the Article 37 wording amended by Directive (EU) 2025/794.
A second mistake is blending CSDDD scope with CSRD reporting waves or supplier due diligence requests. CSDDD scope waves are based on Article 2 CSDDD categories and Article 37 CSDDD application dates. A smaller supplier may still receive information requests from an in-scope customer, but that is not the same as being directly in CSDDD scope.
Do not describe the 2025 changes as only proposal-stage when relying on Directive (EU) 2025/794 for current Article 37 timing.
Do not apply the EU employee threshold to the main third-country company test in Article 2(2)(a).
Do not treat Article 16 communication dates as identical to the due diligence measure application dates.
Do not cite old phase-in dates without marking them as superseded by the amended Article 37 text.
Provides background on the proposal that led to postponing the CSDDD transposition deadline and first application wave; use the adopted directive for the current rule.
CSDDD transition plans FAQ: Article 22 climate plan requirements
What does CSDDD Article 22 require for climate transition plans?
Article 22 requires covered companies to adopt and put into effect a transition plan for climate change mitigation. The plan must aim, through best efforts, to make the company's business model and strategy compatible with the transition to a sustainable economy, the 1.5 C Paris Agreement pathway, and the EU climate-neutrality objective under the European Climate Law.
The plan is not only a disclosure label. Its design must include targets, the actions and levers for reaching those targets, the investments and funding that support implementation, and the role of the company's administrative, management, and supervisory bodies.
Start by confirming whether the company is within the CSDDD company-scope provisions referenced in Article 22.
Connect the plan to the company's business model and strategy, not only to a standalone climate policy.
Record any relevant exposure to coal-, oil-, and gas-related activities because Article 22 calls out that exposure where relevant.
Keep the transition plan current: Article 22 requires an update every 12 months with progress against the climate targets.
Article 22 is the binding CSDDD source for the climate transition-plan obligation, required plan contents, CSRD adoption overlap, and 12-month update requirement.
The Commission page summarises CSDDD as requiring large companies to address adverse human rights and environmental impacts and to adopt a climate transition plan aligned with EU climate objectives.
CSDDD transition plans FAQ: Article 22 climate plan requirements
Which targets belong in a CSDDD transition plan?
The plan should include time-bound climate targets for 2030 and then in five-year steps up to 2050. Article 22 says these targets must be based on conclusive scientific evidence.
Where appropriate, the plan should include absolute greenhouse-gas emission reduction targets for Scope 1, Scope 2, and Scope 3 emissions for each significant category. Teams should therefore avoid targets that cannot be traced to a baseline, emissions boundary, target year, and significant emissions category.
CSDDD transition plans FAQ: Article 22 climate plan requirements
What are decarbonisation levers under Article 22?
Article 22 requires a description of the decarbonisation levers identified and the key actions planned to reach the climate targets. In practice, that means the plan should identify how emissions are expected to fall, who owns each lever, and which operational decision makes the lever real.
The Directive gives examples rather than an exhaustive list: changes in the company's product and service portfolio and adoption of new technologies may be relevant. Other levers should still be documented only where the company's evidence supports them.
Product and service portfolio changes, including the business-unit owner and affected revenue or offering category.
New technology adoption, including deployment assumptions, dependencies, and expected emissions effect.
Operational process, facility, infrastructure, purchasing, or distribution changes when they support the transition plan targets.
Dependencies and constraints, especially where target delivery depends on suppliers, customers, infrastructure, or technology availability.
Article 22 requires transition plans to describe identified decarbonisation levers and key actions, including product or service portfolio changes and new technologies where appropriate.
CSDDD transition plans FAQ: Article 22 climate plan requirements
How should investment, funding, and governance be explained?
Article 22 requires an explanation and quantification of the investments and funding supporting the transition plan. A useful plan should therefore link each material lever to the capital, operating spend, financing, or budget line that makes implementation credible.
The plan also needs to describe the role of administrative, management, and supervisory bodies. That should cover who approves the plan, who monitors progress, who receives escalation when targets or levers are off track, and how updates are reviewed before publication or reporting.
Investment register: lever, amount or quantified range, timing, funding source, owner, dependency, and status.
Funding explanation: whether the plan depends on internal budgets, external financing, supplier support, or other funding arrangements.
Governance record: board or management body agenda, approval minutes, review materials, and progress dashboards.
Escalation record: target misses, delayed investments, changed assumptions, and decisions taken by the responsible body.
Article 22 requires quantified investment and funding explanations and a description of administrative, management, and supervisory body roles in the climate transition plan.