--- title: "CSDDD risk prioritisation FAQ: severity, likelihood, and evidence" canonical_url: "https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/risk-prioritisation" source_url: "https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/risk-prioritisation" author: "Sorena AI" description: "How to prioritise CSDDD adverse impacts when teams cannot address everything at once, using severity, likelihood, stakeholder evidence, and a reviewable rationale." published_at: "2026-05-09" updated_at: "2026-05-25" keywords: - "CSDDD risk prioritisation" - "EU Corporate Sustainability Due Diligence Directive" - "severity likelihood" - "adverse impacts" - "stakeholder evidence" - "CSDDD" - "risk prioritisation" - "severity" - "likelihood" - "stakeholder engagement" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # CSDDD risk prioritisation FAQ: severity, likelihood, and evidence How to prioritise CSDDD adverse impacts when teams cannot address everything at once, using severity, likelihood, stakeholder evidence, and a reviewable rationale. *FAQ* *CSDDD* *EU* ## CSDDD risk prioritisation how to rank adverse impacts by severity, likelihood, and evidence CSDDD prioritisation is allowed when a company cannot prevent, mitigate, end, or minimise all identified adverse impacts at the same time and to their full extent. Use severity, likelihood, stakeholder evidence, and a documented rationale to show why one impact was addressed before another. Under the EU Corporate Sustainability Due Diligence Directive, risk prioritisation is not a licence to ignore lower-ranked issues. It is a structured way to sequence identified actual and potential adverse human rights and environmental impacts when everything cannot be addressed immediately. ## When can CSDDD teams prioritise adverse impacts instead of addressing everything at once? Article 9 applies after Article 8 identification and assessment. If it is not feasible to prevent, mitigate, bring to an end, or minimise all identified adverse impacts at the same time and to their full extent, the company must prioritise the impacts so it can fulfil the prevention and mitigation duties in Articles 10 and 11. The priority order must be based on the severity and likelihood of the adverse impacts. After the most severe and most likely impacts have been addressed within a reasonable time, the company must move on to less severe and less likely impacts. - Start from identified actual and potential adverse human rights and environmental impacts, not from supplier spend, contract value, media exposure, or convenience. - Use prioritisation to sequence action when capacity, access, or timing prevents simultaneous full response. - Record when each lower-priority impact will be revisited so prioritisation does not become permanent deferral. Sources for this answer: - [Directive (EU) 2024/1760, Article 9 on prioritisation of adverse impacts](https://data.europa.eu/eli/dir/2024/1760/oj/eng?ref=sorena.io) - Article 9 states when prioritisation is used and requires the order to be based on severity and likelihood. - [EUR-Lex summary of Directive (EU) 2024/1760](https://data.europa.eu/eli/dir/2024/1760/oj/eng?ref=sorena.io) - The EUR-Lex summary describes the directive's requirement to identify impacts and prioritise addressing them based on severity and likelihood. ## How should teams score severity and likelihood for CSDDD prioritisation? Severity should focus on the impact on people or the environment. The CSDDD definition points to scale, scope, and irremediable character, including gravity, number of affected people, environmental extent, irreversibility, and limits on restoring affected people or the environment within a reasonable period. Likelihood should capture credible indicators that the impact has occurred or may occur, such as prior assessments, notifications, complaints, high-risk geographies, product or service risks, sector risks, business-model risks, or changed operating conditions. For human rights impacts, the rationale should not let low estimated probability bury an impact that would be severe or hard to remedy. - Severity fields: affected right or environmental interest, scale, scope, irremediability, affected groups, affected sites, and restoration limits. - Likelihood fields: known incidents, complaints, credible external reports, supplier or site assessment results, operating context, sector risk, product or service risk, and change triggers. - Outcome field: ranked priority tier, immediate action, action owner, planned follow-up for lower-ranked impacts, and the reason the ranking changed or stayed the same. Sources for this answer: - [Directive (EU) 2024/1760, severity definition and risk factors](https://data.europa.eu/eli/dir/2024/1760/oj/eng?ref=sorena.io) - Article 3 defines severity by scale, scope, and irremediable character and defines risk factors by severity and likelihood. - [OECD Due Diligence Guidance for Responsible Business Conduct](https://mneguidelines.oecd.org/?ref=sorena.io) - The OECD guidance supports prioritising the most significant risks and treating severity as especially important for human rights impacts. ## What stakeholder evidence belongs in a CSDDD prioritisation file? Stakeholder evidence should help test the company's view of severity and likelihood. Article 13 requires stakeholder consultation when gathering information to identify, assess, and prioritise adverse impacts, and again for prevention or corrective action plans, suspension or termination decisions, remediation, and monitoring indicators. The file should distinguish direct stakeholder evidence from expert input. If effective stakeholder engagement is not reasonably possible, the company should consult experts who can provide credible insight into actual or potential impacts. - Record who was consulted: employees, workers' representatives, affected communities, consumers, civil society organisations, environmental or human rights institutions, or legitimate representatives. - Record how barriers were handled: language, access, retaliation risk, confidentiality, anonymity, vulnerable groups, and overlapping vulnerabilities. - Record what changed: priority score, action plan, indicator, escalation, or explanation for why stakeholder evidence did not change the ranking. Sources for this answer: - [Directive (EU) 2024/1760, Article 13 on meaningful stakeholder engagement](https://data.europa.eu/eli/dir/2024/1760/oj/eng?ref=sorena.io) - Article 13 requires consultation when gathering information to identify, assess, and prioritise impacts and sets safeguards for effective engagement. - [OECD Due Diligence Guidance for Responsible Business Conduct](https://mneguidelines.oecd.org/?ref=sorena.io) - The OECD guidance supports using stakeholder feedback and direct consultation to understand and track adverse impacts. ## What makes a CSDDD prioritisation rationale audit-ready? An audit-ready rationale should let a reviewer trace the decision from identified impact to priority ranking to action. It should explain why the selected impacts were treated first, which evidence was used, which stakeholders or experts informed the assessment, and when lower-ranked impacts will be addressed. The rationale should also separate prioritisation from response design. Articles 10 and 11 ask different questions after prioritisation, including whether the company caused, jointly caused, or is linked to the impact, where the impact occurs in the chain of activities, and what influence the company can exercise. - Impact record: description, actual or potential status, affected people or environmental area, activity, subsidiary, direct or indirect business partner, and chain-of-activities location. - Priority record: severity analysis, likelihood analysis, stakeholder or expert evidence, missing information, assumptions, and the reason for the final rank. - Action record: prevention, mitigation, ending, minimisation, remediation, business partner engagement, contractual assurance, verification, support to SMEs, or escalation path. - Review record: monitoring indicator, responsible owner, next review event, and evidence showing less severe or less likely impacts are not forgotten. Sources for this answer: - [Directive (EU) 2024/1760, Articles 9 to 11 on prioritisation and response](https://data.europa.eu/eli/dir/2024/1760/oj/eng?ref=sorena.io) - Articles 9 to 11 connect priority ranking to prevention, mitigation, bringing actual impacts to an end, and minimising impacts. - [OECD Due Diligence Guidance for Responsible Business Conduct](https://mneguidelines.oecd.org/?ref=sorena.io) - The OECD guidance supports risk-based due diligence, prioritising the most significant risks where immediate action on every impact is not possible, and then moving to less significant impacts. ## Primary sources - [Directive (EU) 2024/1760 on corporate sustainability due diligence](https://data.europa.eu/eli/dir/2024/1760/oj/eng?ref=sorena.io) - Primary legal text for CSDDD Article 9 prioritisation, severity and likelihood definitions, stakeholder engagement, and response obligations. - Quote: "severity and likelihood" - [EUR-Lex summary of Directive (EU) 2024/1760](https://data.europa.eu/eli/dir/2024/1760/oj/eng?ref=sorena.io) - Public EU summary confirming that companies identify impacts and prioritise addressing them by severity and likelihood. - Quote: "severity and likelihood" - [OECD Due Diligence Guidance for Responsible Business Conduct](https://mneguidelines.oecd.org/?ref=sorena.io) - OECD due diligence source supporting risk-based sequencing where immediate action on every impact is not possible. - Quote: "risk-based" ## Topic Guides - [CSDDD adverse impact prioritisation workflow](/artifacts/eu/corporate-sustainability-due-diligence-directive/adverse-impact-prioritisation-workflow.md): A CSDDD workflow for identifying actual and potential adverse human rights and environmental impacts, ranking severity and likelihood, and documenting prevention, mitigation, remediation, and stakeholder evidence. - [CSDDD Applicability Test: EU and Non-EU Company Scope](/artifacts/eu/corporate-sustainability-due-diligence-directive/applicability-test.md): Test whether Directive (EU) 2024/1760 may apply to an EU or non-EU company using grounded CSDDD employee, turnover, group, franchise, royalty, exclusion, and phase-in checks. - [CSDDD chain of activities and supplier due diligence](/artifacts/eu/corporate-sustainability-due-diligence-directive/chain-of-activities-and-suppliers.md): Explain CSDDD chain-of-activities scope, upstream and downstream boundaries, subsidiaries, direct and indirect business partners, supplier risk segmentation, and evidence. - [CSDDD Chain of Activities Boundaries](/artifacts/eu/corporate-sustainability-due-diligence-directive/chain-of-activities-boundaries.md): Define CSDDD upstream and downstream chain of activities boundaries for subsidiaries, direct and indirect business partners, distribution, transport, storage, and records. - [CSDDD chain of activities boundaries: upstream and downstream FAQ](/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/chain-of-activities-boundaries.md): FAQ on how the CSDDD defines chain of activities boundaries for subsidiaries, direct and indirect business partners, upstream activities, downstream logistics, and evidence. - [CSDDD civil liability under Article 29: what companies should check](/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/civil-liability.md): FAQ on CSDDD Article 29 civil liability: liability conditions, protected legal interests, causation, compensation, limitation periods, and evidence disclosure. - [CSDDD Climate Transition Plan Requirements](/artifacts/eu/corporate-sustainability-due-diligence-directive/climate-transition-plan.md): Article 22 CSDDD guidance for climate transition plans: business model alignment, targets, actions, funding, governance, and 12-month progress updates. - [CSDDD complaints and notifications FAQ](/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/complaints.md): FAQ on Article 14 CSDDD complaint and notification mechanisms, who may complain, follow-up rights, confidentiality, retaliation, and evidence. - [CSDDD compliance duties and evidence guide](/artifacts/eu/corporate-sustainability-due-diligence-directive/compliance.md): A grounded CSDDD compliance guide covering due diligence policy, adverse impact identification, prevention, corrective action, complaints, monitoring, reporting, climate plans, and supervisory evidence. - [CSDDD contractual assurances FAQ for Articles 10 and 11](/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/contractual-assurances.md): How CSDDD Articles 10 and 11 use contractual assurances with business partners, verification, SME support, action plans, and suspension or termination escalation. - [CSDDD deadlines and compliance calendar after Directive (EU) 2025/794](/artifacts/eu/corporate-sustainability-due-diligence-directive/deadlines-and-compliance-calendar.md): Current CSDDD calendar for transposition, application phases, Article 16 reporting exceptions, Commission guidance dates, and practical compliance evidence. - [CSDDD due diligence checklist](/artifacts/eu/corporate-sustainability-due-diligence-directive/checklist.md): A grounded CSDDD checklist for scope, due diligence policy, chain-of-activities risk mapping, impact prioritisation, action plans, complaints, monitoring, communication, climate planning, and evidence. - [CSDDD Due Diligence Steps Playbook for Articles 5 and 7-16](/artifacts/eu/corporate-sustainability-due-diligence-directive/due-diligence-steps-playbook.md): A grounded playbook for the CSDDD due diligence sequence: policy integration, impact assessment, prioritisation, prevention, correction, remediation, stakeholder engagement, complaints, monitoring, communication, and evidence. - [CSDDD FAQ: scope, dates, duties, liability, and evidence](/artifacts/eu/corporate-sustainability-due-diligence-directive/faq.md): Practical answers on CSDDD scope, current application dates, chain of activities, due diligence duties, complaints, remediation, civil liability, climate plans, and evidence. - [CSDDD franchising and licensing scope FAQ](/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/franchising.md): FAQ on when franchise or licensing networks can fall within Article 2 of the EU CSDDD, including royalties, turnover, EU and non-EU treatment, and evidence. - [CSDDD grievance and remediation workflow guide](/artifacts/eu/corporate-sustainability-due-diligence-directive/grievance-and-remediation-workflows.md): Build a CSDDD grievance, notification, stakeholder engagement, and remediation workflow around Articles 12, 13, and 14 of Directive (EU) 2024/1760. - [CSDDD Liability and Penalties: enforcement, fines, and civil claims](/artifacts/eu/corporate-sustainability-due-diligence-directive/liability-and-penalties.md): A grounded guide to CSDDD supervisory enforcement, penalty mechanics, civil liability, compensation limits, evidence records, and national transposition caveats. - [CSDDD non-EU turnover threshold FAQ](/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/non-eu-turnover.md): How non-EU companies should assess CSDDD scope using EU-generated turnover, group thresholds, authorised representative records, and competent authority evidence. - [CSDDD Non-EU Turnover Thresholds and Scope Waves](/artifacts/eu/corporate-sustainability-due-diligence-directive/scope-waves-and-non-eu-turnover.md): Article 2 and Article 37 CSDDD scope guide for non-EU Union turnover, group routes, franchise and licensing routes, and current application dates after Directive (EU) 2025/794. - [CSDDD Omnibus timing changes after Directive (EU) 2025/794](/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/omnibus-current-date-changes.md): FAQ answer on current CSDDD Article 37 dates after Directive (EU) 2025/794 and how to separate adopted timing changes from proposal-stage Omnibus simplification. - [CSDDD penalties and fines under Article 27](/artifacts/eu/corporate-sustainability-due-diligence-directive/penalties-and-fines.md): How CSDDD Article 27 sets penalty rules, turnover-based fine caps, public decision publication, supervisory authority powers, and national transposition caveats. - [CSDDD prevention vs mitigation: potential and actual adverse impacts](/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/prevention-vs-mitigation.md): CSDDD FAQ on when to prevent or mitigate potential adverse impacts, when to end or minimise actual adverse impacts, and what evidence records to keep. - [CSDDD remediation FAQ: when companies must remedy adverse impacts](/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/remediation.md): FAQ on CSDDD remediation: when Article 12 requires remedy, how complaints and stakeholder engagement affect the response, and what evidence to keep. - [CSDDD Remediation Plan Template: Article 12, 13 and 14 evidence](/artifacts/eu/corporate-sustainability-due-diligence-directive/remediation-plan-template.md): A CSDDD remediation plan template for actual adverse impacts, complaint inputs, stakeholder engagement, action records, and monitoring evidence. - [CSDDD requirements: scope, due diligence, climate plan, and evidence](/artifacts/eu/corporate-sustainability-due-diligence-directive/requirements.md): A grounded map of the Corporate Sustainability Due Diligence Directive requirements across scope, due diligence policy, impact assessment, complaints, remediation, monitoring, communication, and climate transition planning. - [CSDDD Scope Thresholds: EU, Non-EU, Group and Franchise Routes](/artifacts/eu/corporate-sustainability-due-diligence-directive/scope-thresholds-and-in-scope-groups.md): Article 2 CSDDD scope thresholds for EU companies, non-EU Union turnover, ultimate-parent groups, franchise and licensing routes, consecutive-year tests, and evidence records. - [CSDDD scope waves: current Article 37 dates and thresholds](/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/scope-waves.md): FAQ on the current CSDDD phase-in after Directive (EU) 2025/794: 26 July 2028, 26 July 2029, Article 2 scope thresholds, and evidence to retain. - [CSDDD Supplier Contract Clause Review Workflow](/artifacts/eu/corporate-sustainability-due-diligence-directive/supplier-contract-clause-review-workflow.md): Review supplier contract clauses against CSDDD Articles 10 and 11: contractual assurances, verification, SME fairness, support, action plans, and escalation evidence. - [CSDDD Supplier Contract Clauses: Articles 10 and 11 Evidence](/artifacts/eu/corporate-sustainability-due-diligence-directive/supplier-contract-clauses.md): How to use CSDDD supplier contract clauses without treating clauses as a substitute for due diligence: contractual assurances, verification, SME support, action plans, limits, and evidence. - [CSDDD supplier human rights impact scoring template](/artifacts/eu/corporate-sustainability-due-diligence-directive/supplier-human-rights-risk-scoring-template.md): A CSDDD supplier impact scoring template for Article 8 identification, Article 9 prioritisation, severity, likelihood, stakeholder input, chain-of-activities boundaries, and evidence records. - [CSDDD transition plans FAQ: Article 22 climate plan requirements](/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/transition-plans.md): FAQ on CSDDD Article 22 climate transition plans: targets, decarbonisation levers, investment and funding, governance, CSRD overlap, and evidence records. - [CSDDD vs CSRD: Due Diligence and Reporting Compared](/artifacts/eu/corporate-sustainability-due-diligence-directive/csddd-vs-csrd.md): Compare CSDDD due diligence duties with CSRD sustainability reporting, including scope, timing, Article 16 reporting, evidence overlap, assurance, and enforcement. - [CSDDD vs German LkSG Comparison](/artifacts/eu/corporate-sustainability-due-diligence-directive/csddd-vs-german-lksg.md): Compare the EU CSDDD with Germany's LkSG without mixing directive duties, national-law duties, chain boundaries, complaints, reporting, and enforcement routes. - [CSDDD vs OECD Guidelines](/artifacts/eu/corporate-sustainability-due-diligence-directive/csddd-vs-oecd-guidelines.md): Compare the binding EU CSDDD with the OECD Guidelines for responsible business conduct across scope, due diligence duties, business relationships, remediation, and evidence. - [How CSDDD overlaps with OECD, UNGP, and ILO standards](/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/oecd-ungp-and-ilo-overlap.md): FAQ on how OECD responsible business conduct guidance, the UN Guiding Principles, and ILO labour standards inform CSDDD due diligence without being the same legal instrument. *Recommended next step* *Placement: after prioritisation evidence section* ## Turn CSDDD prioritisation into a reviewable evidence file Use Sorena to connect CSDDD impact records, stakeholder evidence, severity and likelihood rationale, and follow-up actions before decisions are challenged. - [Open Research Copilot](/solutions/research-copilot.md): Check CSDDD prioritisation questions against cited source material. - [Discuss CSDDD implementation](/contact.md): Review impact ranking, source evidence, and implementation records with Sorena. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/faq/risk-prioritisation