CSDDDLiability and penaltiesEU

CSDDD liability and penalties without fixed-fine guesswork

Use this page to separate CSDDD supervisory enforcement, national penalty rules, and civil liability claims.

It focuses on what Directive (EU) 2024/1760 says, what amended timing affects, and which evidence records help a company explain its due diligence decisions.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
5

Structured answer sets in this page tree.

Primary sources
2

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

CSDDD liability and penalties are not a single EU fine table. Directive (EU) 2024/1760 requires Member States to designate supervisory authorities, set effective penalties in national law, and provide civil-liability routes for certain damage linked to failures to prevent or bring adverse impacts to an end. Companies should therefore track both the EU-level minimum rules and the national transposition measures that will apply to their competent authority, procedure, sanctions, limitation periods, and court practice.

Section 1

Supervisory enforcement under CSDDD

Member States must designate one or more supervisory authorities for CSDDD. For EU companies, the competent authority is generally tied to the Member State of the registered office. For non-EU companies, competence is tied to the Member State of a branch, or, if there is no branch or branches are in several Member States, the Member State where the company generated the most EU turnover in the relevant reference period.

Supervisory authorities must have powers and resources to request information and conduct investigations on compliance with the national rules transposing CSDDD due diligence obligations. They may start investigations on their own initiative or after substantiated concerns are submitted by natural or legal persons.

Where a failure is identified, the authority must grant an appropriate period for remedial action if such action is possible. That does not block penalties or civil liability: remedial action can sit alongside Article 27 penalties and Article 29 liability analysis.

  • Authority powers: require information, investigate, inspect under national law, order infringements to cease, order non-repetition, require proportionate remediation where appropriate, impose penalties, and adopt interim measures for imminent risk of severe and irreparable harm.
  • Substantiated concerns: natural and legal persons must be able to submit concerns through accessible channels when objective circumstances indicate possible non-compliance.
  • Records: supervisory authorities must keep investigation records showing the nature and result of investigations and records of enforcement action.
  • Cross-border cases: the European Network of Supervisory Authorities supports cooperation, mutual assistance, alignment of supervisory practices, and publication of penalty decisions.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 24 to 26 set the competent-authority model, supervisory powers, substantiated-concern channel, investigation records, and remedial-action framing.
Consolidated Directive (EU) 2024/1760, amended by Directive (EU) 2025/794
Consolidated EUR-Lex view showing the CSDDD text after the 2025/794 amendment and retaining Articles 24 to 29 as the enforcement and liability structure.
Section 2

Penalty mechanics and fine limits

CSDDD requires Member States to lay down penalties, including pecuniary penalties, for infringements of national law adopted under the Directive. The EU text sets minimum design features; it does not create an automatic fixed fine for every breach.

Penalties must be effective, proportionate, and dissuasive. When deciding whether to impose a penalty and setting its nature and level, authorities must account for the infringement's nature, gravity, and duration; severity of impacts; investments and targeted support under prevention and mitigation provisions; collaboration with other entities; prioritisation decisions; previous final infringements; remedial action; financial benefits gained or losses avoided; and other aggravating or mitigating factors.

If pecuniary penalties are imposed, they must be based on the company's net worldwide turnover. The Directive says the maximum limit of pecuniary penalties must be not less than 5% of net worldwide turnover in the financial year preceding the fine decision. That is a minimum level for national maximum limits, not a claim that every Member State fine will be exactly 5% or that every breach triggers that amount.

  • Minimum penalty types: Member States must provide at least pecuniary penalties and, if a company fails to comply with a penalty decision within the applicable time limit, a public statement naming the company and infringement.
  • Group calculation: for covered ultimate-parent-company cases, pecuniary penalties must take account of consolidated turnover reported by the ultimate parent company.
  • Publication: supervisory-authority penalty decisions must be published, remain publicly available for at least five years, and be sent to the European Network of Supervisory Authorities.
  • Unsupported claim to avoid: do not publish a flat fine schedule, per-incident fine, daily penalty amount, or national sanction range unless it is supported by the relevant Member State transposition law.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Article 27 provides the penalty design requirements, penalty factors, public-statement rule, turnover basis, and minimum national maximum-limit rule.
Section 3

Civil liability and compensation limits

CSDDD civil liability is tied to specific conditions. A company can be held liable for damage caused to a natural or legal person where it intentionally or negligently failed to comply with the obligations in Articles 10 and 11, the relevant Annex right, prohibition, or obligation is aimed at protecting that person, and the failure caused damage to legal interests protected under national law.

The Directive also draws limits. A company cannot be held liable under Article 29 if the damage was caused only by its business partners in its chain of activities. If the company is liable, the injured person has a right to full compensation under national law, but full compensation must not create overcompensation through punitive, multiple, or other damages.

Contractual clauses, industry initiatives, multi-stakeholder initiatives, or independent third-party verification do not automatically remove civil-liability risk. Article 29 states that companies using those tools may nevertheless be held liable if the liability conditions are met.

  • Minimum limitation rule: actions for damages must have a limitation period of at least five years and not be shorter than the national general civil liability regime.
  • When the clock starts: limitation periods must not begin before the infringement has ceased and the claimant knows, or can reasonably be expected to know, the behaviour, that it constitutes an infringement, the harm, and the infringer's identity.
  • Claim support: claimants must be able to seek injunctive measures, and courts must be able to order company-controlled evidence disclosure where the claimant has plausibly supported a damages claim and the requested disclosure is necessary and proportionate.
  • Joint harm: where damage was caused jointly by the company and its subsidiary or business partner, joint and several liability applies without prejudice to national rules on conditions and recourse.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Article 29 defines the CSDDD civil-liability conditions, full-compensation rule, overcompensation limit, limitation-period floor, evidence-disclosure rule, and business-partner limitation.
Section 4

National transposition caveats

Because CSDDD is a directive, liability and penalty handling depends on national transposition. The EU text requires the result Member States must achieve, but national law will determine the detailed authority setup, procedure, remedies, sanction rules, court route, cost rules, and any stricter civil-liability regime that applies in that Member State.

The consolidated EUR-Lex record shows Directive (EU) 2025/794 amended CSDDD timing. It lists a transposition date of 26 July 2027 and application dates from 26 July 2028 for the largest listed cohorts and from 26 July 2029 for other covered companies. Use those dates only as grounded CSDDD timing context; do not use them to invent national penalty start dates or court deadlines.

Article 29 also preserves stricter Union or national civil-liability rules related to adverse human rights or environmental impacts. A company can therefore face CSDDD supervisory enforcement, CSDDD civil-liability claims, and other national or sector-specific liability routes in parallel where the facts support them.

  • For each relevant Member State, record the designated supervisory authority, complaint channel, inspection procedure, penalty scale, publication practice, appeal route, limitation period, and evidence-disclosure rule once national law is available.
  • For non-EU companies, keep the turnover data used to determine the competent supervisory authority and any reasoned request to change authority after a change in circumstances.
  • For groups, record whether a parent company fulfils obligations for subsidiaries and how subsidiary authority competence, subsidiary civil liability, and parent-level evidence will be managed.
  • For public content, state EU-level penalty mechanics separately from Member State sanction details so readers can distinguish the directive floor from national implementation.
Sources for this answer
Consolidated Directive (EU) 2024/1760, amended by Directive (EU) 2025/794
Consolidated EUR-Lex source for the amended CSDDD timing references used on this page, including 26 July 2027 transposition and phased application dates.
Directive (EU) 2024/1760 on corporate sustainability due diligence
Original Official Journal source for the directive structure showing that penalties and civil liability are implemented through national law adopted under CSDDD.
Section 5

Evidence records for enforcement and liability review

A defensible CSDDD evidence file should let an authority, court, board, or decision owner reconstruct the due diligence decision. The file should connect the adverse impact, the relevant Article 10 or Article 11 obligation, the affected right or environmental prohibition in the Annex, the company's role, the chosen preventive or corrective action, and the follow-up result.

Evidence should be kept at the level where the decision was actually made. A generic sustainability policy is weak evidence for a specific penalty or liability question unless it is connected to the affected operation, subsidiary, business partner, risk assessment, prioritisation decision, contract measure, remediation step, or grievance record.

For civil-liability readiness, keep a clear record of what was known, when it was known, who assessed it, why a measure was considered appropriate, how affected stakeholders were considered, what support or collaboration was offered, and whether remediation occurred.

  • Supervisory file: competent-authority mapping, information requests, inspection notices, responses, remedial-action commitments, authority decisions, appeals, and publication checks.
  • Penalty-factor file: infringement chronology, impact severity analysis, prevention and mitigation investments, targeted support records, collaboration evidence, prioritisation rationale, prior-infringement checks, remediation record, and financial-benefit analysis.
  • Civil-liability file: Articles 10 and 11 assessment, Annex right or prohibition mapping, causation analysis, business-partner-only damage analysis, claimant correspondence, injunctive-measure response, evidence-preservation log, and confidentiality review.
  • Transposition tracker: Member State law, authority guidance, procedural rules, limitation-period rules, disclosure standards, and any stricter national liability rules relevant to the company's operations.
Sources for this answer
Directive (EU) 2024/1760 on corporate sustainability due diligence
Articles 25, 27, and 29 support the listed evidence records by identifying investigation records, penalty factors, civil-liability conditions, and evidence-disclosure expectations.
Recommended next step

Build a CSDDD enforcement evidence file

Connect CSDDD supervisory powers, penalty factors, civil-liability conditions, and national transposition tracking to evidence your teams can maintain.

Research workflow
Open Research Copilot

Check CSDDD enforcement and liability questions against cited source material.

Explore next step
Talk to Sorena
Discuss CSDDD implementation

Review scope, authority mapping, source evidence, and implementation records with Sorena.

Explore next step
Primary sources

References and citations

Related guides

Explore more topics

CSDDD adverse impact prioritisation workflow
A CSDDD workflow for identifying actual and potential adverse human rights and environmental impacts, ranking severity and likelihood, and documenting prevention, mitigation, remediation, and stakeholder evidence.
CSDDD Applicability Test: EU and Non-EU Company Scope
Test whether Directive (EU) 2024/1760 may apply to an EU or non-EU company using grounded CSDDD employee, turnover, group, franchise, royalty, exclusion, and phase-in checks.
CSDDD chain of activities and supplier due diligence
Explain CSDDD chain-of-activities scope, upstream and downstream boundaries, subsidiaries, direct and indirect business partners, supplier risk segmentation, and evidence.
CSDDD Chain of Activities Boundaries
Define CSDDD upstream and downstream chain of activities boundaries for subsidiaries, direct and indirect business partners, distribution, transport, storage, and records.
CSDDD chain of activities boundaries: upstream and downstream FAQ
FAQ on how the CSDDD defines chain of activities boundaries for subsidiaries, direct and indirect business partners, upstream activities, downstream logistics, and evidence.
CSDDD civil liability under Article 29: what companies should check
FAQ on CSDDD Article 29 civil liability: liability conditions, protected legal interests, causation, compensation, limitation periods, and evidence disclosure.
CSDDD Climate Transition Plan Requirements
Article 22 CSDDD guidance for climate transition plans: business model alignment, targets, actions, funding, governance, and 12-month progress updates.
CSDDD complaints and notifications FAQ
FAQ on Article 14 CSDDD complaint and notification mechanisms, who may complain, follow-up rights, confidentiality, retaliation, and evidence.
CSDDD compliance duties and evidence guide
A grounded CSDDD compliance guide covering due diligence policy, adverse impact identification, prevention, corrective action, complaints, monitoring, reporting, climate plans, and supervisory evidence.
CSDDD contractual assurances FAQ for Articles 10 and 11
How CSDDD Articles 10 and 11 use contractual assurances with business partners, verification, SME support, action plans, and suspension or termination escalation.
CSDDD deadlines and compliance calendar after Directive (EU) 2025/794
Current CSDDD calendar for transposition, application phases, Article 16 reporting exceptions, Commission guidance dates, and practical compliance evidence.
CSDDD due diligence checklist
A grounded CSDDD checklist for scope, due diligence policy, chain-of-activities risk mapping, impact prioritisation, action plans, complaints, monitoring, communication, climate planning, and evidence.
CSDDD Due Diligence Steps Playbook for Articles 5 and 7-16
A grounded playbook for the CSDDD due diligence sequence: policy integration, impact assessment, prioritisation, prevention, correction, remediation, stakeholder engagement, complaints, monitoring, communication, and evidence.
CSDDD FAQ: scope, dates, duties, liability, and evidence
Practical answers on CSDDD scope, current application dates, chain of activities, due diligence duties, complaints, remediation, civil liability, climate plans, and evidence.
CSDDD franchising and licensing scope FAQ
FAQ on when franchise or licensing networks can fall within Article 2 of the EU CSDDD, including royalties, turnover, EU and non-EU treatment, and evidence.
CSDDD grievance and remediation workflow guide
Build a CSDDD grievance, notification, stakeholder engagement, and remediation workflow around Articles 12, 13, and 14 of Directive (EU) 2024/1760.
CSDDD non-EU turnover threshold FAQ
How non-EU companies should assess CSDDD scope using EU-generated turnover, group thresholds, authorised representative records, and competent authority evidence.
CSDDD Non-EU Turnover Thresholds and Scope Waves
Article 2 and Article 37 CSDDD scope guide for non-EU Union turnover, group routes, franchise and licensing routes, and current application dates after Directive (EU) 2025/794.
CSDDD Omnibus timing changes after Directive (EU) 2025/794
FAQ answer on current CSDDD Article 37 dates after Directive (EU) 2025/794 and how to separate adopted timing changes from proposal-stage Omnibus simplification.
CSDDD penalties and fines under Article 27
How CSDDD Article 27 sets penalty rules, turnover-based fine caps, public decision publication, supervisory authority powers, and national transposition caveats.
CSDDD prevention vs mitigation: potential and actual adverse impacts
CSDDD FAQ on when to prevent or mitigate potential adverse impacts, when to end or minimise actual adverse impacts, and what evidence records to keep.
CSDDD remediation FAQ: when companies must remedy adverse impacts
FAQ on CSDDD remediation: when Article 12 requires remedy, how complaints and stakeholder engagement affect the response, and what evidence to keep.
CSDDD Remediation Plan Template: Article 12, 13 and 14 evidence
A CSDDD remediation plan template for actual adverse impacts, complaint inputs, stakeholder engagement, action records, and monitoring evidence.
CSDDD requirements: scope, due diligence, climate plan, and evidence
A grounded map of the Corporate Sustainability Due Diligence Directive requirements across scope, due diligence policy, impact assessment, complaints, remediation, monitoring, communication, and climate transition planning.
CSDDD risk prioritisation FAQ: severity, likelihood, and evidence
How to prioritise CSDDD adverse impacts when teams cannot address everything at once, using severity, likelihood, stakeholder evidence, and a reviewable rationale.
CSDDD Scope Thresholds: EU, Non-EU, Group and Franchise Routes
Article 2 CSDDD scope thresholds for EU companies, non-EU Union turnover, ultimate-parent groups, franchise and licensing routes, consecutive-year tests, and evidence records.
CSDDD scope waves: current Article 37 dates and thresholds
FAQ on the current CSDDD phase-in after Directive (EU) 2025/794: 26 July 2028, 26 July 2029, Article 2 scope thresholds, and evidence to retain.
CSDDD Supplier Contract Clause Review Workflow
Review supplier contract clauses against CSDDD Articles 10 and 11: contractual assurances, verification, SME fairness, support, action plans, and escalation evidence.
CSDDD Supplier Contract Clauses: Articles 10 and 11 Evidence
How to use CSDDD supplier contract clauses without treating clauses as a substitute for due diligence: contractual assurances, verification, SME support, action plans, limits, and evidence.
CSDDD supplier human rights impact scoring template
A CSDDD supplier impact scoring template for Article 8 identification, Article 9 prioritisation, severity, likelihood, stakeholder input, chain-of-activities boundaries, and evidence records.
CSDDD transition plans FAQ: Article 22 climate plan requirements
FAQ on CSDDD Article 22 climate transition plans: targets, decarbonisation levers, investment and funding, governance, CSRD overlap, and evidence records.
CSDDD vs CSRD: Due Diligence and Reporting Compared
Compare CSDDD due diligence duties with CSRD sustainability reporting, including scope, timing, Article 16 reporting, evidence overlap, assurance, and enforcement.
CSDDD vs German LkSG Comparison
Compare the EU CSDDD with Germany's LkSG without mixing directive duties, national-law duties, chain boundaries, complaints, reporting, and enforcement routes.
CSDDD vs OECD Guidelines
Compare the binding EU CSDDD with the OECD Guidelines for responsible business conduct across scope, due diligence duties, business relationships, remediation, and evidence.
How CSDDD overlaps with OECD, UNGP, and ILO standards
FAQ on how OECD responsible business conduct guidance, the UN Guiding Principles, and ILO labour standards inform CSDDD due diligence without being the same legal instrument.