The CSDDD Recalibrated: What the Provisional Agreement Means for Corporate Due Diligence

On December 16, 2024, the European Parliament voted in favor of Omnibus I, marking a pivotal moment in European sustainability regulation. The package includes significant revisions to the Corporate Sustainability Due Diligence Directive (CSDDD) and the Corporate Sustainability Reporting Directive (CSRD), following intensive trilogue negotiations. While the final text awaits Council approval, the contours of Europe’s mandatory human rights and environmental due diligence landscape are now clear—and they represent both relief and complexity for multinational corporations. The revised CSDDD retains its foundational ambition: embedding human rights and environmental due diligence into corporate governance across value chains. However, the provisional agreement introduces crucial adjustments to scope, timelines, enforcement mechanisms, and operational flexibility. For companies navigating global supply chains—particularly those spanning developing markets and complex commodity sectors—these changes demand strategic recalibration. The directive no longer asks whether companies must act, but rather how effectively they can transform compliance into competitive advantage. Understanding these revisions is essential not just for legal compliance, but for building resilient, responsible business models in an era of heightened stakeholder scrutiny.

Recalibrated Scope and Enforcement—Fewer Companies, Higher Stakes

The provisional agreement substantially narrows CSDDD’s reach while intensifying expectations for those covered.

1. EU companies must now have 5,000 employees and €1.5 billion in turnover. A dramatic increase from the original thresholds of 1,000 employees and €450 million. Non-EU companies generating €1.5 billion in EU turnover also remain in scope. This recalibration will significantly reduce the number of covered entities. It will focus regulatory attention on large multinationals with the resources and influence to drive systemic change.
2. The timeline shift is equally consequential. The previous cascading implementation schedule—which would have phased in requirements across 2027-2029 based on company size—has been eliminated. Instead, all in-scope companies will face a single compliance deadline: July 26, 2029. Thus, companies gain additional preparation time, allowing for more thoughtful program design rather than rushed compliance. The level playing field also eliminates first-mover disadvantages, as competitors face identical deadlines. However, the compressed timeline means companies cannot afford complacency. The pressure to deliver comprehensive, operationalized due diligence programs will intensify dramatically as 2029 approaches.
3. Enforcement mechanisms have been recalibrated with more pragmatism. Maximum penalties have decreased from 5% to 3% of net worldwide turnover, reflecting concerns about proportionality and economic impacts. More significantly, the directive now includes a safe harbor provision. If companies prioritize impacts in line with the directive’s requirements, failure to address less significant impacts will not trigger penalties. This risk-based approach encourages companies to focus resources where they can achieve the greatest impact.
4. Civil liability provisions have been delegated to existing national frameworks. This heterogeneity may complicate compliance strategies for companies operating across multiple EU jurisdictions. But it preserves legal traditions and avoids creating new liability regimes. Companies must now navigate not just the CSDDD itself, but also how each Member State interprets and enforces civil liability for due diligence failures.

Core Requirements—Flexibility Within Rigor

While the provisional agreement softens certain aspects of the CSDDD, it preserves the directive’s foundational due diligence requirements. The full value chain remains within scope—encompassing upstream and downstream business relationships—and the core obligations around management systems, grievance mechanisms, and remediation are essentially unchanged. However, new provisions introduce operational flexibility that could prove crucial for implementation.

Prioritization & Strategized Focus

The most significant operational change centers on prioritization. Companies must now conduct a “scoping exercise” using reasonably available information to identify where human rights and environmental risks are most likely and severe. Notably, the directive explicitly permits the use of digital risk assessment tools—a recognition of technological innovation in due diligence practice. If this scoping reveals severe risks at multiple value chain points, companies may prioritize addressing risks at direct business partners (Tier 1 suppliers) rather than attempting simultaneous deep-tier engagement. This prioritization framework represents a pragmatic acknowledgment of resource constraints and value chain complexity. Rather than mandating universal due diligence regardless of risk, the directive encourages strategic focus. Companies can concentrate programs where they have leverage, visibility, and the greatest potential for impact. For sectors with sprawling supply networks—textiles, electronics, agricultural commodities—this flexibility could prove transformative, enabling more effective interventions than thin-spread efforts.

Creative Access to Information Beyond Audits

Information request limitations further reflect this practical approach. While companies remain obligated to conduct in-depth assessments where risks are severe, they may only request information from business partners when necessary. For partners with fewer than 5,000 employees, requests are further restricted: information must be unobtainable through other means. This provision protects SMEs from overwhelming data requests while maintaining due diligence integrity. Companies will need sophisticated approaches that balance information gathering with partner capacity. There are many cost effective solutions outlined for example in our article exploring technologies enhancing transparency and traceability across supply chains.

Smarter Management of Business Relations

The revised disengagement requirements introduce nuance to one of the directive’s most controversial provisions. Companies are no longer required to terminate business relationships as a last resort when severe risks cannot be addressed. Instead, they may suspend relationships (where legally permitted) and implement enhanced prevention action plans if there is reasonable expectation of success. This change acknowledges that exit can exacerbate harms for affected workers and communities, particularly in contexts where alternative livelihoods are scarce. It encourages companies to pursue constructive engagement and capacity building rather than abandoning challenging relationships.

Mitigative Indicators Calibrated for Longer Term Impacts

Monitoring requirements have been significantly relaxed. Companies must now monitor their due diligence measures every five years rather than annually, unless there are reasonable grounds to believe existing measures are inadequate. This shift reduces administrative burden while maintaining accountability. Companies should establish robust indicators and early warning systems to identify when accelerated monitoring becomes necessary, rather than treating five-year cycles as fixed intervals regardless of context. The climate transition plan obligation has been entirely removed, a controversial decision reflecting political negotiations. While this eliminates one reporting burden, it also signals that climate action under the CSDDD will manifest through human rights and environmental risk frameworks rather than standalone transition planning requirements.

Strategic Imperatives—From Compliance to Competitive Advantage

The provisional agreement creates a narrower regulatory perimeter but demands more sophisticated execution. For covered companies, the challenge shifts from debating whether to comply to determining how compliance can strengthen business resilience and stakeholder relationships. Several strategic imperatives emerge.

Companies must invest in robust risk intelligence infrastructure

The directive’s emphasis on scoping exercises and prioritization demands granular visibility into value chain risks. Traditional supplier questionnaires and audit programs are insufficient; companies need dynamic risk mapping tools that integrate labor market data, environmental monitoring, grievance trends, and stakeholder input. Technology platforms enabling continuous risk assessment will become essential infrastructure.

The revised CSDDD places a premium on meaningful stakeholder engagement

While requirements have been narrowed to directly affected stakeholders, the quality and credibility of engagement becomes paramount. Companies must move beyond consultative checkbox exercises to genuine dialogue with rights holders, worker representatives, and communities. Building trusted relationships with civil society organizations and local partners will be crucial for identifying hidden risks, co-designing interventions, and demonstrating good faith efforts.

The safe harbor provision around prioritization creates powerful incentives for rigorous methodology

Companies that can demonstrate systematic, evidence-based prioritization frameworks will be protected from penalties for inevitable gaps in less critical areas. This demands investment in due diligence methodology—documentation, governance, and continuous improvement processes that can withstand regulatory scrutiny and stakeholder challenge.

The single implementation deadline intensifies the premium on preparedness.

Companies delaying action until 2028 will face crushing implementation pressures. Leading companies are already piloting programs, building supplier capacity, testing grievance mechanisms, and refining prioritization frameworks. Early investment allows iterative learning and positions companies as responsible leaders rather than reluctant compliers.

Companies should recognize that CSDDD compliance interacts with broader supply chain resilience imperatives.

Effective due diligence strengthens supply chain stability by identifying labor shortages, environmental vulnerabilities, and governance weaknesses before they cause disruptions. It enhances brand reputation in markets where consumers increasingly demand ethical sourcing. It reduces legal and reputational risks from human rights violations. Companies that integrate CSDDD implementation into broader risk management and corporate strategy—rather than treating it as isolated compliance—will realize the greatest value.

Conclusion: Partnering for Impact—How Ksapa Supports Your Due Diligence Journey

The provisional CSDDD agreement clarifies expectations while preserving operational flexibility for companies genuinely committed to responsible business conduct. However, translating regulatory text into effective due diligence programs requires specialized expertise, deep value chain knowledge, and proven methodologies for stakeholder engagement and impact assessment. Ksapa brings two decades of experience supporting Fortune 500 companies and multilateral organizations in designing and implementing human rights due diligence programs across complex global supply chains. Our approach combines rigorous risk assessment with practical, scalable remediation programs that build supplier capacity and protect vulnerable workers. We understand that effective due diligence isn’t just about compliance—it’s about transforming supply chain relationships to create shared value for business and society.

• Our human rights consulting services address every dimension of CSDDD compliance. We help companies conduct comprehensive scoping exercises using cutting-edge risk intelligence tools. We develop prioritization frameworks aligned with the directive’s requirements. We design stakeholder engagement strategies that build credibility and trust. We establish grievance mechanisms that provide effective remedy. We implement monitoring systems that balance rigor with efficiency. Our capacity to operate programs across G20, Pacific Asian and Africa markets ensures we bring local context and stakeholder relationships essential for effective due diligence in diverse operating environments.
• Our scalable remediation programs go beyond identifying risks to delivering tangible improvements. We work with suppliers to strengthen labor recruitment practices, improve occupational health and safety systems, strengthen environmental management, and build worker voice mechanisms. We design programs that meet regulatory requirements while strengthening supplier performance and business resilience.

Take Action Now

As the CSDDD implementation timeline accelerates, companies need partners who combine regulatory expertise with operational experience. Partners who understand not just what the law requires, but how to make it work in practice. Ksapa’s track record supporting companies across textiles, electronics, agriculture, construction, hotel & tourism, extractives, and manufacturing sectors positions us as the strategic advisor for companies committed to responsible value chain transformation.

Contact Ksapa today to discuss how we can support your CSDDD readiness journey. Whether you’re

• beginning to scope your obligations,
• developing risk assessment frameworks,
• implementing supplier engagement programs,

Our team brings the expertise, methodologies, and stakeholder relationships to help you navigate complexity and demonstrate leadership. The CSDDD represents a defining moment for corporate accountability. Let’s ensure your company is prepared not just to comply, but to lead.

Photo Credit: Pexel