How to comply with CSDDD — and what could change under the Omnibus Proposal

A step-by-step guide to CSDDD compliance, from the original directive to the Omnibus Proposal updates.

Last Updated: March 2025

CSDDD and the Omnibus Proposal

The European Union is committed to driving corporate accountability and sustainability, and one of its most ambitious regulatory initiatives is the Corporate Sustainability Due Diligence Directive (CSDDD). When first introduced, CSDDD aimed to hold companies accountable for environmental and human rights impacts across their value chains, significantly expanding due diligence obligations for businesses operating in or connected to the EU.

However, in February 2025, the EU Parliament introduced the Omnibus Proposal, which, if approved, will bring notable changes to the CSDDD. As the directive evolves, companies must proactively monitor these shifts to align their due diligence strategies, mitigate compliance risks, and ensure responsible supply chain management.

This guide was updated in March 2025 to reflect the most recent proposed updates to CSDDD under the Omnibus Proposal. We plan to update this resource as the proposal moves through the EU Parliament since further changes will likely occur.

What is the Corporate Sustainability Due Diligence Directive?

Approved by the EU Parliament in April 2024, the CSDDD  is a groundbreaking regulation that significantly expands corporate responsibility for environmental and human rights impacts. It requires businesses operating in the EU to identify, prevent, and mitigate adverse effects within their own operations, as well as across their entire global value chains—including upstream suppliers and downstream partners.

In addition, the directive mandates that in-scope companies develop climate transition plans aligned with the Paris Agreement’s 1.5°C pathway, reinforcing the EU’s commitment to net-zero emissions by 2050. These wide-ranging obligations make CSDDD one of the most ambitious corporate sustainability regulations to date.

As the legislative process continues, the proposed Omnibus package could introduce changes to compliance timelines, enforcement mechanisms, and reporting requirements. These potential revisions may affect how and when companies are expected to meet their obligations.

What is the Omnibus Proposal and how could it impact CSDDD?

​In February 2025, the European Commission introduced the Omnibus Proposal, aiming to streamline and reduce the regulatory burden of existing sustainability directives –  including the CSDDD – particularly for SMEs.

While the core scope and intent of the CSDDD remain intact, the Omnibus package introduces several proposed changes. These have not been finalized and are still subject to negotiation.

Key changes proposed in the Omnibus package:

  • Extended compliance timelines: The proposal delays the start of reporting and due diligence obligations by one year for the largest in-scope companies, and will remain the same for the smaller in-scope companies.
  • Fewer reporting requirements: Companies would be required to report on their due diligence processes only once every five years, rather than annually.
  • Value chain engagement: Companies would no longer be required to proactively engage indirect suppliers. Instead, the focus shifts to ensuring Tier 1 suppliers implement their own due diligence processes — effectively creating a cascade approach to managing supply chain risks.
  • Reduced severity of penalties for non-compliance: The proposal removes the requirement for member states to impose fines of at least 5% of global turnover, and introduces more flexibility around civil liability and how national authorities apply sanctions.
  • No mandatory termination of business relationships: Originally, companies were required to terminate partnerships if mitigation efforts failed. The proposal would remove this requirement, instead encouraging continued engagement with business partners to address risks.
  • Optional “safe harbor” considerations: The proposal revives debate around shielding companies from liability if they follow due diligence steps in good faith — though this has not yet been finalized.

The remainder of this guide outlines CSDDD compliance requirements under both the original directive and the potential changes if the current Omnibus Proposal is adopted.

Scope: Who is required to report?

Under the CSDDD, companies are considered in scope if they meet certain thresholds. In general, EU companies with at least 1,000 employees and €450 million in global net turnover are in scope, as are non-EU companies generating €450 million or more in net turnover within the EU.

When the Omnibus Proposal was introduced in early 2025, it did not change the scope of who must comply with CSDDD. All employee and financial thresholds remain the same as agreed upon in the original directive.

The directive introduces different compliance timelines based on company size and structure – those tiered levels will be introduced in the next section, which covers reporting and due diligence timelines.

Timeline: When does reporting start?

Under the original CSDDD agreement, reporting obligations were set to begin in 2027, starting with the largest EU companies. A phased approach was designed to give smaller and non-EU companies more time to prepare, with their obligations following in later years.

Under the Omnibus Proposal, reporting obligations would be delayed by one year for the largest companies and will remain the same for smaller companies. The Omnibus package is still under consideration, and timelines may be adjusted further.

How often do companies need to report?

Under the original CSDDD agreement, companies were required to conduct and publicly report on their due diligence efforts annually. However, if the Omnibus Proposal passes, companies would instead be required to review and update their due diligence approach once every five years.

Companies must develop and disclose a Climate Transition Plan (CTP), aligned with the 1.5°C target of the Paris Agreement, on an annual basis – the Omnibus proposal does not aim to change this.

Requirements: What companies must report and what actions they need to take

Unlike disclosure-focused frameworks like The Corporate Sustainability Reporting Directive (CSRD), the CSDDD requires companies to go beyond reporting.

Companies must identify risks across their operations and supply chains and take steps to prevent, mitigate, and remediate them. The goal is to ensure that companies are actively responsible for the human rights and environmental impacts connected to their business — not just transparent about them.

Reporting requirements

The original CSDDD reporting requirements were notable for how comprehensive and integrated they were. Reporting had to cover the entire value chain, including indirect suppliers, and was expected to occur on an annual basis.

Under the omnibus proposal, many of the core reporting elements remain in place, but the frequency of reporting would drop to once every five years, and the focus would shift to direct (Tier 1) suppliers.

Due diligence requirements

The original CSDDD due diligence obligations are some of the most ambitious globally. Companies are required to proactively identify, prevent, and mitigate risks across their entire value chain — and are even obligated to terminate business relationships when mitigation efforts fail.

The Omnibus proposal preserves much of the intent behind these obligations but eases the burden of enforcement and operational control. The most notable change is that companies would no longer be required to terminate business relationships, even if harm persists.

Penalties for CSDDD non-compliance

From the start, the CSDDD stood out from other sustainability regulations for one major reason: it includes real consequences for non-compliance, including fines, sanctions, and even civil liability.

What made the penalties groundbreaking wasn’t just the fact that they exist — it was their scale and enforceability. The directive mandates that each EU Member State must establish a supervisory authority to monitor compliance and enforce penalties. While the directive itself does not prescribe exact penalties, it does lay out key expectations that member states must follow when transposing the law into national legislation.

Penalties under the original directive

The original CSDDD outlines three main forms of enforcement that member states must implement when companies fail to meet their due diligence obligations:

  • Fines: Member states are expected to impose fines based on a company’s global net turnover, with the directive recommending a maximum of at least 5% for serious violations.
  • Sanctions: Each Member state must designate a supervisory authority to monitor compliance. These authorities can issue non-monetary sanctions, such as compliance orders, public warnings, or temporary bans on operations or public procurement eligibility.
  • Civil liability: Companies could face civil lawsuits if they cause or contribute to harm through a failure to comply with due diligence obligations. Affected individuals or communities may bring claims for compensation, provided the company failed to take appropriate preventive or corrective measures.

When determining the appropriate penalties, supervisory authorities must consider factors such as the nature, gravity, and duration of the violation; whether the company ignored known risks; and whether it made adequate efforts to remediate or correct the harm.

Penalties under the Omnibus Proposal

The omnibus proposal is not yet adopted, but if passed, it would soften some enforcement mechanisms introduced by the original directive — particularly around civil liability and financial penalties.

Key proposed changes include:

  • Removal of the 5% fine threshold: The original directive recommended that member states impose fines of at least 5% of a company’s global net turnover for serious violations. The omnibus proposal would remove this requirement, giving member states greater discretion to set penalty levels, as long as they remain “effective, proportionate, and dissuasive.”
  • Clarified limits on civil liability: Companies would only be liable for harm they caused or contributed to. Being merely linked to harm through their value chain would no longer be sufficient to trigger liability.
  • Safe harbor clause considerations: The proposal reopens discussion around whether companies that follow prescribed due diligence steps in good faith should be shielded from liability. This idea is still under debate and has not yet been finalized.
  • Increased flexibility for national authorities: Member states would have more room to tailor penalties based on company size, sector, and risk context — though any penalties must still be structured to deter non-compliance.

While companies would still face serious consequences for failing to meet CSDDD obligations, the omnibus proposal represents a shift — from strict punitive enforcement to an emphasis on ongoing engagement, risk management, and demonstrated good-faith effort.

Next steps: How to prepare for CSDDD compliance

Companies should begin preparing for CSDDD compliance now,  even as certain aspects of the directive, such as timing and enforcement, remain under negotiation through the omnibus proposal. While the proposal may adjust how some requirements are implemented — particularly regarding engagement with indirect suppliers and the frequency of reporting — the core obligations remain intact.

Below are the eight key steps companies should take to get ready for compliance under the current CSDDD directive, with notes where major changes would be needed if the Omnibus Proposal is adopted.

1. Update or create due diligence policies

  • Companies must have a dedicated due diligence policy that outlines their approach, procedures, and governance.
  • A code of conduct is also required, covering expectations for employees and business partners, along with a mechanism for ensuring compliance.
  • Due diligence must be embedded into existing policies and risk management frameworks.

2. Conduct a risk assessment across your operations and value chain

  • Companies must assess and document actual and potential adverse impacts on human rights and the environment across:
    • Their own operations
    • The operations of their subsidiaries
    • Their entire value chain, including both direct (Tier 1) and indirect business relationships*
  • This assessment should be comprehensive and risk-based, considering both upstream (e.g. suppliers) and downstream (e.g. distributors or waste handlers) activities.
  • Risk assessments must be conducted as part of a continuous due diligence process and kept up to date as business relationships and risks evolve.

*Under the omnibus proposal, companies would only be required to proactively engage and act on risks at the Tier 1 level, but must still map and monitor indirect suppliers for potential risks.

3. Establish a risk-based due diligence process and mitigation measures

  • Take appropriate steps to prevent, mitigate, and remedy risks that have been identified.
  • Where impacts stem from business partners, seek contractual assurances and implement corrective action plans if needed.
  • Companies are required to terminate relationships if partners fail to act*

*The omnibus proposal would remove the obligation to terminate business relationships when mitigation efforts fail, favoring continued engagement instead.

4. Create a complaints mechanism

  • Set up a process that allows workers, communities, unions, and civil society groups to raise concerns about potential or actual harms.
  • Ensure the process is accessible, transparent, and includes follow-up communication.
  • Complainants are protected under the EU Whistleblower Directive.

5. Engage business partners and define expectations

  • Companies must work with their suppliers and business partners to ensure compliance, including updating contracts and onboarding processes.
  • For small and medium-sized partners, companies must provide support where compliance would otherwise threaten business viability.

6. Develop a climate transition plan

  • Align your long-term strategy with the 1.5°C goal of the Paris Agreement.
  • Disclose whether climate change poses a risk to your business and whether your operations contribute to it.
  • If executive compensation is tied to performance, it must also consider progress on the climate plan.

7. Prepare to publish required disclosures

  • Companies must publicly report on their due diligence efforts on an annual basis*
  • Reports must be published on the company’s website and made easily accessible to the public.
  • Companies not already subject to the EU Accounting Directive must begin publishing these disclosures once they fall under the scope of CSDDD.

*Under the omnibus proposal, the frequency of public reporting would be reduced to once every five years, though companies would still be expected to track and manage risks on an ongoing basis, and continue reporting annually on Climate Transition Plan progress.

8. Non-EU companies: Appoint an EU-based representative

  • In-scope companies headquartered outside the EU must designate a legal representative in an EU Member State where they operate.
  • This representative must be authorized to communicate with local authorities and help ensure compliance.

Need help complying with CSDDD?

CSDDD compliance requires more than internal reporting—it demands that companies actively engage Tier 1 suppliers on environmental risks, particularly those related to climate impact. To do this effectively, businesses need both the technology to track supplier-level emissions data and the expertise to build meaningful supplier partnerships.

That’s where Optera comes in. Our carbon accounting platform makes it easy to collect and manage sustainability data across your supply chain, helping you identify hotspots, measure progress, and report with confidence. And our sustainability team brings deep expertise in supplier engagement on decarbonization.

Whether you’re just getting started or scaling a mature program, Optera equips you with the tools and guidance you need to prepare for CSDDD—and turn compliance into competitive advantage.

Set yourself up from CSDDD success – get in touch with our team today.

Previous Back to all posts

Sign up to stay up to date with Optera and the latest developments in corporate sustainability.