The plain-English explainer

What is the CSDDD (CS3D)?

The CSDDD is the EU Corporate Sustainability Due Diligence Directive: a law that requires the largest companies operating in the EU to find, prevent and fix human rights and environmental harms across their operations and their chain of activities. It is also nicknamed CS3D, and it is set out in Directive (EU) 2024/1760, as heavily amended by the Omnibus I package in 2026. This page explains it without the legalese.

Last updated · 2026-06-08

TL;DR

  • What: the Corporate Sustainability Due Diligence Directive, Directive (EU) 2024/1760 (CSDDD / CS3D), amended by Omnibus I, Directive (EU) 2026/470, in force 18 March 2026.
  • Who: directly, only the very largest companies (EU: >5,000 staff AND >€1.5bn turnover; non-EU: >€1.5bn EU turnover). Indirectly, their suppliers and business partners.
  • When: transposition by 26 July 2028; a single application date of 26 July 2029; first reporting from FY 2030.
  • What it requires: a risk-based, OECD/UNGP-aligned six-step due diligence process across the chain of activities.
  • Teeth: supervisory authorities and fines capped at 3% of net worldwide turnover; civil liability now left to national law.
Check if you are in scopeOpen the glossary

Confirmed dates (post-Omnibus)

26 July 2028

Member States must transpose the directive into national law.

26 July 2029

Single application date for all in-scope companies. No more phased waves.

FY 2030

First reporting financial year, starting on or after 1 January 2030.

Dates confirmed by Omnibus I, Directive (EU) 2026/470. DLA Piper, Omnibus I finalised. See the full timeline tracker.

What the CSDDD is, and what it is for

The Corporate Sustainability Due Diligence Directive, CSDDD for short, is Directive (EU) 2024/1760, adopted in 2024. It is widely nicknamed CS3D (the “3 D” standing for “Due Diligence Directive”). Its purpose is to make large companies carry out human rights and environmental due diligence across their own operations, their subsidiaries and their chain of activities — identifying, preventing, mitigating, bringing to an end and accounting for adverse impacts. European Commission

It is built on two international standards: the OECD Guidelines for Multinational Enterprises and the OECD Due Diligence Guidance, and the UN Guiding Principles on Business and Human Rights. The six-step due diligence cycle at the heart of the CSDDD mirrors that OECD framework, so a company that already follows the OECD guidance is most of the way there.

Crucially, the directive changed dramatically in early 2026. The Omnibus I simplification package — Directive (EU) 2026/470, published in the Official Journal on 26 February 2026 and in force from 18 March 2026 — raised the thresholds, delayed the dates and narrowed several duties. The numbers on this page are the final, post-Omnibus figures; older 2024 numbers are largely superseded.

Who is in scope

After Omnibus I, the CSDDD applies directly to only the very largest companies. The duty falls on the ultimate parent of a group that meets the thresholds.

EU companies

More than 5,000 employees AND more than €1.5 billion in worldwide net turnover. Both tests must be met.

Non-EU companies

More than €1.5 billion in net turnover generated in the EU (no employee test).

The thresholds were raised by Omnibus I

The original 2024 thresholds (1,000+ employees AND €450m turnover, phased in by size, with a lower bar for high-impact sectors) were removed. The net effect is that the directive now covers only the largest companies — an estimated low thousands EU-wide, down from around 6,000. Compliance & Risks

If you are a smaller company, this is the part that matters most. Even though you are not directly in scope, you are very likely hit indirectly: in-scope companies have to do due diligence across their chain of activities, so they pass requirements down to suppliers and business partners in the form of due-diligence questionnaires, codes of conduct, contractual assurances and audits. For most of the audience this is the real reason the CSDDD matters.

Not sure where you stand? Use the scope checker for a plain-English steer, or start your reply to a customer with the free DD questionnaire tool.

CSDDD vs CSRD vs EUDR

These three EU laws are easy to confuse. The short version: the CSDDD is about doing the due diligence and fixing harms, the CSRD is about reporting, and the EUDR is a product rule about deforestation.

How the CSDDD, CSRD and EUDR differ.
LawWhat it isCore obligationWho it covers
CSDDD (CS3D)Conduct / due diligence directive (2024/1760).Do the due diligence and fix human rights & environmental harms.The very largest companies; suppliers indirectly.
CSRDSustainability reporting directive.Disclose and report sustainability information.Large companies and listed firms (also narrowed by Omnibus I).
EUDRDeforestation regulation (2023/1115).Prove seven commodities are deforestation-free and legal.Operators and traders placing those products on the EU market.

What it requires: the six-step due diligence process

The CSDDD asks for a risk-based, OECD/UNGP-aligned six-step due diligence process. The structure was kept by Omnibus I, though some steps were narrowed (see below).

  1. 1

    Embed into policies

    Build due diligence into your policies and management systems, with a due diligence policy and a code of conduct for staff, subsidiaries and business partners.

  2. 2

    Identify & assess impacts

    A risk-based scoping exercise to find actual and potential human rights and environmental impacts, then a deeper assessment of priority areas.

  3. 3

    Prevent & mitigate

    Action plans, contractual assurances backed by verification, and support or capacity-building for suppliers to address potential impacts.

  4. 4

    Bring to an end / remediate

    End actual adverse impacts where they occur, and provide remediation. The emphasis shifted toward suspending rather than ending relationships.

  5. 5

    Stakeholder engagement & complaints

    Engage with affected stakeholders and run a complaints / notification mechanism so concerns can be raised.

  6. 6

    Monitor & communicate

    Assess the effectiveness of your measures and report publicly. Monitoring moved from every 12 months to at least every 5 years.

The practical tools the process produces

In day-to-day life the process turns into documents and requests: human rights policies, supplier codes of conduct, value-chain mapping, risk assessments, and due-diligence questionnaires sent to suppliers. If you have received one, that is step 2 in action.

How far it reaches: the “chain of activities”

The CSDDD deliberately uses “chain of activities” rather than “value chain”. It covers upstream business partners (design, extraction, sourcing, manufacture) plus limited downstream activities (distribution, transport, storage). It excludes product use and disposal, and largely excludes the financial sector’s downstream. Clifford Chance

Omnibus I kept the focus on direct, tier-1 business partners. You only go beyond your direct partners when you have plausible information of an adverse impact deeper in the chain. And a value-chain cap generally stops in-scope companies from demanding information beyond a standardised set from business partners with fewer than 5,000 employees — an explicit move to protect SMEs from questionnaire overload. Compliance & Risks

Enforcement and penalties

Each Member State designates a supervisory authority, coordinated by a European Network of Supervisory Authorities. These authorities can investigate, order companies to act and impose penalties.

  • Fines are capped: they must not exceed 3% of net worldwide turnover. Omnibus I removed the original “not less than 5%” floor, and the Commission is to issue penalty guidance. DLA Piper
  • Civil liability is now national: the original EU-wide harmonised civil-liability regime was removed. Liability is left to existing national law, with no EU mandate giving NGOs or trade unions standing. Clifford Chance

⚠️ What changed under Omnibus I (read this if you knew the old rules)

  • Thresholds raised to >5,000 employees AND >€1.5bn turnover (EU) / >€1.5bn EU turnover (non-EU). The 1,000 / €450m bar and high-impact sectors were dropped.
  • A single 2029 application date replaced the phased 2027/2028/2029 waves.
  • Monitoring moved from every 12 months to at least every 5 years.
  • The EU civil-liability regime was removed — liability is now left to national law.
  • The standalone climate transition plan duty (Art. 22) was significantly scaled back: the hard “put into effect” obligation was deleted, and reporting on transition planning now flows through the CSRD. We describe this carefully because it is easy to overstate.

DLA Piper · Clifford Chance · Compliance & Risks

Timeline at a glance

  • 26 July 2027 — Commission to issue general guidelines.
  • 26 July 2028 — Member States must transpose the directive into national law.
  • 26 July 2029 — single application date for all in-scope companies.
  • From 1 January 2030 — first reporting financial year.

The dates have already moved once (via a 2025 “stop-the-clock” directive) and national transposition is still settling. For the live picture, see the CSDDD timeline and status tracker.

By the numbers

The CSDDD in a few figures

6

Steps in the OECD/UNGP-aligned due diligence cycle.

€1.5bn

Turnover threshold (worldwide for EU firms; EU-generated for non-EU firms).

≤3%

Cap on fines, as a share of net worldwide turnover.

26 Jul 2029

Single application date for all in-scope companies.

Figures are the final, post-Omnibus values. Directive (EU) 2026/470

FAQ

People also ask

What is the CSDDD?
The CSDDD is the EU Corporate Sustainability Due Diligence Directive, Directive (EU) 2024/1760, often nicknamed CS3D. It requires the largest companies operating in the EU to identify, prevent, end and account for adverse human rights and environmental impacts across their own operations, their subsidiaries and their chain of activities. It is built on the OECD Guidelines and the UN Guiding Principles on Business and Human Rights. It was significantly amended by the Omnibus I package, Directive (EU) 2026/470, in force from 18 March 2026.
What does CS3D stand for?
CS3D is a common shorthand for the Corporate Sustainability Due Diligence Directive: the "3 D" refers to "Due Diligence Directive". CS3D and CSDDD are the same law, Directive (EU) 2024/1760.
Who has to comply with the CSDDD?
After Omnibus I, only the very largest companies are directly in scope: EU companies with more than 5,000 employees AND more than €1.5 billion in worldwide net turnover, and non-EU companies with more than €1.5 billion in net turnover generated in the EU. The duty applies to the ultimate parent of a qualifying group. The original 1,000-employee / €450m thresholds and the phased waves were removed.
My company is small. Does the CSDDD affect me?
Not directly, but very likely in practice. Small and mid-sized companies are not in scope themselves, but as suppliers and business partners of in-scope companies they receive due-diligence questionnaires, code-of-conduct requirements and audit requests. To limit the burden, Omnibus I added a "value-chain cap" that generally stops in-scope companies from demanding information beyond a standardised set from partners with fewer than 5,000 employees.
When does the CSDDD apply?
Member States must transpose the directive into national law by 26 July 2028. A single application date of 26 July 2029 then applies to all in-scope companies (the original phased 2027/2028/2029 waves were scrapped). The first reporting financial year starts on or after 1 January 2030, and the Commission must issue general guidelines by 26 July 2027.
What is the difference between the CSDDD, the CSRD and the EUDR?
The CSDDD is a conduct obligation: do the due diligence and fix the harms. The CSRD is a reporting and disclosure obligation: publish sustainability information. The EUDR is a product rule requiring seven commodities to be deforestation-free. They overlap but are separate laws with different scopes, triggers and deadlines.
What does the CSDDD actually require a company to do?
It requires a risk-based, OECD/UNGP-aligned six-step due diligence process: (1) embed due diligence into policies and a code of conduct, (2) identify and assess adverse impacts, (3) prevent and mitigate potential impacts, (4) bring actual impacts to an end and remediate, (5) run stakeholder engagement and a complaints mechanism, and (6) monitor effectiveness and communicate publicly.
What are the penalties under the CSDDD?
Each Member State designates a supervisory authority that can impose penalties. Fines are capped and must not exceed 3% of a company's net worldwide turnover; Omnibus I removed the original "not less than 5%" floor. The EU-wide harmonised civil-liability regime was removed, so civil liability is now left to national law.
What changed under Omnibus I?
Omnibus I (Directive (EU) 2026/470) raised the thresholds to >5,000 employees and >€1.5bn turnover, replaced the phased waves with a single 2029 date, moved effectiveness monitoring from every 12 months to at least every 5 years, removed the EU civil-liability regime, capped fines at 3% (removing the 5% floor), added a value-chain cap protecting SMEs, and significantly scaled back the standalone climate transition plan duty.
Does the CSDDD cover my whole supply chain?
It covers your "chain of activities" rather than your entire value chain: upstream business partners (design, extraction, sourcing, manufacture) plus limited downstream activities (distribution, transport, storage). It excludes product use and disposal. Omnibus I kept the focus on direct, tier-1 business partners; you go deeper only when you have plausible information of an adverse impact.

Got a due-diligence questionnaire from a customer?

You do not have to start from a blank page. Our free, plain-English tool helps you understand what is being asked and put together a proportionate, audit-ready response.

Free DD QuestionnaireCheck your scope

This is guidance, not legal advice

This is guidance to help you understand the CSDDD, not legal advice. For decisions specific to your business, confirm with the official sources we link or a qualified adviser. We cannot guarantee compliance, and you should be wary of anyone who says they can.

Sources

  1. [1]Directive (EU) 2024/1760 (CSDDD), EUR-Lexretrieved 8 Jun 2026
  2. [2]European Commission: Corporate sustainability due diligenceretrieved 8 Jun 2026
  3. [3]DLA Piper: CSDDD amendments under Omnibus I finalised (Directive (EU) 2026/470)retrieved 8 Jun 2026
  4. [4]Clifford Chance: Omnibus I concludes CSDDD and CSRD reformsretrieved 8 Jun 2026
  5. [5]Compliance & Risks: comparing key structural changes to the CSRD and CSDDDretrieved 8 Jun 2026
  6. [6]OECD Due Diligence Guidance for Responsible Business Conductretrieved 8 Jun 2026

The CSDDD Brief

Subscribe to The CSDDD Brief

We watch Brussels so you don't. Plain-English CSDDD updates the moment scope, dates or duties move.

No spam. Unsubscribe anytime.