CSDDD by topic

The Due Diligence Process: The CSDDD Six-Step Cycle Explained

Last updated · 2026-06-08

The due diligence process under the EU Corporate Sustainability Due Diligence Directive (CSDDD) is a six-step cycle, aligned with the OECD framework, for identifying, preventing and accounting for adverse human rights and environmental impacts. This is the cornerstone of the directive, and every other topic on this site maps onto one of its steps.

TL;DR

  • The CSDDD due diligence process is a six-step, OECD-aligned cycle.
  • The steps: embed, identify and assess, prevent and mitigate, bring to an end and remediate, engage and complaints, monitor and communicate.
  • It is risk-based: you prioritise the most severe and likely impacts.
  • Omnibus I focused it on direct (tier-1) partners, with deeper work triggered by plausible information.
  • Effectiveness assessment moved from every 12 months to at least every five years.
Free DD QuestionnaireCheck if you are in scope

In plain English

What due diligence process means

Due diligence here means an ongoing, risk-based management process, not a transactional check. It mirrors the OECD Due Diligence Guidance so closely that companies already using the OECD cycle are largely aligned. The CSDDD makes the cycle a legal duty for the largest companies and clarifies how it applies across own operations, subsidiaries and the chain of activities.

How this fits the CSDDD

This is the CSDDD due diligence cycle itself, set out in Directive (EU) 2024/1760 and amended by Omnibus I (Directive (EU) 2026/470). Directive (EU) 2024/1760 Omnibus I (Directive (EU) 2026/470)

Why it matters

Why due diligence process matters under the CSDDD

  • It is the central obligation of the CSDDD: in-scope companies must run this cycle.
  • It provides a single structure that organises policy, assessment, action, remediation, grievance and reporting.
  • It is the reference framework customers use when they push expectations onto suppliers.
  • Understanding the cycle makes every other due diligence task easier to place and prioritise.

The detail

Step 1 - Embed due diligence into policies

Integrate due diligence into your policies and management systems, with a due diligence policy and a code of conduct for staff, subsidiaries and business partners.

This is where your human rights policy and supplier code of conduct live, with board-level ownership.

Step 2 - Identify and assess adverse impacts

Run a risk-based scoping exercise to map your chain of activities, then assess actual and potential human rights and environmental impacts in priority areas.

This is your value chain mapping and supply chain risk assessment, combining country, sector and product risk.

Step 3 - Prevent and mitigate potential impacts

Develop and implement prevention and mitigation action plans, seek contractual assurances backed by verification, and support business partners with capacity building.

Audits and questionnaires verify that preventive measures are working.

Step 4 - Bring actual impacts to an end and remediate

Where impacts are already occurring, take measures to end or minimise them and provide or cooperate in remediation for those harmed.

Omnibus I emphasises suspending relationships and running action plans rather than immediate termination.

Step 5 - Stakeholder engagement and complaints

Engage meaningfully with affected stakeholders and operate a complaints and notification mechanism so concerns can be raised and addressed.

Grievance data is also an input into assessment and monitoring.

Step 6 - Monitor and communicate

Assess the effectiveness of your measures and report publicly on your due diligence.

Under Omnibus I this effectiveness assessment runs at least every five years (and on significant change or when measures prove inadequate), rather than every 12 months. Reporting flows through the CSRD report.

For the underlying standards, see the OECD Due Diligence Guidance and the UN Guiding Principles on Business and Human Rights.

Step by step

How to approach due diligence process

  1. Embed due diligence into policies and a code of conduct.
  2. Identify and assess actual and potential adverse impacts (risk-based scoping).
  3. Prevent and mitigate potential impacts.
  4. Bring actual impacts to an end and remediate.
  5. Run stakeholder engagement and a complaints mechanism.
  6. Monitor effectiveness and communicate publicly.

Watch out

Common pitfalls

  • Running the steps once and treating due diligence as a project rather than an ongoing cycle.
  • Skipping prioritisation and trying to treat every impact equally.
  • Forgetting remediation, which is a duty when you have caused or contributed to harm.
  • Letting monitoring lapse because the formal review is only every five years.

Put it into practice

Ready to act on this? Start with our free due diligence questionnaire to see what a customer can ask you for, check whether you are directly in scope with the scope checker, score your suppliers with the risk-assessment tool, and look up any unfamiliar term in the glossary. For the full picture of the directive, read what the CSDDD is.

FAQ

Due Diligence Process: common questions

What are the six steps of the CSDDD due diligence process?
Embed due diligence into policies; identify and assess actual and potential adverse impacts; prevent and mitigate potential impacts; bring actual impacts to an end and remediate; run stakeholder engagement and a complaints mechanism; and monitor effectiveness and communicate publicly.
Is the CSDDD due diligence process the same as the OECD framework?
It is closely aligned. The CSDDD deliberately mirrors the OECD Due Diligence Guidance six-step cycle, so companies already following the OECD approach are largely on track. The CSDDD adds legal force and clarifies scope for the largest companies.
How often must I review my due diligence?
Omnibus I changed the effectiveness assessment from every 12 months to at least every five years, plus when there is significant change or when measures prove inadequate. Day-to-day monitoring still continues; it is the formal effectiveness review whose minimum frequency changed.
Does the process apply to my whole supply chain?
It applies to your chain of activities, with Omnibus I focusing on direct (tier-1) business partners. You go beyond direct partners only when you hold plausible information of an adverse impact deeper in the chain.

Related topics

Keep reading

oecd due diligence guidance

OECD Due Diligence Guidance

The OECD Due Diligence Guidance for Responsible Business Conduct is the international standard that the EU Corporate Sustainability Due Diligence Directive (CSDDD) is built on. It sets out a practical, six-step process for managing human rights, labour, environmental and governance impacts, and the CSDDD deliberately mirrors it.

Read the guide →
human rights due diligence

Human Rights Due Diligence

Human rights due diligence (HRDD) is the ongoing process a company uses to identify, prevent, mitigate and account for how its operations and business relationships affect people. It comes from the UN Guiding Principles and the OECD Guidelines, and the EU Corporate Sustainability Due Diligence Directive (CSDDD) now makes this process a legal obligation for the largest companies, alongside environmental due diligence.

Read the guide →
value chain mapping

Value Chain Mapping

Value chain mapping, sometimes called supply chain mapping, is the process of understanding who your business partners are and where the highest risks sit across your chain of activities. Under the EU Corporate Sustainability Due Diligence Directive (CSDDD), and especially after Omnibus I, this is framed as a risk-based scoping exercise rather than an obligation to map every supplier in full.

Read the guide →

Get ahead of the CSDDD

If a big customer has sent you a due diligence questionnaire, our free DDQ shows what you actually need to send. Then explore the tools and guides built for your role.

Free DD Questionnaire

This is guidance, not legal advice

This page explains how due diligence process works under the CSDDD in plain English. It is guidance, not legal advice. For decisions specific to your business, confirm with the official sources we link or a qualified adviser. The directive is still settling after Omnibus I, so we keep this page current.

Sources

  1. [1]Directive (EU) 2024/1760 (CSDDD / CS3D), original text (EUR-Lex)retrieved 8 Jun 2026
  2. [2]Omnibus I final amending act (Directive (EU) 2026/470): CSDDD amendments finalisedretrieved 8 Jun 2026
  3. [3]Clifford Chance: Omnibus I concludes CSDDD and CSRD reformsretrieved 8 Jun 2026
  4. [4]European Commission: Corporate sustainability due diligenceretrieved 8 Jun 2026
  5. [5]OECD Due Diligence Guidance for Responsible Business Conductretrieved 8 Jun 2026
  6. [6]UN Guiding Principles on Business and Human Rightsretrieved 8 Jun 2026

The CSDDD Brief

Subscribe to The CSDDD Brief

We watch Brussels so you don't. Plain-English CSDDD updates, free.

No spam. Unsubscribe anytime.