CSDDD by topic

Human Rights Policy: What a CSDDD-Grade Policy Must Contain

Last updated · 2026-06-08

A human rights policy is a public commitment that sets out how your company respects human rights and conducts due diligence across its operations and chain of activities. Under the EU Corporate Sustainability Due Diligence Directive (CSDDD), embedding such a policy is the first step of the due diligence cycle, and it must be backed by a code of conduct and real management processes rather than left as a statement on the website.

TL;DR

  • A human rights policy is the public commitment and due diligence policy required by step 1 of the CSDDD ("embed").
  • It should be approved at board or top-management level and updated at least when there is significant change.
  • It must describe your approach to due diligence, the standards you expect, and a code of conduct for staff, subsidiaries and business partners.
  • Embedding means assigning ownership, integrating it into procurement and management systems, and training people, not just publishing a page.
  • It is closely tied to your supplier code of conduct, which cascades the same expectations to business partners.
Free DD QuestionnaireCheck if you are in scope

In plain English

What human rights policy means

Under the CSDDD, "policy" has two layers: a human rights and environmental commitment (often a standalone human rights policy or responsible business statement) and a due diligence policy describing how the company actually runs the process. Together they explain what you stand for, what you expect from people and partners, and how you embed all of this into day-to-day decisions. A code of conduct then turns those expectations into concrete rules.

How this fits the CSDDD

A human rights and due diligence policy plus a code of conduct is the core deliverable of step 1 ("embed") of the CSDDD due diligence cycle. Directive (EU) 2024/1760 Omnibus I (Directive (EU) 2026/470)

Why it matters

Why human rights policy matters under the CSDDD

  • It is the foundation of step 1 of the CSDDD: due diligence must be embedded into the company policies and management systems.
  • It signals board-level ownership, which supervisory authorities and customers will look for.
  • It gives procurement, legal and operations a single reference point for what "good" looks like.
  • A vague or unembedded policy is a common audit finding and undermines every later step.

The detail

What a CSDDD-grade human rights policy should contain

A strong policy states your commitment to internationally recognised human rights, referencing the UN Guiding Principles and the OECD Guidelines, and to the relevant environmental standards. It explains the scope (own operations, subsidiaries and chain of activities) and names the salient issues you focus on.

It then describes your due diligence approach across the six steps, sets out the standards you expect of staff and business partners (linking to your code of conduct), explains your grievance mechanism, and assigns clear responsibility, including board or top-management approval and oversight.

A template outline you can adapt

Purpose and scope; our commitment and the standards we follow (UNGPs, OECD, ILO core conventions); our salient human rights and environmental issues; how we conduct due diligence (the six steps); what we expect of business partners (link to the code of conduct); our grievance and remediation approach; governance, ownership and review cycle; and how we report.

Keep it plain-English and public. The detailed procedures can live in internal annexes, but the headline commitment should be readable by any stakeholder.

Board approval, embedding and review

The policy should be approved at the highest level so that ownership is unambiguous. Embedding means it actually changes behaviour: procurement criteria, supplier onboarding, contracts, training and incentives should all reflect it.

Under Omnibus I, the formal effectiveness review of due diligence measures runs at least every five years (and on significant change or when measures prove inadequate), so build a defined review cadence into the policy itself.

For the underlying standards, see the OECD Due Diligence Guidance and the UN Guiding Principles on Business and Human Rights.

Checklist

Human Rights Policy checklist

  • Names the international standards you commit to (UNGPs, OECD Guidelines, ILO core conventions).
  • Covers own operations, subsidiaries and the chain of activities.
  • Identifies your salient human rights and environmental issues.
  • Describes the six-step due diligence process in your own context.
  • Links to and is backed by a supplier code of conduct.
  • Sets out the grievance mechanism and approach to remediation.
  • Records board or top-management approval and a named owner.
  • States a review cycle (and triggers for ad-hoc review).

Watch out

Common pitfalls

  • Publishing a polished statement that is never embedded into procurement or contracts.
  • Omitting the chain of activities and covering only your own employees.
  • No named owner and no board sign-off, so accountability is unclear.
  • Never reviewing it, so it drifts out of date as the business and the law change.

Put it into practice

Ready to act on this? Start with our free due diligence questionnaire to see what a customer can ask you for, check whether you are directly in scope with the scope checker, score your suppliers with the risk-assessment tool, and look up any unfamiliar term in the glossary. For the full picture of the directive, read what the CSDDD is.

FAQ

Human Rights Policy: common questions

What should a human rights policy include under the CSDDD?
A commitment to internationally recognised human rights and relevant environmental standards, the scope (own operations, subsidiaries and chain of activities), your salient issues, a description of your six-step due diligence process, a linked code of conduct for business partners, a grievance mechanism, and clear governance with board or top-management approval and a review cycle.
Does the CSDDD require a separate human rights policy?
The CSDDD requires due diligence to be embedded into company policies, including a due diligence policy and a code of conduct. Many companies meet this with a dedicated human rights or responsible business policy plus the code of conduct. What matters is that the commitment is documented, owned at the top and embedded in practice.
Who should approve the human rights policy?
It should be approved at board or top-management level so that ownership and accountability are clear. Supervisory authorities and large customers will expect to see senior sign-off rather than a policy owned only by a single function.
How is the policy different from a code of conduct?
The policy is the high-level commitment and description of your approach. The code of conduct turns that into concrete rules that staff, subsidiaries and business partners must follow, and which you then verify rather than simply collect signatures for.

Related topics

Keep reading

supplier code of conduct

Supplier Code of Conduct

A supplier code of conduct sets out the labour, health and safety, environmental and anti-corruption standards your business partners must meet. Under the EU Corporate Sustainability Due Diligence Directive (CSDDD), the code is part of embedding due diligence, it is cascaded through contracts, and it must be backed by verification rather than treated as a one-time signature.

Read the guide →
due diligence process

Due Diligence Process

The due diligence process under the EU Corporate Sustainability Due Diligence Directive (CSDDD) is a six-step cycle, aligned with the OECD framework, for identifying, preventing and accounting for adverse human rights and environmental impacts. This is the cornerstone of the directive, and every other topic on this site maps onto one of its steps.

Read the guide →
human rights due diligence

Human Rights Due Diligence

Human rights due diligence (HRDD) is the ongoing process a company uses to identify, prevent, mitigate and account for how its operations and business relationships affect people. It comes from the UN Guiding Principles and the OECD Guidelines, and the EU Corporate Sustainability Due Diligence Directive (CSDDD) now makes this process a legal obligation for the largest companies, alongside environmental due diligence.

Read the guide →

Get ahead of the CSDDD

If a big customer has sent you a due diligence questionnaire, our free DDQ shows what you actually need to send. Then explore the tools and guides built for your role.

Free DD Questionnaire

This is guidance, not legal advice

This page explains how human rights policy works under the CSDDD in plain English. It is guidance, not legal advice. For decisions specific to your business, confirm with the official sources we link or a qualified adviser. The directive is still settling after Omnibus I, so we keep this page current.

Sources

  1. [1]Directive (EU) 2024/1760 (CSDDD / CS3D), original text (EUR-Lex)retrieved 8 Jun 2026
  2. [2]Omnibus I final amending act (Directive (EU) 2026/470): CSDDD amendments finalisedretrieved 8 Jun 2026
  3. [3]Clifford Chance: Omnibus I concludes CSDDD and CSRD reformsretrieved 8 Jun 2026
  4. [4]European Commission: Corporate sustainability due diligenceretrieved 8 Jun 2026
  5. [5]OECD Due Diligence Guidance for Responsible Business Conductretrieved 8 Jun 2026
  6. [6]UN Guiding Principles on Business and Human Rightsretrieved 8 Jun 2026

The CSDDD Brief

Subscribe to The CSDDD Brief

We watch Brussels so you don't. Plain-English CSDDD updates, free.

No spam. Unsubscribe anytime.