CSDDD by topic

Value Chain Mapping (Supply Chain Mapping) under the CSDDD

Last updated · 2026-06-08

Value chain mapping, sometimes called supply chain mapping, is the process of understanding who your business partners are and where the highest risks sit across your chain of activities. Under the EU Corporate Sustainability Due Diligence Directive (CSDDD), and especially after Omnibus I, this is framed as a risk-based scoping exercise rather than an obligation to map every supplier in full.

TL;DR

  • Value chain mapping (supply chain mapping) is how you understand your chain of activities and locate the highest risks.
  • Under the CSDDD this is part of step 2 ("identify and assess"), now framed as a risk-based scoping exercise.
  • Omnibus I narrowed the duty: focus on direct (tier-1) business partners, going deeper only on plausible information of an impact.
  • The CSDDD covers the "chain of activities" (upstream plus limited downstream), not the full lifecycle, so product use and disposal are excluded.
  • Practical mapping combines procurement data, supplier disclosures, and country, sector and product risk signals.
Free DD QuestionnaireCheck if you are in scope

In plain English

What value chain mapping means

Mapping means building a picture of your suppliers and other business partners, the goods and services they provide, where they operate, and which of them carry the most serious human rights and environmental risk. Omnibus I softened the original full-mapping obligation into a scoping exercise: you map enough to find where impacts are most likely and severe, then assess those priority areas in depth.

How this fits the CSDDD

Value chain mapping is the scoping stage of step 2 ("identify and assess") of the CSDDD due diligence cycle. Directive (EU) 2024/1760 Omnibus I (Directive (EU) 2026/470)

Why it matters

Why value chain mapping matters under the CSDDD

  • It is the foundation of risk assessment: you cannot prioritise impacts you cannot see.
  • It defines the scope of your due diligence, including which partners you engage and verify.
  • A risk-based scope keeps the work proportionate and defensible to supervisory authorities.
  • It feeds directly into questionnaires, audits and contractual assurances.

The detail

From "full mapping" to a "scoping exercise"

The original 2024 text leaned toward comprehensive supply-chain mapping. Omnibus I (Directive (EU) 2026/470) softened this into a risk-based scoping of where impacts are most likely and most severe, in line with the OECD approach.

In practice you start broad and shallow to understand the shape of your chain, then go narrow and deep on the priority areas the scoping reveals.

Tiers and the "chain of activities"

The CSDDD covers the "chain of activities": upstream business partners (design, extraction, sourcing, manufacture) and limited downstream activities (distribution, transport, storage). It excludes product use and disposal, and largely the financial sector's downstream.

Omnibus I kept the focus on direct, tier-1 business partners. You only go beyond direct partners when you hold plausible information of an adverse impact deeper in the chain.

Data sources and practical steps

Useful sources include your procurement and ERP data, supplier self-disclosures, country and sector risk indices, commodity and product risk signals, certifications, and credible NGO or media reporting.

Respect the Omnibus value-chain cap when gathering data from smaller partners: keep requests to partners with fewer than 5,000 employees standardised and proportionate.

For the underlying standards, see the OECD Due Diligence Guidance and the UN Guiding Principles on Business and Human Rights.

Step by step

How to approach value chain mapping

  1. List your direct (tier-1) business partners and the goods or services each provides.
  2. Attach country, sector and product or commodity risk signals to each.
  3. Run a risk-based scoping to identify where impacts are most severe and most likely.
  4. Go deeper on priority areas, and beyond tier-1 only where plausible information warrants it.
  5. Record your scoping rationale so your prioritisation is defensible.
  6. Feed the map into risk assessment, questionnaires and verification.

Watch out

Common pitfalls

  • Trying to map every supplier to the same depth instead of scoping by risk.
  • Ignoring plausible signals of harm beyond tier-1 because "we only map direct suppliers".
  • Over-collecting data from small suppliers in breach of the value-chain cap.
  • Treating the map as a one-off rather than something you refresh as the business changes.

Put it into practice

Ready to act on this? Start with our free due diligence questionnaire to see what a customer can ask you for, check whether you are directly in scope with the scope checker, score your suppliers with the risk-assessment tool, and look up any unfamiliar term in the glossary. For the full picture of the directive, read what the CSDDD is.

FAQ

Value Chain Mapping: common questions

Does the CSDDD require full supply chain mapping?
No. Omnibus I softened the original full-mapping obligation into a risk-based scoping exercise. You map enough to find where impacts are most likely and severe, focus on direct (tier-1) business partners, and go deeper only when you have plausible information of an adverse impact further down the chain.
What is the difference between value chain and chain of activities?
The CSDDD uses "chain of activities", which is narrower than a full value chain. It covers upstream business partners and limited downstream activities such as distribution, transport and storage, but excludes product use, disposal and largely the financial sector downstream.
How deep do I have to map?
Start with your direct (tier-1) partners. Go beyond them only where you hold plausible information of an adverse impact deeper in the chain. The depth is driven by risk, not by a fixed number of tiers.
What data do I need for value chain mapping?
Procurement and ERP data, supplier disclosures, country and sector risk signals, product or commodity risk, certifications and credible third-party reporting. Keep data requests to smaller suppliers standardised and proportionate to respect the Omnibus value-chain cap.

Related topics

Keep reading

supply chain risk assessment

Supply Chain Risk Assessment

A supply chain risk assessment, also called a human rights risk assessment, is how you score where adverse human rights and environmental impacts are most likely and most severe across your chain of activities. Under the EU Corporate Sustainability Due Diligence Directive (CSDDD), this assessment drives where you prioritise prevention, verification and remediation.

Read the guide →
supplier code of conduct

Supplier Code of Conduct

A supplier code of conduct sets out the labour, health and safety, environmental and anti-corruption standards your business partners must meet. Under the EU Corporate Sustainability Due Diligence Directive (CSDDD), the code is part of embedding due diligence, it is cascaded through contracts, and it must be backed by verification rather than treated as a one-time signature.

Read the guide →
due diligence process

Due Diligence Process

The due diligence process under the EU Corporate Sustainability Due Diligence Directive (CSDDD) is a six-step cycle, aligned with the OECD framework, for identifying, preventing and accounting for adverse human rights and environmental impacts. This is the cornerstone of the directive, and every other topic on this site maps onto one of its steps.

Read the guide →

Get ahead of the CSDDD

If a big customer has sent you a due diligence questionnaire, our free DDQ shows what you actually need to send. Then explore the tools and guides built for your role.

Free DD Questionnaire

This is guidance, not legal advice

This page explains how value chain mapping works under the CSDDD in plain English. It is guidance, not legal advice. For decisions specific to your business, confirm with the official sources we link or a qualified adviser. The directive is still settling after Omnibus I, so we keep this page current.

Sources

  1. [1]Directive (EU) 2024/1760 (CSDDD / CS3D), original text (EUR-Lex)retrieved 8 Jun 2026
  2. [2]Omnibus I final amending act (Directive (EU) 2026/470): CSDDD amendments finalisedretrieved 8 Jun 2026
  3. [3]Clifford Chance: Omnibus I concludes CSDDD and CSRD reformsretrieved 8 Jun 2026
  4. [4]European Commission: Corporate sustainability due diligenceretrieved 8 Jun 2026
  5. [5]OECD Due Diligence Guidance for Responsible Business Conductretrieved 8 Jun 2026
  6. [6]UN Guiding Principles on Business and Human Rightsretrieved 8 Jun 2026

The CSDDD Brief

Subscribe to The CSDDD Brief

We watch Brussels so you don't. Plain-English CSDDD updates, free.

No spam. Unsubscribe anytime.