CSDDD IS TAKING SHAPE:
So how's your due diligence?
At the same time, the rules are not static. The European Commission’s “Omnibus” simplification effort (launched February 2025) and late-2025 political agreements have introduced real uncertainty around thresholds, timelines, and how far into the value chain due diligence must reach.
That wonderful combination—inevitable enforcement + moving goalposts—is exactly why teams should build programs that are adaptable, evidence-based, and auditable. Toot Suite.
What CSDDD requires in practice
(the “do” part, not just the “disclose” part)
CSDDD turns supply chain sustainability due diligence into an operational requirement: companies are expected to identify, prevent/mitigate, end/minimize, and monitor adverse human rights and environmental impacts, while documenting actions taken.
A key point (and a common misconception): this is risk-based, not “audit every supplier every year.” The expectation is that companies prioritize based on severity and likelihood—while still being able to show how they escalate when credible risk signals appear deeper in the chain.
Where FRDM fits: this is exactly the kind of workflow that breaks down in spreadsheets. FRDM is designed to help teams move from “static compliance artifacts” to repeatable due diligence operations—mapping suppliers, monitoring risk, and keeping documentation organized as requirements evolve.
Enforcement is built into the law (and it won’t be optional)
Under the Directive, Member States must establish supervisory oversight: each Member State designates one or more supervisory authorities to supervise compliance under the national laws that transpose CSDDD. The enforcement toolkit is meaningful: national authorities can request information, investigate, issue compliance orders, and impose penalties; and the regime includes civil liability concepts (compensation pathways) tied to failures in due diligence.
The timeline:
what’s fixed, what’s shifting
What’s fixed in the current Directive text
The Directive is already legally in force (July 25, 2024). Member States must transpose it into national law by July 26, 2026. Application is phased in, with the first wave starting July 26, 2027, and broader application continuing through 2028 and 2029.
What’s shifting through “Omnibus” and late-2025 agreements
The Commission’s Omnibus package (Feb 2025) was explicitly designed to simplify sustainability requirements and reduce administrative burdens, including amendments touching CSDDD. And in December 2025, EU institutions reached/progressed political agreements aimed at simplifying CSRD/CSDDD requirements, including changes to thresholds and application timing.
The takeaway: even if the “who and when” shifts, the direction of travel is the same: regulators are standardizing due diligence as a baseline expectation, and enforcement capacity is being built in parallel.
How companies can prepare now (without overbuilding or guessing wrong)
Start with scope triage, but don’t stop at “are we in-scope?"
Yes, thresholds matter (and may change), but most companies will still feel the impact through customers, lenders, and EU-facing value chains—especially as suppliers face data requests and contract assurances.
Practical move: build a “CSDDD readiness profile” that covers:
- EU revenue exposure and EU entities/branches
- high-risk product lines and geographies
- supplier criticality and substitutability
- existing policies, audits, grievance channels, and remediation capacity
Map beyond tier-1 where risk is likely—not everywhere
CSDDD is risk-based. The fastest way to fail is to wait until the last minute and then launch a blanket supplier survey that everyone ignores.
Practical move: prioritize sub-tier visibility where risk is most probable (materials, regions, and processes known for labor/environmental risk).
Where FRDM fits: FRDM uses your supplier/spend data to help teams map supply chains beyond direct suppliers and focus attention where risk signals are strongest, rather than trying to boil the ocean. Please don't try to do this questionnaires. Be kind to yourself.
Define a defensible due diligence workflow (and make it repeatable)
Regulators (and stakeholders) will look for process maturity:
- what evidence you keep, and for how long
- how you identify risk
- how you decide what to do next
- how you track remediation and outcomes
Where FRDM fits: FRDM supports risk assessment, continuous monitoring, supplier engagement, and reporting/documentation so you can show an audit trail of decisions and actions.
Close data gaps early (because suppliers will be your bottleneck)
Most companies don’t lose on policy—they lose on missing or inconsistent supplier data and an inability to prove actions taken over time.
Practical move: standardize your minimum dataset (entity identifiers, facility info, upstream links where possible, certifications/audits, grievance signals, corrective action status).
Build “evidence-first” reporting—even if templates change
Whether you’re preparing disclosures (CSRD) or action-based due diligence (CSDDD), the core asset is the same: structured evidence.
Where FRDM fits: FRDM includes regulatory reporting support and customizable reporting outputs that can be tailored to evolving legislative requirements—helpful when the rules keep shifting but auditors still want receipts.
A simple north star:
be ready for enforcement
and change
CSDDD readiness is not a one-off project. It’s a capability: visibility, prioritization, action tracking, and documentation—built to survive both enforcement and iteration.If you’re building toward that, you’re already ahead.
Disclaimer: This post is for general informational purposes and is not legal advice.
Prepare
For CSDDD
Schedule time to meet with one of our subject matter experts.
