Skip to main content

The Corporate Sustainability Due Diligence Directive: A Step Towards Stronger Human Rights and Environmental Practice

Posted on May 14, 2024

Shavana Haythornthwaite
Shavana Haythornthwaite
Head of Human Rights and Conflict Zones
Arthur Carabia
Arthur Carabia
Director, ESG Policy Research
Melissa Chase
Melissa Chase
Editorial Manager, ESG and Sustainable Finance

Key Insights:

  • The CSDDD is a regulatory step up compared to the EU’s other corporate sustainability reporting regimes, requiring companies to identify, prevent, mitigate, and account for adverse environmental and human rights impacts in their operations and value chains.
  • Under the CSDDD, companies must implement a transition plan for climate change mitigation that considers scope 1, 2 and 3 emissions and review it annually. 
  • The CSDDD raises investee companies’ awareness of their impact on environmental and human rights issues and the actions needed to mitigate them. And for the large investors and asset owners obliged to execute transition plans, it will impact their financial product offerings and holdings, as well as the rest of the financial ecosystem.


On April 24, 2024, the plenary of the European Parliament approved the Corporate Sustainability Due Diligence Directive (CSDDD) following the Council of the European Union’s (the Council) agreement of the text in March 2024. The journey to the parliament’s approval was not a smooth one. It was the product of extensive negotiations on the content and scope of the CSDDD. Nonetheless, the EU took another step toward strengthening rules for large companies domiciled in the EU and beyond, to perform human rights and environmental due diligence on the entirety of their operations, subsidiaries and value chains. It also mandates the adoption and the execution of transition plans aligned with the objective of limiting global warming to 1.5-degree Celsius above pre-industrial levels.

In this article, Morningstar Sustainalytics’ ESG policy and human rights experts answer questions regarding this key sustainability reporting regulation. 

Melissa Chase: What is the CSDDD and how does it differ from the Corporate Sustainability Reporting Directive (CSRD)?

Arthur Carabia: While complementary to the CSRD, the CSDDD constitutes a significant regulatory step up: it mandates the execution of certain sustainability practices, while the CSRD requires the reporting of sustainability risks and impacts. The CSRD expands and standardizes sustainability reporting requirements for companies, obliging them to publish material information related to environmental and social impacts. 

In contrast, the CSDDD mandates companies to identify, prevent, mitigate, and account for adverse environmental and human rights impacts in their operations and value chains. Additionally, there is an expectation that data needed for reporting on CSRD topics will also support companies to meet the CSDDD requirements. In practice, companies based in or operating in the EU may be mandated to comply with both legislations. 

MC: What companies fall within the scope of the CSDDD?

AC: As a result of changes made in the final stages of the negotiation process, fewer companies than originally envisaged fall directly in scope. However, many companies and investors may still be affected by the CSDDD through a business relationship. 

In terms of a timeline, the CSDDD will be rolled out in phases in the three to five years after it enters into force. The application of the CSDDD extends to the following:

  • EU companies with more than 1,000 employees on average and a net global turnover of more than EUR 450 million, or an ultimate parent company of a group that reaches such thresholds.
  • Non-EU companies with a net turnover of more than EUR 450 million in the EU/European economic area (EEA), or an ultimate parent company of a group that reaches such thresholds.

There are also defined thresholds included in the CSDDD, for example, for licensing and franchising models on issues such as royalties. 

MC: Is the financial sector captured under the CSDDD? 

Shavana Haythornthwaite: Yes, partially. Regulated financial undertakings that meet the thresholds are in scope. However, the required due diligence on the chain of activities does not include downstream business partners that are receiving financial services and products. Only the upstream part of their chain of activities is covered. The CSDDD includes a review clause, which will take effect two years after the regulation enters into force. This will allow for the possible future inclusion of due diligence requirements for the financial services sector. Finally, it is important to stress that financial undertakings fall under the obligation to execute a transition plan.

MC: What are the human rights and environmental due diligence requirements of the CSDDD?

SH: The CSDDD essentially crystallizes voluntary sustainability reporting frameworks, such as the UN Guiding Principles on Business and Human Rights (UNGP), into hard law. Under the CSDDD, the onus will be on companies to undertake risk-based human rights and environmental due diligence to prevent and manage adverse impacts. Company actions include, but are not limited to the following:

  • Implementing robust human rights and environmental policies.
  • Implementing a comprehensive risk management systems. 
  • Implementing remediation frameworks that effectively address adverse human rights and environmental impacts.
  • Creating strong grievance mechanisms.
  • Conducting stakeholder engagement.

The due diligence requirements will apply not only to a company’s own operations, but also to its business partners and a company’s chain of activities. These requirements are indicative of the CSDDD’s expansive approach to what it views as the value chain and will undoubtedly lead to more companies being impacted than initially assumed. Per the CSDDD, a chain of activities includes:

  • Upstream business partners — including direct and indirect suppliers — involved in the production of goods or the provision of services by the company. This could include, for example, extraction, planning, sourcing, manufacturing, transporting, storage and supply of raw materials or products/product parts, or the development of the product or the service. 
  • Downstream business partners carrying out activities for or on behalf of the company related to the distribution, transport, and storage of the product.

Currently within the financial sector, the CSDDD applies only to the upstream supply chains of regulated financial institutions. Although the downstream is excluded, there is still the possibility of inclusion of the financial sector in the future.

The CSDDD is very clear as to member states’ responsibility to respect and protect human rights and the environment under international law, essentially codifying the obligations outlined in existing treaties. Significant reference is made to a wide array of international treaties and conventions of note. These include those relating to human rights, such as the International Covenant on Civil and Political Rights, and the Universal Declaration of Human Rights, as well as those pertaining to environmental issues, such as the 1992 Convention on Biological Diversity and the Aarhus Convention on Access to Information, Public Participation in Decision-making and Access to Justice in Environmental Matters, to name a few.

There is also recognition of the inherent entwinement of adverse human rights and environmental impacts; for example, as it relates to corruption and bribery. Companies seeking to implement the requirements should also consider the 2023 updates of the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct1 which contain recommendations on how enterprises should conduct due diligence.

MC: What are the transition plan requirements?

SH: As far as climate change transition plans are concerned, the CSDDD will require companies to implement and review on an annual basis a transition plan for climate change mitigation that considers scope 1, 2, and 3 GHG emissions. A company would be required to ensure harmony between its strategy and the transition to a sustainable economy. Company strategy should also align with the Paris Agreement goal to reduce global warming to 1.5 degrees Celsius and with the EU's climate targets for 20302 and 2050.3 Companies that report a transition plan under CSRD are deemed compliant with the adoption obligation. However, it is worth noting that the CSDDD extends further than the CSRD and requires companies to put the plan into effect.

MC: How will it be enforced?

AC: Another impactful feature of the CSDDD is that it mandates each member state to designate a supervisory authority. This authority will be responsible for monitoring compliance with the CSDDD’s due diligence obligations. Supervisory authorities will receive substantiated concerns from the public through seamless and accessible processes and will have the ability to initiate inspections and investigations. 

The CSDDD requires member states to implement “effective, proportionate, and dissuasive” penalties for non-compliance, including maximum fines not less than 5% of the company’s net global turnover.4 The European Commission will also establish a European Network of Supervisory Authorities mandated to guarantee collaboration and coordination between supervisory authorities.

On liability, member states are obliged to create a cause of action that allows claimants to hold companies liable for damages caused to a natural or legal person5 subject to the requirements that the company:

  1. Intentionally or negligently failed to comply with its CSDDD due diligence obligations affecting one of the rights/prohibitions/obligations aiming to protect that person listed in the legislation. 
  2. As a result, damage was caused to a natural or legal person’s rights. 

Under the CSDDD, companies cannot be subjected to civil liability for damage caused only by the company’s business partners, though if damage was caused jointly by the company and its business partner, they shall be jointly and severally liable. Member states will have the discretion to decide the conditions under which trade unions, non-governmental organizations or national human rights institutions could commence actions on behalf of victims.

MC: What does the CSDDD mean for investors?

SH: The CSDDD raises investee companies’ awareness of their impact on environmental and human rights issues and the actions needed to mitigate them. It also raises the bar, creating more scrutiny and potential financial and reputational risks for entities that are non-compliant. Investors should therefore consider strengthening active ownership strategies and engage with investee companies on their human rights and environmental practice, policies and procedures to ensure that they meet their new obligations. In this sense, investors will need to develop systematic investor human rights and environmental due diligence processes to identify engagement and investment opportunities.

The CSDDD will also directly require large investors and asset owners to execute transition plans. This will impact their financial product offerings and holdings, as well as the rest of the financial ecosystem. 

Finally, though investment and lending activities are currently exempt from the CSDDD’s due diligence obligations, we anticipate the possible inclusion of the financial sector into the scope of the law over the next two years. In the meantime, member states may add the investment industry back into the legal scope when implementing their own domestic legal frameworks.

MC: What are the next steps for the CSDDD?

AC: The CSDDD final text will be formally adopted by the Council before being published in the Official Journal of the EU and entering into force 20 days later. The CSDDD will most likely start to apply in mid-2027.

The status of the CSDDD as a directive and not a regulation means that it will now need to be transposed into the domestic legal frameworks of EU and EEA member states before its application to companies. Whilst member states are prohibited from implementing national laws that stray from the CSDDD text, some member states may – and should – in fact see this as an opportunity to create legal provisions that are even more rigorous than the CSDDD. In this respect, the provisions of the CSDDD should be viewed as minimum due diligence obligations. The transposition by member states will need to be done within two years upon the CSDDD’s entry into force. Germany and France have already rolled out similar initiatives (see Table 1 below) and will need to update local rules.

Table 1. Comparison of the CSDDD to Due Diligence in France and Germany

 France - Duty of VigilanceGermany - Supply Chain ActEU CSDDD


Companies with at least 5,000 employees in France or 10,000 employees in France and abroad 


Approx. 260 companies


Companies with at least 1,000 employees in Germany


Approx. 4,000 companies


Companies with at least 1,000 employees and EUR 450m net turnover or EUR 450m net turnover in EU


Approx. 5,500 companies

Financial sector included

Partial (upstream)

Due diligence on human rights and environment required

Execution of transition plan required



Civil liability regime




Up to 2% of turnover

Up to 5% of turnover


In application

In application


Source: Compiled by Morningstar Sustainalytics. For informational purposes only. 

Leveraging Morningstar Sustainalytics’ Research and Data

Morningstar Sustainalytics offers a suite of ESG business involvement screening solutions to support investors in aligning portfolios with expected human rights and environmental practices. Our research and analysis covers:  

For investors looking to implement due diligence on adverse impacts in their investment process and determine suitable thresholds, our client advisors are well positioned to provide relevant research.



  1. OECD. 2023. "2023 update of the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct."
  2. The EU’s 2030 goal is to reduce net greenhouse gas emissions by at least 55% from 1990. For details visit
  3. The EU’s 2050 goal is to achieve climate neutrality. For details visit
  4. European Commission. 2022. Directive of the European Parliament and the Council on Corporate Sustainability Due Diligence and amending Directive (EU) 2019/1937. February 22, 2022.
  5. Natural person is a “living human being,” while a legal person is defined as a “legal person is a human or a non-human legal entity that is treated as a person for legal purposes.” For more details visit and
  6. Morningstar Sustainalytics. "Compliance & ESG Screening Solutions."

Recent Content

On the Materiality of Corporate Governance: Themes, Applications and Best Practices

In this article, we explore topical themes on corporate governance in detail, including director independence and experience, board diversity, voting proportionality and remuneration programs.

Map showing Saudi Arabia and Turkey with pins

On Location: ESG Engagement in Turkey and Saudi Arabia

Our Stewardship Team shares insights from a recent company engagement trip. Learn about the ESG-related progress being made by companies in Turkey and Saudi Arabia.

The Corporate Sustainability Due Diligence Directive: A Step Towards Stronger Human Rights and Environmental Practice

In this overview, discover the key elements of the Corporate Sustainability Due Diligence Directive and what this EU regulation means for addressing social and environmental issues supply chains.

The Stockholm Stewardship Roundtable: A Practitioner’s Notes on Managing Investor Engagement Today

As concerns about greenwashing grow, investors focus on ensuring their portfolio companies uphold sustainability pledges and generate long-term value. Active ownership through strategic engagement is pivotal in driving sustainable practices.