The EU Omnibus: resetting the rules on sustainability due diligence

Back in January, the European Commission (“EC”) released the Competitive Compass in which it signalled that it would be releasing a series of “Simplification Omnibus” packages, with the first covering the areas of sustainable finance reporting, sustainability due diligence and taxonomy. This was widely interpreted to mean the EC would be proposing changes to the Corporate Sustainability Reporting Directive (CSRD), the Corporate Sustainability Due Diligence Directive (CSDDD) and the Taxonomy Regulation (EU Taxonomy).

On 26 February 2025, the EC announced further information about these proposals by way of Omnibus I (comprised of two proposed Directives impacting CSRD and CSDDD) and Omnibus II (comprised of one proposed Regulation impacting the EU Taxonomy). In this briefing, we look in particular at what Omnibus I—should it be met with agreement from the European Parliament and the Council—would entail for sustainability due diligence under CSDDD, and what this means for companies. In our next briefing we will look at the impact of Omnibus I on sustainability reporting under CSRD.

Sustainability due diligence – proposed changes to CSDDD

In the area of sustainability due diligence, Omnibus I proposes the following key changes to the CSDDD:

1. Delay to when requirements take effect: under CSDDD, Member States must adopt and publish implementing legislation by July 2026; under the proposal, this would be delayed to July 2027. Similarly, under CSDDD, the largest companies (i.e., that have more than 5,000 employees and generated a net worldwide turnover of more than EUR1.5 billion) need to comply with the requirements from July 2027; under the proposal, this would be delayed to July 2028, meaning the “first wave” and “second wave” companies under CSDDD would instead form one wave.
2. Reduction of value chain scope: whereas CSDDD requires due diligence to be done on a company’s full “chain of activities”—defined to mean most of the company’s upstream and downstream business partners^[1]—the proposal would reduce the scope to only direct (i.e., Tier 1) business partners, except where the company has “plausible information” (for example from an NGO or through media reports) that suggests an adverse impact at the level of an indirect business partner. A further reduction of the scope proposed is that companies would not need to do due diligence on direct business partners with fewer than 500 employees.
3. Extending the interval between assessments: whereas under CSDDD a company must carry out periodic assessments of their and their business partners’ operations and due diligence measures at least every 12 months, the proposal would reduce this to every five years, with a proviso that it should be done sooner, on an ad hoc basis, if risks arise in the meantime.
4. No duty to terminate contracts: whereas under CSDDD a company has a duty to terminate a contract with a business partner as a measure of last resort. The proposal removes this duty, replacing it with a requirement that a company suspend its business relationship as a last resort, while continuing to work with the supplier towards a solution.
5. Limiting stakeholder engagement: whereas CSDDD requires companies to take appropriate measures to carry out effective engagement with stakeholders, defined as certain individuals/groups “…whose rights or interests are or could be affected by the products, services and operations of the company, its subsidiaries and its business partners…”, the proposal narrows the definition of stakeholders to only those who have been directly affected. In addition, the proposal deletes two of the prescribed stages at which stakeholders are to be consulted: when deciding to suspend or terminate a business relationship or developing indicators for monitoring.
6. Watered down provision around climate transition plans: whereas CSDDD requires a company to “adopt and put into effect a transition plan for climate change mitigation”, the proposal deletes the requirement to put the plan into effect (effectively aligning CSDDD to CSRD), instead replacing this with clarification that the obligation of companies to adopt a transition plan includes outlining implementing actions, planned and taken. This can be viewed as removing a requirement on companies to ensure the plan is functioning and can be scrutinised.
7. Deletion of minimum cap for financial penalties: under the CSDDD, Member States must set financial penalties where the maximum limit must be not less than 5% of a company’s net worldwide turnover; in the proposal, this has been deleted in favour of giving discretion to Member States along with guidance to be issued by the EC.
8. Deletion of EU-wide civil liability regime: under CSDDD, Member States are required to make sure companies can be found civilly liable for damage caused when failing to comply with their obligations; in the proposal, this would be left up to Member States and their existing national laws or to implement specific liability clauses.
9. Widening the scope of maximum harmonisation: under CSDDD, Member States can “gold plate” their national implementing legislation with more stringent or specific requirements except with respect to certain provisions in CSDDD; the proposal expands the list of provisions from which Member States are not permitted to depart. This can be seen to be increasing the degree to which CSDDD is a regulatory ceiling rather than a floor.
10. Deletion of review for financial services: under CSDDD, the EC is to provide a report to the European Parliament and the Council on sustainability due diligence requirements for regulated financial undertakings with respect to the provision of financial services and investment activities; under the proposal, this has been deleted.

What this means for companies

This is an unusual, if not unprecedented, event in EU lawmaking, which comes at a time of tense geopolitical relations. It is unclear how long it will be before we know whether the proposals will take effect as formal amendments to the CSDDD. The EC’s legislative proposal will now be submitted to the European Parliament and the Council for their consideration; each body will need to reach its own position before they come together to reach an agreement. It is expected that the proposal regarding the delay to reporting for the largest companies from July 2027 to July 2028 would be approved more quickly than the remaining proposals, which could take possibly 12 to 18 months to conclude.

Notwithstanding this uncertain  regulatory backdrop, the business case for investing in appropriate, risk-based, human rights and environmental due diligence remains very strong. Why? Because the risks to companies of unknown and unaddressed human rights and environmental harms buried in their operations and supply chain remain just as real and just as serious.

Forward-thinking companies will continue to move forward with a risk-based approach (beyond Tier 1 as appropriate), guided by the UN Guiding Principles on Business & Human Rights (UNGPs). They will do so mindful of:

• The increasing litigation risks for companies in connected with human rights violations and environmental harms caused by their subsidiaries and suppliers. See our article on this here.
• The prospect of complaints about corporate human rights violations made by or on behalf of those adversely affected, to National Contact Points established by national governments under the OECD Guidelines for Responsible Business Conduct and the potentially serious reputational risks associated with such a complaint.  
• The reputational risks of being linked to corporate human rights violations by journalists or by activist NGOs and Trade Unions engaged in research, advocacy and media campaigning.
• The demands of investors and lenders who will no doubt continue to set their expectations in line with best practice (i.e. the UNGPs) and request information from their investees and borrowers accordingly.
• The importance of good human rights and environmental due diligence - which gives a company much greater visibility of its supply chain and establishes trust, transparency and strong relationships with suppliers - as an important tool for companies seeking to improve supply chain resilience against shocks of all kinds, including climate and extreme weather events, pandemic and civil unrest.

See our briefing here on "the Rise of the S in ESG" for more analysis.

For further guidance and tailored advice on the Omnibus packages, the CSDDD or anything else discussed in this briefing, please get in touch with Kerry Stares or with your usual Charles Russell Speechlys contact.

[1] Chain of activities includes activities of the company’s (i) upstream business partners related to producing goods or providing services by the company and (ii) downstream business partners related to the distribution, transport or storage of the company’s products (but not to their disposal).