EU Corporate Sustainability Due Diligence — Council Position Overview

On 30 November 2022 the Council of the European Union adopted its general approach to the proposed Corporate Sustainability Due Diligence Directive (CSDDD). The Council text clarifies scope thresholds, phases in obligations by company size, and adjusts directors’ duties while preserving core requirements: companies must integrate human rights and environmental due diligence across their operations and value chains, implement climate transition plans, and face civil liability for harm. Multinationals should treat the Council position as the blueprint for forthcoming negotiations with the European Parliament and begin refining governance, risk assessment, and remedy frameworks as needed.

The Council proposes that EU companies with more than 1,000 employees and €300 million in global net turnover fall within scope from the directive’s entry into force, with a phased approach bringing in companies above 500 employees/€150 million turnover two years later, and high-impact sectors (textiles, agriculture, mining) above 250 employees/€40 million turnover one year thereafter. Non-EU companies meeting equivalent EU turnover thresholds are included. Member states must designate supervisory authorities with investigative and sanctioning powers; the Council highlights potential fines of up to 5% of net turnover and the ability to order remedial action.

Due diligence governance and integration

Boards must approve due diligence policies, oversee setup, and receive regular updates on risk assessments, mitigation, and remediation. The Council removes explicit director duty amendments from the Commission proposal but emphasizes that member states must ensure directors oversee setup and consider sustainability impacts in corporate strategy. Companies should embed due diligence responsibilities into board charters, risk committees, and management performance objectives. Establish cross-functional steering committees linking sustainability, compliance, procurement, legal, and human rights teams.

Due diligence policies must cover risk identification, prevention, mitigation, bringing adverse impacts to an end, and remediation. Companies should map operations and value chains, identify salient human rights and environmental risks using international standards (UNGPs, OECD Guidelines), and focus on based on severity and likelihood. Document methodologies, stakeholder engagement processes, and decision-making rationales. Integrate due diligence into enterprise risk management and internal control frameworks.

Risk assessment and engagement with teams

The Council text reinforces meaningful stakeholder engagement. Companies must consult affected teams, including workers, trade unions, communities, and indigenous peoples, when identifying and addressing risks. Develop structured engagement plans, ensure accessible communication channels, and document feedback. Use grievance mechanisms to capture early warnings; align with the UNGP effectiveness criteria (legitimate, accessible, predictable, equitable, transparent, rights-compatible, and a source of continuous learning).

Risk assessments should combine desktop research (country risk indices, NGO reports, industry benchmarks) with on-the-ground audits and supplier self-assessments. High-risk relationships may require improved due diligence, including independent assessments, site visits, and remediation plans. Track metrics such as percentage of high-risk suppliers assessed, remediation completion rates, and stakeholder satisfaction with grievance resolution.

Contractual cascading and supplier management

To manage value-chain risks, the Council supports contractual cascading—requiring suppliers to implement due diligence measures and pass them down the chain. Companies should update supplier codes of conduct, integrate due diligence clauses into contracts, and mandate compliance with international standards. Contracts should include audit rights, disclosure obligations, and termination clauses for severe breaches. Support suppliers through capacity-building, training, and incentives to improve practices rather than relying solely on punitive measures.

Develop supplier segmentation models to differentiate high-risk sectors and geographies. Implement technology platforms that collect supplier data, track corrective actions, and provide dashboards for procurement and compliance teams. Collaborate with industry initiatives (Responsible Business Alliance, Fair Wear Foundation, Responsible Minerals Initiative) to share audits and remediation data, reducing duplication and using collective use.

Remediation, civil liability, and enforcement

The Council maintains civil liability provisions: companies may be liable for damages if they intentionally or negligently fail to prevent adverse impacts caused by subsidiaries or value-chain partners, unless they can show they took appropriate measures. Legal teams should develop litigation preparedness strategies—documenting due diligence efforts, retaining evidence, and maintaining privilege protocols. Establish remediation frameworks that offer financial compensation, rehabilitation, or other remedies aligned with stakeholder needs. Track remediation outcomes and report on effectiveness.

Supervisory authorities will monitor compliance through document reviews, inspections, and cooperation with other member states. Companies should prepare compliance dossiers containing policies, risk assessments, supplier contracts, grievance data, and remediation records. Implement monitoring dashboards to track compliance indicators and prepare for potential investigations. Consider third-party assurance or certification schemes to show due diligence maturity.

Climate transition plans and alignment with CSRD

The Council retains the requirement for in-scope companies to adopt climate transition plans consistent with limiting global warming to 1.5°C. Plans must include greenhouse gas emission reduction objectives, timelines, and investment strategies. Companies should align transition plans with CSRD reporting, EU Taxonomy alignment, and science-based targets. Integrate transition progress into executive remuneration policies, as the Council encourages linking variable compensation to climate outcomes. Conduct scenario analysis, assess capital expenditure alignment, and report on progress annually.

Coordinate climate plans with broader sustainability reporting to avoid duplicative work. Use CSRD double materiality assessments to inform due diligence priorities, ensuring consistent metrics across reporting and risk management.

International considerations and trade partner engagement

Non-EU companies within scope must designate an EU representative responsible for compliance. Multinationals should assess group structures, determine which entities fall within thresholds, and assign clear accountability. Engage trade partners to explain due diligence expectations, offer training, and support remediation. Consider regional hubs for due diligence operations to address local context and regulatory requirements.

Monitor developments in other jurisdictions—such as Germany’s Supply Chain Due Diligence Act and France’s Duty of Vigilance Law—to harmonize programs and use existing controls. Harmonization reduces duplication and strengthens defenses against litigation.

Outcome testing and assurance

Internal audit should incorporate due diligence programs into audit plans, assessing governance, risk identification, mitigation effectiveness, and remediation tracking. Conduct thematic reviews on high-risk supply chains, evaluating data accuracy, contract compliance, and stakeholder engagement. Use maturity models to benchmark progress against peers and identify gaps. Establish key risk indicators (KRIs) such as number of severe incidents reported, remediation timelines, and stakeholder satisfaction.

Companies may pursue external assurance or certifications to provide confidence to regulators and investors. Align due diligence reporting with CSRD and voluntary standards like GRI and SASB. Prepare for digital reporting requirements and potential data requests from supervisory authorities.

Rollout plan

With the Council’s phased approach, companies should develop multi-year roadmaps. Immediate steps include governance updates, risk mapping refreshes, and supplier contract reviews. Within 12 months, strengthen grievance mechanisms, launch stakeholder engagement initiatives, and pilot improved due diligence in high-risk segments. By the time obligations apply, ensure remediation frameworks, reporting processes, and assurance activities are operational. Continuously monitor trilogue outcomes and national transposition measures to adjust timelines.

By embedding due diligence into corporate governance, supply chain management, and climate strategy, companies can meet emerging legal obligations, mitigate litigation risk, and respond to stakeholder expectations for responsible business conduct.

Related articles

Curated signals from the same pillar or overlapping topics.

Governance · Credibility 92/100 · December 2, 2022

Federal Reserve climate principles

The Federal Reserve’s draft climate-risk principles call on $100B+ banks to embed climate considerations into governance, risk management, data, and scenario analysis—mirroring OCC and FDIC expectations and signaling…

Governance · Credibility 92/100 · November 22, 2022

EU Gender Balance Directive — Board Diversity Implementation Guide

EU Directive 2022/2381 compels listed companies to reach board gender balance targets by 2026, requiring transparent selection processes, data-driven reporting, and rigorous oversight of talent pipelines and governance…

Governance · Credibility 73/100 · December 14, 2022

New Zealand climate disclosures

New Zealand’s FMA climate governance guidance directs climate reporting entities to embed board oversight, risk management, strong controls, and assurance planning into climate-related disclosures ahead of mandatory…

Governance · Credibility 93/100 · December 16, 2022

CSRD and Sustainability reporting

The EU's new Corporate Sustainability Reporting Directive is massive. Nearly 50,000 companies will need to report on everything from climate risk to human rights in their supply chains—with mandatory third-party…

Governance · Credibility 71/100 · November 10, 2022

U.S. DoD releases Zero Trust Strategy and Roadmap

The Pentagon is serious about zero trust. DoD's new strategy sets a 2027 deadline for achieving 'target-level' zero trust across seven pillars: identity, devices, applications, data, networks, visibility, and automation.…

Continue in the Governance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Board Oversight Governance Blueprint

  Unify Basel Committee, PRA, SEC, and ISSB oversight mandates into an auditable board governance operating model with data lineage, assurance cadences, and regulatory source packs.

• Governance, Risk, and Oversight Playbook

  Operationalise board-level governance, risk oversight, and resilience reporting aligned with Basel Committee principles, ECB supervisory expectations, U.S. SR 21-3, and OCC…

• Third-Party Governance Control Blueprint

  Deliver OCC, Federal Reserve, PRA, EBA, DORA, MAS, and OSFI third-party governance requirements through board reporting, lifecycle controls, and resilience evidence.

References

1. Corporate sustainability due diligence: Council adopts negotiating position — Council of the European Union
2. Commission proposal for a Corporate Sustainability Due Diligence Directive — European Commission
3. ISO 37000:2021 — Governance of Organizations — International Organization for Standardization