Key differences between the Corporate Sustainability Due Diligence Directive (CSDDD) and Corporate Sustainability Reporting Directive (CSRD)

The recently adopted CSDDD is the very first cross-sectoral legislation obliging the largest companies operating in the EU to identify, prevent, and address all actual and potential adverse human rights and environmental impacts throughout their operations, subsidiaries, and value chains. ?Rooted in the European Green Deal, which itself stems from the Paris Climate Agreement of the UN Climate Change Conference (COP), this directive reflects the EU's commitment to addressing climate change and sustainability comprehensively.? Besides that, companies must also adopt a transition plan to counteract climate change by coherently developing their commercial strategies to pursue the target of a 1.5°C global warming reduction. Furthermore, they are obliged to report on due diligence policies, processes, and results, as well as on the findings of their actions in dealing with these impacts.

CSDDD entities need to consider the reporting under the CSRD, which applies as of 5 January 2023, as it covers most entities under the scope of this law. ?As of 31 October 2024, nine EU member states have introduced legislation to implement the CSRD, but the laws are not yet finalised. ?Meanwhile, 15 EU member states have already adopted the approved legislation into their national laws.

The CSRD widely increases sustainability reporting scope, requiring disclosures around social and environmental risks and, correspondingly, the company's activities' impacts on social and the environment, with a focus on the new concept of double materiality. This means that companies must evaluate both the risks they are facing and the impacts they cause to society and the environment.

CSDDD and CSRD are complementary; the due diligence process under CSDDD informs a company's assessment of material risks and impacts that are then reported under CSRD. Where companies identify material impacts under CSRD, those impacts must also be covered under CSDDD. Both regulations shall be used in conjunction, referring to international standards such as the UN Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines for Multinational Enterprises.

Let us look at the key differences between the CSDDD and CSRD.

Scope of Companies

CSDDD

The CSDDD applies to three categories of companies.

First, it targets very large EU companies with over 1,000 employees and a net worldwide annual turnover exceeding EUR 450 million. It also applies to third-country companies with significant operations in the EU, specifically those generating at least EUR 450 million in turnover within the EU.

Second, the CSDDD applies to EU and non-EU companies that do not meet the thresholds above but are ultimate parent companies of groups that meet them. If the business of the parent company is to hold shares in subsidiaries without any operational or financial involvement in the subsidiaries, it may designate an operational subsidiary to fulfill due diligence obligations.

Third, it applies to companies or parent companies of groups with net worldwide turnover of more than EUR 80 million (or the equivalent EU for non-EU companies) that entered into franchising or licensing agreements with third-party undertakings where royalties surpass EUR 22.5 million and involve a common identity and common business methods.

Member States must transpose the CSDDD into national law within two years following its entry into force. The application of the Directive will be done in three stages:

• Three years after entry: Applies to EU companies and parent companies of groups with more than EUR 1.5 billion global turnover and 5,000 employees, as well as non-EU companies with more than EUR 1.5 billion turnover in the EU.
• Four years after entry: For EU companies and parent companies of groups whose global turnover is over EUR 900 million and has over 3,000 employees, as well as non-EU companies whose turnover in the EU exceeds EUR 900 million.
• Five years after entry: For all other companies that fall under CSDDD.

CSRD

The CSRD presents a phase-in for the reporting requirements of companies for the period from 2024 to 2028, according to the size and nature of the company.

1. From 2025: Large EU public interest companies or parent companies of groups that are already subject to the Non-Financial Reporting Directive (NFRD) - meaning, in particular, listed companies with more than 500 employees on EU-regulated markets - will report from the financial year starting after 1 January 2024.
2. From 2026: Large EU companies or parent companies of groups meeting two out of three criteria - over 250 employees, EUR 50 million net turnover, and over EUR 25 million on the balance sheet – will be required to report for the financial year starting after 1 January 2025.
3. From 2026 (with simplified reporting): Reporting will start for EU-listed SMEs, excluding micro-undertakings, applying simplified standards. These SMEs will be exempt from reporting requirements until 2028.
4. From 2029: Non-EU companies or parent companies with a significant presence in the EU, for example, with EUR 150 million net turnover in the EU and at least one large or listed SME subsidiary, must report for the financial year 2028, starting from 2029. Such reports are prepared by the concerned subsidiaries or branches at the group level, in accordance with the third-country standards. However, subsidiaries of global non-EU firms are exempt from reporting if their non-financial information is included in the parent company's consolidated management report in line with EU sustainability reporting standards.

These reporting requirements also apply to non-EU companies listed on EU-regulated markets, following the same thresholds and timelines as EU companies.

Value Chain Coverage

CSDDD

The CSDDD outlines companies' due diligence obligations across their own operations, subsidiaries, and business partners within their "chains of activities," a subset of value chains. Key concepts include "business partners" and "chain of activities," which are central to understanding the directive's value chain coverage.

• Business partners: Both direct partners, who have a commercial agreement with the company, and indirect partners, who carry out business operations related to the company's goods, products, or services.
• Upstream business partners: Companies must undertake due diligence for activities that are linked to the production of goods or services, such as design, extraction, sourcing, manufacturing, and transport, both by direct and indirect partners.
• Downstream business partners: Due diligence is only for activities that include the distribution, transport, and storage of products, and the partner must act “for or on behalf of” the company.
• Exclusions: The regulation does not address impacts resulting from product or service disposal by the downstream partners. It also gives an assurance that the concept of "chain of activities" will not alter the meaning of the terms "value chain" or "supply chain" under other EU legislations.
• Climate transition plans: Climate transition-related obligations are not linked with the chain of activities but rather to the scopes of greenhouse gas emissions, including the use of sold products (scope 3).

CSRD

The CSRD requires companies to report on the impacts related to their own operations, value chains, products, services, and business relationships, including their supply chains. Supply chain information is meant to be part of the value chain reporting.

• Value chain: The value chain covers all activities, resources, and relationships involved in a company's business model, right from the concept of products or services down to delivery, consumption, and end-of-life. This includes both upstream and downstream actors.
• Business relationships: Business relationships are defined as the relationships of an organisation with business partners, entities in the value chain, and other entities directly linked to its operations, products, or services. This would include indirect relationships and investments in joint ventures.
• Practical application: The companies should identify suppliers beyond Tier-1, understand how their goods and services are used and treated at end-of-life, and consider the potential impacts on affected individuals and communities.

Scope of environmental impacts

CSDDD

Companies will have to assess and address human rights as well as environmental impacts under the CSDDD. For this purpose, adverse environmental impacts are described as those deriving from violations of particular duties and prohibitions, which comprise environmental degradation resulting from violations of human rights and environmental impacts resulting from international agreements on the environment.

CSDDD connects environmental degradation to human rights by prohibiting conduct that causes impairment of land, forests, and waters in such a way as to violate human rights. The directive also enumerates duties stemming from international environmental instruments that address environmental protection, without regard to whether such may have direct human rights implications.

In practical terms, companies must assess both the environmental impacts that could lead to human rights abuses and broader environmental matters as defined by international agreements.

CSRD

Under the CSRD, companies must disclose their actual and potential impacts on sustainability matters, as well as how those issues affect the company itself, pursuant to the principle of double materiality. It involves reporting on climate change mitigation (greenhouse gas emissions from scopes 1, 2, and, where relevant, scope 3), climate change adaptation, water and marine resources, resource use, pollution, and biodiversity.

Companies conducting materiality assessments should use a list of sustainability matters to guide their analysis, although this list is not meant to replace the process of determining what is truly material to the company. The assessment considers impacts at various levels of granularity, from broad topics to specific subtopics.

Where impacts are to be assessed, organisations should consider the severity and likelihood of impacts. Severity is assessed according to three criteria: scale, referring to the size of an impact, how grave or how beneficial it is for people or the environment; scope, referring to the geographic or spread of an impact or the number of people affected; and irremediable character, referring to whether the impact can be reversed or mitigated.

Climate transition plan requirement

CSDDD

Under the CSDDD, companies are required to adopt and implement a climate transition plan in order to make their business model and strategy consistent with the goals of the Paris Agreement and the EU targets for 2050. The transition plan must include clear targets, decarbonisation actions, investments, and management's role in overseeing the transition. Companies must address exposure to fossil fuels and ensure their plans are based on scientific evidence that supports net-zero emissions by 2050.

The transition plan should be updated annually to reflect progress towards these targets, considering the complexity and constantly evolving nature of climate change. Companies are expected to use "best efforts" in pursuing the 1.5°C target with the understanding that their actions are part of broader global efforts. Regular monitoring and transparent reporting are key in ensuring a company is effectively managing its transition and mitigating risks related to climate change.

CSRD

The CSDDD is similar in its climate transition planning requirements to the CSRD. In practice, companies that already comply with the CSRD and apply the ESRS E1 standards (which focus specifically on climate change and is designed to enhance corporate transparency regarding environmental impacts) for their climate transition plans are considered to have met the CSDDD’s adoption obligation. Still, companies will have to execute their plans and update them annually to report on the progress.

For the companies belonging to a larger group, the fact that the parent company's plan covers them does not exempt them from the implementation and update in accordance with CSDDD requirements. No additional disclosure obligation beyond the disclosures under the CSRD and ESRS E1 is laid down by CSDDD. In respect of companies that are not in the scope of CSRD but are within the scope of CSDDD, the Commission may adopt sectoral reporting requirements.

Conclusion

The CSDDD and the CSRD combine to create a comprehensive framework enabling business sustainability within the EU. Large companies will have to comply with laws on human rights and the environment within their operations and value chains and will also need to engage in climate transition plans aligned with international climate goals. The CSRD, which extends the reach of sustainability reporting, complements the CSDDD in underlining the double materiality of disclosure around social and environmental risks and impacts. Together, these directives not only ensure that companies assess and mitigate risks while reporting transparently on their progress but also highlight their role as integral parts of a bigger plan – the EU Green Deal. ?By aligning with international standards, both directives promote responsible corporate behaviour and contribute to global sustainability goals.