Month: March 2026

From Regulation to Action: What the EU Due Diligence Rules Mean for Business

Posted on by lily.russelljones

March 20, 2026

_____

Rules that place greater responsibilities on firms to identify and address human rights abuses have been finalised.

After almost a year of negotiations changes to the Corporate Sustainability Due Diligence Directive (CSDDD) and Corporate Social Reporting Directive (CSRD) have become EU law.

While not without limitations, the directives represent a significant step forward.  They have the potential to drive meaningful action by companies to prevent the most severe human rights harms from occurring across value chains.

Now the real work begins. At Shift our advisors have been helping businesses get to grips with what the legislation means for them.

The good news is that both directives are grounded in the UN Guiding Principles on Business and Human Rights (UNGPs) which have been around for over 15 years. That means companies do not have to reinvent the wheel when preparing for compliance – they can benefit from a wealth of existing guidance that can help them begin identifying and addressing risks to people and planet.

This month Shift ran multiple webinars attended by hundreds of businesses from all over the world where we offered an in-depth look at the CSRD and CSDDD legislation. We will also be running an in-depth program from April-June to help businesses get to grips with CSRD. Alongside this we do extensive advisory work with companies on all aspects of human rights due diligence and reporting.

So what are the main developments businesses need to know about?

The Corporate Sustainability Due Diligence Directive

  • The directive requires businesses to identify actual and potential human rights and environmental harms caused by their operations, the operations of subsidiaries and by partners within their chain of activities.
  • Where harms to people and planet are identified companies must take steps to address these. For example, by agreeing action plans with suppliers to make sure the human rights of workers are being protected. 
  • EU companies with a net annual turnover greater than €1.5 billion and more than 5,000 employees are covered by the directive. Companies based abroad will also be covered if they have a turnover greater than €1.5 billion from their operations in the EU.
  • Over 1000 companies are expected to be in scope.  
  • Smaller companies cannot simply ignore the directive. This is because many of the business partners of the companies that are in scope will be impacted. This doesn’t mean larger companies will simply push due diligence requirements onto their suppliers. But they will need to collaborate with partners to help identify and address social and environmental impacts. 
  • EU member states have until July 2028 to translate the directive into national law and set up supervisory authorities to make sure firms are following the rules.  Firms have until July 2029 to comply. Those that don’t could be fined up to 3% of their net annual turnover.
  • The steps companies must take to identify and address risks under CSDDD mirror the expectations set out in the UN Guiding Principles on Business and Human Rights (UNGPs). This means companies already conducting due diligence in line with the UNGPs have a head start.

The Corporate Sustainability Reporting Directive

  • The directive requires companies to report on material sustainability impacts, risks and opportunities in their own operations and value chains. The detail on what companies must report is set out in the European Sustainability Reporting Standard (ESRS)
  • EU companies with a turnover of €450m or more and over 1,000 employees are covered by the legislation. These companies must publish a report that complies with CSRD in 2028 at the latest, covering the 2027 financial year.  
  • Companies based abroad will also be covered if they have a turnover greater than €450m from their operations in the EU or if they have an EU subsidiary or branch with more than €200m in annual turnover. These companies must publish a compliant sustainability report in 2029 at the latest, covering the 2028 financial year. 
  • In total about 5000 companies are expected to be covered by the directive.
  • The CSRD requires companies to report on their entire due diligence process – from how they identify impacts, to the steps they take to address them. And from details of how a company engages with affected stakeholders to how it ensures its grievance mechanisms are effective.
  • The CSRD goes beyond the CSDDD when it comes to the human rights impacts that companies must report on. This means that even if CSDDD does not require firms to take action on certain issues, CSRD may still require them to provide transparency.

What’s next?

EU Member States have until July 2028 to translate CSDDD into national law and set up supervisory authorities to check whether companies are following the rules. In the coming months the EU will also publish the final version of the ESRS, which will provide greater clarity on what information companies need to report under CSRD.   

Shift will be closely involved in this process. We work with policy makers and regulators to shape standards, and publish free resources to support businesses with implementation. We also sit on the board of EFRAG, an independent group which wrote the ESRS.

Companies have a lot to do to prepare for compliance, but it’s well worth putting the work in. Legislation influenced by the CSDDD is being considered in countries all around the world, including Switzerland, Australia, the UK, Canada, the USA, Thailand, South Korea and Indonesia.

Businesses have an obligation to step up to better protect people and planet. Drawing on more than 15 years of experience in embedding respect for human rights into business, Shift will continue to support effective implementation of these requirements – both through its public resources and its direct work with companies and other stakeholders. If you are looking to strengthen your approach, we welcome you to get in touch.