Author: Anjum Siddiqui

December 10, 2025

_____

On Monday, 8 December, EU Member States and the European Parliament reached a provisional political agreement in trilogue negotiations – together with the European Commission – on the Omnibus I process to revise both the Corporate Sustainability Due Diligence Directive (CSDDD) and the Corporate Sustainability Reporting Directive (CSRD).

The rushed and problematic Omnibus simplification process that was launched in February this year has led to significant losses in these two key Directives measured against their original objectives. The outcome represents a mixed result for companies committed to respecting human rights. Under the leadership of the Danish Presidency, the political agreement importantly preserves the core principle of risk-based due diligence in the CSDDD. Yet significant provisions were cut during the final negotiations or defeated at earlier stages – most notably major reductions in the scope of both Directives, the deletion of a requirement under the CSDDD to adopt climate transition plans, and the removal of a harmonised civil liability regime.

Core risk-based due diligence preserved

The due diligence duty in the CSDDD, as enacted in July 2024, was substantially aligned with the international due diligence standards set out in the UN Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines for Multinational Enterprises. However, the Omnibus threatened to undermine the risk-based approach – the central principle that makes sustainability due diligence meaningful in its outcomes and manageable in practice.

The political agreement preserves the core of the risk-based approach by ensuring that companies focus on the most severe and likely impacts for attention wherever they occur in their own operations, the operations of their subsidiaries or their ‘chains of activities’ (ie, their upstream supply chains and some limited downstream business relationships). They are expected to carry out a scoping exercise, based on reasonably available information, of general risk areas where impacts are most likely to occur and to be most severe, and then to conduct in-depth assessments in those areas based on the same criteria. If they need to prioritize impacts for action, they must do so in line with their severity and likelihood – as set out in the original CSDDD. This is in line with the UNGPs and OECD Guidelines.

Rejecting a Tier-1 approach: Why it matters

This is a significant result given that the initial positions of the Commission, Council and the Parliament’s Rapporteur were all in favour of constraining due diligence to ‘tier 1’ or direct business partners. Such a restriction provides only the illusion of simplification; in fact, companies would need to adopt parallel due diligence systems to meet a range of legal and non-legal demands, including from other EU and non-EU legislation and from their lenders and investors, that already require them to look across their value chains to identify severe impacts. It has taken the collective efforts of individual companies and business associations that are committed to the international standards and understand their practical value, alongside the hard work of civil society organizations and supportive policy-makers, to achieve the right result at least in this core aspect of the Directive.

Impact of the value chain cap

The so-called ‘value chain cap’ in the CSRD will allow companies that fall under the 1000 employee threshold to refuse requests for sustainability-related information from covered companies beyond information that is contained in a set of voluntary reporting standards to be developed by the Commission. Those standards will be based on an existing voluntary standard for SMEs but, according to the political agreement, must “also be proportionate to and relevant for the capacity and characteristics of the companies for which they are designed”. That group obviously extends well beyond true SMEs with under 250 employees, which indicates a need for the Commission to carefully consider what is appropriate for companies that are not SMEs. It therefore remains unclear what effect the value chain cap will have on company efforts to obtain information for the purposes of reporting (which is what the limit applies to) distinct from the purposes of doing due diligence.

The provisional agreement on the CSDDD contains a modified value chain cap. It states that covered companies should (i) ask questions of business partners only where that is “necessary” – meaning that questions should be “aimed at obtaining accurate and reliable information in particular about the nature and extent, causes, severity and likelihood” of the relevant impacts – and (ii) for business partners under 5000 employees, only where the information cannot be reasonably obtained by other means. The most sensible way for companies to implement such a provision is to always consider whether they can obtain information through more efficient means and to only ask reasonable and specific questions of business partners and avoid the use of blanket questionnaires as a normal part of their risk-based due diligence.

Major reductions in the scope of CSDDD and CSRD

In terms of the losses from the Omnibus process, the CSDDD will now apply to only the very largest companies with 5000 employees and EUR 1.5 billion net turnover, which is a very significant reduction in its scope. (Non-EU companies must have a net turnover in the EU above the same amount.) The scope of the CSRD will be restricted to the level proposed by the Council – companies with 1000 employees and a net turnover of more than EUR 450 million – and listed SMEs will be removed from coverage, leading to a dramatic reduction with estimates of up to 90% of covered companies no longer in scope. Companies will be required to continue to report on climate transition plans under the CSRD but not to create new ones under the CSDDD.

Loss of a harmonised civil liability regime

The agreement removes the harmonised civil liability regime in the original CSDDD that closely tracked the expectations of the UNGPs in requiring a causal connection as the basis for liability – a true loss for affected stakeholders and their legitimate representatives, and also for companies seeking predictability. This means that companies remain liable under national laws for non-compliance with the Directive. They may also incur administrative fines of up to 3% of their net worldwide turnover.

Other compromises in the political agreement

In other areas, the agreement seeks to strike a difficult balance between preserving the Directive’s ability to achieve its original goals of increasing protection of human rights and the environment and the stated goal of the Omnibus process to simplify EU sustainability rules for business. For example, it has increased the limitations in the CSDDD on the ability of Member States to deviate from the text regarding the core content of the due diligence duty, while recognising and respecting their ability to legislate for enhanced protection on more specific aspects, such as due diligence on specific products, services or situations. It also removes the requirement for companies to terminate business relationships where impacts cannot be addressed but does expect them to suspend the relationship when certain conditions are met.

Review clauses: Possibility of future expansion

The agreement includes a review clause in the CSDDD providing for an evaluation of the legislation in mid-2030 and every 5 years thereafter with regard to (a) the potential expansion of its scope (to cover companies with more than 1000 employees and EUR 450 million turnover) and (b) the effectiveness of its enforcement mechanisms and their protective effect for rightsholders at national level. As the Danish Presidency made clear in its announcement on the agreement, this would include reviewing the need for a harmonised EU liability regime. The political agreement also includes a review clause in the CSRD regarding an extension of scope in the future.

Next steps and implementation timeline

The agreement will be voted on by Council and Parliament in the coming days. If passed, the revised CSDDD must be transposed by Member States by mid-2028 and will come into effect from mid-2029. The Commission must publish guidance on the due diligence duty by mid-2027. The revised CSRD will apply from January 2027. For ‘wave one’ companies in scope of the current CSRD that will fall out of scope with the Omnibus changes, Member States can exempt them from reporting obligations for financial years 2025 and 2026.

A call to safeguard risk-based due diligence

There is much to regret in the Omnibus process. As attention now turns to confirmation of the political agreement in the Parliament’s Legal Affairs Committee and then in plenary and in the Council, Shift calls on policy-makers to ensure that – at the very least – the core of EU rules on sustainability due diligence and reporting remain aligned with a risk-based approach.

____________________________________________________________________________________________

Update as of 17 December 2025

On 16 December, a majority of the European Parliament in plenary session approved the political agreement on the Omnibus, including on the risk-based approach. In February, the final step will be for the Parliament and Member States in Council to approve the official version of the text.

December 03, 2025

_____

The revised European Sustainability Reporting Standards (ESRS), published by EFRAG on Wednesday, 3 December, represent the end of a nine-month effort by EFRAG to find a workable middle ground on corporate sustainability reporting in the European Union. The process has been long, detailed, and, at times, challenging. It has brought together all stakeholders with an interest in both the viability and value of corporate reporting on sustainability matters.

A risk-based approach that serves both due diligence and reporting

The revised ESRS retain the centrality of the double materiality process, with the assessment of material negative sustainability impacts focused squarely on the severity and likelihood of their effects on people and planet. This maintains the standards’ alignment with the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises. Moreover, the revised ESRS continue to recognize that the assessment of material impacts is the starting point for the assessment of a company’s financially material risks and opportunities.

The revisions to the ESRS also seek to reduce the excessive granularity of issue-by-issue analysis that characterised implementation of the original standards. They explicitly allow companies to focus their materiality assessment on areas where material impacts, risks, and opportunities are most likely to arise. And they provide latitude to conclude that an impact is manifestly material or not material without detailed assessment, where that conclusion can be justified on the basis of the impact’s evident severity and likelihood.  

This reinforces the ‘risk-based approach’ to prioritizing impacts as the process by which companies should identify their material impacts. It mirrors what we have seen in the Omnibus negotiations on the Corporate Sustainability Due Diligence Directive (CSDDD): that companies experienced in sustainability due diligence consistently emphasise the need for a risk-based process to allow them to continue focusing resources on their most significant impacts.

The importance of alignment between these two frameworks on due diligence and reporting has often been poorly understood, in part because they were developed by different EU bodies and engaged different parts of governments and businesses. As both processes now move toward completion, there is a clear opportunity to reinforce the understanding that conducting sustainability due diligence and implementing sustainability reporting are closely connected. Together, they enable a single, coherent, risk-based approach to the identification and prioritization of sustainability impacts. This should be welcomed by businesses.

A workable and meaningful balance based on constructive compromise

Looking more generally, the revisions to the ESRS achieve substantial simplification, which was the mandate for this process. That includes both a two-thirds reduction in the datapoints that have to be disclosed, and the flexibility for companies to present a coherent, streamlined narrative tailored to the sustainability impacts, risks, and opportunities that are material for their business.

Throughout the revision process, all actors involved have had to make concessions. Every stakeholder group can identify elements they would have preferred to retain, strengthen, or remove. The result is a set of standards that is acceptable to a critical mass of actors across all stakeholder groups.

However, although many changes to the standards could be agreed by all participants in the EFRAG process, some of those that remained divisive are particularly problematic.

Firstly, the extensive ‘reliefs’ granted to companies include flexibility to omit disclosures where securing the necessary information would require ‘undue cost or effort’. There are no clear guardrails or time constraints to this relief (among others), creating a risk that it becomes prone to misuse.

Secondly, changes to the social standards have removed many elements that foster comparability between corporate reports. Although the European Commission was clear that it expected EFRAG to remove voluntary datapoints, the removal of these for the non-employee workers in a company’s own workforce – who are often in a more vulnerable position than direct employees – is particularly lamentable.

Thirdly, various changes in the environmental standards are problematic in their own right, and also increase the likelihood of adverse impacts on workers and communities. This includes, for example, the loosened requirements for climate transition plans and the extensive phase-ins for reporting on substances of concern in the chemical industry.

Success hangs in the balance

The ultimate success of this revision process depends on the final ESRS enabling meaningful progress in corporate disclosures that show whether and how business practices advance the welfare of people and our planet; that support long-term business resilience; and that equip markets to incentivize and reward those outcomes.

The revised ESRS can claim still to meet that goal. However, they are weaker than they should be and opportunities have been missed in the compromises that have been reached. That claim is therefore fragile. Any move by business lobbies to further weaken their content will render it hollow.

The focus for everyone involved – including the European Commission, whose responsibility it now is to formally adopt the standards – should be to lock in what has been achieved and move forward to test the revised standards in practice. Further lessons should come from implementation, not additional debate, hypothesizing, or wordsmithing, and should be leveraged to inform the development of strong implementation guidance. That is where EFRAG should now direct its attention.