July 24, 2025
Proposed changes to EU sustainability legislation risk creating parallel due diligence systems inside companies — business must press for coherent, risk-based reform that delivers outcomes.
By Rachel Davis, Co-founder and Vice President, Shift
____
In June, the Council of Member States of the EU adopted its position on the Omnibus Directive — the legislative vehicle aimed at “simplifying” how critical laws including the EU’s Corporate Sustainability Due Diligence Directive (CSDDD) and Corporate Sustainability Reporting Directive (CSRD) will be implemented. Also in June, the European Parliament’s Rapporteur, Jörgen Warborn (EPP), released his draft proposal and the Parliament’s Shadow Rapporteurs from the other political parties have tabled their proposed amendments to Warborn’s report.
The promise of simplification — and the risk of fragmentation
While simplification for business is the stated goal of the process initiated by the European Commission with its Omnibus proposal in February this year, some of the key proposed changes by the Commission, Council and the Parliament’s Rapporteur do the opposite. Instead of reducing compliance burdens, they would splinter corporate approaches to due diligence and reporting — pushing companies to create parallel, overlapping systems to meet different requirements that drain resources, confuse priorities and undermine impactful action. That’s not simplification; it’s fragmentation.
As the EU legislative process enters a critical phase, the window to get these changes right is narrowing.
Why risk-based due diligence matters
What’s at stake is the integrity of a risk-based approach — the core methodology that has underpinned responsible business conduct for over a decade, as set out in the international standards of the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises. This approach directs companies to focus on the most severe human rights and environmental risks, wherever they occur in their value chains, drawing initially on reasonably available information to identify the areas of greatest risk to people and planet in order to prioritize where to dig deeper and focus their actions. It’s not just principled; it’s practical. It’s what leading companies are already doing to meet the expectations of investors, lenders, business customers and civil society. And it’s consistent with other current and emerging legal requirements within and beyond the EU, including on forced labor.
The CSDDD and CSRD as enacted are substantially aligned with this risk-based approach. The current Omnibus proposals would roll that alignment backwards, effectively requiring companies to operate multiple due diligence systems to meet these different expectations.
Signals of progress – but not enough
The good news is that policymakers appear to be paying some attention to these risks. We’ve seen signs of movement in both Council and Parliament: a clearer acknowledgment of the value of a risk-based approach to business, a pullback from mandatory entity-level assessments, and recognition that companies should be able to rely on reasonably available data in initial prioritization of where to focus. These signals matter — and they suggest that constructive business engagement can still help shape a better result that will simplify implementation for business while helping generate better environmental and human rights outcomes.
But we’re not there yet.
Neither the Council nor initial Parliament position address two key problems with the European Commission’s proposal. First, they all seek to mandate a narrow focus of due diligence on companies’ ‘tier 1’ business relationships – which are not necessarily where the most serious harms occur – while also requiring businesses to take a purely reactive or ‘fire-fighting’ approach to risks deeper in the supply chain. This sets up a dynamic where resources are directed away from where they’re most needed, instead of getting ahead of the real issues.
Second, they all place unreasonable constraints on the type of information companies can request from many of their business partners — restricting it to highly generic information limits the potential for meaningful due diligence and robust reporting and pushes businesses to source that data elsewhere, increasing costs and undermining relationships with business partners. While it’s legitimate to want to shield smaller business partners from excessive requests, the best way to do that is to make sure larger companies only ask them for the most meaningful information about salient risks and impacts.
Influential financial institutions like the European Central Bank have now weighed into the debate, highlighting the problems with the proposals, and a growing number of large companies and business associations are publicly raising concerns as well.
Importantly, several of the proposed amendments from the S&D, Renew and Greens groups in Parliament, and from the former EPP Shadow Rapporteur on the CSDDD, point in a much more promising direction. They are more aligned with current business practice in seeking to implement a true risk-based approach. Those proposals should be taken seriously by business in the months ahead.
A better path forward — if we keep focused on outcomes
At Shift, we’ve seen first-hand how many companies have made credible, sustained efforts to embed sustainability due diligence into their operations. That progress should be recognized and reinforced. Legislation should scale what works – not sideline it with prescriptive rules that won’t help companies meet existing expectations from lenders, investors and other stakeholders, nor direct their resources towards more impactful outcomes.
With Parliament expected to finalize its position by October and trilogue negotiations set to begin under the Danish Presidency in November, the next few months are a critical phase. This is the moment for business voices with practical experience of risk-based due diligence under the international standards to engage and help ensure what emerges is coherent, workable and grounded in reality.
At the same time, another important process is also underway — one that offers a direct and effective route to simplification.
The revision of the European Sustainability Reporting Standards (ESRS) by EFRAG – the expert body charged with advising the European Commission on corporate reporting – is currently progressing in parallel with the Omnibus process. It is expected to reduce the reporting burden on companies including through a substantial reduction in the number of data points and by simplifying language. The draft will soon be open for public comment. This effort should help address many of the concerns companies have expressed about the complexity of EU sustainability regulation. It would be counterproductive if the Omnibus process introduced complexity that the ESRS reforms are actively trying to remove.
The coming months will determine whether the EU remains committed to sustainability due diligence and reporting that drives real-world impact — or whether it sells a version of simplification that in practice fragments and complicates company efforts and undermines real-world results.