December 10, 2025
_____
On Monday, 8 December, EU Member States and the European Parliament reached a provisional political agreement in trilogue negotiations – together with the European Commission – on the Omnibus I process to revise both the Corporate Sustainability Due Diligence Directive (CSDDD) and the Corporate Sustainability Reporting Directive (CSRD).
The rushed and problematic Omnibus simplification process that was launched in February this year has led to significant losses in these two key Directives measured against their original objectives. The outcome represents a mixed result for companies committed to respecting human rights. Under the leadership of the Danish Presidency, the political agreement importantly preserves the core principle of risk-based due diligence in the CSDDD. Yet significant provisions were cut during the final negotiations or defeated at earlier stages – most notably major reductions in the scope of both Directives, the deletion of a requirement under the CSDDD to adopt climate transition plans, and the removal of a harmonised civil liability regime.
Core risk-based due diligence preserved
The due diligence duty in the CSDDD, as enacted in July 2024, was substantially aligned with the international due diligence standards set out in the UN Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines for Multinational Enterprises. However, the Omnibus threatened to undermine the risk-based approach – the central principle that makes sustainability due diligence meaningful in its outcomes and manageable in practice.
The political agreement preserves the core of the risk-based approach by ensuring that companies focus on the most severe and likely impacts for attention wherever they occur in their own operations, the operations of their subsidiaries or their ‘chains of activities’ (ie, their upstream supply chains and some limited downstream business relationships). They are expected to carry out a scoping exercise, based on reasonably available information, of general risk areas where impacts are most likely to occur and to be most severe, and then to conduct in-depth assessments in those areas based on the same criteria. If they need to prioritize impacts for action, they must do so in line with their severity and likelihood – as set out in the original CSDDD. This is in line with the UNGPs and OECD Guidelines.
Rejecting a Tier-1 approach: Why it matters
This is a significant result given that the initial positions of the Commission, Council and the Parliament’s Rapporteur were all in favour of constraining due diligence to ‘tier 1’ or direct business partners. Such a restriction provides only the illusion of simplification; in fact, companies would need to adopt parallel due diligence systems to meet a range of legal and non-legal demands, including from other EU and non-EU legislation and from their lenders and investors, that already require them to look across their value chains to identify severe impacts. It has taken the collective efforts of individual companies and business associations that are committed to the international standards and understand their practical value, alongside the hard work of civil society organizations and supportive policy-makers, to achieve the right result at least in this core aspect of the Directive.
Impact of the value chain cap
The so-called ‘value chain cap’ in the CSRD will allow companies that fall under the 1000 employee threshold to refuse requests for sustainability-related information from covered companies beyond information that is contained in a set of voluntary reporting standards to be developed by the Commission. Those standards will be based on an existing voluntary standard for SMEs but, according to the political agreement, must “also be proportionate to and relevant for the capacity and characteristics of the companies for which they are designed”. That group obviously extends well beyond true SMEs with under 250 employees, which indicates a need for the Commission to carefully consider what is appropriate for companies that are not SMEs. It therefore remains unclear what effect the value chain cap will have on company efforts to obtain information for the purposes of reporting (which is what the limit applies to) distinct from the purposes of doing due diligence.
The provisional agreement on the CSDDD contains a modified value chain cap. It states that covered companies should (i) ask questions of business partners only where that is “necessary” – meaning that questions should be “aimed at obtaining accurate and reliable information in particular about the nature and extent, causes, severity and likelihood” of the relevant impacts – and (ii) for business partners under 5000 employees, only where the information cannot be reasonably obtained by other means. The most sensible way for companies to implement such a provision is to always consider whether they can obtain information through more efficient means and to only ask reasonable and specific questions of business partners and avoid the use of blanket questionnaires as a normal part of their risk-based due diligence.
Major reductions in the scope of CSDDD and CSRD
In terms of the losses from the Omnibus process, the CSDDD will now apply to only the very largest companies with 5000 employees and EUR 1.5 billion net turnover, which is a very significant reduction in its scope. (Non-EU companies must have a net turnover in the EU above the same amount.) The scope of the CSRD will be restricted to the level proposed by the Council – companies with 1000 employees and a net turnover of more than EUR 450 million – and listed SMEs will be removed from coverage, leading to a dramatic reduction with estimates of up to 90% of covered companies no longer in scope. Companies will be required to continue to report on climate transition plans under the CSRD but not to create new ones under the CSDDD.
Loss of a harmonised civil liability regime
The agreement removes the harmonised civil liability regime in the original CSDDD that closely tracked the expectations of the UNGPs in requiring a causal connection as the basis for liability – a true loss for affected stakeholders and their legitimate representatives, and also for companies seeking predictability. This means that companies remain liable under national laws for non-compliance with the Directive. They may also incur administrative fines of up to 3% of their net worldwide turnover.
Other compromises in the political agreement
In other areas, the agreement seeks to strike a difficult balance between preserving the Directive’s ability to achieve its original goals of increasing protection of human rights and the environment and the stated goal of the Omnibus process to simplify EU sustainability rules for business. For example, it has increased the limitations in the CSDDD on the ability of Member States to deviate from the text regarding the core content of the due diligence duty, while recognising and respecting their ability to legislate for enhanced protection on more specific aspects, such as due diligence on specific products, services or situations. It also removes the requirement for companies to terminate business relationships where impacts cannot be addressed but does expect them to suspend the relationship when certain conditions are met.
Review clauses: Possibility of future expansion
The agreement includes a review clause in the CSDDD providing for an evaluation of the legislation in mid-2030 and every 5 years thereafter with regard to (a) the potential expansion of its scope (to cover companies with more than 1000 employees and EUR 450 million turnover) and (b) the effectiveness of its enforcement mechanisms and their protective effect for rightsholders at national level. As the Danish Presidency made clear in its announcement on the agreement, this would include reviewing the need for a harmonised EU liability regime. The political agreement also includes a review clause in the CSRD regarding an extension of scope in the future.
Next steps and implementation timeline
The agreement will be voted on by Council and Parliament in the coming days. If passed, the revised CSDDD must be transposed by Member States by mid-2028 and will come into effect from mid-2029. The Commission must publish guidance on the due diligence duty by mid-2027. The revised CSRD will apply from January 2027. For ‘wave one’ companies in scope of the current CSRD that will fall out of scope with the Omnibus changes, Member States can exempt them from reporting obligations for financial years 2025 and 2026.
A call to safeguard risk-based due diligence
There is much to regret in the Omnibus process. As attention now turns to confirmation of the political agreement in the Parliament’s Legal Affairs Committee and then in plenary and in the Council, Shift calls on policy-makers to ensure that – at the very least – the core of EU rules on sustainability due diligence and reporting remain aligned with a risk-based approach.
