The EU Corporate Sustainability Reporting Directive (CSRD) has begun phased application with companies previously covered by the NFRD. Under Omnibus I's stop-the-clock changes, reporting by Wave 2 large undertakings and Wave 3 listed SMEs has been delayed by two years. The Corporate Sustainability Due Diligence Directive (CSDDD) entered into force in July 2024 and, after Omnibus I, is focused on very large companies, with national transposition due by 26 July 2028 and application from 26 July 2029. Even companies outside direct scope may feel the effect through European customer data requests and contract clauses.
The Basic Structure of CSRD and CSDDD — What Is Being Mandated
CSRD (Corporate Sustainability Reporting Directive) requires EU companies to disclose non-financial information in compliance with ESRS (European Sustainability Reporting Standards). ESRS covers multiple themes including climate change, biodiversity, social matters (workers, communities, etc.), and governance — requiring a broader scope of disclosure than ISSB standards.
After Omnibus I, the key CSRD/CSDDD dates are as follows.
- CSRD Wave 1: large undertakings previously covered by the NFRD report FY2024 data in 2025.
- CSRD Wave 2: large undertakings not yet reporting are delayed by two years and report FY2027 data in 2028.
- CSRD Wave 3: listed SMEs and similar companies are delayed by two years and report FY2028 data in 2029.
- CSDDD: national transposition is due by 26 July 2028, with application from 26 July 2029. Article 16 reporting measures apply for financial years starting on or after 1 January 2030.
- CSDDD scope: EU companies with at least 5,000 employees and €1.5 billion in net worldwide turnover, and non-EU companies with at least €1.5 billion in net EU turnover.
Non-EU companies with EU sales exceeding €150 million may fall under direct CSRD application. Companies approaching this threshold need to begin preparation now.
CSDDD (Corporate Sustainability Due Diligence Directive) imposes human-rights and environmental due diligence obligations across the chain of activities of in-scope companies. The scope has been narrowed compared with earlier proposals. SMEs are not directly covered, but practical burdens may still reach them through customer procurement management.
The core of CSDDD is "an obligation to address confirmed risks." When an in-scope company identifies human-rights or environmental risks in its chain of activities, it must develop and implement plans to address those risks. As part of that response, suppliers may be requested to provide information, undergo audits, or receive improvement recommendations.
Three Channels Through Which CSRD and CSDDD Reach the Supply Chain
CSRD supplier information collection
European companies are obligated to disclose emissions and social impacts across their entire value chain under ESRS standards. This cascades to suppliers in the form of questionnaires requesting activity data, ESG evaluation results, and human rights situation information. Questionnaire responses typically require information provision in EcoVadis, proprietary formats, or GRI-standard formats.
CSDDD due diligence compliance
European companies are obligated to identify, assess, and address human rights and environmental risks across their supply chains. Cases are increasing where suppliers are asked to provide information about their human rights policies, labor conditions, forced labor practices, and environmental management systems. Companies with subcontractors in emerging markets in particular may need to demonstrate awareness of second- and third-tier supplier conditions.
Additions to contract terms
Cases are increasing where new and renewed contracts with European trading partners include ESG data provision obligations, audit acceptance obligations, and contract termination clauses for failure to meet standards. Caution is required to avoid overlooking these clauses during contract review. Where ESG provisions are added, new compliance risks may emerge, requiring confirmation with legal departments.
Application Schedule and Supply Chain Impact Timeline
- 2025CSRD Wave 1
NFRD-covered companies report FY2024 data.
- 2028CSRD Wave 2 / CSDDD transposition
Large undertakings not yet reporting submit FY2027 data. CSDDD national transposition is due by 26 July 2028.
- 2029CSRD Wave 3 and non-EU companies / CSDDD application
Listed SMEs and certain non-EU companies report FY2028 data. CSDDD applies from 26 July 2029.
- 2030CSDDD reporting measures
Article 16 reporting measures apply for financial years starting on or after 1 January 2030.
The timing of impact is not determined only by legal application dates. CSRD-covered companies collect supplier data before the reporting year, and CSDDD-covered companies will prepare contract clauses and questionnaires ahead of 2029 application. Automotive parts, electronics, chemical, and steel manufacturers with many European customers should treat 2026-2028 as a preparation window for data controls and customer mapping.
Priority Actions for EU Customer Compliance
Confirm CSRD applicability status of European trading partners
Confirm which CSRD wave major European customers fall under, and forecast when supplier information collection is likely to begin. Even after the Wave 2/3 delay, data collection for FY2027/2028 reporting will begin ahead of the formal report date, so proactive contact is effective. Directly contacting the ESG procurement lead at trading partners or reviewing supplier engagement policies in their annual reports serves as the starting point for information gathering.
Build human rights due diligence infrastructure
CSDDD requirements largely overlap with national human rights DD guidance and the UN Guiding Principles. Establish the foundations of a human rights policy, stakeholder engagement, and grievance mechanisms aligned with international human rights standards. Labor conditions for migrant workers, agency labor, and emerging market suppliers are high-scrutiny areas from Western perspectives — prioritize status reviews and infrastructure development.
Prepare ESG information in English and standardize formats
Information provision to European trading partners often requires English-language responses. Advance information organization in alignment with international disclosure frameworks such as ESRS, GRI, and SASB, and build the capacity to respond centrally to questionnaires from multiple European customers. Managing internal ESG data in a standardized database reduces the cost of responding to questionnaires in different formats from multiple trading partners.
Preparing ESG Information in English — Practical Steps
The first barrier in responding to questionnaires from European customers is "providing information in English." For companies that manage CSR reports or ESG data only in a local language, the following steps are realistic starting points:
1. Create a summary English ESG report: Rather than translating the full document, produce a 1–5 page English summary covering key metrics (Scope 1, 2, 3; major social indicators; governance structure). 2. Build an ESG metrics English data sheet: Create and annually update an English data sheet aligned with GRI Content Index or SASB indicators. 3. Build a questionnaire response template database: Convert past EcoVadis, CDP, and custom questionnaire responses into an internal database that can be referenced when completing new questionnaires.
CSRD and CSDDD impacts can reach even companies with low direct EU export ratios, through global value chains. In particular, suppliers of products whose end users are in Europe — for example, Tier 2 suppliers providing components to a Tier 1 exporting to Europe — may find themselves subject to due diligence even without being a direct target of EU regulations. As European regulations are phased in between 2026 and 2030, early action represents not only compliance but an opportunity to strengthen relationships with trading partners.
