The EU’s CSRD and CSDDD Regulations

Many large companies are already working on conducting their double materiality assessments (DMAs) and preparing their reports in compliance with the EU Corporate Sustainability Reporting Directive (CSRD). In parallel, the European Parliament has recently adopted the EU Corporate Sustainability Due Diligence Directive (CSDDD). These two directives are not mutually exclusive and are intended to be applied in tandem by companies that fall under the scope of both.

Amongst other requirements, companies under the CSRD are required to report on their material sustainability impacts, while companies under the CSDDD are required to conduct human rights and environmental due diligence (HREDD) to identify their sustainability impacts and, where adverse actual or potential impacts are identified, to take appropriate measures to prevent, mitigate and remediate them. It is expected that CSDDD compliance obligations will start in 2027 at the earliest once the directive has been transposed into national legislation.

In this article, we take a closer look at the key similarities and differences between CSRD and CSDDD in terms of HREDD requirements. We will also explain what these mean for companies’ internal processes.

The CSRD focuses on reporting, and the CSDDD also requires companies to annually report on their implementation of human rights and environmental due diligence. However, the CSDDD explicitly states that companies in scope of the CSRD do not need to produce additional reports; they can meet their CSDDD reporting obligations in the same report as required for CSRD compliance.

This is good news for resource-constrained sustainability departments already stretched thin by CSRD disclosures. Depending on the level of granularity and material issues covered in CSRD reports, CSDDD reporting may prove complementary and compatible with those efforts.

Both the CSRD and CSDDD reference the UN Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines for Multinational Enterprises (MNE Guidelines), defining “due diligence” as encompassing policies and management systems, assessing, addressing, monitoring, and reporting on sustainability impacts, as well as remediating them.

The directives align in prioritising impacts based on severity and likelihood. There is no expectation of investing equal resources in addressing all possible sustainability impacts. According to the CSDDD, companies in scope need to identify general areas of heightened risk first and focus their due diligence efforts there. Similarly, the CSRD focuses on reporting impacts that are considered the most material.

The new EU directives have brought much-needed clarity to the terminology of impacts and risks. “Impacts” refer to adverse effects, whether actual or potential, on human rights and the environment (“inside-out” perspective). In contrast, “risks” pertain to negative financial effects on the company from social and environmental issues (“outside-in” perspective). This distinction is welcomed, as some guidelines may use those two terms without this explicit clarity. For example, the UNGPs use the term “human rights risks” to denote adverse impacts on human rights, contributing to frequent misunderstandings in the industry regarding risk assessments.

What this means for businesses is that using inherent risk datasets on their own is no longer sufficient to assess impacts. While these datasets are still useful for identifying general areas where adverse impacts are most likely to occur, companies need to adopt the UNGP-aligned methodology to evaluate the severity of their impacts. This involves assessing the scope, scale and irremediability of their actual and potential impacts. For many companies, this will be a new requirement, and they may lack the technical knowledge to conduct such assessments.

The CSRD and CSDDD cover a wide range of social and environmental issues impacted by companies’ operations and value chains, including labour rights, civil and political rights, economic, social and cultural rights, climate change, pollution, nature and biodiversity, and waste. Although there are some differences in the list of social and environmental issues specifically highlighted by the two directives, they are broadly aligned.

Furthermore, the two directives explicitly link social and environmental issues, providing examples of how a company’s environmental impacts can have social consequences. The CSRD specifies that community impacts can stem from environmental matters, such as the negative impact on communities’ access to clean drinking water when withdrawing water in water-stressed areas. Similarly, the CSDDD highlights that environmental impacts can significantly affect social issues. For example, harmful soil changes, water or air pollution, harmful emissions, excessive water consumption, land degradation and deforestation can impact access to food and safe drinking water, human health and well-being.

Therefore, the main challenge for companies will be aligning their due diligence processes for social and environmental issues. More mature companies may already have separate human rights and environmental due diligence processes. Combining these into a coherent process of identifying, addressing, monitoring and remediating both social and environmental issues will be challenging and require finding common language between traditionally separate departments.

Both directives acknowledge that completely avoiding adverse impacts is an unrealistic expectation. Under CSDDD, companies are not expected to guarantee that adverse impacts will never occur. This is why the CSDDD states that it imposes an “obligation of means” (i.e. the approach to be taken) as opposed to obliging companies to achieve specific outcomes or results. Likewise, a business would not be non-compliant with its CSRD obligations simply by virtue of its sustainability report acknowledging negative impacts. 

However, where adverse impacts are, or should have been identified through a due diligence process carried out in accordance with the CSDDD, businesses will be required to take appropriate measures to prevent or adequately mitigate potential adverse impacts, or to bring actual adverse impacts to an end. Any failure to comply with these obligations (intentional or negligent) can give rise to civil liability for damages.

It will, therefore, be critical to demonstrate that robust action plans are in place. These action plans should outline appropriate measures that the company will be taking to address actual or potential adverse impacts in a manner commensurate with their underlying cause, the severity of the harm, and the degree of responsibility that sits with the company itself. For impacts occurring at other levels within the value chain, what is considered appropriate may also depend on the company’s leverage over its suppliers and other business partners.

Moreover, both directives acknowledge that some adverse impacts can only be addressed in collaboration with peers and industry groups. The CSRD specifies that companies can report on their action plans that form part of a wider initiative to which the company significantly contributes. Likewise, the CSDDD specifies that industry and multi-stakeholder initiatives can help create additional leverage to mitigate and prevent adverse impacts and allows companies to participate in such initiatives to support the implementation of their due diligence obligations.

The CSRD uses the term “value chain” to describe activities and actors beyond a company’s own operations, both upstream and downstream. The CSDDD adopts the term “chain of activities” and covers both upstream actors and some downstream actors. End-to-end value chain mapping, from raw materials to own operations and beyond, is, therefore, critical for compliance with both regulations. This does not require full traceability of every single actor in all tiers but does require sufficient granularity to identify the most salient human rights and environmental issues for due diligence and reporting – and, importantly, for identifying all adverse impacts where businesses will have some form of prevention or remediation obligation.

Mapping value chains is complex. However, the investment in unpacking value chains for CSRD will pay off when it comes to CSDDD compliance.

While the similarities between CSRD and CSDDD are evident, there are some important differences, which means that companies in compliance with CSRD would not automatically be able to claim full compliance with CSDDD. Similarly, companies that are already conducting human rights and environmental due diligence in their operations and supply chains may not have sufficient data to prepare a CSRD-compliant report.

Although in theory the double materiality assessment required under CSRD should be sufficient to identify priority areas for human rights and environmental due diligence for CSDDD, in reality, many companies are still figuring out how to properly conduct their DMAs. It is likely that initial DMAs may adopt a very high materiality threshold for reporting, which means that some adverse impacts could be excluded from a CSRD-compliant report and HREDD processes.

As described above, CSDDD does acknowledge prioritisation, but it also requires that companies address less severe and less likely impacts after they have dealt with their most severe and most likely impacts. Therefore, there is no materiality threshold in CSDDD – only prioritisation and sequencing of actions.

The two regulations have distinctly different coverage of downstream value chains. Specifically, the CSDDD covers distribution, transport and storage of a product but excludes end-users and product disposal, while the CSRD requires detailed disclosure on social issues relevant to consumers and end-users.

The narrower scope of the CSDDD does not override CSRD reporting obligations for the downstream part of the value chain, though companies only need to report on issues relevant to consumers and end-users if identified as material through the DMA exercise.

CSRD requires reporting not only on impacts on people and the environment but also on financial risks and opportunities. This means that companies will need to combine their traditional ESG data with financial data, including cash flows, investment plans and sources of funding.

Therefore, creating a CSRD-compliant report will require close collaboration between the Sustainability and Finance functions of the business. In contrast, the CSDDD adopts only the “inside-out” perspective and does not require the identification and assessment of financial risks and opportunities.

The CSDDD introduces requirements for companies to review their purchasing practices, particularly when contracting with small and medium-sized enterprises (SMEs). This aims to guarantee that HREDD responsibilities are shared equally between contract parties, thereby preventing purchasers from outsourcing their HREDD obligations – and the costs thereof – to value chain partners. Additionally, this is also intended to manage undue burden on smaller suppliers. In contrast, the CSRD mentions contractual arrangements only in the context of obtaining the necessary upstream and downstream value chain information but does not specify the principles of risk sharing.

This CSDDD requirement could significantly impact Procurement and Legal departments, which may need to review, amend and renegotiate some of their supplier contracts, as well as modify their purchasing and distribution practices, to comply with CSDDD. Companies will also need to support their suppliers, particularly SMEs, in meeting contractual HREDD obligations, including through capacity-building and financial support.

Bringing together operational, legal, financial, and regulatory expertise, KPMG’s ESG team is well placed to support you across all aspects of your sustainability challenge – from reporting, through to diligence and the implementation of sustainability strategies. In particular, KPMG’s Sustainable Supply Chain team is equipped to support your journey in human rights and environmental due diligence, ensuring compliance with CSRD and CSDDD requirements. We have the technical expertise and tested methodologies to assist you in designing HREDD processes that integrate seamlessly into your existing procurement and supplier management programmes.