Skip to content
With the final text of the EU Corporate Sustainability Due Diligence Directive (CSDDD) now formally adopted by the European Council, the conversation has shifted from political negotiation to practical implementation.
As discussed during our recent webinar featuring Nicola Bonucci, organizations must now move beyond timeline speculation and focus on operational readiness.
While debate and amendments shaped the final compromise, the structural shift in how supply-chain risk is regulated across the EU is now confirmed.
Here are the five themes that stood out most from the webinar.
1. Regulatory Direction Is Clear — Even if Timelines Are Moving
One of the strongest messages from the webinar was that although political debate, omnibus proposals, and evolving implementation timelines have introduced uncertainty, the overall direction of travel has not changed.
Organizations should avoid interpreting delays as a signal to pause. Expectations around supply-chain transparency, human rights due diligence, and environmental oversight are still high — both within Europe and beyond.
2. The Real Challenge Is Managing Interconnected Risk
CSDDD is mainly discussed through a sustainability lens, but the webinar highlighted something broader: organizations are managing interconnected risk across human rights, environmental exposure, operational resilience, sanctions, and integrity concerns simultaneously.
This is forcing companies to rethink how risk is structured internally. Traditional siloed approaches — where ESG, compliance, procurement, and legal operate independently — are becoming increasingly difficult to sustain.
Successful programs will be those that view third-party risk as a single, integrated ecosystem rather than a collection of separate workstreams.
3. Greater Flexibility May Increase Legal Fragmentation
One of the most debated changes introduced by the “new” CSDDD is the removal of a fully harmonized civil liability regime. While Member States must still introduce civil liability frameworks, they may now do so differently.
This raises several risks, including:
- Divergent national interpretations
- Forum shopping by civil society
- Inconsistent enforcement approaches
- Differences in supervisory authority structures across countries
The original ambition was harmonization; the revised approach introduces more flexibility, and potentially more legal uncertainty for multinational organizations.
In addition, ongoing discussions show very different approaches with respect to the Supervisory Authority that each EU member should set up to monitor implementation of the CSDDD. This may also introduce discrepancies within the EU.
4. Risk-Based Due Diligence Remains Central
Despite political compromise, the risk-based approach remains at the core of CSDDD.
This means organizations are still expected to:
- Conduct robust scoping (formerly mapping) exercises
- Assess risk beyond Tier 1 suppliers
- Rely on “reasonably available information,” a concept that will likely require ongoing interpretation
While the directive no longer explicitly mandates responsible disengagement, reputational pressures, stakeholder expectations, and governance considerations will continue to influence how companies manage high-risk relationships.
5. Implementation Will Be an Operational Challenge — Not Just a Legal One
A key insight from the webinar was that compliance with CSDDD is less about drafting policies and more about operational execution.
Questions around governance ownership, resource allocation, workflow alignment, and internal adoption are likely to become bigger obstacles than regulatory interpretation itself.
Organizations that succeed will be those that build practical, repeatable processes — supported by technology, cross-functional collaboration, and clear accountability.
The Bigger Shift
Perhaps the strongest insight from the discussion is that CSDDD is accelerating an evolution already underway. The conversation is moving away from whether organizations need to conduct due diligence toward how effectively they can embed third-party oversight into everyday business operations without creating friction or slowing growth.
For many companies, that means reassessing not just policies, but the foundational way risk is managed across the organization.
Missed the live discussion or want to revisit the insights shared by Nicola Bonucci?
Listen to the full webinar recording to hear practical perspectives on what these developments mean for multinational organizations and how teams can prepare in advance of implementation milestones.