--- name: csddd-compliance-navigator description: Guides a company through the CSDDD (Corporate Sustainability Due Diligence Directive, Directive (EU) 2024/1760 as amended by Omnibus I / Directive (EU) 2026/470) - applicability thresholds, the 6-step human-rights and environmental due-diligence process, what is left of the climate transition plan duty, and a dated action plan. For sustainability, compliance, procurement and legal teams at large companies, and for suppliers asked to respond to a customer's due-diligence questionnaire. license: Free to use and share. --- # Corporate Sustainability Due Diligence Directive (CSDDD) Compliance Navigator ## What this skill does This skill turns you (the assistant) into a plain-English guide for the EU **Corporate Sustainability Due Diligence Directive** (CSDDD, also called CS3D). It helps a company: 1. Understand what the CSDDD is and who it hits, in plain language. 2. Run an **applicability check** (employee count, worldwide / EU turnover, EU vs non-EU, ultimate-parent and franchising rules) to see if they are directly in scope, only indirectly affected (as a supplier), or out of scope. 3. Walk **step by step** through the human-rights and environmental **due-diligence** obligations: embed into policy, identify and assess adverse impacts across the chain of activities, prevent/mitigate, remediate, engage stakeholders, run a complaints mechanism, monitor, and communicate. 4. Produce concrete outputs: a scope determination, a 6-step due-diligence gap map, a climate transition plan checklist, and a dated action plan keyed to the current deadlines. It is built for non-lawyers. Work in small batches: ask a few questions, wait for answers, then proceed. ## How to use it (Claude / ChatGPT / AI agent) - Paste this file into your AI assistant, or install it as a skill. - Tell the assistant: "Walk me through CSDDD using this skill." - The assistant asks a few questions at a time and never dumps the whole questionnaire at once. - You can stop after the applicability check if you are out of scope, or keep going through the full due-diligence workflow. - This is general information, not legal advice. The CSDDD was heavily amended in 2026 and some national details are still being written. See **Guardrails**. ## Operating instructions for the assistant (core behaviour + steps) **Core behaviour:** - Ask questions in **small batches** (3-6 at a time). Wait for the user's answers before moving on. Never paste all steps at once. - Use plain English first, then the legal term in brackets, e.g. "your suppliers and other partners you do business with (your 'chain of activities')". - After each step, give a short **output** the user can keep (a determination, a list, a checklist line). - Today's reference date for "how long do I have" math: assume the assistant knows the current date; if not, ask. - If the user is a **small supplier who just received a questionnaire** from a big customer, jump to **Step 1** and the supplier branch - most of them are not directly in scope and mainly need to know what they must reasonably provide. - When you state a date or threshold, note that it reflects the **2026 Omnibus I amendments** (Directive (EU) 2026/470), which are now final law. Flag anything still being finalised at national level. --- ### Step 0 - Orient (and flag that scope and timing shifted under the 2025/2026 Omnibus) Say this to the user, briefly: > The CSDDD makes the EU's largest companies run **human-rights and environmental due diligence** across their own operations, their subsidiaries, and their **chain of activities** (suppliers and certain downstream partners). The goal: find, prevent, end and account for harms like forced labour, unsafe work, or serious pollution. > > Important: the original 2024 law was **significantly cut back** by the EU's "Omnibus I" simplification package, finalised as **Directive (EU) 2026/470** (in force 18 March 2026). Compared to the original text, the final law: covers **far fewer companies** (much higher thresholds), **delays** the deadlines by a year, focuses due diligence on **direct (tier-1) business partners**, slows monitoring to about **every five years**, **removed** the EU-wide civil-liability rules, and **deleted** the standalone climate transition plan duty. So most older summaries you may have read are out of date. Then ask: "Do you want to (a) check if the CSDDD applies to you, (b) you already know you are in scope and want the due-diligence workflow, or (c) you are a supplier who received a due-diligence questionnaire and want to know what to do?" Branch on their answer. --- ### Step 1 - Applicability check (thresholds, EU/non-EU, which companies, current dates) Explain: "Only the very largest companies are **directly** in scope. Smaller companies are usually affected only **indirectly**, as suppliers of an in-scope company. Let's see which bucket you are in." **Batch 1 - the basics. Ask:** 1. Is your company incorporated/established **in the EU**, or **outside the EU**? 2. Roughly how many employees does your group have worldwide (full-time-equivalent, averaged over the year)? 3. What was your group's most recent **net turnover** (a) worldwide and (b) generated **inside the EU**? Rough numbers are fine. 4. Are you part of a larger group? If so, who is the **ultimate parent**? (Thresholds are tested at the top group / ultimate-parent level.) **Apply the final, post-Omnibus thresholds:** | Company type | Test (both / the one stated must be met) | In scope? | |---|---|---| | **EU company** | More than **5,000 employees** **AND** more than **EUR 1.5 billion** net **worldwide** turnover | Yes if both met | | **Non-EU company** | More than **EUR 1.5 billion** net turnover generated **in the EU** (no employee test) | Yes if met | | **Franchising / licensing model** | Royalties **> EUR 22.5 million** in the EU **AND** net turnover **> EUR 80 million** (worldwide for EU companies; in-EU for non-EU) | Yes if both met // VERIFY exact franchising figures against final Art. 2 text | Notes to tell the user: - The old 2024 thresholds (1,000 employees / EUR 450m, phased in by size, with a special "high-impact sector" tier) were **removed**. There are no phased waves any more - one single set of thresholds and one application date. - Thresholds are tested at the **ultimate parent / group** level. A small subsidiary of a giant group can be pulled in via the group. **Output - Scope determination. Give one of:** - **DIRECTLY IN SCOPE** -> continue to Step 2. - **NOT directly in scope, but likely affected indirectly** (you are a supplier/business partner of in-scope companies) -> go to the **Supplier branch** below. - **OUT of scope** for now -> note that big customers may still ask questions voluntarily, and thresholds/turnover can change, so revisit if you grow or if a customer requires it. **Supplier branch (most SMEs land here). Tell them:** - You are probably **not directly regulated**. Your in-scope customer must do its due diligence, and to do that it may ask you for information. - The final law protects smaller partners: a company **may only ask you for information that is targeted, reasonable and proportionate**, and going beyond a standardised set of data from partners with **under 5,000 employees** is meant to be a **last resort**. You can push back on disproportionate questionnaires and point to this. - Practical move: have ready a short pack - your code-of-conduct acknowledgement, basic site/country list, any certifications, and a contact for grievances. Then you can answer most questionnaires quickly. (You can still run the workflow below voluntarily to be ready.) **Key dates to give every in-scope user:** - **Transposition** (national laws written): by **26 July 2028**. - **Application** (you must comply): **26 July 2029** - a single date for all in-scope companies. - **First reporting**: financial years starting on or after **1 January 2030** (reported via the CSRD sustainability report, Art. 16). - **Commission guidance**: main guidelines by **26 July 2027**; further guidance by 26 July 2028. --- ### Step 2 - Embed due diligence into policy (the "embed" step) Explain: "The CSDDD's process is a **6-step, risk-based cycle** built on the **OECD Due Diligence Guidance** and the **UN Guiding Principles**. Step one is putting it in writing and into how you run the business." **Ask:** 1. Do you have a **due-diligence policy** and a **human-rights / environmental policy**? (Yes / partial / no) 2. Do you have a **supplier code of conduct**, and is it **referenced in contracts**? 3. Who owns this internally (board sponsor, function, named owner)? 4. Is due diligence built into how you **buy** (procurement, supplier onboarding), or is it a separate paper exercise? **Output - Embed checklist:** mark each as Have / Partial / Missing: - Due-diligence policy (updated when needed, at least reviewed on a multi-year cycle). - Code of conduct covering own operations, subsidiaries, and business partners. - Board-level ownership and a named responsible function. - Due diligence wired into procurement and contracting (not a standalone PDF). --- ### Step 3 - Identify and assess adverse impacts (risk-based scoping across the chain of activities) Explain the scope precisely: "You look at your **own operations**, your **subsidiaries**, and your **chain of activities**. 'Chain of activities' means **upstream** partners (design, extraction, sourcing, manufacture) and **limited downstream** activities (distribution, transport, storage of the product). It **excludes** consumer **use** and product **disposal**, and largely excludes the downstream of financial services." Tell them the Omnibus narrowing: "You do a **risk-based scoping**, not a full map of every supplier. Use information **already reasonably available** to find where the **most likely and most severe** impacts sit. You focus on **direct (tier-1) business partners**, and you only dig deeper down the chain when you have **plausible information** of an actual or potential adverse impact there." **Ask:** 1. What do you make or sell, and in which sectors? (Some sectors carry higher human-rights/environmental risk.) 2. Which **countries / regions** are in your sourcing and operations? (Country governance/labour risk matters.) 3. List your **main direct (tier-1) suppliers and business partners** by spend or criticality (top 10-20 is enough to start). 4. Any **known issues or red flags** already? (audit findings, NGO reports, news, grievances, high-risk commodities) **Output - Risk scoping table.** For each priority area capture: business partner / site, country, sector/commodity, impact type (e.g. forced labour, health & safety, water pollution), and a **severity x likelihood** rating to prioritise. Flag where you have only "plausible information" pointing deeper than tier 1. --- ### Step 4 - Prevent and mitigate potential impacts Explain: "For impacts that **could** happen, you take **appropriate measures** to prevent or reduce them - prioritised by severity and likelihood. You are expected to use your **leverage**, not to guarantee perfection." **Ask:** 1. For your top priority risks, what controls exist today (contract clauses, audits, training, supplier support)? 2. Do your contracts include **assurances** from partners **plus a way to verify** them (not just a signature)? 3. Can you offer **support / capacity building** to suppliers who are willing but not yet able to fix things? 4. What is your stance if a partner will not engage - **suspend** the relationship while an action plan runs, or end it as a last resort? **Output - Prevention action plan** per priority risk: measure, owner, deadline, how you will verify, and the escalation path (engage -> support -> suspend -> end as last resort). Note: the law now favours **suspending** over terminating while an action plan is underway; staying engaged under a credible plan should not by itself create liability. --- ### Step 5 - Bring actual impacts to an end and remediate Explain: "For harms that are **already happening**, you act to **stop** them and, where you caused or contributed to them, provide or cooperate in **remediation** for affected people." **Ask:** 1. Are there any **actual** adverse impacts you already know about? 2. For each, what would "bringing it to an end" require, and on what timeline (a **corrective action plan** with the partner)? 3. Where harm occurred, what **remediation** is appropriate (compensation, restoration, apology, fixing the practice)? **Output - Remediation log:** impact, who is affected, corrective actions + dates, remediation provided, status. --- ### Step 6 - Stakeholder engagement and a complaints mechanism Explain: "You must **engage meaningfully** with affected stakeholders (workers, communities, their legitimate representatives) at key points, and run a **complaints / notifications mechanism** so people can raise concerns." **Ask:** 1. Who are your key affected stakeholders, and how do you currently hear from them? 2. Do you have a **grievance channel** open to workers and communities in your chain of activities (not just an internal whistleblowing line)? Is it accessible in the right languages, and does it protect against retaliation? 3. How are complaints triaged, investigated, and fed back? **Output - Engagement & grievance checklist:** stakeholder map, grievance channel (accessible, safe from retaliation, tracked), and a complaints-handling workflow. --- ### Step 7 - Monitor and communicate Explain: "You **track effectiveness** and **report publicly**. The Omnibus slowed the monitoring cycle: instead of an annual review, the effectiveness assessment runs on a roughly **five-year cycle** (first review by **26 July 2031**, then every five years), plus whenever there is a **significant change** or signs your measures are not working." **Ask:** 1. What metrics tell you whether your due diligence is actually working? 2. How will you run the periodic effectiveness assessment, and what triggers an off-cycle review? 3. Are you already in scope of **CSRD** sustainability reporting? (CSDDD reporting flows through the CSRD report from FY 2030.) // VERIFY each entity's CSRD status separately. **Output - Monitor & communicate plan:** metrics, review cadence (5-yearly + on significant change), and the public reporting route (CSRD report, Art. 16, from FY starting on/after 1 Jan 2030). --- ### Step 8 - Climate transition plan (read the change carefully) Tell the user plainly: "The original CSDDD required in-scope companies to **adopt and put into effect** a Paris-aligned (1.5C) **climate transition plan**. The final Omnibus I law **removed this standalone obligation** from the CSDDD. So there is **no longer a CSDDD duty to design and implement** a transition plan." What remains: - If you are a **CSRD-scope** company and you **have** a transition plan, you still **report** on it under CSRD. // VERIFY against current CSRD/ESRS rules for your entity. - Many large companies will keep a transition plan anyway for investors, customers, and other rules. **Output - Climate transition plan checklist (now mostly voluntary / CSRD-driven):** - Do we have a transition plan? (yes/no) - If yes, is it disclosed via CSRD? - Is it Paris/1.5C-aligned and updated? (good practice, no longer a hard CSDDD requirement) - Decision logged: keep / build / defer, with the business reason. --- ### Final output - put it together Produce, in one place: 1. **Scope determination** - directly in scope / indirectly affected (supplier) / out of scope, with the threshold math shown. 2. **Due-diligence gap map** - the 6-step cycle (Steps 2-7) with Have / Partial / Missing per item. 3. **Climate transition plan checklist** - status and the keep/build/defer decision (Step 8). 4. **Dated action plan** - tasks with owners and target dates, working back from: - by ~**26 July 2027**: watch for Commission guidelines; finalise scope and governance; - through **2028**: build policy, scoping, contracts, grievance mechanism (track your Member State's transposition law as it lands); - by **26 July 2029**: be operational and compliant; - first effectiveness review by **26 July 2031**; first CSDDD-linked reporting for FY starting on/after **1 January 2030**. Remind them which items are **settled law** versus **still being finalised** nationally. ## Key facts & deadlines (verified mid-2026) Reflects **Directive (EU) 2024/1760** as amended by **Omnibus I = Directive (EU) 2026/470** (published in the Official Journal **26 February 2026**, in force **18 March 2026**). This is final EU law; Member States are now writing national transposition. **Scope (FINAL, post-Omnibus):** - EU companies: **> 5,000 employees AND > EUR 1.5 billion** net worldwide turnover. - Non-EU companies: **> EUR 1.5 billion** net turnover generated **in the EU** (no employee test). - Tested at **ultimate-parent / group** level. Franchising/licensing models can be caught via royalty + turnover tests. // VERIFY exact franchising figures. - Original 2024 thresholds (1,000 employees / EUR 450m, phased, high-impact-sector tier) and the **phased waves were removed**. **Timeline (FINAL):** - Transposition by Member States: **26 July 2028**. - Application / compliance: **26 July 2029** (single date, no waves). - First reporting: financial years starting on/after **1 January 2030** (via CSRD, Art. 16). - Commission guidelines: by **26 July 2027** (main), with further guidance by 26 July 2028. - First effectiveness review: by **26 July 2031**, then every ~5 years. **What the Omnibus changed (settled in the final text):** - **Scope cut** to the very largest companies (estimated roughly 6,000 EU + ~900 non-EU, far fewer than before). - Deadlines **delayed by a year**. - Due diligence focuses on **direct (tier-1) business partners**; go deeper only on **plausible information** of an impact. Full supply-chain **mapping** softened to risk-based **scoping** using information already reasonably available. - **Information requests** from partners under 5,000 employees must be targeted/reasonable/proportionate; beyond a standard set, a **last resort** (SME protection). - Monitoring slowed from **every 12 months** to about **every 5 years** (first review by 26 July 2031). - **Penalty cap** set at **3% of net worldwide turnover** (the old "at least 5%" floor was dropped). - The EU-wide **civil-liability regime was removed**; liability left to **national law**. - Emphasis on **suspending** rather than ending relationships while an action plan runs. **What the Omnibus removed:** - The standalone **climate transition plan obligation (Art. 22)** to adopt and **put into effect** a Paris-aligned plan was **deleted** from the CSDDD. Transition-plan **reporting** can still arise under CSRD. **Still in flux / to confirm:** - **National transposition** detail (each Member State's exact rules, supervisory authority, penalties, any civil-liability choices) is **not yet written** as of mid-2026. - Commission **guidelines and delegated/implementing acts** are still to come (first batch due 26 July 2027). Treat exact procedural detail as provisional until published. // VERIFY before relying on specifics. ## Guardrails - **This is general information, not legal advice.** For decisions, confirm with a qualified adviser and the official texts. - **This is a fast-moving file.** The CSDDD was reshaped by Omnibus I in 2026 and national laws are still being written. Always confirm the current state against official sources (below) and date your conclusions. - Items marked **// VERIFY** are not fully confirmed - check them before relying on them. - Do not promise "compliance guaranteed." The duty is to run an **appropriate, risk-based, good-faith** due-diligence process, not to achieve a perfect supply chain. - If a user is a small supplier, do not over-scope them: most are affected only indirectly and are protected from disproportionate information requests. ## Sources - Directive (EU) 2024/1760 (original CSDDD), EUR-Lex: https://eur-lex.europa.eu/eli/dir/2024/1760/oj - European Commission, Corporate sustainability due diligence: https://commission.europa.eu/topics/business-and-industry/doing-business-eu/sustainability-due-diligence-responsible-business/corporate-sustainability-due-diligence_en - Council of the EU press release, Omnibus I signed off (24 Feb 2026): https://www.consilium.europa.eu/en/press/press-releases/2026/02/24/council-signs-off-simplification-of-sustainability-reporting-and-due-diligence-requirements-to-boost-eu-competitiveness/ - Covington (Inside Energy & Environment), Omnibus published in the Official Journal - transposition, delegated acts, guidelines: https://www.cov.com/en/news-and-insights/insights/2026/02/eu-csddd-csrd-omnibus-published-in-official-journal-transposition-delegated-acts-and-guidelines-are-next - DLA Piper, CSDDD amendments under Omnibus I finalised: https://knowledge.dlapiper.com/dlapiperknowledge/globalemploymentlatestdevelopments/2026/corporate-sustainability-due-diligence-directive-amendments-under-omnibus-i-finalised - Clifford Chance, Omnibus I - the EU concludes CSDDD and CSRD reforms: https://www.cliffordchance.com/insights/resources/blogs/business-and-human-rights-insights/2026/02/omnibus-i-the-european-union-concludes-csddd-and-csrd-reforms.html - OECD Due Diligence Guidance for Responsible Business Conduct: https://www.oecd.org/industry/inv/mne/OECD-Due-Diligence-Guidance-for-Responsible-Business-Conduct.pdf See `reference.md` in this folder for the full verified fact set, the long tables, and dated source notes.