Omnibus I-Update and practical implementation of the CSDDD

With Omnibus I, the EU aims to further harmonise reporting and due diligence obligations under the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD). 

On 24 February, the Council of the European Union approved the Omnibus Package I, which was published in the Official Journal of the European Union on 26 February 2026. The Directive officially entered into force on 18 March 2026.
What exactly do the requirements entail, and what relief and support measures are available? We will guide you step by step through the due diligence process in accordance with the Corporate Sustainability Due Diligence Directive (CSDDD) and show you which requirements are in place – particularly in relation to cooperation with small and medium-sized enterprises (SMEs). German companies that already comply with the provisions of the Supply Chain Due Diligence Act are well positioned.

Requirements of the CSDDD

The Corporate Sustainability Due Diligence Directive (CSDDD) marks the first time a uniform and binding EU-wide regulation has been established, requiring companies to embed human rights and environmental due diligence obligations throughout their ‘chain of activities’.

The core requirement is that appropriate processes and responsibilities must be embedded both in the relevant company policies and in risk management. Companies must establish suitable measures to identify, assess and prevent actual and potential adverse impacts along their value chain and, where such impacts have already occurred, to effectively remedy them. Furthermore, the CSDDD provides for both a complaints procedure and a supplementary reporting procedure through which information regarding potential human rights or environmental risks can be submitted. Finally, companies not covered by the CSRD must publicly report annually on their human rights and environmental due diligence activities.

Strategy and Integration under the CSDDD

Effective implementation of the CSDDD requires that due diligence obligations be systematically embedded within existing corporate structures. This involves embedding these obligations in all relevant guidelines, policies and the risk management system, and ensuring that clear responsibilities are in place.

Companies must therefore also appoint a responsible person or body as an authorised representative – such as a human rights officer – who acts as the official representative vis-à-vis the competent authority and is equipped with the necessary powers. Depending on the corporate structure, both parent companies and subsidiaries may assume specific due diligence obligations for the entire group.

Another key step is the development of a due diligence policy, which is ideally drawn up in consultation with employees and brings together the company’s approach, the Code of Conduct and the specific implementation processes. To ensure that these requirements remain up to date and effective within the processes, they must be reviewed regularly and updated at least every 24 months, as well as following any significant changes.

Risk analysis in accordance with the CSDDD

The risk analysis begins with a risk-based scoping exercise, which provides an initial overview of potential risks to people and the environment and forms the basis for a more in-depth analysis. This exercise takes into account the company itself, all subsidiaries and the entire chain of activities.

Companies should generally draw on information already available (e.g. from research or public sources) and only collect additional data if it is necessary and cannot reasonably be obtained by other means.

This is followed by the in-depth analysis, in which companies categorise the identified risks according to severity and likelihood and then prioritise them, so that the most serious and most likely to be negative impacts are addressed first.

The assessment must be updated regularly, at least every five years or whenever necessary, for example following incidents or significant structural changes.

Preventive and remedial measures under the CSDDD

Building on this analysis, preventive measures must be taken in the event of potential adverse impacts, whilst remedial measures are generally required in the event of actual adverse impacts. Which measures are appropriate depends on three key criteria:

1. Principle of causation:
   Whether the company caused the impacts itself, is jointly responsible with a partner, or whether the adverse impacts were caused exclusively by a business partner.
2. Location of the impacts:
   Whether the negative impacts occur within the company’s own operations, at a direct business partner, or within the indirect supply chain.
3. The company’s capacity to influence:
   To what extent the company is able to influence the responsible party – for example, through contractual levers, economic clout, training or cooperation opportunities.

Preventive measures are in place to address potential negative impacts, such as the development of a prevention action plan with clear deadlines and measurable indicators. To this end, companies can also collaborate with industry initiatives or multi-stakeholder platforms and implement various measures – ranging from contractual assurances and investments in facilities or processes to adjustments in procurement, design or distribution practices. In doing so, particular care should be taken to spare smaller business partners by utilising information already available, and they should only be asked for additional information if there is no other option.

Companies must remedy actual negative impacts or minimise them as far as possible. Possible steps range from ‘neutralising’ or reducing the negative impacts, through the creation of corrective action plans with deadlines and KPIs, to investments, business model adjustments or targeted support for smaller partners. If necessary, companies may take measures in collaboration with other stakeholders to address serious impacts – including remedial or compensatory measures.

In particularly serious cases, suspension of business relationships may also be necessary as a last resort.

Complaints and reporting procedures under the CSDDD

The CSDDD provides for both a complaints procedure and a supplementary reporting mechanism through which information regarding potential or actual adverse impacts can be submitted.

Natural and legal persons who are affected or have a reasonable basis for believing they are affected are entitled to lodge a complaint, as are trade unions and civil society organisations working in the field of environmental impacts. The procedure must be fair, accessible, transparent and predictable, and must ensure effective protection against reprisals. In addition, the Directive provides for a confidential or anonymous reporting procedure through which reports and information on adverse human rights or environmental impacts can be submitted.

Monitoring under the CSDDD

Finally, the CSDDD requires companies to review both their own activities and those of their subsidiaries and, where relevant, their business partners. The focus is on the implementation, adequacy and effectiveness of strategies to identify, prevent, mitigate and remedy adverse impacts. The review may include qualitative and quantitative indicators and must take place at least every five years; in the event of significant changes, new adverse impacts or signs of a lack of effectiveness, it must also be carried out earlier on an ad hoc basis.

Civil liability and sanctions

The CSDDD does not introduce a uniform EU-wide standard of civil liability; instead, the details of liability are left to the Member States. Companies are therefore liable under national law for the improper application of due diligence obligations. In addition, the Omnibus I Package requires Member States to set a uniform upper limit for fines of up to three per cent of global net turnover, although the specific calculation will continue to be based on criteria such as effectiveness, proportionality, severity, duration or cooperation. Furthermore, Member States must ensure that affected parties have effective access to the courts and can receive compensation in the event of liability.

Cooperation with SMEs

The Directive also sets out rules governing cooperation with small and medium-sized enterprises (SMEs). To avoid disproportionate burdens in the supply chain, the CSDDD provides for specific rules governing cooperation with SMEs. Requests for information must be targeted, reasonable and proportionate, with companies only seeking additional information from business partners with fewer than 5,000 employees as a last resort, where such information is necessary and not otherwise available.

Furthermore, the principle of proportionality applies: measures affecting SMEs must be adapted to their capacities. Obligated companies should actively support SMEs – for example, through training, technical system development, capacity building or, where appropriate, financial assistance such as direct financing, support with audit costs or sales guarantees.

Support measures for businesses

To facilitate the implementation of the CSDDD, the EU is providing a range of support tools designed to help businesses meet their due diligence obligations. In addition to comprehensive practical guidelines, central information and service points are being set up to support businesses of all sizes – particularly SMEs – with clear resources and practical tools.

These support measures are intended to ensure that businesses do not merely comply with the due diligence process in a formal sense, but can implement it in a practical, efficient manner that is proportionate to their size.

The Helpdesk on Business and Human Rights

The Helpdesk on Business and Human Rights is also available to assist you as a free support service provided by the German government. Do you have questions about regulatory requirements or the practical implementation of due diligence processes throughout your supply chain?

Then the Helpdesk on Business and Human Rights is the right point of contact for you! We will be happy to advise and train your staff – free of charge, tailored to your needs and in complete confidence! Please send us an email at kontakt(at)helpdeskwimr.de  or contact us by telephone +49 30 2130 8430-0.