Rules to risks? The EU Omnibus package’s impact on CSDDD-affected businesses

This article breaks down the key changes, the risks they introduce, and how companies can prepare for a sustainability landscape where flexibility comes with higher stakes.

CSDDD: A directive at risk? 

The CSDDD, adopted in July 2024, laid out a clear roadmap for how large companies must identify and manage human rights and environmental risks across their global value chains. It included concrete steps: annual monitoring, defined stakeholder engagement, support for SMEs, and a mandatory transition plan aligned with the Paris Agreement. It’s a complex law but it’s structured. Importantly it gave companies something essential: certainty. 

By “streamlining” the directive, the Omnibus package swaps hard requirements for soft language, pushing key decisions onto companies about what good enough means.

From clear rules to grey zones

One major shift is that companies would no longer need to assess their full chain of activities – just direct suppliers. However, should “plausible” information of harm further down the chain arise, companies are expected to conduct in-depth assessments.  

Plausible to whom? And based on what? That’s left to companies to decide – and potentially defend in court. 

The same goes for monitoring. The annual due diligence review becomes a five-year cycle, unless the company decides its activities are “inadequate.” But again — what counts as adequate? This is once again left open to interpretation. 

For SMEs, the Omnibus aims to limit data requests from larger companies — unless the data is “necessary” for value chain mapping. Another undefined term which will require interpretation and agreement between large companies and the SMEs in their supply chain. 

What this amounts to is a reduction in concrete regulation and an increase in regulation that is open to interpretation. This leads to uncertainty for companies as to what the appropriate levels of effort are to ensure they comply with the law.

Taking action, uneven playing field 

The original CSDDD made it clear what happens when a company finds issues with suppliers: fix the issue, or, as a last resort, terminate the relationship. The Omnibus weakens this to “suspension” of the relationship, with ongoing reviews. This could open up the door to internal debates, resource drain and hesitation, rather than decisive action and certainty. 

Regarding penalties and fines, the Omnibus will remove the EU-wide 5% penalty cap and civil liability scheme, maintaining the civil liability of the Member States’ national law.  This may lead to a fragmented legislative landscape, where the same offence could lead to vastly different outcomes across borders.

A simplification that adds burden

Far from making things easier, the Omnibus proposals shift the burden onto companies to interpret vague requirements — and justify every decisionw they make. Internal teams will need to spend more time analyzing risk, developing new internal procedures, and managing legal exposure. 

For companies new to due diligence, the safest response may be to overcompensate — driving up compliance costs through added training, external advice, and risk mapping tools. 

In short, companies now face a paradox: more flexibility, but more risk. Fewer rules, but more uncertainty. Less red tape — but more grey zones. Since the Omnibus proposal is still early in the legislative adoption process, its final form could evolve even further – potentially adding more uncertainty for businesses. 

The Omnibus doesn’t just tweak the CSDDD — it changes how companies will have to think about compliance altogether. Without concrete thresholds or harmonized enforcement, businesses are being handed a self-directed regime that demands deep knowledge, strong governance, and constant judgment calls. 

And if they get it wrong? The legal, financial, and reputational fallout will be theirs to bear.

How companies can prepare for the new CSDDD landscape

In order to meet the new uncertainty the Omnibus proposal provides, companies should make the following preparations: 

• Build early internal capacity for interpretation-based compliance by investing in internal legal, sustainability and compliance expertise and training operational teams to understand due diligence principles. 
• Formalize decision-making frameworks, including structured decision-making tools like risk matrices and escalation protocols and document decisions that are made. 
• Determine how to map risk beyond direct suppliers, including through expanding data gathering to make sure that “plausible” information is identified.  
• Understand sectoral risks to avoid de-scoping too far, as ignoring known risks within a high-risk supply chain could be considered non-compliant. 
• Communicate clearly and be transparent about the approach taken, methodologies used and the reasoning behind those.  
• Continue monitoring legislative developments, as the final requirements may differ from the current Omnibus proposal.  

Want to stay ahead of regulatory shifts? Sign up for our newsletter to get actionable insights delivered straight to your inbox and start making a real impact today.