Today, the Council of the European Union has formally adopted the Omnibus amendments to the Corporate Sustainability Due Diligence Directive (CSDDD), after a year of legal uncertainty around mandatory human rights and environmental due diligence (HREDD) rules in the EU. The adopted changes to the CSDDD significantly narrow the scope, but the essence of the Directive – structured, risk‑based HREDD – remains intact. This blog summarises what has changed, what now matters most, and why companies outside the formal thresholds should still take note.

WHAT IS THIS ABOUT?

The Omnibus amendments adjust the scope, timelines, and a number of substantive provisions of the CSDDD:

• The thresholds now capture only very large companies with more than 5000 employees and more than €1.5 billion worldwide turnover (non-EU companies: >€1.5 billion EU turnover, no employee threshold).

• Some obligations were scaled back or refined, such as the removal of the climate transition plan requirement, a narrower stakeholder definition, less frequent monitoring, and changes to how companies may request information from business partners when identifying and assessing impacts.

However, the core architecture of obligations remains unchanged. Starting in 2029, companies in scope will be required to conduct due diligence as set out below – reflecting the risk-based due diligence framework originally developed under the UN Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines for Multinational Enterprises:

WHY DOES IT MATTER?

The adjusted Directive still sends a clear signal that risk‑based HREDD is becoming a baseline expectation in the EU market. This matters because companies will face:

• Strategic and governance expectations: Boards and management must ensure due diligence is integrated into company policies and risk management systems.

• Operational implications: Companies must identify and address adverse human rights and environmental impacts across their own operations, subsidiaries, and the full upstream and partly downstream value chain.

• Regulatory and enforcement exposure: Authorities can investigate companies and impose penalties of up to 3% of global turnover, supported by naming and shaming through the publication of decisions on penalties. Furthermore, companies can potentially face civil liability under national law of EU member states.

• Market pressure: Even companies out of scope will face expectations from in‑scope partners, e.g. through codes of conduct and information requests.

The CSDDD reinforces what international standards have set out for a long time: that companies must take responsibility for adverse impacts linked to their operations and value chains.

WHAT IS OFTEN OVERLOOKED?

A key aspect often overlooked is the extent to which the CSDDD will shape expectations well beyond the companies formally covered by the law. Due diligence is not a self-contained corporate process but one that relies on information, cooperation and alignment across entire value chains. Many companies outside the thresholds assume they can simply “wait and see”, yet they are likely to face requests from customers, business partners or parent companies.

For example:

• A subsidiary receives instructions from its parent company with regard to implementing due diligence, e. g. in the form of a code of conduct.

• A business partner is requested to contractually commit to ensure compliance with the in-scope company’s code of conduct and, as necessary, its prevention action plan.

• A business partner receives a request to engage with the in-scope company about its expectations with regard to preventing and mitigating potential adverse impacts and is offered access to capacity-building.

This indirect effect is often underestimated, yet it is where many companies first feel the practical implications of the CSDDD. Because in‑scope companies must demonstrate that they understand, prioritise and address risks and impacts across their upstream and (limited) downstream value chain, they rely on the cooperation of partners who themselves may not fall under the Directive. As a result, companies that are technically out of scope still experience increased expectations around transparency, alignment and collaboration. This is particularly relevant for Swiss companies, many of which will be affected indirectly through EU‑based customers or group structures (see our detailed Q&A on what the CSDDD means for Swiss companies).

WHAT IS FOCUSRIGHT’S TAKE?

The Omnibus amendments do not change the fundamental direction of travel. CSDDD confirms that structured, risk-based HREDD is no longer a “best practice” concept – it is an essential component of responsible business conduct in the EU market. Whether or not a company is in scope is therefore the wrong question. The better question is how well positioned the company is to demonstrate credible due diligence when investors, customers, or business partners come asking.

A robust approach typically includes:

• Clear governance alignment: due diligence embedded into policies, decision-making, and risk management – with leadership aware of its strategic relevance.

• Cross-functional cooperation: sustainability teams cannot carry this alone – procurement, legal, compliance, operations, and country teams all have roles to play.

• A structured, risk-based methodology: enabling companies to understand where impacts are most severe and likely, and to allocate resources accordingly.

• Meaningful engagement with affected stakeholders: ensuring that the people closest to the risks are informing decisions.

• A forward-looking approach to business partner expectations: anticipating what customers or parent companies will require rather than reacting late.

From our experience, companies that treat HREDD as an opportunity to strengthen resilience – not just to ensure compliance – tend to benefit most. They develop clearer insights into their value chains, build stronger relationships with suppliers and workers, and integrate due diligence into internal systems, enhancing their ability to manage emerging pressures – from reputational scrutiny to litigation exposure and evolving stakeholder expectations.

With the Omnibus changes adopted, the message for business remains simple: the scope may be narrower, but the expectations are not. Now is the right moment to invest in structured HREDD – not only to prepare for potential legal exposure, but to build a more stable and resilient business for the long term.