EU sustainability due diligence and reporting: how CS3D and CSRD inter-relate

Understanding relevant sustainability-related due diligence and reporting requirements that exist at EU-level, across EU member states and outside of the EU – and how those requirements overlap – can help companies develop effective compliance programmes.

Two of the most significant pieces of EU legislation addressing sustainability-related due diligence and reporting are the Corporate Sustainability Due Diligence Directive (CS3D) and the Corporate Sustainability Reporting Directive (CSRD). The CSRD and CS3D were designed to intersect and complement one another.

Pinsent Masons has developed separate guides that  provide an overview of the obligations arising under CS3D  and the CSRD. Below, we explore where there is overlap between the CS3D and CSRD and highlight some important differences between the two regimes that companies should be aware of. We also flag other relevant supply chain due diligence legislation which companies may need to factor into their compliance programmes.

Reporting and disclosure obligations

The CSRD, which came into force on 5 January 2023, is primarily a sustainability reporting regime. It is a transformational piece of legislation which revises and strengthens previous EU rules concerning the environmental, social, and governance (ESG) information that certain corporate entities must report on. On the other hand, the CS3D, which came into force on 25 July 2024, is a sustainability due diligence regime. It is also transformational and requires companies to address actual and potential environmental and human rights impacts and disclose information on their due diligence systems.

The CSRD requires in-scope companies to conduct a double materiality assessment. This means that they must identify and consider the impact of sustainability matters on their performance, position, and development (financial materiality), as well as their own impact on the environment and people (impact materiality). A company’s impact materiality assessment should be informed by their due diligence process. The identification of sustainability-related impacts will also inform the in-scope company’s financial materiality assessment. Therefore, to report in line with the CSRD, in-scope companies need to conduct due diligence to understand their impacts. The need to conduct due diligence has been incorporated into the provisions of the CSRD. In scope companies are required to report, amongst other things, on:

• the due diligence process they implement with regard to sustainability matters, and, where applicable, in line with EU requirements, conduct a due diligence process;
• the principal actual or potential adverse impacts connected with the company’s own operations and with its value chain, including its products and services, its business relationships and its supply chain, actions taken to identify and monitor those impacts, and other adverse impacts which the reporting company is required to identify pursuant to other EU requirements on companies to conduct a due diligence process; and
• any actions taken by the company to prevent, mitigate, remediate or bring an end to actual or potential adverse impacts, and the result of such actions.

Read more on the CS3D and CSRD

• Obligations under CS3D: the EU Corporate Sustainability Due Diligence Directive
• Corporate sustainability due diligence: penalties and enforcement under the CS3D
• Taking steps towards CS3D compliance: learning from the German Supply Chain Act
• What the EU Corporate Sustainability Reporting Directive means in practice

Whilst the CS3D relates to impacts, it does not adopt a (double) materiality approach. It requires companies to conduct risk-based due diligence, allowing for initial prioritisation of adverse impacts based on severity and likelihood.

A company’s due diligence system is expected to evolve and eventually, companies should also be identifying and addressing actual and potential impacts that are less severe and have a lesser likelihood of occurring. Whether an impact would be considered as material under a double materiality assessment is not a consideration of whether the company should take action to identify and address the actual or potential impact, for CS3D purposes. If a company identifies relevant impacts whilst conducting due diligence to meet their obligations under the CS3D, these should be factored into the company’s double materiality assessment if they have not been already.

Scope

There are different scoping requirements for the CSRD and CS3D and not all companies that fall within scope of the CSRD will be in scope of the CS3D. The scoping thresholds for the CS3D were increased during intense political negotiations. You can find the relevant scoping thresholds for the CSRD in our CSRD guide.

In addition to there being differences in scoping thresholds between the CSRD and CS3D, there are also differences in the scope of the due diligence and reporting obligations under both regimes.

The CS3D requires in-scope businesses to review their own operations, and those of their business partners in their so-called “chains of activities”, to identify actual and potential adverse impacts on human and environmental rights. The definition of ‘chain of activities’ in the CS3D covers both the activities of a company’s upstream, direct and indirect, business partners related to the production of goods or the provision of services by that company, and the activities of a company’s downstream business partners acting for or on behalf of the company in relation to the distribution, transport, and storage of a product. As downstream activities are limited to products, service providers are excluded from scope. The disposal of the product is also excluded from the definition of ‘chain of activities’, along with other specified exemptions.

Under the CSRD, companies are required to report on impacts, risks and opportunities across their entire ‘value chain.

The CSRD’s definition of ‘value chain’, which is set out in Annex II to the Commission Delegated Regulation (EU2023/2772) supplementing the CSRD, includes the full range of activities, resources and relationships related to the reporting company's business model and the external environment in which it operates. This encompasses their upstream and downstream value chain as well as the financing, geographical, geopolitical and regulatory environments in which the reporting company operates. A reporting company may have more than one value chain which it needs to map out. The definition of value chain is broader than the CS3D’s ‘chain of activities’ definition. Companies in scope of both the CSRD and CS3D will need to take this discrepancy into consideration when setting up their due diligence systems.

Companies in scope of the CSRD must report in accordance with the European Sustainability Reporting Standards (ESRS), which comprise twelve standards covering overarching principles, general disclosures, and specific topics on ESG issues.

Companies in scope of both the CSRD and CS3D should consider how the specific human and environmental rights listed in the Annex of the CS3D overlap with the ESRS, and what information they will need to report on impacts in line with the ESRS and as a result of their due diligence under the CS3D. Such companies should refer to any existing double materiality assessment when developing their due diligence systems. They should take into account any impacts identified through their due diligence systems when conducting or reviewing their double materiality assessment.

As mentioned above, a company in scope of both the CSRD and CS3D regimes will need to report on certain environmental and human rights impacts even if they are not deemed to be material under the company’s double materiality assessment.

Other EU environmental and human rights due diligence legislation

Beyond the CS3D and CSRD, there are other pieces of EU legislation under which environmental and/or human rights due diligence requirements arise. The EU Deforestation Regulation, EU Conflict Minerals Regulation, EU Batteries Regulation and the proposed EU Forced Labour Regulation are some examples.

In the case of a conflict between the CS3D and another EU legislative act which has more extensive or specific requirements as to environmental and/or human rights due diligence, the other legislative act prevails. Businesses should determine whether they are or will be subject to any of these more specific due diligence regulations and, if so, integrate them into their due diligence systems and reporting processes accordingly.

Some EU member states have also introduced due diligence laws that businesses may need to factor into compliance programmes.

The German Supply Chain Act, which came into force on 1 January 2023, requires large German companies, as well as foreign companies with a branch in Germany, to take certain measures to ensure that both they and their suppliers from Germany and abroad comply with certain environmental and social standards. 

The French Duty of Vigilance Law, which came into force on 17 March 2017, amends the French Commercial Code to require supply chain due diligence in relation to human rights, the environment and health and safety. Companies meeting the relevant thresholds are required to establish a vigilance plan to prevent and detect violations, both in France or abroad – including violations caused by their subsidiaries and subcontractors.

Companies that also fall within scope of other legislative acts which require environmental and/or human rights due diligence will need to consider how the CS3D interacts with and builds upon those obligations.