Out-Law Guide 22 min. read

Obligations under CS3D: the EU Corporate Sustainability Due Diligence Directive


The EU Corporate Sustainability Due Diligence Directive (CS3D) is a transformational piece of legislation which came into force on 25 July 2024, applying to both EU and non-EU companies.

The CS3D was the subject of intense political negotiations. A provisional political agreement was announced by EU law makers in December 2023 but final approval from the Council of Ministers did not follow. A compromise proposed by the Belgian Council Presidency was eventually agreed between the Council and the European Parliament. This compromise resulted in the watering down of several of the requirements contained within the original legislative proposal.

The CS3D provides a framework for sustainability due diligence for large EU companies and non-EU companies with significant EU activity. The CS3D is not just a disclosure regime – it places a duty on in-scope companies to identify and address actual and potential adverse human rights and environmental impacts within their own operations, those of their subsidiaries, and their “chains of activities”. This duty is backed not only by the threat of turnover-linked fines but also by a civil liability framework set out in CS3D for intentional or negligent breaches of certain of the obligations it imposes.


Read more on the CS3D


The CS3D recognises the interdependency of environmental and human rights. A company’s adverse impact on the environment can also give rise to human rights impacts – the European Court of Human Rights has found that environmental impacts can lead to infringements of human rights. The CS3D covers specific human and environmental rights included in international human rights and labour conventions and multilateral environmental conventions. The relevant rights and conventions are listed in the Annex of the CS3D.

EU member states have until 25 July 2026 – this being two years from the date of publication of CS3D in the Official Journal of the EU – to transpose the directive into national law.

This guide summarises the scope of CS3D, its phased implementation timetable and the various obligations in scope businesses will have to comply with. Please see our separate guide for information on the CS3D’s enforcement regime, including more on the types of penalties that could be applied for non-compliance.

Scope and phased implementation

The CS3D will apply to both in-scope EU companies and in-scope non-EU companies deriving revenues from the EU. There is a phased implementation timeline when different categories of companies come into scope of the CS3D.

To determine whether and when companies are in scope, EU companies are subject to both an employee and worldwide revenue test; whereas non-EU companies are subject to an EU-derived revenue test. The CS3D does not define what amounts to EU-derived revenue, and it is hoped that this definition will be clarified in future guidance issued by the European Commission.

Non-EU companies do not need to have a branch in the EU to fall within scope. Companies or ultimate parent companies of a group that have franchising or licensing agreements in the EU with independent third-party companies in return for royalties, where the agreements ensure a common identity, business concept and the application of uniform business methods, are also in scope of the CS3D, subject to meeting specified thresholds.

Although the scoping thresholds are expressed in relation to single financial years, the CS3D only applies to a company, EU or non-EU, if it has met the relevant thresholds for each of the last two consecutive financial years.

As part of the political compromise, the thresholds for application of the CS3D were increased to prevent SMEs falling within scope. The compromise agreement also provided for more generous timeframes than those included in the original legislative proposal.

Pinsent Masons has collaborated with PortF to develop a cost-free tool to enable companies to determine whether, and when, they fall within scope of the CS3D. We have also outlined the relevant thresholds and staggered implementation timeline in the table below: 

Transition period

EU company thresholds 
(or ultimate parent companies on a consolidated basis)

Non-EU company thresholds
(or ultimate parent companies on a consolidated basis) 

Three years – 25 July 2027
(with disclosures due for financial years commencing on or after 1 January 2028)

Article 37(1)(a):

  • At least 5,000 employees on average; and 

  • At least €1.5 billion in net worldwide turnover

Article 37(1)(c):

  • No employee threshold

  • At least €1.5 billion net turnover in the EU

Four years – 25 July 2028

(with disclosures due for financial years commencing on or after 1 January 2029)

Article 37(1)(b):

  • At least 3,000 employees on average; and 

  • At least €900m net worldwide turnover 

Article 37(1)(d):

  • No employee threshold

  • At least €900m net turnover in the EU

Five years – 25 July 2029

(with disclosures due for financial years commencing on or after 1 January 2030)

All other in scope companies

Article 37(1)(e):

  • At least 1,000 employees on average; and 

  • At least €450m net worldwide turnover 

All other in scope companies

Article 37(1)(e):

  • No employee threshold

  • At least €450m net turnover in the EU

Franchise and licence agreement thresholds 

Transition period 

EU companies  

Non-EU companies 

Five years – 25 July 2029, along with the final tranche of all other in-scope companies

Article 2(1)(c): 

  • At least €22.5m royalties from the EU; and 

  • Net worldwide turnover of at least €80m

Article 2(2)(c):

  • At least €22.5m royalties from the EU; and 

  • Net turnover of at least €80m in the EU


Parent company support and consolidated reporting

Ultimate parent companies which reach the above thresholds on a consolidated basis also fall within scope of the CS3D.

Where a parent company falls within scope on a consolidated basis, it must cover the operations of any subsidiaries within its own due diligence, regardless of whether those subsidiaries fall in scope of the CS3D on an individual basis.

Where the ultimate parent company falls within scope along with one or more of its subsidiaries, it has the option to fulfil some of the due diligence obligations at group level on behalf of any subsidiaries. Where it does so, such subsidiaries remain subject to the exercise of supervisory authority powers and the civil liability regime established under the CS3D.

An ultimate parent company or parent company may consider fulfilling some of a subsidiary’s obligations at group level in order to consolidate its financial and sustainability reporting. Companies should consider their current reporting strategy and whether this needs to be amended in light of future reporting and disclosure requirements such as those under the CSRD.

Ultimate parent companies that are non-operational – i.e. they do not engage in management, operational or financial decisions affecting the group – can apply for an exemption from meeting the requirements of the CS3D as long as one of their EU subsidiaries is designated to comply with the requirements of the CS3D on the parent’s behalf. The subsidiary must have the authority and means to comply and be provided with all necessary information. It must also abide by the parent company’s CS3D compliant due diligence policy and the subsidiary must integrate due diligence into all its policies and risk management systems.

When doing this, the parent company and subsidiary must agree how the obligations of the CS3D will be met, and the subsidiary must clearly describe which, if any, obligations are to be fulfilled by its parent company. The ultimate parent will remain jointly liable with the designated subsidiary for any failure of the subsidiary to comply with the requirements of the CS3D. As a result, an ultimate parent company, which is considering applying for an exemption on the basis that its designated EU subsidiary will comply, will need to be satisfied of the subsidiary’s ability to conduct the necessary due diligence robustly.

Chains of activities

The CS3D requires in-scope businesses to review their own operations, and those of their business partners in their so-called “chains of activities”, to identify actual and potential adverse impacts on human and environmental rights. Chains of activities include the in-scope company’s own activities, those of their subsidiaries, and those of business partners in their upstream and downstream chain of activities. The CS3D specifies what upstream and downstream activities are included within the definition of ‘chains of activities’:

  • Upstream: covers the activities of a company’s upstream, direct and indirect, business partners related to the production of goods or the provision of services by that company, including the design, extraction, sourcing, manufacture, transport, storage and supply of raw materials, products or parts of products and the development of the product or the service;
  • Downstream: covers the activities of a company’s downstream business partners acting for or on behalf of the company in relation to the distribution, transport, and storage of a product, with certain specified exceptions. As part of the compromise, the list of downstream activities no longer covers the disposal of a product. As downstream activities are limited to products, service providers are excluded from scope.

Financial institutions

The CS3D will apply to EU and non-EU financial undertakings that fall within the scope criteria. Alternative investment funds (AIFs) and undertakings for collective investment in transferable securities are not within scope of the CS3D.

As outlined above, the definition of "chain of activities" limits downstream activities to “distribution, transport and storage” of products. The exclusion of downstream business partner activities in relation to services includes financial services activities – i.e. services provided in the context of relationships with clients. By 26 July 2026, the European Commission is required to review and report on whether additional rules are required for regulated financial undertakings with respect to the provision of financial services and investment activities.

Due diligence obligations

The CS3D requires companies to conduct risk-based due diligence to identify, prevent, mitigate, and account for how they address actual and potential adverse impacts. This approach allows companies to prioritise their most severe risks based on severity and likelihood of impacts. It is recognised that companies will not be able to address all risks and impacts related to their activities and business relationships simultaneously. After addressing the most severe risks and adverse impacts, companies are required to address those that are less severe and less likely within a reasonable time.

The CS3D due diligence requirements draw upon internationally recognised voluntary guidelines and principles, including the OECD Due Diligence Guidance for Responsible Business Conduct and the UN Guiding Principles on Business and Human Rights. These should be referred to prior to establishing the necessary due diligence processes.

Below, we examine the due diligence obligations arising under CS3D in more detail, as well as what those obligations mean in practice for businesses.

Article 7

Article 7 of the CS3D requires in-scope companies to integrate due diligence into their company policies and risk management systems.

In addition to reviewing their wider policy framework and risk management systems throughout the CS3D implementation process, companies must develop a specific due diligence policy which includes:

  • a description of the company's approach to due diligence;
  • a code of conduct for the company, its subsidiaries, and its direct and indirect business partners; and
  • a description of the processes in place to integrate and implement due diligence processes. This includes measures to verify compliance with the code of conduct and extend its compliance to direct and indirect business partners.

The policy must be reviewed and, if necessary, updated every two years, or without undue delay after a significant change.

Article 8

Article 8 of the CS3D requires in-scope companies to identify and assess actual and potential adverse human rights and environmental impacts.

To do this, companies will need to undertake comprehensive mapping of their chains of activities and stakeholders.

The CS3D stipulates that, where relevant information on adverse impacts can be obtained from business partners at different levels of the chain of activities, the company must prioritise requesting such information directly from business partners where the adverse impacts are most likely to occur. This mapping exercise should be supplemented with additional information obtained from appropriate resources to further develop risk-profiles.

Companies should carry out in-depth risk assessments in areas where adverse impacts are most likely to occur and would be the most severe.

Article 9

Under Article 9, in-scope companies must prioritise actual and potential adverse impacts.

Companies will need to consolidate their risk assessments to identify risks that need to be prioritised based on severity and likelihood of adverse impacts.

Action plans that define the immediate short- and long-term measures for prevention, mitigation and remediation of risks and adverse impacts will need to be developed.

Articles 10 and 11

Under Articles 10 and 11, in-scope companies face obligations to prevent or mitigate potential impacts and bring to an end to or minimise actual impacts.

Companies must take appropriate measures, which are reasonably available to the company and commensurate to the degree of severity and likelihood of the adverse impact, to prevent, or where prevention is not possible or not immediately possible, adequately mitigate, potential adverse impacts.

Some examples of measures which may be deemed appropriate include the use of action plans, financial or non-financial investments, modifications to the company’s business plan, strategy and operations, collaboration with other companies or stakeholders and targeted support for SMEs.

Where actual/potential adverse impacts cannot be prevented or adequately mitigated by taking appropriate measures, the company may seek contractual assurances from an indirect business partner, with a view to achieving compliance with the company’s code of conduct and/or corrective/prevention action plan. Any contractual assurances must be accompanied by appropriate measures to verify compliance.

As a last resort, companies may terminate the business relationship which is connected to the adverse impact. Before doing so, companies should consider implementing enhanced action plans, using their leverage through temporarily suspending the business relationship where there is a reasonable expectation those efforts would succeed. They should also consider whether terminating the relationship could result in more severe adverse impacts.

Article 12

Under Article 12, in-scope companies must provide remediation for actual adverse impacts.

A company must remediate any actual adverse impact which it has caused or jointly caused. Remediation means restoring the affected person(s), communities or environment to the situation they would have been in had the actual adverse impact not occurred, including by financial or non-financial compensation.

Risk mitigation and remediation plans should include tailored actions to prevent, mitigate and remediate salient risks or impacts identified. Companies should also consider incorporating supplier engagement plans into their mitigation and remediation plans.

Article 13

In-scope companies face obligations around meaningful stakeholder engagement.

Stakeholders, including internal stakeholders, must be consulted in a meaningful way during the following stages of the due diligence process:

  • when gathering the necessary information on actual or potential adverse impacts, in order to identify, assess and prioritise adverse impacts;
  • when developing prevention and corrective action plans and developing enhanced prevention and corrective action plans;
  • when deciding to terminate or suspend a business relationship;
  • when adopting appropriate measures to remediate adverse impacts; and
  • as appropriate, when developing qualitative and quantitative indicators for monitoring.

Companies should provide stakeholders with adequate information and seek to address barriers to engagement. Where engagement with external stakeholders is not possible to the extent necessary to comply with the CS3D, companies should engage additionally with experts who can provide credible insights into adverse impacts.

Under Article 13(6), companies can fulfil their obligations through industry or multistakeholder initiatives, but they must ensure they still meet the procedural requirements of Article 13.

Article 14

In-scope companies also face obligations around complaint-handling.

Certain affected persons, representatives and civil society organisations are entitled to issue complaints under the CS3D.

Companies must establish complaints procedures which are fair, publicly available, accessible, predictable and transparent.

Complainants that are entitled to issue a complaint must be able to:

  • request appropriate follow-up on the complaint;
  • meet with the company’s representatives at an appropriate level to discuss actual or potential severe adverse impacts that are the subject matter of the complaint and potential remediation; and
  • be provided by the company with the reasons a complaint has been considered founded or unfounded and, where considered founded, with information on the steps and actions taken or to be taken.
Article 15

In-scope companies must also monitor the effectiveness of the due diligence policy and measures.

Companies must carry out periodic assessments of their own operations and measures, those of their subsidiaries and, where related to the chain of activities of the company, those of their business partners, to assess the implementation and to monitor the adequacy and effectiveness of measures to address adverse actual or potential impacts.

Assessments should be conducted at least every 12 months and when there are reasonable grounds to believe that there are new risks of the occurrence of adverse impacts. Where a significant change occurs, assessments should be carried out without undue delay. The company will need to update its due diligence policy, list of identified adverse impacts and corresponding appropriate measures in accordance with the outcome of any assessment.

Article 16

Obligations to publicly communicate on due diligence arise under Article 16 of the CS3D.

Companies must draft and publish an annual statement on their website meeting the requirements of the CS3D.

Publication of an annual statement

The EU Corporate Sustainability Reporting Directive (CSRD) came into force on 5 January 2023. It revises and strengthens the rules concerning the environmental and social information that companies must report on. If a company is reporting in line with the CSRD, or is exempt from reporting under Article 19a(9) or Article 29a(8) of the CSRD, it is not required to draft and publish an annual statement under the CS3D. However, this does not mean that it does not need to fulfil its due diligence obligations under the CS3D. To be compliant with both the CSRD and the CS3D, an in-scope entity must meet the CS3D’s due diligence requirements and report on its due diligence process as part of its CSRD reporting.

Our separate guide looks in more how the CSDR and CS3D interact.

Requirement to adopt and put into effect a transition plan for climate mitigation

Companies in scope of the CS3D must adopt and put into effect a transition plan for climate change mitigation which aims to ensure, through best efforts, that the business model and strategy of the company are compatible with the transition to a sustainable economy, the limiting of global warming to 1.5 degrees Celsius in line with the Paris Agreement, and the objective of achieving climate neutrality as established in the European Climate Law, including the EU’s intermediate and 2050 climate neutrality targets. The plan should also address the company’s exposure to coal-, oil- and gas-related activities where relevant.

The transition plan must contain the following information:

  • time-bound targets related to climate change for 2030 and in five-year steps up to 2050 based on conclusive scientific evidence and, where appropriate, absolute emission reduction targets for greenhouse gas for scope 1, scope 2 and scope 3 greenhouse gas emissions for each significant category;
  • a description of decarbonisation levers identified, and key actions planned to reach the company’s targets including, where appropriate, changes in the product and service portfolio of the company and the adoption of new technologies;
  • an explanation and quantification of the investments and funding supporting the implementation of the transition plan for climate change mitigation; and
  • a description of the role of the administrative, management and supervisory bodies with regard to the transition plan for climate change mitigation.

Companies that report a transition plan in accordance with the CSRD reporting requirements will be deemed to have complied with the transition plan obligation in the CS3D.

Where a parent company fulfils the obligation to adopt and put into effect a transition plan for climate mitigation on behalf of a subsidiary, the subsidiary must take steps to operationalise the transition plan. This may require operating subsidiaries to adapt their business model and strategy accordingly.

Transition plans should be developed by referring to any future guidance issued by the EU Commission. Companies may also want to consider referring to best practice guidance, such as that published by the UK’s Transition Plan Taskforce – the IFRS Foundation is now responsible for the Taskforce’s key materials. The transition plan must be reviewed and updated on an annual basis, to include a description of the progress the company has made towards achieving its climate targets.

Parent company support and consolidated reporting

Ultimate parent companies which reach the above thresholds on a consolidated basis also fall within scope of the CS3D.

Where a parent company falls within scope on a consolidated basis, it must cover the operations of any subsidiaries within its own due diligence, regardless of whether those subsidiaries fall in scope of the CS3D on an individual basis.

Where the ultimate parent company falls within scope along with one or more of its subsidiaries, it has the option to fulfil some of the due diligence obligations at group level on behalf of any subsidiaries. Where it does so, such subsidiaries remain subject to the exercise of supervisory authority powers and the civil liability regime established under the CS3D.

An ultimate parent company or parent company may consider fulfilling some of a subsidiary’s obligations at group level in order to consolidate its financial and sustainability reporting. Companies should consider their current reporting strategy and whether this needs to be amended in light of future reporting and disclosure requirements such as those under the CSRD.

Ultimate parent companies that are non-operational – i.e. they do not engage in management, operational or financial decisions affecting the group – can apply for an exemption from meeting the requirements of the CS3D as long as one of their EU subsidiaries is designated to comply with the requirements of the CS3D on the parent’s behalf. The subsidiary must have the authority and means to comply and be provided with all necessary information. It must also abide by the parent company’s CS3D compliant due diligence policy and the subsidiary must integrate due diligence into all its policies and risk management systems.

When doing this, the parent company and subsidiary must agree how the obligations of the CS3D will be met, and the subsidiary must clearly describe which, if any, obligations are to be fulfilled by its parent company. The ultimate parent will remain jointly liable with the designated subsidiary for any failure of the subsidiary to comply with the requirements of the CS3D. As a result, an ultimate parent company, which is considering applying for an exemption on the basis that its designated EU subsidiary will comply, will need to be satisfied of the subsidiary’s ability to conduct the necessary due diligence robustly.

Chains of activities

The CS3D requires in-scope businesses to review their own operations, and those of their business partners in their so-called “chains of activities”, to identify actual and potential adverse impacts on human and environmental rights. Chains of activities include the in-scope company’s own activities, those of their subsidiaries, and those of business partners in their upstream and downstream chain of activities. The CS3D specifies what upstream and downstream activities are included within the definition of ‘chains of activities’:

  • Upstream: covers the activities of a company’s upstream, direct and indirect, business partners related to the production of goods or the provision of services by that company, including the design, extraction, sourcing, manufacture, transport, storage and supply of raw materials, products or parts of products and the development of the product or the service;
  • Downstream: covers the activities of a company’s downstream business partners acting for or on behalf of the company in relation to the distribution, transport, and storage of a product, with certain specified exceptions. As part of the compromise, the list of downstream activities no longer covers the disposal of a product. As downstream activities are limited to products, service providers are excluded from scope.

Financial institutions

The CS3D will apply to EU and non-EU financial undertakings that fall within the scope criteria. Alternative investment funds (AIFs) and undertakings for collective investment in transferable securities are not within scope of the CS3D.

As outlined above, the definition of "chain of activities" limits downstream activities to “distribution, transport and storage” of products. The exclusion of downstream business partner activities in relation to services includes financial services activities – i.e. services provided in the context of relationships with clients. By 26 July 2026, the European Commission is required to review and report on whether additional rules are required for regulated financial undertakings with respect to the provision of financial services and investment activities.

Due diligence obligations

The CS3D requires companies to conduct risk-based due diligence to identify, prevent, mitigate, and account for how they address actual and potential adverse impacts. This approach allows companies to prioritise their most severe risks based on severity and likelihood of impacts. It is recognised that companies will not be able to address all risks and impacts related to their activities and business relationships simultaneously. After addressing the most severe risks and adverse impacts, companies are required to address those that are less severe and less likely within a reasonable time.

The CS3D due diligence requirements draw upon internationally recognised voluntary guidelines and principles, including the OECD Due Diligence Guidance for Responsible Business Conduct and the UN Guiding Principles on Business and Human Rights. These should be referred to prior to establishing the necessary due diligence processes.

Below, we examine the due diligence obligations arising under CS3D in more detail, as well as what those obligations mean in practice for businesses.

Article 7

Article 7 of the CS3D requires in-scope companies to integrate due diligence into their company policies and risk management systems.

In addition to reviewing their wider policy framework and risk management systems throughout the CS3D implementation process, companies must develop a specific due diligence policy which includes:

  • a description of the company's approach to due diligence;
  • a code of conduct for the company, its subsidiaries, and its direct and indirect business partners; and
  • a description of the processes in place to integrate and implement due diligence processes. This includes measures to verify compliance with the code of conduct and extend its compliance to direct and indirect business partners.

The policy must be reviewed and, if necessary, updated every two years, or without undue delay after a significant change.

Article 8

Article 8 of the CS3D requires in-scope companies to identify and assess actual and potential adverse human rights and environmental impacts.

To do this, companies will need to undertake comprehensive mapping of their chains of activities and stakeholders.

The CS3D stipulates that, where relevant information on adverse impacts can be obtained from business partners at different levels of the chain of activities, the company must prioritise requesting such information directly from business partners where the adverse impacts are most likely to occur. This mapping exercise should be supplemented with additional information obtained from appropriate resources to further develop risk-profiles.

Companies should carry out in-depth risk assessments in areas where adverse impacts are most likely to occur and would be the most severe.

Article 9

Under Article 9, in-scope companies must prioritise actual and potential adverse impacts.

Companies will need to consolidate their risk assessments to identify risks that need to be prioritised based on severity and likelihood of adverse impacts.

Action plans that define the immediate short- and long-term measures for prevention, mitigation and remediation of risks and adverse impacts will need to be developed.

Articles 10 and 11

Under Articles 10 and 11, in-scope companies face obligations to prevent or mitigate potential impacts and bring to an end to or minimise actual impacts.

Companies must take appropriate measures, which are reasonably available to the company and commensurate to the degree of severity and likelihood of the adverse impact, to prevent, or where prevention is not possible or not immediately possible, adequately mitigate, potential adverse impacts.

Some examples of measures which may be deemed appropriate include the use of action plans, financial or non-financial investments, modifications to the company’s business plan, strategy and operations, collaboration with other companies or stakeholders and targeted support for SMEs.

Where actual/potential adverse impacts cannot be prevented or adequately mitigated by taking appropriate measures, the company may seek contractual assurances from an indirect business partner, with a view to achieving compliance with the company’s code of conduct and/or corrective/prevention action plan. Any contractual assurances must be accompanied by appropriate measures to verify compliance.

As a last resort, companies may terminate the business relationship which is connected to the adverse impact. Before doing so, companies should consider implementing enhanced action plans, using their leverage through temporarily suspending the business relationship where there is a reasonable expectation those efforts would succeed. They should also consider whether terminating the relationship could result in more severe adverse impacts.

Article 12

Under Article 12, in-scope companies must provide remediation for actual adverse impacts.

A company must remediate any actual adverse impact which it has caused or jointly caused. Remediation means restoring the affected person(s), communities or environment to the situation they would have been in had the actual adverse impact not occurred, including by financial or non-financial compensation.

Risk mitigation and remediation plans should include tailored actions to prevent, mitigate and remediate salient risks or impacts identified. Companies should also consider incorporating supplier engagement plans into their mitigation and remediation plans.

Article 13

In-scope companies face obligations around meaningful stakeholder engagement.

Stakeholders, including internal stakeholders, must be consulted in a meaningful way during the following stages of the due diligence process:

  • when gathering the necessary information on actual or potential adverse impacts, in order to identify, assess and prioritise adverse impacts;
  • when developing prevention and corrective action plans and developing enhanced prevention and corrective action plans;
  • when deciding to terminate or suspend a business relationship;
  • when adopting appropriate measures to remediate adverse impacts; and
  • as appropriate, when developing qualitative and quantitative indicators for monitoring.

Companies should provide stakeholders with adequate information and seek to address barriers to engagement. Where engagement with external stakeholders is not possible to the extent necessary to comply with the CS3D, companies should engage additionally with experts who can provide credible insights into adverse impacts.

Under Article 13(6), companies can fulfil their obligations through industry or multistakeholder initiatives, but they must ensure they still meet the procedural requirements of Article 13.

Article 14

In-scope companies also face obligations around complaint-handling.

Certain affected persons, representatives and civil society organisations are entitled to issue complaints under the CS3D.

Companies must establish complaints procedures which are fair, publicly available, accessible, predictable and transparent.

Complainants that are entitled to issue a complaint must be able to:

  • request appropriate follow-up on the complaint;
  • meet with the company’s representatives at an appropriate level to discuss actual or potential severe adverse impacts that are the subject matter of the complaint and potential remediation; and
  • be provided by the company with the reasons a complaint has been considered founded or unfounded and, where considered founded, with information on the steps and actions taken or to be taken.
Article 15

In-scope companies must also monitor the effectiveness of the due diligence policy and measures.

Companies must carry out periodic assessments of their own operations and measures, those of their subsidiaries and, where related to the chain of activities of the company, those of their business partners, to assess the implementation and to monitor the adequacy and effectiveness of measures to address adverse actual or potential impacts.

Assessments should be conducted at least every 12 months and when there are reasonable grounds to believe that there are new risks of the occurrence of adverse impacts. Where a significant change occurs, assessments should be carried out without undue delay. The company will need to update its due diligence policy, list of identified adverse impacts and corresponding appropriate measures in accordance with the outcome of any assessment.

Article 16

Obligations to publicly communicate on due diligence arise under Article 16 of the CS3D.

Companies must draft and publish an annual statement on their website meeting the requirements of the CS3D.

Publication of an annual statement

The EU Corporate Sustainability Reporting Directive (CSRD) came into force on 5 January 2023. It revises and strengthens the rules concerning the environmental and social information that companies must report on. If a company is reporting in line with the CSRD, or is exempt from reporting under Article 19a(9) or Article 29a(8) of the CSRD, it is not required to draft and publish an annual statement under the CS3D. However, this does not mean that it does not need to fulfil its due diligence obligations under the CS3D. To be compliant with both the CSRD and the CS3D, an in-scope entity must meet the CS3D’s due diligence requirements and report on its due diligence process as part of its CSRD reporting.

Our separate guide looks in more how the CSDR and CS3D interact.

Requirement to adopt and put into effect a transition plan for climate mitigation

Companies in scope of the CS3D must adopt and put into effect a transition plan for climate change mitigation which aims to ensure, through best efforts, that the business model and strategy of the company are compatible with the transition to a sustainable economy, the limiting of global warming to 1.5 degrees Celsius in line with the Paris Agreement, and the objective of achieving climate neutrality as established in the European Climate Law, including the EU’s intermediate and 2050 climate neutrality targets. The plan should also address the company’s exposure to coal-, oil- and gas-related activities where relevant.

The transition plan must contain the following information:

  • time-bound targets related to climate change for 2030 and in five-year steps up to 2050 based on conclusive scientific evidence and, where appropriate, absolute emission reduction targets for greenhouse gas for scope 1, scope 2 and scope 3 greenhouse gas emissions for each significant category;
  • a description of decarbonisation levers identified, and key actions planned to reach the company’s targets including, where appropriate, changes in the product and service portfolio of the company and the adoption of new technologies;
  • an explanation and quantification of the investments and funding supporting the implementation of the transition plan for climate change mitigation; and
  • a description of the role of the administrative, management and supervisory bodies with regard to the transition plan for climate change mitigation.

Companies that report a transition plan in accordance with the CSRD reporting requirements will be deemed to have complied with the transition plan obligation in the CS3D.

Where a parent company fulfils the obligation to adopt and put into effect a transition plan for climate mitigation on behalf of a subsidiary, the subsidiary must take steps to operationalise the transition plan. This may require operating subsidiaries to adapt their business model and strategy accordingly.

Transition plans should be developed by referring to any future guidance issued by the EU Commission. Companies may also want to consider referring to best practice guidance, such as that published by the UK’s Transition Plan Taskforce – the IFRS Foundation is now responsible for the Taskforce’s key materials. The transition plan must be reviewed and updated on an annual basis, to include a description of the progress the company has made towards achieving its climate targets.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.