Content updated on May 7, 2026
The increasing complexity of global supply chains has raised concerns that some companies, taking advantage of opaque interactions with their suppliers, are indirectly abusing human rights or harming the environment. Several European countries have already passed national legislation to improve human and environmental rights along the supply chain, including Germany with its LkSG. The Corporate Sustainability Due Diligence Directive (CSDDD) was adopted by the European Commission in May 2024 and entered into force in July 2024. However, the Omnibus I package, finalised in December 2025 and published in the EU Official Journal on 26 February 2026, dramatically reduced its scope and pushed back compliance deadlines.
The CSDDD now applies only to companies with more than 5,000 employees and a net turnover above €1.5 billion, with the first compliance deadline (post-transposition) effectively pushed back to 26 July 2029, and due diligence obligations limited to Tier 1 direct suppliers unless there is plausible information about adverse impacts further down the chain. This "European Supply Chain Act" remains a response to the lack of transparency in global supply chains which endangered human rights or the environment, such as Uyghur forced labor in China or other modern slavery cases. Putting ESG back at the top of organisations' priorities, the CSDDD sets up far-reaching standards to foster sustainable and responsible corporate governance throughout global supply chains.
EU Supply Chain Act scope and main requirements
A harmonised EU sustainability directive
Global supply chains are getting increasingly complex and getting reliable information on suppliers' operations is a challenge. The CSDDD aims to integrate broader due diligence obligations for companies and requires them to identify, prevent, end or mitigate the negative impact of their activity on human rights and the environment. It sets new rules and harmonises the legal framework for organisations' activity, including their suppliers and subsidiaries through the entire supply chain.
Who does the CSDDD apply to?
Following the Omnibus I revision, the CSDDD now applies to a significantly narrower group than originally proposed. In-scope companies are those with more than 5,000 employees and net worldwide turnover above €1.5 billion. Third-country companies active in the EU are in scope where they generate more than €1.5 billion in EU turnover. Member States have until 19 March 2027 to transpose the revised directive, with obligations for in-scope companies starting from 26 July 2029.
What are the diligence obligations?
Organisations must take appropriate measures to protect human rights and prevent adverse environmental impacts. To comply, organisations must:
- Integrate due diligence into policies
- Identify actual or potential adverse human rights and environmental impacts
- Prevent or mitigate potential impacts
- Bring to an end or minimize actual impacts
- Establish and maintain a complaints procedure accessible to all along the supply chain
- Monitor the effectiveness of the due diligence policy and measures
- Publicly communicate on due diligence
The Omnibus I revision narrowed the due diligence perimeter to Tier 1 direct suppliers as a baseline. The climate transition plan requirement has also been reduced in scope under the revised directive. In case of non-compliance, national authorities can impose fines capped at 3% of net worldwide turnover.
Other European requirements for supply chains
Following the Omnibus I revision, the revised thresholds bring the directive closer in scope to the German LkSG, which itself is expected to be replaced by a national transposition of the CSDDD. EU regulation also contains a civil liability mechanism, though following the 2026 revision, this now largely defers to the national tort laws of individual Member States. The CSDDD will also work in tandem with the Sustainable Finance Disclosure Regulation (SFDR) and the Taxonomy Regulation.
How can companies best prepare for the CSDDD?
Extend the scope of your current compliance program
Since the directive encompasses the global supply chain, companies will need to extend their reach to their established business relationships. Relying on online and mobile solutions is the best way to provide easy access to your reporting system. Ensuring the accessibility of your platform via any internet connection and providing a mobile app will get your compliance program directly where employees work.
Power up your risk prevention with qualitative data
Leveraging technology for your whistleblowing solution will make you gain in efficiency when dealing with the processing and triage of risks thanks to automations. Workflows will systematise the treatment of the risks and generate data that will allow a statistical analysis. Another feature you should look for is the possibility to have two-way secure conversations between whistleblowers and case managers.
Stay up to speed with the evolution of your legal environment
The EU Commission is required to publish implementation guidelines by 26 July 2026. Parameters to take into account when selecting a whistleblowing solution should include:
- The ability to meet data security standards around the world, including in China or Russia.
- The level of flexibility and configuration of the platform.
- The user-friendliness of the solution to alleviate the barriers to speaking up.
Conclusion: Navigating the 2026 "Simplification" Era
The Omnibus I revision may have put the CSDDD on a diet, but for the companies that remain in scope, the stakes have never been higher. With the climate transition plan obligations shifting and civil liability reverting to Member State control, compliance in 2026 is no longer about following a single EU script—it’s about building a resilient, localized framework that can withstand 27 different national legal systems.
Whispli provides the secure, anonymous, and multilingual infrastructure that allows you to bridge the gap between your European HQ and your global Tier 1 partners. By automating your scoping exercise and providing a trusted complaints procedure, we help you turn the CSDDD’s complexity into a documented record of corporate integrity.
Explore more resources
Take case management to the next level
Move from fragmented reporting tools to a single, secure system of record designed for complex, global compliance environments.
Talk to our experts to see how Whispli supports whistleblowing, disclosures, and enterprise governance at scale.










.webp)

.webp)
.webp)



.webp)






%201.avif)
%201%20(2).avif)
%201%20(1).avif)
