ResourcesBlog
EU Supply Chain Law: How to Best Equip Your Organisation for Compliance
September 27, 2022
8
 min read

EU Supply Chain Law: How to Best Equip Your Organisation for Compliance

Table of contents
Join Whispli's newsletter
By clicking "Join newsletter", you acknowledge Whispli's Privacy Policy.

Content updated on May 7, 2026

The increasing complexity of global supply chains has raised concerns that some companies, taking advantage of opaque interactions with their suppliers, are indirectly abusing human rights or harming the environment. Several European countries have already passed national legislation to improve human and environmental rights along the supply chain, including Germany with its LkSG. The Corporate Sustainability Due Diligence Directive (CSDDD) was adopted by the European Commission in May 2024 and entered into force in July 2024. However, the Omnibus I package, finalised in December 2025 and published in the EU Official Journal on 26 February 2026, dramatically reduced its scope and pushed back compliance deadlines.  

The CSDDD now applies only to companies with more than 5,000 employees and a net turnover above €1.5 billion, with the first compliance deadline (post-transposition) effectively pushed back to 26 July 2029, and due diligence obligations limited to Tier 1 direct suppliers unless there is plausible information about adverse impacts further down the chain. This "European Supply Chain Act" remains a response to the lack of transparency in global supply chains which endangered human rights or the environment, such as Uyghur forced labor in China or other modern slavery cases. Putting ESG back at the top of organisations' priorities, the CSDDD sets up far-reaching standards to foster sustainable and responsible corporate governance throughout global supply chains.  

EU Supply Chain Act scope and main requirements

A harmonised EU sustainability directive

Global supply chains are getting increasingly complex and getting reliable information on suppliers' operations is a challenge. The CSDDD aims to integrate broader due diligence obligations for companies and requires them to identify, prevent, end or mitigate the negative impact of their activity on human rights and the environment. It sets new rules and harmonises the legal framework for organisations' activity, including their suppliers and subsidiaries through the entire supply chain.

Who does the CSDDD apply to?

Following the Omnibus I revision, the CSDDD now applies to a significantly narrower group than originally proposed. In-scope companies are those with more than 5,000 employees and net worldwide turnover above €1.5 billion. Third-country companies active in the EU are in scope where they generate more than €1.5 billion in EU turnover. Member States have until 19 March 2027 to transpose the revised directive, with obligations for in-scope companies starting from 26 July 2029.

What are the diligence obligations?

Organisations must take appropriate measures to protect human rights and prevent adverse environmental impacts. To comply, organisations must:

  • Integrate due diligence into policies
  • Identify actual or potential adverse human rights and environmental impacts
  • Prevent or mitigate potential impacts
  • Bring to an end or minimize actual impacts
  • Establish and maintain a complaints procedure accessible to all along the supply chain
  • Monitor the effectiveness of the due diligence policy and measures
  • Publicly communicate on due diligence

The Omnibus I revision narrowed the due diligence perimeter to Tier 1 direct suppliers as a baseline. The climate transition plan requirement has also been reduced in scope under the revised directive. In case of non-compliance, national authorities can impose fines capped at 3% of net worldwide turnover.  

Other European requirements for supply chains

Following the Omnibus I revision, the revised thresholds bring the directive closer in scope to the German LkSG, which itself is expected to be replaced by a national transposition of the CSDDD. EU regulation also contains a civil liability mechanism, though following the 2026 revision, this now largely defers to the national tort laws of individual Member States. The CSDDD will also work in tandem with the Sustainable Finance Disclosure Regulation (SFDR) and the Taxonomy Regulation.  

How can companies best prepare for the CSDDD?

Extend the scope of your current compliance program

Since the directive encompasses the global supply chain, companies will need to extend their reach to their established business relationships. Relying on online and mobile solutions is the best way to provide easy access to your reporting system. Ensuring the accessibility of your platform via any internet connection and providing a mobile app will get your compliance program directly where employees work.

Power up your risk prevention with qualitative data

Leveraging technology for your whistleblowing solution will make you gain in efficiency when dealing with the processing and triage of risks thanks to automations. Workflows will systematise the treatment of the risks and generate data that will allow a statistical analysis. Another feature you should look for is the possibility to have two-way secure conversations between whistleblowers and case managers.

Guide & Template

RFP Template for a Whistleblowing Platform

Structure your whistleblowing platform selection and compare vendors on clear, objective criteria.

Download the guide

Stay up to speed with the evolution of your legal environment

The EU Commission is required to publish implementation guidelines by 26 July 2026. Parameters to take into account when selecting a whistleblowing solution should include:

  • The ability to meet data security standards around the world, including in China or Russia.
  • The level of flexibility and configuration of the platform.
  • The user-friendliness of the solution to alleviate the barriers to speaking up.

Conclusion: Navigating the 2026 "Simplification" Era

The Omnibus I revision may have put the CSDDD on a diet, but for the companies that remain in scope, the stakes have never been higher. With the climate transition plan obligations shifting and civil liability reverting to Member State control, compliance in 2026 is no longer about following a single EU script—it’s about building a resilient, localized framework that can withstand 27 different national legal systems.

Whispli provides the secure, anonymous, and multilingual infrastructure that allows you to bridge the gap between your European HQ and your global Tier 1 partners. By automating your scoping exercise and providing a trusted complaints procedure, we help you turn the CSDDD’s complexity into a documented record of corporate integrity.

Ready to take the next step?

Discover how Whispli supports whistleblowing, disclosures, and enterprise governance at scale.

Talk to an expert

Most popular articles to read

May 28, 2026
 min read
Occupational Fraud 2026: What the ACFE Report to the Nations Tells Us About the State of Whistleblowing Systems
Read more
May 12, 2026
6
 min read
How Grievance Mechanisms and Worker Voice Can Help Businesses Fight Modern Slavery
Read more

Explore more resources

White paper: Secure and Anonymous Reporting in the Queensland Public Sector.
White papers
Enhancing Integrity Through Reporting Solutions in the Queensland Public Sector
Learn how reporting solutions can support Queensland’s public sector employees
White paper: Monitoring Compliance Program Metrics.
White papers
Whispli, Your Partner in Monitoring Compliance Program Metrics
Learn how to measure and improve your program’s effectiveness with key metrics
White paper: Strengthening Whistleblowing Programs for APRA CPS 230.
White papers
Strengthening Whistleblowing Programs under APRA CPS 230
Discover how to align your program with APRA CPS 230 and strengthen operational resilience
Discover our platform

Take case management to the next level

Move from fragmented reporting tools to a single, secure system of record designed for complex, global compliance environments.

Talk to our experts to see how Whispli supports whistleblowing, disclosures, and enterprise governance at scale.