The European Commission plans to cut the red tape companies face by introducing an extensive omnibus package to simplify sustainable finance reporting, taxonomy and sustainability due diligence. The first draft envisages fundamental changes to the EU’s Corporate Sustainability Due Diligence Directive (“CS3D”), offering affected businesses a certain degree of relief. In some cases, the amendments even bring the CS3D more in line with the already applicable requirements of the German Act on Corporate Due Diligence Obligations in Supply Chains (Lieferkettensorgfaltspflichtengesetz, “LkSG”).
Background
In November 2024, Commission President Ursula von der Leyen announced extensive measures to reduce the administrative burden on companies. Working papers from the European Commission show that the aim is to introduce an omnibus package to extensively simplify sustainability finance reporting, taxonomy and sustainability due diligence. The official version of the omnibus package is dated Wednesday, 26 February 2025, but drafts have already been leaked.
Proposed changes to the CS3D
The omnibus package contains in particular amendments to the CS3D, which came into force on 25 July 2024, focusing on eight key points that are intended to reduce the burden on affected companies.
1. Range of provisions requiring full harmonisation to be expanded
The omnibus package is to extend the range of provisions that must be fully harmonised across Member States – i.e. they may not implement any stricter regulations when transposing the provisions into national law. This means that uniform rules are to apply to identifying, preventing and ending potential or actual adverse impacts, in particular, reducing the regulatory burden on individual Member States.
2. Due diligence obligations to focus on direct business partners
Under Article 8 CS3D, companies are obliged to identify and assess actual and potential adverse environmental and human rights impacts arising from their own operations or those of their subsidiaries and, where related to their chains of activities, those of their business partners.
The omnibus package aims to restrict the “in-depth assessment” provided for in Article 8(2), letter (b) CS3D to direct business partners, and if they have fewer than 500 employees, the risk assessment is to be limited to the information which these partners must disclose in their sustainability report (see the information specified in Article 29a of Directive 2013/34/EU).
In contrast, an in-depth assessment of indirect business partners will only be required if there is plausible information suggesting adverse impacts, for example from reputable NGOs or media reports or in cases where circumvention is likely. In this way, the CS3D will adopt the core concept of “substantiated knowledge”, as already provided for in the LkSG in connection with indirect suppliers. However, companies are to use cascading contracts to ensure that their codes of conduct are enforced across the entire chain of activities, including indirect business partners.
3. Last-resort obligation to terminate the business relationship to be eliminated
The CS3D currently requires companies to prevent or remedy potential or actual adverse impacts, including, as a last resort, by terminating business relationships with their business partners. However, since companies may rely on certain suppliers for their deliveries, the omnibus package envisages eliminating this obligation. The last resort should therefore be to suspend business relationships, not terminate them.
4. Term “stakeholder” and the necessary stakeholder engagement in the due diligence process to be restricted
The omnibus package further stipulates that the legal definition of “stakeholder” in Article 3(1), letter (n) CS3D is to be simplified and restricted, ultimately referring only to directly affected stakeholders. This means that other civil society actors will generally be excluded, unless they can demonstrate that they are directly affected. Companies are moreover only to involve directly affected stakeholders when carrying out the stakeholder engagement processes necessary to fulfil their due diligence obligations.
5. Verification interval to be extended
Companies are to regularly monitor the adequacy and effectiveness of their due diligence measures every five years, instead of every year. During this time, however, verification will still need to be carried out ad hoc if there are grounds to believe that the measures taken are no longer adequate or effective.
6. Pecuniary penalty rules to be further specified
According to the European Commission, the CS3D’s provisions on administrative fines are open to misinterpretation. The Commission plans to work with the Member States on publishing guidelines to assist supervisory authorities in setting penalties in line with the CS3D. The “minimum cap” for administrative fines is to be abolished, because fines are to be decoupled from companies’ net worldwide turnover, i.e. the range of fines is to be defined in absolute figures.
7. Civil liability risks to be restricted
The European Commission takes the view that the comprehensive civil liability regime currently laid down in the CS3D must be removed, with the existing national general liability regimes to be used as a basis instead. But the Commission intends to provide a framework for these national liability regimes. In particular, it wants to ensure effective access to justice and full compensation for losses, while excluding any overcompensation. The CS3D’s special rule on third-party standing – benefitting NGOs, for instance – is to be abolished, out of consideration for the legal traditions and systems of Member States.
8. Review clause for financial services to be deleted
The special provision requiring the Commission to review whether additional due diligence requirements are necessary in connection with financial services is to be deleted.
Conclusion and outlook
The changes to the CS3D proposed in the omnibus package could relieve the burden on affected companies and their supply chains. The amendments envisaged by the Commission would also bring the requirements more in line with the LkSG in some key areas, especially by fundamentally restricting the risk assessment obligation to direct business partners. But before the changes become law, they have to go through the EU’s ordinary legislative procedure. It remains to be seen whether they will get the political backing they need. In any case, affected companies should keep a close eye on developments and be ready to respond to the changing legal landscape.
Forward