No law, no problem?

This spring has brought in a wave of first sustainability reports prepared in accordance with the EU’s Corporate Sustainability Reporting Directive (CSRD). The Corporate Sustainability Due Diligence Directive (CSDDD), which will incongruously come into force after the reporting requirements, was supposed to clarify some of the expected actions behind companies’ CSRD reporting. These requirements were intended to extend across value chains and thus indirectly impact small and medium-sized companies as well.

However, the EU’s recent Omnibus package will delay the implementation schedule and potentially weaken mandatory due diligence requirements, including expectations to go beyond first-tier suppliers, stakeholder engagement, and information requests.

What does this all mean – and what should companies do now? Is due diligence only relevant for large companies and are small and medium-size enterprises off the hook? Is there time to wait?

Sustainability has never been a matter of compliance – and it hasn’t become one now, even if minimum standards have been raised. Human rights violations, climate change and biodiversity loss along with their short- and long-term business implications have not disappeared. Stakeholder expectations are not likely to decrease, and it’s unclear how large companies and investors can fulfill their obligations if information requests are limited. Finally, the content changes proposed by the Omnibus package have not yet been accepted, and besides CSDDD, due diligence requirements also stem from multiple other regional and national laws, both within and outside Europe.

Regulation or no regulation, sustainability due diligence is nothing new. Soft law elements, such as the OECD Guidelines for Multinational Enterprises and the United Nations Guiding Principles for Business and Human Rights (UNGPs), have been around and enforced by forerunners for years, if not decades.

Due diligence in the broader sense is also a common practice in business. Companies routinely conduct due diligence when entering new relationships or markets to ensure informed decision-making and long-term value creation – for example, in investment decisions, mergers and acquisitions, or supplier onboarding.

Sustainability due diligence follows the same logic. Rather than being a compliance issue, it should be seen as a critical success factor for future-proofing business. Rooted in a thorough understanding of a company’s value chain and stakeholders, sustainability due diligence is a dynamic process of identifying and managing environmental and human rights risks and impacts associated with business operations.These risks and impacts can directly affect employee well-being, performance, and talent attraction (also in the supply chain), access to financing, operational continuity, brand value, market access, and the availability of natural capital. When embedded in core governance, sustainability due diligence helps build resilience in the ever-changing operating environment and becomes a driver of sustainable business growth.

Regardless of regulation, the best way forward for companies of all sizes is to get familiar with the due diligence process outlined in the UNGPs and OECD Guidelines, and to begin the work in a reasonable, step-by-step manner. Existing and upcoming due diligence regulation is largely based on these soft-law elements, which provide a solid foundation for meeting both legal requirements and stakeholder expectations. The principles can be applied to companies of all sizes and industries. 

In brief, companies are expected to set a commitment, identify and assess their most significant sustainability impacts and risks, and take action – not as a one-off project, but as a continuous process integrated into other company policies and practices, including but not limited to sourcing, HR, risk management, product and service development, and marketing. It is essential to involve stakeholders in the process, particularly affected people within the value chain, and provide accessible grievance channels for raising concerns and remedy in case of violations. A good way to begin the work is to map the value chain and identify affected and particularly vulnerable groups of people.

It’s important to understand that due diligence will never be ‘done’ – it is an ongoing process that will help in future-proofing your business in the long run. The key is to get started and improve along the way.