Simplification, not suspension: why CS3D still matters for executive teams

While timelines and scope have shifted, the financial, operational and reputational stakes remain high for large firms.

Why CS3D matters now 

For senior executives, CS3D is no longer just a regulatory file to track. It is a decision about risk, capital and resilience.

The Corporate Sustainability Due Diligence Directive (CS3D) reshapes how large companies identify and manage human rights and environmental risks across their operations, subsidiaries and value chains. It covers 32 defined impact areas and introduces legal accountability for failures to prevent, mitigate or remediate harm.

In 2025, the directive entered a new phase. Following pressure from several EU Member States and industry groups, the European Parliament approved the “Sustainability Omnibus” package in December. The changes materially alter timing and scope:

• Higher thresholds for companies in scope
• Narrowed obligations in several areas
• Removal of the requirement to formally submit a climate transition plan
• A later deadline for national transposition
• Mandatory compliance pushed back to as late as July 2029

These changes have been formal endorsed by the European Commission, and thus entered into force on 18 March 2026. However whilst the push back to July 2029 is meaningful,  it does not change the underlying executive challenge.

Companies that remain in scope still face significant operational expectations and cost exposure. At the same time, supply chains are under growing strain from geopolitical fragmentation, trade restrictions and climate related disruption. In this context, CS3D functions less as a future compliance hurdle and more as a structured framework for managing near-term risk and long-term value.

How many businesses are affected

The Omnibus proposal significantly reduces the number of companies directly in scope.

• Under the original CS3D thresholds, around 3,400 companies would have been affected in Europe
• Under the revised thresholds of at least 5,000 employees and €1.5bn in global turnover, this falls to around 1,000 companies
• For non‑EU firms, an estimated 200–300 remain in scope, down from around 900

For those companies, the obligations that remain are substantial. Reduced breadth does not mean reduced scrutiny. Instead, the focus shifts to deeper, more defensible due diligence where risk is highest.

What CS3D requires in practice

Narrower scope, deeper expectations

CS3D moves companies from disclosure to action.

Under the Omnibus package, due diligence requirements concentrate primarily on tier‑1 business partners. Deeper tiers must still be assessed where there is plausible evidence of significant adverse impacts. While this narrows the initial scope, it increases the depth and quality of evidence expected.

Firms are legally required to manage risks across 32 distinct human rights and environmental impact areas. This goes beyond high‑level policies or desktop assessments. It requires site‑specific, auditable evidence linked to operations and subsidiaries.

In practice, this means:

• Embedding due diligence into corporate policies
• Identifying and assessing actual and potential adverse impacts
• Preventing or mitigating potential impacts
• Establishing effective grievance mechanisms
• Monitoring whether interventions work
• Communicating progress through public reporting

Each step carries implications for cost, governance and accountability.

Appropriate measures and credible plans

A central obligation under CS3D is the requirement to take “appropriate measures” to influence supplier behaviour.

This is not limited to contractual clauses. Depending on risk and leverage, it can include financial or technical support for SME suppliers to enable compliance. For many organisations, this becomes the single largest driver of cost and management effort.

Although the Omnibus removes the formal requirement to prepare and disclose a climate transition plan, expectations have not disappeared. Companies are still expected to maintain credible plans with concrete targets and timelines to mitigate adverse climate impacts across their value chains. These expectations extend beyond the disclosure‑led requirements of CSRD and are closely linked to civil liability risk.

What CS3D is likely to cost

The Omnibus reduces overall compliance costs, but the remaining exposure is still material.

For a company with around 500 tier‑1 suppliers, total CS3D‑related expenditure is estimated at approximately €1m over a five‑year period.

Actual costs vary based on:

• The number of direct and indirect suppliers
• Supplier maturity and risk profile
• The nature of activities and geographies involved

One‑off costs typically include:

• Development of due diligence policies and risk assessment processes
• Establishment of grievance mechanisms
• Integration of requirements into contracts and procurement systems
• Supplier onboarding and training

Ongoing annual costs typically include:

• Regular risk assessments, monitoring and audits
• Operation of grievance and remediation processes
• Maintenance of supplier data and reporting, including alignment with CSRD

Supplier interventions are the dominant cost driver. For mature suppliers, intervention costs may be zero. For others, costs can beyond €100k per supplier, depending on the level of support required.

“Supplier interventions are the single biggest driver of cost.”

The cost of inaction

Non‑compliance carries significant downside.

Once mandatory application begins in July 2029, companies may face financial penalties of up to 3% of global net turnover. Civil liability may also apply where harm results from intentional or negligent failures to meet CS3D obligations.

The indirect costs can be larger. These include lost contracts, restricted market access, higher cost of capital and long‑term reputational damage. For large corporates, these impacts can easily exceed the investment required to build robust due diligence systems.

The financial question is not whether CS3D costs money. It is whether the organisation pays in controlled investment today or in unplanned penalties and disruption later.

How executive teams should respond

For companies that remain in scope, CS3D is a multi‑year transformation, not a one‑off compliance exercise.

The long implementation timeline can create false comfort. Building defensible due diligence, supplier capability and internal governance takes time. Leaders who act early gain more control over cost, risk and optionality. Those who wait compress decisions into a narrow window, often at higher cost and lower quality.

A pragmatic response typically involves six linked decisions.

Close the data gaps early

CS3D raises the evidentiary bar.

Executives should assume that high‑level estimates will not be sufficient. Demonstrating “appropriate measures” and mitigating civil liability requires auditable, site‑specific evidence.

Priority datasets typically include:

• Value chain mapping: geographic origin of materials, supplier locations and subsidiary control
• Social impacts: site‑level data on child and forced labour, living wages and health and safety certifications
• Environmental impacts: localised water stress, pollution exposure and deforestation risk
• Due diligence records: grievance logs, audit outcomes and remediation actions

The earlier these gaps are identified, the more flexibly organisations can sequence investment and supplier engagement.

Design for regulatory divergence

CS3D sets a baseline, not a ceiling.

National implementations are likely to diverge, particularly in jurisdictions such as Germany, France and the Netherlands. Systems built narrowly to meet minimum EU requirements risk rework.

Future‑proofed approaches emphasise modularity. They allow additional requirements to be layered without rebuilding core processes, data models or governance structures.

This reduces long‑term cost and avoids repeated disruption to procurement and operations teams.

Use cost modelling to prioritise spend

CS3D introduces choices, not just obligations.

Not every supplier carries the same risk or requires the same intervention. Forward‑looking cost modelling helps executives understand where exposure sits and where investment delivers the greatest reduction in risk.

Effective modelling links:

• Supplier risk profiles
• Likely intervention pathways
• One‑off versus ongoing costs
• Trade‑offs between remediation, supplier substitution and exit

For CFOs, this creates a clearer line of sight between sustainability decisions, cash flow and medium‑term financial planning.

Act before certainty arrives

The pause in transposition is not a pause in expectations.

Investors, customers and civil society continue to demand supply chain transparency and credible action. These pressures already affect access to capital, contract awards and brand trust.

Although formal climate transition plan submissions are no longer required, companies are still expected to maintain credible targets, timelines and measures to address climate impacts across their value chains. These expectations extend beyond CSRD disclosure and are increasingly tested through litigation and stakeholder scrutiny.

Waiting for full legal certainty risks leaving insufficient time to design, coordinate and operationalise effective responses.

Integrate CS3D with existing ESG and CSRD efforts

Standalone CS3D programmes create duplication.

Integrating due diligence with existing ESG governance, CSRD reporting and climate risk management improves efficiency and consistency. It also helps organisations reuse data, controls and assurance processes already in place.

For executives, this reduces total cost of ownership and strengthens internal accountability across finance, procurement, legal and sustainability functions.

Use CS3D as a resilience lens

CS3D offers more than compliance.

By requiring deeper visibility into tier‑1 and, where relevant, tier‑N suppliers, the framework exposes hidden dependencies. These often sit in geopolitically unstable regions or sectors vulnerable to sanctions, climate shocks or labour disruption.

Used proactively, CS3D analysis supports:

• Identification of concentration risk
• Diversification of sourcing hubs
• Earlier detection of supply chain fragility
• Stronger alignment with strategic suppliers

“Used well, CS3D turns supply chain transparency into a source of resilience.”

In volatile markets, this can become a competitive advantage.

Final reflections

The Omnibus simplifies CS3D. It does not neutralise it.

For companies that remain in scope, the directive continues to shape expectations around accountability, transparency and supply chain governance. Financial penalties, civil liability and indirect commercial impacts remain material.

The core executive decision is timing.

Organisations that use the extended runway to build data, governance and supplier capability gain control over cost and risk. Those that defer action face compressed timelines, higher spend and reduced strategic choice.

Simplification is not suspension. It is an opportunity to act deliberately.