Home » Implementing the CSDDD: Early Lessons Learned and Expectations for the New Guidelines

Blog 15 min read

Implementing the CSDDD: Early Lessons Learned and Expectations for the New Guidelines

This blog was originally posted on 20th May, 2026. Further regulatory developments may have occurred after publication. To keep up-to-date with the latest compliance news, sign up to our newsletter.

AUTHORED BY HANNAH JANKNECHT, SENIOR REGULATORY COMPLIANCE SPECIALIST, COMPLIANCE & RISKS

Introduction

On 12 May 2026, Axel Voss (MEP, EPP), the Responsible Business Alliance and Business Europe brought together companies and policy makers to discuss the implementation of the Corporate Sustainability Due Diligence Directive (CSDDD) in four insightful panels.

The conference explored early lessons learned, approaches to risk-based prioritization, and, most importantly, what companies expect from the upcoming CSDDD guidelines.

In his opening remarks, Markus Beyrer, Director General of Business Europe, highlighted the need for companies to effectively monitor CSDDD implementations across the EU Member States, with Spain and potentially Germany expected to issue early implementing drafts. He also underlined the importance of avoiding so-called ‘gold-plating’ in Member State implementations in order to achieve maximum harmonization.

The full agenda, including a list of speakers, can be accessed here.

1. Early Lessons Learned in Due Diligence

Although companies have until 26 July 2029 to prepare for CSDDD compliance, the conference’s first panel made it clear that the time to act is now, since building reliable data systems and engaging effectively with suppliers takes time. To guide this transition, the panel looked at insights from existing compliance efforts, including voluntary OECD and UN frameworks.

Early adopters emphasized that proactive engagement familiarizes their own employees with due diligence processes and provides visibility in the supply chain. Additionally, experiences with legislation like the German Supply Chain Due Diligence Act (LkSG) and the French Duty of Vigilance law have already yielded critical lessons on how to handle incident responses and navigate supplier resistance.

Challenges in Early Adoption

Challenges identified in due diligence implementation include:

Overlap and friction between different due diligence frameworks (CSDDD, EU Batteries Regulation, EU Deforestation Regulation and EU Forced Labor Regulation),
Geopolitical changes, including third-country legislation potentially impeding data collection and due diligence
Moving due diligence from initial set-up to daily operations
Identifying all applicable due diligence frameworks across the globe
Monitoring the regulatory status of these frameworks
Understanding differing expectations and aligning internal operations
Implementing the connection between ESRS, Double Materiality Assessment and CSDDD Due Diligence, including differing terminology

In an ideal world, the CSDDD would have been fully developed and enacted first, followed by sector specific frameworks such as the EU Batteries and EU Deforestation Regulation. In reality, companies now have to deal with the opposite timeline, making robust guidance across frameworks even more important.

Practical Next Steps

Looking at practical next steps, a central theme is the necessity to ‘align, strengthen, and scale’ existing due diligence efforts. While many companies already possess the foundational tools, the current challenge lies in integrating due diligence into daily operations. This requires active collaboration across multiple internal departments, specifically finance, sustainability, EH&S, and procurement.

Although the European Commission is not required to finalize the first set of CSDDD guidelines until 26 July 2027, companies can implement several practical, low-risk ‘no regret actions’ immediately to establish a strong foundation. This includes setting up the right team, introducing the right supplier tools and adopting the concept of risk-based prioritization.

Panelists emphasized that upcoming guidelines must remain high-level enough to leave room for the diverse realities of different industries and corporate structures, avoiding ‘paralysis by analysis’. Instead of a ‘compliance shopping list’, companies need clear, standardized definitions of key terminology and practical examples of how to align due diligence with existing frameworks, such as the ESRS and double materiality assessments.

Finally, not only companies, but also suppliers and the wider public need to become more familiar with the idea that supply chain due diligence does not require risk and error-free supply chains. Instead, the objective is to demonstrate a commitment to constructive engagement, continuous improvement, and effective remediation when issues are identified.

2. How Can Companies Implement Risk-based Prioritization Effectively?

The second panel of the day zoomed in on risk-based prioritization under the CSDDD.

Panelists described a structured “funnel” approach to managing supply chain risks, moving from high-level mapping and area assessments to identifying specific issues, ranking risks, and setting reasonable targets and timelines. Evaluating and ranking these issues should be viewed through the dual lenses of severity and likelihood, with priority given to risks that cannot be remedied once they materialize. To this end, collaborative industry initiatives are vital for obtaining reliable information.

The “canary in the coal mine” for a company’s true commitment to due diligence however is how it responds to actual grievances, testing how a business handles remediation, not just how it maps risks on paper.

Panelists furthermore noted that risk identification and prioritization are not ends in themselves, but rather tools to help companies allocate resources effectively toward their most prevalent issues. Because due diligence is an iterative process, companies may occasionally miss certain risks. The goal is however not to achieve a risk-free supply chain, but to establish a credible, continuous system, making close and careful documentation of the due diligence process crucial.

Finally, the discussion highlighted that while guidance for companies is essential, clarity on regulatory enforcement is equally critical to ensuring a level playing field across member states. Progress is also being made on global alignment, with the OECD currently developing an interoperability platform to help streamline and connect these varying frameworks.

3. What Do Companies Need From the Upcoming Guidelines?

The final panel of the day addressed a crucial question: what do companies actually need from the upcoming European Commission guidance? As a reminder, the Commission is mandated to issue due diligence guidelines by July 2027, followed by guidance on communication and penalties.

Panelists emphasized the need for practical case studies that address varying corporate maturity levels, recognizing that due diligence is an inherently evolving and improving process. Crucially, they noted that the guidelines should not be more ambitious than the directive itself, nor should they reopen political debates that have already been settled. Instead, the guidance should clarify the links between overlapping regulations, provide clear visuals and flowcharts, and answer fundamental operational questions such as What is considered “good enough”? and What does success look like?

When asked to share the single most important thing they hope to see in the upcoming guidelines, the panelists compiled the following collective ‘wishlist’:

Clear, step-by-step instructions on how to translate the directive’s risk-based prioritization framework into daily business operations.
Guidelines that learn from existing corporate best practices to ensure compliance requirements remain realistic and implementable.
Pragmatic guidance on how companies should handle situations where non-EU local laws conflict with CSDDD requirements, recognizing that this is a complex but inevitable business reality.
An acknowledgment that the rollout schedules for various sustainability regulations is not ideal, creating a strong need for more practical, ongoing dialogue between regulators and businesses.

4. What’s Next? – Guideline Consultation and Upcoming Additional Support

The Commission representative attending the final panel confirmed that the Commission is planning to open the public consultation on the due diligence guidelines in early summer 2026 for a period of around 3 months.

Asked how the Commission is going to take standards and private certifications into account, he noted that, while these cannot replace due diligence, they can contribute to a solid due diligence process. To this end, the Commission is planning to set up guidance and fitness criteria for robust initiatives, which will likely also be taken into account by courts and authorities.

Final remarks provided by a representative from DG Growth pointed out that DG Growth is working on upgrading the due diligence platform to include all 6 due diligence relevant EU regulations, helping companies to figure out which regulations are relevant for which sector and type of company. DG Growth is hoping to launch the portal in November 2026.

Stay Ahead Of Regulatory Changes in the CSDDD

Want to stay ahead of regulatory developments in the CSDDD?

Accelerate your ability to achieve, maintain & expand market access for all products in global markets with C2P, your key to unlocking market access, trusted by more than 300 of the world’s leading brands. C2P is an enterprise SaaS platform providing everything you need in one place to achieve your business objectives by proving compliance in over 195 countries.

C2P is purpose-built to be tailored to your specific needs with comprehensive capabilities that enable enterprise-wide management of regulations, standards, requirements and evidence.
Add-on packages help accelerate market access through use-case-specific solutions, global regulatory content, a global team of subject matter experts and professional services.

Accelerate time-to-market for products
Reduce non-compliance risks that impact your ability to meet business goals and cause reputational damage
Enable business continuity by digitizing your compliance process and building corporate memory
Improve efficiency and enable your team to focus on business critical initiatives rather than manual tasks
Save time with access to Compliance & Risks’ extensive Knowledge Partner network