Omnibus developments: What corporate leaders need to know about the future of EU sustainability regulation

Omnibus developments...

CSDDD: Due diligence remains a strategic imperative

Potential key changes and implications

• Companies in scope: Increase of employee and turnover thresholds likely (5000 employees and turnover €1.5B; original proposal by Commission 1000 employees and turnover €450m ). Non-EU companies are in scope if they exceed €450m EU turnover.
• Civil liability regime: Likely no new civil liability regime, but it's up to member states; this bears the risk of a patchwork of different civil liability regimes within the EU.
• Adverse impact assessment: Likely allows prioritisation of adverse impacts based on severity & likelihood, because not all impacts can be tackled at once; the assessment itself should be done every 4-5 years or ad-hoc in case needed (actual adverse impacts, new market entry, M&A, etc.).
• Contract termination: Likely no contract termination required, suspension possible and likely tied to conditions.
• Penalties: Likely tied to max. 5% of turnover
• Value chain in scope: Positions of trilogue parties range from a full risk-based approach to a tier-1 supplier limitation unless “plausible information” justifies deeper supply chain scrutiny.
• Supplier and stakeholder engagement: Likely more targeted, after reasonably available information was considered, allowing for risk-based engagement strategies; Divergence of positions regarding information requests to business partners (value chain cap connected to their number of employees 1000 vs 5000)

What stays the same

• Core HREDD requirements: Risk analysis, prevention, mitigation, remediation, and grievance mechanisms remain mandatory.
• Business pressure: Even companies outside the formal scope may face due diligence demands from clients and partners.

LRQA’s key recommendations

• Treat CSDDD as a strategic risk management tool: Strengthen resilience by embedding HREDD into your governance and operations.
• Map your value chain: Focus on severe risks beyond tier 1 - ignoring them is a business risk.
• Implement a risk-based approach: Prioritise risks and sequence your actions; no company can address all risks simultaneously.

CSRD: Reporting simplified, but expectations persist

Potential key changes and implications

• Narrowed scope: Likely includes companies with over 1000 employees and turnover above €450M. Non-EU companies are in scope if they have large subsidiaries or branches in the EU. Financial holdings and listed SMEs might be exempt.
• Climate transition plan: Stays mandatory in terms of disclosure, either in "compatibility with" or "contributing to" the EU climate law and the Paris Agreement. Implementation obligation probably deleted.
• Sector-specific standards: Will not be developed, but voluntary sector-specific guidance might be published.
• SME data restrictions: Cap of data requests tied to VSME. SMEs might be able to decline data requests beyond the VSME scope. 
• Assurance: Limited assurance remains; reasonable assurance is not expected.
• ESRS simplification: Streamlined standards to be published by EFRAG in December.

What stays the same

• Core reporting requirements: Companies must still report on sustainability topics with limited assurance.
• Investor and client expectations: Larger stakeholders will continue to request CSRD-aligned data for their own reporting.

LRQA’s key recommendations

• Use CSRD strategically: Strengthen internal sustainability collaboration and position your company as a responsible leader.
• Develop a climate transition plan: Standards like SBTi and IFRS also expect it. Your clients may need your data for their scope 3 emission reduction efforts.
• Align with CSRD proactively: Even if not in scope, stakeholders may require CSRD-compliant data.

Final thoughts