The EU Omnibus final outcome: Key changes to CSRD and CSDDD and what to do next

In February 2025, the European Commission proposed its sweeping Omnibus package aimed at simplifying and refining the EU’s sustainability reporting and due diligence landscape. 

The proposed changes affect, among others, two major directives: the Corporate Sustainability Due Diligence Directive (CSDDD) and the Corporate Sustainability Reporting Directive (CSRD).

CSDDD: Due diligence remains a strategic imperative

Key changes to CSDDD by the Omnibus simplification package and implications

• Companies in scope: Increase of employee and turnover thresholds to 5000 employees and turnover €1.5B. Non-EU companies are in scope if they exceed €1.5B turnover within the EU. Includes a review clause to possibly extend its scope.
• Civil liability regime: There will be no new EU-wide civil liability regime; rather, it will be defined by the individual Member States.
• Adverse impact assessment: Allows prioritization of adverse impacts based on severity and likelihood, because not all impacts can be tackled at once; the assessment itself should be done at least every 5 years or ad-hoc in case needed (actual adverse impacts, new market entry, M&A, etc.).
• Contract termination: No contract termination is required - suspension is possible and tied to conditions, i.e. continuing to work with the suppliers towards a solution.
• Penalties: Set at max. 3% of net worldwide turnover.
• Value chain in scope: Risk-based approach focused on those parts of the ´chain of activities´ where actual and potential adverse impacts are most likely to occur and to be most severe. ´Chain of activities´ refers to upstream business partners, own operations and certain downstream activities, i.e. transport.
• Supplier and stakeholder engagement: More targeted, after reasonably available information was considered, allowing for risk-based engagement strategies; information requests to business partners must be necessary (value chain cap connected to their number of employees: 5000)

What stays the same

• Core HREDD requirements: Risk analysis, prevention, mitigation, remediation, and grievance mechanisms remain mandatory.
• Business pressure: Even companies outside the formal scope may face due diligence demands from clients and partners that are in scope, for example, Tier - 1 consumer goods companies supplying large retailers.

LRQA’s key recommendations

• Treat CSDDD as a strategic risk management tool: Strengthen resilience by embedding HREDD into your governance and operations. Investing in enough resources is key- although the timeline has been expanded, it takes time and requires immediate action.
• Understand your value chain: Map and analyse severe risks beyond tier 1, and use this insight to inform decisions rather than treating mapping as a one‑off exercise. Take into account relevant perspectives from affected stakeholders and knowledgeable experts to avoid a reductionist approach that overlooks important impacts and business risks.
• Implement a risk-based approach: Prioritise risks in a systematic way and sequence your actions; make a connection to your existing ERP (if available). Engage with high-risk suppliers in a meaningful and systematic way.
• Get your data right: Check your available risk data on potential adverse impacts on people and see if it covers your business activities and countries in scope
• Teamwork is key: Engage your relevant internal colleagues and implement your HREDD approach joint up - Sustainability, Legal, Human Resources, and Procurement need to work hand in hand
• Start a systematic documentation: Prepare for engagement with enforcement authorities and start documenting your systematic risk-based due diligence approach.

CSRD: Reporting simplified, but expectations persist

Key changes to CSRD by the Omnibus simplification package and implications

• Narrowed scope: The scope now includes EU companies with over 1000 employees and net turnover above €450M. Listed subsidiaries and financial holdings are exempt. Includes a review clause to possibly extend its scope.
• Non-EU companies: The scope includes third-country companies with a net turnover above €450M in the EU for each of the last two consecutive years. Only if the non-EU parent is in scope, subsidiaries or branches with a net turnover above €200M are in scope as well.
• Reporting timeline: Initial wave 1 companies will continue reporting according to the original CSRD and ESRS for three financial years from 1 January 2024. For financial years starting on or after 1 January 2027, the new, narrowed scope will come into effect. Member states are able to exempt wave 1 companies from reporting if they fall out of the narrowed scope through the transposition into national law. Non-EU companies will start reporting on their financial year 2027 or whenever thresholds apply.
• Climate transition plan: Disclosure requirement remains in the ESRS E1 - Climate Change standard. Should be compatible with the EU climate law and the Paris Agreement.
• Sector-specific standards: Sector-specific standards will not be published, but voluntary sector-specific guidance might be developed.
• SME data restrictions: Cap of data requests tied to the Voluntary Sustainability Reporting Standard for non-listed SMEs (VSME). SMEs can decline data requests beyond the VSME scope.
• Assurance: Reports must be assured with limited assurance, where the assurance provider concludes nothing has come to their attention to indicate the information is materially misstated. The EU must adopt limited assurance standards by 1 October 2026 to clarify methodologies and procedures.
• ESRS simplification: EFRAG delivered the Amended ESRS to the EU commission. The Commission must now implement the Amended ESRS as a delegated act in 2026. They are expected to come into effect from financial year 2027.

What stays the same

• Core reporting requirements: Companies must still report on sustainability topics with limited assurance.
• Investor and client expectations: Larger stakeholders will continue to request CSRD-aligned data for their own reporting.

LRQA’s key recommendations

• Use CSRD strategically: Strengthen internal sustainability collaboration and position your company as a responsible leader.
• Develop a climate transition plan: Standards like SBTi and IFRS also expect it. Your clients may need your data for their scope 3 emission reduction efforts.
• Align with CSRD proactively: Even if not in scope, stakeholders may require CSRD-compliant data.

Synergies between CSRD and CSDDD

• Under the CSRD companies have an obligation to identify and report on material sustainability matters along their full value chain. In particular, the Double Materiality Assessment (DMA) under the CSRD requires companies to identify and assess impacts, risks and opportunities in relation to sustainability matters.
• As there are key overlaps in content and methodology between the DMA under the CSRD and the HREDD process under the CSDDD, it makes sense to align the two processes from the start! Effective and efficient implementation saves resources and minimizes risks.
• This is particularly relevant for companies that fall already under the CSRD and have not yet started to build up an appropriate HREDD approach.

Final thoughts