European Union (EU) sustainability reporting and due diligence

A guide for Canadian businesses - March 2025

On this page

This snapshot of the EU’s evolving landscape of sustain ability reporting and due diligence is designed to help Canadian companies understand what is in the Corporate Sustainability Due Diligence Directive, the Corporate Sustainability Reporting Directive, and the EU Taxonomy as of March 2025, with the aim of providing companies initial guidance on how to comply with the EU framework.

That said, companies should be aware that, on February 26, 2025, the European Commission tabled its proposed legislation (“Omnibus Simplification Package”) to amend the CSDDD, CSRD and the Taxonomy, which will impact certain obligations and the scope of application of these initiatives, the extent of which will depend on the outcome of the EU’s legislative process underway.

Corporate sustainability due diligence directive (CSDDD)

The CSDDD establishes a horizontal legal framework requiring companies to identify, prevent, mitigate, and remedy adverse human rights and environmental impacts within their own operations and value chains. It mandates robust governance, management systems, and supply chain due diligence measures, including strategies aligned with the Paris Agreement.

Enforcement will be carried out by EU Member States through administrative supervision, sanctions and civil liability, with the European Commission’s support via ac companying measures and guidelines. The CSDDD is a horizontal framework, which is also supplemented by other product or topic specific legislation such as the Conflict Minerals Regulation, the Batteries Regulation, the Deforestation Regulation and the Forced Labour Regulation.

Key elements

Scope

Application: Applies to EU companies with over 1,000 employees and €450 million annual turnover, and non EU companies with €450 million turnover within the EU. While directly impacting approximately 5,000 companies having operations in the EU, its influence indirectly extends to smaller entities within their supply chains, as they will be subject to due diligence policies and compliance monitoring by their larger business partners.

Subsidiary exemption: Parent companies can fulfil due diligence obligations on behalf of subsidiaries, re quiring subsidiary adherence to the group due diligence policy. This way, it is not necessary for each subsidiary to comply with administrative requirements and write their own due diligence policy.

Material: Covers the “chain of activities,” encompassing upstream (production, sourcing, etc.) and downstream (distribution, transport, storage) processes

Protection: Requires safeguards against adverse im pacts on human rights (as defined by international con ventions, including those of the International Labour Organization) and the environment (often linked to inter national instruments or in terms of indirect impacts on human rights, e.g. access to safe water).

Due diligence obligations

System and policies: Companies must integrate a risk based due diligence system, including a long-term approach, processes, and a code of conduct, reviewed and updated every two years, in consultation with employees.

Impact assessment: Requires identifying and assessing actual and potential adverse impacts across the chain of activities (see Scope – Material on page 2), prioritizing the most severe impacts.

Prevention and mitigation: Companies must implement measures to prevent or mitigate adverse impacts, considering factors like proximity to the impact and influence over business partners. This may involve action plans, contractual assurances, investments, providing targeted financial support to SME partners, and ultimately, terminating business relationships as a last resort.

Remediation: Companies must address actual ad verse impacts, minimizing them if an immediate resolution is not possible. Actions include neutralizing the impact and putting into place corrective action plans (which should be covered by contractual assurances from business partners and include targeted financial support for SMEs, if necessary). Termination of business relation ships is a last resort.

Verification: Companies need to verify compliance by business partners with their due diligence policy, either using an independent third party expert or by leveraging industry certification initiatives.

Meaningful engagement: Requires stakeholder engagement (information-sharing and consultation) at various stages of due diligence, potentially through multi-stakeholder initiatives.

Notification and complaint procedure: Establishes a transparent complaint procedure for affected parties and relevant organizations, requiring companies to address well-founded complaints submitted to them.

Monitoring and communication: Companies must assess due diligence effectiveness annually or after significant developments, updating the process as needed. They will also need to include a specific due diligence statement in their annual report. The specific content of the due diligence statement is regulated by the Corporate Sustainability Reporting Directive. The due diligence statement reported by the company is filed together with the annual report and authorities make it publicly avail able through the ‘European Single Access Point’ (once established, anticipated by 2029).

Accompanying measures and guidelines

The European Commission will develop by 2027 model contractual clauses, sector-specific impact assessment guidance, risk assessment guidelines, information source guidance, and stakeholder engagement guidance. Member States will provide support through dedicated websites and potential financial aid for SMEs, including SMEs that are subsidiaries of Canadian companies. The Commission will also publish guidance on industry certification schemes, multi-stakeholder initiatives, and third party verification, and establish a help desk available to all companies in scope.

Climate change

Companies must adopt and implement a transition plan aligning their business model and strategy with the Paris Agreement’s target to limit global warming to 1.5 °C and the target of climate neutrality by 2050 as established by the EU Climate Law. This plan should include time-bound targets covering scope 1, 2, and 3 emissions, decarbonization levers (strategies and actions such as increasing energy efficiency, switching to low carbon energy or carbon offsetting), explanation of investment and funding for the transition plan and the role of administrative bodies. The plan should be updated annually including a description of progress.

Administrative provisions

Authorized representative: Each company must designate an authorized representative within the EU. The representative would act as a point of contact with EU and national authorities in order to facilitate enforcement and compliance monitoring.

Supervisory authorities: Each Member State will designate competent authorities to supervise CSDDD compliance, which will take part in a network facilitated by the European Commission. The network of authorities will be required to identify third country companies in scope of the directive and coordinate enforcement among these companies if they operate across multiple Member States. Competent authorities have powers to demand information, investigate, conduct inspections, order cessation of infringements, and impose penalties.

Substantiated concerns: Individuals and organizations can submit concerns to supervisory authorities, with a right to judicial review.

Penalties: Member States will implement effective, proportionate, and dissuasive penalties directly applied by competent national authorities based on their national legal systems. Penalties may include administrative fines of up to 5% of net worldwide turnover.

Civil liability: Companies can be held liable for intentional or negligent failure to comply with due diligence obligations that causes damage to a natural or legal person. Joint liability applies with subsidiaries or business partners in cases of shared responsibility.

Legal action: Rules for bringing damage actions must not be overly restrictive or costly, with a minimum five-year limitation period and possibility to seek injunctions. Injured parties can authorize trade unions and NGOs to bring actions.

Timeline

Member States are required to adopt national implementing laws by July 2026. The application is phased in as follows:

Corporate sustainability reporting directive (CSRD)

The CSRD aims to bring sustainability reporting to the same level as financial reporting in the legal framework, so that investors and stake holders can receive standardized information about the sustainability impacts, risks and opportunities of companies and their value chains that is relevant, comparable and reliable.

In particular, it requires that companies’ annual management reports contain sustainability statements aligned with European Sustainability Reporting Standards (ESRS), developed by the European Financial Reporting Advisory Group. These new reporting standards cover the full spectrum of environmental, social and governance (ESG) topics and follow the double materiality principle, which means that a company shall report not only information about the impact of ESG issues, but also the impacts that the company and its value chain have on the environment and society.

Large company thresholds

2 out 3 of the following criteria:

  • 50mln annual net turnover;
  • 250 average employees;
  • 20mln balance sheet assets.

The criteria apply at individual undertaking and at consolidated group level.

Key elements

Scope and first-time application

Sustainability reporting

  • Double materiality: Reporting on financial risks and opportunities for the company and the company’s own impacts.
  • ESRS: Standardized reporting content through ESRS.
  • EU environmental taxonomy: EU capital markets legislation establishes a Taxonomy of ‘sustainable eco nomic activities’ for the purpose of defining sustainable investments. The Taxonomy requires asset managers, banks and insurance companies to disclose the ratio of sustainable activities in their investment portfolio, and listed companies to disclose the turnover generated from ‘sustainable activities’. CSRD expands this obligation to all companies in its scope.
  • Management report integration: Companies have to integrate sustainability statements into the (consolidated) Management Report.
  • Digital tagging: Companies are required to apply digital tagging to make sustainability statements machine readable. This will ensure data can be easily accessed and analysed by investors.

Assurance and supervision

  • Mandatory assurance: The statutory auditor has to provide an opinion about the compliance of the sustainability report with the reporting standard. This would initially be done under a lighter auditing regime of limited assurance, transitioning to reasonable assurance (the same level as for the financial statement) in 2028.
  • Board and Audit Committee oversight: Oversight of the sustainability reporting process under corporate governance rules.
  • Sanctions and enforcement: Sanctions applicable to financial reporting are extended to sustainability reporting.

Subsidiary inclusion

Subsidiaries of third country groups are subject to CSRD based on the same rules and timeline as EU companies. The company may opt to exempt its subsidiaries and include all the information in the consolidated group report. A third country company has three options for complying with CSRD:

  1. Reporting at the level of the individual subsidiary.
  2. Reporting at the level of the EU holding entity. Where an EU-based holding entity does not exist, a third country company may artificially consolidate all its EU-based subsidiaries into one single report.
  3. Reporting at the global level using the EU ESRS standards. The Commission may in the future decide to recognize other standards as equivalent for the purpose of exempting EU subsidiaries.

Third country issuer inclusion

Any undertaking with securities admitted to trading on an EU regulated market is subject to reporting using ESRS standards regardless of its location. Large undertakings must report at the level of the individual listed entities, while listed SMEs may benefit from subsidiary exemption.

Third country undertaking inclusion

Third country groups with EU subsidiaries/branches and €150 million in revenues within the EU are subject to CSRD. The subsidiary/branch must publish a report covering the information at the level of the global group.

Omnibus simplification package

The Omnibus Simplification Package (I), proposed by the European Commission on February 26, 2025 and now undergoing legislative scrutiny in the European Parliament and Council of the EU, consists of two directives amending the CSDDD, CSRD and EU Taxonomy (including delaying the dates of application for the CSDDD and CSRD) in order to simplify and streamline obligations for companies.

While the core obligations are expected to remain, the Omnibus package seeks to revise certain significant elements of the three initiatives, mainly to provide additional time for companies to prepare for their obligations under the directives and to reduce the administrative burden on businesses.

Key proposed changes

Higher thresholds of applicability

  1. Companies with more than 1000 employees and either more than 50 million turnover or 25 million assets.
  2. Non-EU Companies: The Directive continues to apply to non-EU companies that generate more than €450 million in net turnover within the EU (increased from €150 million.

Postponement of due diligence obligations

Amending the CSDDD by postponing the transposition deadline as well as the application of the Directive by 1 year for the first group of companies (the largest EU companies and certain non-EU companies) in the scope of the Directive.

  • New transposition deadline for Member States: July 26, 2027 (previously July 26, 2026)
  • New application deadline for the first group of companies (EU companies with >5,000 employees and €1.5 billion turnover worldwide and non-EU companies with €1.5 billion turnover in the EU): July 26, 2028 (previously July 26, 2027)
  • Application for all other non-EU companies falling under the general scope of the Directive: July 2029

Postponement of reporting obligations

Amending the CSRD by introducing a 2-year postponement of the sustainability reporting requirements for all large companies and listed SMEs – including non-EU companies that meet these size thresholds – currently in scope and required to comply with sustainability reporting rules from financial year 2025 onwards.

  • Large undertakings (more than 250 employees; 50 million EUR turnover; 25 million EUR assets) New deadline: Financial years starting on or after January 1, 2027 (previously January 1, 2025)
  • EU listed SMEs New deadline: Financial years starting on or after January 1, 2028 (previously January 1, 2026)

Optional taxonomy reporting regime

Amending the EU Taxonomy indirectly by allowing certain large undertakings to disclose information related to the Taxonomy in a more flexible way. This includes allowing large companies with more than 1000 employees and a net turnover not exceeding €450 million to choose whether or not to disclose information on how their activities align with the EU Taxonomy.

Given the current legal uncertainty surrounding compliance, we recommend a proactive approach: begin identifying your company's material ESG risks, impacts, and opportunities across your value chain. Develop corresponding policies, actions, and targets. This strategic exercise will not only prepare you for compliance but also add significant value to your business. Even if reporting requirements are simplified or narrowed in scope, companies that have strategically addressed the CSRD and CSDDD will be well-positioned. They will have already gained a competitive advantage by uncovering and leveraging valuable business insights for informed decision-making and investment strategies.

Practical tips to embark on the journey of EU corporate sustainability regulations

1

Understand the scope and applicability

Determine if you're directly in scope: Carefully assess your company's size, turnover, and location to see if you fall under the CSDDD or CSRD's direct requirements.

Consider indirect impacts: Even if not directly obligated, recognize that you'll likely be part of the value chain of companies that are, so prepare for requests for information and collaboration.

2

Conduct thorough assessments

Financial risk: Evaluate how environmental factors might impact your company's financial performance (e.g. resource scarcity, regulatory changes, reputational risks).

Impact on environment and society: Analyze your company's activities and their effects on the environment (emissions, waste, resource use) and on people (human rights, community well-being).

Gap analysis

Data availability: Identify where you lack data to meet reporting requirements and develop systems for collection.

Process gaps: Evaluate if your current processes are sufficient for due diligence and reporting, and where improvements are needed.

3

Build robust systems and processes

Due diligence

System Integrate: Embed environmental and social due diligence into your overall risk management and governance structures.

Policies and procedures: Develop clear policies, processes, and a code of conduct for environmental and social due diligence.

Regular reviews: Ensure your system is reviewed and updated at least every two years, or more frequently as needed.

Data collection and management

Identify key metrics: Determine the specific environmental data you need to collect (e.g. emissions, waste, water use, resource consumption).

Data collection mechanisms: Implement systems for accurate and reliable data collection across your operations and supply chain.

Data storage and analysis: Establish secure data storage and analytical tools to track progress and identify areas for improvement.

4

Engage with stakeholders

Internal engagement

Cross-functional collaboration: Involve representatives from different departments (operations, procurement, legal, sustainability) to ensure a holistic approach.

Employee consultation: Consult with employees in developing environmental policies and procedures.

External engagement

Supply chain: Communicate your environmental expectations to suppliers and work with them to improve their performance.

Local communities: Engage with communities affected by your operations to understand their concerns and address potential impacts.

NGOs and other organizations: Consider collaborating with NGOs and other stakeholders with expertise in environmental issues.

5

Take action

Prevention and mitigation

Prioritize: Focus on the most significant environment al risks and impacts.

Action plans: Develop and implement plans to prevent or mitigate these impacts.

Contractual assurances: Seek contractual commitments from suppliers and business partners regarding environmental performance.

Remediation

Address impacts: Take steps to address any actual environmental harm caused by your operations.

Corrective actions: Implement corrective actions to prevent future occurrences.

6

Stay informed and adaptable

Regulatory updates: Keep up-to-date with the evolving regulatory landscape in the EU, including the CSDDD, CSRD, EU Taxonomy, and the Omnibus simplification package.

Industry best practices: Stay informed about emerging industry best practices in environmental due diligence and reporting.

Seek expert guidance: Consider seeking advice from environmental consultants or legal experts to navigate the complexities of these requirements.

7

Transparency and communication

Communicate Progress: Communicate your environmental performance and progress to stakeholders through your website and other channels.

Be open: Be transparent about your environmental policies, practices, and challenges.

Stakeholder dialogues: Engage in open dialogue with stakeholders about your environmental performance.

8

Additional tips

Start early: Don't wait until the last minute to begin your environmental due diligence and reporting efforts.

Prioritize: Focus on the most significant environmental risks and impacts first.

Continuous improvement: Environmental and social due diligence is an ongoing process. Continuously monitor your performance and identify areas for improvement.

Collaboration: Collaborate with your suppliers, business partners, and other stakeholders.

Additional Information

Date published: