A New Era for Procurement and Compliance

The European Union marked a pivotal moment in its legislative efforts when adopting the Corporate Sustainability Due Diligence Directive (CSDDD).
The directive places significant responsibilities on contracting companies to ensure compliance, shifting the focus to procurement professionals across all levels. It represents a transformative approach to how large companies operating within the EU market address human rights and environmental concerns throughout their value chains.
A milestone in sustainability legislation
The CSDDD officially came into force on July 25, 2024.
Jurei Yada, Programme Lead for Sustainable Finance at E3G, characterised the event as a landmark milestone: "Today's decision marks the happy end to the story of the CSDDD vote in Council, which has been full of plot twists and drama. At stake was establishing stronger due diligence obligations to better protect the people and the environment and we are now almost there to have that framework in Europe. That is cause for celebration."
Member States must transpose the directive into law by July 26, 2026. The extended timeline allows for the staggered implementation of the directive's requirements, giving procurement teams time to prepare for the sweeping changes ahead.
Scope of the directive
The CSDDD targets companies employing more than 1,000 individuals and with a global net turnover exceeding €450 million (US$464m). The threshold encompasses approximately 0.05% of European companies. Non-EU entities generating the same net turnover in the EU market must adhere to the regulations.
Affected companies must identify, prevent, mitigate and account for adverse human rights and environmental impacts throughout their operations, subsidiaries and value chains. Procurement teams, in particular, face expanded responsibilities as the directive introduces a phased implementation schedule to ease the transition.
Penalties for non-compliance
The CSDDD establishes mandatory penalties for violations, with fines reaching up to 5% of a company's global net turnover.
Pierre-Yves Dermagne, Belgian Deputy Prime Minister and Minister of the Economy and Employment, previously remarked: "Large companies must take their responsibilities in the transition towards a greener economy and more social justice. The CSDDD will allow us to sanction those actors that violate their obligations. It is a concrete and significant step towards a better place to live for everyone."
While the directive's passage was a significant achievement, it faced criticism for scaling back its scope compared to earlier drafts.
Pietro Cesaro, Policy Advisor for EU Sustainable Finance at E3G, is among those to have highlighted the challenges: "One of the trickiest challenges in the next EU steps is ensuring a harmonised approach in business practices. Due to political manoeuvring, we have risked losing this within the due diligence realm.
“Thanks to the Belgian presidency, we can now welcome this significant agreement, which, however, covers fewer companies, potentially jeopardising the competitiveness of those outside the scope."
Indirect impact on SMEs
Although the CSDDD does not directly govern SMEs, they will feel its effects indirectly as part of larger corporations' value chains.
The directive includes safeguards to protect SMEs, mandating that larger companies offer support such as capacity building, training and financial assistance.
Terminating relationships with SMEs is only permitted as a last resort to avoid disproportionate harm.
Interplay with other legislation
The CSDDD interacts with existing EU regulations, including the Conflict Minerals Regulation, Batteries Regulation, Deforestation Regulation and the forthcoming Forced Labour Regulation. It establishes minimum harmonisation standards while allowing Member States to impose stricter obligations or expand the scope in certain areas.
Exclusions and limitations
Certain sectors, notably the financial industry, face limited obligations under the directive. Many downstream activities, such as providing loans or investments and alternative investment funds, are excluded from the directive’s scope. The exclusions have drawn criticism for potentially undermining the directive's effectiveness in promoting sustainability.
Strategies for integrating sustainability into procurement
To comply with the CSDDD, procurement teams must adopt new strategies, including:
Policy Development: Crafting sustainable procurement policies aligned with organisational goals.
Measurable objectives: Setting clear targets, such as reducing greenhouse gas emissions or sourcing from certified sustainable suppliers
Sustainability criteria: Incorporating sustainability standards into procurement workflows and RFP evaluations.
Category management: Identifying high-risk procurement categories and developing tailored strategies.
Supplier engagement: Communicating expectations, conducting performance assessments and fostering collaboration.
Training and tools: Equipping teams with the knowledge and resources to evaluate suppliers and make sustainable decisions.
Traceability systems: Implementing mechanisms to monitor the origins of goods.
Continuous Improvement: Regularly update sustainability targets and practices to align with evolving regulations.
Third-Party Certification
Many procurement teams have limited resources, so a company may opt to contract a third party to meet the CSDDD's expectations.
Support, not substitution
The CSDDD recognises the complexities and additional resources required by procurement teams and addresses the role of third-party verification in compliance efforts. However, it clarifies that third-party verification, including industry initiatives and certification schemes, cannot replace a company's due diligence obligations. While independent third-party verification can support the implementation of due diligence requirements, it does not absolve companies of liability.
Supporting compliance, not transferring responsibility
Companies opting to use third-party verification must ensure that their direct and indirect business partners comply with contractual assurances related to due diligence. Despite this, Article 29, paragraph 4 of the directive explicitly states that companies remain liable for adverse impacts even if a third-party verification is employed.
While the CSDDD does not explicitly address provider biases, it emphasises companies retaining ultimate responsibility for due diligence and suggests that they should critically evaluate third-party verifications rather than blindly relying on them. The directive's approach aims to prevent companies from hiding behind certifications or verifications without conducting their own thorough due diligence.
The CSDDD highlights the EU's commitment to sustainable development and corporate responsibility. By enforcing stricter human rights and environmental standards across value chains, the directive aims to foster a greener, fairer economy. Procurement teams play a pivotal role in achieving these objectives, with their actions directly influencing compliance and creating sustainable supply chains.
While the CSDDD does shift significant responsibility to contracting companies, it doesn't create sole liability for supplier non-compliance. Instead, it establishes a framework for shared responsibility and risk-based due diligence throughout the value chain.
Risks of relying solely on third-party certifications
Depending exclusively on third-party certifications for compliance can introduce several potential risks that organisations must be mindful of:
False sense of security
Third-party certifications often represent minimum compliance standards rather than comprehensive security measures. Relying solely on these certifications may create a misleading sense of security, leaving companies exposed to risks beyond the certification scope.
Complacency in security practices
Focusing solely on achieving certification can lead to complacency, as a company may do just enough to meet basic requirements. The approach can stifle efforts toward continuous improvement and developing robust security practices.
Outdated standards
Certification frameworks can lag behind the latest advancements in security technology and methodologies. As a result, companies relying solely on certified measures may remain vulnerable to emerging threats not addressed by outdated standards.
Lack of maturity assessment
Many certifications, such as ISO 27001, do not include maturity levels, which makes it challenging for companies to assess and communicate the true strength of their security posture. The absence of maturity assessment can hinder strategic decision-making and improvement efforts.
Minimal compliance focus
By design, certifications ensure adherence to minimum compliance requirements. While they may satisfy regulatory obligations, they do not necessarily equate to the level of security required to safeguard against sophisticated threats.
Overlooking specific risks
Generic certifications may fail to address unique risk factors facing a company, particularly in complex business environments. If left unmitigated, this oversight can leave critical vulnerabilities.
Regulatory gaps
Third-party certifications may not cover all governmental laws or industry-specific regulations applicable to a company. Relying solely on certifications could result in non-compliance with legal or regulatory requirements.
Mitigating the risks
Procurement teams should adopt a proactive approach beyond third-party certifications to mitigate the risks associated with the CSDDD vulnerabilities.
Key strategies include:
- Comprehensive risk management programmes
Implement robust third-party risk management practices to identify, assess and mitigate potential threats effectively.
- Thorough due diligence
Conduct detailed assessments of vendors' security practices, going beyond certification requirements.
- Continuous Monitoring
Regular monitoring and evaluating the security posture of vendors to ensure compliance and address evolving risks.
By combining certifications with comprehensive risk management practices, procurement teams can enhance their security posture, reduce vulnerabilities and ensure better compliance with regulations and industry standards.
As procurement teams navigate the complexities of the CSDDD's new regulatory landscape, the directive's success will depend on collaboration, innovation and a shared commitment to ethical business practices. The journey may be challenging, but it promises a more sustainable future for industries, communities and the planet.
Claudine Maeijer, an executive at PwC, sums up the role, responsibility and accountability of procurement teams, stating: "Complying with the CSDDD is not a one-off exercise, but an ongoing activity. Companies will have to take moral, societal and social responsibility to do business in a way where sustainability is rooted at the core of the strategy."
To read the full article in the magazine, click HERE.
Explore the latest edition of Supply Chain Digital Magazine and be part of the conversation at our global conference series, Procurement & Supply Chain LIVE.
Discover all our upcoming events and secure your tickets today.
Supply Chain Digital is a BizClik brand
