Whilst the exponential rise in human rights due diligence regulations has brought human rights and environmental due diligence (HREDD) up the corporate agenda, the concept of supply chain due diligence dates back several decades. High-profile exposes of sweatshop labor in the apparel and electronics industries brought attention to unethical practices in supplier factories in the 1990s. After these events, formal frameworks for responsible business were defined by the UN Global Compact in 2000 and later by the UN Guiding Principles on Business and Human Rights (UNGP) as well as the revised OECD Guidelines for Multinational Enterprises in 2011. Today, these frameworks serve as the blueprint for HREDD and have since been adopted as the de facto methodology within global due diligence regulations, for example: the UK and Australia Modern Slavery Acts, the California Transparency in Supply Chains Act, the Transparency Act in Norway and, more recently, the Corporate Sustainability Due Diligence (CS3D) Directive.
CS3D recap
A key focus of CS3D is ensuring that companies address actual and potential adverse impacts. From a human rights perspective, examples include forced labor, child labor, as well as health and safety. From an environmental perspective examples include water pollution, biodiversity loss and carbon emissions. Our approach for adequately managing these adverse impacts is founded on due diligence guidance as proposed by the OECD Guidelines, and is summarized in the following four steps:
1. Identify and assess (potential adverse) human rights and environmental impacts
2. Prevent and mitigate to take appropriate action upon the findings
3. Track and monitor the effectiveness of measures taken
4. Communicate and report about measures taken and progress achieved
In order to adequately address risks and opportunities, these key elements should be integrated into companies’ policies and (compliance and risk) management systems, regardless of any specific compliance requirements and regulatory debates. The priority areas for HREDD should be risk-based and focused on the most significant business impacts. These should also be aligned with the outcomes of the double materiality assessment, and vice versa.
Proposed changes in the EU Omnibus Simplification Package (“Omnibus Proposal”)
The revisions would be extensive, greatly reduce the need for due diligence assessments on indirect business partners and limit the information required from SMEs. The key proposed changes of the original Omnibus Proposal, as summarized in an EY Thought Leadership and below, include:
- Scope: The scope remains unchanged (alignment of CSRD with CS3D threshold).
- Timeline: The application timeline is proposed to be delayed by one year to July 2028.
- Due diligence in the value chain: The due diligence assessment typically focuses on direct suppliers, but if there is plausible information regarding potential or actual adverse impacts involving indirect partners beyond Tier 1, they should also be evaluated. For non-compliant suppliers, the focus is on suspension of relationship and remediation before terminating contracts. The aim is maximum harmonization across the EU to prevent stricter requirements in specific areas of due diligence.
- Civil liability: It removes the EU-wide civil liability regime while preserving access to justice and compensation for victims.
- Penalties: It removes the minimum cap of 5% cap of global turnover, but fines continue to be effective.
- Stakeholders’ definition: Stakeholders are redefined and limited to relevant stakeholders or right-holders who are “directly affected”.
- Transition Plan: It removes the requirement to implement a climate transition plan to align with the CSRD and suggests that transition plans now include “outlining implementation actions, planned and taken”.
- Monitoring: The assessment intervals are extended from annually to every five years with ad hoc assessments for any significant changes to the business relationship.
- Representative action: It removes the provisions on representative actions, allowing existing national rules and traditions to persist.
Please note that due to the ongoing debate on the revised CS3D text, the above is subject to change and it is expected that there will continue to be interim updates and further speculations.
Timelines
One of the most notable proposed changes is the deferment of the transposition timeline for EU Member States to July 2027, with the application for the first group of companies that need to have CS3D implemented set to July 2028. This extension has been approved by the EU parliament on 3 April 2025, and provides businesses with additional time to develop and implement best practices in due diligence. Companies can utilize this period to enhance existing risk management processes and controls, engage with stakeholders, and prepare for compliance.
What selected key aspects of legislation are not intended for change?
The requirement to conduct, human rights and environmental due diligence has not changed. However, the Omnibus proposed changes have limited this to a company’s own operations, those of its subsidiaries, and its direct business partners. This means that mandatory in-depth assessments from a pure compliance point of view will primarily focus on direct partners. However, if a company has plausible information indicating potential adverse impacts at the level of an indirect business partner, such as credible media or nongovernmental organizations’ (NGO) reports, it must conduct a risk assessment and take appropriate steps.
Nevertheless, the likelihood of such impacts and the necessity of performing in-depth assessments differs across industries. For example, some industries are inherently more exposed to salient human rights or social impacts (such as extractives and agriculture). A risk assessment can help to confirm these impacts across the value chain, identify the business relationships (suppliers) associated with the highest risks, and focus HREDD processes and resources on the most salient impacts and business relationships.
What impacts could the proposed changes have on businesses?
Value chain cap
Smaller companies are not directly obligated under the CS3D, but they may still be indirectly impacted when large in-scope companies seek information to fulfil their due diligence requirements. The Proposal seeks to limit these requests to the information outlined in the CSRD Voluntary Sustainability Reporting Standard (VSME Standard), unless there are relevant impacts not covered by the standard. It remains to be seen whether this “one-size-fits-all-sectors” approach will be challenged in the upcoming debate.
HREDD no-regret actions for Swiss businesses
The delay of CS3D provides an opportunity for businesses to better prepare and enhance existing efforts in building comprehensive and robust due diligence approaches together with their business partners in the value chain. Companies who take advantage of this and begin to build programs early will be ready to meet increasing expectations from regulators, investors and broader stakeholders, and build a business that can deliver strong financial and social returns.
Companies should look to establish the below no-regret actions to build resilient supply chains, and ensure they build on existing work already taken through the CSRD or other due diligence regulations (such as the EU Deforestation Regulation and EU Forced Labour Directive) and avoid duplicative compliance efforts. For large companies, EY recommends the following no-regret actions:
