Following the EU Commission’s proposed Omnibus Directives (the Omnibus Proposals) to amend the European Union’s Corporate Sustainability Due Diligence Directive (CSDDD) and Corporate Sustainability Reporting Directive (CSRD), the debate around their potential impact on the scope of European regulatory compliance obligations has raised more questions than answers. Rather than clarifying areas of uncertainty or harmonising existing laws, the risk of adopted legislation being relitigated has introduced confusion for companies with EU operations.
The Omnibus Proposals comprise two proposed directives – Omnibus Directive I (Omnibus Directive I) and Omnibus Directive II (Omnibus Directive II). Omnibus Directive I proposes substantive changes to the EU sustainability framework, most acutely in the case of CSRD and CSDDD. Omnibus Directive II, on the other hand, addresses the timelines for the application of CSDDD and CSRD, as well as companies in scope.
In this client alert, we set out six reasons why – whatever the legislative future of the Omnibus Proposals – companies operating in the EU and the UK are not off the hook and should not ease up on their investment in ESG compliance programmes. Namely that:
- The Omnibus Proposals have not yet been adopted.
- Even if the Omnibus Proposals are adopted, the substantive obligations on large global companies may not be significantly changed.
- Companies remain subject to other EU and national ESG laws imposing due diligence and/or reporting requirements and soft law instruments encouraging the same.
- Companies still face the threat of litigation and reputational damage for adverse human rights and environmental impacts.
- Non-ESG compliant companies run the risk of debarment under the discretionary debarment regime in the new UK Procurement Act 2023 for ESG misconduct in their supply chain.
- Companies may be prosecuted for ‘greenwashing’ or ‘bluewashing’ under the UK Failure to Prevent Fraud offence.
- The Omnibus Proposals have not yet been adopted
While the proposals to delay the implementation of CSDDD and CSRD set out in Omnibus Directive II have been approved by the European Parliament and will become law once formally approved by the Council and published in the Official Journal, for now, the proposals in Omnibus Directive I remain just that – proposals. Until the legislative process concludes, companies must comply with their ESG compliance requirements under all applicable laws.
Despite calls for urgency, negotiations between lawmakers may delay adoption. For example, although the European Council called on the co-legislators to finalise Omnibus Directive I proposals by June 2025, negotiations may prove intractable due to tensions between political blocs. Divisions on the scale of the substantive changes have already emerged – some MEPs such as Jörgen Warbon claim that the proposals are “a good first step but [they] need to continue to cut red tape”, while others such as Lara Wolters believe that the “Commission should be ashamed of this proposal. . . . [I]t is an extreme proposal. . . . It radically slashes human rights and environmental standards, and it actually makes things more complicated.”
Until agreement is reached, companies remain bound by their existing obligations under CSRD and CSDDD and will be expected to comply under pain of sanction.
2. Even if the Omnibus Proposals are adopted, the substantive obligations on large companies may not be significantly changed
The Omnibus Proposals include multiple amendments to the legislation, including the thresholds for application, the timing for required compliance and changes to the scope of the substantive obligations. However, these changes may not impact large global companies as much as smaller organisations.
i. Changes in scope – they do not impact large companies and would have a limited impact on the smaller companies in their value chain
The Omnibus Proposals would raise the threshold for companies to fall within the scope of CSRD, to those with over 1,000 employees and one of either €50m net turnover or €25m balance sheet. For companies already over this threshold, there is no change. Critically, it does not however completely exclude smaller companies from its remit. In order to comply with their reporting requirements, large companies will still be required to request sustainability information from the small and medium-sized companies in their value chain. While there is an argument that the reporting information is more limited in scope (on which, see the discussion on the value chain cap, below), in practice, these companies would remain in scope of CSRD in all but name, particularly since they would still be expected to share any sustainability information that is commonly reported in their respective sector. Moreover, there are no proposed changes to the scope of CSDDD, meaning small and medium-sized companies would still need to conduct due diligence on their value chain, even if they became exempt from the requirements under CSRD.
ii. Revised scope of due diligence under CSDDD – easily re-expanded for many large global companies
As currently drafted, CSDDD requires companies to conduct due diligence into potential adverse human rights and environmental impacts across their entire chain of activities. The Omnibus Proposals would reduce this scope, only mandating systematic in-depth assessments of a company’s own operations, its subsidiaries and direct business partners. However, under the proposals indirect business partners would still fall to be assessed where companies receive “plausible information” that suggests adverse human rights and environmental impacts have arisen or may arise at the indirect business partner’s level. “Plausible information” is defined broadly. The threshold can be met following receipt of complaints, credible NGO or media reports, or knowledge of issues in certain locations, such as conflict zones. Almost every industry is impacted by concerns regarding environmental and human rights harms, particularly at the furthest ends of their supply chains. For many large global companies, the compliance risk of failing to act in the face of “plausible information” (e.g. from whistleblowers, media and NGO reports) would therefore make due diligence of their indirect business partners critical in all but limited circumstances. Further, under the new “contractual cascading” obligations in the Omnibus Proposals, in-scope companies are required to seek contractual assurances from direct business partners that they will cascade the requirements to comply with the company’s code of conduct down the value chain. In practice, this will generate a need for transparency in business relationships, over and above the CSDDD requirements.
iii. Value chain cap reporting under CSRD – will not in practice significantly reduce the compliance burden
Under CSRD, companies must report on their own operations and value chains. The Omnibus Proposals suggest that the amendments would limit the scope of information that companies with fewer than 1000 employees would need to provide to those with reporting requirements in their value chain (known as the “value chain cap”). However, those companies would still be required to provide any information that is commonly shared between undertakings in their sector, in addition to any other information set out in the yet to be published Voluntary Use Standards. Notably, the Voluntary Use Standards are expected to reflect industry standard disclosures on ESG, and are therefore likely to include information on topics such as GHG emissions, gender diversity and human rights incidents.
In addition, as set out above, companies will still be required under CSDDD to conduct due diligence into all business partners where the company has plausible information to suggest adverse human rights or environmental impacts have arisen or may arise at their level, regardless of how many people are employed by the business partner. In practice, therefore, the value chain cap will not significantly reduce the compliance burden.
iv. Timing – delays in application and reporting do not change the necessity of compliance
Omnibus Directive II, as approved, delays CSRD reporting and CSDDD transposition for a limited number of companies, however, for many there is no delay at all, meaning obligations still apply on the original timeline. Even for those granted more time, the postponement is not indefinite and does not change the ultimate necessity of compliance. Companies that delay preparation for compliance run the risk of being unprepared when the rules take effect, potentially facing rushed implementation, giving rise to the corresponding regulatory risk. The delays will likely also have limited impact on any expectations that investors, stakeholders and consumers may already have in mind about sustainable practices, and the reputational risks that may flow from these not being met. Rather than a justification for inaction, companies should use the opportunity presented by the additional time to strengthen compliance strategies and refine their processes.
3. Companies remain subject to other EU and national ESG laws imposing due diligence and/or reporting requirements and soft law instruments encouraging the same
The Omnibus Proposals do not necessarily reduce ESG compliance obligations, as companies in the EU are already subject to due diligence and reporting requirements under similar laws. Crucially, CSDDD does not override other EU regulations, nor would the proposed text of Omnibus Directives I or II. Examples of existing EU regulations that still impose ESG-related requirements on companies include:
There are also multiple hard law ESG obligations at national levels, including Germany’s Supply Chain Act and France’s Duty of Vigilance Law which require companies to address human rights and environmental issues in their supply chains. Further, beyond binding legal requirements, many companies have adopted voluntary soft law obligations, such as the UN Guiding Principles on Business and Human Rights and the Organisation for Economic Co-operation and Development Guidelines on Responsible Business Conduct– both of which encourage corporate responsibility and the necessary due diligence required to protect human rights.
4. Companies still face the threat of litigation and reputational damage for adverse human rights and environmental impacts
The Omnibus Proposals would remove the requirement that member states adopt a harmonised (EU-wide) civil liability regime. This means that civil liability would instead be defined by the national law of each member state. In practice, many courts across Europe – including the UK – are already increasingly showing willingness to engage in ESG issues:
- In 2024, the Dutch Court of Appeal found that although it was inappropriate for a court to impose an absolute emissions reduction target on an oil company, the company still had a duty to reduce its emissions. In doing so, the court considered the obligations under the UN Guiding Principles on Business and Human Rights and the Organisation for Economic Co-operation and Development Guidelines on Responsible Business Conduct and it referenced the company’s responsibilities to reduce its impact on dangerous climate change under the “social standard of care”.
- In 2024, the UK Court of Appeal allowed workers at a Malaysian factory to bring mass tort claims against UK parent companies over trafficking and forced labour practices.
- The UK Supreme Court allowed tort claims against UK companies in respect of environmental damage in Africa.
Even without specific legislative requirements, companies face growing litigation risks. Reduced legal requirements may only galvanise the increasingly sophisticated and well-funded NGO community to intensify their legal action against companies for not taking adequate steps towards ESG compliance. This poses legal and reputational risks.
5. Non-ESG compliant companies run the risk of debarment under the discretionary regime in the new UK Procurement Act 2023 for ESG misconduct in their supply chain
The UK Procurement Act 2023, which entered into force in February 2025, provides a renewed focus on the risks associated with poor supply chain due diligence (see our client alert: UK Government Suppliers Need to Mind Their Ps and Qs Now That the New Procurement Act Is in Force). Under the act, the UK government will maintain a public debarment list, which will list suppliers, and their subcontractors, who are either excluded or excludable from participating in public procurement tenders. Suppliers can be added to the list based on either mandatory or discretionary grounds. Under mandatory grounds, suppliers are prohibited from bidding on future contracts, while under discretionary grounds, contracting authorities are advised to exercise caution and may choose not to award companies new contracts. The discretionary grounds are fluid and may include “conduct which calls into question a supplier’s integrity” or “labour market misconduct”. This could arise if a supplier or connected person engages in conduct that could result in the type of adverse impact reflected in CSDDD, such as environmental harm, trafficking or modern slavery. Companies that fail to maintain strong ESG compliance measures are at risk not only of debarment from public contracts, but also of the commercial and reputational damage that flows from being added to the debarment list. Companies that compete for public contracts must therefore continue to implement ESG policies to safeguard their eligibility for procurement, despite any potential regulatory changes.
6. Companies may be prosecuted for ‘greenwashing’ or ‘bluewashing’ under the UK Failure to Prevent Fraud offence
The Economic Crime and Corporate Transparency Act 2023 expands corporate liability for failing to prevent fraud, including in relation to false ESG claims. (see our two-part client alert on the Failure to Prevent Fraud Offence: Part 1 and Part 2). This means that global companies operating in the UK marketplace can be held liable for inaccurate or misleading statements made by employees or subsidiaries about sustainability practices, such as in cases of ‘greenwashing’, (where companies falsely portray their products or operations as environmentally friendly) and ‘bluewashing’, (where companies falsely claim to uphold social or governance standards). Companies that are not cognisant of the potential adverse impacts associated with their supply chain run the risk of misrepresenting their products or services and the threat of criminal liability.
Conclusion
In introducing the Omnibus Proposals, the EU Commission signalled its intention to “focus [the] regulatory framework on the largest companies which are likely to have a bigger impact on the climate and the environment”. While, at first blush, the proposed changes would appear to indicate a shift towards deregulation, large global companies may in practice remain subject to the more onerous obligations envisaged in the original legislation. Non-compliance also risks breaching other EU and national laws, as well as opening the door to potential litigation. Beyond legal risks, failing to address ESG issues also poses significant commercial and reputational threats. ESG compliance remains a business-critical responsibility that companies cannot afford to overlook.
[View source.]
