The EU Corporate Sustainability Due Diligence Directive (CSDDD) was officially adopted in May 2024. It requires that large companies operating in the 27 EU member states to identify and address environmental and human rights issues throughout their global value chains. Germany had already enacted the comprehensive German Supply Chain Due Diligence Act (LkSG) in 2023. Now, it needs to align the LkSG with the new CSDDD requirements.
As a result, many large companies in Germany, which had already familiarized themselves with the LkSG and introduced the necessary systems and processes for its implementation, are now shifting their focus to the CSDDD framework. Amid significant uncertainty regarding the planned new scope and implementation timeline of the German law, these companies seek clarity on the differences between the two sets of requirements and how they can leverage their existing preparation and implementation efforts.
In this CORE Message, we will address some of the key questions regarding the commonalities and differences between the LkSG and the CSDDD and help you best utilize existing systems and resources to implement the CSDDD.
Which companies are subject to the LkSG and the CSDDD?
LkSG: The LkSG regulates the responsibility of German companies with at least 1,000 employees (until 2024 it was companies with 3,000+ employees) to respect human rights and the environment in global supply chains by implementing specific due diligence obligations.
- In June 2024, the German government announced plans to align the scope of companies subject to LkSG with the scope of the CSDDD. This means that the LkSG would ultimately apply to companies with 1,000+ employees and generating at least €450million annual turnover. The German law already applies to companies with more than 1,000 employees. Thus, if Germany were to introduce a phased implementation (i.e., companies with 5,000+ employees and €1.5 billion turnover implementing in 2027), this would mean that only a fraction of the companies that are subject to the LkSG in 2024 would remain subject to it in 2027. [1]
CSDDD: Following a three-year phased implementation timeline, the CSDDD will apply to EU companies with more than 1,000 employees and with a global net turnover surpassing €450 million, and to non-EU companies generating more than €450 million net turnover in the EU. This corresponds to roughly 6,000 EU companies and 900 non-EU companies becoming subject to the CSDDD.
When do the LkSG and the CSDDD enter into force?
LkSG: The LkSG entered into force in 2023. Initially, companies with over 3,000 employees were required to submit their reports by the spring of 2024. However, this deadline was postponed to 31 December 2025 to align with the reporting requirements under the EU Corporate Sustainability Reporting Directive (CSRD). The government may further extend the implementation of the LkSG to reflect the phased implementation timeline of the CSDDD, so that the German law would apply to all in-scope companies as late as 2029.
CSDDD: The CSDDD will be transposed into national law within two years after its entry into force, giving EU member states until 26 July 2026 to integrate the CSDDD into their national laws. In Germany’s case, this means amending the existing LkSG. Member states shall apply a phased approach to implement the CSDDD over three years, with companies becoming subject to its requirements based on their size and turnover:
- Implementation by 2027 for companies with more than 5,000 employees and more than €1.5 billion turnover.
- Implementation by 2028 for companies with more than 3,000 employees and more than €900 million turnover.
- Implementation by 2029 for companies with more than 1,000 employees and more than €450 million.
How are LkSG and CSDDD similar?
Both the LkSG and CSDDD are corporate sustainability due diligence legislations. They impose on companies the duty to conduct due diligence on their human rights and environmental risks and impacts. Both legislations are based on the UNGPs and the OECD Guidelines, meaning that the due diligence obligations on companies should be interpreted and implemented considering these standards and particularly the following approaches:
- Risk-based human rights due diligence:[2]Companies shall allocate resources in a targeted manner and address the most important and urgent risks first.
- Obligation to show efforts, not achievement: Companies are not required to guarantee their operations and supply chains are entirely free from adverse human rights and environmental impacts. Instead, they must demonstrate that they have taken all appropriate measures to effectively implement the relevant due diligence obligations.
Both the LkSG and the CSDDD include sanctions for non-compliance with the due diligence obligations.
- The LkSG imposes fines of up to €800,000[3], and for companies with an average annual turnover exceeding €400 million, fines can reach up to 2% of their average annual turnover.[4] Additionally, companies may be excluded from public procurement contracts.[5]
- The CSDDD also mandates fines based on a company’s worldwide net annual turnover, with a maximum limit of 5%.[6] Moreover, the names of non-compliant companies will be published for at least five years and shared with the European Network of Supervisory Authorities.[7]
How do LkSG and CSDDD differ?
Definition of value chain:
- LkSG: The due diligence obligations arising from the German Supply Chain Act include company’s supply chain which means all steps that are necessary to produce the product and provide the services (in Germany and abroad), from the extraction of the raw material down to the delivery to the end costumer. Transportation and storage of the product are included.[8] The definition of supply chain includes the actions of the company in its own business area, the actions of direct suppliers and the actions of indirect suppliers, only if the company has “substantiated knowledge” of such actions by indirect suppliers.[9]
- CSDDD: The due diligence obligations in the CSDDD apply to a company’s own operations, those of its subsidiaries and parts of its value chain, known as the “chain of activities”, which includes direct and indirect upstream business partners and downstream business partners. The latter is limited to the distribution, transport and storage of the company’s products. The use and disposal of products is excluded from the scope.
In short, the LkSG’s scope of obligations is narrower than the CSDDD as indirect suppliers are only covered when triggered by substantiated knowledge.
Scope of human rights and environmental prohibitions:
Both laws provide a list of specific human rights and environmental prohibitions. While the catalogue of rights and prohibitions listed in the CSDDD are consistent with those of the LkSG, the CSDDD provides a broader list for rights and prohibitions included under the legislation.
Climate change mitigation:
The CSDDD imposes the requirement that companies design a transition plan for climate change mitigation, which aims to ensure — through best efforts — compatibility of the company’s business model and strategy with limiting global warming to 1.5°C in line with the Paris Agreement.[10]
Civil liability:
Unlike the LkSG[11], under the CSDDD companies can be held liable if they intentionally or negligently fail to comply with obligations to prevent or end adverse impacts, and because of such failure, damage occurs. However, a company cannot be held liable if the damage was caused only by its business partners in its chain of activities.[12]
Beyond these commonalities and differences, the CSDDD provides further clarification on the approach to due diligence and its practical implementation, bringing closer alignment with international standards and providing a great opportunity to shape current practices. The topics where CSDDD is more explicit include stakeholder engagement, responsible contracting and purchasing practices and remediation.
For example, when describing the obligation to engage with stakeholders, the LkSG requires companies to “give due consideration” [13] to the interests of employees and directly affected people when establishing and implementing their risk management system, but it does not explicitly provide any formal requirement on how such interests are to be considered.[14] The CSDDD on the other hand explicitly mandates meaningful stakeholder engagement throughout different stages of the due diligence process. Stakeholder engagement should take place when gathering information on actual or potential adverse impacts to identify, assess and prioritize them; when developing action plans; when deciding to terminate or suspend a business relationship; when adopting measures to remediate; and finally, when developing indicators for monitoring measures. In addition, the CSDDD explicitly provides safeguards on how such engagement should look.[15]
In summary, the CSDDD is more specific than the LkSG regarding the catalog of environmental and human rights covered in due diligence activities. Unlike the “substantiated knowledge” qualifier in the LkSG, the CSDDD covers all indirect suppliers, making its implementation clearer and more practical for companies. Additionally, the CSDDD further clarifies how and when companies should engage with stakeholders, closely aligning with international standards.
Overall, the CSDDD encourages a proactive approach to risk management that enables companies to address potential issues before human rights violations occur. While the differences in the practical implementation of risk management processes under the two sets of requirements are not substantial, in many ways, the CSDDD provides a clearer guidance on what is expected from companies.
Why should your company continue its sustainability due diligence efforts?
Given the numerous synergies between the LkSG and the CSDDD, companies that have already established processes and systems to implement the LkSG will have a significant head start when the CSDDD-based national laws take effect. Pausing due diligence efforts until 2026 or beyond would mean losing a potential competitive edge over counterparts.
Regardless of when or if your company will fall under a due diligence law directly, identifying and mitigating risks to people and the environment is the both the right and smart thing to do. Human rights risks in global value chains are a reality that can impact your business, making human rights risk management an essential component of good business risk management.
Companies that implement effective human rights due diligence establish resilient supply chains, collaborate better with their business partners, maintain their social license to operate, enhance their brand reputation, and contribute to positive impacts on people and the planet. They are also better equipped to comply with other corporate sustainability legislation such as the EU Deforestation Regulation, the EU Corporate Sustainability Reporting Directive (CSRD) and the US Uyghur Forced Labor Prevention Act (UFLPA).
If your company is already implementing LkSG requirements, it is inherently well-positioned to meet the requirements of the CSDDD and other corporate sustainability laws. Do not let uncertainties around the amended scope and timeline of the LkSG deter you from moving forward. And certainly, do not pause your due diligence activities. Now is the time to continue strengthening your due diligence activities, using any additional time to assess their effectiveness and make improvements.
Cecilia and Serra for the CORE team
[1] There are legal scholars arguing that Germany cannot change the scope of companies to which the LkSG applies when transposing the CSDDD. This is because Article 1 of the CSDDD expressly prohibits member states from using the CSDDD as a basis to lower the level of protection of human rights. They argue that reducing the number of companies in scope under the LkSG to align with the CSDDD would weaken the protection of human rights, as fewer companies would be directly subject to the law and required to identify and mitigate their impacts on people and the environment. EU member states can diverge from the CSDDD to introduce more stringent and more specific provisions. Whether or not it is legally possible for Germany reduce the scope of companies under the LkSG as part of its transposition of the CSDDD remains to be seen.
[2] See Art. 5 of the CSDDD. See Section 4 (1) of the LkSG and BAFA Guidance on Risk Analysis page 4.
[3] See Section 24 (2) of the LkSG.
[4] See Section 24 (3) of the LkSG.
[5] See Section 22 of the LkSG.
[6] See Article 27 (4) of the CSDDD
[7] See Article 27 (5) of the CSDDD
[8] See BMAS FAQ II.1 updated as of 24 April 2024 at https://www.csr-in-deutschland.de/EN/Business-Human-Rights/Supply-Chain-Act/FAQ/faq.html#doc3a956fcc-c35e-4655-a96a-6a39a1a0a2cfbodyText2
[9] Section 9 (3) of the LkSG.
[10] See Article 22 of the CSDDD.
[11] The LkSG does not contain a legal basis for claiming civil liability of an obliged company (Art. 3), however it makes it clear that the existing bases of civil liability in German law continue to apply.
[12] See Article 29 of the CSDDD.
[13] See Section 4 (4) of the LkSG.
[14] The FAQ published by BAFA and BMAS provide though some clarification on how this should be interpreted. https://www.csr-in-deutschland.de/EN/Business-Human-Rights/Supply-Chain-Act/FAQ/faq.html#doc3a956fcc-c35e-4655-a96a-6a39a1a0a2cfbodyText11
[15] See Art. 13 and also Recital 65 of the CSDDD.
