
What CSDDD means for EU companies sourcing from Southeast Asia
The Corporate Sustainability Due Diligence Directive, as amended by Omnibus I in February 2026, applies to EU companies with more than 5,000 employees and 1.5 billion euros in worldwide turnover, with obligations from 26 July 2029. For companies sourcing from Southeast Asia, this means supplier mapping, risk assessments, due diligence plans, and contractual changes. This guide explains what is required and what it means in practice.
This article is for informational purposes only and does not constitute legal advice. Consult a qualified legal professional for advice specific to your situation.
What this article is about
The Corporate Sustainability Due Diligence Directive (Directive (EU) 2024/1760, commonly referred to as CSDDD or CS3D) places obligations on large EU companies to identify, prevent, mitigate, and account for actual and potential adverse human rights and environmental impacts in their own operations and across their supply chains.
For EU companies that source goods or services from Southeast Asia, a region central to global manufacturing across garments, electronics, furniture, food processing, palm oil, rubber, and a range of other industries, CSDDD creates a set of active due diligence requirements that are now entering implementation timelines.
This article is written from the perspective of the EU company with sourcing relationships in Southeast Asia: what the directive requires of you, what it means for how you engage with your suppliers, and what you need to put in place.
If you are a non-EU manufacturer or supplier receiving due diligence requests from your EU buyers, the more directly relevant article is How EU sustainability legislation flows down from buyer to supplier.
For a full introduction to how CSDDD works as a legal instrument, see CSDDD explained: what the corporate sustainability due diligence directive means for supply chains.
Who CSDDD applies to and when
CSDDD as amended by Directive (EU) 2026/470 (the Omnibus I directive, published 26 February 2026) applies to a single tier of companies. The phased approach in the original directive has been replaced by a single threshold and a single application date.
The directive applies to EU companies with more than 5,000 employees on average and a worldwide net turnover exceeding 1.5 billion euros. For non-EU companies, the equivalent threshold is EU net turnover exceeding 1.5 billion euros. Franchise and licensing arrangements above 75 million euros in royalties and 275 million euros in turnover are also within scope.
Member states must transpose the amended directive by 26 July 2028. The obligations apply from 26 July 2029. That date is uniform for all companies within scope: Omnibus I removed the original phased 2027, 2028, and 2029 application dates and replaced them with a single date.
What CSDDD requires
CSDDD is a process obligation, not an outcome guarantee. It does not require EU companies to ensure that no adverse impact ever occurs anywhere in their supply chain. It requires them to establish and operate a due diligence system that is capable of identifying, preventing, mitigating, and remedying those impacts to the extent possible.
The core obligations are as follows.
Integrating due diligence into company policies. Companies must adopt a due diligence policy that covers human rights and environmental impacts and is updated annually. The policy must describe the approach to due diligence, the code of conduct applied to business partners, and how the company engages with stakeholders.
Mapping and assessing the supply chain. Companies must identify their own operations and their supply chains, mapping business relationships far enough to identify where adverse impacts are likely to occur. The obligation extends to direct suppliers and, where there is reason to believe adverse impacts exist, to indirect suppliers further back in the chain. For companies sourcing from Southeast Asia, this means being able to identify not just the factory they contract with directly but the sub-suppliers, raw material processors, and input suppliers that feed that factory.
Identifying actual and potential adverse impacts. Using the supply chain map, companies must identify where actual adverse impacts are occurring and where potential adverse impacts are likely. This is not a desk exercise: the directive requires meaningful engagement with affected stakeholders, including workers, local communities, and civil society organisations operating in the supply chain regions.
Preventing and mitigating potential adverse impacts. Where potential adverse impacts are identified, companies must take appropriate measures to prevent them or mitigate them where prevention is not possible. For a supply chain relationship in Southeast Asia, this might mean requiring specific contractual commitments from the supplier, conducting or commissioning worker interviews to assess actual conditions, requiring corrective action plans, or in some cases adjusting sourcing decisions.
Addressing actual adverse impacts. Where actual adverse impacts are identified, companies must take action to bring them to an end. Where that is not possible, companies must minimise the extent and severity of the impact and work toward ending it.
Establishing a complaints procedure. Companies must provide a mechanism through which workers, communities, trade unions, and civil society organisations can raise concerns about actual or potential adverse impacts. This mechanism must be accessible to people in the supply chain, including those who may not speak the language of the EU buyer.
Monitoring. Companies must periodically assess the effectiveness of their due diligence policies and measures. As amended by Omnibus I, assessments are required at least every five years, without undue delay after a significant change occurs, and whenever there are reasonable grounds to believe the measures are no longer adequate or effective or that new risks have arisen.
Communicating and reporting. Companies must publish an annual statement on their due diligence. Companies within CSRD scope will fulfil this through their CSRD sustainability report. Companies within CSDDD scope but not CSRD scope will need a separate communication mechanism.
Why Southeast Asia supply chains are a particular focus
The combination of industries concentrated in Southeast Asia and the specific adverse impacts that CSDDD targets means that EU companies sourcing from the region will find that much of their due diligence work is concentrated there.
The directive covers a defined list of internationally recognised human rights instruments and a list of environmental conventions. The human rights dimension includes forced labour, child labour, unsafe working conditions, inadequate wages, restrictions on freedom of association, and land rights violations. The environmental dimension covers biodiversity impacts, pollution, hazardous waste, and deforestation. Both dimensions are directly relevant to the industries most commonly sourced from Southeast Asia.
In garments and textiles, the issues most commonly identified by auditors and civil society organisations operating in the region include subcontracting without buyer knowledge, wage theft and unpaid overtime, restrictions on trade union activity, excessive working hours, and accommodation and dormitory conditions for migrant workers. These are exactly the categories of adverse impact that CSDDD requires companies to identify and address.
In electronics and electrical component manufacturing, the issues centre on the working conditions of assembly workers, the sourcing of raw materials (particularly minerals), and the management of hazardous substances and waste.
In palm oil, rubber, and other agricultural commodities, land rights and community displacement are recurring issues, as are the conditions of migrant plantation workers. These overlap significantly with the EUDR commodity traceability requirements, which apply in parallel to CSDDD for companies dealing in the relevant commodities.
In furniture and wood products, the issues include both worker conditions in processing facilities and timber sourcing practices, again overlapping with EUDR.
The point is not that Southeast Asian supply chains are uniquely problematic. It is that the specific impacts CSDDD targets are ones where the risk is demonstrably present in the industries most commonly sourced from the region, and where EU companies will be expected to demonstrate that they have looked, found what is there, and taken action.
Supply chain mapping in practice
The obligation to map your supply chain is the foundation of all other CSDDD obligations. You cannot identify impacts in a supply chain you have not mapped. You cannot engage meaningfully with suppliers you have not identified. You cannot monitor the effectiveness of measures you have not been able to apply because you did not know who to apply them to.
For EU companies with long-established sourcing relationships in Southeast Asia, supply chain maps often exist at the first-tier level (the factories you directly contract with) but become incomplete further back. Second-tier suppliers (who supply your direct suppliers with materials, components, or services) and third-tier suppliers (who supply them) are frequently unknown to EU buyers. CSDDD requires you to extend your mapping further back, proportionately to where the risk of adverse impacts is highest.
In Southeast Asian manufacturing contexts, the highest-risk areas in the supply chain tend not to be in the factories EU buyers visit and audit regularly. They are in the sub-suppliers: the spinning mills, the yarn manufacturers, the dyehouses, the component fabricators, the material processors, the raw material sourcing chains. Migrant worker recruitment is another high-risk point that frequently sits outside the visible supply chain: workers may be recruited by labour brokers who are not themselves suppliers to the EU company but whose practices create the conditions for forced labour and debt bondage in the facilities that are.
A credible supply chain map for CSDDD purposes needs to extend to the points where those risks actually materialise. For many EU companies with Southeast Asian sourcing, this means a substantive investment in mapping work that goes beyond what their current supplier onboarding and audit processes capture.
Worker engagement and the evidence standard
CSDDD explicitly requires companies to engage with affected stakeholders, including workers, in the process of identifying adverse impacts. This is one of the most operationally significant requirements in the directive, and one of the most commonly underestimated.
Worker interviews conducted in the right conditions (privately, in the worker’s own language, without the factory management present, with assurance of confidentiality and no retaliation) are the primary mechanism through which actual working conditions can be assessed. Document review and facility audits are useful but have well-documented limitations: they capture what is visible and what has been prepared for the auditor’s arrival. Worker interviews capture what workers know and experience.
The international standards that inform CSDDD, particularly the UN Guiding Principles on Business and Human Rights and the ILO frameworks, treat worker engagement as a substantive requirement, not a box-ticking exercise. Regulators and enforcement bodies applying CSDDD will look at whether companies have genuinely sought to hear from workers, not just whether they have checked a box that says they have.
Contractual requirements and supplier engagement
Contractual mechanisms are one of the primary tools through which CSDDD obligations flow down the supply chain. EU companies are expected to include specific requirements in their supplier contracts, obtain representations about compliance, and have the ability to audit or verify what suppliers have committed to.
For Southeast Asian suppliers who have not previously been subject to this level of contractual scrutiny, the change in supplier questionnaires and contractual terms is already visible. EU procurement teams are inserting due diligence clauses, requiring self-assessments, asking for evidence of worker grievance mechanisms, requesting wage and working hour data, and in some cases requiring third-party audit reports as a condition of continued supply.
The contractual requirements serve two purposes. First, they create the legal basis for requiring access, information, and corrective action. Second, they provide documented evidence that the EU company has put in place appropriate measures to address potential adverse impacts, which is a component of demonstrating compliance with the directive’s requirements.
Suppliers who cannot or will not engage with these requirements face the risk of being removed from supplier lists. For EU companies, the decision to continue sourcing from a supplier who cannot demonstrate adequate compliance involves a proportionate assessment: the scale of the relationship, the severity and probability of the adverse impact, and the leverage the company has to drive change are all relevant factors. CSDDD does not require EU companies to terminate all relationships where adverse impacts exist. It requires them to use their leverage proportionately and document what they have done.
Interaction with CSRD reporting
Many EU companies within CSDDD scope will also be within CSRD scope. Where that is the case, the due diligence activity conducted under CSDDD will need to be reflected in the CSRD sustainability report under the relevant ESRS standards, particularly ESRS S1 (own workforce), ESRS S2 (workers in the value chain), and ESRS E1 through E5 (environmental topics).
The relationship between the two instruments is one of the areas where complexity can build quickly. CSRD requires disclosure of what you have done. CSDDD requires you to do it. The compliance relationship goes in that order: do the due diligence, then disclose that you have done it. Companies that approach it the other way, disclosing in their CSRD report a process they have not actually operated, face the risk that their disclosure is inaccurate, which creates separate legal exposure.
For a fuller treatment of the CSRD obligations that run in parallel, see CSRD and ESRS explained: what the corporate sustainability reporting directive requires and How EU sustainability legislation flows down from buyer to supplier.
What to do now
For EU companies within CSDDD scope, the obligation date of 26 July 2029 is now fixed. The preparation timeline is running. The following is a realistic starting sequence.
Confirm whether and when you are in scope. Apply the employee and turnover thresholds to your company’s current structure. If you are close to a threshold, consider how your headcount and turnover might change over the relevant period. If you are within scope, identify your implementation deadline.
Conduct a supply chain mapping exercise. Start with your direct suppliers in Southeast Asia and extend backward to the second and third tiers in the areas where your categories of sourcing carry the highest risk. Identify gaps in your current knowledge.
Conduct a risk assessment. Using your supply chain map, assess where the highest-risk adverse impacts are most likely to occur. This should be based on the specific industries, geographies, workforce characteristics, and commodity types involved in your supply chain.
Develop or update your due diligence policy. The policy needs to reflect the directive’s requirements and be specific enough to guide implementation. A generic sustainability policy is not a CSDDD due diligence policy.
Engage with your direct suppliers. Communicate the changes to your supplier requirements, update contractual terms, and begin collecting the information and evidence you will need to assess their compliance with your due diligence standards.
Plan your worker engagement approach. If you are commissioning audits or assessments in Southeast Asian facilities, ensure the methodology includes genuine worker interviews conducted under appropriate conditions. Relying solely on management interviews and document review will not meet the evidence standard the directive implies.
Establish a complaints mechanism. Design and implement a channel through which supply chain workers and communities can raise concerns. Ensure it is accessible in the relevant languages.
Key dates
- 26 July 2028: Member states must transpose the amended directive into national law.
- 26 July 2029: Obligations apply. This is a single date for all companies within scope. The original phased 2027/2028/2029 tiers were removed by Omnibus I (Directive (EU) 2026/470).
- 1 January 2030: Reporting obligations under Article 16 apply (financial years starting on or after this date).
Monitor your primary member states’ transposition progress, as national enforcement frameworks will not be in place until transposition is complete.
Frequently asked questions
Does CSDDD require me to audit every supplier in Southeast Asia?
No. CSDDD requires a risk-based approach. You are expected to focus your due diligence efforts where the risk of adverse impacts is highest. Not every supplier relationship carries the same risk profile. You are expected to map your supply chain, identify high-risk areas, and apply proportionate measures. Where your leverage over a particular supplier is limited and the risk is low, a lighter-touch approach may be justifiable. Where leverage is high and risk is significant, more intensive engagement is expected.
What happens if a supplier in Southeast Asia refuses to cooperate with my due diligence requirements?
CSDDD requires EU companies to use their leverage to prevent and mitigate adverse impacts. Where a supplier refuses to cooperate, the company must assess what measures are available: contractual enforcement, reducing the scope of the relationship, suspending orders, or terminating the relationship. The directive does not require termination as a default response but requires that the company document what it attempted and why it took the course of action it did.
Does CSDDD apply to indirect suppliers I do not buy from directly?
Yes, to an extent. You are required to map and assess your supply chain beyond direct suppliers where there is reason to believe adverse impacts exist further back. This does not mean unlimited due diligence obligations to the furthest reaches of your supply chain. It means proportionate extension into the tiers where risk assessment indicates adverse impacts are most likely. For Southeast Asian supply chains, this will typically mean extending due diligence into tier-two suppliers in high-risk categories.
How does CSDDD interact with EUDR for companies sourcing agricultural commodities?
The two instruments have different scopes but overlap for companies sourcing EUDR-regulated commodities from Southeast Asia. EUDR requires geolocation data, deforestation risk assessments, and due diligence statements for specific commodities including palm oil and rubber. CSDDD requires human rights and environmental due diligence across the broader supply chain, which will include the same commodity sourcing relationships. Where you are conducting due diligence for EUDR purposes, that work is relevant to your CSDDD obligations but does not fully substitute for them: CSDDD’s scope of adverse impacts is broader than EUDR’s deforestation focus.
Is CSDDD the same as the German Supply Chain Act?
No. The German Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz, or LkSG) is a national law that applies to companies above a certain size headquartered or with a substantial presence in Germany. CSDDD is an EU directive that, once transposed by member states, will apply uniformly across the EU. CSDDD has a broader scope of covered adverse impacts than LkSG and extends further into the supply chain. Companies already operating under LkSG will need to assess the gap between their current compliance approach and what CSDDD requires.
Verdandi tracks CSDDD alongside CSRD, EUDR, CBAM and the full EU sustainability framework, so you are working from current requirements as implementation deadlines approach. Start for free.
Subscribe for news updates.
Passporting, reverse solicitation, and third-country regimes are the three concepts that most confuse non-EU firms planning EU market entry. This article explains what each mechanism actually does, where it applies, and where the gaps are that force firms toward full EU authorisation.