Insights / EU sustainability regulation
Why EU sustainability laws affect businesses that are not based in the EU

Why EU sustainability laws affect businesses that are not based in the EU

EU sustainability regulation does not stop at EU borders. Through import requirements, supply chain due diligence obligations, and disclosure flow-down, EUDR, CBAM, CSRD, and CSDDD create real compliance obligations for manufacturers, exporters, and suppliers who have never set foot in the EU.

10 min read
EU sustainability regulationEUDRCBAMCSRDCSDDDSupply chain complianceNon-EU businesses

This article is for informational purposes only and does not constitute legal advice. Consult a qualified legal professional for advice specific to your situation.

The most common misconception about EU sustainability regulation

Most businesses outside the EU read coverage of CSRD, EUDR, CBAM, or CSDDD and conclude that none of it applies to them. The regulations were passed by the EU legislature, they apply to EU companies, and they are enforced by EU regulators. What does any of that have to do with a manufacturer in Vietnam, a palm oil producer in Indonesia, or a steel exporter in Turkey?

The answer is: a great deal. EU sustainability regulation was designed explicitly to reach beyond EU borders. The mechanisms vary by regulation, but the intent is consistent: the EU wants to ensure that the sustainability commitments made by EU companies are not undermined by less-regulated practices further back in their supply chains, and that goods entering the EU market do not benefit from avoiding carbon or deforestation costs that EU producers must bear.

This is not a side effect of the regulation. It is the point of it.

Three distinct mechanisms carry EU sustainability obligations to non-EU businesses. The first is import requirements that apply at the EU customs border, regardless of where the exporter is based. The second is supply chain due diligence obligations that EU buyers must fulfil, which in practice means collecting evidence and documentation from their non-EU suppliers. The third is disclosure requirements that EU companies must meet by reporting on their entire value chain, including non-EU operations and suppliers.

Each of these mechanisms works differently, and each affects different types of businesses. Understanding which one applies to your situation is the starting point for understanding what, if anything, you are required to do.

Mechanism one: import requirements at the EU border

Some EU sustainability regulations operate as conditions of market entry. They do not require you to be an EU company. They require you to satisfy their requirements if you want to sell into the EU market. The consequences of non-compliance are not regulatory penalties from an EU authority. They are loss of access to EU customers.

EUDR: proving your commodity did not cause deforestation

The EU Deforestation Regulation (Regulation (EU) 2023/1115) prohibits specific commodities and products derived from them from being placed on the EU market if they are associated with deforestation or forest degradation that occurred after 31 December 2020. The in-scope commodities are cattle, cocoa, coffee, palm oil, soya, wood, and rubber, along with a wide range of derived products including chocolate, furniture, leather goods, and tyres.

The regulation places formal obligations on EU operators and EU traders. They are the ones who must submit due diligence statements and maintain documentation. But they can only meet those obligations if their non-EU suppliers provide what is needed: geolocation data for the land where commodities were produced, evidence of the production date where relevant, and information sufficient to allow a risk assessment of deforestation and forest degradation.

A palm oil producer in Sumatra who cannot provide GPS polygon data for their land, or a cocoa cooperative in West Africa that cannot document when their plantations were established, is not selling to a customer who happens to face a regulatory inconvenience. They are selling to a customer who will be legally unable to place their product on the EU market. The commercial consequence is loss of EU market access, which in some commodity sectors represents the highest-value buyer pool in the world.

The practical requirements differ depending on the country of production. The EUDR’s benchmarking system classifies countries as low, standard, or high deforestation risk. Producers in low-risk countries face simplified documentation requirements. Producers in standard and high-risk countries face more detailed evidence obligations. The benchmarking assessments are being finalised by the Commission and will directly affect how much documentation non-EU producers must provide.

Large EU operators and traders have faced obligations under the regulation since 30 December 2025. SMEs follow on 30 June 2026. These are not future planning dates. EU buyers are already restructuring their sourcing to ensure they can meet the documentation requirements, which means suppliers who cannot provide the necessary evidence are already being reviewed or replaced.

CBAM: carbon costs travel with the goods

The Carbon Border Adjustment Mechanism (Regulation (EU) 2023/956) attaches a carbon cost to imports of steel and iron, cement, aluminium, fertilisers, electricity, and hydrogen entering the EU. The cost is calibrated to match the carbon price that EU producers pay under the EU Emissions Trading System. Goods that were produced with lower carbon intensity can attract lower CBAM costs. Goods produced in countries that already apply a carbon price can claim a deduction.

The formal obligation under CBAM falls on the EU importer, who must purchase CBAM certificates. But the importer’s certificate obligation depends on the embedded carbon content of the goods they are buying. If a non-EU manufacturer cannot document their actual carbon intensity, the EU importer defaults to using EU benchmark values, which are often higher than actual production emissions. The non-EU manufacturer who can provide accurate emissions data is therefore offering their EU customer a lower total landed cost, which becomes a direct commercial differentiator.

The transitional reporting phase of CBAM ran from October 2023 to December 2025, during which EU importers submitted quarterly reports but made no financial payments. The definitive phase with certificate purchase obligations started in January 2026. Non-EU exporters in the affected sectors who have not yet invested in measuring and documenting their production emissions are now working against a market that increasingly rewards those who can.

Mechanism two: what EU buyers must ask you for

The second mechanism operates through the commercial relationship. EU companies subject to CSRD and CSDDD have legal obligations that they can only satisfy by collecting data and evidence from their supply chains. Non-EU suppliers are the primary source of much of that data. The obligation sits with the EU buyer, but the practical work lands on the supplier.

CSRD: your EU buyer must report on you

The Corporate Sustainability Reporting Directive (Directive (EU) 2022/2464) requires large EU companies to report on sustainability impacts, risks, and opportunities across their entire value chain. That means upstream suppliers, downstream distributors, and in some cases end-users. The European Sustainability Reporting Standards, which specify exactly what must be reported, include standards on workers in the value chain (ESRS S2), climate change including Scope 3 emissions that originate in the supply chain (ESRS E1), and biodiversity impacts linked to agricultural and extractive supply chains (ESRS E4).

A large EU retailer cannot produce a compliant CSRD report without data about the working conditions in its garment supplier factories in Bangladesh, the greenhouse gas emissions generated by its logistics providers, and the land use practices of its agricultural commodity suppliers. None of those parties are themselves subject to CSRD. But the retailer is legally required to report on them, and it can only do so if they provide the necessary information.

The requests will not always arrive clearly labelled as CSRD data collection. They may appear as supplier questionnaires embedded in procurement processes, as requirements to complete assessments on third-party ESG platforms, or as new contractual clauses in supplier agreements. The framing varies. The underlying driver is the same.

Large EU companies with more than 500 employees filed their first CSRD reports in 2025, covering the 2024 financial year. Other large companies are filing now. Supply chain data requests are already arriving at non-EU suppliers, and they will become more systematic and more detailed as EU companies build out their reporting infrastructure. The reporting requirement does not diminish over time. It becomes more demanding, and the assurance requirements tighten.

The commercial risk for suppliers who cannot respond is not immediate contract termination in most cases. But EU buyers with CSRD obligations will increasingly favour suppliers who can provide reliable sustainability data over those who cannot. Preferred supplier status, contract renewal, and access to new business are all influenced by whether a supplier can demonstrate that it understands and can respond to its EU customer’s compliance needs.

CSDDD: your EU buyer must conduct due diligence on you

The Corporate Sustainability Due Diligence Directive (Directive (EU) 2024/1760) goes further than reporting. It requires large EU companies to actually conduct due diligence on their supply chains: to identify actual and potential adverse human rights and environmental impacts, take preventive and corrective actions where impacts are found, and establish grievance mechanisms for affected parties.

CSDDD applies in phases based on company size. Companies with more than 5,000 employees and over €1.5 billion worldwide turnover must comply from 2027. Companies above 1,000 employees and €450 million turnover follow in 2028. The obligation sits with the EU company, not its suppliers. But conducting due diligence on a supply chain requires understanding what is happening in that supply chain, which means asking suppliers for information and in many cases conducting or commissioning on-site assessments.

A non-EU supplier whose EU customer is subject to CSDDD should expect to receive requests for documentation of its labour practices, its environmental management systems, and its own supplier relationships further back in the chain. The EU company must be able to demonstrate to its regulators that it has assessed risks and taken action where risks were identified. A supplier that cannot provide substantive responses to those requests, or that raises red flags during an assessment, creates compliance exposure for the EU buyer that most EU procurement teams will address by finding a different supplier.

The distinction between CSRD and CSDDD matters here. CSRD requires the EU company to report on what is happening in its supply chain. CSDDD requires it to do something about what is happening there. Both create demands on non-EU suppliers, but CSDDD creates higher-stakes demands: it is not a data collection exercise but an obligation to identify and remediate actual problems.

Mechanism three: the non-EU company that is directly in scope

For some non-EU companies, the extraterritorial reach of EU sustainability regulation is not indirect. They are directly in scope.

CSRD applies directly to non-EU companies with net turnover above €150 million generated in the EU for two consecutive years, provided they have at least one EU subsidiary meeting the large company criteria or at least one EU branch generating more than €40 million in net turnover. A large Asian conglomerate with a significant EU subsidiary and substantial EU revenues is subject to CSRD directly, not merely through its relationship with EU customers.

The non-EU company in this position must produce a CSRD-compliant sustainability report covering its EU operations, filed in machine-readable format, with limited assurance from an independent auditor. The ESRS apply to this report in the same way they apply to EU companies of the same size. The double materiality assessment, the value chain scope, the quantitative metrics, and the assurance requirement all apply.

This direct scope is not widely appreciated by non-EU multinationals. The default assumption that EU regulation does not reach non-EU companies is incorrect for businesses above these thresholds.

The practical question: which mechanism applies to you

The first step is identifying your situation clearly. The three mechanisms affect different types of businesses differently, and the actions they require are not the same.

If you produce or export commodities covered by EUDR into the EU supply chain, the immediate priority is understanding what documentation your EU customers will require from you and whether you can provide it. Geolocation data, production evidence, and supply chain traceability are the core requirements. If you cannot provide them, your EU market access is at risk.

If you export steel, aluminium, cement, fertilisers, hydrogen, or electricity to the EU, the priority is measuring and documenting the actual embedded carbon in your production processes. Your EU customer’s CBAM certificate cost depends on it, and your competitive position in the EU market increasingly depends on being able to demonstrate a lower carbon intensity than the default benchmarks.

If you are a manufacturer or service provider in the supply chain of a large EU company, the priority is understanding what your EU customers will be required to ask you for and being in a position to respond. That means understanding CSRD value chain data requirements and, as CSDDD comes into application, being able to respond to due diligence requests that go beyond data collection into evidence of actual practices.

If you are a non-EU company with significant EU revenues and an EU subsidiary, the priority is assessing whether you are directly in scope for CSRD and, if so, what a compliant report requires.

In all cases, the starting point is the same: do not assume that EU sustainability regulation does not apply to you because you are not based in the EU. The assumption is wrong for most businesses that touch EU markets in any meaningful way, and the cost of discovering that too late is significantly higher than the cost of understanding your position now.

An overview of each of the major EU sustainability regulations, including their specific scope provisions and deadlines, is available here: EU sustainability regulation in 2026: an overview of what is now in force.

A detailed guide to how CSRD and CSDDD obligations flow from EU buyers to their non-EU suppliers through contractual mechanisms is available here: How EU sustainability legislation flows down from buyer to supplier.

This article is part of the Verdandi EU sustainability regulation series. Verdandi is Citium’s EU sustainability compliance tracker, currently in development. If you want to be kept informed ahead of launch, get in touch.

Stay in the know!

Subscribe for news updates.

Next up

DORA vs NIS2: understanding the overlap for financial firms

Both DORA and NIS2 apply to EU financial firms, but they do not apply equally or in the same way. This article explains the relationship between the two frameworks, where they overlap, where DORA takes precedence, and what financial firms need to do about the residual gap.