In the last few years, the EU (and its Member States) has been bullish on regulating the environmental, social and governance-related behavior of companies. Ever since the experiments with voluntary disclosure yielded too little of an effect, the push for mandatory disclosure has gained momentum. This has led to three key pieces of regulation: on the level of the EU, we have the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD), and on the national level we have Germany's own Supply Chain Due Diligence Act (LkSG).Even if you managed to avoid your lawyers' newsletters until now: In case you lead or work in a company of over 250 employees, now is the time to get acquainted with how these documents affect your business. This article will tell you what you need to know.

April 8, 2024

Quick summary of different regulatory frameworks to keep close

The CSRD is finalized and adopted, which means: a lot more intersection between the legislation is coming and companies are rightfully asking how many reports they are supposed to submit, as well as which data is nice to have and which is mandatory. Here is a short overview of three key pieces of legislation currently observed from the point of view of the German market.

This table can also be viewed here.

EU: Corporate Sustainability Reporting Directive

Applicable as of:

Companies needing to react: 

EU-based companies that meet at least two out of three following criteria:

  • More than 250 employees, and/or
  • More than €50M net turnover, and/or
  • More than €25M of total assets.

All publicly listed companies which have more than 10 employees or more than €20M net turnover are also subject to regulation.

Main obligations:

Disclosure of relevant environmental, social and governance metrics under the "double materiality" principle - sustainability risks affecting the company, as well as the impact of the company to the society and the environment, in accordance with the European Sustainability Reporting Standards (ESRS).

Reports should be audited and provided in a machine-readable format, submitted to European Single Access Point. All reports should be prepared in accordance with European Sustainability Reporting Standards.


The sanctions are yet to be set but are expected to be significant. 

The nature and the amount of the fines are left to be decided by each Member States. Germany is implementing these through different existing frameworks: for example, an amended German Commercial Code stipulates the penalty of either EUR 2 million or twice the unlawfully generated economic advantage (the profits gained or losses avoided because of the breach). In addition, fines may comprise of as much as 5 % of the annual turnover and the monetary penalty may be increased by up to EUR 10 million. Moreover, reputational damage of the company is not to be neglected.

Estimated costs of adhering to obligations:

  • Costs of establishing a data management system within the company;
  • Costs of auditing and having data readily available for audit;
  • Costs of timely submitting reports in the right format.

EU: Directive on Corporate Sustainability Due Diligence

Applicable as of:

In force as of 25 July 2024. Member States have to transpose the Directive into national law and communicate the relevant texts to the Commission by 26 July 2026.

Companies needing to react:

  • Large EU limited liability companies & partnerships: more than 1000 employees and EUR 450 million turnover (net) worldwide.
  • Non–EU companies which generate the turnover of more than EUR 450 million (net) in EU.

Main obligations:

Companies are expected to:

  • Integrate due diligence into policies, 
  • Identify adverse human rights and environmental impacts,
  • Prevent or mitigate potential impacts,
  • Bring to an end or minimize actual impacts,
  • Establish and maintain a complaints procedure,
  • Monitor the effectiveness of the due diligence policy and measures, and
  • Publicly communicate due diligence findings.

Additionally, large EU-based companies need to adopt and put into effect, through best efforts, a transition plan for climate change mitigation aligned with the 2050 climate neutrality objective of the Paris Agreement as well as intermediate targets under the European Climate Law.


Sanctions, as well as implementation and supervision over the law, are to be set by the national administrative authorities appointed by Member States. These authorities may also impose fines in case of non-compliance. In Germany, this role is currently taken by the BAFA - Federal Office for Economic Affairs and Export Control.

Victims are also entitled to request civil liability: victims need to get compensation for damages resulting from an intentional or negligent failure to carry out due diligence.

Additionally, EU published a Communication on Decent Work Worldwide, confirming that it is preparing a separate initiative to prohibit goods made with forced labour, including forced child labour, from the EU market.

Estimated costs of adhering to obligations:

  • Costs of establishing and operating the due diligence procedures;
  • Transition costs, including investments to change operations and value chains to comply with the due diligence obligation, if applicable.

Germany: Supply Chain Due Diligence Act

Applicable as of:

1st of January 2024, for the financial year of 2023

Companies needing to react:

Germany based companies, or international companies acting in Germany, which have:

  • From 2023, more than 3,000 employees;
  • From 2024, more than 1,000 employees.

Other than full-time employees, companies need to also account for temporary staff which are engaged for over 6 months as well as all employees of affiliated entities which are employed by the German company, posted abroad or not.

Main obligations:

Similar to the EU draft, most prominent obligations relate to establishing a risk management system and performing regular supply chain analysis of its own performance as well as all the direct suppliers. In addition to this, companies are expected to have preventative policies in place, establish complaints procedures and prepare a list of preventative measures which should take place in case a breach occurs. 

Each company should also prepare an annual report on the fulfillment of its due diligence obligations and make it publicly available on the company's website.


Periodic fines per breach up to EUR 50,000 and up to a total of EUR 8 million or 2% of total worldwide annual turnover. Fines against natural persons for negligent acts may go as high as EUR 800,000.

Companies that have been substantially fined (determined by the amount of the fine) can also be banned from participation in public tenders for up to 3 years.

Estimated costs of adhering to obligations:

  • Costs of establishing and operating the due diligence procedures.
  • Transition costs, including investments to change operations and value chains to comply with the due diligence obligation, if applicable.

Companies prepare for increasingly demanding corporate disclosures

What are the next steps?

It is quite a lot of preparatory work to reach the stage of comfortably issuing a sustainability report, answering your supply chain audit or publishing any other sustainability-related data.

What we know for sure is that both the CSRD and supply-chain focused regulations will impose a lot of new labor for companies. Broadly speaking, it ranges from the collection and structuring to the analysis and communication of data which is distributed throughout the organization - just think about all the different sources of such a broad scope of data: From waste generation and disposal, to injuries at work, to corruption incidents. This is a task that should not be taken lightly, even having the best resources available. The costs of establishing processes and transitional expenses are often underestimated. From our experiences, the first issuance of a sustainability report can take companies as long as 18 months of work. In order to avoid the unforeseen consequences of the transition, there are some steps every company should prepare to take as soon as possible:

  1. Find and empower your internal sustainability champions, and
  2. Digitalize your data collection.

We have been working with some amazing companies and incredible individuals in the past years. Despite all the work, there is a shared sentiment: ESG brings a lot of opportunities and employee gratification.

