Frequently asked questions about the EU CS3D

Everstream Team

With the initial implementation of the EU’s Corporate Sustainability Due Diligence Directive (or the EU CS3D) looming in 2027, large businesses only have a few years to prepare for a massive increase in regulatory responsibility. If your company falls into the scope of the CS3D, the time to start making key changes for compliance is now. 

The EU CS3D will oblige large businesses to clearly delineate and adhere to human rights and environmental goals, and to use their power and influence to help their suppliers and customers meet and contribute to these goals. Feeling lost? Here are a few frequently asked questions about the EU CS3D to get started on your company’s preparation process. 

How do I get started on EU CS3D compliance? 

To start, companies must create a code of conduct, which will outline the level of sustainability that is required within their entire business operations. This code of conduct must be made clear to third parties within any new or renewed contracts, so suppliers understand the level of sustainability they will be expected to maintain.  

How will I stay in compliance with EU CS3D? 

A one-time glance at how your supply chain is faring sustainability-wise will not be enough to catch emerging risks, or to maintain compliance to the CS3D. Companies must check every 12 months for compliance within their value network, ensuring that their suppliers and customers are upholding the tenants of the code of conduct.  

Value network monitoring is data-intensive and constant, but it doesn’t have to be overwhelming or manual. Advanced technologies, powered by AI, can sift through verified data sets from a variety of sources, highlighting emerging risks to your supply chain compliance team. The team can then follow up with the offending company with an appropriate response, which should be well-documented for future reference and for reporting requirements.  


EU CS3D flowchart showing the upstream and downstream supply network  Figure 1: The EU CS3D “supplier network” includes both upstream and downstream partners.  

How will I assess suppliers for EU CS3D risk? 

What do you know about your suppliers? What are their current processes like from a sustainability perspective? What is their financial situation? What kind of resources do they have? 

These are just a few questions that companies should consider when evaluating supplier risk, especially before choosing suppliers. Partners throughout your value network might say that they are sustainable, or they might even be trying to be sustainable, but your company can’t just take them that their word. The CS3D requires businesses to fully understand the sustainability level of their value networks in detail, so they can offer the right kind of support if necessary.  

What if my top suppliers are high risk for EU CS3D noncompliance?  

Not all suppliers will have equal weight within your value network. Companies will likely have more influence over key partners, who will, in turn, likely have a larger impact within a supply chain or towards emission targets. Since the CS3D requires in-scope businesses to assist suppliers within their value network instead of moving to alternates, it’s important to leverage this information to take the most effective mitigation action.  

Automated risk management platforms can easily highlight emerging or ongoing risks and score them against your company’s individual risk matrix. By matching risk assessment to your company’s code of conduct, your risk management team can take proactive action if a company is running the risk of non-compliance, or react quickly in the case of an unexpected sustainability issue.  

What do I do about EU CS3D noncompliant suppliers? 

There’s no cutting off one supplier and running to another in the CS3D. In fact, the directive encourages the opposite: in-scope companies are required to offer support, through financial methods or in-kind resource options, and must document their attempts to champion struggling suppliers.  

The EU hopes that larger companies with resources can push smaller and medium-sized companies into better sustainability practices. Successful mitigation actions will require ongoing and accurate monitoring of the value network – otherwise, in-scope companies may be caught by surprise. Instead, in-scope companies should ensure that they have full, constant visualization across their value network, so risk management teams can offer the right kind of support at the right time.  

If the supplier is still not able to meet sustainability requirements after support, the in-scope business can make an educated decision about severing the business relationship. However, this should only be done after fully engaging with the supplier, learning about the flaws in their processes, and making a genuine attempt to solve the issue at hand. 

EU CS3D flowchart showing supplier compliance process  Figure 2: EU CS3D compliance will require companies to work extensively with their suppliers. 

What are the reporting requirements for the EU CS3D? 

All relevant EU CS3D activities must be documented and reported annually alongside a company’s yearly financial statements. This is where all of proof of assessments, offers and implementation of support, code of conduct, and sustainability status should be publicly shared with key stakeholders and filed with the EU.  

Companies are mandated to create a complaints system to highlight any emerging issues. Cases can be brought within five years, so accurate documentation of complaints and any subsequent actions is key to protecting your company from costly and damaging lawsuits.  

What are the penalties for non-compliance with the EU CS3D? 

The EU CS3D introduces civil liability against in-scope businesses. In essence, businesses can be held accountable for any personal harm caused by intentional or negligent failure to comply to the CS3D.  

Digital tools will be critical for running a smooth and reliable documentation process. Any risk data that is gathered and assessed, and records of any compliance action, such as offers of financial or in-kind support, should be stored digitally for five years.  

With the EU CS3D newly signed into law, businesses across the bloc will only have two years to get their sustainability processes in order. The EU is forcing its biggest companies to take accountability for their value networks, and lend a helping hand to create a greener future for all. Find the right solutions to automate your compliance activities now, from monitoring to assessment and more, to get ahead of this legislation.  


Share this post