The European Commission’s first “Simplification omnibus package” to amend the Corporate Sustainability Reporting Directive and Corporate Sustainability Due Diligence Directive is expected as soon as Wednesday, February 26. In the last few days, a purported draft amendment proposal was leaked. Numerous news articles and social media posts otherwise speculating about the status and content of the omnibus also have been published.
In this post, we take a detailed look at the leaked draft Directive and the current state of play and provide some of our own observations.
The Current State of Play
Drafting responsibility for the amendments to the CSRD and CSDDD sits with European Commission DG FISMA (Directorate-General for Financial Stability, Financial Services and Capital Markets Union). According to media reports, the draft proposal prepared by DG FISMA is now in interservice consultation. This process involves the lead Directorate-General seeking feedback from other DGs with an interest in the proposal. Media reports have indicated that the other consulting Directorates-General are DG CLIMA (Directorate-General for Climate Action) and DG JUST (Directorate-General for Justice and Consumers).
The Draft Directive
A draft Directive that would amend the CSRD and CSDDD has been circulating over social media during the last few days. This leaked draft may not in some respects match the DG FISMA consultation draft. Official communications on the omnibus by the Commission have been limited and it has been reported that the CSRD/CSDDD amendment has been kept to a small group. In addition, recent media reports have indicated that there is substantial internal disagreement within the Commission over the extent of the amendments that should be proposed.
The specifics of the Commission proposal are therefore still a matter of speculation. Hopefully, there will be some clarity later this week.
Keeping in mind the opaqueness and likely fluidity of the proposal, the leaked draft nevertheless serves as a reference point.
Level 1 versus Level 2
Level 1 legislation requires approval of the European Parliament and Council. Level 2 measures would allow the European Commission to take action through delegated acts or implementing acts, pursuant to authority granted in level 1 legislation. Level 2 measures still involve input by the Parliament and Council, albeit more streamlined. Although not exactly the same, but close enough to draw a comparison for a U.S. reader, level 1 legislation is somewhat analogous to the process by which a bill becomes a law while level 2 measures are closer to an agency rulemaking.
It is expected that the CSRD/CSDDD proposal will include a combination of level 1 and level 2 approaches. Changes to the CSRD are likely to be more weighted toward level 2 delegated acts, specifically amendments to the existing European Sustainability Reporting Standards adopted by the Commission under the CSRD pursuant to delegated authority. In contrast, changes to the CSDDD are more likely to be level 1. This is consistent with the approach taken in the leaked draft Directive.
Regulation versus Directive
Regulations apply directly in EU member states. Directives must be transposed into national law by each member state. The CSRD and CSDDD are of course both Directives, as evidenced by the “D” at the end of each name. There has been speculation whether some amendments may take the form of a Regulation, to bypass the potentially lengthy and messy process of member state transposition that already has been causing CSRD compliance complications for companies. However, the leaked draft is a Directive, rather than a Regulation.
Regarding member state adoption, the leaked draft contemplates one year to do so. As many readers will recall, member states had 18 months to transpose the original CSRD. A large number – seven – still have not done so, many months after the deadline. As discussed below, the leaked draft Directive contemplates modest CSRD amendments, mostly pertaining to the reporting threshold. A skinny CSRD amendment is likely to mitigate transposition timing concerns.
Transposition of CSDDD amendments should not raise significant timing concerns. Member states are at the beginning of the CSDDD transposition process anyway. In addition, the CSDDD currently would not first apply until mid-2027 and, as discussed below, the leaked draft Directive contemplates an additional year before compliance will be required.
Corporate Sustainability Reporting Directive
Compliance Thresholds
It seems a certainty that the compliance thresholds for CSRD reporting will be increased. This was previewed in the Commission’s Competitiveness Compass published in January. Several member states, including Denmark, France and Germany, also have advocated for this in publicly released statements.
Most U.S.-based multinationals currently phase in to the CSRD for fiscal 2025 based on the “large undertaking” construct in the Accounting Directive. The leaked draft Directive would substantially raise the reporting threshold, replacing the large undertaking threshold with the €450 million net turnover and 1,000 employee thresholds in the CSDDD for undertakings and parent undertakings of a group.
The next important phase-in for U.S.-based multinationals is the non-EU parent (third-country undertaking) phase-in, which applies from fiscal 2028. Consistent with the foregoing, the leaked draft Directive would raise the net turnover threshold for third-country undertakings from €150 million to €450 million.
A large number of U.S.-based multinationals will be scoped out of CSRD reporting if the thresholds in the leaked draft Directive are adopted. However, this will not benefit larger multinationals. Hundreds of U.S.- (and other non-EU-) based multinationals will still be subject to the CSRD. Even a scaled-back CSRD will require reporting by thousands of companies. In connection with the adoption of the CSDDD, it was estimated that approximately 5,500 companies will have compliance obligations at its thresholds.
Materiality
According to some media reports, a least one internal Commission draft would have scrapped double materiality for CSRD reporting. Rather than keying reporting off either financial or impact materiality, only financial materiality would be taken into account. This would more closely align the CSRD with the ISSB reporting standards, which do not apply a double materiality approach. However, single materiality is not part of the leaked draft Directive.
Taxonomy Reporting
The big question here is whether it will be voluntary or mandatory. Current speculation is leaning toward voluntary Taxonomy Regulation reporting for companies subject to the CSRD. There are alternative calls to instead scale back Taxonomy Regulation reporting, but to still have some mandatory disclosures.
The leaked draft Directive does not address Taxonomy Regulation reporting. Taxonomy Regulation reform presumably will be dealt with separately. Taxonomy Regulation reform raises numerous other considerations, such as changes to corporate KPI reporting, the Do No Significant Harm criteria, the Green Asset Ratio and use of estimates (for a discussion of Taxonomy Regulation simplification, see the EU Platform on Sustainable Finance’s February 2025 report).
When the definitive draft Directive is released, the Commission hopefully will provide some visibility on what it intends to do regarding Taxonomy Regulation reporting by CSRD reporters, since this will be important for their compliance planning.
Value Chain Reporting
The CSRD requires undertakings to report information about their own operations and their value chain. A concern has been the burden this places on the value chain, especially smaller companies.
The leaked draft Directive proposes to reduce the reporting burden for companies in the value chain that are not subject to the CSRD, by providing that CSRD reporters should not seek to obtain from these companies information that is not specified in ESRS standards for voluntary use. These standards are intended to be proportionate to the scale and complexity of smaller undertakings. Voluntary reporting standards are to be adopted by the European Commission pursuant to delegated authority.
Other Current ESRS Disclosure Requirements
There have been calls by many constituencies to provide relief from the large number of ESRS disclosure requirements. For example, Germany has proposed substantially reducing ESRS data points and content and introducing individual data points in stages over time. France has proposed drastically reducing the number of ESRS indicators and focusing them on climate objectives. Denmark has proposed cutting and simplifying reporting requirements by 50% to 75%.
The leaked draft Directive does not address trimming the current ESRS disclosure requirements. This will presumably instead be addressed through level 2 measures that amend the ESRS. However, when the definitive draft Directive is released, the Commission hopefully also will provide some visibility on what it intends to do in this regard, since this will be important for companies’ compliance planning.
Sector-specific Standards
The CSRD empowers the Commission to adopt sector-specific reporting standards by delegated acts, with the first set of standards currently to be adopted by June 30, 2026. EFRAG – the technical advisor to the Commission that develops the draft ESRS – had an ambitious workplan for sector-specific standards across eight broad industry groups. The Commission however subsequently deprioritized the preparation of these standards (see this Ropes & Gray post). The leaked draft Directive would eliminate the Commission’s empowerment, permanently putting sector-specific standards on hold.
Assurance
The CSRD requires limited assurance of sustainability reporting. Undertakings and assurance providers have been grappling with the lack of clarity in this area. Some commentators have advocated for the assurance requirement to be put on hold or delayed.
The leaked draft Directive takes a different, lighter-touch approach. It instead indicates that, in addition to adopting standards by delegated act (required by October 1, 2026), the Commission would be required to issue targeted assurance guidelines that clarify the necessary procedures that assurance providers are to perform as part of their limited assurance engagement.
The CSRD also empowers the Commission to adopt standards for reasonable assurance by October 1, 2028. This provision would be deleted, effectively freezing the review at the limited assurance level.
Corporate Sustainability Due Diligence Directive
Timing
In its January public statement, France recommended that the CSDDD be put on indefinite hold. The leaked draft Directive instead proposes a more modest delay, coupled with scaling back due diligence requirements as further discussed below.
The leaked draft Directive contemplates delaying initial CSDDD compliance by one year, to July 26, 2028. In addition, the Commission's deadline for adopting general due diligence guidelines would be moved up to July 26, 2026, from January 26, 2027. This would give companies two full years to take the guidance into account in developing their due diligence measures.
Risk Assessment
The CSDDD requires a risk-based system to assess actual and potential adverse human rights and environmental impacts in both the upstream and portions of the downstream.
The leaked draft Directive generally would limit the requirement to identify and assess actual and potential adverse impacts to direct business partners (i.e., the tier 1). An in-depth assessment only would be required with respect to an indirect partner if the subject company has plausible information that suggests that adverse impacts have arisen or may arise at that level.
This is the approach taken in the German LkSG (or Act on Corporate Due Diligence Obligations in Supply Chains). However, irrespective of whether plausible information regarding an indirect business partner is available, the subject company would be required to seek contractual assurances from the direct business partner that it will ensure compliance with the company's code of conduct (which is part of the due diligence policy) through flow-down requirements.
The burden on smaller direct business partners in connection with risk mapping also would be reduced. The leaked draft Directive provides that member states would be required to ensure that companies generally do not seek to obtain from direct business partners with fewer than 500 employees information that exceeds that provided for in voluntary ESRS adopted pursuant to the CSRD.
Risk Mitigation
The proposed amendments in the leaked draft Directive would remove the duty to terminate business relationships. However, under certain circumstances, suspension of the relationship still could be required.
Monitoring
As proposed in the draft amendments, companies only would need to assess the adequacy and effectiveness of due diligence measures every five years, instead of annually. More frequent ad hoc assessments in the event of changed circumstances still would be required.
Stakeholder Engagement
To reduce compliance burdens and make stakeholder engagement more proportionate, the leaked draft Directive proposes that subject companies only would have to engage with workers, their representatives and individuals and communities whose rights or interests are or could be directly affected by the products, services and operations of the company, its subsidiaries and its business partners, and that have a link to the specific stage of the due diligence process being carried out.
In addition, stakeholder engagement only would be required for selected aspects of the due diligence process, specifically at the impact identification stage, when developing prevention and corrective action plans and when designing remediation measures. Engagement would no longer be required in connection with deciding to terminate or suspend a business relationship or when developing quantitative or qualitative indicators for monitoring.
Member State Harmonization
The CSDDD currently prohibits member states from introducing into their national laws requirements that expand specified obligations relating to identifying and assessing actual and potential adverse impacts, preventing potential adverse impacts and ending actual adverse impacts. To ensure that member states do not go beyond the CSDDD and create a fragmented regulatory landscape that results in legal uncertainty and unnecessary burden, additional aspects of the CSDDD due diligence process generally would be required to be harmonized across members states.
These would include additional elements relating to due diligence support at the group level, identifying and assessing actual and potential adverse impacts, preventing potential adverse impacts, ending actual adverse impacts and the complaints notification mechanism. However, member states would still be able to introduce more stringent requirements or more specific provisions in other respects.
Downstream Financial Services Activities
The CSDDD currently requires the Commission to submit a report to the Parliament and Council on the necessity of adopting additional due diligence requirements tailored to the provision of financial services and investment activities. This review requirement would be scrapped.
Climate Transition Plan
The CSDDD requires subject companies to adopt and put into effect a best efforts climate change mitigation transition plan. The leaked draft Directive would not eliminate the climate transition plan requirement. However, it proposes better alignment with the CSRD by replacing the requirement to put into effect a climate transition plan with a clarification that the obligation to adopt a transition plan includes outlining implementing actions planned and taken.
Penalties and Damages
The leaked draft Directive would eliminate the requirement that member states adopt penalty provisions that provide for a maximum penalty of not less than 5% of net worldwide turnover. More generally, fines assessed would not need to be commensurate with turnover.
The private right of action contemplated by the CSDDD is one the most concerning areas for subject companies. The leaked draft Directive also provides that member states would not be required to ensure that a subject company could be held liable under national law for damages to third parties.
However, the draft provides that if a company is held liable under national law for a failure to comply with the due diligence requirements under the CSDDD, the injured party would have a right to full compensation. In addition, member state national law would not be required to allow alleged injured parties to authorize a trade union, non-governmental human rights or environmental organization or other non-governmental organization to bring actions to enforce their rights.
About our Practice
Ropes & Gray has a leading ESG, CSR and business and human rights compliance practice. We offer clients a comprehensive approach in these subject areas through a global team with members in the United States, Europe and Asia. Senior members of the practice have advised on these matters for more than 30 years, enabling us to provide a long-term perspective and depth and breadth of experience that few firms can match. For further information on the practice, click here
Subscribe to Ropes & Gray Viewpoints by topic here.
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.