The significance of ESG regulatory changes on supply chain due diligence

Overview

Since the start of 2025, developments in the “deregulation agenda” across the US and EU have landed at hurtling pace. The latest is the Omnibus package “Omnibus 1”, the EU Commission’s proposal to amend the EU’s Corporate Sustainability Due Diligence Directive (CSDDD) and the Corporate Sustainability Reporting Directive (CSRD). This article analyses the significance of proposed changes in the context of transparency in supply chains, concluding the following:

• Aspects of hard law have been softened or removed in the proposed changes, ultimately making supply chain due diligence, climate risk considerations and ESG reporting a case-by-case / company-by-company specific exercise.

• Companies will have more time to prepare for incoming legislation, under the “stop-the-clock” Directive, adopted by the Council of the EU on 14 April 2025 (which Member States must transpose into national law by 31 December 2025). A positive is that it should reduce non-sustainable or unaligned compliance actions being pushed through quickly.

• Conducting due diligence on suppliers is not only becoming imperative for transparent reporting purposes, but is also crucial in building supply chain resilience and increasing trust with stakeholders and customers. Given the ever-changing regulatory environment, the latter two considerations should drive the design of a third-party due diligence programme in the near term.

Omnibus package

After the publication of the Omnibus package in February 2025 and “closed door consultations” in March 2025, proposed revisions were announced in April 2025. Proposed and confirmed revisions to the CSRD include:

• A two-year delay to implementing CSRD for “wave two” (large) companies and “wave three” (SMEs) confirmed under the stop-the-clock Directive;
• Increasing the thresholds, related to company size, for companies caught in CSRD’s scope;
• Voluntary reporting standards for out-of-scope companies;
• Further changes pending, following the EU Commission’s revisions to the European Sustainability Reporting Standards (ESRS); and
• No sector-specific standards.

With respect to the CSDDD, proposed revisions include:

• Delays to the deadline under the stop-the-clock Directive– the largest companies having to report by July 2028 – and the introduction of larger intervals between updated assessments. The transposition deadline for the CSDDD into national law has also been delayed to 26 July 2027;
• Limiting due diligence to direct suppliers (Tier 1 suppliers) – unless the company has “plausible” information to suggest adverse human rights or environmental impacts have or may arise in the wider supply chain;
• Removing the need for companies to sever business ties as a last resort where issues are identified; and
• Deferring the enforcement of civil liability provisions to respective national civil liability regimes to determine the law.

For proponents of the original text in the CSDDD, these changes constitute a removal of the main hallmarks of groundbreaking legislation that would have forced major change with respect to corporate accountability amongst key industry players – particularly the need for indirect supplier due diligence and reporting.

This “simplification” agenda occurs against a backdrop of increasing environmental and human rights abuses globally. For example, “land grabs” are taking place in communal areas of the Democratic Republic of Congo, where foreign investors log trees (most log exports go to China), forcibly remove indigenous communities and use the land for mining. In 2022, the DRC Ministry for the Environment and Sustainable Development (MEDD) issued a decree provisionally suspending 12 illegally granted concessions covering almost two million hectares of land. Yet, there is little to no enforcement of these concession reversals.

Additional ESG legislation

Two recent pieces of EU trade regulations – the EU Deforestation Regulation (EUDR) and the EU Forced Labour Regulation (EU FLR), both of which tackle the importation of products linked to deforestation and forced labour respectively – do constitute robust measures. Yet, as with the CSDDD and CSRD, EU negotiators opened the once-finalised EUDR text for revision at the end of 2024, delaying its implementation and amending the “categorisation of risk” system, originally put in place to denote riskier jurisdictions and support early assessment.

Should enforcement of these regulations go ahead as planned, and if enforcement is taken as seriously as the Uyghur Forced Labour Prevention Act is in the US (with acknowledgement that this legislation has also been prioritised by those involved in the US’s anti-China trade and geopolitical agenda), then the bills will have significant consequences for global transparency.

The EUDR requires companies trading in a broad list of commodities to conduct a risk assessment and produce a due diligence statement identifying any risk of non-compliance with the law. This will relate to the raw materials in their products and so, full supply chain due diligence will be required to produce this statement. The EU FLR, which was brought into force at the end of 2024 and requires compliance by December 2027, is the first legislation to prohibit products made with forced labour from entering the EU. It does not focus on any particular type of forced labour, it applies to all companies, regardless of size, and encompasses forced labour at any stage of a product’s supply chain, including components and raw materials. The onus will be on the importing company to establish supply chain risk management and due diligence processes well in advance of an incident, so as to prove that risk mitigations are in place if products are stopped at the border. In addition, recent guidance published by the UK Home Office on modern slavery emphasises the need for robust supplier diligence.

Closing thoughts

Despite the recent EU revisions to the CSDDD, CSRD, ESRS and EUDR, there is still incentive for companies to invest in detection, pre-emption and remediation of abuses in the supply chain. Besides better trading practices and compliance with impending and existing laws, the obvious upside is that companies will be more resilient to supply chain disruption and benefit from supply chain efficiencies. They will also have a competitive advantage from being attuned to consumer and stakeholder feedback. This is a strong counter argument to those seeking to amend ESG regulations on the basis that EU companies need to remain “competitive”, presumably in the face of “less regulatory-burdened companies”. This is seemingly less relevant with the introduction of widespread tariffs by US President Trump and ensuing trade wars, which adds another level of complexity to existing trade dynamics.

Sceptics of CSRD have also argued that the requirement for companies to produce double materiality assessments (DMA) could highlight risks and issues that may be abused by litigious third parties “looking for disclosures that can give rise to claims”. A [here unnamed] law firm said “the DMA process may cause companies to identify potential human rights impacts in supply chains and declare these ‘material’ in contrast to their previous communications on the topic.” However, this is the point – companies should already have systems in place to detect and remediate human rights and environmental abuses within an organisation. If DMA submissions help a company along with this process and support the recognition of their importance to business continuity, that will benefit the company, supply chain workers and stakeholders. The real red flag lies in the corporate’s desire to conceal or supress this information in the first place. This element of the CSRD appears to be retained.

As a risk consulting firm, Aperio is asked to conduct due diligence in the context of client onboarding, mergers and acquisitions, new market entry or new transactions. These assignments cover the identification of typical white-collar crime (bribery, money laundering, sanctions breaches, theft and fraud) as well as unethical trading practices (spanning ESG risk, with a focus on human rights issues and mistreatment of workers and indigenous communities). The practice of identifying these issues is only becoming more pronounced, with a sharper consumer base and – albeit now shapeshifting – a regulatory landscape that is clamping down on unethical manufacturing and trading. The need for supply chain and integrity due diligence is therefore only increasing, and we do not see any deregulation agenda having a material impact overall on the need for companies to ensure they are partnering with aligned companies and individuals.

For more information on Aperio’s ESG and Due Diligence services, please contact Natasha Buchler, Head of ESG – natasha.buchler@aperio-intelligence.com.