Third-Party Risk

Corporate Sustainability Due Diligence Directive – empowering third-party risk management

Samah Nour Eddine

Samah Nour Eddine

Director, Customer & Third-Party Risk Intelligence, LSEG

We explore how the European Corporate Sustainability Due Diligence Directive affects third-party management.

  1. Discover how the Corporate Sustainability Due Diligence Directive affects third-party management.
  2. Explore how companies can implement successful sustainable supply chain management practices.
  3. Find out how companies can proactively enhance their third-party risk management programmes.

What is the Corporate Sustainability Due Diligence Directive framework and its extraterritorial impact?

Sustainable supply chain management has become an imperative for companies worldwide. The EU Corporate Sustainability Due Diligence Directive (EUC3D) represents a significant leap forward in third-party risk management. By holding companies accountable for the social and environmental impact of their operations and supply chains, the directive aims to foster a culture of sustainability. Compliance with this directive requires companies to assess and manage their environmental, social, and governance (ESG) risks, disclose sustainability-related information, and ensure supplier adherence to ESG standards.

The European Council approved a scaled-back version of the Corporate Sustainability Due Diligence Directive (CSDDD) on March 15.

  • Compliance thresholds raised to companies with more than 1,000 employees and €450 million in turnover, from the original 500 employees and €150 million.
  • Elimination of the high-risk sector approach, narrowing the directive's applicability and significantly reducing the scope to about 30% of the initial target.
  • The European Council approved a scaled-back version of the Corporate Sustainability Due Diligence Directive (CSDDD) on March 15.

The directive will be phased in over time:

  • Companies with 5,000 employees and €1,500 million turnover will comply within 3 years.
  • Companies with 3,000 employees and €900 million turnover within 4 years.
  • Companies with 1,000 employees and €450 million turnover within 5 years.

Non-compliance with the directive has serious repercussions ranging from legal liability and penalties, reputational damage, financial risks, business disruption and loss of market access and exclusion.

Are today’s due-diligence programmes ready for the directive?

The proposed directive triggers a shift in companies’ approach to due diligence and third-party risk management programmes from a de-risking to an effective risk mitigation culture. With the tools in place today, companies fulfilling the EUC3D requirements may encounter several significant challenges:

Lack of visibility across the supply chain

Gaining visibility into the entire supply chain, including lower-tier suppliers, presents a daunting task. Companies must navigate complex webs of suppliers, each with its sustainability practices. Acquiring comprehensive and accurate data becomes particularly challenging in regions with weak regulatory frameworks and limited transparency. Overcoming this challenge requires innovative approaches to ensure reliable third-party risk intelligence.

Complexity of supply chains

The directive demands holistic reporting on sustainability risks and impacts across the entire supply chain, spanning multiple tiers of suppliers. For multinational companies, managing compliance with ethical and sustainability standards at every level can feel like navigating a labyrinth. Tracking the origin of materials, evaluating their environmental impact, and monitoring labour practices across diverse suppliers is a time-consuming and resource-intensive endeavour. Simplifying the complexity of supply chains is crucial for successful.

EUC3D compliance

The directive requires companies to report on the sustainability risks and impacts of their entire supply chain, including all tiers of suppliers. For many large companies, monitoring compliance with sustainability and ethical standards across multiple tiers of third-party suppliers can be incredibly complex and challenging. For example, if the company sources a particular raw material from different suppliers, it needs to track the origin of the material, its environmental impact, and labour practices of all suppliers. This process can be time-consuming and costly since companies must coordinate with suppliers and manage various types of data.


The management of data in the supply chain due diligence often entails the use of diverse data management systems, leading to the emergence of isolated pockets of third-party risk intelligence. The decentralized nature of due diligence systems, processes, and information introduces an additional layer of complexity, amplifying inefficiencies and increasing the potential for risk exposure throughout the third-party lifecycle. Addressing these issues necessitates a comprehensive and unified approach to data management, verification, and risk assessment, enabling companies to streamline their operations, enhance risk response capabilities, and ultimately strengthen their supply chain resilience.

High cost of third-party risk management implementation

Lower-tier suppliers may not have sufficient resources to comply with the directive’s requirements, and the company in compliance may need to step in and provide support. This support could be in the form of capacity building or sustainability training, which again can be a significant undertaking and require significant investment.

How can companies proactively enhance their third-party risk management programmes to comply with the directive?

Moving away from the tick in the box exercise and proactively developing an effective due-diligence programme is a major culture shift that companies need to comply with the Directive.

Companies should consider the below crucial priorities when navigating the directive with effective due diligence programmes:

Embrace technology for intelligent due diligence

Investing in advanced technologies such as artificial intelligence, machine learning, and data analytics can revolutionise due diligence processes. Leveraging these tools enables companies to automate data collection, verification, and risk assessment. With intelligent due diligence platforms, businesses can efficiently track sustainability data, ensure compliance, and identify potential risks. Integrating technology into supply chain management enhances efficiency, accuracy, and proactive risk mitigation.

Implement a risk-based due diligence process

Companies need to develop an effective and automated risk-based due diligence process that gathers relevant data from suppliers and contributes to the risk assessment based on ethical and sustainable performance. The evaluation process should follow the guidelines of the EUCS3D and should go beyond the first tier of the supply chain to ensure transparency throughout the supply chain. It is crucial to develop a risk-based due diligence programme that tackles risk exposure holistically rather than in siloes. As much as ESG is a priority, other risk factors contribute to a supplier’s risk assessment and are as equally crucial to analyse, mitigate and remediate.

Ensure holistic risk assessments for effective decision-making

Companies need to develop comprehensive risk assessment frameworks that go beyond environmental and social factors. By incorporating financial, operational, cyber, and integrity risks into their assessments and monitoring the supply chain against circumstantial changes to mitigate risk, develop proactive contingency plans and maintain sustainable business growth.

Conduct sustainable supply chain management

Companies can implement sustainable supply chain management practices to ensure that their operations and suppliers comply with sustainable standards. This includes conducting audits, monitoring suppliers’ performance, and implementing corrective actions.

Companies that successfully implement sustainable, ethical, and responsible third-party risk management practices will not only comply with the Directive but also protect their brand reputation, minimise supply chain risks and improve economic and social conditions for both suppliers and affected communities. As such, compliance with the directive should be seen as an opportunity for companies to create value, generate positive change and promote sustainability.

Stay updated

Subscribe to an email recap from:

Legal Disclaimer

Republication or redistribution of LSE Group content is prohibited without our prior written consent. 

The content of this publication is for informational purposes only and has no legal effect, does not form part of any contract, does not, and does not seek to constitute advice of any nature and no reliance should be placed upon statements contained herein. Whilst reasonable efforts have been taken to ensure that the contents of this publication are accurate and reliable, LSE Group does not guarantee that this document is free from errors or omissions; therefore, you may not rely upon the content of this document under any circumstances and you should seek your own independent legal, investment, tax and other advice. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon.

Copyright © 2024 London Stock Exchange Group. All rights reserved.