ESG Omnibus update: Council adopts its final position on the second Omnibus regarding CSRD and CSDDD

The Council’s Final Position includes an adjusted review clause in Article 6(1) of the CSRD, requiring the EU Commission to assess the appropriateness of the amended CSRD. This includes evaluating the voluntary uptake of sustainability reporting standards (Article 29ca of the CSRD), and whether and how the scope should be extended—particularly to large undertakings below certain thresholds and third-country companies operating in the EU without a local presence. The review must also consider the need for sustainability data to support private investment, the impact on competitiveness, best practices, companies’ readiness, and whether a broader scope justifies a simplified reporting regime in line with the principle of proportionality.

The CSRD initially required the EU Commission to adopt sustainability assurance standards by 1 October 2026. However, due to concerns about the costs and complexity of these requirements, the EU Commission has been granted more flexibility in adopting the initial standards (see recitals 3 and 4 of the Council’s Final Position). By 2026, the EU Commission will issue targeted guidelines to support limited assurance procedures. Additionally, the CSRD originally empowered the EU Commission to adopt more stringent "reasonable assurance" standards by 1 October 2028. However, this requirement has been removed from Article 26a(3) of the Directive 2006/43/EC through the CSRD to avoid increasing assurance costs. Consequently, sustainability reporting will only be subject to limited assurance.

The Council confirms the position of the EU Commission in the proposed new Article 29ca CSRD that the EU Commission will be empowered to adopt a delegated acts by to provide for sustainability reporting standards for voluntary use, which shall be proportionate to and relevant for the capacities and the characteristics of the undertakings for which they are designed and to the scale and complexity of their activities. On the other hand, to avoid an increase in the number of prescribed datapoints, the empowerment of the EU Commission to adopt sector-specific reporting standards is proposed to be removed from the CSRD.

With regard to public interest entities that are currently required to prepare and publish a sustainability statement (the so called ‘wave 1’), the Council states with regard to the proposed Article 5(3) CSRD that EU Member States may exempt undertakings or issuers which do not exceed the average number of 1,000 employees during the financial year from complying with the CSRD during the financial year that starts between 1 January and 31 December 2026. This forms an addition on the second Omnibus as proposed earlier by the EU Commission. According to the Draft Position of the Council, as from 1 January 2027 these undertakings are no longer in scope of the CSRD. In addition, by amendment of Article 19a (10) and 29a (9) CSRD in the Draft Position, the subsidiary exemptions can also be applied by public interest entities that have their securities listed on a regulated market.

One of the key amendments to the CSDDD proposed by the EU Commission in the second Omnibus is limiting the initial due diligence obligation in Article 5 to an in-scope company’s own operations, subsidiaries, and direct business partners. This is a change from the original CSDDD because in-scope companies will no longer be required to conduct in-depth assessments of indirect business partners unless they have objective, verifiable information indicating that these partners are causing or contributing to adverse impacts, such as human rights violations.

While the Council’s endorsement of this limitation was anticipated, its formulation of the exception is particularly noteworthy. Under the EU Commission’s second Omnibus proposal, companies were expected to act upon "plausible information." The Council has now replaced this concept with a more precise definition: "Information that objectively has a reasonable likelihood of being true" (see recital 21a of the Council's Final Position). This includes credible data from government bodies, baseline studies, third-party impact assessments, NGO reports, local community grievances, and academic research.

Additionally, the Council’s Final Position introduces an additional obligation: in-scope companies must map their chain of activities to identify indirect business partners based on reasonably available information to detect such objective, verifiable information. This expectation reinforces the idea that companies must look beyond their direct business partners when conducting due diligence under the CSDDD.

The proposed definition of 'objective and verifiable information' expands the range of sources that could trigger due diligence obligations under the CSDDD, making it more likely that in-scope companies will need to address adverse impacts further down their chains of activities. By explicitly referencing the OECD Guidelines for Responsible Business Conduct, the Council highlights that relying on external sources, such as NGO reports or trade union alerts, constitutes good practice and helps companies fulfil their duty of care under the CSDDD.

Where such information is available, or could reasonably be expected to be known, in-scope companies must carry out an in-depth assessment. This obligation also applies where a business relationship appears to be intentionally structured to obscure a high-risk supplier. The aim of these assessments is to gather accurate and reliable data on the nature, severity, likelihood and causes of potential adverse impacts in order to enable proper risk prioritisation (Article 9 of the CSDDD) and the adoption of appropriate measures (Articles 10–12 of the CSDDD).

As proposed by the EU Commission through the second Omnibus proposal, any likely or existing adverse impact must be treated as identified once it has been confirmed. Furthermore, in-scope companies are expected to ensure that their code of conduct on human rights, labour rights and environmental standards is upheld throughout the chain of activities. This includes communicating expectations to business partners, both direct and indirect, and providing support to SMEs.

The Council's broader interpretation of 'objective and verifiable information' suggests a more ambitious approach than that of the EU Commission. Although the Council formally supports limiting the scope of due diligence, the substance of its proposal arguably brings the obligations of in-scope companies closer to those set out in the original CSDDD. In practice, the lowered threshold for what constitutes relevant information means that in-scope companies may still be expected to investigate indirect business partners in many more situations than initially anticipated. Consequently, it is unclear to what extent the proposed limitation, further defined by the Council, will meaningfully reduce the burden of due diligence obligations.

Notably, under the Council’s Final Position the CSDDD does no longer require in-scope companies to contractually cascade their code of conduct throughout their chain of activities. Instead, in-scope companies are expected to communicate their expectations to business partners. While in-scope companies may still request that their code of conduct be adhered to through contractual arrangements, this is no longer a binding obligation under the Council’s Final Position. This clearly softens the original due diligence framework of the CSDDD, shifting from a mandatory contractual mechanism to a more voluntary, expectation-based approach. While this approach still promotes alignment with the in-scope company’s code of conduct, it significantly reduces the enforceability of these expectations further down the chain of activities, thereby diminishing the contractual dimension of due diligence obligations under the CSDDD.

The Council’s Final Position does not adopt the 500-employee threshold in Article 5 of the CSDDD for limiting information requests to direct business partners, as included by the EU Commission in the second Omnibus. Instead, the threshold is increased to 1,000 employees. This higher threshold in Article 5 of the CSDDD suggests an effort to reduce the burden on smaller companies (SME’s) and (further) limit the spill-over effects of the CSDDD.

As also expected, the Council confirms that the timeline for the adoption of the first set of implementing guidelines of the CSDDD has been postponed to 26 July 2026. This delay gives in-scope companies additional time – because of the entry into force of the first “stop the clock” Omnibus to adapt their due diligence processes to the revised CSDDD obligations.

The Council also elaborated that in parallel, the application deadline for CSDDD for all in-scope companies should be deferred to 26 July 2029. According to the Council’s Final Position, that two-year interval should provide in-scope companies with sufficient time to consider the practical guidance and best practices included in the EU Commission’s guidelines when implementing due diligence measures.

In the Council’s Final Position, Article 22(1) of the CSDDD is amended to require in-scope companies to adopt, rather than implement, a climate transition plan. This plan must detail actions to align the business model and strategy with the Paris Agreement and the EU's climate neutrality goals (Regulation (EU) 2021/1119), based on reasonable rather than best efforts. Supervisory authorities are responsible for overseeing the adoption of these plans, focusing on guidance and proportionality rather than penalties. In-scope companies may seek advice from the supervisory authorities and are granted flexibility in the design of the transition plan. Notably, implementation is no longer mandatory and certain design elements are optional, particularly during the initial two-year transitional period.