The Omnibus endgame: EU Parliament’s Anticipated Final Position on CSRD and CSDDD

Background 

The EU Green Deal has been subject to ongoing negotiations and revisions. As part of this trend, several initiatives have been launched to revisit existing EU sustainability legislation, including the Corporate Sustainability Reporting Directive (CSRD), the Corporate Sustainability Due Diligence Directive (CSDDD), and the EU Taxonomy Regulation (EU Taxonomy).

On 26 February 2025, the EU Commission published two Omnibus packages (please be referred to our earlier blog).

On 3 April 2025 and 16 April 2025, the EU legislators endorsed, via a fast-track procedure, the first Omnibus ‘stop the clock’ proposal to postpone some reporting deadlines under the CSRD and CSDDD (please be referred to our earlier publication). With the formal adoption of the First Omnibus ‘stop the clock’ proposal, the entry into application of the CSRD requirements for large undertakings that have not yet started reporting is postponed by two years, and the transposition deadline and first phase of the CSDDD is postponed by one year.

The second Omnibus aims to reduce the burden of the CSRD and the CSDDD by at least 25%. This includes simplifying sustainable finance reporting and due diligence requirements to support the European Green Deal’s goals.

Final Position of the Council on the second Omnibus adopted on 23 June 2025

The Council adopted on 23 June 2025 its final position on the second Omnibus proposal (the Council’s Final Position). The Council’s Final Position constitutes, in essence, a formal response to the second Omnibus proposal as submitted by the EU Commission on 26 February 2025. The Council’s Final Position broadly aligns with the EU Commission’s proposal in respect of both the CSRD and the CSDDD (please be referred to our earlier publication).

Anticipated Final Position of the EU Parliament

As the legislative process advances, the EU Parliament is expected to adopt its final position imminently. After several rounds of negotiation, on 8 October 2025 a majority agreement was reached on a key compromise package – the Anticipated Final Position. On 13 October, the Legal Affairs Committee (JURI) formally endorsed this Anticipated Final Position. The next steps are as follows: a plenary vote in the European Parliament is scheduled for next week, which will formally confirm the Parliament’s position. Trilogues negotiations between the EU Parliament, the Council, and the EU Commission will commence on 24 October 2025, and there the Omnibus endgame will start. The aim is to reach a final agreement on the second Omnibus by the end of 2025 or early 2026.  

The Anticipated Final Position of the EU Parliament on the CSRD

Companies in-scope under the CSRD

In the Anticipated Final Position, the EU Parliament leaves the scoping of the CSRD untouched in the second Omnibus. Therefore, the envisaged scoping thresholds are:

*These thresholds are to be determined on a stand-alone and, if applicable, consolidated basis.

**With these increased thresholds, listed SMEs will no longer be subject to the CSRD.

***A non-EU undertaking will still be subject to the CSRD either because it:

1. has securities listed on a regulated market in the EEA and they meet the thresholds set out above (either on a standalone or consolidated basis); or
2. is the ultimate parent undertaking of a group that generates over EUR 450 million in the Union for each of the last two consecutive years and has either a large subsidiary undertaking in the EU or has an EU branch that generated over EUR 50 million.

Withdrawal of the EU Commission’s mandatory reasonable assurances standards under the CSRD

The EU Parliament endorses the Council’s Final Position to withdraw the requirement for the EU Commission to adopt mandatory “reasonable assurance” standards for sustainability reporting (see Article 26a(3) Directive 2006/43/EC). Instead, in the Anticipated Final Position, the EU Parliament proposes that only limited assurance will apply, with the EU Commission issuing targeted guidelines by 2026 to support limited assurance procedures. This change is intended to reduce compliance costs and administrative complexity for companies.

Empowerment and limitations in sustainability reporting standards under the CSRD

The EU Parliament confirms the empowerment of the EU Commission to adopt delegated acts for voluntary sustainability reporting standards in its Anticipated Final Position (Article 29ca CSRD). These standards must be proportionate and tailored to the size, capacity, and complexity of the undertakings concerned. Notably, the EU Parliament removes the empowerment for sector-specific mandatory reporting standards, opting instead for voluntary sector-specific guidelines to support materiality assessment and ensuring consistency and comparability (Article 29b(1)).

Reporting undertakings must adopt a risk-based approach, prioritising information on high-risk impacts and sector-specific sustainability issues. They may collect additional sustainability information commonly shared within their sector. Where necessary information is unavailable or incomplete, undertakings are permitted – without time limitation – to explain their efforts, reasons for non-availability, and future plans to obtain such information (Article 29b(4)).

Until the EU Commission adopts voluntary standards – according to the EU Parliament – undertakings may report according to Commission Recommendation 2025/4984, based on the VSME standard developed by EFRAG (Article 29ca). These standards must be proportionate, use simplified language, and support flexibility and progression in disclosures. Sustainability reporting requirements do not oblige undertakings to disclose trade secrets, intellectual property, or know-how, in line with Directive (EU) 2016/943 (Article 29a(5a)).

Exemptions and scope adjustments for Public Interest Entities under the CSR

The EU Parliament agrees with the Council to allow Member States to exempt undertakings or issuers with fewer than 1,000 employees from CSRD obligations for the financial year starting between 1 January and 31 December 2026 (Article 5(3)). From 2027 onwards, these undertakings are no longer in scope, significantly reducing the reporting burden for smaller entities. Subsidiary exemptions are also extended to public interest entities with securities listed on a regulated market (Article 19a(10), Article 29a(9)).

Parent undertakings of large groups (over 1,000 employees and EUR 450 million turnover) must report on sustainability impacts and value creation (Article 29a(1), Article 19(1)). However, parent undertakings that qualify as financial holding undertakings as defined in Article 2(15) are exempted from these obligations, provided they do not have any subsidiaries in the Union with an operating business (Article 29a(1). Furthermore, the EU Parliament introduces a 24-month transition period applies for newly acquired subsidiaries (Article 29a(1)).

Value chain reporting is clarified: undertakings must report on their own operations and their value chain but may not seek information from entities in their value chain with less than 1,000 employees and EUR 450 million turnover, except for information specified in voluntary standards or commonly shared sectoral data (Article 29a(3), Rapp 39). Where legal barriers exist – such as third-country restrictions – default values may be used, and the supervisory authority must be informed (Article 29a(3)).

Climate change transition plan

For the CSRD, the EU Parliament upholds the wording on the climate transition plan as set out by the European Commission. The CSRD continues to require companies to report on their climate transition plans in accordance with the EU Commission’s standards. In contrast, under the CSDDD, the obligations regarding climate transition plans appear to have been watered down.

The Anticipated Final Position of the EU Parliament on the CSDDD

Companies in-scope under the CSDDD 

The EU Commission proposed not to amend the current thresholds under the CSDDD to be considered in-scope. The Council’s Final Position, however, includes raised thresholds and therefore a (further) reduced scope of the CSDDD. The European Parliament aligns with this position by supporting the increased thresholds proposed by the Council, thereby agreeing to a further narrowing of the CSDDD’s scope.

*Thresholds to be met in two consecutive financial years (both to become subject to the CSDDD and to fall outside scope of the CSDDD).

**Where the ultimate parent company has as its main activity the holding of shares in operational subsidiaries and does not engage in taking management, operational or financial decisions affecting the group or one or more of its subsidiaries, it may be exempted from carrying out the obligations provided that one of its EU subsidiaries is designated to fulfil the obligations on behalf of the ultimate parent company. The ultimate parent company remains jointly liable with the designated subsidiary for a failure to comply.

Confirmation and amendments by the EU Parliament on the due diligence obligation for in-scope companies under the CSDDD

One of the key amendments to the CSDDD proposed by the EU Commission in the second Omnibus is the limitation of the initial due diligence obligation in Article 5 to an in-scope company’s own operations, subsidiaries, and direct business partners. This marks a significant change from the current CSDDD: in-scope companies are no longer required to conduct in-depth assessments of indirect business partners unless they have objective, verifiable information indicating that these partners are causing or contributing to adverse impacts, such as human rights violations (see Article 5 and recital 21).

While the Council’s endorsement of this limitation was anticipated, its formulation of the exception is particularly noteworthy. Under the EU Commission’s second Omnibus proposal, in-scope companies were expected to act upon "plausible information". The Council replaced this concept with a more precise definition: "information that objectively has a reasonable likelihood of being true" (recital 21). This includes credible data from government bodies, baseline studies, third-party impact assessments, NGO reports, local community grievances, and academic research.

The EU Parliament builds on the Council’s Final Position by clarifying and expanding the obligation for in-scope companies to map their chain of activities. Whereas the Council required companies to identify indirect business partners using reasonably available information, the EU Parliament further specifies that this mapping must be actively employed to detect objective and verifiable information that could trigger further due diligence (see Article 8(2)(a)-(b), recital 22). In practical terms, in-scope companies are not only expected to map their direct business partners but must also systematically seek indications of risk throughout their chain of activities, including information that may be externally or indirectly available.

A central feature of the EU Parliament’s approach is the adoption of a risk-based and sectoral methodology. In-scope companies must first carry out a scoping exercise, relying solely on reasonably available information – such as public sources, previous cooperation, and secondary data – to identify areas within their own operations, subsidiaries, and relevant business partners where adverse impacts are most likely and most severe (Article 8(2)(a), recital 22). During this initial phase, in-scope companies are expressly not required to request information from their business partners (Article 8(3), recital 22).

Crucially, the EU Parliament introduces a cap on information requests within the chain of activities: in-scope companies are generally not permitted to request information from direct business partners with fewer than 5,000 employees (Article 8(4)). This is a significant increase compared to the Commission’s second Omnibus proposal, which set the threshold at 500 employees, and also higher than the Council’s Final Position, which proposed a threshold of 1,000 employees. The higher threshold reflects a clear effort to reduce the burden on SMEs and further limit the spill-over effects of the CSDDD.

Requests for additional information from such business partners are only allowed as a last resort, and only if the necessary information cannot reasonably be obtained by other means, such as existing or secondary sources. Any such request must be targeted, reasonable, and proportionate, thereby limiting the administrative burden on smaller entities (Article 8(4), recital 22).

However, this limitation is not absolute. Where there is objective, verifiable information indicating that smaller (including indirect) business partners may be causing or contributing to serious adverse impacts – such as human rights violations – in-scope companies are required to conduct further assessments and may, under strict conditions, request information from these smaller partners, even if they fall below the 5,000-employee threshold (Article 5, recital 21). In practice, while the cap is designed to reduce the burden on smaller business partners, the exception may become the rule: whenever there are indications of likely and severe adverse impacts, in-scope companies may still be required to seek information from smaller (indirect) business partners.

If, despite appropriate measures, companies are unable to obtain all necessary information, they must be able to reasonably explain why such information could not be obtained. In such cases, in-scope companies will not be penalised for being unable to prevent or mitigate the adverse impact (Article 8(5), recital 22).

The EU Parliament also introduces significant flexibility for in-scope companies in prioritising which risks addressing first. According to Article 9 and recital 22a, in-scope companies should prioritise the most severe and most likely adverse impacts, based on the scale, scope, or irremediable character of the impact, and taking into account its gravity. Once the most severe and likely adverse impacts are addressed within a reasonable time, in-scope companies should then address less severe and less likely adverse impacts. Importantly, in-scope companies should not be penalised for any harm stemming from less significant adverse impacts that have not yet been addressed according to this prioritisation principle (see Article 9, recital 22a).

In-scope companies are entitled to use a wide range of resources in identifying and assessing adverse impacts, including independent reports, digital solutions, industry or multi-stakeholder initiatives, collaboration, and information gathered through notification mechanisms and complaints procedures (Article 8(5), recital 22). Where, despite appropriate measures, companies are unable to obtain all necessary information regarding their chain of activities, they must be able to reasonably explain why such information could not be obtained. In such cases, in-scope companies will not be penalised for being unable to prevent, mitigate, or minimise the adverse impact (Article 8(5) and Article 9(3)).

This combination of a risk-based, sectoral approach, the cap on information requests, and the prioritisation principle reflects the EU Parliament’s intention to ensure that due diligence obligations are focused where risks are most significant, while also protecting smaller (indirect) business partners form in-scope companies from unnecessary administrative burdens and limiting the spill-over effect throughout the chain of activities. The practical effect may be that, despite formal limitations, in-scope companies are still expected to address risks further down the chain of activities in many cases, particularly in high-risk sectors or where severe adverse impacts are likely.

From mandatory contractual cascading to a risk-based approach

The EU Parliament removes in its Anticipated Final Position the general obligation for contractual cascading throughout the value chain (see recital 22a). However, in-scope companies still could be required to seek contractual assurances from direct business partners as part of their due diligence policy, especially where risks are identified. This marks a shift from a blanket contractual obligation to a more risk-based and proportionate approach in the Anticipated Final Position of the EU Parliament. The precise extent to which contractual assurances will remain a standard due diligence tool, or will be required only in specific scenarios, will depend on the final legislative text after the trilogue negotiations and its interpretation in practice.

The EU Parliament’s watered-down approach towards climate transition plans

The EU Parliament’s Anticipated Final Position represent a clear softening of the effort required from in-scope companies under Article 22 of the CSDDD. Whereas the Council’s text required “best efforts” to align the business model and strategy with the Paris Agreement and the 1.5°C/2050 climate neutrality targets, the EU Parliament now requires only “reasonable efforts” – defined as proportionate and reasonable actions, without the need to exhaust all possible means. The obligation is explicitly one of means, not of results.

In-scope companies are required to adopt (rather than fully implement) a climate transition plan, which must include objectives for 2030 and in five-year steps to 2050, key decarbonisation levers, and a brief description of supporting investments and funding. The plan must be updated annually with a brief progress report. Companies included in a parent company’s transition plan are deemed compliant. Notably, in-scope companies are required to adopt a climate transition plan but are not required to fully implement it. The obligation is limited to adopting and updating the plan, not to achieving the targets or taking all possible actions.

Supervisory authorities will oversee the adoption and design of these plans, focusing on guidance and proportionality rather than penalties. The precise standard for compliance with the Paris Agreement is left open, creating some uncertainty for in-scope companies as to what is required to fulfil their obligations under Article 22.

Civil liability regime under the CSDDD

The EU Parliament has endorsed the removal of a harmonised civil liability regime from the CSDDD. As a result, liability for breaches of due diligence obligations – including those relating to business partners – will be governed by the existing national rules and procedures of each Member State (see Article 29 and recital 28). This means that the practical enforcement and possibilities for representative actions will depend on national law. In the Netherlands, for example, collective actions can be brought under the WAMCA regime, enabling representative organisations to claim damages on behalf of affected parties. Member States must nevertheless ensure effective access to justice and full compensation for victims, in line with international standards.

Administrative sanctions and penalties under the CSDDD

According to the Anticipated Final Position of the EU Parliament, Article 27(1) of the CSDDD requires Member States to impose penalties that are “effective, proportionate and dissuasive.” When determining the nature and level of penalties, Member States must consider the gravity of the infringement and any mitigating or aggravating circumstances (Article 27(2)). Pecuniary penalties must be based on the net worldwide turnover of the company concerned (Article 27(4)). To ensure proportionality, the maximum fine is capped at 5% of the net worldwide turnover, or – where applicable – 5% of the consolidated worldwide turnover of the ultimate parent undertaking for certain group structures. To harmonise enforcement across the EU, the Commission, together with Member States, will develop guidelines to assist supervisory authorities in setting appropriate penalty levels.

Get in touch

The Anticipated Final Position of the EU Parliament demonstrates that, despite broad convergence with the Council on key elements of the CSRD and CSDDD, notable discrepancies and points of debate remain between the adopted texts of the second Omnibus of the different EU legislators. This means that the upcoming trilogue negotiations are likely to be complex and potentially time-consuming – just as was the case during the finalisation of the initial CSDDD. Much remains uncertain about the final shape and impact of the second Omnibus, but it is clear that significant changes have already been set in motion, particularly regarding the narrowing and simplification of obligations under both the CSRD and the CSDDD. To be continued.

As ESG legislation and litigation continue to evolve rapidly, our firm is closely monitoring these developments and the potential liability risks for companies. For tailored advice or further information about the implications of the CSRD, CSDDD, or the second Omnibus, please feel free to contact one of our colleagues below.