The European Union (EU) has now agreed the final version of its Sustainability Omnibus, an all-in one legal change mechanism, reshaping both the Corporate Sustainability Reporting regime (CSRD) and the Corporate Sustainability Due Diligence framework (CSDDD). The changes are substantial. Scope has been narrowed, obligations simplified, and several significant elements of the original frameworks have been scaled back or removed altogether.

For UK companies with EU operations, subsidiaries, listings or supply-chain exposure, this is not a technical adjustment but a strategic reset, which requires careful (re-)consideration of the scope and impact of these laws.

  • Scope and timing: who is still affected, and when?

A central feature of the Omnibus is a decisive narrowing of scope.

For sustainability reporting (CSRD), mandatory obligations are now limited to the largest companies and groups with a meaningful EU footprint. Smaller companies, including listed SMEs, fall outside the mandatory regime.

Non-EU groups are only caught where their EU presence is both economically significant and structurally established. Under the final Omnibus text, this requires EU turnover exceeding EUR 450 million, combined with a substantial EU subsidiary or branch generating more than EUR 200 million turnover. This approach excludes companies whose EU exposure is limited to cross-border sales or light-touch commercial operations. As a result, many UK-headquartered groups that were previously preparing for CSRD will now fall outside scope altogether, or will be affected only indirectly, for example through reporting obligations imposed on EU-headed groups to which they belong.

For corporate sustainability due diligence (CSDDD), the scope is even narrower. The regime is now reserved for a very limited set of the largest global companies, but also still includes major non-EU companies with significant turnover as well as certain franchising/licensing arrangements. The political choice is clear: EU-level due diligence obligations are no longer intended to cascade broadly across markets or supply chains.

In terms of timing, reporting obligations under the revised CSRD apply later and to fewer companies than originally planned, with transitional relief available in the short term. Due diligence obligations under CSDDD are also deferred, with application pushed back to allow companies additional preparation time and to reflect the simplified design of the regime.

  • Main obligations under the final frameworks

CSRD: sustainability reporting

The core reporting obligation remains conceptually intact: in-scope companies must explain how sustainability issues affect their business, and how their activities impact people and the environment (so-called “double materiality” reporting). However, the way this is to be done has changed materially.

Reporting standards are to be simplified. The volume of mandatory datapoints will be reduced and narrative reporting shortened. Clearer guidance is also to be provided on materiality.

A particularly important change for UK companies is the protection of value-chain actors. Smaller suppliers and business partners are given explicit rights to refuse excessive information requests as well as other rights to protect their position within the value chain. Companies preparing reports must take a proportionate approach to data collection and may rely on reasonable estimates where full information is not available.

  • CSDDD: sustainability due diligence

The due diligence framework has been fundamentally reshaped into a risk-based system. Companies are expected to identify areas where adverse human rights or environmental impacts are most likely and most severe, and to focus their efforts there. Exhaustive mapping of entire supply chains is no longer the expectation.

The emphasis is on prioritisation, judgement, and governance rather than on universal controls. Engagement with business partners must be targeted and proportionate, particularly where those partners are smaller or outside the EU.

One of the most significant changes is the removal of the obligation to adopt and implement a climate transition plan under the due diligence regime. Climate considerations remain relevant, but they are no longer framed as a standalone, enforceable planning obligation under CSDDD.

  • Consequences of getting it wrong

For CSRD, the primary risks are regulatory and reputational. Incorrect, misleading, or incomplete reporting may expose companies to enforcement action by national authorities, as well as scrutiny from investors, lenders, and other stakeholders. Think greenwashing litigation and other forms of litigation, which are rising to compensate for the softened or abandoned regulatory systems in important jurisdictions such as the EU. While assurance requirements remain limited under the CSRD, sustainability disclosures are increasingly treated as part of the broader corporate reporting ecosystem, with corresponding expectations of accuracy and governance.

For CSDDD, enforcement is administrative rather than criminal. Supervisory authorities may impose fines, subject to an EU-wide cap, and require remedial action. Importantly for UK companies, the Omnibus removes the EU-level civil liability regime that had been one of the most contentious elements of the original proposal. Liability for damages is now left to national law, leading to a scattered system which requires co-ordination and mapping of related risks.

  • What has changed compared to the original texts?

Compared to the earlier versions of CSRD and CSDDD, the final Omnibus text represents a clear shift in regulatory philosophy:

  • Scope has been significantly reduced, excluding many companies that were previously preparing for compliance.
  • Reporting requirements have been simplified, with a stronger focus on materiality.
  • Sector-specific reporting standards have been abandoned.
  • Value-chain reporting and due diligence has been eased, and the rules require strategic mapping and priority setting.
  • The climate transition plan obligation under due diligence has been removed.
  • EU-level civil liability for due diligence failures has been deleted.
  • More time has been built into implementation and review.

At the same time, both regimes include review clauses that allow the EU to revisit scope and design in the future. The Omnibus should therefore be seen as a recalibration, not a permanent retreat.

  • What this means in practice for UK companies

For many UK businesses, the immediate compliance burden will be lighter than expected. However, this does not mean that sustainability considerations can be ignored. EU requirements continue to shape investor expectations, contractual practices, and governance standards, even for companies outside the formal scope.

The key shift is from volume compliance to strategic positioning. Legal and compliance teams should reassess whether they are in scope, and how EU obligations interact with UK disclosure and governance requirements. Where appliable, they should also familiarise themselves with the new rights provided to them under both the CSRD and CSDDD as suppliers and/or buyers of in-scope companies. Last but not least, companies should assess how to design proportionate systems that can adapt if the EU framework expands again, which could well be the case once the composition of the law makers (Council and Parliament) changes and/or there is less pressure to align with other jurisdictions that have eased/abandoned their ESG ambitions.

If you have questions or concerns about the new reporting laws, please contact Alexandra von Westernhagen.