Due diligence and human rights in the EU: a regulatory puzzle

Sustainability and Corporate Due Diligence

With the adoption of Omnibus I in February 2026, the European Union’s (EU) regulatory framework regarding human rights due diligence obligations is becoming somewhat clearer, though it remains complex.

The Corporate Sustainability Due Diligence Directive (CS3D) is the horizontal and general standard that establishes the obligation to exercise human rights and environmental due diligence. The amended directive has substantially reduced the number of companies that are subject to its scope and has postponed its application to July, 2029. However, there are other European regulations also containing human rights due diligence obligations but that differ in terms of application thresholds, the definition of the required standard of conduct, and application date. In this post, we summarize the regulatory puzzle regarding business and human rights.

Access the previous publications in this series of posts:

• Post | The CS3D in Perspective
• Post | Who does the CS3D affect?
• Post | Legal interests protected by the CS3D
• Post | Risk-based approach
• Post | The Shell case and its potential implications for corporate due diligence
• Post | Obligation to end and remediate adverse impacts
• Post | Due diligence in the chain of activities: a contractual perspective 
• Post | Omnibus I and impact on CS3D
• Post | Omnibus I Proposal and corporate due diligence: an update
• Post | Key Spanish judgment on environment and human rights
• Post | New CS3D: risk-based approach

CS3D as horizontal standard of corporate due diligence

The CS3D establishes a horizontal corporate due diligence obligation regarding human rights and the environment. This is applicable to all companies that reach the revised thresholds—5,000 employees and a turnover of €1.5 billion—regardless of their sector of activity. The directive establishes a standard of conduct generally aligned with the United Nations Guiding Principles, using a risk-based approach to operations across the chain of activities, extending without limit upstream and, in transport, logistics and storage, downstream.

The level of regulation under the CS3D is substantial including, among other questions, consultations with stakeholders; measures to implement the duties to identify, prevent and mitigate adverse impacts with specific conditions applicable to the supply chain and business partners; remediation duties; and systems for regulatory oversight, enforcement, and access to legal protection.

This general regulation is established without prejudice to other European human rights regulations. The CS3D acts as a general act, superseded by special laws that establish obligations with the same objectives but are "broader and more specific" (article 1.3 CS3D).

The CS3D coexists with other regulations that include corporate human rights due diligence obligations. These regulations are specific to certain sectors of activity, raw materials, specific human rights or products, and they can be applied to companies subject to the CS3D and to those out of its scope of application. Some of these regulations refer to the CS3D, while others establish a stricter standard of conduct, subject to different requirements, or are less developed and make no reference to elements that are regulated in the CS3D.

The CS3D also coexists with disclosure of information regulations on sustainability-related risks and impacts—including human rights—that involve an obligation to govern these risks and impacts in line with due diligence standards.

Below we summarize this regulatory framework.

Due diligence sectoral regulations

Together with the Conflict Minerals Regulation (2017/821), in this category, two regulations governing the import and marketing of products in the EU market stand out.

• The Deforestation Regulation (2023/1115)—replacing the Timber Regulation (995/2010)—establishes a due diligence obligation in the supply chains of producers that introduce seven raw materials and their derivatives (soy, cattle, palm oil, rubber, wood, cocoa and coffee) on the European market, due to the impact on forest degradation and human rights. It includes specific due diligence requirements, including geographical traceability and geolocation of production sites. Its application starts on December 30, 2026 (June 30, 2027 for small companies). Non-compliance will result in sanctions, marketing bans and product confiscations.
• The Forced Labor Regulation (2024/3015) bans the import to and export from the EU market of products made with forced labor at any stage of the supply chain. It does not establish a defined due diligence obligation, but rather encourages companies facing these risks to implement due diligence systems that enable them to demonstrate to the competent authorities that they identify, prevent, mitigate and remove the risk of forced labor in their operations and in the supply chain, in line with international due diligence standards and the CS3D.  It will apply to any product and company—regardless of size and sector—from December 14, 2027. Non-compliance will result in marketing bans, product confiscations and sanctions, among other consequences.

Non-specific due diligence regulations that include due diligence obligations

This category covers regulations generally setting the requirements for specific products and services, and that contain provisions establishing human rights due diligence obligations.

• The Battery Regulation (2023/1542) focuses on sustainability, security, labeling, and information requirements of batteries and waste batteries. Chapter VIII establishes a due diligence obligation with a risk-based approach for producers that introduce batteries on the EU market, who must identify, prevent and address environmental and human rights impacts of specific raw materials (cobalt, graphite, lithium and nickel) on supply chains. Due diligence is defined by reference to international standards and the CS3D, and includes human rights and environmental aspects, as well as the verification requirement by third parties. It applies to companies that exceed certain thresholds. The obligation starts in August 2027. Non-compliance will result in sanctions and marketing bans.
• The Digital Services Regulation (2022/2065) aims to create a more secure, predictable and reliable digital space, establishing a set of obligations for different types and levels of service providers. While it does not establish a human rights due diligence framework, it does contain obligations of varying degrees of intensity regarding the identification and mitigation of particular and systemic risks to users’ fundamental rights, like the right to privacy, freedom of expression and information, non-discrimination and the rights of vulnerable users.  Its application started in August 2024. Non-compliance results in sanctions and service suspensions.
• The Artificial Intelligence Regulation (2024/1689) establishes common rules for the introduction and use of artificial intelligence systems on the European market. It contains due diligence obligations on the protection and respect of fundamental rights, with a risk-based approach that differentiates obligations based on their categorization.  Its application gradually started in February 2025. Non-compliance results in sanctions.
• In this category, the recently revised Regulation on dual-use items and technology (2021/821) is significant in the current context of conflict because it establishes export and transfer controls, and specific risk management provisions related to human rights and humanitarian law for items used for military and civil purposes.  

Interaction with disclosure of information regulations

The CS3D also interacts with regulations that establish sustainability information reporting obligations—both general and specific to the finance sector—that draw on information from companies and the activities they finance.

• The Corporate Sustainability Reporting Directive (CSRD) and the European Sustainability Reporting Standards require the disclosure of information regarding due diligence processes implemented to manage the material impacts on human rights and they contain specific references to international business and human rights due diligence standards.
• Article 18 of the Taxonomy Regulation (2020/852, currently under review) establishes "minimum social safeguards" as a condition for qualifying as a sustainable investment, requiring that these investments be aligned with international human rights due diligence standards.
• The Sustainable Finance Disclosure Regulation (2019/2088, also under review) establishes disclosure requirements for financial products with sustainability characteristics and includes information on human rights.

Reflection

This regulatory puzzle requires a complete understanding of the different due diligence regulations and careful analysis to determine how they interact with others to:

• know which regulations apply in each case, since a company may not be subject to the general regulation, but rather to a sector-specific regulation applicable to all or part of its activity, or it may be subject to different regulations with varying provisions that take effect at different times;
• assess whether it makes sense to have separate due diligence systems or systems that apply to only part of the business activity;
• evaluate how different regulations interact beyond the automatic superseding of general law by special law, particularly when the latter omits relevant elements or conditions of the due diligence standard regarding business and human rights; and
• prevent and appropriately manage the risk of sanctions and private litigation.  

For more information, please contact our specialists through the Knowledge and Innovation Area.