Key Takeaways:

• On 16 December 2025, the European Parliament adopted the Omnibus Amending Directive, reshaping corporate sustainability reporting and due diligence requirements across the European Union.
• This Debevoise In Depth describes how the Omnibus Package has reshaped the scope, timing and substance of key reporting and due diligence obligations under the Corporate Sustainability Reporting Directive, the Corporate Sustainability Due Diligence Directive and the EU Taxonomy Regulation, including the key changes to the thresholds for EU and non-EU companies to be in scope.

---

On 16 December 2025, the European Parliament adopted the Omnibus Amending Directive (the “Amending Directive”), reshaping corporate sustainability reporting and due diligence requirements across the European Union (the “EU”).

The European Parliament’s vote ended a prolonged and contentious legislative process. The European Commission (the “Commission”) published its Omnibus simplification package (the “Omnibus Package”) in February 2025, with proposals to streamline EU rules, enhance the bloc’s competitiveness and free up investment capacity. During the subsequent legislative process, the European Union introduced interim measures to suspend certain sustainability obligations pending agreement on revised requirements, and the European Ombudsman concluded that the Commission’s decision to reopen elements of EU due diligence law without impact assessments, public consultation or climate analysis constituted maladministration.

This Debevoise In Depth provides an overview of how the Omnibus Package has reshaped the scope, timing and substance of key reporting and due diligence obligations. Specifically, it addresses the amendments to the Corporate Sustainability Reporting Directive (the “CSRD”), the Corporate Sustainability Due Diligence Directive (the “CSDDD”) and the EU Taxonomy Regulation.

Corporate Sustainability Reporting Directive Post-Omnibus

Scoping and Thresholds

• Thresholds for EU companies. Within the European Union, only companies that exceed both a net turnover of EUR 450 million and an average of more than 1,000 employees on their last balance sheet dates are in scope. The same thresholds apply to EU parent companies on a consolidated group basis.

• Thresholds for non-EU companies. Non-EU companies or groups are in scope if, at the group or individual level, they generate net turnover exceeding EUR 450 million in the European Union in each of the last two consecutive financial years and have an EU subsidiary or branch that exceeded net turnover of EUR 200 million in the preceding financial year. Once both these thresholds have been exceeded, the EU subsidiary or branch must publish a sustainability report at the group level of the non-EU parent company. The continued request by the industry to introduce an employee threshold did not make it in the final compromise.

  The change to the scoping test for non-EU companies or groups is significant. Unlike at present, scope will no longer depend on an EU subsidiary independently falling in scope of the CSRD. Instead, a non-EU group comes into scope based on the combination of its overall EU turnover and the turnover of its EU subsidiary or branch. No employee threshold applies to determine whether a non-EU company or group is in scope. This may bring into scope EU companies headed by non-EU groups that were previously out of scope.

• New exemptions for holding companies. “Financial holding companies”, which are companies that solely act as holding companies without being involved in the management of their subsidiaries, may elect not to include consolidated sustainability information in their consolidated management report where their subsidiary companies have business models and operations that are independent of one another. This exemption becomes relevant when a group reports on a consolidated basis at the group level, and the holding company is the parent of such a group. It applies only where the financial holding company does not involve itself, directly or indirectly, in the management of its subsidiary companies, without prejudice to its rights as a shareholder, including the right to appoint directors at subsidiaries. It does not apply where subsidiary companies are closely inter-connected through their business activities—for example, where the activities of one subsidiary enable or directly support the activities of another. This option does not affect the reporting obligations that may apply to other companies in the group, where a company in the group is in scope on a standalone basis. Similarly, where non-EU parent companies are financial holding companies whose subsidiaries have business models and operations that are independent from one another, their subsidiaries and branches may elect not to publish a sustainability report. We are considering the use by private fund sponsors of the financial holding company exemption in their holding structures.

• New exemptions for Wave 1 companies. Member States may exempt “Wave 1” companies, which are companies that were already in scope of the CSRD for FY2024, that do not exceed both a net turnover of EUR 450 million and an average of 1,000 employees from complying with CSRD requirements for financial years beginning in the period between 1 January 2025 and 31 December 2026. This exemption is not automatic and depends on national implementation.

Revised Reporting Rules

• Simplified reporting standards. The Commission will adopt a delegated act revising the first set of European Sustainability Reporting Standards (“ESRS”) as soon as possible, and at the latest six months after entry into force of the Amending Directive. The revision must substantially reform the standards by doing the following: (i) removing data points deemed least important for general purpose sustainability reporting; (ii) prioritising, to the extent possible, quantitative datapoints over narrative text; (iii) further distinguishing between mandatory and voluntary datapoints; (iv) providing clear instructions on how to apply the materiality principle; (v) improving consistency with other pieces of EU legislation, including financial services legislation; and (vi) taking account, to the greatest extent possible, of interoperability with global sustainability reporting standards. EFRAG, the EU financial and sustainability reporting advisory group, provided a draft of the revised reporting standards in early December 2025, reducing the number of data points by 61%.

• New set of voluntary standards for protected companies. Within four months after entry into force of the Amending Directive, the Commission will adopt a new set of voluntary reporting standards. Voluntary reporting standards are both a basic set of reporting standards for companies not in scope of the CSRD to adopt, if they wish, and a benchmark for the information that companies in the value chains of other companies in scope of the CSRD must supply to those other companies. Companies with an average of 1,000 or fewer employees during the financial year (“protected companies”) may decline to provide information exceeding that specified in the voluntary standards in response to requests made for sustainability reporting purposes. Reporting companies are prohibited from requiring protected companies to provide information exceeding the voluntary standards when establishing contractual arrangements for sustainability reporting purposes. Where a reporting company requests information exceeding the voluntary standards, it must inform protected companies which information exceeds the standards and of their statutory right to decline. Reporting companies that report value chain information without requesting information from protected companies beyond the voluntary standards are deemed to have complied with their value chain reporting obligations.

• No reporting standards for listed SMEs. The requirement for the Commission to adopt sustainability reporting standards for listed small and medium-sized enterprises (“SMEs”) is removed, as they are excluded from sustainability reporting requirements.

• Permitted reporting omissions. Companies may omit certain information from their sustainability reporting, subject to assurance, in exceptional cases where disclosure would be seriously prejudicial to their commercial position, provided that specific conditions are met. Companies may also omit information that are trade secrets, classified information or other information that must be protected from unauthorised access or disclosure under EU or national law, or to safeguard the privacy or security of natural or legal persons. When using these exemptions, companies must disclose the fact that the exemption has been used and reassess at each reporting date whether the information may still be omitted.

• Relief for group composition changes. Where the composition of a group changes during the financial year due to acquisitions or mergers, the parent company may decide not to include sustainability information on the newly acquired or merged companies in the consolidated management report for that financial year. Similarly, parent companies may decide not to include sustainability information on subsidiary companies that exit the group during the financial year. In such cases, the parent company must indicate any significant events with an effect on the group’s impacts, risks or opportunities related to sustainability matters.

• New value chain reporting transition period. For the first three years of being subject to sustainability reporting requirements, where not all necessary value chain information is available, companies must explain the efforts made to obtain such information, the reasons why it could not be obtained and their plans to obtain it in the future. After the three-year transition period, companies must meet value chain reporting requirements by using information directly obtained from companies in their value chain or, as appropriate, estimates.

Assurance Simplification

Limited assurance remains the required level of assurance for sustainability reporting in the European Union. The requirement for the Commission to adopt standards for the higher level of reasonable assurance is deleted. The deadline for the Commission to adopt limited assurance standards is postponed to 1 July 2027.

Implementation Tools

The Commission must establish a dedicated portal for information, guidance and support, including templates, on the mandatory and voluntary sustainability reporting frameworks. The portal will be connected with online support measures provided by Member States, where they exist. Additionally, the Commission must submit a report within 24 months after entry into force on technological solutions for sustainability reporting, including initiatives that enable companies to collect, process and exchange sustainability data in a secure, seamless and automated manner.

Corporate Sustainability Due Diligence Directive Post-Omnibus

New Thresholds

The CSDDD will now apply only to companies with more than 5,000 employees and net worldwide turnover of at least EUR 1.5 billion. For non-EU companies, the threshold is EUR 1.5 billion in net turnover generated in the European Union in the financial year preceding the last financial year. For companies operating through franchising or licensing agreements, the royalty threshold is raised to EUR 75 million and the net worldwide turnover threshold is raised to EUR 275 million.

Revised Due Diligence Requirements

• Identifying and assessing actual and potential adverse impacts. Companies continue to be required to take appropriate measures to identify and assess actual and potential adverse impacts from their own operations, their subsidiaries and their business partners. In place of the previous broad obligation to identify and assess all such adverse impacts, companies must instead carry out a scoping exercise based “solely on reasonably available information” to identify general areas—across their own operations, those of their subsidiaries and, where related to their chains of activities, those of their business partners—where adverse impacts are most likely to occur and to be most severe. Then, based on the results of the scoping, companies will carry out an in-depth assessment in the areas where adverse impacts were identified to be most likely to occur and to be most severe. For the assessment, companies may take into account factors such as whether the business partner is a company covered by the CSDDD or comparable legislation. Companies may request information from business partners only where necessary and, in the case of business partners with fewer than 5,000 employees, only when the information cannot reasonably be obtained by other means. Where adverse impacts are identified as equally likely or equally severe in several areas, companies may prioritise assessing areas that involve direct business partners. Companies are entitled to make use of appropriate resources, including independent reports, digital solutions, industry and multi-stakeholder initiatives and information gathered through notification mechanisms and complaints procedures.

• Transition plans. One of the most contentious elements of the original CSDDD was the requirement for companies to adopt and put into effect a climate transition plan, with commentators pointing out that, whilst governments may require companies to adopt a credible transition plan, it is doubtful whether they can require companies to implement it, given the business judgement required and the impact of factors such as a change in business strategy or negative financial performance. The provisions requiring companies to adopt and implement a transition plan for climate change mitigation have been repealed. Companies remaining in scope of the CSRD must still report publicly on their climate transition plan, if any.

• Stakeholder engagement. As part of the process of identifying and addressing adverse impacts, companies under the CSDDD are required to consult with stakeholders. Under the new CSDDD, companies are required to engage with stakeholders only at certain stages of the due diligence process: during the identification of adverse impacts, the development of action plans and the design of remediation measures. The term “stakeholder” is narrowly defined and does not include national human rights institutions, environmental institutions or civil society organisations. Stakeholders are individuals or communities whose rights or interests are or could be directly affected by the products, services or operations of the company, its subsidiaries or its business partners and that have a link to the specific stage of the due diligence process being carried out.

• Reduced frequency of monitoring assessments. Companies are required to carry out periodic assessments to monitor the effectiveness of their due diligence processes at least every five years or after a significant change occurs, instead of on an annual basis.

No Obligation to Terminate Business Relationships as a Last Resort

Where a company cannot prevent or mitigate potential or actual adverse impacts at a business partner, the prior requirement to terminate the business relationship as a last resort has been removed.

The steps that a company should take in this situation until the impact is addressed are as follows: First, the company must refrain from entering into new or extending existing relations with the business partner concerned. Second, where entitled under applicable law, the company must suspend the business relationship with respect to the activities concerned. Prior to suspending a business relationship, companies must assess whether the adverse impacts resulting from suspension would be manifestly more severe than the impact that has not been addressed. If so, the company is not required to suspend the relationship and may report the duly justified reasons to the supervisory authority. Where suspension occurs, companies must take steps to prevent, mitigate or bring to an end the impacts of the suspension, provide reasonable notice and keep the decision under review. Third, the company must adopt and implement an enhanced action plan, provided that there is a reasonable expectation that those efforts will succeed. As long as there is a reasonable expectation that the enhanced action plan will succeed, the mere fact of continuing to engage with the business partner will not expose the company to penalties or liability.

Liability

• Civil liability framework. The Amending Directive removes the previous EU-level harmonised civil liability regime that would have enabled victims of adverse impacts, or organisations on their behalf, to bring a claim against a company. As a result, any recourse against a company will be governed by existing national law in the Member States. Nevertheless, Member States must ensure that persons harmed by a company’s failure to comply with its due diligence obligations under the CSDDD have a right to full compensation under national law. Such compensation must not lead to overcompensation, including through punitive, multiple or similar forms of damages.

• Access to justice and procedural safeguards. The Amending Directive does not affect the obligation of Member States under the CSDDD to ensure effective access to justice, including by providing fair and sufficiently long limitation periods (at least five years), affordable proceedings, access to injunctive relief, and proportionate court-ordered disclosure of evidence, including confidential information subject to appropriate safeguards. Participation in industry or multi-stakeholder initiatives, the use of independent third-party verification, or reliance on contractual clauses to support due diligence does not preclude companies from being held liable under national law.

• Penalties. Member States must ensure that the maximum limit of pecuniary penalties is set at 3% of the net worldwide turnover of the company or, in the case of ultimate parent companies, 3% of the net consolidated worldwide turnover calculated at the decision to impose the fine.

• No penalty for prioritisation. Where prioritisation decisions are made in accordance with the Directive’s requirements, the mere fact of not having addressed a less significant adverse impact will not expose the company to penalties.

Harmonisation

The new rules reinforce full harmonisation by prohibiting Member States from introducing national due diligence requirements that diverge from the Directive’s core obligations. Full harmonisation is extended to key aspects of the due diligence process, including impact identification and prioritisation, measures to address adverse impacts, complaints and notification mechanisms, monitoring and reporting, with the aim of avoiding regulatory fragmentation and legal uncertainty. While Member States may still adopt more stringent or additional rules, this flexibility is limited to targeted and specific measures (for example, addressing particular impacts, products, services, sectors or situations) and does not allow broad national rules regulating due diligence processes generally or across entire sectors.

Guidelines and Support

The Commission’s general due diligence guidelines must be made available by 26 July 2027, providing companies with sufficient time to consider practical guidance and best practices when implementing due diligence measures. The Commission must also adopt guidance on voluntary model contractual clauses by 26 July 2027 to support companies in meeting their contractual assurance requirements.

Supervision

Each Member State must designate one or more supervisory authorities to supervise compliance with the CSDDD and inform the Commission of the names and contact details of designated supervisory authorities by 26 July 2028. Supervisory authorities must have adequate powers and resources to carry out their tasks, including the power to require companies to provide information and to conduct investigations related to compliance.

EU Taxonomy Post-Omnibus

Currently, all companies in scope of the CSRD must report on the Taxonomy eligibility and alignment of their activities. Following the Omnibus I package, on 4 July 2025 the Commission adopted a Delegated Act amending the Taxonomy Disclosures, Climate and Environmental Delegated Acts. The Delegated Act was submitted to the European Parliament and the European Council (the “Council”) for scrutiny, which was originally due in November 2025 with a possible extension of an additional two months.

• Targeted exemptions for non-financial companies. Non-financial companies will no longer be required to assess Taxonomy eligibility or alignment for economic activities that are not financially material to their business. Activities are considered nonmaterial when they represent less than 10% of the company’s revenue, CapEx, or OpEx. In addition, non-financial companies are fully exempt from Taxonomy alignment assessments for their operational expenditure where OpEx is deemed nonmaterial to the business model.

• Simplifications for financial institutions. The calculation and reporting of key performance indicators—such as the Green Asset Ratio for banks—are simplified. Furthermore, financial companies have the option not to report detailed Taxonomy KPIs for a two-year period, easing the transition into the simplified regime.

• Streamlined reporting templates. The Delegated Act introduces a substantial reduction in required data points. The reporting fields for non-financial companies are reduced by 64%, while those for financial companies are reduced by 89%.

• Simplified “Do No Significant Harm” (“DNSH”) criteria. The Commission has also simplified certain DNSH criteria, particularly those relating to pollution prevention and control in connection with the use and presence of chemicals. This aims to remove unnecessary complexity while maintaining the environmental integrity of the Taxonomy framework.

Next Steps

Relevant Timelines

• The Amending Directive’s entry into force. The final text of the Amending Directive will be formally approved by the Council and will enter into force 20 days after its publication in the Official Journal of the European Union.

• Transposition and application of the amended CSRD. Member States must transpose the amended corporate sustainability reporting rules within 12 months of the Amending Directive’s entry into force. Wave 1 companies remain within the scope of the CSRD for financial years between 1 January 2024 and 31 December 2026 inclusive; however, as noted above, Member States may exempt these companies from reporting where they would fall outside the revised CSRD scope. EU companies and EU parent companies of groups meeting the revised thresholds will be subject to the CSRD for financial years starting on or after 1 January 2027. As under the current regime, Member States must also apply the measures necessary to ensure compliance by non-EU companies, with reporting obligations applying for financial years starting on or after 1 January 2028.

• Transposition and application of the amended CSDDD. Member States must adopt and publish laws, regulations and administrative provisions necessary to comply with the amended CSDDD by 26 July 2028. Member States must apply the amended CSDDD from 26 July 2029, except for the obligation to publish annual reports, which will apply to financial years starting on or after 1 January 2030.

Review

• Review of the amended CSRD. The amended CSRD requires the Commission to review its implementation and report to the European Parliament and the Council. The review will assess the achievement of the Directive’s objectives, including the convergence of reporting practices across Member States, the uptake of voluntary sustainability reporting standards, the implementation and enforcement of reporting requirements for subsidiaries and branches of third-country undertakings and the accessibility of sustainability reports for persons with disabilities. These elements will be reported by 30 April 2029 and every three years thereafter, and may be accompanied by legislative proposals. A separate review will assess whether and how the scope of the amended CSRD should be extended, including to certain large EU undertakings below the revised thresholds and to third-country undertakings operating directly on the EU internal market, with a report due by 30 April 2031 and every three years thereafter, if appropriate, accompanied by legislative proposals.

• Review of the amended CSDDD. By 26 July 2031 and every five years thereafter, the Commission must submit a report to the European Parliament and the Council on the implementation and effectiveness of the CSDDD. The first report must assess the following: (i) the impact of the CSDDD on SMEs and the effectiveness of related support measures; (ii) the scope of the CSDDD (including the companies covered); (iii) the definition of the term “chain of activities”; (iv) whether the Annex to the CSDDD should be expanded to cover additional adverse impacts such as governance; (v) the effectiveness of enforcement mechanisms and their protection of rights holders under national law; and (vi) whether changes to the level of harmonisation are needed to ensure a level playing field and prevent circumvention. This review may be accompanied by legislative proposals to keep the CSDDD effective and aligned with its objectives over time.

Next Steps for Companies

Companies should begin preparing for compliance with the amended CSRD and CSDDD by doing the following:

• recalibrating their CSRD scoping analyses in light of the amended thresholds and exemptions;

• reassessing their due diligence systems to align with the narrowed scope and prioritisation framework under the CSDDD, with particular focus on direct business partners;

• redesigning their sustainability reporting processes to align with the streamlined ESRS and voluntary standards framework;

• adjusting implementation schedules to reflect the amended compliance deadlines and transposition timelines; and

• monitoring the regulatory landscape, including national transposition measures, Commission guidelines and potential divergences in Member State implementation.

 

This publication is for general information purposes only. It is not intended to provide, nor is it to be used as, a substitute for legal advice. In some jurisdictions it may be considered attorney advertising.