CSDDD in Procurement, a 2025 Action Plan for RFPs, Contracts, and Supplier Onboarding

The Corporate Sustainability Due Diligence Directive (CSDDD) is no longer an abstract piece of legislation in Brussels. It entered into force in July 2024, and procurement leaders across Europe are now racing to translate it into daily practice. For companies that source or sell into the EU, this shift is significant. The law applies to very large EU companies and to non-EU companies with substantial turnover in the Union, which includes many US exporters with European customers.

Executive Summary

The Corporate Sustainability Due Diligence Directive (CSDDD), which entered into force in July 2024, is reshaping procurement across Europe and beyond. The law requires large EU companies and non-EU companies with significant Union turnover to identify, prevent, and remediate human rights and environmental harms across their operations and supply chains. With civil liability and active supervisory enforcement, procurement leaders must now translate policy into concrete steps within RFPs, contracts, and supplier onboarding.

For 2025, the priorities are clear: confirm scope and exposure, embed verifiable due diligence questions in RFPs, adopt recognized model clauses, and test supplier capability during onboarding. Enforcement bodies such as Germany’s BAFA and Norway’s Consumer Authority are already signaling strict expectations, making evidence trails essential. US exporters, while not always directly in scope, should prepare for EU buyers to demand tighter due diligence assurances, climate transition plans, and corrective action tracking. Procurement teams that act now will reduce negotiation friction, meet buyer expectations, and stay ahead of supervisory scrutiny.

Implications

The obligations are broad. Covered companies must identify, prevent, and end adverse human rights and environmental impacts across both their operations and their value chains. Importantly, the Directive introduces civil liability and supervisory enforcement, meaning this is not just a compliance box to check but a material risk. The European Commission confirmed the thresholds and scope in its official summary, which also highlights the entry into force date of July 2024.

The path to adoption was politically charged. After lengthy negotiations, the European Parliament’s April 2024 vote and subsequent Council approvals finalized a compromise that raised the thresholds for company coverage. Reuters reported on the contentious process as well, reporting on how closely this law was debated and how much it will reshape procurement expectations.

For procurement teams, the challenge is now practical: how to embed CSDDD requirements into RFPs, contract playbooks, and supplier onboarding in 2025. The following sections outline priority steps for buyers and suppliers navigating this new reality.

Start with legal scope, then map exposure in RFPs

The first step is confirming whether your company, or your EU customers, fall within scope. Even if you are not directly covered, your commercial exposure rises if your customer is, because their due diligence duty extends across their value chain.

This translates quickly into procurement documentation. RFPs should include questions that help uncover where inputs originate, what grievance mechanisms exist, and how incidents are remediated. The goal is not vague assurances but tangible, verifiable evidence. That means requiring public policies, proof of worker voice channels, and summaries of past audits rather than aspirational promises.

For US exporters, this means preparing for RFPs that demand supply chain mapping and concrete examples of corrective action, particularly in higher-risk categories such as apparel, electronics, or agricultural commodities.

Use defensible model clauses instead of reinventing terms

Once exposure is clear, procurement teams must update contract templates. Clauses should set out cooperation duties, information rights, and escalation paths in plain language. Drafting these from scratch is inefficient and can create inconsistencies.

For buyers, adopting defensible clauses also reduces friction during supplier negotiations. If a counterparty challenges a requirement, pointing to recognized European Model Clauses (EMCs) strengthens the case that the clause is reasonable and proportionate.

Anchor supplier onboarding in real oversight

Contractual commitments only matter if they are operationalized. Onboarding is the critical moment to test whether suppliers can back up their policies with practice. Too often, companies defer this to later audits, but CSDDD’s enforcement model demands earlier proof.

Apple’s 2024 supply chain report provides a useful example. It describes how Apple assesses suppliers against its published Code and Standards, conducts training, and runs corrective action programs. Audits identify risks and track improvements across labor and environmental topics. While Apple’s scale is unique, the elements are transferable. Companies of all sizes can require training completion evidence, worker engagement summaries, and proof of corrective action tracking as part of onboarding, before the first delivery.

Embedding these tests early sends a clear message: supplier compliance is not optional, and remediation starts before commercial volume builds up.

Treat enforcement as a procurement risk, not just a legal one

One of the most overlooked aspects of CSDDD is enforcement. Supervisory authorities in Europe already have investigative powers under related laws, and they are not shy about using them.

Germany’s Federal Office for Economic Affairs and Export Control (BAFA), which enforces the German Supply Chain Act, can investigate, order corrective measures, levy fines, and even exclude companies from public procurement. Norway’s Consumer Authority demonstrated similar resolve under its Transparency Act, issuing the first penalty in 2024 for failing to respond to information requests. The International Bar Association reported that the case signals clear process expectations for due diligence and disclosure.

For procurement teams, this means maintaining a clear evidence trail that shows reasonable steps have been taken. Documented risk screening, grievance handling, and remediation plans are not only defensive tools in case of investigation—they are becoming prerequisites for continued eligibility in procurement markets.

Why US exporters should prepare now

Even if US exporters are not directly covered by CSDDD yet, EU buyers will tighten requirements throughout 2025. Companies can expect requests for supply chain mapping in high-risk categories, demands for grievance channels, and a growing insistence on monitoring corrective actions.

Experience shows that supplier engagement often fails without a structured remediation ladder in contracts. Linking milestones to purchase orders ensures both urgency and accountability. Without this, suppliers may treat corrective actions as optional.

For US exporters, the strategic implication is clear: anticipate these asks and prepare your procurement documentation accordingly. Doing so will not only reduce friction in sales negotiations but also strengthen credibility with European customers who must prove their own compliance.

A targeted reset for procurement teams

Many companies are realizing that their procurement documentation is not yet fit for the new environment. If your team needs a focused reset, start by reviewing RFP templates, updating contract clauses with EMCs, and embedding testable onboarding workflows. A targeted upgrade within existing systems is often enough to meet buyer expectations without the disruption of a full process overhaul.

Teams that act now will be in a stronger position when customer audits and supervisory reviews become routine in the years ahead.

A 2025 Playbook Procurement Teams Can Put Into Action

The next step is moving from policy intent to day-to-day mechanics that can withstand both supplier pushback and regulatory scrutiny. Procurement leaders need concrete structures that align with buyer expectations, streamline negotiations, and produce auditable results. The following priorities set out how to do this in practice.

Build a supplier risk lens that drives RFP and contract depth

CSDDD follows the principle of proportionality, and procurement can do the same. Companies should tier suppliers by inherent risk and then match the depth of RFP questions and contract clauses to that risk tier.

The OECD’s Due Diligence Guidance for Responsible Business Conduct explains that risk-based due diligence should scale with severity and likelihood. This framework gives companies a defensible rationale for differentiated treatment (OECD).

In practice, a high-risk supplier may be required to trace inputs back to the smelter or farm gate, provide accessible grievance channels, and share evidence of corrective actions. A low-risk supplier, by contrast, might only need to provide attestations and basic disclosures. This structure speeds up negotiation because both sides can see why requirements differ.

Translate climate expectations into supplier transition plans

The Directive also integrates climate. Article 22 requires covered companies to adopt a climate transition plan and to make best efforts to align business models with the Paris Agreement’s 1.5°C goal. This has direct implications for suppliers, particularly in carbon-intensive sectors.

A practical way to address this is by adding climate-related expectations to contract schedules. Buyers can require suppliers in high-emission categories to disclose Scope 1 and Scope 2 targets, explain how they will measure progress, and share annual updates. This aligns supplier commitments with buyer transition plans and builds an evidence base that can withstand scrutiny.

By embedding these requirements, procurement not only supports corporate climate goals but also signals to suppliers that carbon management is now a contractual expectation, not a voluntary initiative.

Operationalize onboarding with testable controls

Onboarding is the right moment to test whether suppliers can demonstrate capability. Passing a checklist on paper is no longer enough. Instead, procurement should embed short tests that require suppliers to show functioning systems before approval.

Scaled appropriately, procurement teams can require proof of training completion, summaries of worker interviews, and closure evidence for any findings—all before approving a supplier for full production.

Design an evidence trail that supervisors recognize

Supervisors in Europe expect not only outcomes but also process discipline. For procurement teams, the implication is straightforward: maintain an audit-ready record at every step. This means storing risk screens, supplier communications, remediation plans, and sign-offs for each decision. A well-organized evidence trail can make the difference between supervisory confidence and regulatory action.

Put model clauses to work, then localize

The most efficient way to build defensible contracts is to start with a recognized clause bank. The Responsible Contracting European Model Clauses (EMCs), expected to be finalized in 2025, are designed to align with CSDDD and provide a shared reference point across industries.

By adopting EMCs as a baseline, procurement teams save time and strengthen their negotiating position. Local legal teams can then add country-specific provisions where national transpositions of the Directive are stricter, such as in France or Germany. This layered approach balances standardization with compliance.

Close the loop between RFP promises and contract performance

One of the recurring failures in supply chain oversight is the gap between what suppliers commit to in RFPs and what actually happens in practice. Procurement leaders can close this gap by tying commitments to measurable performance.

An effective method is to design a remediation ladder linked to purchase orders. This ladder should start with corrective action, escalate to targeted support, and ultimately allow for commercial consequences if improvements stall.

For suppliers, this creates clarity about expectations and consequences. For buyers, it creates an auditable system that ties procurement to results.

Why this matters for US exporters

European buyers are already adjusting procurement practices during the transposition period that follows the Directive’s entry into force on 25 July 2024.

For US exporters, this means buyers will demand traceability information, accessible complaint mechanisms, and detailed remediation tracking. Contracts will require cooperation and disclosure, and high-risk categories will face more frequent verification. The fastest way to prepare is to pick three priority categories, benchmark them against EMCs and onboarding tests, and resolve red flags before customer audits begin.

A short checklist for the next quarter

To translate strategy into action, procurement teams can use the following near-term checklist:

• Confirm scope and map buyer exposure, using Commission thresholds and definitions as anchors.

• Tier suppliers by inherent risk, and align RFP depth and contract strength accordingly.

• Require climate transition plans and progress measurement for carbon-intensive categories.

• Pilot onboarding tests with two high-risk suppliers and capture training, worker voice, and corrective action evidence.

• Store a clean record of risk screens, decisions, communications, and remediation outcomes, ready for supervisor review.

Closing thought

CSDDD turns due diligence into a daily procurement discipline. Teams that succeed will be those that translate the Directive into clear questions, precise clauses, and repeatable onboarding tests. Those who prepare in 2025 will be better positioned when supervisory oversight becomes routine. For companies that want a practical outside review, a short sprint to stress-test RFPs, clause banks, and onboarding workflows can deliver targeted fixes without major disruption.

Written by: Gasilov Group Editorial Team

Reviewed by: Seyfi Gasilov, Partner – Corporate Strategy & Legal Compliance

Meet Our Team →

Frequently Asked Questions

1. What is the current CSDDD timeline and who is directly in scope in 2025?

The Directive entered into force on 25 July 2024. Member States are now in the transposition phase, with phased application starting in 2027 for the largest companies. The final law covers companies with more than 1,000 employees and global turnover above 450 million euros, including certain non-EU companies with significant turnover in the Union. The European Commission provides the official thresholds in its summary, and Reuters reported on the April 2024 Parliament vote that set the final compromise.

2. How should US exporters prepare if they sell to EU customers that fall under CSDDD?

US exporters should assume EU buyers will request stronger due diligence assurances throughout 2025 and 2026. The most effective preparation involves three moves: risk tiering that drives the depth of RFPs, contract schedules that require grievance channels and corrective action tracking, and onboarding tests that prove capability before shipment. The OECD due diligence guidance supports this risk-based approach, scaling controls to the severity and likelihood of harm.

3. What model clauses or templates exist that map to CSDDD expectations?

The Responsible Contracting European Model Clauses are the leading public reference. A zero draft has already been published, and EMCs 1.0 are expected in 2025. Procurement and legal teams can use the draft as a benchmark and then localize clauses during national transposition to reflect country-specific requirements.

4. How are European supervisors approaching enforcement under related laws, and what evidence should procurement keep?

Supervisors already apply investigative powers under adjacent laws. Germany’s BAFA sets out cooperation duties and inspection procedures under the German Supply Chain Act. Norway’s Consumer Authority issued the first penalty under the Transparency Act in September 2024 for failure to respond to information requests, although the fine was later revoked on appeal in March 2025, showing that process discipline and the right of appeal both matter. Procurement teams should therefore maintain a full record of risk screens, supplier communications, remediation plans, and sign-offs for key decisions.

5. What does CSDDD say about climate transition planning and what should appear in supplier schedules?

Article 22 requires covered companies to adopt a climate transition plan aligned with the Paris Agreement. Procurement can translate this into supplier schedules that request Scope 1 and Scope 2 targets for carbon-intensive categories, as well as annual progress measurement. Internal guidance should reference the Directive’s official text and reliable legal analyses.