Get Transparency in the Supply Chain to Comply with Sustainability Regulations – Part 1: What’s Needed?

The EU has set itself the goal of becoming climate-neutral by 2050. Various laws and directives, notably the Corporate Sustainability Due Diligence Directive (CSDDD), the Regulation on Deforestation-free Products (EUDR) and the Corporate Sustainability Reporting Directive (CSRD) translate the political ambition into legal obligations while also providing incentives to companies to move operations in a positive direction.

What does CSRD entail?

CSRD already came into effect in January 2025, requiring large EU-based companies, and non-EU companies with significant operations in the EU, to begin disclosure based on 2024 data. Your company is considered “large” if it meets two of the following three criteria: a balance sheet total exceeding €25 million; net sales exceeding €50 million; or more than 250 employees on average over the financial year. So, a low threshold.

Many companies may have already been reporting based on the Non-Financial Reporting Directive (NRFD), which CSRD replaces, or else on a voluntary basis. NFRD left gaps in capturing the full scope of corporate sustainability impacts, and the CSRD addresses these shortcomings. This reflects the EU’s commitment not only to achieving its ambitious climate and sustainability goals, but also to hold sustainability reporting to the same standards as financial reporting. To this end CSRD:

• Establishes a unified framework across the EU for consistent and comparable sustainability reporting
• Mandates detailed and transparent environmental, social, and governance (ESG) disclosures, helping stakeholders accurately assess a company’s sustainability efforts
• Encourages companies to integrate ESG considerations into their core strategies, aligning with the EU’s ambitious climate targets. This promotes long-term economic resilience, while also supporting sustainable growth

The CSRD’s double materiality framework requires companies to assess both impact materiality and financial materiality when determining their sustainability disclosures.

• Impact Materiality involves assessing how their operations affect people and the environment. This assessment captures both positive and negative impacts—such as emissions, resource use, and social effects—throughout the value chain. Stakeholder engagement is crucial to ensure a balanced view, involving internal and external insights.
• Financial Materiality involves assessing how sustainability risks, such as climate impacts or regulatory changes, could financially affect the company’s performance, cash flow, or reputation. Factors include dependencies on resources, regulatory compliance, and potential financial impacts of environmental or social issues.

Company reports must make use of digital tools that align with CSRD’s digital taxonomy for streamlined, accurate reporting. The overarching framework for reporting, the European Sustainability Reporting Standard (ESRS), covers a variety of topics under the headings Environment, Social and Governance:

• Environment: Climate Change (E1), Pollution (E2), Water (E3), Biodiversity (E4), and Circular Economy (E5).
• Social: Own Employees (S1), Employees in the Value Chain (S2), Affected Communities (S3), and Consumers & End Users (S4).
• Governance: Business Conduct (G1).
  

What is procurement’s role in CSRD?

Overall responsibility for CSRD will in most cases falls under a dedicated function with a name such as Sustainability, Corporate Social Responsibility or ESG. However, since CSRD topics cover not just internal company operations but the entire value chain, procurement will play a major role in data gathering, acting and reporting on it. Procurement will be responsible for double materiality analysis and strategy on CO₂ reduction and will be responsible and accountable across all other requirements. These include drawing up policies, actions, targets, anticipated financial effects, metrics and risk assessment. (See Figure 1)

What does EUDR entail?

EUDR first comes into force on 30 December 2025 for large and medium companies and on 30 June 2026 for micro and small enterprises, requiring companies to demonstrate deforestation-free sourcing for their products. The aims include reversing biodiversity loss through forest degradation within and beyond the EU and reducing CO₂ emissions caused by EU consumption and production by at least 32 million metric tonnes a year. Under EUDR, any operator or trader that places commodities on the EU market, or exports from it, must demonstrate that the products are deforestation-free; have been produced in compliance with the relevant legislation of the country of production; and are covered by a due diligence statement.

The products covered by EUDR include agricultural commodities such as coffee, cocoa and chocolate, palm oil, soy, rubber, cattle and beef, and wood.

What is procurement’s role in EUDR?

Direct procurement in certain industries such as manufacturing and construction will play a central role in EUDR because it is focused on sourcing and purchasing the commodities identified above for production. Procurement must therefore provide origin analysis and documentation for all these commodities. (See Figure 2)

This begins with comprehensive risk analysis, consisting of data collection (are any of my inbound or outbound products covered by EURD?) then risk assessment (if they are, is the risk high, normal or low, e.g., is the country of origin a high risk country, or does the supplier lack the appropriate certification?) and then due diligence reporting (if the risk is negligible) or risk mitigation (if the risk is serious). The risk criteria are set out in Article 10 of EUDR and mainly relate to deforestation, the presence of indigenous people and compliance with local laws. The EU Commission plans to set out country benchmarking for EUDR.

Penalties and fines for non-compliance with EUDR are severe and include confiscation of the non-compliant commodities being imported.

What does CSDDD entail?

CSDDD will be phased in for large EU and non-EU based companies, commencing 2027. The aim of this Directive is to foster sustainable and responsible corporate behaviour in companies’ operations and across their global value chains. The new rules will ensure that companies in scope identify and address adverse human rights and environmental impacts of their actions inside and outside Europe. Like the German Supply Chain Due Diligence Act that preceded it, CSDDD establishes a corporate due diligence duty. The core elements of this duty are identifying and addressing potential and actual adverse human rights and environmental impacts in the company’s own operations, their subsidiaries and, where related to their value chain, those of their business partners. In addition, the Directive sets out an obligation for large companies to adopt and put into effect, through best efforts, a transition plan for climate change mitigation aligned with the 2050 climate neutrality objective of the Paris Agreement as well as intermediate targets under the European Climate Law.

In brief, CSDDD means that companies can no longer ignore the civil rights situation in their supply chains. It covers a broad range of risks under two headings, human rights and the environment. Human rights issues covered include personal freedom, security and freedom of thought; health and safety; just and favourable working conditions (pay, working hours etc.); child and forced labour, modern slavery and human trafficking; freedom of association and collective bargaining; discrimination and equal opportunities; and indigenous rights and land displacement.

Environmental issues covered include climate change; loss of biodiversity; air, water and soil pollution; deterioration of the ecosystem; deforestation; excessive consumption of resources; waste, hazardous waste and waste from shipping; mercury; persistent organic pollutants; protection of flora & fauna and wetlands; damage to the ozone layer; and protection of natural and cultural heritage.

It is thus an extensive list of risks over which procurement, as guardians of the extended supply chain, must exercise due diligence. This cannot be done passively. CSDDD requires companies to draw up a climate action plan to demonstrate that their business model and strategy are compliant with the Paris Climate Agreement. Companies must take a risk-based approach, identifying potential negative ESG impacts, establish a complaints procedure and publish reports on an annual basis.

What is procurement’s role in CSDDD?

As with EUDR, companies are expected to manage CSDDD risks in the supply chain multi-dimensionally with a preventive process from risk identification through risk assessment (what is the probability of a risk occurring, and what is the severity if it does?), risk mitigation, implementation & monitoring and finally, provisions for disaster response should a risk (such as a human rights violation in the supply chain) materialize. Assessments, mitigation measures and contingency plans for disaster response need to be reviewed at least annually and more often if circumstances change, for example as a result of new business units or production facilities being established. (See Figure 3)

Integrating the new regulations into procurement

The requirements set out in CSRD, EURD and CSDDD will not be entirely new to most large organizations that value their brand and reputation. They will have been following best practices in ESG for some time already and will have involved procurement in their ESG processes, so there is no need to reinvent the wheel. However, with regulations becoming law, requiring mandatory reporting, it is now essential to align processes in the procurement lifecycle with the requirements of the directives.

Here are the main considerations for procurement teams:

Supplier selection and onboarding: Suppliers must sign a Code of Conduct and self-disclose any issues or risks. Procurement must gather the relevant information.

Supplier evaluation: Procurement must carry out a risk assessment at least once annually.

Supplier classification: Procurement must classify each supplier as low, medium or high risk, implement any preventive measures and draw up potential remedial measures to respond to risks that occur.

Supplier development: Contingency measures need to be in place to allow for the phasing out of suppliers that are found to be non-compliant.

Performance review and KPI tracking: Procurement KPIs, supplier audits, news monitoring etc. will provide input into reporting to the regulators to demonstrate compliance and to surface any issues that have arisen, and remedial actions taken.

In summary I would suggest that the earlier you start on this journey, the better the outcomes are likely to be. The main workload is upfront in the requirements definition and then establishing the interfaces that you will need. To reduce the burden, speak to your suppliers as they may already be addressing these issues.

In the next article we will examine the ways in which JAGGAER helps its customers to comply with these three EU directives. If you’re planning your roadmap now, you can also speak with our team to explore practical solutions. Talk to an expert.