ESG Compliance Management and Corporate Strategy: What to Expect in 2025

Companies will face an increasing number of ESG requirements and demands for supply chain transparency and due diligence in 2025 and beyond. Failure to comply poses not only significant liability risks for management and business risks for companies, but also has significant impact on corporate strategy.

Given the numerous ESG compliance laws in Europe, their broad scope, and their comprehensive as well as challenging requirements, the time to act is now.

However, the parameters to be taken into account remain a moving target in light of the ongoing political discussion triggered by the ESG backlash and the challenging economic and geopolitical situation. For instance, the European Commission has revealed plans to simplify ESG (reporting) requirements, with the goal of reducing bureaucracy while maintaining Europe’s competitive edge by reducing redundancy and overlap, for example, in the “triangle” of the EU Taxonomy Regulation, CSRD, and CSDDD. Regardless of the final form and outcome of this so-called omnibus regulation (a first draft will be presented on 26 February 2025), one thing is clear as of today: the EU remains firmly committed to upholding strong ESG standards, and companies must be prepared to navigate the ongoing evolution of ESG compliance laws in Europe.

In such turbulent times, management should determine the course of action autonomously, taking into account all relevant aspects including the (future) applicable legal requirements while also considering political disputes. While the ESG compliance laws differ in approach and specifics, they also share several overlapping elements and should thus be considered holistically when developing ESG compliance management systems.

To cope with these requirements, ensuring transparency across supply chains will be a top priority. Businesses must align their operations with both current and forthcoming regulations that will shape their strategies in the years ahead and will be beneficial for applicable ESG-related disclosure requirements such as the Corporate Sustainability Reporting Directive (“CSRD”), the EU Taxonomy, or the Carbon Border Adjustment Mechanism (“CBAM”). Such a holistic approach will not only serve to mitigate compliance risks, but also to reduce associated business risks.

1. Corporate Sustainability Due Diligence Directive (CSDDD)

One key EU ESG compliance law shaping corporate strategies related to supply chain transparency and due diligence is the CSDDD. The CSDDD aims to hold companies accountable for preventing human rights violations and environmental harm throughout their chain of activities. It will apply to both EU and non-EU companies, or the ultimate parent of such companies, based on specific thresholds related to employee count and turnover. For further insights, please refer to our previous alerts here, here and here.

Adopted in February 2024, the CSDDD came into effect on 25 July 2024. The applicability and enforcement will be phased in gradually, requiring the first EU and non-EU companies within its scope to comply with the new rules starting in July 2027.

While the EU’s CSRD, which took effect in January 2023 (see our previous alerts here and here), focuses primarily on disclosure, the CSDDD is action-oriented, stipulating material ESG compliance management and supply chain obligations. Specifically, the CSDDD mandates companies to integrate human rights and environmental due diligence into all their relevant policies and risk management systems. It requires companies to conduct due diligence on human rights and environmental risks, including the identification, prevention, mitigation, and remediation of these risks. Companies must establish grievance mechanisms and provide documentation, including at least annual reporting.

Failure to comply with the CSDDD may result in fines with a maximum limit not less than 5% of the net worldwide turnover of the company and civil liability towards victims of human rights violations in the supply chain. Additionally, regulatory decisions regarding violations of the CSDDD, as well as failures to pay a fine, must be published. As a result, companies face an increased risk of reputational damage.

Furthermore, the CSDDD has overlaps to the CSRD as it mandates in-scope companies to adopt and put into effect a transition plan for climate change mitigation which aims to ensure, through best efforts, that the business model and strategy of the company are compatible with the transition to a sustainable economy and with the limiting of global warming to 1.5 °C. This requirement affects the core of the management board’s responsibility – the corporate strategy and the business model.

In summary, the CSDDD will require significant changes to how companies operate, and it may take one or more years to establish the necessary structures, processes, and reporting mechanisms. Starting preparations now will give businesses the time needed to implement due diligence processes effectively across their operations and supply chains. Specifically:

• Extensive Scope of Obligations: The CSDDD’s obligations are extensive, covering not just a company’s direct operations but extending to its subsidiaries, business partners, and suppliers. Also, unlike national frameworks such as the German Supply Chain Due Diligence Act (“SCDDA”), the due diligence requirements no longer focus solely on direct suppliers (i.e., contractual partners). Instead, the CSDDD mandates a full “chain of activities” approach upstream business partners up to tier-n and limited downstream business partners involved in the distribution and storage of products if acting on behalf of the in-scope company. This broad scope means that companies must assess and monitor ESG risks not only within their own operations but also throughout their extended networks, including subsidiaries and indirect business partners. This requires gathering detailed information, establishing due diligence procedures, and implementing adjustments across various levels of the business – effort that will cost significant time and resources.
• Thorough Due Diligence Process: The CSDDD requires companies to conduct thorough due diligence on human rights and environmental risks. This process will involve cross-functional collaboration between legal, compliance, procurement, and sustainability teams, and it may require changes to internal systems or the adoption of new processes to meet these standards. Moreover, involvement of internal and external stakeholders is mandatory throughout the entire due diligence process.
• Revising Supplier Contracts and Service Level Agreements: Companies will likely need to revise supplier contracts and service level agreements to ensure they align with CSDDD requirements. Given that these contracts often last several years, adjustments must be planned well in advance to ensure that all contractual relationships meet the directive’s due diligence standards. When doing so, the various ESG compliance law requirements should – to the extent possible – be covered holistically.
• Efficient Integration with other ESG Compliance Frameworks: Holistic integration of ESG compliance requirements can enhance compliance efficiency, but requires thorough examination. By aligning the due diligence requirements in light of applicable ESG reporting and disclosure frameworks, companies can streamline their processes rather than managing them as separate compliance programs.

2. EU Deforestation Regulation (EUDR)

ESG compliance management and due diligence obligations relating to supply chain transparency will also arise under the EUDR. The EUDR prohibits placing or making relevant products available on the Union market, as well as their export from the Union, if these products contain, have been fed with, or have been made using commodities such as cattle, cocoa, coffee, oil palm, rubber, soya, and wood unless

• they are deforestation-free,
• have been produced in accordance with the relevant legislation of the country of production, and
• are covered by a due diligence statement.

Coming with broad enforcement powers for market surveillance authorities and customs authorities, the level of potential fines and sanctions will be governed by national law of EU member states. The combination of the broad prohibition with those enforcement powers, which could eventually lead to sales bans for relevant products, the EUDR not only poses significant ESG compliance risks, but also business risks.

Officially coming into force in June 2023, the EUDR underwent extensive discussions on its implementation timeline, considering the complexity of due diligence requirements. Eventually, EU legislative bodies agreed to extend the application timeline by one year. The new deadlines are 30 December 2025 for large and medium-sized companies, and 30 June 2026 for small and micro-sized companies.

Once it has been determined whether a company falls within the scope of the EUDR (this assessment can be initiated using our EUDR Checker), businesses should take full advantage of the additional year to prepare. Compliance with the EUDR requires gathering extensive information across the entire supply chain, including geolocation data, conducting risk assessments, ensuring that products are not linked to deforestation, and verifying compliance with relevant laws in the country of origin. As the structure of the upstream supply chain can affect whether the EUDR applies to companies using or processing relevant products (as outlined in our previous alert here), and given the complexity of EUDR requirements when in scope, companies will need time to assess their supply chains, engage with suppliers and stakeholders, revise contracts, implement necessary risk mitigation measures, and establish reporting systems.

3. EU Battery Regulation (EUBattR)

A third key EU ESG compliance law related to supply chain transparency is the EUBattR, which establishes a standardized framework for the traceability of batteries throughout their life cycle. This regulation aims to promote the circular economy and ensure that batteries are produced and disposed of responsibly. It applies to all economic players in the battery industry, including manufacturers, importers, distributors, authorized representatives, fulfilment service providers, and other stakeholders such as recyclers and to any object that stores and supplies electrical energy generated by the direct conversion of chemical energy. This includes all categories of batteries: portable batteries, starter batteries, batteries for light vehicles, electric vehicle batteries, and industrial batteries.

Additionally, similar to the CSDDD, the EUBattR will impose extensive due diligence obligations on certain economic operators (with a net turnover of EUR 40 million or more) concerning specific materials used in batteries, such as cobalt, lead, nickel, and lithium taking effect from 18 August 2025.

From 18 August 2025, in-scope economic operators will have to comply with the additional due diligence requirements. These concern sustainability, traceability, and the responsible sourcing of materials used in batteries, which must be modelled on, inter alia, the OECD Guidelines. The core of the EUBattR’s due diligence requirements is the respective management system to be implemented, including battery due diligence policies, which must be verified by a notified body.

4. EU Forced Labour Regulation (EUFLR)

The EUFLR prohibits the placing and making available on the Union market, or exporting goods made with forced labour from the Union market. As the latest addition to the expanding framework of EU ESG compliance laws designed to promote transparency and enforce supply chain due diligence, this regulation targets all products placed or made available within the EU. This includes all products – whether imported, sold online, manufactured, or exported – and regardless of their geographic origin or industry. Unlike sector-specific regulations such as the EUDR (which focuses on specific commodities), or the EUBattR (which addresses the responsible sourcing of key materials such cobalt and lithium), the EUFLR has a broader scope. It applies to all products and economic operators regardless of their size or revenue (see our previous alert here) and has no de minimis threshold.

The EUFLR came into force on 13 December 2024, with full applicability set to begin on 14 December 2027. However, there are important milestones leading up to full enforcement that companies should be aware of, e.g., the EU Commission will publish guidelines and develop evidence-based, non-exhaustive databases to assist with the enforcement of the regulation.

Unlike the CSDDD, the EUDR, and the EUBattR, the EUFLR does not create additional due diligence obligations other than those already provided for in Union or national law. However, it is still advisable for companies to take proactive steps early to identify and mitigate forced labour risks within their supply chains. Specifically:

• Supply Chain Transparency and Proactive Risk Mitigation: Although the EUFLR does not impose new and additional due diligence obligations, it still (indirectly) requires businesses to identify and mitigate risks related to forced labour in their supply chains. Companies should proactively assess their supply chains, identify high-risk areas, and implement measures to prevent forced labour. By addressing these risks early, businesses can demonstrate to authorities that they have taken the necessary steps to avoid forced labour, should an investigation arise. This will require gathering detailed data on sourcing practices and ensuring robust monitoring systems are in place.
• Integration with Existing ESG Compliance Frameworks: The EUFLR complements other EU regulations, such as the CSDDD and EUDR, and companies can leverage existing risk management systems developed for these regulations. This will streamline ESG compliance efforts and reduce the administrative burden associated with managing multiple regulations separately. Early preparations will allow for smoother implementation of these systems and improve the company’s ability to comply with the regulation.
• Reputation Management and Regulatory Scrutiny: The EUFLR adds to the growing pressure on businesses to ensure their supply chains are free of human rights abuses, including forced labour. Public perception and regulatory scrutiny of companies’ ESG practices are increasing, and any indication of non-compliance could damage a company’s reputation and market position. Proactively addressing forced labour risks now can help companies build credibility with both consumers and regulators, positioning them as leaders in ethical business practices.
• Readiness for Enforcement in 2027: With full applicability of the EUFLR set for December 2027, businesses must be prepared for increased enforcement and scrutiny from regulators. Starting preparations early allows companies to identify potential compliance gaps and ensure they are fully aligned with the regulation before the enforcement begins. This is of utmost importance to be well-prepared for potential investigations by authorities in order to demonstrate compliance with the EUFLR and to effectively mitigate associated business risks.