Simplified, but intact: EU Omnibus I package is formally adopted by Parliament – what now?

The European Union’s Omnibus I package, which impacts the Corporate Sustainability Reporting Directive (CSRD) and Corporate Sustainability Due Diligence Directive (CSDDD), was approved and formally adopted by Parliament Wednesday following a long road of revisions and negotiations. It will now become law following publication in the Official Journal.

The Omnibus I package was first brought forth in February 2025, with the aim to simplify due diligence obligations and reporting requirements, according to the European Council. After uncertainty around the law's approval and implementation, as well as pushback from businesses and activists on the deregulatory nature of the revised package, the finalised text has now been approved. While yes, many reductions were implemented from the original legislation; significant requirements are still in place and mandate that businesses take a risk-based approach to supply chain risk management. Scale backs or not – due diligence standards are set, and the repercussions of hidden risks in the supply chain should remain a motivator to targeted risk management, rather than a compliance-driven approach.

What the new law says

CSRD:

• Scope: EU-registered companies: 1000 employees and above EUR 450m net turnover. Exemptions for financial holdings and listed subsidiaries.
  • Non-EU: EUR 450m EU turnover in the last two years, also for subsidiaries or branches turnover above EUR 200m in EU.
• Application timeline: Initial wave 1 companies to continue reporting until FY 2026. For FY 2027, the narrowed scope for EU and non-EU companies will come into effect. Member states can exempt wave 1 companies that fall out of scope.
• Other key aspects: Limited assurance applies. No reasonable assurance. Data requests from SMEs are limited to the VSMEs with the right to decline out-of-scope requests. No sector-specific standards. Voluntary sector-specific guidance might be published.
• Climate transition plan: Disclosure requirement remains in ESRS E1 (compatible with EU Climate Laws and 1.5°C).

CSDDD:

• Scope: EU-registered companies: 5,000 employees and EUR 1.5 billion worldwide turnover
  • Non-EU: EUR 1.5 billion turnover within the EU
• Application timeline: National transposition until 2028. Companies must comply by July 2029.
• Other key aspects: Allows prioritisation of impacts based on severity and likelihood. Impact assessment to be conducted every five years and ad hoc, where necessary. Purely risk-based approach for the ´chain of activities´.
• Climate transition plan: Requirement removed entirely.
• Civil liability and penalties: No new civil liability regime, left up to Member States. Penalty of non-compliance is up to 3% of global turnover, guidance from Member States & Commission.

What it means to take a risk-based approach

A key outcome from the new Omnibus I package that businesses must prioritise is the requirement to take a risk-based approach to the value chain of activities. A risk‑based approach means prioritising and addressing risks according to their likelihood and impact, rather than treating all risks equally. In practice, it’s about focusing resources on the most significant threats to people in their chain of activities, as well as the risks to an organisation’s objectives and operations. 

This approach will require businesses to shift from a blanketed risk management approach to a targeted, intentional strategy that consists of gaining a deep understanding of deeper-tier risks. Sourcing risks are omnipresent and pose an ongoing threat to the integrity of a supply chain’s health. Despite a reduced severity or scope of regulatory requirements, a business’ reputation and operations are on the line when it comes to human rights and environmental risk exposure. 

The due diligence with EiQ and LRQA becomes critical to identify supply chain risks, nail down where vulnerability is highest and risk exposure is most critical, understand the targeted interventions needed to reduce these risks, and achieve the ongoing monitoring necessary to constantly have oversight into your issue areas and support your journey to total supply chain confidence.

‘The more you implement these processes, it becomes just a part of the way that you operate, and you get a lot of extra benefit in terms of reduced risk, better supply chain partnerships, better access upstream,’ said Tara Norton, LRQA Advisory Lead. ‘There's a whole range of things that come along with it. So, there's no reason to back off from it. It's just a good time of reflection to make sure that you're doing the right things.’ 

For more on how to maintain focus despite regulatory changes, hear our full podcast conversation here.