Moving Toward Shared Responsibility: How the EU’s CSDDD and Omnibus I Reimagine Contracting for Human Rights and Environmental Due Diligence

For decades, the legal architecture for managing human rights and environmental (HRE) risks in global supply chains has relied on a practice we call ‘risk-shifting’. In this model, lead firms use their superior bargaining power to push HRE risks and responsibilities—and related costs—onto their suppliers. Risk-shifting is effectuated via contracts that demand perfect compliance with a Supplier Code of Conduct (SCoC) and one-sided obligations that ignore buyers’ own responsibility to avoid contributing to adverse HRE impacts through their own purchasing practices. In our article What Does the EU CSDDD Say About Contracts, we analyze why this approach will need to change for companies concerned with adhering to the requirements of the European Union’s Corporate Sustainability Due Diligence Directive (CSDDD), as modified by Directive 2026/470 EU (‘Omnibus I’) in February 2026, which requires certain very large companies to carry out human rights and environmental due diligence (HREDD) across their ‘chain of activities’ to identify, prevent, bring an end to, and remedy adverse HRE impacts they caused or jointly-caused This blog summarizes our key findings and reflects on how they are affected by the finalization of the Omnibus I.

The shift away from traditional, risk-shifting contracts toward a more collaborative approach rooted in principles of shared responsibility lies at the core of our work at the Responsible Contracting Project (RCP). From our discussions with dozens of companies over the years, we have determined that traditional contracts actually impede the effectiveness of HRE risk management by fostering adversarial supply chain relations, which incentivize suppliers to hide HRE problems rather than prevent or fix them. The CSDDD codifies the requirement of effectiveness, with Recitals 46, 54 and 66—all of which remain operative—explaining what this means for contracts. Furthermore, Art 18 states that the European Commission will develop guidance on model contract clauses so that companies can better understand what due diligence-aligned contracting looks like. The European Working Group for Responsible and Sustainable Supply Chains, composed of legal practitioners and academics, including ourselves, is developing a set of model contract clauses to track the requirements of the CSDDD and support the Commission’s process—the European Model Contractual Clauses (EMCs).

The Failure of Traditional Contracting for Effective Due Diligence

When it comes to protecting human rights, the core defect of traditional contracts lies in a combination of requiring the supplier to be perfect while ignoring the buyer’s role in causing adverse impacts. For example, the SCoC will often require a supplier to pay its workers a living wage. Simultaneously, however, the buyer’s procurement team might implement supplier selection strategies that prioritize low cost and speed over labor conditions, often ignoring labor costs altogether. Indeed, suppliers often complain that ‘buyers want gold human rights standards, but they are not even willing to pay a bronze price’. It is difficult to square this circle without buyers taking on some amount of responsibility for standards’ adherence, including through cost-sharing. Because traditional contracts tend to place all liability for labor violations squarely on the supplier, the buyer remains legally protected in the contractual relationship even when they are the economic cause of the breach. The CSDDD changes this insofar as it holds in-scope companies responsible for causing or jointly-causing adverse impacts, regardless of what the contracts say.

Another major defect of traditional contracts is that they often give the buyer a right to immediately terminate the contract at the first sign of HRE-related trouble. This structure fosters a culture of adversariality and distrust that discourages suppliers from disclosing problems to their buyers for fear of losing the contract. As a result, the buyer’s visibility into the supply chain is obscured and problems can go undetected and un-addressed for a (too) long time. Thus, one-sided contracts with rigid, strict-liability approaches to compliance can impede the HREDD process at step one—identifying potential and actual adverse impacts. This, in turn, diminishes the prospects for effectively preventing, ceasing, and remedying adverse impacts because, simply put, if you can’t see it, you can’t fix it. Furthermore, while immediate, ‘cut and run’ exits may ‘clean’ the buyer’s supply chain on paper, they do nothing to help the victims. In fact, sudden termination often leaves workers even more vulnerable. We argue that for HREDD to be effective as required by the CSDDD, contracts must stop being tools for evasion and start being tools for proactive engagement.

Part of the challenge is that traditional contracts are not easily compatible with the principle of ‘continuous improvement’ that is central to HREDD. Indeed, contracts tend to be designed on a strict liability basis, with any imperfection being a breach. But HREDD, as set out in soft law and as codified in the CSDDD, operates primarily on a negligence standard, which is less concerned with the occurrence of imperfection (HRE violations) than with what the company did or didn’t do to prevent it ex-ante and to mitigate and remediate its effects ex-post. It is more pragmatic to deal with HRE impacts through a negligence standard rather than a strict liability standard because HRE issues are endemic, existing in most, if not all, supply chains, in both rich and poor countries. So outlawing HRE violations, while morally correct, simply does not work in practice. Likewise, endeavoring to outlaw all HRE violations contractually does not work. Thus, due diligence-alignment requires a new approach to contracting to comply with the CSDDD, as discussed below.

The Dos and Don’ts of Due Diligence-Aligned Contracting under the CSDDD: 

The CSDDD requires in-scope companies to take ‘appropriate measures’ to carry out HREDD, including through their contracts. ‘Appropriateness’ includes an effectiveness criterion, meaning that, to be appropriate, preventive and corrective measures must be effective at the design, implementation, and evaluation phases. At the design stage, companies must consider whether HREDD measures are likely to be effective in practice. If, during the implementation or evaluation phases, it is discovered that the measures are not, in fact, effective, adjustments must be made. Additionally, HREDD measures must reflect how the buyer’s own actions may jointly cause adverse impacts. 

1. Share responsibility for HREDD and promote cooperation 

Don’t transfer HREDD responsibility: The CSDDD clarifies that HREDD responsibilities cannot simply be outsourced to suppliers or business partners, contractually or otherwise. Recital 66 links to Art 18 on the Commission’s obligations to develop guidance on contracts; it explains that contracts should be designed in a way that ‘avoids the transfer of the obligations provided for in this Directive to a business partner’.  

Do include provisions that commit both parties to uphold HRE standards: Recitals 46 and 54 state that ‘[c]ontractual assurances should be designed to ensure that responsibilities are shared appropriately’. Recital 66 adds that contracts should include a ‘clear allocation of tasks between contracting parties’. These Recitals supplement what Arts 10 (Preventing potential adverse impacts) and 11 (Bringing actual adverse impacts to an end), which state that appropriate measures, including contracts, must take ‘due account’ of whether the in-scope company jointly caused a potential or actual adverse impact. A one-sided contract that includes no HREDD-related obligations for the in-scope company falls short by ignoring the latter’s responsibility to avoid jointly causing impacts. Contracts should therefore include HREDD-related commitments and instructions for both parties, not only the supplier. 

It is critical to remember that only in-scope companies, not their business partners, are responsible for HREDD under the CSDDD; as such, in-scope companies must consider how their own actions may cause or jointly cause adverse impacts. One way a company could jointly cause adverse impacts is through its purchasing practices (eg, poor forecasting, last-minute order changes, tight lead times, long payment terms, low prices). 

The CSDDD makes several references to purchasing practices and expects that companies will review and adapt their procurement policies and practices to ensure they are contributing to the payment of living wages and incomes, not aggravating HRE risks (Arts 10(2)(d) and 11(3)(e), and Recitals 46 and 54). This expectation, combined with the requirement that contracts be appropriate preventive and corrective measures, militates in favor of embedding commitments to responsible purchasing in the contract.

2. Provide targeted, proportionate support and distribute costs fairly 

Don’t shift the financial burden of HREDD to suppliers: As explained, CSDDD obligations must not be transferred to business partners, contractually or otherwise. Furthermore, if the in-scope company could jointly cause or has jointly caused an adverse impact, it must share the financial burden for addressing it ex-ante, including via fair prices, and ex-post, including via remediation, as set out in Art 12 and Recital 58.

Do share costs appropriately and support suppliers: The CSDDD contains explicit obligations to support suppliers in Arts 10 and 11. Contracts should set out how the in-scope company will provide this support, which could take the form of financial and non-financial assistance, including, for example, helping to secure low-interest financing for safety upgrades, providing technical training, or covering costs related to certification. 

3.  Prioritize continuous improvement and terminate only as a last resort 

Don’t embed cut and run approaches in the contract that allow for termination at the first sign of HREDD-related trouble: Too often, contracts include only remedies for the buyer in the event of a supplier violation of the SCoC. Such provisions ignore remediation for the actual victims of adverse impacts—for example, supply chain workers and their communities—and incentivise suppliers to hide problems. 

The CSDDD is clear: suspension and termination are to be pursued only as a last resort (Arts 10 and 11). Omnibus I adds that suspension of business relations should last only ‘until the impact is addressed’. It further clarifies that companies will not be penalized or liable if they continue relations with a business partner connected to the adverse impact ‘[a]s long as there is a reasonable expectation’ that the enhanced preventive or corrective action plan will succeed. This formulation not only codifies the exit-as-last-resort principle, which effectively rules out zero tolerance exits, but it also gives in-scope companies lots of room to stay and work with business partners to address adverse impacts without incurring liability. 

Do include ‘right to cure’ and responsible exit provisions: Articles 10 and 11, as modified by Omnibus I, establish the obligation to enact an ‘enhanced action plan’ before considering moving to termination. In the context of actual adverse impacts, Art 12 requires Member States to ‘ensure that, where a company has caused or jointly caused an actual adverse impact, the company provides remediation’ and clarifies that, in circumstances where an actual adverse impact occurred but was caused only by the business partner, the in-scope company may provide voluntary remediation and use its ability to influence the business partner to provide remediation. Combined, these Articles strongly militate against zero tolerance approaches and in favor of including a right to cure provision in supply contracts specifically focused on remediating adverse HRE impacts. 

Contracts must build a framework for ‘ongoing cooperation’ (Recital 66) to effectively identify and address adverse impacts. This includes providing remedy to those harmed by an adverse impact. Companies should therefore ensure that their contracts set out a clear procedure for the parties to cooperate in providing meaningful remedy (eg, back pay, land restoration, reinstatement) to adversely-affected stakeholders, in consultation with them. 

If remediation fails and suspension is pursued, this must be done responsibly, after assessing whether the adverse impacts of suspension can ‘reasonably be expected to be manifestly more severe than the adverse impact’ that could not be prevented and adequately mitigated, or brought to an end and adequately minimised, and after taking steps to ‘prevent, mitigate or bring to an end the impacts of suspension’. Additionally, the suspending company must provide ‘reasonable notice to the business partner concerned’. 

Omnibus I removes all references to an obligation to terminate. However, this does not prohibit companies from terminating contracts, provided such action is taken responsibly. Although the Omnibus explicitly prescribes criteria only for responsible suspension, it follows a fortiori that any termination must also be conducted responsibly. In terms of both economic and HRE outcomes, termination carries consequences that are similar to, yet more severe than, suspension. It would be unreasonable to assume that rightsholders and suppliers are protected against the effects of the ‘weaker’ suspension while remaining unprotected against the ‘stronger’ impact of termination.

4. Outlook: Omnibus I and the EMCs

As should be clear from the above, transitioning to due diligence-aligned contracting is no small undertaking. While Omnibus I modifies major aspects of the CSDDD, including its scope and rules on civil liability (in detail here), the contracts-related requirements described above are unaffected. However, a few changes have implications for contracts and the EMCs, including the new language on suspension and responsible exit, described above, and new requirements pertaining to information requests, described just below.

Omnibus I introduces strict requirements on the content and timing of information requests sent by in-scope companies to their suppliers. Before they can approach business partners for information, in-scope companies must conduct a general scoping exercise to identify prioritised risk areas in their chain of activities (Art 8(2)(a)).

If, based on the scoping assessment, the company determines that the business partner is connected to a prioritised chain, they must carry out an in-depth risk assessment in the course of which they ‘may request information from business partners’, but only if that information is ‘necessary’, ‘targeted, reasonable, and proportionate’ (Art 8 and Recital 22, Omnibus I).

This means that buyers must tailor their information requests to cover only the information needed to complete the in-depth assessment of the potential risks areas identified in the scoping phase. Clearly, the widespread use of one-size-fits-all questionnaires is out of sync with this requirement.

For an example of a company that is implementing a targeted information approach, see a report by the major shipping company, Hapag-Lloyd (p 11): ‘The questionnaires are drafted on the basis of the risks and activities relevant to the purchasing categories. For example, suppliers in the “Truck” purchasing category are asked whether they make deductions from wages (eg for traffic violations, as penalties for late delivery, etc). Suppliers in the “Feeder” category are asked whether they operate on routes affected by piracy and/or terrorist attacks’. 

Article 8 further restricts the use of questionnaires with business partners that have fewer than 5,000 employees to situations in which the information ‘cannot reasonably be obtained by other means’. This implies a ‘once only’ principle: information that a business partner has published or already sent to the company must be accounted for in any request for additional information necessary to complete the in-depth assessment

It could be argued that this restriction applies to all information requests, not only for suppliers with fewer than 5,000 employees: It seems to be neither ‘necessary’, ‘reasonable’ nor ‘proportionate’ to ask for information that the company already has access to simply because they want it in another format. 

This requirement has implications for contracts and the EMCs because it limits how in-scope companies can include, word, and implement information requirements in their agreements. Historically, contractual information requirements have been drafted in sweeping terms. This will need to change, likely along with companies’ verification requirements, such as audits and certification requirements, which are addressed in Arts 10 and 11. For example, if a supplier conducted a recent audit for another buyer, they might argue that the company should use the existing report instead of requiring yet another audit. 

Version 1.0 of the EMCs is expected to be published later in 2026 and we hope that it will serve as a reference point for the European Commission as it prepares its guidance for contracts under Art 18 CSDDD, which it is expected to publish in July 2027. Until then, our article and the zero draft of the EMCs may be useful for companies preparing to meet the CSDDD requirements.

The authors’ paper is available here. 

Sarah Dadush is Professor of Law and Founding Director, the Responsible Contracting Project (RCP), Rutgers Law School. 

Daniel Schönfelder is Lead European Legal Advisor, the Responsible Contracting Project (RCP), Rutgers Law School