Omnibus nears the terminus: Simplification of the EU sustainability framework

Introduction 

The European Union’s co-legislators have adopted a set of simplification measures to the Taxonomy Regulation, the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD). These changes, agreed in less than a year, form part of the Omnibus I package put forward by the European Commission in February 2025 to streamline EU corporate sustainability rules (see our previous blog).

Following the adoption of the Omnibus “Stop-the-Clock” proposal in April (see our previous blog), the EU co-legislators have now reached an agreement on substantive amendments to the EU sustainability reporting and due diligence framework. Negotiations have been complex and politically contentious, and they were resolved at an unprecedented speed. The final agreed text reflects a number of compromises between positions of the EU institutions, incorporating some of the Parliament’s more extreme changes (see our previous blog) alongside some key elements from the Council’s position (see our previous blog).

This blog post outlines the key provisions of the final Omnibus text and explains the implications for businesses’ compliance and reporting strategies.

Key changes for CSRD 

The adopted Omnibus text reduces significantly the number of companies required to report under the CSRD and also introduces measures to ease reporting obligations.

The key changes are:

• Higher applicability thresholds: The applicability thresholds are raised significantly, excluding many companies previously in scope.
  • For EU companies reporting from FY 2027 (also known as Wave 2), only companies with more than 1,000 employees and which generate more than €450m in net turnover (individually or in aggregate with their subsidiaries) in the relevant financial year are required to report.
  • For non-EU headquartered groups reporting from FY 2028 (also known as Wave 4) there is no employee threshold; but there are two turnover tests: To qualify, at least one EU subsidiary must generate net turnover of €200m in the previous financial year and the non-EU group must generate net turnover of €450m “in the Union” for the last two financial years.

The text includes a clause providing for these thresholds to be reviewed in the future, taking into account inflation. 

• Exemption for financial holding companies in Wave 2 and Wave 4: Wave 2 companies which are financial holding companies “with subsidiaries having business models and operations independent from one another” will be permitted to elect not to publish sustainability reports. The text has also extended this relief to groups in Wave 4, where reporting would otherwise be required at the level of the non-EU ultimate parent company.
• Transitional relief for Wave 1 companies: Acknowledging that some Wave 1 companies will fall out of scope from 2027 based on the increased thresholds (from 500 to 1000 employees and €50m to €450m turnover), the text enables Member States to exempt companies or issuers that do not meet the new thresholds from reporting for the 2025 and 2026 financial years.
• Restrictions on information requests from smaller business partners: Reporting companies will not be compelled to report information (that goes beyond the scope of the new EU voluntary sustainability reporting standard for small and medium-sized undertakings, VSME) from those of their business partners who are not in scope of CSRD, to the extent that those business partners elect to not provide the requested information. To support this, the text would give statutory relief to these smaller business partners from any contractual obligation imposed by a reporting company that sought to compel the provision of information outside the voluntary standard. The VSME will be developed before the new text comes into force and is distinct from the restriction of information requests to SME business partners under the CSDDD (see below).
• Withholding certain sensitive information: The text clarifies that companies are permitted to refrain from reporting information (i) would be “seriously prejudicial to the commercial position” of the company in certain circumstances, (ii) corresponds to IP, know-how, results from innovation or qualifies as a trade secret, (iii) is classified information, or (iv) is to be protected from unauthorized access or disclosure or to safeguard privacy or security of a person. In all cases, however, the reporting company must disclose that it has omitted information, along with the relevant reason, and must reassess any omissions each year.
• Limited assurance standard: The adopted text acknowledges that the lack of harmonized assurance standards is posing challenges in practice and therefore emphasizes the need for a limited assurance standard to be adopted in a delegated act by 1 July 2027.

Key changes proposed for CSDDD

The adopted proposal also introduces significant relief regarding due diligence requirements under the CSDDD. Most notably, it postpones the application date by another year to July 2029, increases substantially the thresholds setting the scope of regulated companies, and removes the climate transition plan obligation.

The key changes include:

• Postponement of applicability: In addition to the delay already introduced by the Stop-the Clock Directive in April 2025 (see our blog here), the text further extends both the transposition deadline and the date of applicability to companies of the entire CSDDD regime by one year to 26 July 2028 and 26 July 2029, respectively.
• Increased applicability thresholds: The text significantly reduces the number of companies in scope of the CSDDD by raising the employee threshold from 1,000 to 5,000, and the net turnover threshold from €450m to €1.5b. For franchising and licensing models, only companies generating more than €275m turnover and €75m in royalties remain in scope (up from €80m and €22.5m). The text also allows Member States to adjust their national laws to align with the revised CSDDD – especially if this leads to a narrower scope of applicability, for example, as is the case for the revision of the German Supply Chain Act (LkSG, see our blog here).
• Removal of the climate transition plan obligation: In line with the Parliament’s position, the requirement to adopt and put into effect a climate transition plan is fully removed, a requirement that had been seen by some as one of the most onerous aspects of CSDDD.
• Adjusted risk analysis: While the Commission’s initial Omnibus proposal suggested limiting the obligation for companies’ risk analysis of their value chains to direct business partners (“tier 1”), the text maintains a requirement for a broader risk-based approach that would extend across the entire supply chain where relevant. The text requires companies to (i) conduct a scoping exercise (previously “mapping”), but now based on “reasonably available information”, and (ii) carry out an in-depth assessment of the areas where adverse impacts were identified to be most likely to occur and be most severe.
• Restrictions on information requests or ‘value chain cap’: To reduce the burden on smaller business partners, the text would prevent companies from compelling any smaller business partners (with fewer than 5,000 employees) to provide information, unless such information cannot reasonably be obtained by other means. It is unclear to what extent this exemption will cover the scope of information CSDDD-regulated companies require from their suppliers in practice, and it may prove to be of limited relief.
• No “duty to terminate” business relationships: The text replaces the “duty to terminate” business relationships as a measure of last resort to address CSDDD-related breaches, with a “duty to suspend” the relationship. It further clarifies that where a company continues engagement with a business partner, despite actual or potential adverse impacts, this will not expose that company to penalties or civil liability if there is a reasonable expectation that an enhanced prevention or corrective action plan will succeed. 
• No harmonized EU-wide civil liability regime: The EU-wide civil liability regime has been removed; hence, only national liability frameworks shall be relevant where claims are made against CSDDD-regulated companies in respect of harm that amounts to a breach of CSDDD. The text also removes the requirement for Member States to override any foreign applicable law with CSDDD-backed law, where claims are made against CSDDD-regulated companies in relation to harm suffered outside of the EU. Linked to this, the right for representative actions by NGOs and trade unions has also been removed.
• Reduced maximum fine for pecuniary penalties: The text will now require Member States to set a fixed maximum limit for pecuniary penalties at 3% of the (consolidated) net worldwide turnover of relevant corporate groups, down from the original maximum fine of “not less than 5%”. 

Implications for businesses

To prepare for compliance under the revised sustainability due diligence and reporting regimes, companies should:

• Conduct scoping exercise and update compliance strategy: to determine which group companies remain subject to obligations under the amended CSRD and CSDDD and update the compliance strategy accordingly.
• Maintain oversight of the amended ESRS framework: as it continues to develop, alongside the NESR framework for reporting at the level of ultimate foreign parents from the 2028 financial year.
• Aim for an integrated supply chain compliance approach: Factor in other supply chain regulations, such as the EU Deforestation Regulation (EUDR) and the EU Forced Labour Regulation (FLR), when establishing risk management systems, and stay abreast of ongoing proposals to amend related regimes like the Batteries Directive.
• Assess liability, stakeholder impacts and reputational risks:national liability regimes will now be unaffected by CSDDD requirements, but stakeholder expectations and reputational risks linked to CSRD and CSDDD regimes may still increase where environmental and human rights issues emerge.
• Consider voluntary compliance measures: in particular climate transition and mitigation plans, to meet stakeholder and investor expectations.

Next steps 

The text of the political agreement reached on Omnibus has now been confirmed by Ambassadors in the Council and Members of the European Parliament (MEPs) in the Committee on Legal Affairs.  

This means that only one formal step at the EU level remains: the Parliament’s plenary vote on 16 December, which we expect will be a pure formality. The final text will then be refined and translated by lawyer-linguists and published in the EU Official Journal – most likely in early 2026 – triggering the entry into force, following which the Member State transposition process will begin. Again. 

Access our new interactive map to follow updates on transposition of the CSRD and the Omnibus package as they unfold.