Omnibus I Is Now Through the EU Legislature — What Changed in CSRD and CSDDD, What Comes Next, and What APAC Suppliers Should Do Now
Yes. The Omnibus I amending directive (covering CSRD and CSDDD / CS3D changes) has now received the Council’s final green light on 24 February 2026, after the European Parliament approval in December 2025. The Council states this is the final approval step, with publication in the Official Journal due shortly, and entry into force on the 20th day after publication.
For practical planning, this means the political fight on the main shape of the law is largely over. The focus now moves to publication, entry into force, national transposition, Commission guidance, and company implementation choices. The Council also confirms CS3D transposition by 26 July 2028 and company compliance from July 2029 under the amended timeline.
Why this matters now
The Omnibus I package materially changes the EU’s sustainability architecture in two areas that affect APAC supply chains most directly.
First, it narrows mandatory scope sharply, especially for CS3D and CSRD. That changes who is directly regulated.
Second, it does not remove supply-chain pressure. It changes how pressure travels. Large EU buyers remain exposed and still need evidence, risk controls, and credible supplier management. In practice, APAC suppliers may see fewer blanket questionnaires but more targeted requests tied to specific risk areas, customers, sectors, and incidents. This is visible in the amended CS3D text on “reasonably available information”, scoping, and prioritisation.
| Area | Before (broadly) | After Omnibus I (final) | Why APAC should care |
|---|---|---|---|
| CSRD scope | Much broader coverage (including many companies above 250 employees under prior criteria) | Narrowed to companies with >1,000 employees and >€450m net turnover (plus revised third-country conditions) | Fewer EU buyers will report directly, but in-scope buyers will still seek supplier data, now with tighter proportionality rules. |
| CSRD value-chain data requests | Wider pull on suppliers possible under ESRS implementation | ESRS cannot require information from value-chain undertakings under 1,000 employees beyond the voluntary standard boundary | Smaller APAC suppliers gain a stronger basis to push back on excessive data requests. |
| CSRD sector-specific ESRS | Commission empowered to issue sector-specific standards | That empowerment is removed (no sector-specific ESRS mandate) | Less risk of another layer of mandatory sector datapoints, but sector guidance may still appear. |
| CSRD voluntary standard for out-of-scope firms | VSME existed as guidance/recommendation basis | New Article 29ca creates Commission power to adopt voluntary standards for undertakings ≤1,000 employees, based on Recommendation (EU) 2025/1710 | This is likely to become the reference template buyers ask APAC SMEs to use. |
| CSRD assurance | Pathway towards Commission adoption of reasonable assurance standards | Requirement to adopt reasonable assurance standards removed | Some cost escalation pressure may ease, but assurance scrutiny does not disappear. |
| CSDDD scope | Wider company coverage | Narrowed to >5,000 employees and >€1.5bn turnover (EU and non-EU via EU turnover thresholds) | Directly regulated buyers shrink in number, but they are the biggest buyers and still have leverage over suppliers. |
| CSDDD risk identification | Heavier expectations often read as broad-chain review | Companies can focus on areas where impacts are most likely/severe; prioritisation flexibility where risks are equally likely/severe | Expect more targeted due diligence on specific sites, product lines, geographies, or raw materials. |
| CSDDD information collection | Concern about extensive trickle-down requests | Companies rely on reasonably available information and request data only when necessary; special protection for partners with <5,000 employees | APAC suppliers should prepare evidence packs and risk-based responses, not endless bespoke reporting. |
| CSDDD monitoring frequency | Annual monitoring expectation under original design | Monitoring at least every 5 years, and sooner after significant change or new risk indications | Formal cycle is longer, but event-driven checks remain critical. |
| CSDDD climate transition plan obligation | Explicit obligation under CS3D/CSDDD | Removed from CS3D in the amended directive | Climate demands do not vanish; they shift to CSRD, contracts, finance, customers, and product rules. |
| CSDDD civil liability regime | EU-level harmonised liability regime | Harmonised regime removed; liability remains under national law with full compensation right | Litigation risk becomes more jurisdiction-specific; supplier contracts and evidence quality matter more. |
| CSDDD penalties | Turnover-based penalty framework with less explicit uniform cap | Member States must set a maximum cap of 3% of net worldwide turnover; Commission to issue guidance | Large buyers will still take compliance seriously and pass controls downstream. |
| CSDDD timing | Earlier application (for largest firms) | Delayed; companies comply from July 2029 | APAC suppliers have extra time, but should use it well because buyer requirements will start earlier than legal go-live. |
Legislative status: has it been passed and finalised?
Short answer
Yes, politically and legislatively, the core Omnibus I amending directive for CSRD and CSDDD has been approved. The Council says it gave the final green light on 24 February 2026.
What is still “pending” in a technical sense
It still needs the routine final steps:
publication in the Official Journal, then entry into force 20 days later. The Council explicitly confirms this.
That is why some reports say it will “pass into law in coming weeks”. Reuters uses that wording, which is consistent with the publication/entry-into-force sequence.
Exactly what changed in CSRD under Omnibus I (final text)
1) CSRD scope is cut back sharply
The amended text raises the threshold so reporting applies to undertakings (and groups) that exceed €450 million net turnover and have an average of more than 1,000 employees. The same threshold logic also appears for relevant listed issuers and consolidated groups.
The Council summary confirms this high-level outcome and also notes revised third-country undertaking thresholds, including the parent’s EU turnover and turnover generated by a subsidiary or branch.
What this means
Many companies that were preparing for CSRD will now fall out of mandatory scope. However, that does not mean they are “free” from sustainability information demands. It means many will move into voluntary / customer-driven disclosure instead.
2) Transition relief for some companies already in Wave 1
The Council states the amending directive includes a transition exemption for “wave one” companies that had to start reporting from FY2024 but fall out of scope for 2025 and 2026.
Why this matters
This reduces the risk of a “one year on, one year off” reporting burden for firms now excluded by the new thresholds.
3) No mandatory sector-specific ESRS track
The Omnibus text removes the Commission’s empowerment to issue sector-specific reporting standards under Article 29b. The recitals explain this is to avoid adding more prescribed datapoints.
Why this matters
This is a major simplification point. Many companies feared a second layer of sector-specific ESRS. The Commission may still issue sector guidance, but that is not the same as binding sector-specific standards.
4) New “voluntary standards” route for undertakings up to 1,000 employees (Article 29ca)
The amended text deletes Article 29c and inserts Article 29ca, empowering the Commission to establish voluntary sustainability reporting standards for undertakings with up to 1,000 employees, and to limit what can be requested from them in the value chain. The text also says these standards should be based on Commission Recommendation (EU) 2025/1710 (linked to EFRAG VSME) in its original version.
Why this matters for APAC
This is likely to become the practical reporting language for many APAC suppliers, especially SMEs and mid-caps. Even if they are outside CSRD, their EU buyers may ask for structured disclosure that mirrors this voluntary framework.
5) Stronger limits on value-chain data pull from smaller undertakings
The amended ESRS framework states standards must not require reporting companies to obtain from value-chain undertakings with up to 1,000 employees information beyond the voluntary standard package.
Why this matters
This is one of the most relevant provisions for APAC supply chains. It creates a clearer basis to challenge excessive questionnaires that go well beyond proportionate data needs.
6) Reasonable assurance escalation is softened
The recitals state that the requirement for the Commission to adopt reasonable assurance standards should be removed to avoid higher assurance costs.
What to watch
This does not remove assurance altogether. It changes the expected escalation path. Companies will still face review, audit, and investor scrutiny, especially if sustainability statements are material to financing, listing, or transaction activity.
Exactly what changed in CSDDD / CS3D under Omnibus I (final text)
1) CSDDD scope narrowed to only the largest companies
The amended Article 2 thresholds move to:
more than 5,000 employees and more than €1.5 billion net worldwide turnover (EU companies), with corresponding thresholds for non-EU companies based on EU turnover.
What this means
Direct legal coverage shrinks materially. But those remaining in scope are often the most influential buyers in apparel, footwear, electronics, consumer goods, retail, and branded manufacturing.
2) Risk-based scoping and prioritisation become more explicit
The recitals and amended provisions emphasise that companies should focus on areas where impacts are most likely and most severe. If several areas are equally likely or severe, companies may prioritise areas involving direct business partners.
What this means in practice
Suppliers should expect:
more targeted due diligence, not necessarily lighter due diligence.
A buyer may now concentrate requests on a specific factory, process, labour agency, raw material stream, or country risk rather than asking everyone for everything.
3) “Reasonably available information” is now a key operating concept
The final text states companies should base their efforts on information that is reasonably available, and as a general rule this limits unnecessary requests to business partners. It also sets conditions for requesting information from smaller partners and encourages use of other sources.
Why this matters
This is central to supplier strategy. APAC suppliers that maintain reliable documents, grievance records, audit findings, CAP status, wage and working-hour records, environmental permits, and traceability evidence will be easier for buyers to assess using “reasonably available information”.
4) Monitoring moves to at least every 5 years (plus trigger-based review)
The revised Article 15 requires periodic assessment at least every 5 years, but also sooner after significant changes or where there are reasonable grounds to think controls are no longer effective or new risks emerged.
Important nuance
This is not a licence to “do nothing for five years”. Trigger-based reassessment remains in the text. Incidents, sourcing changes, expansion, labour shortages, new subcontracting, or new geographies can reopen scrutiny quickly.
5) Climate transition plan obligation under CS3D is removed
The Council explicitly says the obligation for companies to adopt a transition plan for climate change mitigation under CS3D has been removed. The legal text deletes Article 22.
What this does and does not mean
It reduces one legal obligation under CSDDD. It does not remove climate pressure from:
CSRD (for in-scope reporters), investor expectations, customer contracts, procurement requirements, financing conditions, sector decarbonisation plans, or product-level rules.
6) Harmonised EU civil liability regime removed; national liability remains
The Council says the updated rules remove the EU harmonised liability regime. The amended Article 29 deletes paragraph 1 and keeps a national-law based liability structure, while preserving a right to full compensation where liability is established under national law.
Why this matters
Enforcement and litigation risk become more fragmented by Member State. For APAC suppliers, contract drafting, evidence retention, and escalation protocols become more important because buyers will manage risk differently across jurisdictions.
7) Penalties: explicit 3% maximum cap
The final text requires Member States to set the maximum cap of pecuniary penalties at 3% of net worldwide turnover (with group treatment clarified for certain parent structures), and the Commission will issue guidance for supervisory authorities.
Why this still bites
Even with simplification, the biggest companies still face meaningful financial exposure. That keeps supply-chain compliance and risk controls on procurement and legal teams’ agendas.
8) Model contractual clauses and guidance timeline
The text says the Commission shall adopt guidance on voluntary model contractual clauses by 26 July 2027 and sets timing for additional guidelines under Article 19.
Why this matters
Many APAC suppliers will feel Omnibus through contract templates first, not through direct legal notices. Expect customer clauses to evolve once EU model guidance lands.
What happens next: implementation phase and what to watch
1) Official Journal publication and entry into force
The Council says publication is expected in the coming days and the directive enters into force on the 20th day after publication.
2) National transposition
Member States generally get one year after entry into force to transpose, with a specific Council note on Article 4 harmonisation timing and a hard date of 26 July 2028 for CS3D transposition.
What to watch
National implementation can still vary in tone and enforcement style, especially on:
civil liability mechanics, supervisory practice, evidence standards, and interaction with existing national laws (for example, countries that already built HREDD-style frameworks).
3) Company compliance timing (CS3D)
Council confirms companies must comply with the new CS3D measures by July 2029.
What to watch
Large buyers will not wait until 2029 to start preparing. Many will spend 2026–2028 on:
risk mapping, supplier segmentation, contract updates, governance refresh, complaint mechanisms, and pilot controls.
4) Commission secondary work and guidance
Key items to monitor include:
Commission work on voluntary standards (Article 29ca) for smaller undertakings under CSRD, and CS3D guidance/model clauses by 2027–2028.
Why this matters
This is where “market practice” will harden. Even reduced legal scope can still produce strong operational expectations if guidance is detailed and widely adopted by major buyers.
5) Continued political and market pushback
Reuters reports criticism from campaigners and some investors, alongside support from governments and industry arguing for competitiveness relief. This matters because future review cycles and enforcement debates may reopen some questions.
Impact on APAC: what changes in the real economy
1) Fewer directly regulated customers, but stronger concentration of compliance power
The direct legal net is smaller. However, the remaining in-scope firms are very large buyers. For many APAC suppliers, customer concentration means their due diligence expectations can still shape operations.
2) Shift from broad compliance collection to targeted risk evidence
The final text supports prioritisation and “reasonably available information”. This will favour suppliers that can show a clear risk-control system, not just high-volume paperwork.
3) More differentiated supplier treatment
Buyers may segment suppliers by risk profile, country, commodity, labour model, subcontracting intensity, and incident history. Low-risk suppliers may see lighter touch engagement; high-risk suppliers may face deeper audits and remediation plans.
4) Climate requests will continue through other channels
The deletion of the CS3D transition plan obligation does not mean climate requests disappear. In practice, climate data and decarbonisation plans will still come through:
CSRD reporters, customer procurement scorecards, banks, investors, and product-specific regulatory frameworks.
5) Litigation and enforcement uncertainty becomes more jurisdiction-specific
Because harmonised EU civil liability was rolled back, buyers may become more cautious in contract design and evidence retention to manage cross-border disputes under national law frameworks.
What APAC suppliers should gear up for now (practical roadmap)
A. Build a “targeted evidence pack” rather than a giant ESG deck
Prepare a clean, retrievable file set that covers the issues EU buyers are most likely to prioritise.
This usually includes labour compliance basics, grievance handling, remediation records, working hours, wages, recruitment practices, health and safety, environmental permits, emissions/energy data, wastewater/waste controls, and subcontracting controls.
B. Map your risk exposure by customer, product, site and country
Do not treat all customers the same.
Identify which customers are most likely to remain in scope under the new thresholds and which product lines are linked to higher human rights or environmental risk.
C. Prepare for “proportionate” but more specific information requests
The Omnibus text gives buyers a basis to request less, but more precise, information. Train site teams to answer targeted questions fast and consistently, using documented evidence.
D. Use a voluntary reporting baseline for out-of-scope entities
For SMEs and mid-caps, it is sensible to align internal disclosure with the emerging CSRD voluntary standard direction (Article 29ca / VSME-based approach), even if not legally required. This can reduce duplicate customer questionnaires.
E. Tighten grievance and remediation credibility
Under risk-based due diligence, buyers will pay close attention to whether issues are identified and fixed effectively. A weak grievance mechanism or poor corrective action follow-up can move a supplier into a high-priority risk bucket.
F. Review contracts early
Expect revisions in supplier codes, audit rights, data requests, incident notification clauses, and remediation obligations as the Commission develops guidance and model contractual clauses.
G. Keep climate capability moving
Even without the CS3D transition plan obligation, maintain progress on energy data quality, emissions baselines, and reduction planning. Buyers, financiers, and other EU rules will still ask.
What to monitor in 2026–2028 (watchlist for the Desk)
Watch the Official Journal publication date because it starts the legal clock for entry into force and transposition.
Track Commission work on Article 29ca voluntary standards because this may become the de facto template for supplier disclosure requests.
Track Commission CS3D guidance and model contractual clauses (notably 2027–2028 milestones) because these will shape procurement and legal practice.
Track Member State transposition choices because enforcement style and liability pathways may diverge.
Track buyer behaviour, not only legal texts because commercial implementation often moves ahead of formal legal deadlines.
Bottom line for APAC supply chains
The Omnibus I changes are real and substantial. They reduce direct scope and some procedural burdens. But they do not end EU-driven supply chain due diligence and sustainability data demands.
The practical shift is this:
from broad, standardised burden to more targeted, risk-based, buyer-led requirements.
For APAC suppliers, the winning move is not to pause. It is to use the extra time to build a cleaner evidence base, stronger remediation capacity, and a more disciplined response system before large buyers harden their new implementation models.
This article is also available in:
Leave a reply
