Update on the Omnibus Simplification Saga: first draft of the EU Council’s position on the second Omnibus has become available

As expected, the Council agrees with the EU Commission to amend the scope of the CSRD and endorses the proposed change in the second Omnibus. For an undertaking to be in scope of the CSRD an undertaking must have an average of more than 1,000 employees during the financial year and either a net turnover above EUR 50 million or a balance sheet total above EUR 25 million. This reduction in scope will also apply to credit institutions and insurance undertakings as well as to small and medium-sized undertakings which are public interest entities, all of which will no longer be subject to mandatory sustainability reporting obligations (Article 29a, paragraph 8 and 9 of the CSRD).

As proposed by the EU Commission in the second Omnibus, the CSRD requires in-scope undertakings to report information about the undertaking’s own operations and about its value chain. The Council has confirmed this approach and seems also to be willing to reduce the burden for undertakings in the value chain that are not subject to sustainability reporting, Article 19a (3) CSRD will therefore be amended via the second Omnibus. EU Member States shall ensure that reporting undertakings are prohibited from seeking to obtain any information that goes beyond the information specified in the standards for voluntary use from undertakings established inside or outside of the EU in its value chain that have up to 1,000 employees on average during the financial year. The reporting undertaking should, however, be allowed to collect from such undertakings in its value chain any additional sustainability information that is commonly shared between undertakings in the sector concerned.

The Council confirms the position of the EU Commission in the proposed new Article 29ca CSRD that the EU Commission will be empowered to adopt a delegated acts by to provide for sustainability reporting standards for voluntary use, which shall be proportionate to and relevant for the capacities and the characteristics of the undertakings for which they are designed and to the scale and complexity of their activities. On the other hand, to avoid an increase in the number of prescribed datapoints, the empowerment of the EU Commission to adopt sector-specific reporting standards is proposed to be removed from the CSRD.

With regard to public interest entities that are currently required to prepare and publish a sustainability statement (the so called ‘wave 1’), the Council states with regard to the proposed Article 5(3) CSRD that EU Member States may exempt undertakings or issuers which do not exceed the average number of 1,000 employees during the financial year from complying with the CSRD during the financial year that starts between 1 January and 31 December 2026. This forms an addition on the second Omnibus as proposed earlier by the EU Commission. According to the Draft Position of the Council, as from 1 January 2027 these undertakings are no longer in scope of the CSRD. In addition, by amendment of Article 19a (10) and 29a (9) CSRD in the Draft Position, the subsidiary exemptions can also be applied by public interest entities that have their securities listed on a regulated market.

One of the key amendments to the CSDDD proposed in the second Omnibus by the EU Commission is the limitation of the initial due diligence obligation in Article 5 to an in-scope company’s own operations, its subsidiaries, and its direct business partners. This marks a departure from the original proposal, as in-scope companies would no longer be required to conduct in-depth assessments at the level of indirect business partners, unless there was ‘plausible information’ that an indirect business partner caused adverse effects (read: human rights violations, for example).

While the endorsement of this limitation in the Draft Position was anticipated, the Council's formulation of the restriction is particularly noteworthy. Under the EU Commission’s second Omnibus proposal, in-scope companies must still investigate potential adverse impacts involving indirect business partners if they possess 'plausible information' indicating such risks. The Council has proposed to clarify when this exception applies by defining ‘plausible information’ as “information that objectively has a reasonable likelihood of being true” (see recital 21 of the second Omnibus in the Draft Position). This includes credible data from government bodies, baseline studies, third-party impact assessments, NGO reports, local community grievances, and academic research.

The proposed definition of ‘plausible information’ reinforces the expectation that in-scope companies must look beyond their direct business partners when conducting due diligence under the CSDDD. It expands the types of information that could trigger due diligence obligations, thereby increasing the likelihood that in-scope companies must address adverse impacts deeper in their chains of activities, including those involving indirect partners. By explicitly referring to the OECD Guidelines, the Council underscores that using external sources—such as NGO reports or trade union alerts—constitutes good practice by fulfilling the due duty of care obligations of in-scope companies under the CSDDD. If an in-scope company has access to, or can reasonably be expected to know of, such information, it must carry out an in-depth assessment of potential adverse impacts. This obligation also applies where a business relationship appears intentionally structured to obscure a high-risk supplier. These assessments must aim to collect accurate and reliable data to support the prioritisation of risks (Article 9 CSDDD) and to take appropriate measures (Articles 10–12 CSDDD). As proposed by the EU Commission in the second Omnibus, once a likely or existing adverse impact is confirmed, it must be treated as identified. In addition, in-scope companies are expected to ensure that their code of conduct on human rights, labour rights, and environmental standards is upheld throughout the chain of activities via communicating their expectations to business partners (both direct and indirect) and support to SMEs.

The Council's broader interpretation of 'plausible information' thus signals a more ambitious approach than that previously proposed by the EU Commission. Although the Council agrees with the EU Commission's formal limitation of the scope of due diligence, the substance of its proposal arguably brings the obligations of in-scope companies closer to the original CSDDD. In practice, the lowered threshold for what constitutes relevant information may mean that in-scope companies will still be expected to investigate indirect business partners in many (more) situations than we can currently foresee, because the CSDDD is based on the idea that in-scope companies can be expected to meet an enforceable standard of care. By framing the information that triggers the required due diligence in such broad terms, it seems plausible that this exception will become the rule under the CSDDD and that, indirectly, business partners in the chain of activities of in-scope companies will more often than not be included in due diligence activities. Therefore, the extent to which the proposed limitation as further defined by the Council in the Draft Proposal will meaningfully reduce the burden of due diligence obligations in practice remains to be seen.

Notably, the Council has removed the obligation for in-scope companies to contractually cascade their code of conduct throughout the chain of activities. Instead, the Draft Position merely requires in-scope companies to communicate their expectations to business partners. This marks a clear softening of the original due diligence framework, as it shifts from a legally binding contractual approach to a more voluntary, expectation-based mechanism. While this still encourages alignment with the in-scope company’s code of conduct, it significantly reduces the enforceability of those expectations down the chain of activities and therefore (further) waters down the contractual duties of in-scope companies under the CSDDD.

The Draft Position does not adopt the 500-employee threshold in Article 5 of the CSDDD for limiting information requests to direct business partners, as included by the EU Commission in the second Omnibus. Instead, the threshold is increased to 1,000 employees. This higher threshold in Article 5 of the CSDDD suggests an effort to reduce the burden on smaller companies (SME’s) and (further) limit the spill-over effects of the CSDDD.

Finally, as also expected, the Council confirms that the timeline for the adoption of the first set of implementing guidelines has been postponed to 26 July 2026. This delay gives in-scope companies additional time – because of the entry into force of the first “stop the clock” Omnibus to adapt their due diligence processes to the revised CSDDD obligations.