Article 7, Integrating due diligence into company policies and risk management systems.
1. Member States shall ensure that companies integrate due diligence into all their relevant policies and risk management systems and have in place a due diligence policy that ensures risk-based due diligence.
2. The due diligence policy referred to in paragraph 1 shall be developed in prior consultation with the company’s employees and their representatives, and contain all of the following:
(a) a description of the company’s approach, including in the long term, to due diligence;
(b) a code of conduct describing rules and principles to be followed throughout the company and its subsidiaries, and the company’s direct or indirect business partners in accordance with Article 10(2), point (b), Article 10(4), Article 11(3), point (c), or Article 11(5); and
(c) a description of the processes put in place to integrate due diligence into the company’s relevant policies and to implement due diligence, including the measures taken to verify compliance with the code of conduct referred to in point (b) and to extend that code’s application to business partners.
3. Member States shall ensure that companies update their due diligence policies without undue delay after a significant change occurs, and review and, where necessary, update such policies at least every 24 months.
For the purposes referred to in the first subparagraph, companies shall take into account the adverse impacts already identified in accordance with Article 8, as well as the appropriate measures taken to address such adverse impacts in accordance with Articles 10 and 11 and the outcome of the assessments carried out in accordance with Article 15.
Note: This is the final text of the Corporate Sustainability Due Diligence Directive (CSDDD), published in the Official Journal of the European Union in July 2024.