Due diligence in the supply chain

December 8, 2025
due diligence

New regulations based on existing frameworks

It has probably not escaped anyone's attention that the EU has a clear agenda in the area of sustainability. Several new regulations have been introduced in recent years, and more are on the way. But how do these regulations fit together, and which requirements are already covered by existing frameworks and guidelines?

Put simply, the new regulations formalize principles that have already existed in voluntary frameworks and guidelines for some time, albeit in a more comprehensive manner. For companies and organizations that already work according to frameworks such as GRI (Global Reporting Initiative) or ISSB (International Sustainability Standards Board), the new requirements in CSRD will be familiar, and for companies that already follow the OECD's due diligence guidelines, CSDDD will be in line with the processes already in place.

We are moving from reporting to action

CSRD has already begun to be rolled out, and although there is currently some uncertainty about the exact terms as a result of the European Commission's Omnibus package, it is a regulatory framework that will be implemented broadly over time. The next regulatory framework that has also been decided but not yet rolled out is CSDDD. Whereas CSRD is a directive that focuses on reporting sustainability risks, CSDDD instead sets clear requirements for actual activities to identify and address these risks – throughout the entire value chain.

With CSDDD, we are moving from requirements for reporting sustainability risks to requirements for action ◀

What requirements will be imposed on companies with the rollout of CSDDD? As with CSRD, this is affected by the Omnibus package, where the exact terms have not yet been decided. So how should organizations act to prepare themselves given the current uncertainty? A good approach is to start with the guidelines that form the basis of the regulations.

Due diligence requires you to check your suppliers

At Betalkontroll, we have been working with supplier checks since our inception in 2019, and we have seen how the need for automated checks has increased over time. Since the OECD guidelines are based on a broad mapping of "sector-specific, geographical, product-related, and company-specific risk factors," there is a clear need for automatic and reliable checks in these areas—where the organization can then conduct more in-depth due diligence for suppliers depending on their risk profile.

OECD guidelines – with a focus on suppliers

The OECD's due diligence guidelines are summarized in six steps and provide guidance on how organizations should act to implement due diligence throughout their value chain. Below is a summary of the six steps and various processes that you should have in place in relation to your suppliers.

Step 1 – Update policies and management systems

  • Implement a code of conduct for suppliers.

Step 2 – Identify negative impacts

  • Identify risks in your supply chain based on a broad survey of your suppliers and their overall risk profile.

Step 3 – Address negative impacts

  • Stop, prevent, and mitigate negative impacts linked to your supply chain. Focus your efforts on those suppliers where the negative impact is greatest and where you can have a positive influence.

Step 4 – Follow up on implementation and results

  • Monitor your suppliers on an ongoing basis to identify any changes that increase the risk of negative impact.

Step 5 – Inform about how the impact is being managed

  • Report on your due diligence processes in relation to suppliers and the results of the activities you carry out.

Step 6 – Work toward restitution if necessary

  • Offer compensation to those affected and repair any damage caused in your supply chain.

In summary, it can be concluded that there is no immediate need to wait for the exact terms and conditions that will apply in the CSDDD to begin working with due diligence. Established guidelines are already in place that will align well with the regulations once they are fully implemented. The requirements will apply to the entire value chain, but for most businesses, the supply chain will be the biggest challenge. Here, it is already possible to begin the screening process that forms the basis for the business's supplier knowledge and where deeper due diligence is required. An example of this could be setting up conditions and warnings in Betalkontroll that lead to a more in-depth analysis of the supplier.

A fundamental principle is that work should be carried out based on risk-based prioritization. ◀

Another important process for complying with OECD guidelines is to continuously monitor your supply chain and the measures taken at various stages – "Identify negative impacts or risks that may have been overlooked in previous due diligence processes and include these in the future." Betalkontroll can be a useful tool here, as it enables continuous monitoring of all suppliers. With supplier monitoring in Betalkontroll, all automatic checks are carried out on an ongoing basis, instead of being done at the time of each purchase. This enables a proactive approach to the supply chain, where it is possible to act on negative changes before they harm the company or other stakeholders.