Last week, the Council of the European Union granted its final approval to the so-called Omnibus I simplification package, which substantially amends sustainability-related reporting and due diligence regulation applicable to companies within the European Union.

This is not merely an administrative easing of requirements, but a structural recalibration of the regulatory architecture, affecting the scope of obligations, liability exposure, and compliance strategies across the EU.

Legislative Framework: What Has Changed?

Omnibus I amends two key EU legislative instruments governing corporate sustainability:

• the Corporate Sustainability Reporting Directive (CSRD)
• the Corporate Sustainability Due Diligence Directive (CSDDD)

The package aims to reduce regulatory complexity, administrative burden, and the indirect impact of obligations on smaller companies. At the same time, the EU seeks to strengthen economic competitiveness in a changing geopolitical environment.

CSRD: Recalibrating the Scope of Reporting Obligations

The sustainability reporting framework remains in force, but its scope of application has been significantly narrowed.

Key legal changes include:

• the reporting obligation will, as a rule, apply only to companies with more than 1,000 employees and annual turnover exceeding EUR 450 million
• third-country companies will be subject to the rules only if their EU turnover exceeds certain high thresholds
• the “trickle-down” effect of reporting obligations along the value chain has been restricted

From a legal perspective, this constitutes a systematic reduction of the scope of application and a concentration of compliance obligations on a significantly smaller group of undertakings, while value chain companies are protected from disproportionate information requests.

CSDDD: Structural Easing of Due Diligence Obligations

The most significant normative changes concern companies’ obligations to identify and manage human rights and environmental risks within their value chains.

Key changes include:

• the scope threshold has been raised to a very high level (more than 5,000 employees and net turnover exceeding EUR 1.5 billion)
• the entry into application of the obligations has been postponed by several years
• the obligation to adopt climate transition plans has been removed
• a scoping exercise covering the company’s own operations, subsidiaries, and direct and indirect business partners
• the EU-wide harmonised civil liability regime has been removed and the maximum level of penalties has been capped (at no more than 3% of global net turnover)

From a liability perspective, this means both a narrowing of the scope of application and a more predictable limitation of sanction and damages exposure.

Implementation and Transitional Periods

The entry into force and implementation of the Omnibus I Directive will proceed in stages:

• the Directive will enter into force 20 days after its publication in the Official Journal
• the CSRD amendments must be transposed into national law within one year
• the deadline for implementation of the CSDDD amendments is 26 July 2028

For companies, the key legal risk now lies in national implementation and in how Member States will exercise their margin of discretion. In Finland, the amendments to the Accounting Act implementing the CSRD changes are currently expected to be presented to the Government in week 11.

Legal Impact Assessment: What Should Companies Reassess?

Omnibus I reshapes companies’ legal operating environment on multiple levels, particularly in relation to compliance structures and risk management.

The scope of application must be reassessed, as some companies may fall outside the mandatory regime due to the revised thresholds. However, this does not automatically release them from market- or contract-based reporting requirements that may arise from customer relationships, financing agreements, or group structures.

The legal logic of value chain risk management also changes. Although the narrowing of obligations may reduce the need for a fully systematic due diligence framework, liability risk does not disappear and may materialise through damages claims, contractual liability, or reputational harm. At the same time, contractual liability becomes increasingly significant: as public law obligations are eased, private law mechanisms – such as supplier contract undertakings, financing covenants, insurance arrangements, and liability clauses – assume a more central role in the allocation of risk.

Simultaneously, the risk of regulatory fragmentation increases. National transposition, potential sector-specific rules, and voluntary standards may produce a more heterogeneous normative landscape, heightening the need for continuous legal monitoring and proactive risk management.

What Comes Next? Implementation Will Determine the Impact

The true significance of Omnibus I will not be determined at the approval stage, but in its implementation and practical application. Much will depend on how strictly Member States apply the new thresholds and how they use their discretion in transposition. Equally important will be how market supervisors and competent authorities interpret the risk-based approach and what evidentiary standards they expect from companies’ due diligence and reporting practices.

Investor reactions to a potential reduction in mandatory reporting will also be decisive. If legally required transparency decreases, markets may respond by imposing their own information requirements. In such an environment, voluntary reporting may become a new competitive differentiator, strengthening trust and market positioning even where the law no longer mandates the same breadth of disclosure.

Conclusion

The Omnibus I reform marks a shift in EU corporate sustainability law from broad normative steering toward a more targeted regulatory approach.

For companies, this does not merely mean fewer obligations, but a change in regulatory logic: the central question becomes in which situations obligations still arise – and where they are replaced by contractual, financing, or market-driven requirements.

For this reason, every company operating in the EU or targeting EU markets should reassess its regulatory position before national implementation takes effect.

Related Services

◆ Corporate Advisory & ESG