All aboard the Omnibus: why focusing on the destination, not the journey, is the best approach for business.

The European Commission’s Omnibus simplification package was introduced on 26 February 2025, but for businesses, it may have caused more uncertainty, not less.

The proposal includes three of the EU’s sustainability regulations; the Corporate Sustainability Due Diligence Directive (CSDDD), the Corporate Sustainability Reporting Directive (CSRD), and the EU Taxonomy. It does not include others, such as the EU Batteries Regulation (EUBR), the Deforestation Regulation (EUDR), or the Forced Labour regulation. As such, this article focuses on the proposed changes to the CSDDD and what this could mean for businesses.

The Omnibus proposal aims to simplify compliance and reduce administrative burden, but its impact on businesses remains uncertain. Despite the hope for greater clarity, the proposal introduces changes that could impact businesses by shifting responsibilities, increasing paperwork, and reducing supply chain due diligence effectiveness.

Yet despite the uncertainty around the proposal, the message is clear for businesses: waiting for regulatory certainty is not a good strategy. Whatever form the final text may take, focusing on risk-based due diligence now, using established frameworks that are the foundation of the regulations, such as the OECD Guidelines and UN Guiding Principles (UNGPs), will mean businesses are ready when it arrives.

What is Kumi’s take on the proposed changes to the CSDDD?

Kumi fully supports the intent behind the Omnibus proposal to streamline due diligence legislation and make compliance more manageable. However, several of the key changes proposed could do the opposite:  

1. A narrowed scope may limit impact: The proposal’s restrictions to due diligence obligations beyond Tier 1 suppliers remain subject to interpretation, adding to legal uncertainty. This could also make it harder to identify and address risks that occur deeper in supply chains, where many of the most severe human rights and environmental issues typically arise.

2. Misunderstandings about due diligence: Several proposed measures, such as the SME “shield,” assume that due diligence starts with widespread supplier data requests. Risk-based approaches typically begin with high-level risk mapping that does not require supplier engagement.

3. Reduced liability could increase complexity: The proposal removes EU-level civil liability, which may ease short-term concerns but introduces the challenge of companies navigating multiple national enforcement regimes. This could create fragmentation and increase legal uncertainty for companies operating across borders.

4. Delayed timelines may prolong uncertainty: Delayed timelines and deadlines for implementation offer more preparation time for businesses, but ongoing negotiations risk delaying clarity and consistency. The uncertainty around the final requirements will likely make it harder for companies to plan investments and build robust systems. But the good news is that key guidelines on implementing due diligence will be published earlier than originally planned.

5. Real administrative challenges remain: The proposal does not yet address the everyday challenges companies face in practice, such as overlapping audits, excessive document requests, complex contract terms, and the need to align due diligence efforts across different regulatory frameworks.

Despite the intention to create a more effective and harmonised approach to due diligence, these changes mean businesses could face new layers of complexity and increased pressure on direct suppliers to manage compliance expectations.

So, what should businesses do at this point before the final text is released?

Don’t wait; take control of your due diligence now!

The uncertainty surrounding the Omnibus proposal shouldn’t delay action. The principles of responsible business conduct are not going away—whether under EU law, investor expectations, or consumer demand. Companies proactively implementing robust due diligence practices will be better positioned to navigate regulatory changes, manage risks, and build stronger, more resilient supply chains. Here are three things your business can do right now to get ready:

1. Educate your business on risk-based due diligence and make the case for it

Educate internal teams, such as legal, risk and compliance, procurement, and other senior leaders, on what risk-based due diligence really means. It’s about identifying and prioritising salient risks in your supply chain, not exhausting every potential issue. You can do this by:

• Familiarising teams with the OECD due diligence guidance.
• Mapping your supply chain’s risk exposure, not just its structure.
• Avoiding reliance on supplier questionnaires unless they’re targeted and purposeful.

Don’t forget, beyond regulation, there is a strong business case for due diligence. It reduces reputational and legal risk, and it builds supply chain resilience, especially in times of geopolitical or environmental disruption. Risk-based due diligence can also open doors to sustainable finance and preferred buyer status among your downstream customers.

2. Focus on quality, not quantity

• Be smarter about your due diligence efforts. You don’t have to get detailed information from every direct supplier.
• Use risk analysis to identify where due diligence should be concentrated and where engagement beyond Tier 1 is needed – reduce your reliance on large-scale questionnaires and focus on targeted assessments.
• Prioritise risk hotspots in your supply chain by using public risk indices, local stakeholder input, and existing audit data to focus your attention.
• Combine insights from sustainability, procurement, legal, compliance and operations teams to reduce silos and improve your due diligence approach.

3. Monitor regulatory developments, but don’t wait

Stay engaged with the evolving CSDDD negotiations, particularly updates from the European Commission, OECD, and national regulators. Subscribe to alerts from reliable sources, such as Kumi, trade associations or legal briefings, and designate internal owners for monitoring key developments.

Some businesses are using light-touch scenario planning to see how potential changes might affect their current due diligence approach and taking actions that make sense regardless of what the final text says, including: 

• Conduct a gap analysis against the OECD Guidelines and UNGPs to understand what is aligned and where more work is needed.
• Review existing due diligence processes and tools to ensure they are scalable, adaptable, and risk-based.
• Strengthen internal policies, supplier codes of conduct, grievance mechanisms, and contract clauses that reflect the expected requirements.
• Build cross-functional working groups (e.g. legal, procurement, sustainability) to coordinate responses to upcoming regulations.

Finally, consider engaging in collaborative initiatives, such as industry schemes, joint audits, and cross-sector platforms, to help you identify and address risks more effectively. This can increase leverage with suppliers, improve access to reliable data, and reduce duplication of effort. But remember, participation in collaborative programmes should complement, not replace, your due diligence. They are not a way to “outsource” your responsibilities. Instead, integrate their outputs into your own risk assessments and mitigation strategies to ensure your due diligence remains focused and risk-based.

Focus on the destination because we know what’s coming!

The route may still be uncertain, but the destination is clear: smart, risk-based due diligence grounded in the OECD Guidance and UN Guiding Principles. That’s the direction of travel for EU regulation, echoed by investor expectations, market standards, and civil society.

Companies that focus now on building the right systems — prioritising the most significant risks, engaging beyond Tier 1 where needed, and using collaboration wisely — will be ready to lead, not just comply. Waiting for regulatory certainty, risks leaving you unprepared for both the obligations and the opportunities ahead.

The message is clear: get moving, build understanding, focus on the most important risks, collaborate effectively, and prepare your business for what’s next.