The directive enters force in 2028. Supplier questionnaires won’t be enough. Here’s what independent, continuous monitoring looks like.
The Corporate Sustainability Due Diligence Directive is no longer a proposal. It entered into force on July 25, 2024. Member States must transpose it into national law by July 2027. The first group of companies — those with over 5,000 employees and €1.5 billion in turnover — must comply by July 2028.
For procurement leaders, ESG officers, and supply chain directors at European OEMs and industrials, this creates a specific, urgent problem: how do you demonstrate that you have identified and addressed adverse human rights and environmental impacts across your supplier network — not through questionnaires and self-certification, but through verifiable, independent evidence?
This article explains what CSDDD requires, why traditional due diligence methods fall short, and how satellite-based continuous monitoring provides the independent verification layer that the directive demands.
CSDDD does not exist in isolation. It is part of a coordinated wave of EU supply chain regulations that collectively reshape how European companies must manage their value chains. Understanding the timeline matters because these obligations stack — a company that ignores CSDDD preparation will simultaneously be unprepared for CSRD, EUDR, and CBAM.
The Corporate Sustainability Reporting Directive (CSRD) is already in effect, requiring large companies to disclose environmental and social impacts using European Sustainability Reporting Standards. The EU Deforestation Regulation (EUDR) requires geolocation-level evidence that commodities are deforestation-free. The Carbon Border Adjustment Mechanism (CBAM) will require verified emissions data for imported goods from 2026. And CSDDD layers mandatory due diligence processes on top of all of these.
“These regulations share common data requirements. A system that provides continuous, independent monitoring of supplier sites satisfies the evidence requirements of multiple regulations simultaneously. Building separate compliance processes for each regulation is not just expensive; it is strategically wrong.”
The directive’s obligations can be distilled into eight core requirements. Companies must integrate due diligence into their policies, identify actual and potential adverse impacts on human rights and the environment, prevent potential adverse impacts, bring actual adverse impacts to an end, provide remediation, establish a grievance mechanism, monitor the effectiveness of their due diligence measures, and report publicly on their due diligence.
Several of these obligations are straightforward — establishing policies, setting up grievance channels, publishing reports. But three of them are operationally demanding in ways that most companies have not yet grasped.
Identification of adverse impacts requires companies to know what is happening at their suppliers’ facilities. Not what suppliers tell them is happening — what is actually happening. The directive explicitly covers the company’s own operations, subsidiaries, and business partners in the chain of activities. Following the Omnibus I amendments approved in December 2025, in-depth assessment is focused on direct (Tier 1) suppliers, but companies must extend to indirect suppliers when there is “plausible information” suggesting adverse impacts at deeper tiers.
Prevention of potential adverse impacts means companies cannot wait for a disaster to respond. They must have systems in place that detect risk signals before they materialise into actual harm. Reactive compliance — investigating after a dam collapses, after a community is displaced, after deforestation is discovered — does not satisfy this obligation.
“Monitoring effectiveness requires ongoing, continuous assessment — not annual audits. The directive requires companies to verify that their due diligence measures are actually working, which demands a continuous data feed, not a snapshot.”
The uncomfortable truth facing most European procurement teams is that their current due diligence toolkit was designed for a different regulatory era. Supplier questionnaires and periodic on-site audits are the dominant methods, and they share fundamental weaknesses that CSDDD exposes.
Supplier questionnaires are self-reported. The entity being assessed controls the data. There is no independent verification. Research consistently shows that suppliers at risk of non-compliance are the most likely to provide inaccurate self-assessments — the very cases where due diligence matters most.
On-site audits are infrequent, expensive, and announced. A typical supplier audit happens once every 12–24 months, costs €5,000–15,000 per site, and is scheduled in advance — giving the facility time to prepare. An annual snapshot cannot detect the gradual deterioration of a tailings dam, the incremental encroachment into forest land, or the slow escalation of nighttime operations that may indicate forced labour.
Neither method scales. A European automotive OEM may have 5,000–10,000 suppliers across multiple tiers. Auditing even 10% of them annually is operationally and financially prohibitive. Questionnaire response rates beyond Tier 1 are typically below 30%.
Satellite-based continuous monitoring addresses the specific gaps that CSDDD exposes in traditional methods. It is independent (the data comes from ESA, NASA, and other space agencies, not from the supplier), continuous (Sentinel-1 SAR revisits every 12 days, Sentinel-2 multispectral every 5 days, TROPOMI daily), scalable (monitoring 1,000 sites costs marginally more than monitoring 10), and verifiable (any third party can access the same satellite archives to confirm the findings).
This is not a theoretical proposition. RondoTrace has demonstrated exactly this capability in forensic analysis. Our retrospective study of the Brumadinho Dam I collapse showed that satellite radar data detected structural failure precursors 17 months before the disaster — while every traditional ground sensor showed nominal readings. All four independent risk detection layers in our AI engine fired, and our Fukuzono failure prediction model predicted the collapse date within 16 days.
But satellite monitoring is not just about dam safety. The seven analysis modules in the RondoTrace platform map directly to CSDDD’s due diligence obligations across both environmental and human rights dimensions.
CSDDD includes enforcement provisions with real financial consequences. National supervisory authorities can impose fines, and the Omnibus I framework preserved meaningful penalty structures. Companies also face civil liability — meaning they can be held financially responsible for harm that due diligence should have prevented.
“Vale’s Brumadinho collapse resulted in over $7 billion in settlements, legal costs, and remediation. If a European OEM was sourcing from that mine and had no monitoring in place, CSDDD would require them to demonstrate why their due diligence failed to identify the risk — a risk that was detectable from satellite data for 17 months.”
The economics of satellite monitoring are straightforward by comparison. Continuous monitoring of a supplier site — covering structural integrity, environmental impact, emissions, deforestation, and human rights indicators — costs a fraction of a single on-site audit, runs 24/7 rather than once per year, and produces continuous evidence of due diligence rather than a point-in-time snapshot.
CSDDD Phase 1 compliance begins July 2028 for the largest companies. That sounds distant, but building the systems, data infrastructure, and organisational processes to comply takes 12–18 months. Companies that start in mid-2027 will be scrambling.
Satellite intelligence is not a replacement for all other due diligence methods. Companies will still need contractual clauses, supplier codes of conduct, grievance mechanisms, and some level of on-site engagement. But satellite monitoring provides something no other method can: continuous, independent, verifiable evidence of what is actually happening at your suppliers’ facilities, generated without the supplier’s knowledge, cooperation, or control.
“Under CSDDD, the question is no longer whether you monitor your supply chain. It is whether your monitoring is good enough to demonstrate due diligence when something goes wrong.”
Regulatory information in this article is based on the published text of Directive 2024/1760 (CSDDD), the Omnibus I package approved by the EU Council on February 24, 2026, and guidance from the European Commission, Deloitte, White & Case, and Anthesis Group. Specific CSDDD thresholds and timelines reflect the post-Omnibus I framework as of April 2026. Companies should consult legal counsel for jurisdiction-specific transposition requirements.
The satellite monitoring capabilities described reflect the current operational status of the RondoTrace platform. The Brumadinho case study referenced in this article is based on actual RondoTrace forensic analysis output; the full case study is available at rondotrace.com/insights/brumadinho-dam-satellite-analysis.
About RondoTrace
AI-Powered Satellite Intelligence for Supply Chain Risk
RondoTrace is an AI-powered satellite intelligence platform for supply chain ESG and risk monitoring. We process radar interferometry, multispectral imagery, and atmospheric composition data through proprietary multi-layer analysis algorithms to provide continuous, independent monitoring of supplier sites globally.
adarsh@rondotrace.comWeekly satellite-detected anomalies that matter for supplier risk. No fluff, no sales pitches.
We’ll only email you the brief. Unsubscribe anytime.