On December 16, 2025, the European Parliament approved the Omnibus I package, a deregulation initiative that amends key EU corporate sustainability instruments, including the Corporate Sustainability Due Diligence Directive (CSDDD) and Corporate Sustainability Reporting Directive (CSRD). While Schönfelder and Streibelt argued that despite the amendments, “the CSDDD remains strong, especially its obligations on human rights and environmental due diligence”, I contend precisely the opposite.

The political coalition that passed the text – an alliance between the European People’s Party (EPP) and far-right forces, who weeks earlier demanded the CSDDD’s complete abolition – reveals the predictable outcome: a compromise text with weak, flexible, and ambiguous due diligence obligations and fragmented civil liability provisions. The result is a framework that maintains the appearance of regulation but that systematically fails to address corporate human rights and environmental harms. This prevents Member States from developing stronger protections, while risking global replication through the Brussels Effect, potentially foreclosing more ambitious approaches in other jurisdictions.

Behind the false dichotomy

Presented as necessary “simplification” to boost European competitiveness, the Omnibus I package embodies a false dichotomy that has come to dominate European policymaking: the supposed choice between sustainability and competitiveness. However, recent research from the United Nations Development Programme and the Council of Europe proves this framing wrong. Respect for human rights and the environment reduces legal and operational risks, increases supply chain resilience and productivity, strengthens brand reputation, attracts sustainable investment, and allows companies to enter emerging markets.

If the evidence seems so clear, what is the real reason behind this regulatory retreat?

The explanation is political. As Ouyang has already argued, the Omnibus package was shaped by corporate lobbying and geopolitical pressure rather than evidence-based policymaking, reflecting a broader pattern in which market interests are systematically privileged over democratic oversight. A recent investigation by the Dutch NGO SOMO exposed how eleven multinational corporations, including major fossil fuel interests, conspired to derail the CSDDD through coordinated targeting of key policymakers across EU institutions. Foreign governments joined the pressure campaign: a joint letter from senior US and Qatari officials urged EU leaders to scale back the CSDDD. The EU-US trade deal explicitly commits the EU to undertake efforts to ensure that the CSDDD does “not pose undue restrictions on transatlantic trade” and to “work to address US concerns regarding the imposition of CSDDD requirements on companies of non-EU countries”.

The political capture described above manifests in the text’s final provisions that systematically dismantle corporate accountability.

Designed to fail

Article 8 of the original CSDDD text required companies to take appropriate measures to identify and assess adverse impacts, considering relevant risk factors. The Omnibus agreement fundamentally transforms this obligation. Under recitals 21 and 21a, companies must now only conduct a scoping exercise to identify “general areas” where impacts are “most likely to occur”, based “solely on reasonably available information” that “will as a general rule preclude requesting information from business partners.” And, even more, companies retain complete “flexibility in judging what information is reasonably available to them.”

Only in areas identified through this limited and flexible scoping exercise must companies conduct an in-depth assessment. But even this in-depth assessment does not, as a general rule, include consulting business partners. Instead, companies should only “request information from business partners where that information is necessary,” and any request must be “targeted, reasonable and proportionate.” Business partners with fewer than 5,000 employees – companies that originally fell under the CSDDD’s scope themselves – should only be requested information when it cannot be obtained by other means (recital 22). The objective is clear: limiting the “trickle-down effect” as much as possible.

Recital 22a clarifies exactly what means should companies use for the purpose of identifying and assessing adverse impacts: “independent reports, information gathered through the notification mechanism and the complaints procedure provided for in Article 14”. Due diligence is thus converted into a passive, reactive exercise – responding only when adverse impacts are communicated – rather than the proactive identification and prevention of impacts as required by the UN Guiding Principles and other international standards.

This creates an impossible circularity. Companies retain complete “flexibility in judging what information is reasonably available to them,” meaning they determine the scope of their own obligations. If the scoping exercise relies only on information companies deem reasonably available – which explicitly excludes requesting information from business partners – how can companies identify general areas in their business partners’ operations where “impacts are more likely to occur”? And if companies have not identified general areas and specific impacts, they are not required to conduct an in-depth assessment, which itself does not include consulting business partners.

This inevitable failure to identify impacts is not accidental but explicitly acknowledged and protected. Recital 21a openly admits the consequence: Companies are “not required to identify every adverse impact in their operations, those of their subsidiaries, and those of their business partners. In some cases, this could lead to such an impact not being identified, and therefore not being prevented, mitigated, brought to an end or minimised, despite the company having complied in full with its obligations under this Directive.” The recital then grants explicit immunity: “It follows that companies would not be penalised under Article 27 of that Directive for such an impact.”

Overall, this fundamentally transforms the nature of due diligence obligations – what has been called “cosmetic compliance.” The objective is no longer preventing human rights and environmental harms, with due diligence as the means to achieve that result. The objective now is compliance with the due diligence process itself. If the process was followed, there are no consequences – regardless of whether harm was prevented. As Ouyang has argued, this framework enables corporate self-regulation without accountability.

The civil liability trap

The original CSDDD’s Article 29 on civil liability already had serious limitations. Liability was attached only to failure to comply with due diligence obligations, not to adverse impacts themselves. Causation was required between the (negligent or intentional) procedural breach and the damage. There was no reversal of the burden of proof. These limitations meant Article 29 was already a narrow form of liability. But at least it provided a progressive EU-wide civil liability regime. The Omnibus agreement now completely removes this EU-wide liability regime, leaving 27 different civil liability regimes in place, which neither simplifies nor ensures access to an effective remedy:

First, as Schönfelder and Streibelt’s piece acknowledges, this fragmentation contradicts even the stated goal of simplification. Without harmonized EU rules, companies are exposed to liability risks from over 200 jurisdictions worldwide. Under international private law, liability is often governed by the law of the place where the damage occurred (Article 4 Rome-II Regulation). Companies must therefore monitor liability risks across all jurisdictions in which they operate or source. The removal of EU-wide liability thus increases legal uncertainty and administrative complexity rather than reducing it.

Second, recital 28 justifies removal as needed “to better achieve the principle of subsidiarity.” At the same time, the recital acknowledges that, as a matter of both international and Union law, Member States are bound by international obligations requiring an effective remedy: the International Covenant on Civil and Political Rights, the Universal Declaration of Human Rights, the Aarhus Convention, and the EU Charter of Fundamental Rights. But here lies the contradiction: if Member States are obliged under international and European law to introduce civil liability to provide access to justice under Art. 47 EU Charter of Fundamental Rights, fragmenting civil liability across 27 different national regimes makes that remedy less accessible, not more. EU-level harmonisation of civil liability rules is thus compatible with, rather than contrary to, subsidiarity.

The pattern is unmistakable. Full harmonization is pursued aggressively when it weakens corporate due diligence obligations. But harmonization is abandoned in the name of subsidiarity precisely where it would strengthen corporate accountability through a unified civil liability regime. The agreement even makes this explicit. Recital 19c states that the directive’s main objective is not to provide a comprehensive framework for protecting human rights and the environment in corporate operations, but rather to harmonize national due diligence law. This objective is achieved. But what has been harmonized is not corporate responsibility but corporate impunity. The Omnibus I package does not simplify the CSDDD, it systematically dismantles it while preserving the appearance of regulation. This is harmonization by design – of unsustainability, unaccountability, and ultimately, corporate harm.