In 2025, Environmental, Social, and Governance (ESG) rulemaking slowed in the EU. In light of political headwinds and a deteriorating economic situation, the Union decided to "cut red tape" by revising ESG legislation. During this consolidation, the framework for supply chain due diligence was finalized. As a result, we anticipate life sciences companies increasingly operationalizing the revised EU ESG regulations in 2026.

A key agreement was reached in December 2025 on the Corporate Sustainability Due Diligence Directive (CSDDD), which narrows its scope to EU companies (including ultimate parent companies) with more than 5,000 employees and net worldwide turnover over EUR 1.5 billion. It also applies to non-EU companies (including ultimate parent companies) with net turnover of more than EUR 1.5 billion within the EU. The CSDDD will apply from 26 July 2029. Fines are capped at 3% of net worldwide turnover. The climate transition plan obligation is removed. The proposed EU wide civil liability regime is deleted; however, claims remain under existing national tort law.

Despite these simplifications, core risk-based due diligence requirements remain untouched. In-scope companies must identify and assess human rights and environmental risks across their chain of activities, including upstream and downstream business partners (including Tier N suppliers). Integration of due diligence into policies and risk management systems, implementation of grievance mechanisms, and continuous monitoring and adjustment of compliance measures are required. Greater emphasis is placed on risk-based prioritization: companies can focus on areas where adverse impacts are most likely to occur, while prioritizing direct business partners. There is no obligation to collect extensive information, and companies may conduct investigations based on information available at reasonable cost.

The CSDDD does not operate in isolation, but serves as a holistic framework to align with other EU ESG requirements. Product focused regulations – including the EU Forced Labor Regulation (applicable from December 2027) and the EU Deforestation Regulation (effective from 31 December 2026) impose parallel supply chain obligations with potential product bans and enforcement actions. The Environmental Crime Directive, which EU Member States are required to transpose into their national laws by May 2026, introduces criminal liability for serious environmental violations. These requirements demand integration of human rights and environmental due diligence into governance and risk management. Therefore, companies should now be moving from policy to process.

For pharmaceutical and biotechnology companies, these evolving requirements compound existing challenges across complex, multi-tiered manufacturing and distribution networks. The interplay between CSDDD, product-specific regulations, and national laws calls for integrated due diligence frameworks and robust governance. Companies that use this preparation window to strengthen risk management systems, supplier engagement, and data governance will be better positioned to mitigate compliance, litigation, business, and reputational risks as these requirements take effect.