The European corporate governance framework entered 2025 with substantially reinforced requirements. The combination of the Corporate Sustainability Reporting Directive (CSRD), the imminent transposition of the Corporate Sustainability Due Diligence Directive (CSDDD), and the growing focus on the integrity of information systems necessarily transforms the very meaning of supervisory duties and internal control.
For management bodies, these changes mean that governance is no longer based solely on financial oversight and traditional regulatory compliance. More is required. A cross-cutting approach is now demanded—one that encompasses sustainability, risk management, supply chain, information security, and the quality of data used for decision-making and reporting.
Among the most relevant changes, three main pillars stand out:
1. Integration of the duty of due diligence into corporate management
Integrating the duty of due diligence into the management of the company requires directors to ensure the effective incorporation of this duty into internal policies and risk-management systems. It becomes necessary to adopt a risk-based approach that includes a code of conduct and involves workers in its development. In addition, clear mechanisms must exist to implement, monitor, and extend this policy throughout the entire value chain, ensuring its review and updating whenever relevant changes occur.
2. Identification and assessment of risks within the chain of activities
In parallel, the identification and assessment of risks within the chain of activities requires companies to detect and analyse actual and potential negative impacts, mapping the areas with the highest likelihood or severity in order to conduct in-depth assessments where those risks prove most significant. To this end, companies may rely on quantitative and qualitative information, independent sources, and complaint mechanisms, and must also prioritise the collection of data from business partners presenting higher risks of negative impact.
3. The Obligation to Provide Remediation
Under Article 12 of the CSDDD, “Member States shall ensure that, whenever a company has caused, individually or jointly, an actual negative impact, the company provides remediation.” Thus, although the failure to observe due diligence duties and negligence could already give rise to liability, the new regime introduced by the Directive—soon to be transposed into national law—significantly reinforces the obligations of prevention, action, and remediation, raising the level of requirements applicable to companies.
Regulatory developments inevitably lead to greater individual liability for directors, who may now be held accountable not only for clearly improper decisions but also for omissions in supervision. For companies, compliance requires robust internal structures, continuous training, and a corporate governance culture that is risk-oriented.
Governance is no longer centred on financial control; it is now an integrated system of responsibility, oversight, and transparency.
For more information or specialized legal assistance, click here to schedule a meeting with one of our professionals.
The content of this information does not constitute any specific legal advice; the latter can only be given when faced with a specific case. Please contact us for any further clarification or information deemed necessary in what concerns the application of the law.