CSDDD 2027 preparation: the 18-month roadmap

How companies in scope for CSDDD from July 2027 can prepare in the next 18 months. Priorities, milestones and tool implementation.

Pillar context

If your company is in CSDDD scope in 2027 (>5,000 employees, >€1.5B revenue), you have about 18 months to set up a working due diligence system. This is an operational roadmap, not theory.

Milestone 1 — Month 1-3: Scope and governance

• Confirm in-scope status (employees × revenue thresholds)
• Appoint a CSDDD owner (CSO, compliance director, or CFO)
• Stakeholder map: legal, compliance, procurement, HR, sustainability, finance
• Review existing NFRD/CSRD reporting — what is already documented?

Milestone 2 — Month 4-6: Risk identification

• Map your full value chain (upstream + operations + downstream)
• Identify "salient issues": highest impact × probability
• Classify supplier tiers by risk (high/medium/low)
• Start with top-100 suppliers by spend

Milestone 3 — Month 7-9: Integration and policy

• Update supplier code of conduct
• Integrate due diligence questions in RFP/RFQ
• Training for procurement and compliance
• Select and implement a due diligence management tool

Milestone 4 — Month 10-12: Mitigation and remediation

• Audits for each high-risk supplier
• Corrective action plans for identified issues
• Grievance mechanism live
• Start collecting remediation evidence

Milestone 5 — Month 13-15: Monitoring and communication

• KPIs per salient issue
• Internal quarterly reporting
• Prep for external CSDDD report (first publication 2028)
• Align with CSRD reporting

Milestone 6 — Month 16-18: Go-live preparation

• Final audit of the entire system
• Legal review
• Communication plan for first formal publication (July 2027)
• Supplier communication: everyone knows what is expected

Cost estimate

For a large company (>5,000 employees): €500K–2M one-off + €200K–800K per year. Major cost items:

• External supplier audits (€30–50K per audit)
• Tool license + implementation
• FTE for CSDDD operations (2–4 FTE)

Why start now

18 months is tight. Companies that wait until Q3 2026 will miss the July 2027 deadline. The bottleneck is not tooling — it is the time needed to engage with suppliers.

PSRA's role

PSRA's supplier master data + LTSD workflow forms the base layer for CSDDD data gathering. If you already use PSRA for preferential origin, you have ~40% of CSDDD supplier data in hand. CSDDD-specific modules (sustainability audit storage, grievance channel) are added in 2027.

Related articles

• Audit-proof operations: 7 principles for compliance officers: Learn the seven fundamental principles that make your compliance organisation audit-proof, from documentation standards to automated controls.
• Compliance as competitive advantage: how leaders win: Discover how forward-thinking companies deploy compliance as a strategic weapon rather than a cost centre.
• From customs penalty to compliance advantage: a case study: How a mid-size importer turned a six-figure customs penalty into a structural compliance advantage through automated origin determination.

Related downloads

• Whitepaper: 30-minute demo to trial: 14-day plan from demo to trial outcomes for origin, LTSD, and CBAM workflows.
• Comparison: Excel workflows vs PSRA: Finance-oriented ROI framing and migration checklist for operations teams.
• Case study template for compliance outcomes: Reusable structure to document measurable compliance impact, audit outcomes, and workflow improvements.

Related definitions

• Audit trail: An audit trail records who did what, based on which source data, and with what decision logic.
• BOM: A BOM is the bill of materials: the structured composition of a product.
• Supplier declaration: A supplier declaration captures the origin information a supplier provides for supplied goods.
• Customs declaration: A customs declaration is the formal notification to customs declaring goods for import, export, or transit, available in five procedure types.