Skip to content

How to Answer a CSDDD Supplier Due Diligence Request

If you've noticed your customers' procurement questionnaires getting longer and more demanding, you're not imagining it. That's the CSDDD effect: large companies subject to the Corporate Sustainability Due Diligence Directive need data from every supplier in their chain of activities — including you, regardless of your size.

Here's the thing most suppliers miss: responding well to these questionnaires isn't just about keeping the customer happy. It's a competitive advantage. Suppliers who answer in days instead of weeks, who have their data organised and accessible, consistently rank higher in procurement evaluations.

What CSDDD Means for Suppliers

CSDDD obligates large companies (in-scope from 2028 or 2030 depending on size) to:

  • Map their upstream supply chain to identify human rights and environmental risks
  • Collect evidence from suppliers on labour standards, environmental practices, and governance
  • Take action where risks are identified — including terminating relationships with non-compliant suppliers

For suppliers, this translates into a contractual cascading effect: your customer's due diligence obligation becomes your contractual obligation.

What the Questionnaire Typically Covers

Every customer's questionnaire looks slightly different, but the core data categories are consistent. You'll need to provide your company profile (legal entity, ownership, locations), labour standards evidence (policies on child labour, forced labour, working hours, freedom of association), health and safety data (OHS management, injury rates, training records), and environmental impact information (emissions, waste, permits).

Then there's human rights (conflict minerals screening, supply chain risk assessment), climate (carbon footprint, decarbonisation plan), and governance (board-level oversight, compliance policies, whistleblower mechanisms). Customers may also require certificates, audit reports, and signed declarations from an authorised representative.

The good news: the same data serves every customer. The bad news: you need to have it organised and current before the request lands, not after.

A Practical Response Framework

Step 1: Centralise Your Data

The single biggest mistake suppliers make is treating each customer questionnaire as a standalone exercise. Eight different customers asking for essentially the same data leads to eight separate responses — different formats, different deadlines, different levels of detail.

Instead, maintain a single repository of your compliance data. For each data category above, keep a current version of the supporting document or metric.

Step 2: Assess Gaps Against the Standard Questionnaire

Compare your current data against the standard CSDDD questionnaire. Identify where you have complete, verifiable evidence and where you have gaps.

Priority gaps to close:

  • Human rights policy — If you do not have a publicly available human rights policy, this is the most important single document. It does not need to be complex; it needs to state your commitment to fundamental labour rights and describe your approach to identifying and addressing risks.
  • Supplier code of conduct — If your own suppliers are required to uphold standards, document the code you use. Even a simple single-page code demonstrates that due diligence expectations are cascaded.
  • Environmental permits and compliance records — Ensure all permits are current. If an inspector asks for them through your customer, delays or missing documents signal risk.
  • Basic carbon data — Even if you are not required to report under CSRD, having a Scope 1 and 2 GHG inventory (your direct emissions and purchased energy) demonstrates awareness and positions you ahead of suppliers who cannot provide it.

Step 3: Structure Responses for Reuse

Each customer will send a different questionnaire format. But the underlying data is the same. Structure your responses so they can be adapted quickly:

  • Store each certificate, policy, and data point in a central location
  • Maintain a summary sheet mapping each data point to common questionnaire formats
  • Keep an audit trail of which evidence was shared with which customer and when

Step 4: Publish What You Can

A growing number of suppliers are preemptively publishing their compliance documentation on dedicated public pages. This allows them to answer customer questionnaires with a single URL rather than assembling an email attachment pack. It also signals transparency in procurement evaluations — buyers consistently rate suppliers higher when compliance data is immediately accessible.

Turning CSDDD into a Commercial Advantage

Suppliers who treat CSDDD compliance as a competitive differentiator rather than a burden gain measurable advantages:

  • Faster response times — A supplier that answers a questionnaire in 2 days instead of 2 weeks is rated higher in procurement evaluations
  • Lower audit burden — Customers audit suppliers they cannot verify. A supplier with published, verifiable documentation faces fewer on-site audits
  • Preferred supplier status — Procurement teams managing hundreds of suppliers prioritise those who make compliance easy
  • Multi-customer reuse — A single compliance profile serves every customer request, reducing administrative overhead by an estimated 60-80%

The cost of being unresponsive is escalating. Customers subject to CSDDD must demonstrate due diligence on every supplier. A supplier that cannot provide data becomes a risk flag — and risk flags lead to replacement sourcing.

Key Documents to Prepare

Not all documents are equal. Start with the high-priority items: a human rights policy (commitment to ILO core conventions, due diligence process, grievance mechanism), an environmental policy (commitments, regulatory compliance, improvement targets), and a supplier code of conduct (minimum standards cascaded to your own suppliers). Without these three, you'll struggle to answer even a basic questionnaire.

Medium priority includes an OHS certificate or self-declaration (ISO 45001 or equivalent), a GHG inventory (Scope 1 and 2), an anti-corruption policy, and a modern slavery statement. Product-level compliance data (REACH, RoHS, conflict minerals) is emerging and lower priority but will grow in importance.

Build these documents once, keep them current, and make them accessible to all customers through a structured format. The most efficient suppliers maintain a single compliance profile that serves every customer request.