What is ESG Due Diligence?

What is ESG Due Diligence?

ESG due diligence is the process of identifying, assessing, preventing, mitigating, and accounting for actual and potential adverse environmental, social, and governance impacts associated with an organization's operations, products, and business relationships. It applies across two primary contexts: ongoing corporate due diligence (as required by emerging regulations) and transactional due diligence (evaluating ESG risks in mergers, acquisitions, and investments).

Why It Matters

The EU Corporate Sustainability Due Diligence Directive (CS3D), adopted in 2024, transforms ESG due diligence from a voluntary best practice into a legal obligation for large companies. CS3D requires in-scope companies to integrate due diligence into their policies, identify adverse human rights and environmental impacts across value chains, take appropriate measures to prevent or mitigate those impacts, and establish grievance mechanisms. Non-compliance carries penalties of up to 5% of global net turnover.

National legislation has already paved the way. France's Loi de Vigilance (2017), Germany's Lieferkettensorgfaltspflichtengesetz (2023), and Norway's Transparency Act (2022) impose supply chain due diligence obligations that companies are navigating today. CS3D harmonizes and extends these national approaches across the EU, creating a consistent baseline but also raising expectations for companies already subject to national laws.

In the M&A context, ESG due diligence has become standard practice. A 2024 Bain & Company survey found that 85% of private equity firms now include ESG factors in their investment due diligence, up from 42% in 2019. The rationale is straightforward: undiscovered environmental liabilities (contaminated sites, regulatory non-compliance), social risks (labor violations in acquired supply chains), and governance weaknesses (corruption, data privacy failures) can destroy deal value. Several high-profile acquisitions in 2023–2024 saw post-deal write-downs exceeding $500 million due to previously unidentified ESG liabilities.

Beyond legal and financial risk, ESG due diligence reflects evolving expectations from investors, customers, and civil society. Companies that demonstrate robust due diligence processes signal operational maturity and risk management capability—qualities that support premium valuations, stronger customer relationships, and more resilient supply chains.

How It Works / Key Components

Risk identification and prioritization maps the organization's activities and business relationships against ESG risk factors. This involves geographic risk analysis (countries with weak labor protections, environmental enforcement, or governance standards), sector risk analysis (industries with known high-impact profiles), and relationship-specific assessment (individual suppliers, partners, or acquisition targets). The OECD Due Diligence Guidance for Responsible Business Conduct provides the globally recognized six-step framework.

Assessment and investigation evaluates priority risks through targeted analysis. Methods include supplier questionnaires, third-party audits (social audits, environmental assessments), documentary review (permits, certifications, incident histories), site visits, worker interviews, and public records searches. For M&A, this extends to environmental site assessments, regulatory compliance reviews, litigation analysis, and stakeholder perception mapping.

Prevention and mitigation addresses identified risks through appropriate measures. These range from supplier corrective action plans and capacity building to contractual requirements, sourcing changes, and, in severe cases, relationship termination. CS3D requires "appropriate measures" proportionate to the severity and likelihood of impacts, the company's degree of involvement, and its leverage over the business relationship.

Monitoring and reporting tracks the effectiveness of due diligence measures over time. This includes regular reassessment of risk profiles, follow-up on corrective actions, analysis of grievance mechanism inputs, and public disclosure of due diligence processes and outcomes. Under CS3D, companies must publish an annual statement describing their due diligence policies, identified risks, actions taken, and results achieved.

Council Fire's Approach

Council Fire delivers ESG due diligence programs that satisfy emerging regulatory requirements while generating practical risk intelligence. For ongoing corporate due diligence, we help clients build the policies, processes, and monitoring systems CS3D demands. For transactional due diligence, we conduct targeted ESG assessments that identify material risks and opportunities, supporting informed investment and acquisition decisions.

Frequently Asked Questions

Which companies are subject to CS3D?

CS3D applies in phases: from 2027, companies with 5,000+ employees and €1.5B+ net worldwide turnover; from 2028, companies with 3,000+ employees and €900M+ turnover; from 2029, companies with 1,000+ employees and €450M+ turnover. Non-EU companies generating equivalent turnover in the EU are also in scope. Companies in high-risk sectors (textiles, agriculture, extractives) may face additional requirements.

How does ESG due diligence differ from a traditional environmental site assessment?

Environmental site assessments (Phase I and Phase II ESAs) focus specifically on contamination and environmental liabilities at physical locations. ESG due diligence is far broader—it encompasses human rights, labor practices, governance, biodiversity, climate transition risks, and stakeholder relationships across operations and value chains. Environmental site assessments are often one component of a comprehensive ESG due diligence program, particularly in M&A contexts involving manufacturing or industrial assets.

What's the relationship between CS3D and CSRD?

They're complementary. CSRD requires companies to report on their due diligence processes and outcomes as part of sustainability disclosures. CS3D creates the legal obligation to actually conduct due diligence. In practice, CS3D defines what companies must do, and CSRD defines what they must disclose about it. Companies subject to both need integrated programs that satisfy the operational requirements of CS3D while generating the reportable information CSRD demands.