CSDDD Omnibus in Practice: What It Means for Pharma Supply Chains
The proposed Omnibus revisions to the Corporate Sustainability Due Diligence Directive (CSDDD) become much clearer when applied to real-world industry structures. In the pharmaceutical sector—where supply chains are already highly regulated—the interaction between existing compliance systems and new ESG obligations is particularly important.
Let’s break it down using a typical model:
EU Marketing Authorisation Holder (MAH) → Contract Manufacturing Organisation (CMO, India) → API Supplier (India)
Tiered View of Responsibilities
The directive operates on a risk-based, value-chain approach. However, in pharma, this overlays an already mature compliance ecosystem shaped by Good Manufacturing Practice (GMP) and regulatory audits.
Tier 0: EU MAH
Legal expectation: Fully in scope under CSDDD
Practical reality: Full Quality Management System (QMS) plus ESG integration
The EU-based MAH sits at the center of responsibility. Under the Omnibus thresholds, if in scope, it must implement comprehensive due diligence across its operations and value chain.
In practice, this doesn’t start from scratch. MAHs already operate under stringent pharmaceutical regulations, meaning governance structures, supplier qualification processes, and audit systems are well established. The shift is about embedding ESG considerations—environmental and human rights risks—into these existing frameworks.
Tier 1: CMO (India)
Legal expectation: Direct due diligence required
Practical reality: Already subject to GMP audits, now with ESG overlay
Contract manufacturers are the most directly impacted third parties. From a legal perspective, they fall squarely within the “business partner” category requiring active due diligence.
However, in pharma, CMOs are already heavily audited by MAHs and regulators. The practical change is not the creation of oversight, but its expansion—adding layers such as labor conditions, environmental practices, and broader sustainability risks to existing GMP audits.
Tier 2: API Supplier (India)
Legal expectation: Risk-triggered due diligence
Practical reality: Often already qualified under GMP
Active Pharmaceutical Ingredient (API) suppliers are typically one step removed. Under CSDDD, they are assessed based on risk signals rather than automatically subjected to the same level of scrutiny as Tier 1 partners.
That said, many API suppliers are already part of formal qualification processes, including audits and technical assessments. This creates a natural entry point for ESG risk screening, even if not always mandated at the same intensity.
Tier 3: Raw Material Suppliers
Legal expectation: Not routinely in scope
Practical reality: Limited visibility unless critical
At the lower tiers of the supply chain, visibility drops significantly. CSDDD does not require blanket due diligence across all sub-tier suppliers. Instead, intervention is expected only where there is a clear, identifiable risk.
In pharma, this aligns with existing practice—raw material suppliers are not always directly audited unless they are critical to product quality or safety. ESG due diligence is likely to follow the same pattern: selective, risk-based, and event-driven.
Key Insight: ESG Builds on Existing GMP Infrastructure
The pharmaceutical sector is not starting from zero. The real takeaway from the Omnibus CSDDD application is this:
- Existing GMP and QMS systems already cover a large part of the “how”
- CSDDD expands the “what” to include environmental and human rights risks
- Due diligence becomes broader, not necessarily deeper at every tier
What Actually Changes?
Rather than a complete overhaul, companies should expect:
- Integration of ESG criteria into supplier audits
- Enhanced documentation and traceability of risks
- Stronger escalation and remediation mechanisms
- Greater focus on indirect suppliers when risks emerge
Bottom Line
For pharma companies, the Omnibus version of CSDDD is less about building new systems and more about extending existing ones.
- Tier 0 and Tier 1 remain the focal points of compliance
- Tier 2 and Tier 3 are governed by risk triggers, not blanket obligations
- ESG due diligence will increasingly sit alongside GMP as a core expectation
The companies that succeed will be those that treat sustainability as an extension of quality—not a separate compliance exercise.
| Tier | Entity | Legal CSDDD Expectation | Practical Pharma Reality |
|---|---|---|---|
| Tier 0 | EU MAH (Marketing Authorisation Holder) | ✔ Fully in scope | Full Quality Management System (QMS) with ESG integration |
| Tier 1 | CMO (Contract Manufacturing Organisation – India) | ✔ Direct due diligence | Already audited under GMP, with ESG requirements layered on top |
| Tier 2 | API Supplier (India) | ⚠ Risk-triggered due diligence | Typically already qualified and assessed under GMP frameworks |
| Tier 3 | Raw Material Suppliers | ❌ Not routinely in scope | Limited visibility; engaged mainly when materials are critical or risks are identified |
Leave a Reply