Duty of Vigilance: What the Omnibus Package Means for Companies Operating in France

In March 2026, the Paris Judicial Court ruled against Yves Rocher’s parent company for breaches of its duty of vigilance obligations — in what became the first ruling of its kind under the French Duty of Vigilance Law. The decision was notable not because the vigilance plan itself was deemed inadequate, but because failures in its implementation were found to have caused harm to identified victims. The ruling offers an early signal of how courts are likely to assess corporate responsibility under due diligence frameworks in the years ahead.
 

At the same time, the European Union was substantially revising the Corporate Sustainability Due Diligence Directive (CSDDD), substantially reducing both its scope and requirements. Fewer companies will fall within its scope, obligations have been scaled back, and implementation timelines postponed. Together, these developments illustrate the uncertainty surrounding corporate due diligence today: while courts are beginning to test companies' responsibilities more closely, legislators are moving in the opposite direction by reducing the scope of the regulatory framework.
 

For companies operating in France, the question is not which signal will prevail. They coexist, and that tension is what makes the current landscape so difficult to navigate.
 

Omnibus Package: How the CSDDD Revision Changes Corporate Obligations
 

In February 2025, the European Commission proposed a revision of the CSDDD as part of the Omnibus Package. This broader legislative initiative aims to simplify several pieces of EU sustainability legislation simultaneously, including the Corporate Sustainability Reporting Directive (CSRD) and the EU Taxonomy Regulation.
 

The stated objectives are regulatory simplification and enhanced competitiveness. The broader context also matters. The Draghi Report, published in September 2024 by the former President of the European Central Bank, highlighted Europe's declining competitive position relative to the United States and China. Industry concerns—already prominent during the adoption of the Directive in 2024—contributed to the momentum for reform.
 

Higher Thresholds: Most Companies Excluded from Scope
 

The revised Directive raises the applicability thresholds to companies with more than 5,000 employees and €1.5 billion in global turnover, compared with 1,000 employees and €450 million under the original text.
 

As a result, a large proportion of companies that were initially expected to be covered are now excluded. More significantly still, the scope is no longer intended to expand over time. Although a review clause remains, it includes neither a fixed timetable nor any obligation to broaden coverage.
 

A Narrower Focus on Direct Business Partners
 

The due diligence obligation was originally designed to cover the entire value chain, both upstream and downstream. Under the revised text, it is largely limited to direct Tier 1 business partners.
 

Indirect suppliers fall outside the mandatory scope. Companies are expected to investigate them only where they have credible information suggesting actual or potential adverse impacts—two concepts that remain only broadly defined in the Directive.
 

In practice, this considerably reduces scrutiny of the more remote tiers of supply chains, which are often where human rights and environmental risks are most significant.
 

This represents a departure from the OECD Due Diligence Guidance for Responsible Business Conduct. Although non-binding, the OECD Guidance has become a widely recognised international benchmark. It recommends identifying risks wherever they occur within the value chain, including beyond direct business relationships.
 

The result is a striking anomaly:  European legislation now sets a lower bar than what many practitioners already regard as international good practice. Some companies may choose to maintain more comprehensive approaches in response to investor or customer expectations. Others may view the regulatory changes as an opportunity to scale back their efforts.
 

Climate Transition Plans: Implementation No Longer Required
 

Companies were originally required not only to adopt a climate transition plan aligned with the Paris Agreement, but also to implement it.
 

The Omnibus Package removes the implementation requirement. Companies remain required to publish a climate transition plan, but not to act on it.
 

Assessments, Sanctions and Business Relationships: Additional Relaxations
 

The Omnibus Package also reduces the frequency of due diligence assessments, removes the harmonised civil liability regime in favour of national legal frameworks, lowers the maximum level of penalties from 5% to 3% of global turnover, and removes the obligation to terminate business relationships in cases of confirmed adverse impacts.
 

The French Duty of Vigilance Law Remains in Force
 

The Omnibus Package does not affect the French Duty of Vigilance Law adopted in 2017. The legislation remains fully applicable and its scope remains unchanged.
 

Member States, including France, have until 26 July 2028 to transpose the revised Directive into national law and determine whether to maintain existing requirements or align them with the revised European minimum standard.
 

Until then, the 2017 law continues to apply, while case law continues to evolve.
 

The Yves Rocher ruling is not an isolated case. To date, the legislation has already given rise to ten formal notices and thirteen legal proceedings. These cases remain subject to appeal, and the future transposition of the revised CSDDD may ultimately alter the scope of legal obligations.
 

In the meantime, if courts continue to develop a body of case law in this area, judicial decisions may increasingly shape expectations regarding what constitutes a robust and credible vigilance plan.
 

Value Chains: Why a Narrower Legal Scope Does Not Reduce Risk Exposure
 

The revised CSDDD removes indirect suppliers from the mandatory due diligence perimeter. It does not, however, eliminate the risks that exist further upstream in value chains.
 

The collapse of the Rana Plaza building in 2013 remains a stark reminder of this reality. The logic underpinning mandatory due diligence emerged precisely to help prevent such human and environmental tragedies.
 

In EVEA's work on value chain mapping and assessment, regulatory simplification has not translated into lower levels of ambition. Projects continue to move forward.
 

In our experience, regulatory compliance is rarely the sole driver. Companies that undertake this work are often motivated by broader objectives: strengthening their sustainability strategy, establishing themselves as sector leader, embedding social and environmental thinking into product design, or responding to growing expectations from customers and investors. Regulation can tip the scales, but it is rarely the reason companies act in the first place.
 

This is precisely where Social Life Cycle Assessment (S-LCA) can provide value. It enables organisations to identify and assess risks across the entire value chain, including areas that no longer fall within the legal scope of due diligence requirements.
 

We explore this approach in greater detail in our article on duty of vigilance and Social Life Cycle Assessment.
 

What Global Developments Suggest About the Longer-Term Direction of Travel
 

The recent European rollback should not obscure broader international trends.
 

In its 2026 mapping exercise, the OECD identified 21 legislative measures relating to social and environmental due diligence across different jurisdictions worldwide. The EU Forced Labour Regulation, adopted in late 2024 and due to apply from 2027, provides another illustration of this dynamic. Even in a context of regulatory simplification, new due diligence requirements continue to emerge.
 

For companies subject to French or EU due diligence requirements, regulatory obligations may change, but exposure to environmental and human rights risks does not disappear. A rigorous approach to value chain mapping, impact identification, and mitigation documentation remains the foundation for both resilience and accountability — whatever shape the 2028 transposition ultimately takes.
 

By Telma Daheron, LCA and Eco-design Consultant
Topic overseen at EVEA by Julien Larrenduche, LCA and Eco-design Consultant