ESG due diligence: A strategic advantage, not just a requirement

The EU is considering adjustments that aim to streamline and simplify   sustainability reporting and due diligence requirements – the ‘Omnibus’ package. We spoke to ESG due diligence experts Theresa Gigov, Associate Director, LRQA and Laura Curtze, Associate Director, Ergon Associates (An LRQA Company) on why this may change the anticipated regulatory landscape for major international companies but it does not change their core responsibilities in relation to their employees, environment and supply chains, nor does it remove the clear benefits of having sound sustainability risk management and strategies in place. 

"Investors, regulators, customers and employees continue to demand stronger ESG commitments, making it clear that sustainability is a long-term business imperative,” explained Laura. A 2024 KPMG study revealed that 71% of dealmakers have increased their focus on ESG factors in transactions over the past year, reflecting the continuing financial relevance of sustainability. Furthermore, the Thomson Reuters Institute’s 2024 Global Trade Report found that 81% of businesses consider ESG factors important or very important in supplier selection. “The OECD Due Diligence Guidance (2018) and the UN Guiding Principles on Business and Human Rights (2011) establish a clear responsibility for companies to conduct due diligence and address human rights risks in their supply chains. These frameworks set the foundation for responsible business practices,” added Theresa.

“While the regulatory landscape is evolving at the moment, there are still fundamentally sound reasons for companies to take a strategic and risk-based approach to managing human rights, environmental and governance risks. Here are some clear steps that we think companies can take to drive meaningful action across three critical areas, based on our experience and insights,” Laura outlined.

1. Apply a risk-based approach to identify adverse impacts in the tier-n value chain

Companies operating across complex global supply chains often have thousands of suppliers, making it unrealistic to assess every entity to the same level of scrutiny. A risk-based approach helps businesses prioritise where due diligence efforts are most needed based on severity, likelihood and business leverage.

Key considerations:

• Map the full value chain: Companies should go beyond Tier 1 suppliers and assess risks deeper in the supply chain, particularly at the raw material stage, where some of the highest risks of human rights and environmental harm occur. According to the 2025 Top Trends in Supply Chain Sustainability report, 60% of sourcing regions show high or extreme risk for environmental-related violations, including poor waste management, air emissions and wastewater violations. A limited focus on Tier 1 risks under current regulatory discussions may weaken due diligence effectiveness—companies must proactively maintain deeper supply chain visibility. 
• Prioritise high-risk areas: Use severity and likelihood criteria to focus resources where risks are greatest—for example, forced labour, excessive working hours and deforestation in specific sourcing regions. According to Vanguard, addressing these deep-tier risks can help businesses maintain the expectation they are more resilient to risks, attract loyal customers and maintain a competitive edge.
• Enhance traceability where necessary: Full transparency isn’t always possible (or necessary), but companies should establish mechanisms to track risk factors in Tier 2, Tier 3 and beyond in supply chains where traceability is needed to enhance understanding of and leverage over risks. 

2. Focus on prevention and mitigation: How to determine effective measures

Taking a risk-based approach and conducting due diligence is only effective if it leads to real action. Companies need clear, practical strategies to mitigate risks identified in their supply chains but also in relation to their broader value chains – upstream and downstream – and their own operations. The key to success is to adopt a tailored, risk-based approach that prioritises the most effective solutions for each scenario.

Here are some of our best practices for effective prevention and mitigation:

• There is no ‘one-size-fits-all’ approach to due diligence. Companies must tailor their risk response measures to specific risks, considering their industry, operating geography, supply chain complexity and stakeholder expectations. Instead of applying a fixed set of actions, businesses should use the full range of available tools to address challenges effectively.
• Prioritisation and sequencing are key. Early action planning ensures resources are focused where they have the greatest impact. Engaging relevant teams from the start builds ownership and can identify quick wins that drive learning and demonstrate progress.
• Think in terms of outcomes and impacts, not just inputs. The focus should be on actual risk reduction and the actual impacts of activities, rather than just completing checklists. In order to do so, an important first step is prioritisation and sequencing is key to identifying what change a company seeks to achieve and who needs to be involved, both inside and outside the company. Challenging assumptions about how change happens helps in setting clear and achievable objectives and supports innovation.

3. Think about residual risk and impacts, and potential limitations

Even with the most robust due diligence frameworks, companies cannot eliminate 100% of risks—some residual risk will always remain. The key is understanding, documenting, and managing these risks effectively.

Key strategies for managing residual risk:

• Recognise the ‘obligation of means’: Businesses are not expected to solve every ESG issue but must demonstrate consistent, proactive efforts to address risks.
• Use stakeholder engagement, Grievance Mechanisms and industry-wide initiatives: Worker voice tools and engagement, Grievance Mechanisms, community engagement, whistleblower systems and multi-stakeholder collaborations can help companies identify and mitigate residual risks and impacts over time, as well as uncover issues their assessment had not previously picked up.
• Ensure risk management is ongoing, broad, not periodic: Limiting due diligence to contractual suppliers or set time intervals can lead to increased residual risk — companies must maintain continuous oversight, especially during geopolitical or business model shifts (e.g. Mergers and Acquisitions, supply chain restructuring etc). Similarly, restricting due diligence to only supply chains misses some of the most significant areas of risk and impact for many businesses, including own operations, contractors and downstream business activities.

The bottom line: ESG due diligence must be proactive, risk-based and continuous

“While regulatory discussions may alter the technical requirements of due diligence, the core risks in value chains—human rights violations, environmental damage and governance failures—are not going away,” summarised Laura.

Theresa added, “Companies that adopt a risk-based, action-oriented and continuous approach to due diligence will strengthen their business operations and supply chain resilience, maintain compliance with evolving regulations and safeguard their reputation and investor confidence.”

At LRQA, we support businesses in implementing credible, risk-based ESG strategies that go beyond compliance—because strong due diligence is about impact, not just obligations.

Want to know more?

Contact usCSRD CSDDDOur Implementation Services