What goes in a CSDDD due diligence questionnaire

A due diligence questionnaire (DDQ), or supplier self-assessment questionnaire (SAQ), is how a company gathers human-rights, environmental, ethics and governance information from its suppliers. Under the EU Corporate Sustainability Due Diligence Directive (CSDDD), it's the practical engine of step two - identifying and assessing impacts. Here's what a good one contains, whichever side of the request you're on.

The eight sections to expect

A well-built CSDDD questionnaire works through, roughly, eight areas:

1. Company & ownership - who the entity is, where it operates, headcount, ultimate parent.
2. Governance & policies - a human rights / due-diligence policy, a code of conduct, and a named person responsible.
3. Human rights & labour - forced and child labour, freedom of association, working hours, fair and living wages, no recruitment fees.
4. Health & safety - a safety management system, protective equipment, accident reporting.
5. Environment & climate - permits, pollution and waste control, energy and emissions.
6. Business ethics & anti-corruption - anti-bribery controls, sanctions compliance, data protection, a whistle-blowing channel.
7. Supply-chain transparency - how far the supplier can see into its own sub-tier suppliers.
8. Grievance & remediation - a complaints mechanism and a way to put things right.

Our free CSDDD due diligence questionnaire template lays all eight out as ready-to-send questions, with a simple Yes / Partial / No / N-A response scale and space for evidence.

Keep it proportionate: the value-chain cap

The most common mistake under the new rules is over-asking. Omnibus I added a value-chain cap: an in-scope company generally may not demand information beyond a standardised set from a business partner with fewer than 5,000 employees, unless it genuinely can't be obtained otherwise.

So a good questionnaire is risk-based, not exhaustive. Focus on your direct (tier-1) partners first, ask what's relevant to the actual risk, and only go deeper when you have plausible information of a real impact.

If you're the buyer

• Send it to your highest-risk direct suppliers first; prioritise by country and sector risk.
• Use the answers to score and prioritise, not to "pass or fail" a supplier.
• Turn gaps into a corrective-action plan with owners and dates - not an instant exit. The directive favours engaging and, where needed, suspending a relationship over simply cutting it.
• Back the questionnaire with a supplier code of conduct and the right to verify.

If you're the supplier

• Answer honestly - a "Partial" with an improvement note beats an empty "Yes".
• Attach evidence: policies, certificates, contract clauses, audit reports.
• You can push back on excessive asks under the value-chain cap.
• Keep your completed copy. The next customer request then takes hours, not weeks. A short human rights policy signals maturity fast.

The bottom line

A CSDDD questionnaire isn't box-ticking - it's how large companies turn the directive's due diligence duty into something their suppliers can actually act on. Done well, it's proportionate, evidence-based, and the same template serves both buyer and supplier.

Download the free CSDDD due diligence questionnaire, or subscribe to The CSDDD Brief for updates as the guidance evolves.

Sources: Directive (EU) 2024/1760 as amended by Directive (EU) 2026/470; OECD Due Diligence Guidance for Responsible Business Conduct. Guidance, not legal advice.