ESG due diligence in supply chains – Polish perspective

A Warsaw-based food distributor receives a request from its German retail partner: provide a written statement confirming that every tier of your supply chain meets ESG due diligence standards. The distributor has 30 days to respond. Its legal team has never mapped the supply chain for human rights or environmental risks. The clock is running.

ESG due diligence in supply chains is no longer a voluntary best practice for Polish companies. The EU Corporate Sustainability Due Diligence Directive (CS3D) and the existing Corporate Sustainability Reporting Directive (CSRD) together create binding obligations to identify, prevent, and remediate adverse impacts across the value chain. Polish entities above applicable thresholds face the first wave of compliance deadlines from 2026 onward. Failure to act forfeits access to key European commercial relationships and triggers regulatory enforcement.

This alert explains what changed under EU law, which Polish companies are caught by the thresholds, and what immediate steps boards must take before the first reporting cycle closes.

What has changed – and why it matters for Polish businesses?

Two instruments now define the ESG due diligence framework. CSRD Poland obligations require large public-interest entities to publish sustainability reports aligned with European Sustainability Reporting Standards (ESRS) starting with financial year 2024. CS3D extends the obligation beyond reporting: companies must actively conduct human rights and environmental diligence across their supply chains, not merely disclose risks. These are structurally different requirements, but they interact directly.

Polish companies registered with the National Court Register (KRS) and meeting size thresholds are subject to both instruments. The Polish Financial Supervision Authority (KNF) oversees disclosure obligations for listed entities. The Office of Competition and Consumer Protection (UOKiK) has signalled interest in greenwashing enforcement linked to supply chain claims. Three regulators. One supply chain. Overlapping timelines.

The practical shift is this: previously, a company could rely on supplier self-declarations. Under CS3D, that approach is legally insufficient. A company must implement a risk-based due diligence process – mapping suppliers, identifying priority risk areas, taking preventive action, and documenting outcomes. Suppliers who cannot demonstrate compliance become a liability. That is an irreversible reputational and contractual consequence for any Polish exporter.

Who is affected – what are the thresholds?

CS3D applies in waves. The first wave covers EU companies with over 5,000 employees and net worldwide turnover above EUR 1.5 billion – deadline for compliance: 2027. The second wave captures companies with over 3,000 employees and EUR 900 million turnover – deadline: 2028. The third wave reaches companies with over 1,000 employees and EUR 450 million turnover – deadline: 2029. Polish entities meeting any of these thresholds are directly in scope.

CSRD thresholds are lower. Large companies (over 250 employees, EUR 40 million turnover, or EUR 20 million balance sheet) that are not yet reporting must begin sustainability disclosure for financial year 2025, with reports published in 2026. Listed SMEs follow in 2026. This means many mid-sized Polish manufacturers, logistics operators, and IT service providers are already inside the CSRD perimeter – even if CS3D's heavier diligence obligations arrive later.

One scenario deserves attention. A Polish subsidiary of a non-EU parent with EU turnover above EUR 450 million is caught by CS3D regardless of the subsidiary's own size. We have seen this issue arise for manufacturing clients in Silesia (winter 2025) where the parent's EU revenues triggered group-level obligations the local compliance team had not anticipated. Identifying whether your entity is in scope via group consolidation is the first task – not the last.

• Check whether your entity meets CS3D thresholds directly or via group consolidation
• Confirm your CSRD reporting start year based on size and listing status
• Review existing supplier contracts for ESG representation clauses
• Map tier-one suppliers against human rights and environmental risk categories
• Assess whether your whistleblower compliance channel covers supply chain reports

What must Polish companies do now?

Immediate action centres on three areas: supply chain mapping, contractual updates, and internal governance. Supply chain mapping under ESRS requires companies to identify which upstream activities carry material human rights or environmental risks. This is not a one-time exercise. It must be reviewed at least annually and after any significant operational change. Companies that have not started this process are already behind the curve for 2026 reporting.

Contractual updates are urgent. Standard purchase agreements drafted before 2023 contain no ESG representations. Inserting audit rights, remediation obligations, and termination triggers for ESG non-compliance protects the buyer and satisfies CS3D's requirement to use leverage over business partners. For guidance on structuring compliance programmes within corporate groups, see our analysis of compliance programme design for Cyprus subsidiaries in Poland.

Internal governance changes are equally pressing. CS3D requires board-level oversight of the due diligence process. Directors who delegate this entirely to procurement teams without formal board review risk personal liability if a supply chain incident occurs. The diligence process must be documented, approved at board level, and integrated into the company's risk management framework. ESG reporting and AML compliance programmes share structural features – both require documented risk assessments, escalation paths, and periodic review. Companies with mature AML frameworks can adapt those structures rather than building from scratch.

We assisted a logistics operator in Mazowieckie (spring 2026) in restructuring its supplier onboarding process to meet ESRS implementation steps. The project took eight weeks and identified three tier-two suppliers carrying unacceptable forced-labour risk. Early identification allowed contract renegotiation rather than termination – a materially better outcome. For the full ESRS implementation roadmap, see our detailed guide on ESRS implementation steps for Polish reporting entities.

One further point on enforcement. CS3D requires member states to designate a supervisory authority and provide for civil liability. Poland's implementing legislation is pending, but the civil liability gateway – allowing affected persons to sue for damages caused by due diligence failures – will be available once transposition is complete. Companies that delay action until the Polish statute is published will have insufficient time to build a defensible compliance record. The window to act is now, not after the law is signed. For context on how Polish courts handle cross-border enforcement matters, our overview of enforcing arbitral awards in Poland illustrates the procedural environment companies should anticipate.

A compliance lawyer Warsaw-based teams consult on this issue consistently raises the same point: the companies that face the hardest regulatory scrutiny are those that treated ESG due diligence as a reporting exercise rather than an operational one. Regulators will look at what the company actually did – not what it disclosed.

The specific situation of your company requires immediate assessment before the 2026 reporting cycle closes. Delay forfeits the ability to build a defensible compliance record and precludes orderly supplier remediation.

If your company meets CSRD or CS3D thresholds – or if a contractual counterparty is demanding ESG supply chain assurances – we will conduct a threshold assessment, review your supplier contracts, and design a due diligence process aligned with ESRS requirements: contact info@kordeckipartners.com.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to ESG compliance, CSRD implementation, and supply chain due diligence. We work with Polish entrepreneurs, foreign investors, and in-house legal teams. To discuss your situation, contact info@kordeckipartners.com.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. KORDECKI & Partners assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@kordeckipartners.com.