On 1 April 2026 the Bundesrat opened the consultation on the Federal Act on Sustainable Corporate Governance (NUFG), the indirect counterproposal to the Corporate Responsibility Initiative 2.0 of May 2025. The submission deadline runs to 9 July 2026; the Federal Council dispatch is expected by year-end. Any Swiss board meeting that treats that date as the operative compliance deadline is reading the wrong clock: the EU Corporate Sustainability Due Diligence Directive (CSDDD, Directive (EU) 2024/1760) already binds Swiss exporters, long before a final vote in Bern is in sight.

The mechanism is not extraterritorial in the strict sense. Under the Omnibus amending directive (Council decision of 24 February 2026), Art. 2(2) CSDDD catches non-EU companies with net turnover of EUR 1.5 billion in the Union in the relevant financial year; for EU companies the threshold is a combined criterion of 5,000 employees and EUR 1.5 billion in worldwide turnover. The EU institutions cut the scope by around 70 per cent compared with the original draft (Council, 24 February 2026; Clifford Chance, February 2026). The transposition deadline for member states has been pushed to 26 July 2028; a uniform application date of 26 July 2029 applies to companies in scope (Clifford Chance, February 2026).

The binding force on Swiss suppliers below the direct thresholds is not EU jurisdiction but the contract clause. Any company shipping machine components to Munich or cobalt to Antwerp will find binding CSDDD-compliance clauses on the table at the next negotiation round: audit reach extending to its own tier-2 supplier base, acceptance of the customer’s supplier code of conduct, termination triggers upon documented breach. Operationally, the obligation takes effect the day the EU purchaser hands over the clause package from its compliance department.

Under the Omnibus version, Art. 8 CSDDD requires the in-scope EU principal to carry out only a systematic risk analysis of its own operations, subsidiaries and direct business partners; coverage of indirect suppliers is reduced to cases where a specific risk has been identified (Linklaters, February 2026). The Swiss tier-1 supplier thus becomes the EU principal’s contractual proxy: it bears responsibility for the tier-2 and tier-3 chain that the EU principal, after the Omnibus streamlining, no longer needs to audit directly. Anyone who reads this as relief has missed the lever — the burden shifts contractually to the next supplier upstream.

The NUFG falls further behind on the timeline. Consultation until 9 July 2026, Federal Council dispatch at year-end, parliamentary debate of at least 18 months, the referendum period, implementing ordinance — a realistic entry into force of the due diligence obligations is no earlier than early 2029 (EJPD page on NUFG). The NUFG draft provides for thresholds of 5,000 full-time equivalents and CHF 1.5 billion in consolidated turnover in two consecutive financial years — figures from the ongoing consultation, not enacted statutory thresholds. According to EJPD estimates, around 30 large companies would be directly caught (SRF, April 2026).

That figure is the second misreading in the Swiss window. The Coalition for Corporate Responsibility correctly points out that the EU-aligned thresholds would not directly capture problematic commodity houses such as MKS-Pamp, Socfin and IXM (Coalition for Corporate Responsibility, December 2025). Operationally, however, that is only half the picture. Those houses are not personally subject to CSDDD, but their contracts with EU refineries, EU battery gigafactories or EU pharmaceutical companies will reflect the same clauses regardless. The contracting power does not come from the Swiss legislature but from the EU principal, which must protect its own liability exposure under national tort law — in France under the Loi de Vigilance (2017), in Germany under the LkSG, and from 2028 under the national CSDDD transposition laws of the member states.

Cobalt is where this becomes a test clause. Art. 964j OR and the Ordinance on Due Diligence and Transparency in Respect of Minerals and Metals from Conflict-Affected Areas and Child Labour (VSoTr) expressly require due diligence for tin, tantalum, tungsten and gold from conflict-affected and high-risk areas (SIX Handbook on Art. 964a-l OR). Cobalt is absent from the list — as it is from the parallel EU Conflict Minerals Regulation 2017/821, which has been applicable since 1 January 2021 and likewise covers only the 3TG line (European Commission, explanation of the Regulation). Looking at the minerals catalogue, cobalt appears to carry no due diligence obligation at all.

That is wrong. The CSDDD contains no minerals list; it requires the identification of actual and potential adverse impacts on human rights and the environment along the activity chain of a company in scope (Art. 8 CSDDD). Cobalt from the DRC has long featured in every serious risk matrix through child labour, security and environmental risks. Glencore publishes annual Responsible Supply Chain Due Diligence Reports for its cobalt chain out of Katanga (Glencore KCC Report 2024). Trafigura has concluded an offtake framework with the DRC state entity Entreprise Générale du Cobalt that explicitly references OECD due diligence standards (Trafigura announcement 2026). Mercuria has also concluded initial transactions with the EGC (Fastmarkets).

For the general counsel of a Swiss machinery, pharmaceutical or commodity house without an EU subsidiary, three concrete steps are indicated before summer 2026. First, a review of CSDDD clauses in existing supply contracts — not an isolated threshold analysis of the group’s own structure. A machinery company with CHF 600 million in turnover and 1,800 full-time equivalents does not fall within Art. 2 CSDDD; its framework agreement with BMW’s procurement department does. Second, a contract strategy for the 2027 renewal round: scope of audit rights, termination triggers, indemnity corridors, price re-pricing upon a documented incident. Third, its own risk documentation for cobalt, bauxite, lithium and other CSDDD-relevant but 3TG-excluded raw materials — the auditors of EU customers will in all likelihood not be waiting for the NUFG in 2028.

Two questions remain open. First, how aggressively EU member states will enforce the activity-chain effect against third-country suppliers; France (Loi de Vigilance, since 2017) and Germany (Lieferkettensorgfaltspflichtengesetz, since January 2023) have a head start, while Dutch and Belgian enforcement practice is unclear. Second, whether the NUFG will include an equivalence recognition for CSDDD that reduces the double burden on the approximately 30 Swiss groups directly in scope. Both questions will only be answered by the Federal Council dispatch at year-end 2026 — and definitively only once the first national CSDDD transposition statute (most likely the German LkSG amendment during 2027) enters into force and a first documented enforcement action hits a Swiss supplier. Until then, the rule is: the obligation comes from the contract, not from the statute. The contract is faster than the Bundesrat.