New EU regulations are coming – do you know where to start with your business processes?

Jessica Dingle Business Process Consultant, Solita

Published 23 Jan 2024

Reading time 6 min

Questions you should ask yourself when assessing how new EU regulations will impact your organisation.

As you might have read, there are several new regulations from the EU that impact the way organisations conduct their business in the EU. Three examples of new regulations that will impact many organisations are the Corporate Sustainability Reporting Directive (CSRD), the Directive on Corporate Sustainability Due Diligence, and the Directive on Pay transparency

All of these will impact how you work in your organisations and how you report on that work. They will require both transparency and likely adaptation of your business processes. After all – your business processes are what describe your ways of working. If you understand the processes, you will understand where you need to make changes to follow the new regulations. 

For many organisations and managers this feels like an overwhelming topic, and as a help, we have listed 5 questions to get you started:

  1. Do we know which parts of our operations are affected by the new regulations?
  2. Do we have a solid risk management process?
  3. Do we have a good level of transparency in our processes?
  4. Do we have the necessary data to fulfil the reporting requirements?
  5. How do we engage our stakeholders and employees?

These questions provide a good starting point for discussions between you and your colleagues to help get a more concrete action plan in place.

1. Do we know which parts of our operations are affected by the new regulations?

For some directives this might be relatively easy to identify – the Pay transparency directive has its main impact on processes related to documenting and reporting on salaries, as well as acting on gender pay gaps. For other directives, the regulatory impact might not be as obvious. 

One example is the Corporate Sustainability Reporting Directive (CSRD). For CSRD, companies have to assess their entire value-chain process widely to identify what to report and assess where there are data gaps – where non-existing data need to be extracted throughout the processes. Since this is a heavy task, organisations are recommended to as a first step perform a CSRD Assessment, followed by a CSRD action plan/specification and gap-analysis of what to get in place. Organisations that know their business processes are way more prepared for these necessary activities.

Another example is the directive on Corporate Sustainability Due Diligence. It establishes that companies have a responsibility to identify, bring-to-an-end, prevent, mitigate, and account for negative human rights and environmental impacts in the company’s own operations, as well as their subsidiaries and their value chains. That is also quite a big scope, and organisations need to be able to identify where they need to focus their resources. This brings us to the next question.

2. Do we have a solid risk management process?

Risk management is a practice well suited for helping you manage new regulations, like the Corporate Sustainability Due Diligence directive. There are many methods for risk management that are applicable to adapting to new regulations:

  • Proactive risk identification: You can apply this when identifying areas that you need to act on due to regulatory changes.
  • Prioritisation: You will not be able to address all areas once, a materiality analysis can help you with prioritisation.
  • Data gathering and follow-up: Make sure you have the infrastructure and ways of working to gather data about the risks to support a continuous follow-up. This will for example also help you with the CSRD.

If you already have an established risk management process in place, a recommendation would be to verify that it is ready to manage more risks and risk assessments. If you want to know more about risk management – feel free to check out this blog post.

3. Do we have a good level of transparency in our processes?

When you have figured out what part of your operations are impacted, the next obvious step is to figure out what to do about it. Adjusting a business process and ways of working to new regulations requires that you know what your processes look like and what adaptations you need to make. Do you know what your supply chain looks like? Do you know what your salary process looks like?

There are several ways to get started mapping out your processes, and a recommendation would be to start at a high-level viewpoint before diving into the details. Working with SIPOC models is one way to do that, as they cover suppliers, input, process, output, and customer. And as a tip – you can also add requirements to the analysis.

SIPOC analysis

If you already have well-documented processes, it might be a suitable time to check that they are working as intended. If they don’t, then you’ve already identified potential for process improvement as well as risks. When you want to check if a process works as intended, we suggest a combination of process mining/intelligence and interviews. 

Process mining helps you analyse your actual process performance and determine what the most common process variants are. It can also help you discover trends and patterns of where, how and when these variants occur. Interviews are a good complement to getting a deeper understanding of the why – why is the process executed in a certain way? It gives you a chance to talk with your colleagues about how and why they execute the process in a certain way and is crucial to gaining insight into what adaptations you might be able to do.

4. Do we have the necessary data to fulfil the reporting requirements?

In many cases it is not enough to make changes in your ways of working, you are also required to provide certain data for reporting purposes. For the Directive on Pay transparency for example, large companies need to report annually on their gender pay gap, and all companies need to be able to respond to employee questions about salary levels. Do you have all the parameters necessary to achieve this? If not, from where in your processes can these be found?

Another example is the corporate sustainability reporting directive is, which as the name indicates, is a lot about reporting on sustainability data. For the companies impacted, sustainability data will need to be in a standardised digital format and be subjected to audit by a third party. Does your organisation have the infrastructure and processes in place to be able to extract, provide, combine and report on the needed data?

5. How do we engage our stakeholders and employees?

There is no possibility to change the processes without the engagement of your employees. Without them, you’ve only made changes to the documentation somewhere and not in the actual ways of working. Stakeholders and employees involved in the processes should be involved early on- you need their expertise to find the best solution. Early engagement also helps create ownership and a commitment to the changes made.

We would also recommend you think about the storyline and how you communicate these changes. Is it just a necessary change, or can you talk about what the positive impact of your changes can be? Can you use the data gathered to show what your organisation has accomplished? Often it’s in these moments you realise how to improve, both minor improvements but also innovate and re-think your ways of working. Engaging more people in this might lead to more success than just regulatory compliance. If you want to know more about how to gain competitive advantage – check out the blog post here.

Finally, complying with EU regulations will not be a one-time effort, it will require continuous effort and improvement. But it boils down to knowing how your organisation works and where it needs to adapt. Working with your business processes can help you with that, whether it is about mapping out a process, using process intelligence to uncover what’s actually happening, identifying risks, or communicating changes. If you start with the five questions above, you’re off to a good start. If you want some help – don’t hesitate to contact us. At Solita we can help you not only with improving your business processes but also with strategy, business transformation, business & service design, data, AI and tech-related services.

Best of luck!


Jessica Dingle Business Process Consultant, Solita

  1. Business