The Corporate Sustainability Reporting Directive (CSRD) — Directive (EU) 2022/2464 — is the EU regulation that mandates comprehensive sustainability reporting for companies operating within the European Union. Adopted on 14 December 2022, it entered into force on 5 January 2023 and is being phased in from 2024 to 2029.
CSRD replaces and dramatically expands the previous Non-Financial Reporting Directive (NFRD), which has been in effect since 2014. Where NFRD covered approximately 11,700 companies, CSRD extends the obligation to over 50,000 EU companies plus an estimated 10,000 non-EU companies with significant EU operations.
CSRD is a cornerstone of the European Green Deal — the EU's comprehensive strategy to achieve climate neutrality by 2050.
Why CSRD Was Introduced
Problem Under NFRD
How CSRD Addresses It
Limited scope — only ~11,700 large public-interest entities
Expanded to ~50,000+ companies including all large companies and listed SMEs
No standardised reporting framework — companies reported inconsistently
Mandatory ESRS standards ensure comparability
No assurance requirement — reported data was often unverified
Mandatory third-party assurance (limited, moving to reasonable)
No digital format — data was not machine-readable
XHTML format with XBRL digital tagging
Inadequate coverage — gaps in environmental, social, and governance topics
12 comprehensive ESRS topical standards covering E, S, and G
Investor data gap — insufficient ESG data for investment decisions
Detailed, comparable data enables sustainable investment allocation
CSRD's Four Objectives
Comparability — Standardised ESRS standards enable stakeholders to compare sustainability performance across companies and sectors
Reliability — Mandatory third-party assurance ensures reported information is accurate and trustworthy
Accessibility — Digital tagging makes sustainability data machine-readable and easily analysable
Capital redirection — Quality ESG data helps investors, banks, and funds allocate capital to sustainable activities
What Is ESG and Why Does It Matter?
ESG stands for Environmental, Social, and Governance — three pillars that define sustainable business practices:
Pillar
Focus
Key Metrics
E — Environmental
Impact on the natural world
GHG emissions (Scope 1, 2, 3), energy consumption, water usage, waste management, biodiversity impact, circular economy practices
S — Social
Impact on people
Worker rights, diversity and inclusion, health and safety, community impact, data privacy, supply chain labour conditions
ESG reporting has moved from a voluntary corporate communications exercise to a regulated compliance obligation with direct business consequences:
Stakeholder
Why They Require ESG Data
Investors and funds
ESG data drives investment decisions; many EU funds require ESG disclosures under SFDR
Banks and lenders
ESG risk assessment increasingly influences lending decisions and credit terms
Customers (B2B)
Large companies need supplier ESG data for their own CSRD Scope 3 and value chain reporting
Regulators
CSRD compliance is now a legal obligation with enforcement consequences
Employees
Talent increasingly evaluates employers on sustainability commitments
Insurance companies
ESG risk data influences underwriting and premiums
The ripple effect: Even if your company is not directly in CSRD scope, your large customers or partners may require your ESG data for their own value chain reporting (ESRS S2). Indirect pressure on smaller companies is already a reality across many sectors.
Who Must Comply with CSRD?
CSRD significantly expands the universe of companies required to report on sustainability.
Large EU Companies
A company is classified as "large" if it exceeds at least two of three thresholds:
Criterion
Threshold
Average number of employees
More than 250
Net turnover
More than EUR 50 million
Total assets
More than EUR 25 million
Listed Companies
All companies listed on EU-regulated markets must comply, including listed SMEs (with simplified requirements and later deadlines).
Non-EU Companies
Non-EU parent companies must report if they meet all of the following:
Criterion
Threshold
Net EU turnover
Exceeding EUR 150 million for two consecutive financial years
EU presence
At least one EU subsidiary meeting large company thresholds, OR an EU branch with net turnover exceeding EUR 40 million
Companies NOT in Scope
Category
Status
Micro-enterprises (fewer than 10 employees AND under EUR 2M turnover/assets)
Exempt (unless listed)
Non-listed SMEs
Exempt (voluntary reporting available using simplified ESRS)
Subsidiaries included in consolidated group reporting
May be exempt (with conditions and disclosure requirements)
Scope Summary by Numbers
NFRD (Previous)
CSRD (Current)
~11,700 companies
~50,000+ EU companies
Large public-interest entities only
All large companies + listed SMEs + qualifying non-EU companies
No standardised framework
Mandatory ESRS standards
No assurance
Mandatory assurance
CSRD Timeline: Four Phases of Implementation
CSRD is phased in over several years, with different company types beginning at different times:
Phase
Reporting Period
First Report Due
Who Must Comply
Phase 1
FY 2024
2025
Large public-interest entities with more than 500 employees (previously under NFRD) — banks, listed companies, insurance companies
Phase 2
FY 2025
2026
All other large companies meeting at least 2 of 3 size thresholds — regardless of listing or public-interest status
Phase 3
FY 2026
2027
Listed SMEs, small and non-complex credit institutions, captive insurance undertakings (opt-out available until FY 2028 / reports due 2029)
Phase 4
FY 2028
2029
Non-EU companies meeting the EUR 150 million EU turnover threshold with qualifying EU subsidiaries or branches
Critical for Phase 2 companies: Your first report is due in 2026 covering financial year 2025. Data collection must be underway now — retroactively establishing ESG metrics and baselines is extremely difficult and expensive.
Assurance Timeline
Period
Required Assurance Level
2024–2027
Limited assurance (lower standard, similar to a review)
From 2028 onwards
Reasonable assurance (higher standard, similar to a financial audit) — subject to Commission feasibility assessment
ESRS Standards: What and How to Report
CSRD reporting must follow the European Sustainability Reporting Standards (ESRS), developed by EFRAG (European Financial Reporting Advisory Group) and adopted by the European Commission. The first set of 12 standards was adopted on 31 July 2023.
Complete ESRS Framework
Standard
Topic
Mandatory?
ESRS 1
General Requirements
Yes — for all companies
ESRS 2
General Disclosures
Yes — for all companies
ESRS E1
Climate Change
Presumed material (must report unless documented as immaterial)
ESRS E2
Pollution
Subject to materiality assessment
ESRS E3
Water and Marine Resources
Subject to materiality assessment
ESRS E4
Biodiversity and Ecosystems
Subject to materiality assessment
ESRS E5
Resource Use and Circular Economy
Subject to materiality assessment
ESRS S1
Own Workforce
Subject to materiality assessment
ESRS S2
Workers in the Value Chain
Subject to materiality assessment
ESRS S3
Affected Communities
Subject to materiality assessment
ESRS S4
Consumers and End-Users
Subject to materiality assessment
ESRS G1
Business Conduct
Subject to materiality assessment
How Materiality Works for ESRS
ESRS 1 and ESRS 2 are always mandatory — every company must report these regardless of materiality
ESRS E1 (Climate Change) is presumed material — you must report on climate unless you can document why it is not material to your business (which is difficult to justify in practice)
All other topical standards (E2–E5, S1–S4, G1) are reported only if material based on your double materiality assessment
If a topic is assessed as not material, you must explain why in your report
Sector-Specific Standards
EFRAG is also developing sector-specific ESRS for industries with particular sustainability characteristics (e.g., oil and gas, mining, agriculture, financial services). These will supplement the cross-cutting standards with industry-specific disclosure requirements.
Double Materiality: The Core Concept
Double materiality is the foundational concept that distinguishes CSRD from previous reporting frameworks. It requires companies to assess sustainability matters from two perspectives simultaneously:
Impact Materiality (Inside-Out)
Question: How does the company affect people and the environment?
Assessment Factor
What to Consider
Actual impacts
Current positive and negative effects on people and the environment
Potential impacts
Possible future effects based on business activities and plans
Value chain scope
Impacts across the full value chain — upstream (suppliers) and downstream (customers, end-of-life)
Time horizon
Short-term (0-1 year), medium-term (1-5 years), and long-term (5+ years)
Severity
Scale (how serious), scope (how widespread), and irremediability (how reversible)
Likelihood
Probability of potential impacts occurring
Financial Materiality (Outside-In)
Question: How do sustainability matters affect the company's financial position and performance?
Assessment Factor
What to Consider
Financial risks
Sustainability-related risks to revenue, costs, assets, and liabilities
Financial opportunities
Potential for new revenue, cost savings, or competitive advantage from sustainability
Dependencies
Reliance on natural resources, human capital, or social licence to operate
Access to finance
Impact on cost of capital, access to loans, and investor appetite
Time horizon
Short-term, medium-term, and long-term financial effects
When Is a Topic Material?
A sustainability topic is material if it meets either threshold:
Scenario
Material?
Impact materiality only (significant effect on people/environment)
Yes
Financial materiality only (significant effect on the company)
Yes
Both impact and financial materiality
Yes
Neither
No — explain why in the report
Practical tip: The double materiality assessment is the most critical step in CSRD preparation. It determines the entire scope of your reporting. Document your methodology, stakeholder engagement, and conclusions thoroughly — auditors will review this process.
What Must Be Disclosed
Mandatory Disclosures (ESRS 2) — All Companies
Every company in CSRD scope must disclose the following, regardless of materiality assessment results:
Disclosure Area
Key Requirements
Basis for preparation
Methodology, reporting scope, boundaries, and limitations
Governance
Role of the management body and supervisory board in sustainability matters; sustainability expertise on the board; incentive structures
Strategy
Business model description, sustainability strategy, transition plan (if applicable)
Impact, risk, and opportunity management
Processes for identifying, assessing, and managing sustainability-related impacts, risks, and opportunities
Metrics and targets
Measurable targets, deadlines, progress tracking, and performance indicators
Topical Disclosures — Based on Materiality
Environmental (E):
Greenhouse gas emissions (Scope 1, 2, and 3)
Energy consumption and energy efficiency measures
Climate transition plan and carbon reduction targets
Water consumption, discharge, and marine ecosystem impacts
Pollution of air, water, and soil; substances of concern
Biodiversity impacts and ecosystem dependencies
Resource use, waste generation, and circular economy practices
Social (S):
Workforce diversity, inclusion, and equal treatment
Working conditions, wages, and collective bargaining
Occupational health and safety metrics and incidents
Training and skills development investment
Human rights in the supply chain
Community impacts and engagement
Consumer and end-user safety and privacy
Governance (G):
Anti-corruption and anti-bribery policies and incidents
Political engagement and lobbying activities
Supplier relationship management and payment practices
Whistleblower protection mechanisms
Understanding Scope 1, 2, and 3 Emissions
GHG emissions reporting is central to ESRS E1 (Climate Change) and one of the most scrutinised aspects of CSRD reporting:
Scope
Definition
Examples
Measurement Difficulty
Scope 1
Direct emissions from owned or controlled sources
Company vehicles, on-site fuel combustion, manufacturing processes, refrigerant leaks
Moderate — direct measurement possible
Scope 2
Indirect emissions from purchased energy
Electricity, heating, cooling, steam purchased from external providers
Moderate — based on energy consumption data and emission factors
Scope 3
All other indirect emissions across the value chain
Purchased goods and services, business travel, employee commuting, transportation and distribution, use of sold products, end-of-life treatment of products, investments
High — requires data from suppliers, customers, and estimates
Scope 3: The Biggest Challenge
Scope 3 emissions typically represent 70–80 % of a company's total carbon footprint, yet they are the hardest to measure because the data comes from third parties across the value chain.
Scope 3 Category
Description
Purchased goods and services
Emissions from production of goods and services the company buys
Capital goods
Emissions from production of capital equipment
Fuel and energy-related activities
Upstream emissions from fuel and energy procurement
Transportation and distribution
Upstream and downstream logistics emissions
Waste generated in operations
Emissions from waste treatment
Business travel
Emissions from employee travel
Employee commuting
Emissions from employees travelling to/from work
Leased assets
Emissions from leased assets not in Scope 1 or 2
Processing of sold products
Emissions from downstream processing
Use of sold products
Emissions from customer use of products
End-of-life treatment
Emissions from disposal of sold products
Investments
Emissions from the company's investment portfolio
Expert advice: Start with Scope 1 and 2, which are within your direct control and easier to measure. For Scope 3, use industry average emission factors and supplier surveys initially, then progressively improve data quality over time. Document your methodology and limitations — assurance providers understand that Scope 3 data quality improves iteratively.
Report Format and Assurance Requirements
Where Sustainability Information Goes
CSRD sustainability information must be included in the management report (directors' report), in a clearly identifiable dedicated section. It cannot be published as a separate standalone sustainability report.
Requirement
Details
Location
Dedicated section within the annual management report
Format
XHTML (European Single Electronic Format — ESEF)
Digital tagging
XBRL tagging for machine-readability and automated data extraction
Language
In the official language(s) required by the member state
Publication
Publicly available along with the annual report
Assurance Providers
Sustainability reports must undergo independent third-party assurance. Assurance can be provided by:
Statutory auditors (the company's financial auditor or a separate firm)
Independent assurance service providers (where permitted by member state law)
Accredited sustainability assurance firms
Consolidation and Exemptions
Group reporting is permitted under certain conditions:
Situation
Exemption Available?
Subsidiary included in parent's consolidated CSRD report
Yes — subsidiary may be exempt from individual reporting (with disclosure requirements)
EU subsidiary of non-EU parent reporting under equivalent standards
Possible — subject to Commission assessment of equivalence
Listed subsidiary
No — listed companies must always report individually
CSRD and Other EU Regulations
CSRD does not operate in isolation — it is part of a broader EU sustainable finance regulatory ecosystem:
Regulation
Relationship with CSRD
EU Taxonomy (Regulation 2020/852)
Companies must disclose what proportion of turnover, CapEx, and OpEx comes from Taxonomy-aligned activities; CSRD is the vehicle for this disclosure
SFDR (Sustainable Finance Disclosure Regulation)
Fund managers and financial advisers use CSRD data from investee companies to meet their own SFDR disclosure obligations
CSDDD (Corporate Sustainability Due Diligence Directive)
Requires companies to actively identify, prevent, and mitigate human rights and environmental impacts in their value chain; CSRD reporting provides the data foundation
GDPR
GDPR requirements apply to the processing of personal data collected for ESG reporting (employee data, supply chain data)
EU climate benchmarks use CSRD-reported data for construction and rebalancing
Relationship with International Frameworks
Framework
Relationship with ESRS
GRI Standards
High degree of interoperability — ESRS were developed in cooperation with GRI; companies already reporting under GRI have a strong foundation
TCFD
Climate disclosures under ESRS E1 are aligned with TCFD's governance, strategy, risk management, and metrics/targets structure
ISSB Standards (IFRS S1 and S2)
Shared conceptual foundations but different scope — ISSB focuses on investor-oriented financial materiality; ESRS uses double materiality. EFRAG has published interoperability guidance
CDP
CDP questionnaires align significantly with ESRS E1 and E2 requirements
UN SDGs
ESRS disclosures can be mapped to relevant UN Sustainable Development Goals
How to Prepare: 8-Step Roadmap
Step 1: Determine Applicability and Timeline (Weeks 1-2)
Review your company's employee count, net turnover, and total assets against CSRD thresholds
Identify which phase applies to your organisation
Determine your first reporting year and report publication deadline
Assess group reporting options (consolidation, subsidiary exemptions)
Identify whether any sector-specific ESRS will apply
This is the most critical step — it determines the entire scope of your reporting.
Sub-Step
Activities
Identify topics
Map all potentially material sustainability matters using the ESRS topic list
Engage stakeholders
Consult with investors, employees, customers, suppliers, communities, and NGOs
Assess impact materiality
Evaluate the severity and likelihood of your company's impacts on people and environment
Assess financial materiality
Evaluate how sustainability matters create financial risks and opportunities
Document conclusions
Record methodology, data sources, stakeholder input, and rationale for each materiality determination
Validate
Review and approve conclusions with management and/or the board
Step 4: Perform Gap Analysis (Weeks 8-14)
Map existing disclosures and data against ESRS requirements for your material topics
Identify which data points are currently collected vs. missing
Assess the quality and reliability of existing data
Determine system and process gaps
Estimate the resources, systems, and time needed to close gaps
Prioritise gaps by regulatory urgency and data availability
Step 5: Build Data Collection Infrastructure (Weeks 10-20)
Define data owners for each ESRS topic and data point
Create standardised data collection templates and procedures
Implement or upgrade sustainability data management systems
Establish data validation and quality controls (internal controls over sustainability reporting)
Set up value chain data collection — supplier questionnaires, customer surveys, industry databases
Create audit trails documenting data sources and calculation methodologies
Step 6: Develop Metrics, Targets, and Policies (Weeks 14-22)
Establish baselines for all material metrics (using the earliest available data)
Set measurable targets with clear deadlines for material sustainability topics
Develop or update sustainability policies aligned with ESRS requirements
Create action plans describing what the company is doing to achieve its targets
Align ESG strategy with overall business strategy to demonstrate integration
Step 7: Prepare for Assurance (Weeks 18-26)
Engage with assurance providers early — capacity is limited, especially for Phase 1 and 2
Ensure all data has clear documentation and audit trails
Implement internal controls over sustainability reporting (similar rigour to financial reporting controls)
Conduct dry-run assurance procedures — test your data and processes before the formal engagement
Address assurance provider feedback from preliminary reviews
Step 8: Build and Test Reporting Capability (Weeks 22-30)
Draft the sustainability section of the management report following ESRS structure
Implement XBRL digital tagging capabilities
Integrate sustainability reporting into the annual reporting cycle and timeline
Train staff on CSRD requirements, data collection procedures, and ongoing responsibilities
Establish a continuous improvement process for data quality and reporting maturity
Common Challenges and Solutions
Challenge 1: Scope 3 Data Availability
Problem: Scope 3 emissions (value chain) typically represent 70–80 % of total emissions but depend on data from suppliers and customers that may not be available.
Solution: Start with industry average emission factors from recognised databases (e.g., DEFRA, ecoinvent). Progressively improve by engaging key suppliers through questionnaires. Document your methodology, data sources, and limitations. Assurance providers understand that Scope 3 data quality improves over time.
Challenge 2: Double Materiality Complexity
Problem: The double materiality assessment requires significant judgement, stakeholder engagement, and resources — and there is no single "correct" methodology.
Solution: Use the structured guidance in ESRS 1 and EFRAG's implementation guidance. Engage stakeholders systematically and document the rationale for every materiality determination. Consider external support for the first assessment cycle.
Challenge 3: Value Chain Information
Problem: ESRS S2 (Workers in the Value Chain) and Scope 3 reporting require sustainability information from suppliers and downstream partners that may be difficult to obtain.
Solution: Prioritise data collection from material suppliers (those representing the largest sustainability impacts). Include sustainability data requirements in procurement contracts. Use industry databases and sector estimates for less significant relationships.
Challenge 4: Resource Constraints
Problem: CSRD compliance requires significant investment in time, expertise, systems, and external support.
Solution: Start early and phase your preparation across multiple reporting cycles. Leverage existing frameworks (GRI, CDP) where aligned with ESRS. Build internal capability progressively while using external support for initial setup and complex topics.
Challenge 5: Evolving Requirements
Problem: ESRS standards, sector-specific standards, and implementation guidance continue to develop.
Solution: Monitor EFRAG publications and European Commission updates. Build flexibility into reporting processes. Engage with industry groups, professional bodies, and specialist advisers to stay informed.
Challenge 6: Data Quality and Assurance Readiness
Problem: Sustainability data often lacks the rigour and controls applied to financial data, making assurance readiness difficult.
Solution: Apply financial reporting discipline to sustainability data: establish internal controls, segregation of duties, review procedures, and documentation standards. Invest in data management systems that provide audit trails from the start.
Penalties for Non-Compliance
Member states are required to establish penalties for CSRD non-compliance. While specific penalties vary by country, the consequences extend beyond fines:
Category
Potential Consequences
Regulatory penalties
Financial fines proportionate to the breach; personal liability for management body members; temporary bans from management positions
Capital market access
Investors and banks increasingly require ESG data — non-compliant companies risk exclusion from investment portfolios and higher financing costs
Reputational damage
Public disclosure of non-compliance; negative media coverage; loss of stakeholder trust
Business relationships
Exclusion from public procurement tenders that require ESG disclosures; loss of contracts with partners who require supply chain ESG data
Greenwashing risk
Inconsistent or incomplete reporting may be challenged as greenwashing under the EU's Green Claims Directive
Assurance failures
If the assurance provider identifies material misstatements or cannot provide assurance, this is publicly disclosed
Frequently Asked Questions
Does CSRD apply to my company if we have fewer than 250 employees?
If you are not listed on an EU-regulated market and do not meet two of the three large company thresholds, you are not a direct CSRD obligor. However, your large customers or partners may request your ESG data for their own CSRD value chain reporting (ESRS S2, Scope 3). Voluntary reporting using simplified ESRS for SMEs is available.
Do we have to report on all 12 ESRS topics?
No. ESRS 1 and ESRS 2 are always mandatory. ESRS E1 (Climate Change) is presumed material — you must report unless you document why climate is not material to your business. All other topics (E2–E5, S1–S4, G1) are reported only if material based on your double materiality assessment. You must explain why non-material topics were excluded.
Who must assure the sustainability report?
An independent third-party assurance provider — either the company's statutory auditor, a separate audit firm, or an accredited sustainability assurance provider (where permitted by member state law). Until 2028, limited assurance is required; reasonable assurance is planned from 2028 onwards.
Can we publish a separate sustainability report instead of including it in the management report?
No. CSRD requires sustainability information to be included in a dedicated section of the management report (annual report). It cannot be a standalone document. This ensures sustainability disclosures receive the same governance, board approval, and assurance rigour as financial reporting.
What is the relationship between CSRD and the EU Taxonomy?
The EU Taxonomy defines which economic activities are environmentally sustainable. CSRD is the vehicle for Taxonomy disclosures — companies must report what proportion of their turnover, capital expenditure, and operating expenditure is associated with Taxonomy-aligned activities. This disclosure is part of the CSRD management report.
How does CSRD relate to GRI reporting?
ESRS standards were developed in cooperation with GRI, and there is high interoperability between the two frameworks. Companies already reporting under GRI have a strong foundation for CSRD compliance, though some ESRS-specific disclosures (notably double materiality and certain quantitative metrics) go beyond GRI requirements.
What is Scope 3 and do we have to measure it?
Scope 3 covers all indirect emissions across your value chain — from purchased goods and services to the use and disposal of your products. Yes, ESRS E1 requires Scope 3 disclosure. You can use industry average emission factors initially and progressively improve data quality. Document your methodology and limitations.
Can listed SMEs defer CSRD reporting?
Yes. Listed SMEs may opt out of CSRD reporting until financial year 2028 (with reports due in 2029). They must disclose the opt-out decision in their management report. When they do begin reporting, simplified ESRS standards for SMEs will apply.
Related Articles
GDPR Compliance Guide — Data protection requirements that apply to ESG data collection
NIS2 Compliance Checklist — Cybersecurity requirements that overlap with CSRD governance disclosures
Need support with sustainability reporting? Vision Compliance helps organisations across the EU navigate CSRD requirements — from double materiality assessments and gap analysis through to assurance-ready reporting.
Robert Lozo, mag. iur., is a Partner at Vision Compliance specializing in EU regulatory compliance. He advises organizations on GDPR, NIS2, AI Act, and financial regulation, delivering audit-ready documentation and compliance roadmaps across regulated industries.
