As part of a push for robust environmental action, the EU has replaced their legacy ESG reporting programme, the Non-Financial Reporting Directive (NFRD), with the Corporate Sustainability Reporting Directive (CSRD). The CSRD is intended to bring sustainability reporting up to the same quality and control bar as financial reporting; companies will need to bring a new level of rigour to their ESG reporting as they comply with its regulations.
As the CSRD significantly broadens the scope of NFRD, it’s expected to roughly quadruple the number of covered organisations to over 50,000—many of which will be required to report this ESG data for the first time. The new regulations also cover an estimated 10,000 non-EU companies with significant operations in Europe.
The CSRD raises the bar for both breadth and robustness in sustainability reporting, covering topics beyond climate, including pollution, water, your own workforce, and business conduct. Disclosures on these topics will need to exist in annual reports alongside financials, and require third-party assurance. It’s therefore crucial that companies prepare by building out audit-ready reporting infrastructure. This post covers the main points to know: which organisations the CSRD applies to, what it asks for, and how and where to file the required disclosures.
“The CSRD significantly raises the bar for robustness in ESG reporting, making it crucial that companies prepare by setting clear climate goals and building out audit-ready reporting infrastructure.”
Which organisations have to comply with the CSRD?
The CSRD will apply to EU-based public companies (only excluding micro-enterprises), alongside all EU-based private organisations considered to be “large”—i.e., that have two or more of (1) 250+ employees, (2) €50m+ annual revenues, (3) €25m+ balance sheet.
For many non-EU parent companies, their EU subsidiaries must file CSRD disclosures if they meet the criteria above. Though some companies may opt to voluntarily consolidate reporting at a global level.
The CSRD will eventually require this consolidated reporting for any non-EU parent that has €150m+ in annual EU revenues and at least one branch or subsidiary where: (1) the branch has €50m+ in annual EU revenues, (2) the subsidiary is either EU-listed or meets the “large” criteria above. In these cases the parent will also be responsible to include their non-EU activities.
The CSRD’s technical rules – known as ESRS (European Sustainability Reporting Standards) – outline what is included in each of the four disclosure sections.
What "double materiality" means in the CSRD
The CSRD’s technical rules – known as ESRS (European Sustainability Reporting Standards) – outline the datapoints that companies need to report. The ESRS are split into General Disclosures (ESRS 1 and 2), plus ten topical standards that companies only need to report on if deemed material through a “double materiality assessment.”
The double materiality assessment identifies both how a company’s operations impact people and the environment, and how sustainability-related developments impact the company. A topic is considered material if the impact is material from either (or both) perspectives.
The assessment—which some companies manage themselves, while more bring in consultants or partners to support—asks a broad range of stakeholders to evaluate risks and opportunities across the topics covered by CSRD, and include some metrics-based measurements to supplement the understanding of potential impact.
With qualitative and quantitative input from stakeholders—like scientific experts, customers, employees, and investors—companies uncover which topics are material and can begin to plan their actual CSRD reporting with a focus on those material topics and datapoints.
Summary of the topics included in ESRS
1. General disclosures
The General disclosures cut across the entire report, covering company’s governance; strategy; impact, risk and opportunity management; and metrics and targets. Companies will also need to share information regarding due diligence policies across ESG, alignment with the EU taxonomy, stakeholder engagement inclusion practices, and critically, how the company assessed the material impact of each environmental, social and governance standard.
2. Environmental Standards
There are five environmental standards. Each standard follows the same format: first, disclose any relevant risks, impacts, and opportunities related to that topic that are material for the company. Then, disclose the policies, actions and targets in place to mitigate those risks and impacts. Last, companies will disclose metrics deemed to be material related to that topic (e.g., quantities of pollution released or hazardous waste generated).
The Climate Change standard (ESRS E1) includes scope 1, 2, & 3 emissions, climate related risks, carbon pricing, energy mixes, and a credible transition plan to align with the Paris Agreement.
The Pollution standard (ESRS E2) specifies disclosure of pollution of air, soil, and water occurring as a result of direct operations and value chain operations. The Water and Marine Resources standard (ESRS E3) addresses water consumption and water recycled or reused, as well as any material adverse impacts on marine ecosystems. The Biodiversity and Ecosystems standard (ESRS E4) asks companies to disclose their business impacts on the natural environment, as well as disclose a transition plan to address biodiversity loss. The final environmental standard on Resource Use and Circular Economy (ESRS E5) asks companies to disclose relevant circular material resource flows and types of waste generated in operation.
3. Social Standards
There are four social standards. The Own workforce standard (ESRS S1) asks companies to share quantitative information like employee location, gender, or type breakdowns. It also asks for information regarding compliance with child labour policies or alignment with the UN Guiding Principles on Business and Human Rights. The Workers in Value Chain standard (ESRS S2) includes disclosure of policies and processes related to upstream workers in the value chain, like any relevant human trafficking policies and how perspectives of value chain workers inform company decisions. The Affected Communities standard (ESRS S3) focuses on a company’s impact on affected communities and the policies in place to ensure those communities are able to raise concerns. The final social standard on Consumers and End-Users (ESRS S4) has the same premise of ESRS S3, but addresses concerns of end-users instead of affected communities.
4. Governance Standard
The sole governance standard on Business Conduct (ESRS G1) asks for a range of qualitative and quantitative disclosures. Qualitative components focus on procedures and processes to create transparency within the organisation, to address topics such as corruption and bribery. Quantitative pieces will add colour to these policies, including key metrics like from the number of bribery incidents to how much a company gave in political contributions.
Climate reporting is material for most companies
By requiring companies to disclose a detailed justification of if Climate Change is deemed not material, the EU Commission singled out the standard as critically important and difficult to deem not material.
Emissions disclosures form the foundation of most climate reporting standards, from CDP to TCFD to the various climate disclosures in the United States. They’ve also become table stakes for corporate climate programs, with many companies already reporting annually on their scope 1-3 emissions. It’s with good reason: even if a company has a light physical supply chain—for instance, if they’re a software company—the company may be emitting significant greenhouse gases through activities like their cloud usage or their purchased goods and services.
CSRD disclosure: How and when to report
CSRD reporting requirements will be phased in for different groups of firms over the coming years. Firms currently reporting under the NFRD will need to make their first CSRD disclosures in their 2025 management report, using 2024 data. For other public companies that are not SMEs or micro-cap, their first CSRD reporting will be in their 2026 management report, using 2025 data. That deadline will also apply to large private companies caught by the regulation.
For listed SMEs, reporting begins in their 2027 management report, using 2026 data. The new parent-company level reporting requirements for qualifying non-EU firms will form part of 2029 reporting, using 2028 data.
CSRD disclosures will need to be in a machine-readable digital format so that submissions can be aggregated into a single EU-wide database.
Other considerations
The depth and scope of the CSRD—which covers not just a company's own operations but also their value chains—means there are many new considerations to keep in mind.
To prevent greenwashing and bring sustainability reporting up to the level of rigour required for financial reporting, the CSRD introduces an audit assurance requirement for its reporting—beginning with limited assurance in 2026, followed by reasonable assurance two years later. The assurance requirement will be a new motion for many companies who will need high levels of data accuracy, completeness, and controls.
On the policy front, the CSRD is closely linked to the EU Green Taxonomy, a classification system that establishes a list of environmentally sustainable economic activities. Companies within the scope of the CSRD will also have to comply with the taxonomy. Reporting on both regulations will be in companies’ annual sustainability reports.