As part of a push for robust environmental action, the EU has replaced their legacy ESG reporting programme, NFRD, with the Corporate Sustainability Reporting Directive (the CSRD). The CSRD is intended to bring sustainability reporting up to the same quality and control bar as financial reporting; companies will need to bring a new level of rigour to their ESG reporting as they comply with its regulations.
As the CSRD significantly broadens the scope of NFRD, it’s expected to roughly quadruple the number of covered organisations to over 50,000—many of which will be required to report their full carbon emissions for the first time. The new regulations also cover an estimated 10,000 non-EU companies with significant operations in Europe.
The CSRD also significantly raises the bar for breadth and robustness in sustainability reporting, covering categories beyond just climate impact, including pollution, water, and biodiversity. Disclosures on these topics will need to exist in annual reports alongside financials, and will be subject to audit assurance.
It’s therefore crucial that companies prepare by setting clear climate goals and building out audit-ready reporting infrastructure. This post covers the main points that filers need to know: which organisations the CSRD applies to, what it asks for, and how and where to file the required disclosures.
“The CSRD significantly raises the bar for breadth and robustness in sustainability reporting. It’s crucial that companies prepare by setting clear climate goals and building out audit-ready reporting infrastructure.”
Covered organisations
The CSRD will apply to EU-based public companies (only excluding micro-enterprises), alongside all EU-based private organisations considered to be “large”—i.e., that have two or more of (1) 250+ employees, (2) €40m+ annual revenues, (3) €20m+ balance sheet.
For many non-EU parent companies, their EU subsidiaries must file CSRD disclosures if they meet the criteria above. Though some companies may opt to voluntarily consolidate reporting at a global level.
The CSRD will eventually require this consolidated reporting for any non-EU parent that has €150m+ in annual EU revenues and at least one branch or subsidiary where: (1) the branch has €40m+ in annual EU revenues, (2) the subsidiary is either EU-listed or meets the “large” criteria above. In these cases the parent will also be responsible to include their non-EU activities.
What "double materiality" means in the CSRD
Filers must start with a “double materiality” assessment that identifies both how its operations impact people and the environment, and how sustainability-related developments impact the organisation. A topic is considered material if the impact is material from either (or both) perspectives.
The assessments ask a broad range of stakeholders to evaluate risks and opportunities across the topics covered by CSRD, and include some metrics-based measurements to supplement the understanding of potential impact.
With qualitative and quantitative input from stakeholders—like scientific experts, customers, employees, and investors—companies will uncover which topics are material.
The outcomes of these materiality assessments determine which components of the CSRD a company must include in their reporting, ensuring companies focus on the topics that matter both to the organisation and society at large.
Climate reporting is mandatory for all firms in scope
No matter what a company’s materiality assessment says, the CSRD establishes a reporting baseline for all companies. This includes full climate disclosure requirements that are based on the TCFD framework as a starting point, but the CSRD climate disclosures go a few steps further.
Covered organisations must disclose their full scope 1-3 emissions, alongside their climate risks assessment and any policies related to climate change mitigation and adaptation.
Beyond climate, the CSRD also includes some mandatory disclosures (including quantitative metrics) across other standards, such as water, pollution and biodiversity. Above and beyond that baseline, reporting will depend on the outcome of your materiality assessment.
The specific reporting requirements under the CSRD are divided into 12 separate standards, which will be finalised in June 2023. They include two “general disclosures” that cut across ESG topics and 10 “topical standards” focused on specific E, S, and G subcategories like climate. Some topics—like the Climate Change standard—are mandatory to all companies instead of being subject to the results of materiality assessments.
Other considerations
The depth and scope of the CSRD—which covers not just companies own operations but their value chains—means there are many new considerations to keep in mind.
To prevent greenwashing and bring sustainability reporting up to the level of rigour required for financial reporting, the CSRD introduces an audit assurance requirement for its reporting—beginning with limited assurance in 2026, followed by reasonable assurance two years later. The assurance requirement will be a new motion for many companies who will need high levels of data accuracy, completeness, and controls.
On the policy front, the CSRD is closely linked to the EU Green Taxonomy, a classification system that establishes a list of environmentally sustainable economic activities. Companies within the scope of the CSRD will also have to comply with the taxonomy. Reporting on both regulations will be in companies’ annual sustainability reports.
The CSRD’s timeline
The CSRD became law on 5 January 2023. The detailed reporting standards will be finalised in June 2023, while specific requirements for some sectors—along with non-EU company guidelines—will come out in 2024.
How and when to report
CSRD reporting requirements will be phased in for different groups of firms over the coming years. Firms currently reporting under the NFRD will need to make their first CSRD disclosures in their 2025 management report, using 2024 data. For other public companies that are not SMEs or micro-cap, their first CSRD reporting will be in their 2026 management report, using 2025 data. That deadline will also apply to large private companies caught by the regulation.
For listed SMEs, reporting begins in their 2027 management report, using 2026 data. The new parent-company level reporting requirements for qualifying non-EU firms will form part of 2029 reporting, using 2028 data.
CSRD disclosures will need to be in a machine-readable digital format so that submissions can be aggregated into a single EU-wide database.
