CSRD: EU Sustainability Reporting Requirements¶
If you think the CSRD is just an expanded version of the old NFRD, you're in for a shock. The Corporate Sustainability Reporting Directive (2022/2464) doesn't just expand the scope from 11,000 companies to 50,000 — it fundamentally changes what reporting means. 1,100+ datapoints. Double materiality. Limited assurance. iXBRL tagging. And for the first time, your sustainability data needs to stand up to external scrutiny.
The European Sustainability Reporting Standards (ESRS) are the rulebook, and they cover environmental, social, and governance topics in granular detail. If you already report under GRI or SASB, there's overlap — but the bar is significantly higher.
Phased Timeline¶
CSRD hits in four waves, and the clock is already running. The first group — large public-interest entities already under NFRD — reported on their 2024 data in 2025. The second wave, covering large undertakings with >250 employees or >€40M turnover or >€20M assets, reports on 2025 data in 2026. Listed SMEs follow in 2027, and non-EU companies with significant EU operations come in from 2028.
If you're in the second wave and haven't started your double materiality assessment, you're behind. The 2025 data year is already in progress.
The European Sustainability Reporting Standards (ESRS)¶
CSRD reporting must follow the ESRS, adopted by the European Commission as delegated acts. The standards are structured as follows:
Cross-Cutting Standards (apply to all companies)¶
Two standards apply to every company regardless of materiality. ESRS 1 (General Requirements) covers reporting principles, double materiality, and value chain boundaries. ESRS 2 (General Disclosures) covers governance, strategy, business model, and the materiality assessment process itself.
Topical Standards (subject to materiality assessment)¶
Ten topical standards cover the ESG spectrum. Climate (E1) is the only mandatory one — if you're in scope for CSRD, you must report on climate regardless of your materiality assessment. Everything else depends on whether the topic is material to your business.
The environmental standards cover pollution (E2), water and marine resources (E3), biodiversity and ecosystems (E4), and resource use and circular economy (E5). The social standards address your own workforce (S1), workers in the value chain (S2), affected communities (S3), and consumers and end-users (S4). Governance (G1) covers business conduct, anti-corruption, and lobbying.
The materiality assessment determines which of these apply — but climate is non-negotiable.
Double Materiality¶
Here's where CSRD differs from every reporting framework that came before. "Double materiality" means you have to look both ways: how sustainability affects your business (financial materiality, outside-in) and how your business affects the world (impact materiality, inside-out). A topic is reportable if it's material from either direction — not just both.
This is a significant departure from frameworks like SASB or TCFD, which focus primarily on financial materiality. It means you can't dismiss a topic because it doesn't directly affect your P&L. If your operations harm a local community, that's material regardless of whether it shows up on a balance sheet.
The assessment must cover your full value chain — upstream suppliers and downstream customers. You don't need perfect data from every supplier on day one, but you need to document where the gaps are and how you plan to fill them.
Value Chain Reporting¶
CSRD requires reporting on sustainability matters across the full value chain. This is one of the most challenging implementation aspects because it forces companies to collect data from suppliers, distributors, and customers who may not themselves be subject to CSRD.
The ESRS acknowledge this limitation. Companies report value chain information based on reasonable and supportable information available without disproportionate cost or effort — but they must explain where data gaps exist and describe steps taken to fill them.
Over time, as more companies come into scope and as ESRS data becomes standardised across value chains, the reporting burden is expected to shift from estimation to direct measurement.
Reporting Format¶
CSRD reports must be prepared in a single electronic reporting format using Inline XBRL (iXBRL). This means sustainability information must be machine-readable and digitally tagged according to the ESRS taxonomy, enabling regulators, investors, and data aggregators to process reports automatically.
The report must be published as part of the management report in the official language(s) of the member state where the company is registered.
Assurance Requirements¶
The old NFRD required no external verification. CSRD flips that completely. Your first report must be accompanied by limited assurance — the verifier says "nothing has come to our attention to suggest the report is incorrect." It's a lower bar than a full audit, but it still requires audit-ready documentation, internal controls, and an evidence trail.
The Commission will assess whether to move to reasonable assurance (the positive form: "in our opinion, the report is fairly presented") starting in 2028. Most observers expect this transition to happen. If you build your systems for limited assurance now, the upgrade to reasonable assurance is much less painful than starting from scratch.
Penalties for Non-Compliance¶
CSRD is implemented through national law in each member state, so penalties vary by jurisdiction. However, the Directive requires that penalties be effective, proportionate, and dissuasive. Common enforcement mechanisms include:
- Fines for non-compliance
- Injunctions requiring restatement or publication of corrected information
- Public censure and naming by national enforcement bodies
- Director liability for false or misleading reporting (in some member states)
- Impairment of access to capital (de facto — investors increasingly refuse to fund non-disclosing companies)
Practical Preparation Steps¶
- Assess scope and timeline — Determine which wave of CSRD applies to your company based on size and listing status. If you are a large undertaking subject to 2025 reporting, your first report is due in 2026.
- Develop the double materiality assessment — This is the foundational exercise. Document your process, engage internal and external stakeholders, and obtain sign-off from governance bodies.
- Map ESRS data requirements — For each material topic, identify the ESRS datapoints that apply. Climate (E1) is always in scope; others depend on materiality.
- Establish data collection processes — Many CSRD datapoints come from operational and financial systems that were not designed to produce sustainability data. Set up data pipelines, assign owners, and implement controls.
- Close supply chain data gaps — Identify your most significant value chain impacts and work with key suppliers to establish reporting protocols.
- Prepare for assurance — Your first report will be subject to limited assurance. Ensure that data quality, evidence trails, and documentation standards meet the requirements of an accredited assurance provider.
- Select a reporting framework — iXBRL tagging requires technical infrastructure. Decide whether to build in-house capability or use a dedicated reporting platform.
Frequently Asked Questions¶
Does CSRD apply to subsidiaries of non-EU parent companies?
Yes. If a subsidiary meets the size thresholds — even if the parent is headquartered outside the EU — the subsidiary must report. From 2028, non-EU parent companies with significant EU operations will also be directly in scope.
Can I use existing sustainability frameworks (GRI, SASB, TCFD) instead of ESRS?
No. CSRD mandates ESRS as the reporting standard. However, ESRS has built on GRI, SASB, and TCFD, so companies already reporting under those frameworks will find significant overlap. ESRS 1 includes a table mapping ESRS disclosures to GRI and other standards.
What if my company lacks historical data for some ESRS datapoints?
The ESRS includes transitional provisions. In the first reporting year, companies may omit comparative data for certain disclosures. In subsequent years, data gaps must be filled or explained. The principle of "reasonable and supportable information" applies — but persistent gaps will draw regulatory scrutiny.
Is CSRD reporting voluntary for SMEs?
SMEs that are listed on EU regulated markets are in scope from 2026. Unlisted SMEs are not directly subject to CSRD but will be indirectly affected through value chain data requests from large customers. The European Commission has published a separate voluntary standard for non-listed SMEs (VSME) to help them respond consistently.
Related Articles¶
- CSRD Compliance Software: How to Automate ESRS Reporting — Software solutions for managing CSRD data collection and disclosure.
- The Trickle-Down Effect: How the CSRD and CS3D Impact SMEs — Why SMEs face indirect CSRD obligations through supply chain requests.
- EU Sustainability Regulations 2026: Compliance Roadmap — How CSRD fits into the broader EU regulatory landscape.