BlogpostIf your company operates in or does significant business with the European Union, there’s a regulatory shift you can’t afford to ignore. The Corporate Sustainability Reporting Directive is reshaping how businesses disclose their environmental, social, and governance performance—and the deadlines are already here for many organizations.
This guide breaks down everything you need to know about CSRD: what it requires, who it applies to, when obligations kick in, and how to prepare your company for compliance.
What is the Corporate Sustainability Reporting Directive (CSRD)?
The Corporate Sustainability Reporting Directive is European Union legislation that became effective on January 5, 2023, establishing mandatory sustainability reporting requirements for large EU companies, listed SMEs, and qualifying subsidiaries of non-EU companies. In essence, CSRD requires companies to publish detailed, audited information on ESG impacts, sustainability risks, and opportunities across their entire value chain.
Think of CSRD as the EU’s answer to a critical transparency gap. For years, companies could pick and choose how they reported on social and environmental issues—or whether they reported at all. The result was a patchwork of inconsistent, often incomparable sustainability data that made it nearly impossible for investors and other stakeholders to evaluate corporate sustainability performance meaningfully.
CSRD changes this by replacing and significantly broadening the earlier Non-Financial Reporting Directive (commonly called the financial reporting directive NFRD). While NFRD covered approximately 11,000 companies, CSRD expands the reporting scope to nearly 50,000 organizations. The directive aims to put sustainability reporting on equal footing with financial reporting—same rigor, same assurance, same accountability.
This isn’t just regulatory housekeeping. CSRD is a core building block of the European Green Deal and the EU’s legally binding commitment to reach climate neutrality by 2050. The European Commission framed it explicitly as addressing an “accountability gap,” arguing that high-quality public reporting creates a culture of greater transparency and helps end greenwashing practices that undermine trust in corporate sustainability claims.
CSRD at a glance: objectives, origins and legal context
To understand why CSRD exists, you need to look at the bigger picture. In December 2019, the European Commission presented the European Green Deal—an ambitious roadmap to make Europe the first climate-neutral continent by 2050. Achieving this goal requires massive capital flows toward sustainable activities, which means investors need reliable sustainability information to make informed decisions.
The European Commission presented the CSRD proposal in April 2021 as part of its “Financing Sustainable Growth” action plan. After political negotiations, the European Parliament and Council reached agreement in 2022, with the directive entering into force on January 5, 2023. EU member states were required to transpose the directive into national law by specific deadlines, making CSRD requirements binding across the bloc.
The policy objectives behind CSRD are straightforward but far-reaching. First, improve the transparency and comparability of sustainability information so that investors can properly assess ESG risks. Second, direct capital flows toward activities that support a sustainable economy. Third, ensure companies contribute meaningfully to the EU’s 2030 climate goals and 2050 net-zero target.
CSRD doesn’t operate in isolation. It sits alongside and interacts with other EU sustainable finance laws, particularly the EU Taxonomy Regulation (which defines what counts as an environmentally sustainable economic activity) and the Sustainable Finance Disclosure Regulation (which governs how financial market participants disclose information on sustainability risks). Together, these regulations create a comprehensive framework for embedding sustainability into European financial decision-making.
One important development to monitor: in February 2025, the European Commission adopted the ESG “Omnibus Simplification Package” aimed at reducing administrative burden, particularly for smaller entities. While this package may adjust certain thresholds and requirements, the core transparency objectives of CSRD remain intact.
Who does the CSRD apply to? (Scope and thresholds)
CSRD casts a dramatically wider net than its predecessor. Where NFRD focused primarily on large public interest entities, CSRD brings tens of thousands of additional companies into scope—including many that have never had to produce formal sustainability reports.
Large EU undertakings form the primary category of companies subject to CSRD. These are companies (whether listed or not) that meet at least two of three size criteria: more than 250 employees, more than €50 million in net turnover, or more than €25 million in balance sheet total. For example, a German manufacturing group with 300 employees and €60 million in annual revenue clearly falls within scope, regardless of whether its shares are publicly traded.
EU-listed companies represent the second major category. This includes any company with securities admitted to trading on an EU-regulated market, including listed SMEs. The exception is listed micro-undertakings, which remain outside scope. A mid-cap technology company listed on Euronext Amsterdam, for instance, would need to comply with CSRD even if it doesn’t meet the large company thresholds.
Non-EU parent companies with significant EU operations also fall within CSRD’s reach. Specifically, if a third-country group generates over €150 million in consolidated net turnover within the EU and has at least one large or listed EU subsidiary (or a significant EU branch), it must report. Consider a US-headquartered corporation with multiple European subsidiaries collectively generating €200 million in EU revenue—this group would need to produce CSRD-compliant reports for its EU operations.
The scale of impact is substantial. In the Netherlands alone, over 1,000 companies are estimated to fall under CSRD requirements. Similar increases apply across other EU member states, representing a fundamental expansion of corporate reporting obligations.
| Category | Key Thresholds | Example |
|---|---|---|
| Large EU undertakings | 2 of 3: >250 employees, >€50M turnover, >€25M assets | German manufacturing group |
| Listed companies | Securities on EU regulated market (except micro) | Tech SME on Euronext |
| Non-EU groups | >€150M EU turnover + EU subsidiary/branch | US parent with EU operations |
It’s worth noting that the Omnibus Simplification Package proposes raising certain thresholds—for example, potentially increasing the employee threshold to 1,000 for some requirements. However, companies should not rely on potential exemptions without confirmed legal changes. The prudent approach is to prepare for compliance based on current rules while monitoring legislative developments.
When do CSRD reporting obligations start? (Timeline and phasing-in)
CSRD reporting requirements are phased in over several financial years, with start dates depending on company type and size. Understanding where your organization falls in this timeline is essential for planning your compliance efforts.
| Phase | Financial Year | Report Published | Companies Covered |
|---|---|---|---|
| Wave 1 | 2024 | 2025 | Companies already under NFRD (large PIEs with >500 employees) |
| Wave 2 | 2025 | 2026 | Other large EU companies meeting CSRD thresholds |
| Wave 3 | 2026 | 2027 | Listed SMEs, small non-complex credit institutions, captive insurers |
| Wave 4 | 2028 | 2029 | In-scope non-EU groups with significant EU turnover |
Wave 1 (Financial Year 2024, reporting in 2025) applies to companies that were already subject to NFRD—primarily large public interest entities with more than 500 employees. These organizations should already be collecting data and preparing their first CSRD-compliant annual report.
Wave 2 (Financial Year 2025, reporting in 2026) covers other large companies that meet the CSRD size thresholds but weren’t previously required to report under NFRD. If your company crosses the 250-employee or €50 million turnover thresholds, this is likely your starting point.
Wave 3 (Financial Year 2026, reporting in 2027) brings listed SMEs into scope, along with certain small and non-complex credit institutions and captive insurance undertakings. Listed SMEs have some opt-out flexibility until 2028, providing additional preparation time if needed.
Wave 4 (Financial Year 2028, reporting in 2029) extends requirements to qualifying non-EU companies—those third-country groups generating over €150 million in EU turnover with significant EU presence.
Member States may introduce specific implementation details through national law, but they cannot delay the EU-wide minimum schedule. Companies should monitor both EU announcements and their home country’s transposition legislation throughout 2025-2026, particularly given the Omnibus Package’s potential adjustments to timelines for smaller entities.
What exactly must companies report under CSRD?
CSRD reporting goes far beyond checking boxes on a compliance checklist. The directive requires both narrative and quantitative disclosures covering strategy, governance, risks, targets, and performance across all material ESG topics.
At the heart of CSRD reporting lies the principle of double materiality. This concept requires companies to assess and disclose information from two distinct perspectives. Impact materiality asks: how does your business affect people and the environment? This includes your carbon emissions, workforce practices, and effects on affected communities throughout your value chain. Financial materiality asks the reverse: how do sustainability matters affect your company’s financial performance, position, and prospects? This covers risks to cash flows, access to capital, and potential opportunities from the transition to a sustainable economy.
Companies must embed sustainability considerations across several key disclosure areas. Your business model and strategy must be explained in relation to sustainability, including credible transition plans aligned with climate change mitigation goals and the path to climate neutrality by 2050. Governance disclosures must cover how company boards and management oversee sustainability matters, including any incentive structures tied to ESG performance.
Risk and opportunity management receives significant attention under CSRD. Companies must identify sustainability risks and opportunities across the entire value chain—not just direct operations—and explain how these are being managed. This extends to supply chain due diligence and the environmental impacts of upstream and downstream activities.
Policy and action disclosures cover the full spectrum of sustainability matters: climate change mitigation and adaptation, pollution prevention, protection of marine resources and biodiversity, circular economy practices, workforce conditions, human rights in operations and supply chains, and business conduct including anti-corruption measures.
Targets and performance metrics require measurable KPIs, baselines, and progress tracking. If your company sets a greenhouse gas reduction target, you must explain the methodology, timeline, and intermediate milestones. CSRD requires companies to report scope 3 emissions—indirect emissions occurring throughout the value chain—which often represent the majority of a company’s environmental footprint.
To illustrate the level of detail expected, consider biodiversity reporting under ESRS E4. Companies with material impacts on ecosystems must disclose habitat-related metrics, negative impact assessments on species and ecosystems, and specific mitigation or restoration actions. This isn’t high-level narrative—it’s granular, verifiable data.
CSRD also requires reporting across different time horizons (short, medium, and long term), helping investors understand both immediate risks and long-term strategic positioning. The directive explicitly aims to provide valuable insights into how companies are preparing for the transition to net-zero.
European Sustainability Reporting Standards (ESRS)
The European Sustainability Reporting Standards are the detailed rulebook that transforms CSRD’s high-level requirements into specific disclosure obligations. Understanding ESRS is essential because these standards define exactly what information you must collect, calculate, and publish.
In November 2022, the European Financial Reporting Advisory Group (EFRAG) submitted the first set of 12 draft ESRS to the European Commission. After revisions, the Commission adopted these as delegated acts in mid-2023, making them legally binding for CSRD reporting starting with financial years beginning on or after January 1, 2024.
The ESRS architecture comprises two cross-cutting standards and ten topical standards:
| Standard | Coverage |
|---|---|
| Cross-cutting | |
| ESRS 1 | General requirements (principles, concepts, structure) |
| ESRS 2 | General disclosures (mandatory for all reporters) |
| Environmental | |
| ESRS E1 | Climate change |
| ESRS E2 | Pollution |
| ESRS E3 | Water and marine resources |
| ESRS E4 | Biodiversity and ecosystems |
| ESRS E5 | Resource use and circular economy |
| Social | |
| ESRS S1 | Own workforce |
| ESRS S2 | Workers in the value chain |
| ESRS S3 | Affected communities |
| ESRS S4 | Consumers and end-users |
| Governance | |
| ESRS G1 | Business conduct |
The general disclosures under ESRS 2 are mandatory for all CSRD reporters—there’s no materiality exemption. These cover fundamental information about governance, strategy, and how the company identifies material sustainability issues.
For topical standards (E1-E5, S1-S4, G1), companies apply them based on their double materiality assessment. If climate change is material to your business (which it likely is for most companies), ESRS E1 applies in full. If your operations have minimal interaction with marine resources, ESRS E3 may not require extensive disclosure.
Sector-specific standards are still under development, with the Commission currently postponing sector ESRS to at least June 2026. The 2025 Omnibus Simplification Package also aims to reduce complexity for listed SMEs, potentially providing simplified reporting options.
Both Disclosure Requirements (the “what”) and Application Guidance (the “how”) within ESRS carry significant weight. Together, they define how detailed and forward-looking sustainability reporting must be—and they represent a substantial step-up from previous voluntary ESG reporting frameworks.
ESG data, technology and assurance under CSRD
CSRD elevates sustainability data to the same level of governance and reliability expected from financial data. This has profound implications for how companies collect, manage, and verify non-financial data.
For most organizations, current approaches to sustainability data collection—often based on spreadsheets, manual calculations, and decentralized processes—simply won’t scale to meet CSRD requirements. Companies need robust data collection systems capable of gathering information across their entire value chain, including historical baselines and forward-looking projections that extend beyond direct operations.
The data and technology challenges are substantial. First, organizations must integrate ESG data into enterprise systems—whether that’s connecting to existing ERP platforms, implementing dedicated sustainability reporting software, or building data pipelines that consolidate information from subsidiaries, suppliers, and other value chain partners. Second, companies need clearly defined methodologies and assumptions for calculating metrics like scope 3 emissions or social impact indicators, along with documented internal controls that ensure data quality. Third, CSRD requires machine-readable reporting through the European Single Electronic Format (ESEF), with digital tagging of sustainability information. This means your sustainability data must be structured for automated checking and comparison in the European single access point database.
Assurance requirements add another layer of rigor. CSRD requires companies to publish regular reports that are verified by an external auditor or independent assurance provider. Initially, limited assurance is required—meaning the auditor reviews the organization’s processes and statements without deep operational examination. However, EU plans anticipate moving toward reasonable assurance (similar to financial audit standards) later in the decade, potentially around 2030. This escalation means assurance processes will become progressively more demanding.
Member States designate who can provide this third-party auditing—typically statutory auditors or other accredited sustainability assurance providers. Sanctions for non-compliance vary by jurisdiction. Draft German legislation, for example, contemplates fines reaching several million euros or a percentage of turnover for material misstatements or failure to report.
The message is clear: companies should treat sustainability data with the same discipline applied to financial reporting. Waiting until the last minute to build these capabilities creates significant compliance risk.
How to prepare for CSRD: practical steps for companies
Preparation for CSRD compliance typically takes multiple reporting cycles. If your first mandatory reporting year is 2025 or 2026, you should already be in active preparation mode. If it’s 2027 or beyond, now is the time to start building foundations.
Step 1: Determine your scope and timeline. Start by confirming whether your company falls within CSRD scope using the legal thresholds discussed earlier. Consider group structures carefully—if you’re a subsidiary of a larger group, reporting obligations may flow from the parent level. Identify your specific start date and work backward to establish a realistic preparation timeline.
Step 2: Conduct a robust double materiality assessment. This is the foundation of CSRD compliance. You’ll need to identify which sustainability issues are material from both impact and financial perspectives. This isn’t a desktop exercise—engage key internal stakeholders (finance, operations, risk, HR) and external stakeholders (investors, customers, civil society) to develop a comprehensive view. Document your methodology and conclusions, as auditors will review this assessment.
Step 3: Gap-analyze current reporting against ESRS requirements. Compare what you currently disclose with what ESRS mandates. For each applicable standard, identify missing data points, methodological gaps, and areas where internal controls need strengthening. This analysis reveals where to focus resources.
Step 4: Design your CSRD roadmap. Build a detailed implementation plan covering governance (who owns CSRD internally?), policies (what new procedures are needed?), data architecture (how will you collect value chain data?), technology (what systems require upgrades?), internal controls (how will you ensure data quality?), and training (who needs upskilling?). Assign clear ownership and timelines for each workstream.
Step 5: Pilot reporting before your mandatory year. If your first required report covers financial year 2025, consider producing a shadow report for 2024 that tests your data collection processes, narrative quality, and assurance readiness. Identifying problems during a pilot year is far better than discovering them when the report is legally required.
Cross-functional collaboration is essential. CSRD compliance isn’t solely an ESG team responsibility. Finance, risk management, IT, legal, internal audit, and business units all play critical roles. Treat this as an enterprise-wide transformation, not a standalone sustainability project.
Finally, consider the strategic upside. Companies that approach CSRD solely as a compliance burden miss the opportunity to leverage mandatory reporting for competitive advantage. Better understanding of sustainability risks improves risk management. Enhanced transparency strengthens investor communication. And systematically analyzing your business model through a sustainability lens often reveals improvement opportunities that benefit both the bottom line and broader stakeholders.
The companies that will navigate CSRD most successfully are those that start early, invest in proper data infrastructure, and view the directive as an opportunity to embed sustainability into core business strategy—not just a reporting exercise to complete once per year.
Key takeaways
- CSRD is EU legislation effective since January 2023 that dramatically expands mandatory sustainability reporting to nearly 50,000 companies
- The directive requires detailed disclosure on ESG impacts, risks, and opportunities across the entire value chain using European Sustainability Reporting Standards (ESRS)
- Double materiality assessment is fundamental—companies must report both how they affect sustainability matters and how sustainability matters affect their finances
- Reporting phases in from 2025 to 2029 depending on company size and type, with both EU and qualifying non-EU companies in scope
- Sustainability information requires external assurance, starting with limited assurance and moving toward reasonable assurance later this decade
- Preparation typically takes multiple reporting cycles—companies should begin now regardless of their specific start date
CSRD represents a fundamental shift in how businesses approach corporate sustainability. The days of voluntary, inconsistent ESG reporting are ending. Whether you view this as burden or opportunity depends largely on how early and strategically you prepare.
If your company falls within CSRD scope, the time to act is now. Determine your timeline, begin your double materiality assessment, and start building the data infrastructure you’ll need. The organizations that move early will find CSRD compliance manageable—and may even discover valuable insights that strengthen their business along the way.