The European sustainability reporting landscape is undergoing one of its most significant regulatory shifts in decades, with tens of thousands of companies now expected to disclose structured environmental, social, and governance data. At the centre of this transformation is the CSRD (Corporate Sustainability Reporting Directive), a new EU regulation that expands the scope, depth, and assurance requirements of non-financial disclosures.
For many organisations, CSRD reporting is no longer just a compliance exercise; it is becoming a strategic programme involving finance, risk, operations, and sustainability teams.
In this blog, we’ve explained what CSRD is, who it applies to, key timelines, reporting standards, and practical steps your business can take to prepare for reporting.
What is the CSRD?
The CSRD (Corporate Sustainability Reporting Directive) is a European Union legislation that came into effect on 5 January 2023 (first reports due 2025), significantly strengthening sustainability disclosure requirements for businesses operating in the EU.
Its core objective is to encourage organisations including qualifying non-EU subsidiaries to disclose their environmental, social and other micro ESG impacts.
This standardised and decision-useful information further assists investors, regulators, and other stakeholders in evaluating sustainability risks and comparing company performance, helping them make more informed capital allocation and governance decisions.
Introduced as part of the European Commission’s Sustainable Finance Package, CSRD is designed to improve transparency, comparability, and accountability in corporate sustainability reporting.
The directive substantially expands the scope and depth of the earlier Non-Financial Reporting Directive (NFRD), bringing many more organisations into the reporting net and mandating more detailed disclosures.
A master feature of CSRD reporting is the concept of double materiality, which requires companies to assess both: How sustainability issues affect their financial performance and how their activities impact the environment and society. We’ve discussed this ahead in the blog.
Why was the CSRD introduced?
The CSRD was introduced to address significant limitations or gaps in EU’s prior sustainability disclosure framework (the NFRD). While the NFRD was somewhat robust, many investors and regulators found that the reported ESG information was often inconsistent, difficult to compare across companies, and was insufficient for informed decision-making.
In practice, such varying reporting methodologies, selective disclosures, and limited assurance often created an accountability gap that reduced confidence in corporate sustainability “claims.”
During this very time, the European Union (EU) decided to set more ambitious goals for their climate and sustainability objectives, which included commitments under the European Green Deal and the long-term goal of achieving climate neutrality by 2050.
In fact, policymakers recognised that reliable, standardised ESG data would be critical to redirect capital flows towards sustainable activities and support the transition to a low-carbon economy.
By expanding disclosure requirements, bringing more companies into scope, and introducing standardised reporting frameworks, the CSRD seeks to improve the quality of ESG data, increase transparency, reduce greenwashing risks, and support an informed decision-making by investors and other stakeholders.
CSRD vs NFRD: Key Differences
The Corporate Sustainability Reporting Directive significantly expands and strengthens the Non-Financial Reporting Directive framework.
The table below highlights the most important differences organisations should understand when preparing for CSRD reporting:
| Aspect | NFRD (Non-Financial Reporting Directive) | CSRD (Corporate Sustainability Reporting Directive) |
| Scope of companies covered | ~11,700 large public-interest entities across the EU | Covers nearly 50,000 companies, including large EU firms, listed SMEs, and qualifying non-EU parent groups |
| Third-party assurance | External auditing of sustainability disclosures was not mandatory | Third-party assurance of sustainability reports is a mandatory requirement |
| Depth & breadth of disclosures | High-level, principle-based reporting with flexibility in methodology | Detailed disclosures on ESG targets, transition plans, risks, governance, and forward-looking strategy under standardised ESRS requirements |
| Reporting format and digital tagging | Flexible reporting formats with limited digital standardisation | Structured reporting in ESEF (XHTML format) with mandatory iXBRL digital tagging to improve data comparability and usability |
| Reporting structure | Sustainability information can be included within management reports or separate communication collaterals | Sustainability disclosures must be included in a clearly defined section of the management report, ensuring greater integration with financial reporting |
The CSRD directive represents not just an expansion in scope but a fundamental shift towards a more rigorous, data-driven sustainability reporting.
Who does the CSRD apply to?
The scope of the Corporate Sustainability Reporting Directive is significantly broader than previous EU sustainability disclosure rules, bringing a wide range of organisations into mandatory reporting.
CSRD applies to three main categories of undertakings based on listing status, size thresholds, and EU market presence, as follows:
- Listed undertakings in the EU
Companies listed on an EU-regulated market are generally required to comply with CSRD, except for micro-undertakings that fall below at least two of the following thresholds: €450,000 in total assets, €900,000 in net turnover, or an average of 10 employees during the financial year.
- Large EU undertakings (listed or unlisted)
Post-Omnibus I (2026), CSRD applies to large EU undertakings meeting both 1,000+ employees and €450M+ net annual turnover thresholds.
- Third country (non-EU) undertakings
Non-EU parent companies may fall within scope if they generate at least €150 million in net EU turnover for two consecutive financial years and have either a large EU subsidiary, a listed EU subsidiary, or an EU branch with more than €40 million in turnover.
- Global companies with EU presence
In practice, this also means that organisations headquartered outside Europe, let’s say an Indian manufacturing group with multiple EU subsidiaries or a US technology company listed on an EU exchange, may also be required to undertake CSRD reporting if the directive’s revenue and operational thresholds are met.
CSRD Compliance Deadlines: When Do You Need to Report?
CSRD implementation follows a phased timeline, gradually bringing different categories of companies into scope.
Understanding when your organisation must begin reporting is critical for planning governance structures, data systems, and assurance readiness.
Although deadlines have shifted under recent policy discussions and Omnibus simplification proposals, organisations are still expected to build internal ESG data capabilities well in advance of their reporting year to ensure compliance and avoid last-minute implementation risks.
| Wave |
Companies in Scope
|
Financial Year | Report Due By |
| 1 | Large, listed entities already subject to NFRD (>500 employees) | FY 2024 | 2025 |
| 2 | Large undertakings meeting certain thresholds (e.g., >1,000 employees and €450M + turnover or so) | FY 2027 | 2028 |
| 3 | Listed SMEs | Currently proposed to be “out of mandatory” scope | — |
| Non-EU | Third country (non-EU) parent companies with significant EU turnover | FY 2028 | 2029 |
Regulatory Update: In April 2025, the European Commission voted to postpone CSRD compliance timelines by two years for most companies, except for Wave 1 entities that were already subject to earlier reporting requirements.
What Does CSRD Require Companies to Report?
Under the Corporate Sustainability Reporting Directive, companies are required to disclose structured, decision-useful sustainability information aligned with the European Sustainability Reporting Standards (ESRS).
These disclosures go beyond high-level ESG narratives and require organisations to report on governance arrangements, risk management processes, strategy alignment, targets, transition plans, and measurable performance indicators.
The aim is to ensure sustainability information is comparable, auditable, and integrated with financial reporting.
A) The ESRS Framework
The ESRS was developed by the European Financial Reporting Advisory Group (EFRAG) to provide a standardised reporting architecture for companies falling within the CSRD scope. The current framework consists of 12 standards grouped into four categories.
First, cross-cutting standards establish general principles and disclosure requirements applicable to all organisations. These include foundational reporting elements such as governance structures, policies, risk management approaches, and strategic sustainability integration.
Second, environmental standards (E1–E5) cover key topics including climate change, pollution, water and marine resources, biodiversity and ecosystems, and resource use and circular economy.
Third, social standards (S1–S4) address one’s own workforce (and related impacts), value chain workers, affected communities, consumers and users.
Finally, the governance standard (G1) focuses on business conduct, internal controls, and ethical management practices.
While cross-cutting standards are mandatory for all in-scope companies, topical ESRS disclosures are required only where sustainability issues are deemed material. In addition, sector-specific ESRS are expected to be introduced by June 2026 to provide more tailored guidance for high-impact industries.
Following the recent changes in the Omnibus I proposal, the number of mandatory ESRS datapoints has reduced significantly (roughly from 1,100 to about 430) reflecting EU’s core efforts to streamline reporting.
B) Double Materiality
A central concept under CSRD reporting is double materiality, which requires companies to evaluate sustainability issues from two complementary perspectives.
The first is impact materiality (inside-out). This assesses how a company’s operations, products, and value chain activities affect the environment and society.
For example, organisations may need to evaluate impacts related to greenhouse gas emissions, resource consumption, labour practices, or community effects.
The second is financial materiality (outside-in). This focuses on how sustainability risks influence the company’s financial performance, position, or future cash flows.
For example, organisations may need to assess increased energy costs, climate-related supply chain disruptions, regulatory compliance expenses, or declining demand for high-emission products. These are factors that affect revenue projections, asset valuations, and long-term business resilience.
Companies are required to conduct structured double materiality assessments and disclose figures.
C) Specific Disclosure Areas
Beyond the structural requirements of the ESRS framework and double materiality assessments, CSRD also requires companies to disclose detailed information across several core sustainability domains, as follows:
- Sustainability policies and due diligence: Organisations must disclose policies, processes, and controls related to environmental protection, human rights, workforce conditions, and anti-corruption.
This includes explaining how adverse impacts are identified, prevented, mitigated, and monitored across operations and value chains.
- Targets, performance metrics, and transition plans: Companies are expected to report measurable sustainability targets and progress indicators, particularly for climate change mitigation.
This includes outlining credible net zero transition pathways aligned with global climate objectives such as those under the Paris Agreement.
- Value chain and supply chain impacts: CSRD places strong emphasis on upstream and downstream transparency.
Organisations must assess and disclose material impacts across their value chain, including Scope 1, 2, 3 emissions, supplier dependencies, and other ecosystem risks.
- Sustainability risks and business resilience: Companies must explain how environmental and social risks could affect financial performance, operations, or asset values.
They must further describe governance mechanisms and resilience strategies to manage long-term sustainability disruptions.
CSRD Auditing: Third-Party Assurance Requirements
Under CSRD, sustainability disclosures must be publicly available as part of the management report and are subject to mandatory third-party assurance. This represents a major shift from earlier frameworks, where external verification of ESG (Environmental, Social, Governance) information was often voluntary or limited in scope.
In practice, the directive initially requires limited assurance, where auditors perform focused reviews and analytical checks to assess whether the reported sustainability information “appears” correct, rather than conducting detailed and extensive testing.
The second type of assurance is reasonable assurance. This is a potential future requirement that would involve a more comprehensive audit approach, with deeper examination of data, operational processes, and internal control systems to confirm the accuracy and reliability of reported information.
CSRD mandates initial limited assurance for sustainability reporting, with a future goal to transition to reasonable assurance.
In fact, even the Omnibus I Simplification Package recommends retaining limited assurance.
Further, EU-wide standards for limited assurance are expected to be formally adopted by October 2026 to support consistent verification of sustainability disclosures.
CSRD Penalties for Non-Compliance
Penalties for non-compliance with CSRD are determined by individual EU member states, wherein they are required to establish their own measures that are proportionate, effective, and dissuasive.
Regulators may consider factors such as the severity and duration of the reporting breach, the degree of cooperation shown by the company, and the organisation’s financial position.
Given the variations in national enforcement approaches, we would also advise you to consult your legal counsel for any country-specific obligations that might need attention.
How to Prepare for CSRD Reporting: 5 Practical Steps
Preparing for CSRD requires a structured, cross-functional approach. The following steps can help you build readiness in a practical manner:
1. Conduct a readiness assessment and gap analysis
Start by evaluating current sustainability disclosures, policies, and data systems against CSRD and ESRS requirements. This helps identify missing datapoints, weak controls, and priority areas for implementation.
2. Perform a double materiality assessment
Systematically assess which sustainability topics are material from both impact and financial perspectives. This process determines the ESRS disclosures your organisation must prioritise while supporting reporting decisions.
3. Build scalable ESG data collection processes
Establish clear ownership for ESG metrics across functions and implement systems to track, store, and update data consistently. Automating workflows using Credibl’s AI-powered sustainability data management platform can reduce manual errors and improve reporting efficiency over time.
4. Engage stakeholders and train teams
CSRD compliance is not limited to sustainability teams. Organisations should involve finance, HR, operations, risk, and procurement functions early, while also engaging key suppliers and value chain partners where relevant.
5. Prepare for limited assurance
Develop structured documentation, evidence trails, and internal review mechanisms to support third-party verification. Regular compliance checks can help organisations identify gaps early and avoid last-minute reporting risks.
