The EU’s CSRD: A Guide for Corporate Directors

What is the Corporate Sustainability Reporting Directive (CSRD)?

The CSRD is the EU legislation, in effect since January 5, 2023, that requires EU businesses-including qualifying subsidiaries of non-EU companies—to report on the environmental and societal impact of their business activities, and on the business impact of their ESG efforts and initiatives.

The goal of the CSRD is to provide transparency that will help investors, analysts, consumers, and other stakeholders better evaluate EU companies’ sustainability performance as well as the related business impacts and risks. Introduced as part of the European Commission’s Sustainable Finance Package, the CSRD notably expands the scope, sustainability disclosures, and reporting requirements of its predecessor, the Non-Financial Reporting Directive (NFRD).

CSRD reporting is also unique because it is based on the concept of double materiality: organizations have to disclose information on how their business activities affect the planet and its people, and how their sustainability goals, measures, and risks impact the financial health of their businesses. For example, in addition to requiring an organization to report its energy usage and costs, CSRD requires them to report emissions metrics that detail how that energy use impacts the environment, targets for reducing impact, and information on how achieving those targets will affect the organization’s finances.

Which companies must comply with the CSRD?

By 2028, the following organizations, or undertakings, will need to comply with the CSRD:

Large-listed undertakings

These include any companies listed on an EU-regulated market exchange (except for ‘micro undertakings’ that fail to meet two of the following three criteria on consecutive balance sheet dates):

• at least EUR 350,000 in total assets
• at least EUR 700,000 in net turnover (revenue)
• at least 10 employees (average) throughout the year

EU-based large undertakings, listed or not

These include any listed or non-listed companies that meet two of the following three criteria on any two consecutive balance sheet dates:

• at least EUR 20 million in total assets
• at least EUR 40 million in net turnover
• at least 250 employees (average) during the year

‘Third-country’ undertakings

These include non-EU parent companies of EU subsidiaries, with annual EU revenues of at least EUR 150 million in the most recent two years and own:

• a large EU-based undertaking, or
• an EU-based subsidiary with securities listed on an EU-regulated market exchange, or
• an EU branch office with at least EUR 40 million in net turnover

When must companies comply with the CSRD?

CSRD compliance is being phased in from 2024 through 2029 and is based primarily on NFRD legacy or company size.

Starting in financial year 2024 (and reporting in 2025): Compliance is mandated for organizations (or ‘entities’) already mandated to comply with the NFRD. This includes all organizations listed in an EU-regulated market with 500 or more employees.

Starting in financial year 2025 (reporting in 2026): Compliance is mandated for large-listed undertakings (see above) not already mandated to comply with the NFRD.

Starting in financial year 2026 (reporting in 2027): Compliance is mandated for small and medium-sized undertakings (also called small and medium sized entities, or SMEs)—companies listed on an EU-regulated market that meet at least two or three of the following criteria:

• at least EUR 4 million in total assets
• at least EUR 8 million in net turnover
• at least 50 employees average throughout the year

Starting in the financial year 2028 (reporting 2029): Compliance is mandated for third-country undertakings.

What is scoped into CSRD reporting standards and disclosure requirements?

ESRS: In 2022, the European Financial Reporting Advisory Group (EFRAG) released its first set of European Sustainability Reporting Standards (ESRS). The ESRS provide the framework for what metrics companies need to report, and how they need to report them, to meet CSRD disclosure requirements.

There are 12 ESRS in all, which detail disclosures and metrics across sustainability matters in four (4) categories:

1. Cross-cutting: General principles and general disclosures
2. Environmental: Climate change, pollution, water and marine resources, biodiversity and ecosystems, resource use and circular economy
3. Social: Own workforce, workers in the value chain, affected communities, consumers, and end-users
4. Governance: Business conduct

Cross-cutting reporting is required of all organizations governed by the CSRD, while environmental, social and governance reporting is mandatory for those organizations that consider them material.

After EU Commission’s adoption in July 2023 and a scrutiny period by co-legislators that ended in October 2023, the ESRS will be published in the Official Journal of the EU as legally binding by the end of 2023.

Furthermore, the European Commission recently proposed to delay the creation of sector-specific ESRS (sector-specific standards) by two years. They are now expected to be released by June 2026, which should not impact the CSRD effective dates.

Double materiality: All CSRD reporting must meet the standard of double materiality. This means organizations must report on both:

• Impact materiality—the impact their businesses have or are likely to have on sustainability matters (e.g., carbon emissions, workforce diversity, respect for human rights)
• Financial materiality—the impact that sustainability matters have or are likely to have on the organization’s finances (e.g. cash flows, risk, access to funding)

Most organizations will conduct a double materiality assessment as a first step toward CSRD compliance.

Specific disclosures: Organizations will need to share data and provide management commentary on several topics, including (but not limited to):

Sustainability policies and due diligence

Companies need to outline specific policies pertaining to several sustainability matters—environmental protection, treatment of employees, management and corporate board diversity, social responsibility, human rights, anti-corruption, and anti-bribery—and describe due diligence for tracking and enforcing these policies.

Target metrics and transition plans: Companies must share their sustainability targets, progress toward achieving them, and how those targets align with a transition to a sustainable economy in general and with achieving net-zero emissions by 2050 in particular (as specified by existing EU laws).

Value and supply chains: Companies must disclose their due diligence process for identifying and mitigating the social and environmental impacts in their value chains and supply chains.

Sustainability risks: Companies must document the risk various sustainability matters (e.g., climate change, fossil-fuel use, or dependence) pose to the company, including the resilience of their business model in the face of these risks and the potential impact on stakeholders, shareholders, business operation and financial results.

Third-party auditing: The CSRD requires a third party to audit and assure the sustainability information and data included in the report. Initially, compliance will require the auditor to provide limited assurance, based largely on the organization’s representations, but within the next three years the CSRD will phase in a requirement for reasonable assurance, based on the auditor’s own examination and understanding of the organization’s operations, processes and controls.

Penalties for noncompliance: The CSRD requires EU member states to have an investigative and compliance entity in place to impose “effective, proportionate, and dissuasive” penalties based on several factors, including the gravity and duration of the breach and the financial standing of the company. CSRD non-compliance penalties will be determined by individual member states based on relevant state laws.

Where should the disclosures be made?

The CSRD requires the disclosure of sustainability information in a dedicated section with the management report. This is important to note, as it differs from other reporting frameworks, such as TCFD, which allows companies to make disclosures outside of the annual report. Companies must digitally tag reported sustainability information in accordance with a digital taxonomy, which will help users quickly locate the information they need.

Is there a requirement for independent assurance?

The CSRD introduces a more robust approach toward the assurance of sustainability information. From the first year of a company including CSRD disclosures, they will be required to obtain limited assurance over their compliance with the sustainability reporting standards, their underlying materiality assessment process, and certain reported indicators. The level of assurance needed may move towards reasonable assurance if assessed as feasible in the future.

To ensure consistency and connectivity of financial and sustainability information, a statutory or financial auditor will need to provide an assurance opinion over the sustainability report. Member states, however, can allow an independent assurance services provider, other than the company’s statutory auditor, to express this assurance opinion if the Member States’ set assurance quality standards are compiled with. The assurance report issues must be publicly disclosed with the annual financial report.

What will be common implementation challenges?

As companies move towards mandatory assurance over their sustainability disclosures, key common challenges will include the following:

• Significant time and resources will be required for specific disclosure requirements to be met – especially where changes to data processes, systems, and controls are needed to effectively meet the sustainability disclosure requirements
• The quality and transparency of disclosures will be subject to data quality, availability, and volume. Furthermore, for third parties to perform assurance procedures in line with CSRD, datasets must be well organized and evidence available to support the disclosures made.

How do we start to prepare?

In preparation for the requirements, executives should first assess the company’s material sustainability topics, compare them with the CSRD’s double-materiality requirements, and then evaluate whether your data processes and controls are fit-for-purpose. You can also consider a gap analysis or assurance readiness assessment. This will help identify areas that require immediate focus, determine the resources needed, and ultimately help you ensure your company is prepared.

Key takeaways for board members:

• The CSRD requirement will be a major lift for corporations and there are many nuances in the reporting effort
• Regardless of political risk and potential regulatory shifts in the US, CSRD requirements are not expected waiver and match other global efforts to streamline disclosure requirements (e.g., UK, Australia, Canada, Singapore, California, etc.)
• Given the resource intensity of the effort, leading companies will incorporate this exercise as part of a broader Sustainability and ESG strategy
• Business leaders should think beyond compliance and identify growth-opportunities that may be identified during the reporting process
• Companies will be better for building internal data management capabilities, understanding data gaps to ensure they can comply
• There will be other ESG and Sustainability reporting disclosures that require third party assurance, in addition to CSRD. Start now by conducting an assurance readiness assessment

Additional Telesto resources:

Find additional information on how to get started with ESG, additional resources for Corporate Directors, and build topical familiarity with our ESG Glossary as well as Telesto’s ESG Maturity Model.