The CSRD is European Union (EU) legislation, in effect since 5 January 2023, that requires EU businesses—including qualifying EU subsidiaries of non-EU companies—to report on the environmental and social impact of their business activities, and on the business impact of their environmental, social and governance (ESG) efforts and initiatives.
The goal of the CRSD is to provide transparency that will help investors, analysts, consumers, and other stakeholders better evaluate EU companies’ sustainability performance as well as the related business impacts and risks. Introduced as part of the European Commission’s Sustainable Finance Package, the CSRD notably expands the scope, sustainability disclosures and reporting requirements of its predecessor, the Non-Financial Reporting Directive (NFRD).
CSRD reporting is based on the concept of double materiality: Organizations have to disclose information on how their business activities affect the planet and its people, and how their sustainability goals, measures and risks impact the financial health of the business. For example, in addition to requiring an organization to report its energy usage and costs, CSRD requires them to report emissions metrics that detail how that energy use impacts the environment, targets for reducing that impact, and information on how achieving those targets will affect the organization’s finances.
All CRSD disclosures must be publicly available, and the CSRD mandates third-party auditing of all disclosures for accuracy and completeness.
Download the guide in an eBook . The European Union's Corporate Sustainability Reporting Directive explained, including compliance, reporting requirements, key dates and more.
Subscribe to the IBM Newsletter
In 2021, after evaluating information collected by the NFRD, the European Parliamentary Research Service (EPRS) identified several shortcomings1—including a lack of consistent and comparable data that could negatively impact sustainability investments and cause an increase in data costs for stakeholders.
The CSRD was introduced to improve the disclosure process and provide investors and consumers simpler, more consistent way to understand and compare the environmental, social and governance (ESG) impact of an organization’s activities, and to make better-informed decisions based on sustainability data.
Longer term, the overarching goals of the CSRD are to reduce climate risk and improve overall EU sustainability. Combined with Europe’s 2050 climate-neutrality target and European Green Deal initiatives, improved climate disclosures will help provide a “globally competitive and resilient industry, renovated energy efficient buildings and cleaner energy and cutting-edge clean technological innovation.”
By 2028, all of the following organizations, or undertakings, will need to comply with the CSRD:
These include any companies listed on an EU-regulated market exchange—except for ‘micro undertakings’ that fail to meet two of the following three criteria on consecutive balance sheet dates:
at least EUR 350,000 (437,500*) in total assets.
at least EUR 700,000 (857,000*) in net turnover (revenue).
at least 10 employees (average) throughout the year.
These include any listed or non-listed companies that meet two of the following three criteria on any two consecutive balance sheet dates:
at least EUR 20 (25*) million in total assets.
at least EUR 40 (50*) million in net turnover.
at least 250 employees (average) during the year.
These include non EU parent companies of EU subsidiaries, with annual EU revenues of at least EUR 150 million in the most recent two years, and also own:
a large EU-based undertaking, or
an EU-based subsidiary with securities listed on an EU-regulated market exchange, or
an EU branch office with at least EUR 40 million in net turnover.
CSRD compliance is being phased in from 2024 through 2029, and is based primarily on NFRD legacy or company size.
Starting in financial year 2024 (and reporting in 2025): Compliance is mandated for organizations (or 'entities') already mandated to comply with the NFRD. This includes all organizations listed in an EU-regulated market with 500 or more employees.
Starting in financial year 2025 (reporting in 2026): Compliance is mandated for large listed undertakings (see above) not already mandated to comply with the NFRD.
Starting in financial year 2026 (reporting in 2027): Compliance is mandated for small and medium-sized undertakings (also called small and medium sized entities, or SMEs)—companies listed on an EU-regulated market that meet at least two or three of the following criteria:
at least EUR 4 (5*) million in total assets.
at least EUR 8 (10*) million in net turnover.
at least 50 employees average throughout the year.
Starting in the financial year 2028 (reporting 2029): Compliance is mandated for third-country undertakings.
In 2022, the European Financial Reporting Advisory Group (EFRAG) released its first set of European Sustainability Reporting Standards (ESRS). The ESRS provide the framework for what metrics companies need to report, and how they need to report them, in order to meet CSRD disclosure requirements.
There are 12 ESRS in all, which detail disclosures and metrics across sustainability matters in four (4) categories:
Cross-cutting: General principles and general disclosures.
Environmental: Climate change, pollution, water and marine resources, biodiversity and ecosystems, resource use and circular economy.
Social: Own workforce, workers in the value chain, affected communities, consumers and end-users.
Governance: Business conduct.
Cross-cutting reporting is required of all organizations governed by the CSRD, while environmental, social and governance reporting is mandatory for those organizations that consider them material.
After EU Commission’s adoption in July 2023 and a scrutiny period by co-legislators that ended in October 2023, the ESRS will be published in the Official Journal of the EU as legally binding by the end of 2023.
As we are updating this article, the European Commission proposed to delay the creation of sector-specific ESRS (sector-specific standards) by two years. They are now expected to be released by June 2026, which should not impact the CSRD effective dates.
All CSRD reporting must meet the standard of double materiality. This means organizations must report on both:
Impact materiality—the impact their businesses have or are likely to have on sustainability matters (e.g., carbon emissions, workforce diversity, respect for human rights).
Financial materiality—the impact that sustainability matters have or are likely to have on the organization’s finances (e.g. cash flows, risk, access to funding).
Most organizations will conduct a double materiality assessment as a first step toward CSRD compliance.
Organizations will need to share data and provide management commentary on a number of topics, including (but not limited to):
Sustainability policies and due diligence
Companies need to outline specific policies pertaining to a number of sustainability matters—environmental protection, treatment of employees, management and corporate board diversity, social responsibility, human rights, anti-corruption and anti-bribery—and describe due diligence for tracking and enforcing these policies.
Target metrics and transition plans
Companies have to share their sustainability targets, progress toward achieving them, and how those targets align with a transition to a sustainable economy in general and with achieving net-zero emissions by 2050 in particular (as specified by existing EU laws).
Value and supply chains
Companies must disclose their due diligence process for identifying and mitigating the social and environmental impacts in their value chains and supply chains.
Sustainability risks
Companies have to document the risk various sustainability matters (e.g., climate change, fossil-fuel use or dependence) pose to the company, including the resilience of their business model in the face of these risks and the potential impact on stakeholders, shareholders, business operation and financial results.
The CSRD requires a third party to audit and assure the sustainability information and data included in the report. Initially, compliance will require the auditor to provide limited assurance, based largely on the organization’s representations, but within the next three years the CSRD will phase in a requirement for reasonable assurance, based on the auditor’s own examination and understanding of the organization’s operations, processes and controls.
The EFRAG is responsible for the new directive standards on behalf of the European Commission. A private association financed primarily by the EU, EFRAG advises European Commission on adopting international reporting standards for EU legislation.
To achieve this, EFRAG collaborates with several entities for technical advice, including the European Banking Authority (EBA), European Environment Agency (EEA), European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA). This collaboration aims to ensure coherence between the CSRD standards and EU laws.
Once the standards are set, EFRAG provides companies with the specific reporting requirements in the ESRS. Companies must gather this information and include these disclosures in company management reports to improve stakeholder accessibility. Companies must file an annual report via the European Single Electronic Format (ESEF), and digitally tag information using iXBRL so it is machine-readable for use in the European Single Access Point (ESAP).
The NFRD was adopted in adopted by the European Commission in 2014 to provide investors and stakeholders greater transparency into the ESG performance of companies.
The CSRD builds on the NFRD in several important ways:
The CSRD applies to many more businesses
Initially, CSRD requirements were meant to apply to more than 49,000 organizations. As we are updating this article, due to a recent EU Commission's proposition, this number will be reduced. However, significantly more companies will still be in scope for reporting, than under the NFRD, which mandates compliance from EU-based companies with more than 500 employees, and impacts only 11,700 companies.
The CSRD requires third-party auditing
CSRD reporting must be audited by a third party. Under the NFRD, third-party auditing is optional for most businesses.
CSRD reporting is broader in scope
CSRD reports must cover sustainability targets, risk and opportunity management, with a focus on forward planning. The NFRD allows companies more flexibility in how the report sustainability information.
CSRD requires a standalone report
NFRD reporting can be included as part of a business’ annual report.
CSRD requires a specific electronic format
CSRD reports must be submitted in ESEF/XHTML format, whereas the NFRD allows companies to choose their preferred format.
ESRS, which were developed by the EFRAG to align with the Task Force on Climate-related Financial Disclosures (TCFD) and Global Reporting Index (GRI). Adding to that, the EU Taxonomy Regulation, which took effect in 2021, requires companies to disclose the sustainability performance of their activities and will have to reflect this information in their CSRD disclosures.
Now, the CSRD will contain and feed information that financial entities require to comply with the Sustainable Finance Disclosure Regulation (SFDR). The information companies report for CSRD disclosure will help financial advisors and market participants meet these SFDR obligations. This creates a flow of data between agencies helping organizations provide accurate reporting to stay in compliance.
Achieving harmonized sustainability reporting requirements across the EU is possible through the alignment of different regulations. This coordination provides stakeholders and consumers consistent information about companies’ environment impacts.
The CSRD requires EU member states to have an investigative and compliance entity in place to impose “effective, proportionate and dissuasive” penalties based on several factors, including the gravity and duration of the breach and the financial standing of the company. CSRD non-compliance penalties will be determined by individual member states based on relevant state laws. It’s recommended that every company stay up to date on any changes in legislation and obtain legal advice to ensure compliance and to avoid investigations and potential penalties.
To comply with the CSRD, companies will need to gather and consolidate large volumes of data. A strong ESG data foundation can help ease reporting, make CSRD disclosures auditable, and help organizations be better prepared for the changes coming into effect from 2024 onwards.
Collect, manage and report on your ESG data for CSRD compliance.
Save time and effort reporting to multiple ESG frameworks with one data set.
Leverage the right combination of people, process and technology to turn sustainability ambition into action and become a more responsible and profitable business.
Footnotes
1 Briefing: Non-financial Reporting Directive. European Parliamentary Research Service, 2021 (link resides outside ibm.com)
Dislcaimer
Page last updated: 27 November 2023.
The information contained in this website is provided for informational purposes only, and should not be construed as legal advice on any matter.
* As we are updating this article, the European Commission adopted a final text of the proposition to amend the thresholds in the Accounting Directive for determining the size category of a company to account for the impact of inflation. If there is no objection from EU co-legislators, the new thresholds will be in place before first reports would be required under the CSRD.