← Blog
esg 2026-03-03 7 min read

EU CSRD: ESG Reporting Obligations Every Company Needs to Know

A comprehensive guide to the EU Corporate Sustainability Reporting Directive — who's in scope, double materiality requirements, ESRS standards, and the compliance timeline through 2029.

By AuditDSS Team

The EU Corporate Sustainability Reporting Directive (CSRD) has fundamentally changed how companies report on environmental, social, and governance performance. It replaces the Non-Financial Reporting Directive (NFRD) with requirements that are broader in scope, more granular in detail, and backed by mandatory assurance. If your organisation operates in or sells into the EU, the question isn’t whether CSRD applies — it’s when.

This guide covers the core obligations, who falls within scope, and the practical compliance steps that matter most in 2026.

What the CSRD actually requires

The CSRD mandates that in-scope companies publish sustainability reports as part of their annual management report. These reports must follow the European Sustainability Reporting Standards (ESRS), be digitally tagged in XHTML format using the European Single Electronic Format (ESEF), and be subject to limited assurance by an independent auditor.

That last point is critical. Unlike previous ESG disclosure frameworks that were largely voluntary and unaudited, CSRD reports carry the same legal weight as financial statements. Misstatements carry consequences.

The core reporting obligations include:

  • Environmental factors: Climate change mitigation and adaptation, water and marine resources, biodiversity, resource use and circular economy, pollution
  • Social factors: Own workforce conditions, workers in the value chain, affected communities, consumers and end-users
  • Governance factors: Business conduct, including anti-corruption, lobbying, payment practices, and supplier relationships

Each of these categories contains detailed disclosure requirements under the ESRS — 12 standards in total, plus sector-specific standards that are being phased in through 2026 and beyond.

Double materiality: the defining concept

The CSRD introduces double materiality as its foundational assessment methodology. This requires companies to report on sustainability matters from two perspectives simultaneously:

  • Impact materiality: How the company’s activities affect people and the environment (inside-out perspective)
  • Financial materiality: How sustainability matters create risks or opportunities that affect the company’s financial position (outside-in perspective)

A topic is material if it meets either threshold. This is a significant departure from the single-materiality approach used by frameworks like the ISSB standards, which focus primarily on financial materiality.

In practice, the double materiality assessment is where most compliance effort concentrates. Companies must evaluate their entire value chain — upstream suppliers through downstream customers — and identify which ESRS topics are material. The assessment must be documented, methodology must be disclosed, and the results determine which specific disclosures are required.

Topics assessed as non-material can be omitted from reporting, but the company must explain why they were excluded. This creates a “comply or explain” dynamic across all 12 ESRS standards.

ESRS standards breakdown

The European Sustainability Reporting Standards comprise two cross-cutting standards and ten topical standards:

Cross-cutting standards (mandatory for all in-scope companies):

  • ESRS 1: General requirements — principles, conventions, and concepts for preparing sustainability statements
  • ESRS 2: General disclosures — governance, strategy, impact/risk/opportunity management, and metrics

Environmental standards:

  • ESRS E1: Climate change (including Scope 1, 2, and 3 emissions)
  • ESRS E2: Pollution
  • ESRS E3: Water and marine resources
  • ESRS E4: Biodiversity and ecosystems
  • ESRS E5: Resource use and circular economy

Social standards:

  • ESRS S1: Own workforce
  • ESRS S2: Workers in the value chain
  • ESRS S3: Affected communities
  • ESRS S4: Consumers and end-users

Governance standards:

  • ESRS G1: Business conduct

Each topical standard contains specific disclosure requirements (DRs) and data points. ESRS E1 alone contains over 60 individual data points covering transition plans, GHG reduction targets, energy consumption breakdowns, and carbon pricing exposure. Across all standards, companies face hundreds of individual disclosure obligations — each with specific content, format, and boundary requirements.

Who is in scope and when

The CSRD phases in across four waves based on company size and listing status:

Wave 1 — Reporting in 2025 (for FY 2024): Large public-interest entities already subject to NFRD (500+ employees). These companies are already reporting.

Wave 2 — Reporting in 2026 (for FY 2025): All other large companies meeting two of three criteria: 250+ employees, EUR 50M+ net turnover, EUR 25M+ total assets. This is the wave hitting most large European companies now.

Wave 3 — Reporting in 2027 (for FY 2026): Listed SMEs, small and non-complex credit institutions, and captive insurance undertakings. Listed SMEs can opt out until 2028 with a simplified standard.

Wave 4 — Reporting in 2029 (for FY 2028): Non-EU companies with EUR 150M+ net turnover in the EU and at least one EU subsidiary or branch. This is the extraterritorial reach that brings US, UK, and Asian multinationals into scope.

The Wave 4 timeline matters enormously for non-EU headquartered companies. By 2029, any global company with significant EU revenue will need to report under CSRD — and the reporting covers the entire global group, not just EU operations.

Common compliance gaps

Based on early reporting cycles and auditor feedback, several patterns are emerging in CSRD compliance failures:

Value chain data: ESRS requires reporting across the full value chain, but most companies lack the data infrastructure to collect Scope 3 emissions, supplier workforce conditions, or downstream product impacts at the granularity required. The standards allow estimation and proxy data during a transition period, but the methodology must be disclosed and defensible.

Double materiality documentation: Companies are conducting materiality assessments but not documenting the process with sufficient rigour. Auditors expect to see stakeholder engagement records, threshold criteria, scoring methodology, and board-level sign-off.

Transition plan specificity: ESRS E1 requires a climate transition plan that isn’t aspirational — it must include specific targets, interim milestones, decarbonisation levers, and CapEx/OpEx allocation. Vague net-zero commitments without underlying action plans are being flagged.

Connectivity with financial statements: The CSRD explicitly requires that sustainability disclosures be consistent with and connected to financial statements. Material sustainability risks must be reflected in financial provisions, asset valuations, and risk disclosures. This integration is where finance and sustainability teams most frequently disconnect.

The broader ESG regulatory landscape

The CSRD doesn’t exist in isolation. It’s one component of the EU’s sustainable finance framework, alongside several other regulations that create overlapping and interconnected obligations:

  • SFDR (Sustainable Finance Disclosure Regulation): Requires financial market participants to disclose sustainability risks and adverse impacts. SFDR reporting relies heavily on CSRD data from investee companies.
  • EU Taxonomy Regulation: Requires disclosure of the proportion of revenue, CapEx, and OpEx aligned with the EU taxonomy of environmentally sustainable activities. Taxonomy-aligned reporting is a mandatory CSRD disclosure.
  • CBAM (Carbon Border Adjustment Mechanism): Imposes carbon pricing on imports of carbon-intensive goods. CBAM data on embedded emissions feeds into ESRS E1 reporting for affected importers.

These regulations reference each other. Taxonomy alignment data flows into CSRD reports. CSRD data feeds SFDR disclosures. CBAM reporting intersects with Scope 3 emissions calculations. Compliance with one regulation without understanding the others creates gaps.

Building a compliance programme

For companies approaching CSRD compliance in 2026, the practical steps are:

  1. Conduct the double materiality assessment with documented methodology, stakeholder engagement, and board approval
  2. Map applicable ESRS disclosures based on materiality results — identify every required data point
  3. Assess data availability across the value chain — identify gaps and establish collection processes
  4. Integrate sustainability and financial reporting processes to ensure connectivity
  5. Engage assurance providers early — limited assurance requirements mean auditors need to review methodology, not just outputs
  6. Monitor sector-specific standards being finalised through 2026 for additional disclosure requirements

The volume of individual obligations within the CSRD and connected regulations is substantial. Across the CSRD, SFDR, EU Taxonomy, and CBAM, companies face thousands of specific disclosure and procedural requirements — each with defined content, format, timing, and assurance expectations.

AuditDSS covers the CSRD, SFDR, EU Taxonomy, and CBAM as part of its ESG and environmental-energy regulation library, decomposing each regulation into testable obligations with dependency mapping across the interconnected EU sustainable finance framework. Explore AuditDSS.

Ready to score your compliance?

Upload your compliance document and get a risk-scored gap analysis in under 5 minutes.

Get started