The CSRD is intended to replace the Nonfinancial Reporting Directive (NFRD) and amend several other existing directives and regulations. It is also intended to broaden the scope of the NFRD and to integrate ESG reporting into core business practices by making ESG another annual management reporting requirement for every European “company” (as defined in Article 3 of the related Accounting Directive). The first European companies required to comply (those currently subject to the NFRD) will begin reporting in 2025 using 2024 data. The next wave (large companies not in scope for the NFRD) will then commence the following year. Note these companies are also responsible for reporting “information at the level of their subsidiaries”. Following on from this, listed SMEs will then be required to report (in 2026 with an opt out to 2028). Non-European companies will also be required to comply if they generate “a net turnover of €150 million in the EU and have at least one subsidiary or branch in the EU. These companies must provide a report on their ESG impacts, namely on environmental, social and governance impacts, as defined in this directive”1.
There are several aspects of the CSRD that aren’t final yet. The CSRD itself is in its final stages of approval and then will come into force 20 days after publication in the Official Journal of the European Union. Additionally, the content of the CSRD (the ESRS) are currently undergoing public consultation.
The ESRS exposure drafts were released in April and are currently under public consultation until 8 August. Prior to that and as part of the development of the standard by EFRAG (the body tasked with development), there was an alignment exercise between the ESRS content and other EU initiatives on sustainable finance, in particular the Sustainable Finance Disclosure Regulation (SFDR) and the Taxonomy Regulation. Additionally, EFRAG consulted with GRI, WICI, and SHIFT and reviewed related legislation to ensure the standard’s requirements didn’t contravene Member State laws (an example: privacy laws related to some elements of workforce demographic data disclosure requirements in the “Own Workforce – ESRS S1” standard).
The ESRS consists of four categories of reporting (Environmental, Social, Governance, and Cross Cutting) and underneath these categories, thirteen areas. Within the thirteen areas (see Table 1) there are a varying number of specific disclosures (or elements) required.
The guidance follows an opt out approach, in other words all elements are considered material unless it can be demonstrated via a materiality assessment or through an analysis that determines the nature of the business that the category or element within the category is not material. Materiality assessments can be direct stakeholder engagement or representative, but if representative, the work must be showed as to how stakeholder needs are addressed. A disciplined approach must be followed and double materiality (stakeholder impact and financial impact) must be considered.
The guidance requires not just entities included in the financial consolidation scope to disclose, but also related upstream and downstream entities in the value chain. The implications of this appear to be that even if a company is not in scope for reporting, they could still be required to disclose certain information because they are a part of an in-scope company’s value chain. The standard requires data on the value chain when necessary to understand risks and provide complete information. This is balanced by the impracticability clause which states when collecting the data is impracticable, then the entity can use approximations based on group data, sectoral data that is comparable, etc. The more operational influence the undertaking has, the greater the presumption that source data will be available. Supply chain data is already being explored by many companies with respect to carbon (Scope 3) emissions, human rights due diligence, and other topics. The CSRD will broaden these topical disclosures dramatically to all topics within the scope of materiality.
There are guidelines on reporting as well. The report can be contained in one section of the management report which has all disclosures, or in four sections of the management report (General information, Environment, Social, Governance) or in disaggregated chapters of the management report. The CSRD isn’t just intended to be read by individuals though, there is a wider intention to make summary data available and in support of this, the CSRD proposal would require companies to prepare the management report in accordance with the ESEF Regulation that includes tagging data for categorisation.
Toward a global standard
While the CSRD (and the ESRS standard in particular) is yet another standard with yet more disclosure requirements, it is aligned with global frameworks (GRI, TCFD, SFDR, etc.). Will it become THE global standard though? As a European directive, technically it only applies to European undertakings (although the need to comply is broader and includes non-EU parent entities – see above).
According to the EU’s CSRD Guidance: “The proposed EU sustainability reporting standards would build on and contribute to standardisation initiatives at global level. This will require constructive two-way cooperation between EFRAG and relevant international initiatives. With a view to laying the groundwork for such cooperation, EFRAG and the Commission have convened two meetings in recent months with the main international sustainability reporting initiatives.”
One of those main reporting initiatives is governed by the International Sustainability Standards Board (ISSB). “The intention is for the ISSB’s standards to cover important sustainability topics (environmental, social, governance—ESG) on which investors want information. It is also the intention that the ISSB will develop both thematic and industry-based requirements.” The CSRD (ESRS standards) are also providing both topical and sectoral guidance and so there is the potential for alignment.
The Assurance Requirement
Undertakings must engage an independent auditor to provide assurance, a limited assurance standard will be developed by October 2026 with a reasonable assurance standard (a more robust requirement) due by October 2028. Until a standard is in place, the intention is to adopt non-binding guidelines for assurance based on existing global assurance standards (ex: ISEA3000).
The CSRD is going to impact nearly all of our member organisations in some way. It’s quite likely that as CSR and Sustainability Leaders, you will play a key role in the implementation of your organisation’s approach to CSRD. To prepare you, we recommend the following actions.
Would you like to know more about the CSRD and the management system structure you will be required to put in place to support compliance with the standard? Would you like to help shape Ireland’s implementation of the CSRD?
If so, please contact your Advisor or Maureen O’Donnell (Business Working Responsibly Mark Manager) at firstname.lastname@example.org.