If your firm operates in the EU, chances are that you’re one of the nearly 50,000 companies in scope for the EU’s Corporate Sustainability Reporting Directive (CSRD) — the final piece in the EU’s sustainable finance regulation jigsaw. The CSRD requires all large companies and listed small- and medium-sized enterprises operating in the EU to disclose information on the risks and opportunities arising from social and environmental issues and the impact of their activities on people and the environment. The first batch of firms must report against the CSRD in 2025 for the 2024 financial year. If you’re subject to the first round of reporting and aren’t already deep in preparations, you need to get cracking.

What You Need To Know

The CSRD aims to help a variety of stakeholders evaluate corporate sustainability risks, direct capital flow toward sustainable activities, and change business conduct. The directive amends the existing reporting requirements of the Non-Financial Reporting Directive (NFRD) to align with the policy measures adopted under the European Green Deal and the EU taxonomy regulation and to support the sustainable finance package. Specifically, the CSRD:

  • Defines sustainability in terms of environmental, social, and governance (ESG) factors. The CSRD requires companies to disclose information on the environmental and social risks they face and on the environmental and social impact of their activities. The CSRD goes further than the approach and scope of the NFRD by clearly defining what companies need to report on and how.
  • Reinforces the principle of double materiality. The directive requires companies within its scope to perform materiality assessments on two dimensions, both “financial materiality” and “impact materiality.” The implementation of the double materiality principle represents a paradigm shift, urging companies to put stakeholder capitalism into practice and change how they create and report value.
  • Broadens the scope of who needs to report. Beyond the companies already subject to the NFRD, the revised directive applies to all large EU companies — i.e., companies that meet at least two of the following criteria: a turnover exceeding €40 million per year, a total balance sheet of more than €20 million, more than 250 employees —, listed EU and non-EU companies (except micro-enterprises), and third-country companies with either subsidiaries or branches in the EU. That’s an estimate of more than 50,000 companies in total.
  • Expands reporting boundaries. Beyond their own operations, companies’ reporting boundaries now extend to include impact, risk, and opportunity (IRO) across the entire value chain — both upstream (suppliers) and downstream (distributors, customers).
  • Prescribes how companies must report. The directive will standardize and digitize corporate sustainability reporting, requiring reports to be digitally tagged and machine-readable so that the data can be fed into the forthcoming European single access point database.
  • Requires the external audit of reported information. The CSRD requires that a statutory auditor provide assurance on corporate sustainability reporting on an annual basis.

What It Takes To Comply With The CSRD

The European Financial Reporting Advisory Group has developed the European Sustainability Reporting Standards (ESRS) to help companies report their corporate sustainability performance more efficiently. The ESRS aim to improve transparency, comparability, and accountability in corporate sustainability reporting by standardizing report structures, data aggregation processes, and formatting rules. The framework provides the blueprint for corporate sustainability statements (see figure). The ESRS1 sets out the general requirements that companies need to apply when preparing their sustainability statement, and the ESRS2 prescribes what companies should report on governance, strategy, and IRO management, as well as metrics and targets for all topics. The standards have been tailored to EU policies while building on and contributing to global standard-setting initiatives.

 

Scope of the CSRD reporting requirements

How You Should Respond

The high level of complexity and volume of ESG-related data requirements and the push toward integrated reporting will present significant operational challenges for organizations in the first years of adoption and implementation. Here’s what you need to do:

  • Establish strong governance structures. Companies need to adopt a centralized and coordinated approach to define and assign roles and ownership responsibilities; draw subject-matter expertise from different functions; integrate ESG data governance into their processes and IT systems; and eventually steer their ESG program beyond just compliance requirements.
  • Strengthen your data capabilities. The CSRD requires companies to identify, collect, curate, and report extensive amounts of ESG data. Firms need to address data architecture and migration challenges and invest in advanced tracking and measurement systems for trusted data — which includes in-depth supply chain assessments. Sustainability teams should collaborate closely with IT and data governance leaders to establish robust internal control systems and ensure accurate, reliable, and consistent ESG data.
  • Leverage existing capabilities, or partner to introduce new solutions. Companies must evolve their IT systems, enterprise architectures, and data management platforms to promote ESG data quality, integrity, consistency, and traceability. Leveraging in-house talent, software, and best practices for data management and reporting is advisable but might be insufficient. Many companies will need to invest in new partnerships and solutions.

Forrester clients can download our new report, Navigate The Requirements Of The CSRD, to better understand the CSRD’s business impact, guide their compliance efforts, and explore resultant opportunities. Clients can also connect with us through a guidance session to discuss the business implications of the CSRD.