The EU Corporate Sustainability Reporting Directive (CSRD) Explained

Passed by the European Union Council in November 2022, the Corporate Sustainability Reporting Directive (CSRD) was designed to make corporate sustainability reporting more prevalent, consistent, and standardized. It replaces the EU’s Non-financial Reporting Directive (NFRD), which was first adopted in 2014, and requires companies that fall within its scope to report on certain ESG data.

Under the CSRD, qualifying EU businesses will be required to report on material ESG impacts. This sweeping legislation aims to “modernize and strengthen” the rules surrounding what social and environmental information are required to report and gives investors and other stakeholders key information for financial decision-making.

In this article, we’ll break down the basics of the CSRD, including:

  • Affected companies
  • CSRD requirements
  • Required assurance standards
  • Enforcement measures
  • Timeline for implementation

Who does the CSRD apply to?

There are four broad groups that are impacted by the new CSRD rules:

  • Companies already subject to the NFRD: Companies that were already required to publish information under the NFRD should continue under the CSRD. Broadly, this includes more than 11,000 large “public-interest entities” with more than 500 employees, such as listed companies, banks, and insurance companies in the EU.
  • Large EU companies: As defined by the EU, this includes companies that meet at least two of the following criteria: 1) balance sheet over €20 million, 2) net turnover over €40 million, and 3) more than 250 employees.
  • Companies trading on EU regulated markets: Any small- or medium-sized company with securities listed on an EU regulated market falls under this umbrella. “Micro-companies”1 are exempt.
  • Non-EU companies with a net turnover of more than 150 million in the EU and an EU branch or subsidiary: This applies to non-EU companies with a net turnover of more than €150 million at the group level or individual level in the EU for each of the last two consecutive financial years. Any company that meets this criteria and has an EU subsidiary or branch (meeting one of the three criteria above) in the EU with a net turnover over €40 million in the preceding financial year is required to report under the CSRD.


The CSRD does provide some exemptions for subsidiaries. Until 2030, if the parent company is not an EU company, their subsidiary may prepare a consolidated sustainability report instead. For further clarification on the timeline required for non-EU companies to report on, please consult the Timelines for CSRD section below.

What’s required under the CSRD law?

The CSRD requires reporting in four key areas, outlined below.

1. Business model and strategy

Companies are expected to describe their business model and strategy, as well as the business’ resilience in relation to ESG risks and opportunities. Companies should explain how their strategy and model impact or are impacted by ESG topics—taking a double materiality approach to reporting.

Reporting companies should also provide information on any plans they have to ensure that the business model and strategy are compatible with:

  • A transition to a sustainable economy
  • The 1.5°C warming threshold in line with the Paris Agreement
  • Achieving climate neutrality by 2050
  • The latest science, including Intergovernmental Panel on Climate Change (IPCC) reports and reports by the European Scientific Advisory Board on Climate Change

2. Due diligence

Reporting on due diligence should include policies relating to how the company handles adverse impacts, processes implemented, and the outcome of those policies. Again, the CSRD takes a double materiality approach, asking companies to consider both how sustainability matters may impact the company and how company activities may adversely impact people and the environment.

The CSRD also asks companies to consider impacts along the entire value chain, including owned operations and supply chains. Similar to scope 3 greenhouse gas reporting, this encourages reporting companies to consider more widespread impacts and may have implications for relationships between reporting companies and their supply chain partners.

3. Risks and risk management

Companies are expected to report on both physical risk (tangible effects on the business) and transition risks (risks associated with adapting to a sustainable economy). Companies should also provide information on business resilience in the context of different climate scenarios.

4. KPIs and key issues

Companies are required to report on their sustainability targets and progress towards those targets. This includes the reduction of scope 1, 2, and 3 greenhouse gas emissions, as well as a breakdown of scope 3 categories.

The CSRD also specifically calls out reporting on social factors, such as working conditions of employees, collective bargaining, equality, diversity and inclusion, and human rights. Information on governance factors is also required, such as the ESG-related qualifications of supervising bodies, sustainability-related executive compensation, ESG-related internal control and risk management systems, and approaches to business ethics topics such as anti-corruption, bribery, and political activities.

What assurance standards are required under the CSRD?

The CSRD features mandatory assurance for reporting by an independent assurance service provider against sustainability reporting standards. These standards are being developed by the European Financial Reporting Advisory Group (EFRAG), with additional technical advice from other European agencies.

CSRD introduces a more robust approach toward the assurance of sustainability information. All reporting companies will be required to obtain limited assurance over their compliance with the sustainability reporting standards, their underlying materiality assessment process, and certain reported indicators. The level of assurance needed may move towards reasonable assurance if assessed as feasible in the future.

In addition, to uphold the credibility and consistency of the report, EU Member States are required to ensure that a statutory auditor or audit firm provides an assurance opinion on the information provided in the disclosure. Alternatively, Member States may also allow independent assurance service providers to provide an assurance opinion. The assurance report must be publicly disclosed with the annual financial report.

How will CSRD requirements be implemented and enforced?

The CSRD does not directly enforce reporting requirements on individual companies. Instead, it directs EU Member States to interpret and apply its requirements through local laws, regulations, and administrative action. Sanctions for non-compliance or other infractions are similarly left up to individual Member States.

Timeline for CSRD implementation

The application of the CSRD will take place in four stages:

  • 2025: Reporting on FY2024 for large EU companies already subject to the NFRD
  • 2026: Reporting on FY2025 for large companies that are not currently subject to the NFRD
  • 2027: Reporting on FY2026 for listed small- and medium-sized companies, small and non-complex credit institutions, and captive insurance companies
  • 2029: Reporting on FY2028 for non-EU companies with a net turnover above €150 million in the EU if they have a branch or subsidiary in the EU that exceeds the thresholds (covered in the “Who does the CSRD apply to?” section above).

By the final stage, CSRD rules will apply to all companies that fall under the scope of the directive’s rules.

How to take action

Companies already reporting ESG data in line with sustainability standards and frameworks such as CDP, GRI, or the TCFD recommendations will have a head-start on developing an ESG reporting program that meets the CSRD’s requirements. Nonetheless, certain aspects of the directive—such as its emphasis on double materiality, its robust approach to assurance, or mandatory scope 3 reporting—may present additional challenges to which companies operating in the EU are expected to rise.

With CSRD reporting beginning in FY2024, companies still have some time to prepare. To get started, we recommend:

  • Performing a gap analysis. Understand where the gaps in your data are now, and take steps to close them.
  • Perform a materiality assessment. Your materiality assessment should be meaningful, actionable, and meet the criteria set out by the CSRD (as well as any other ESG standards your organization reports with).
  • Calculate your scope 1, 2, and 3 emissions. This full GHG inventory should be based on good quality data, fully documented, defensible, and audit-ready.
  • Build a relationship with a verifier. Given the CSRD’s standards for assurance, finding a qualified assurance body early, building that relationship, and beginning to better understand the assurance process will be crucial in the coming years.

To learn more about steps you can take to prepare, watch our recent webinar, Global ESG Reporting Trends: CDP, CSRD, ISSB, and More.


ADEC ESG Solutions provides fully-integrated industry expertise, software solutions, and data management to organizations leading global, sustainable change. Our expert technical teams help companies around the world develop sustainability strategies, manage their ESG data, and report on their progress. Talk to us today to learn more about how we can help your company meet its ESG goals.



1As defined by the EU, micro-companies or “micro-undertakings” are companies that meet at least two of the following criteria: 1) balance sheet under €350,000, 2) net turnover under €700,000, and 3) under ten employees.

Related Articles

By accomplishing and submitting this form, you authorize us to collect and store your personal information, and to use and process them in connection with your application[s]. You also agree to keep your information updated by re-submitting this form or by emailing us here.

You agree to hold us free and harmless for any damage or injury that may arise from the collection, storage, or processing of your personal information. To know more about our Data Privacy Policy, please visit privacy-statement.