CSRD reporting: a complete implementation guide for companies

An estimated 49,000 companies across the European Union and beyond now fall within scope of the Corporate Sustainability Reporting Directive (CSRD), up from roughly 11,700 under the previous Non-Financial Reporting Directive (NFRD). According to EFRAG's 2024 implementation survey, fewer than 35% of newly in-scope companies had begun formal CSRD preparation by mid-2024, despite first reports being due as early as 2025. The directive mandates disclosure across 12 European Sustainability Reporting Standards (ESRS), requires independent limited assurance, and introduces the concept of double materiality as a binding assessment methodology. For companies inside or selling into the EU, understanding and executing CSRD compliance is no longer optional.

Why It Matters

The CSRD represents the most ambitious corporate sustainability disclosure regime ever enacted. Adopted by the European Parliament and Council in November 2022 and published in the Official Journal of the EU in December 2022, it transforms sustainability reporting from a voluntary, narrative exercise into a structured, auditable obligation on par with financial reporting (European Commission, 2022).

Three factors make CSRD compliance urgent. First, the directive carries enforcement teeth: EU Member States must transpose CSRD into national law and establish penalty regimes, with fines varying by jurisdiction but potentially reaching millions of euros for non-compliance. Second, the reporting requirements flow through value chains, meaning non-EU suppliers and partners of in-scope companies will face data requests regardless of their own reporting obligations. Third, financial institutions increasingly use CSRD-aligned data for lending and investment decisions, creating capital access implications for companies that cannot demonstrate compliance readiness.

The sheer breadth of CSRD also distinguishes it from prior frameworks. Unlike the Task Force on Climate-related Financial Disclosures (TCFD), which focused on climate, CSRD spans environmental, social, and governance topics across 12 topical standards plus two cross-cutting standards. Companies must report on everything from biodiversity impacts to workforce conditions, using a standardized digital taxonomy (XHTML tagging) that enables machine-readable comparison across the EU.

Key Concepts

Double Materiality

Double materiality is the conceptual foundation of CSRD. Unlike single (financial) materiality used by the ISSB and SEC, double materiality requires companies to assess sustainability topics from two perspectives simultaneously: impact materiality (the company's effects on people and the environment) and financial materiality (how sustainability issues create risks or opportunities for the company). A topic is material if it meets either threshold, ensuring that externalities are captured even when they do not yet affect the balance sheet.

EFRAG's Implementation Guidance IG 1 (2024) specifies that the double materiality assessment (DMA) must be documented, stakeholder-informed, and refreshed periodically. Companies that have only conducted single-materiality assessments under GRI or TCFD must expand their scope significantly.

European Sustainability Reporting Standards (ESRS)

The European Commission adopted the first set of 12 ESRS in July 2023 as delegated acts under the CSRD. These include two cross-cutting standards (ESRS 1 on general requirements and ESRS 2 on general disclosures) and ten topical standards spanning:

• Environment: E1 (Climate change), E2 (Pollution), E3 (Water and marine resources), E4 (Biodiversity and ecosystems), E5 (Resource use and circular economy)
• Social: S1 (Own workforce), S2 (Workers in the value chain), S3 (Affected communities), S4 (Consumers and end-users)
• Governance: G1 (Business conduct)

ESRS 2 is mandatory for all in-scope companies. The topical standards (E1 through G1) are subject to the double materiality assessment, meaning companies disclose only on topics deemed material. However, if a company determines that climate change (E1) is not material, it must provide a detailed explanation of its reasoning.

Value Chain Reporting

CSRD explicitly requires companies to report on upstream and downstream value chain impacts, risks, and opportunities. This extends data collection well beyond the reporting entity's own operations. EFRAG's transitional provisions allow companies to use estimates and sector averages for value chain data during the first three reporting years, but the expectation is that data quality will improve over time.

Regulatory Timeline

Phase	Companies in Scope	First Reporting Year	First Report Due
Phase 1	Large public-interest entities already subject to NFRD (>500 employees)	FY 2024	2025
Phase 2	Other large companies meeting 2 of 3 criteria: >250 employees, >EUR 50M revenue, >EUR 25M total assets	FY 2025	2026
Phase 3	Listed SMEs (excluding micro-undertakings)	FY 2026	2027 (opt-out possible until 2028)
Phase 4	Non-EU companies with >EUR 150M EU net turnover and at least one EU subsidiary or branch	FY 2028	2029

The European Commission adopted simplified ESRS for listed SMEs (LSME standards) in 2024, reducing data points by roughly 75% compared to the full standards.

Who Must Comply

CSRD's scope is deliberately broad. Large EU companies meeting two of three size thresholds (250 employees, EUR 50 million net turnover, EUR 25 million balance sheet total) are captured regardless of whether they are publicly listed. This alone brings an estimated 40,000 companies into scope for the first time (Accountancy Europe, 2024).

Non-EU parent companies with more than EUR 150 million in annual EU turnover and at least one EU subsidiary or large branch must also comply under Phase 4, beginning with FY 2028 reports. This provision captures major US, UK, and Asian multinationals with significant European operations.

Even companies not directly in scope face indirect compliance pressure. In-scope companies must report on value chain sustainability impacts, which means they will request detailed environmental and social data from suppliers, distributors, and business partners. A 2025 survey by PwC found that 62% of mid-market companies in the EU had already received CSRD-related data requests from customers, despite not being directly subject to the directive themselves.

Compliance Requirements

CSRD compliance involves several interconnected obligations:

Double materiality assessment: Companies must conduct and document a DMA identifying which ESRS topics are material. The assessment must consider both impact and financial materiality, involve relevant stakeholders, and be approved by governance bodies.

ESRS-aligned disclosures: For each material topic, companies must report using the specific disclosure requirements and data points prescribed by the relevant ESRS. EFRAG's data point catalog identifies over 1,100 individual data points across the full set of standards.

Digital tagging: All sustainability statements must be prepared in XHTML format and tagged using the ESRS XBRL taxonomy, enabling digital comparison and analysis by regulators and investors.

Limited assurance: CSRD reports must be subject to independent assurance at a limited level, with a planned transition to reasonable assurance by 2028. This represents a significant step up from the unaudited sustainability reports most companies have historically published.

Integration with management report: Unlike standalone sustainability reports, CSRD disclosures must form a dedicated section within the company's management report, placing them alongside financial statements in the annual filing.

KPI	Description	Benchmark
DMA completion rate	Percentage of ESRS topics assessed for double materiality	100% of all 10 topical standards
Data point coverage	Share of required ESRS data points reported	>90% for material topics
Value chain data quality	Proportion of value chain metrics using primary vs. estimated data	>50% primary data by Year 3
Assurance readiness	Internal controls and documentation sufficient for limited assurance	Full readiness before reporting deadline
XHTML tagging accuracy	Percentage of data points correctly tagged per ESRS taxonomy	>99% for regulatory acceptance
Reporting cycle time	Months from fiscal year-end to published sustainability statement	<4 months aligned with annual report

Step-by-Step Implementation

Step 1: Establish governance and project ownership. Assign a senior executive sponsor (typically the CFO or Chief Sustainability Officer) and create a cross-functional steering committee spanning finance, legal, sustainability, operations, HR, and IT. CSRD compliance touches virtually every function; siloed approaches will fail.

Step 2: Conduct the double materiality assessment. Map all ESRS topics against your business model, value chain, and stakeholder landscape. Engage internal and external stakeholders through surveys, interviews, and workshops. Document thresholds for determining material topics and obtain board-level sign-off. Companies like Deutsche Telekom published their full DMA methodology in 2024 to demonstrate transparency and build investor confidence.

Step 3: Perform a gap analysis against ESRS requirements. For each material topic, compare your current data collection and reporting capabilities against the specific disclosure requirements and data points in the relevant ESRS. Identify gaps in data availability, quality, granularity, and systems infrastructure.

Step 4: Build data collection infrastructure. Implement or upgrade sustainability data management systems to capture ESRS-required metrics across operations and value chains. Prioritize automation where possible; manual spreadsheet-based processes will not scale to the volume and frequency of CSRD data demands. Siemens invested in integrating its sustainability data platform with its ERP systems during 2024 to ensure CSRD data flows mirror financial reporting processes.

Step 5: Engage the value chain. Develop supplier questionnaires, data sharing agreements, and capacity-building programs to collect upstream and downstream sustainability data. Start with your most significant value chain partners (by spend, impact, or risk) and expand coverage progressively.

Step 6: Prepare for assurance. Select an assurance provider early and engage them in a pre-assurance readiness assessment. Establish internal controls, audit trails, and documentation standards that mirror financial reporting rigor. The Big Four accounting firms (Deloitte, EY, KPMG, PwC) and specialized sustainability assurance providers are building dedicated CSRD practices.

Step 7: Implement digital tagging and reporting. Ensure your reporting software supports XHTML output and ESRS XBRL taxonomy tagging. Test the digital filing format well before the submission deadline to resolve technical issues.

Step 8: Iterate and improve. Use the transitional provisions (particularly for value chain data and certain datapoints with phase-in periods) strategically, but plan for full compliance. Build a multi-year roadmap that closes remaining gaps and transitions from limited to reasonable assurance.

Common Pitfalls

Treating CSRD as a sustainability team project. CSRD requires data from finance, HR, procurement, legal, and operations. Companies that assign compliance solely to sustainability departments consistently underestimate resourcing needs and miss cross-functional data points.

Underestimating the double materiality assessment. The DMA is not a checkbox exercise. Regulators and assurance providers scrutinize methodology, stakeholder engagement, and documentation rigor. Rushing through or outsourcing the DMA entirely without internal ownership creates audit risk.

Ignoring value chain data requirements. While transitional provisions offer short-term relief, companies that defer value chain engagement will face a data cliff when phase-in periods expire. Early movers build supplier relationships and data pipelines that laggards cannot replicate quickly.

Relying on existing ESG frameworks as sufficient. GRI, CDP, and TCFD disclosures overlap with CSRD but do not satisfy it. ESRS introduce unique data points, different materiality definitions, and specific formatting requirements. Companies that assume prior ESG reporting equals CSRD readiness will discover significant gaps.

Delaying assurance provider engagement. The assurance market for CSRD is capacity-constrained. Companies that wait until late in the reporting cycle to engage auditors risk delays, premium pricing, and limited provider choice.

Key Players

Regulatory and Standard-Setting Bodies

• European Commission — Adopted the CSRD and delegated ESRS standards; oversees EU sustainability reporting policy.
• EFRAG (European Financial Reporting Advisory Group) — Developed the ESRS technical standards and ongoing implementation guidance.
• European Securities and Markets Authority (ESMA) — Supervises enforcement and digital taxonomy for CSRD filings.
• International Auditing and Assurance Standards Board (IAASB) — Developing the International Standard on Sustainability Assurance (ISSA 5000) relevant to CSRD assurance.

Technology and Advisory Providers

• Workiva — Cloud reporting platform widely adopted for CSRD-compliant XHTML and XBRL tagging.
• Sphera — ESG performance and risk management software supporting ESRS data collection.
• Wolters Kluwer — Regulatory compliance and reporting solutions for EU sustainability frameworks.
• Deloitte, EY, KPMG, PwC — Big Four firms providing CSRD advisory, implementation, and assurance services.

Early Adopter Companies

• Deutsche Telekom — Published a comprehensive double materiality assessment and ESRS-aligned report ahead of mandatory deadlines.
• Holcim — Integrated CSRD-aligned climate disclosures with its financial reporting cycle as a Phase 1 reporter.
• Siemens — Invested in sustainability data infrastructure to align CSRD reporting with enterprise ERP systems.

Action Checklist

• Determine your company's CSRD phase and first reporting year based on entity size, listing status, and EU presence
• Appoint a cross-functional CSRD steering committee with executive sponsorship from the CFO or equivalent
• Conduct a comprehensive double materiality assessment covering all 10 topical ESRS, with documented methodology and stakeholder input
• Perform a gap analysis comparing current data capabilities against required ESRS disclosure requirements and data points
• Invest in sustainability data management systems capable of automated collection, validation, and XHTML/XBRL output
• Engage key value chain partners with structured data requests and capacity-building support for upstream and downstream metrics
• Select and engage an assurance provider for pre-assurance readiness assessment at least 12 months before the first reporting deadline
• Establish internal controls and audit trails for sustainability data that mirror financial reporting standards
• Build a multi-year compliance roadmap covering transitional provisions, phase-in data points, and the shift from limited to reasonable assurance

FAQ

Q: Does CSRD apply to non-EU companies? A: Yes. Non-EU parent companies generating more than EUR 150 million in annual net turnover within the EU, with at least one EU subsidiary or large branch, must comply beginning with FY 2028 reports (due in 2029). Additionally, non-EU companies in the value chains of EU reporters will face indirect data requests.

Q: How does CSRD differ from ISSB/IFRS S1 and S2? A: The most significant difference is materiality scope. ISSB uses single (financial) materiality, focusing on how sustainability issues affect enterprise value. CSRD uses double materiality, also capturing the company's impacts on people and the environment. CSRD also covers a broader range of topics (12 standards vs. ISSB's two) and requires digital tagging and third-party assurance.

Q: What level of assurance is required? A: CSRD initially requires limited assurance, which is a lower level of verification than the reasonable assurance applied to financial statements. The European Commission plans to transition to reasonable assurance by 2028, subject to a feasibility assessment. Companies should prepare for this escalation by building robust internal controls from the outset.

Q: Can companies use GRI or CDP reports to satisfy CSRD? A: Not directly. While ESRS standards incorporate elements from GRI, CDP, and TCFD, they introduce distinct data points, reporting formats, and materiality requirements. Companies with mature GRI programs will have a head start but must still perform a gap analysis and adapt their reporting to meet ESRS specifications exactly.

Q: What are the penalties for non-compliance? A: Penalties are set at the Member State level and vary across the EU. Potential consequences include financial fines, public statements of non-compliance by regulators, and restrictions on access to public procurement or state aid. Reputational risk from non-compliance may prove equally significant as formal sanctions.

Sources

• European Commission. (2022). "Directive (EU) 2022/2464 on Corporate Sustainability Reporting." Official Journal of the European Union. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022L2464
• EFRAG. (2024). "ESRS Implementation Guidance: IG 1 on Materiality Assessment." https://www.efrag.org/lab6
• Accountancy Europe. (2024). "CSRD Implementation: Challenges and Opportunities for the Profession." https://www.accountancyeurope.eu/publications/csrd-implementation/
• PwC. (2025). "European ESG Reporting Survey: Readiness and Challenges." https://www.pwc.com/gx/en/services/audit-assurance/corporate-reporting/esg-reporting.html
• European Commission. (2023). "Commission Delegated Regulation on European Sustainability Reporting Standards." Official Journal of the European Union, C/2023/5303.
• IAASB. (2024). "International Standard on Sustainability Assurance 5000 (ISSA 5000)." https://www.iaasb.org/publications/proposed-international-standard-sustainability-assurance-5000
• Deutsche Telekom. (2024). "Double Materiality Assessment: Methodology and Results." https://www.telekom.com/en/corporate-responsibility/corporate-responsibility/double-materiality-assessment