The CSRD: Corporate Sustainability Reporting Directive

A new, ESG reporting mandate—the CSRD—is on the horizon. Although it is EU-based, it stands to affect thousands of companies—including many based in the U.S.—with reports due as soon as 2025. The following is a basic overview of what the CSRD involves, who it affects, when it’s happening, and—most importantly—how companies can start preparing now.
csrd eu - 1

What is the CSRD?

CSRD stands for Corporate Sustainability Reporting Directive. Recently approved by the European Commission, this directive replaces the EU’s Non-Financial Reporting Directive (NFRD), and will soon require many companies to follow more detailed ESG reporting requirements. Although the measure was adopted in the EU, it’s not just EU-based companies that will be affected. In fact, that at least 10,000 companies outside the EU will need to adhere to CSRD rules; one-third of those (roughly 3,300+) are estimated to be in the United States, 13 percent are Canadian, and 11 percent are British.
what is the csrd - 1

What makes NFRD and CSRD different?

The CSRD is different from past directives in that it is broader (a larger set of companies will have to comply), more robust (more detailed ESG data points will be involved), and, in effect, farther-reaching (more likely to affect companies outside the EU). You’ll find additional information on all of these factors below.
Finally, the CSRD aims to streamline and align with other international frameworks, including standards such as , ISSB (successor to SASB), and voluntary reporting frameworks such as TCFD.  So, if you’ve already started to build an ESG report based on one of these, you may have a head start. 

WATCH THE VIDEO: Eelco van der Enden, CEO of the GRI,

What is the purpose of CSRD reporting?

The overarching goal is to drive more sustainable business. The EU has long required most of its large and listed companies to disclose information on both the risks and opportunities they face as a result of social and environmental issues.  But lawmakers in the European Union believed that the existing policies weren’t doing enough to hold companies publicly accountable for their impact on people and the planet. In passing the CSRD, they are also responding to demands from investors and other stakeholders for more comparable, transparent sustainability information.
csrd requirements - 1

 

Which companies will need to comply with CSRD? And what is the CSRD timeline?

Within the EU, the standard is far reaching.  companies already included under the Non-Financial Reporting Directive (NFRD), large companies, and special interest companies will be affected first, with FY 2024 reports required by 2025. Eventually (between 2026 and 2029), all large* and most listed European companies will also need to comply.

In addition, non-EU companies that generate more than €150 million in revenue (roughly $163 million) within the EU, or with an EU branch generating more than €40 million, will also have to comply by 2029 (reporting on FY 2028).

*For EU companies, the CSRD defines “large” as any company that meets two of the following criteria:

  • More than 250 employees
  • More than €40 million in net revenue
  • More than €20 million in total assets
Notably, many more companies—in the U.S. and abroad—that fall outside the CSRD’s official scope will still find themselves affected when their EU partners are looking to them, as links in the value chain, for more detailed sustainability information. So even if you’re not an in-scope company, it still makes sense to be familiar with the coming standards.  
csrd reporting - 1

What kind of ESG data will the CSRD require companies to report?

The reports will need to follow European Sustainability Reporting Standards (ESRS), which are drafted and expected to be adopted by the EU formally in June 2023 under the guidance of the . (See where EFRAG fits into the ESG reporting landscape in the illustration below.) EU member states will then have until June 2024 to write the jurisdictional law within their country.

Meanwhile, we know from that companies could see as many as 85 disclosure requirements encompassing 1,100+ mandatory and material data points. 

 

UPDATE ON EUROPEAN SUSTAINABILITY REPORTING STANDARDS (ESRS) AS OF 7/31/23

What are ESRS, and how do they relate to required CSRD disclosures?

ESRS are European Sustainability Reporting Standards. All in-scope companies will need to structure their reports around these twelve standards. The first two (ESRS 1 and ESRS 2) are general or “cross-cutting” standards. The other ten apply to specific ESG (environmental, social, and governance) sub-topics, as follows:

CROSS-CUTTING

  • ESRS 1 - General Requirements (how to disclose)
  • ESRS 2 - General Disclosures (the only universally mandated element for all reporting companies)

ENVIRONMENTAL PILLAR

  • Climate change (ESRS E1) – Policies related to climate change mitigation and adaptation; actions and resources in relation to climate change policies; energy consumption and mix; gross scopes 1, 2, and 3 and total GHG emissions, GHG removals and GHG mitigation projects; internal carbon pricing; etc.
  • Pollution (ESRS E2)– Policies related to pollution; pollution of air, water, and soil; substances of concern; potential financial effects from pollution-related impacts; etc.
  • Water and marine resources (ESRS E3) – Policies related to water and marine resources, water consumption; etc.
  • Biodiversity and ecosystems (ESRS E4) – Policies, targets, actions, and resources related to biodiversity and ecosystems; etc.
  • Resource use and the circular economy (ESRS E5) – Targets related to resource use (inflows and outflows); waste; impact, risk, and opportunity management; etc.

SOCIAL PILLAR

  • Own workforce (ESRS S1) – Remuneration; social security; working hours; health and safety; sanitation; training and development; diversity; etc.
  • Workers in the value chain (ESRS S2) – Working conditions; equal opportunities/non-discrimination; forced labor; child labor; adequate housing; etc.
  • Affected communities (ESRS S3) – Economic, social, and cultural rights; civil and political rights; particular rights of indigenous communities; etc.
  • Consumers and end users (ESRS S4) – Privacy; freedom of expression; responsible marketing practices; etc.

GOVERNANCE PILLAR

  • Business conduct (ESRS G1) – Corporate culture and business conduct policies; management of relationships with suppliers; prevention and detection of corruption or bribery; political influence and lobbying activities; etc.

UPDATE: What is happening with the ESRS?

As of July 31, 2023, the EU has adopted the European Sustainability Reporting Standards and published them as “final rules.” The ESRS will now undergo a two-month scrutiny period wherein the European Parliament and EU states may reject the standards, but cannot amend them. By all accounts, these final rules are likely to pass and can be used by companies preparing to comply with the CSRD. For the first wave of companies affected, sustainability reports will be required as soon as fiscal year 2024 in the same time frame as financial reports are submitted.

What is noteworthy about the standards in the newly published final rules?

The ESRS maintains its “double materiality” perspective, obligating companies to report both on their impacts on people and the environment, and also on how social and environmental issues create financial risks and opportunities for the company.
Only ESRS-2 is now universally mandated for all reporting companies. Other elements of ESRS are required only if they related to an issue deemed to be material to the industry or to the specific firm. Covered firms are required to undertake robust materiality analyses using the dual materiality test.
Disclosure requirements subject to materiality are not voluntary. The information in question must be disclosed if it is material, and the undertaking's materiality assessment process is subject to external assurance in accordance with the provisions of the Accounting Directive.
E1 (Climate) and E2 (Own Workforce) are subject to materiality. If a company determines that these are NOT material disclosures, it must provide a detailed explanation as to why. For example, if a company concludes that climate change is not a material topic and therefore does not report in accordance with that standard, it has to provide a detailed explanation of the conclusions of its materiality assessment with regard to climate change. This requirement reflects the fact that climate change has wide-ranging and systemic impacts across the economy.
Smaller companies (especially those with 750 employees or fewer) will have more time to phase in more rigorous requirements. Companies with fewer than 750 employees may also defer:
  • the disclosure of Scope 3 greenhouse gas emissions (ESRS E1) and other disclosures on their own workforce (ESRS S1) in the first reporting year; and
  • the disclosures on biodiversity (ESRS E4 Biodiversity and Ecosystems), workers in the value chain (ESRS S2 Workers in the Value Chain), affected communities (ESRS S3 Affected Communities) and consumers (ESRS S4 Consumers and End-users) in the first two reporting years.
Some data points were labelled as voluntary in the drafts prepared by EFRAG. The European Commission has made additional disclosure requirements voluntary, for example:
  • Biodiversity transition plans;
  • Indicators on 'non-employees' in the company's workforce
  • Explanations of why the company has deemed a particular sustainability topic to be non-material. This concession is not allowed for climate change (ESRS E1)

The ESRS is almost fully aligned with now more closely aligned with ISSB, and  . In fact, according to the European Commission’s press release, “[The adopted standards] take account of discussions with the International Sustainability Standards Board (ISSB) and the Global Reporting Initiative (GRI) in order to ensure a very high degree of interoperability between EU and global standards and to prevent unnecessary double reporting by companies.”

Sustainability Reporting Standards and Frameworks Illustrated

 

double materiality - 1

What's the difference between the CSRD's mandatory and material data points?

Mandatory data points will apply to everyone. As of July 2023, only ESRS 2 - General Disclosures remains mandatory. Other disclosures will be subject to a materiality assessment.

Material data points are those that only apply to certain companies. For example, data points related to product design or packaging lifecycle would be material only to companies that produce a physical product, but not material to services firms. Another example: ESRS E4 - Biodiversity and ecosystems/deforestation would apply to companies using raw materials (e.g. cotton, cattle, soy, palm oil) extracted from forests and other ecosystems. 

What are some other key CSRD requirements?

The CSRD requires a value chain approach to sustainability management and disclosure, which means that impacts upstream and downstream from your operations must be considered.

The CSRD requires a “double materiality” reporting approach, which is broader than what some U.S. companies may be familiar with or prepared for, based on SEC or ISSB definitions of materiality. More on double materiality can be found below.

All reports must be audited by an independent third party (mandatory assurance).

Reports must be integrated into annual management reports, to include both financial and non-financial (sustainability/ESG) data.

Reports must align with European Sustainability Reporting Standards (ESRS), of which there are twelve.

Reported information must be tagged and submitted in a standard, digitized format (ESEF/XBRL), so as to be machine readable.

Reports must include Scope 3 emissions—indirect emissions that results from a company’s upstream and downstream activities.

What is “double materiality” and why is it important to CSRD compliance?

According to the SEC and ISSB, “materiality” focuses on information that is material to investors. Some companies, therefore, have focused their ESG reports only on financial risks faced by the company as a result of a changing climate and shifting social circumstances (i.e. looking at inward impacts). CSRD relies on a principle of double materiality, which means looking both ways, and thus creates a fuller picture of companies’ ESG risks and opportunities. Double materiality asks companies to disclose both financially material ESG impacts to the company and ESG impacts that the company has on the environment, climate, and society, in the course of doing business.

If my company has to comply with the CSRD, does it also have to report elsewhere?

Maybe. As you may know, a number of other ESG reporting rules and guidelines are currently under development. The SEC, for example, is close to releasing its final , including greenhouse-gas emission data. U.S.-listed companies may have to comply as early as 2025. Meanwhile, the ISSB is also finalizing guidelines on what climate information companies should report to investors.

Some standard setting bodies—like EFRAG, GRI, and ISSB—are working together to align reporting, while taking steps to ensure compatibility and interconnectedness of sustainability information.

What can companies do to prepare for the CSRD?

This is a big and complex question. The answer depends on what kind of company you are and where you currently stand in your ESG reporting journey. Here at the Boston College Center for Corporate Citizenship, we are deeply invested in helping —along with the rest of the CSR community—understand and prepare for tomorrow’s ESG landscape. If you’re looking for next steps, we can help.

How can ĂŰĚŇ´«Ă˝CCC help companies prepare for the CSRD?

If your company is a ĂŰĚŇ´«Ă˝CCC member, you have free access to our many resources, the 2023 ESG Reporting Bulletin from our Advisory Board on ESG Reporting, our  , plus unlimited , which can be used to ask us questions like: how to perform a double materiality assessment, how to conduct an ESRS gap assessment, etc.

Members can also commission a custom program—either online or onsite—for any team members tasked with getting up to speed on the CSRD or other ESG reporting frameworks.

 

If your company is NOT a ĂŰĚŇ´«Ă˝CCC member...

You are still eligible to enroll in our online or . You can also access the 2023 ESG Reporting Bulletin from our Advisory Board on ESG Reporting. Finally, we would encourage all ESG professionals to ask about . Not sure ĂŰĚŇ´«Ă˝CCC is right for your company? Browse this list of our current members.

Why should U.S. companies pay attention to the CSRD?

Three main reasons: 1.) you may be legally required to do so if your company has a strong presence in EU markets; 2.) your EU customers may need more detailed, standardized ESG data from you, as a supplier, in accordance with CSRD’s Scope 3 (supply chain) requirements; 3.) there are real and significant business advantages to being ahead of the curve on next-gen ESG reporting.

After all, the CSRD will help consumers, investors, and other stakeholders evaluate how well different companies are addressing key shifts that affect people and planet, as well as to better understand the social impact and environmental footprint different companies create in the course of doing business. Voluntarily aligning your reporting with CSRD could offer strategic advantages in terms of attracting top talent or gaining access to finance.

But this is not to say the CSRD (or any other ESG disclosure requirement) is only relevant to businesses from a compliance/risk management perspective. New requirements can catalyze corporate sustainability efforts by setting a baseline, which leading brands will strive to exceed. Directives like CSRD provide decision makers with a clear, comprehensive picture of where the market is operating and where they might differentiate themselves as corporate social responsibility leaders.

What’s the penalty for failing to comply with the CSRD?

The CSRD does not directly outline penalties for failure to comply. Instead, the directive explains that EU Member States should impose administrative sanctions and penalties that are “effective, proportionate and dissuasive,” based on the gravity and duration of the breach, the degree of responsibility, the financial strength of the company, the importance of profits gained or losses avoided through the breach, losses sustained by third parties, the level of cooperation by the company, and whether it had any previous infringements.