CSRD: EU ESG disclosure rule is approved
CSRD: EU ESG disclosure rule is approved...

CSRD: EU ESG disclosure rule is approved

The Corporate Sustainability Reporting Directive will affect 50,000 companies

Alexis Kateifides Senior Counsel, OneTrust Centers of Excellence

clock6 Min Read

Featured Image

On November 28, the European Parliament and Council approved the Corporate Sustainability Reporting Directive (CSRD) to make businesses more publicly accountable for their societal and environmental impacts. First proposed by the European Commission in April 2021, the new rules amend reporting requirements under the existing Non-Financial Reporting Directive (NFRD). Aiming to address shortcomings in the NFRD and improve corporate accountability around non-financial reporting, the CSRD introduces more detailed reporting and independent auditing requirements. By putting financial and sustainability reporting on equal footing, the Parliament hopes to end greenwashing, strengthen Europe’s economy, and lay the foundation for global sustainability reporting standards.

“[This] means readability and simplicity in the information provided by companies, which must play their full part in society. Greenwashing is over. With this text, Europe is at the forefront of…setting high standards in line with our environmental and social ambitions.” – Bruno le Maire, French Finance Minister

In this article, we’ll address the following questions:

Watch the webinar “Unpacking the CSRD” to learn more about the steps your company can take to get ready for the CSRD

What’s the CSRD?

CSRD stands for Corporate Sustainability Reporting Directive and is a new rule to make sustainability disclosures by European companies more comprehensive and comparable to one another, like financial accounting and reporting. It is part of the European Union (EU) Action Plan on Financing Sustainable Growth (2018) and EU Green Deal (2019). These larger initiatives are focused on creating a common taxonomy and more consistent flow of standardized information from companies to investors and other stakeholders. Today, it can be difficult to compare and benchmark sustainability reports as the information disclosed varies widely across a multitude of reporting standards and frameworks. The CSRD aims to address this challenge by establishing standard ESG reporting requirements that meet the needs of all stakeholders.

What’s the difference between NFRD and CSRD? How will it affect my organization?

Under the NFRD, the current EU ESG directive for non-financial reporting, certain large companies are required to disclose information about environmental and social impacts across their operations and supply chain. The CSRD expands and replaces the NFRD, and it introduces more stringent reporting requirements for ESG factors, as well as third-party assurance. Key differences between NFRD and CSRD include:

4x more companies are affected: The NFRD applied to all listed companies with more than 500 employees (approximately 11,700 companies). The CSRD widens this threshold to include all companies, listed or not, that meet at least two out of these three criteria (approximately 50,000 companies):

  • More than 250 employees
  • Net turnover that exceeds EUR 40 million
  • Assets that exceed EUR 20 million

Additional reporting requirements: The CSRD adds several new requirements including:

  • Applying double materiality to identify ESG risks and opportunities on the business (outside-in) and how the business impacts people and planet (inside-out)
  • Integrating ESG disclosures into financial and management reporting
  • Providing more detailed information aligned with the EU Taxonomy and European Sustainability Reporting Standards (ESRS). This includes retrospective and forward-looking information on targets and progress, due diligence processes policies and processes across the value chain, risk management and controls, etc.
  • A mandatory third-party audit (assurance) for reported information
  • Assurance on alignment with the ESRS
  • Digital tagging of the reported information so it can be fed into the European Single Access Point (ESAP) database. More details on this will be available when the ESRS standards are released.

Which companies will the CSRD apply to?

EU businesses: For the 11,700 large companies currently reporting under NFRD requirements, the CSRD will apply from Jan 2024 with first reports due in 2025. For the additional 38,300 large companies that fall under the new criteria noted above, the CSRD will apply from Jan 2025 with first reports due in 2026. Small and medium enterprises (SMEs) listed on EU regulated markets will be subject to the CSRD from 2026 (first reports due in 2027), although they will be able to opt out during the transitional period (until 2028).

Non-EU businesses: Global companies with substantial activity in the EU (net turnover of at least EUR 150 million) will have to report on their ESG impacts as defined in the directive.

When will the CSRD be enacted into law? What’s the timeline?

Initially adopted on November 11, the EU Parliament and Council gave its final approval on the CSRD on November 28, and the legislative act was adopted. After being signed by the President of the European Parliament and the President of the Council, it will be published in the Official Journal of the European Union and will enter into force 20 days after publication. The new rules will then have to be integrated into member states’ national laws within 18 months. In parallel, the first set of ESRS standards is expected to be adopted by the end of 2022. The application of the regulation is expected to take place in four stages:

  • January 2024 for companies already subject to the NFRD (first reports due by 2025). This includes non-EU companies that meet the criteria noted above.
  • January 2025 for all other companies that fall under the CSRD expanded scope (first reports due by 2026)
  • January 2026 for listed SMEs except micro undertakings, small and non-complex credit institutions, and captive insurance undertakings (first reports due by 2027).
  • January 2028 for third-country undertakings (first reports due by 2029).

The EU also plans to adopt a second set of ESG reporting standards by Oct 2023 that will specify additional ESG disclosure requirements, including sector-specific considerations and simpler standards for SMEs.

How can OneTrust help?

ESG disclosure rules and standards continue to proliferate in the EU and elsewhere. At the same time, there is a growing trend toward universal ESG reporting standards that will meet the needs of all stakeholders – investors, policymakers, customers, partners, employees, and more. Staying ahead of these changes while building and scaling trust can be tough for many companies. The OneTrust ESG & Sustainability Cloud can help you instill trust with your key stakeholders with clear target setting, automated reporting, and transparent benchmarking. The ESG Cloud is part of the Trust Intelligence Platform™ from OneTrust that unifies and delivers visibility across four trust domain areas (privacy, GRC, ethics, and ESG). This enables companies to collaborate seamlessly and unlock value by doing what’s good for people and the planet.


Watch the webinar “Unpacking the CSRD” to find out how it will affect your company. 

You may also be interested in downloading the infographic:  NFRD vs CSRD

You Might Also Be Interested In

JANUARY 13, 2023

Addressing UK app Code of Practice requirements with OneTrust

JANUARY 12, 2023

Ultimate guide to the EU CSRD ESG regulation for businesses

JANUARY 11, 2023

Continuous improvement: The leading indicator for successful compliance programs

JANUARY 10, 2023

Build trust, promote your program in the Third-Party Risk Exchange

JANUARY 9, 2023

Building trust in a zero trust world

JANUARY 9, 2023

Consent management by the numbers: 2022 DMA report summary

JANUARY 9, 2023

Navigating the California Privacy Rights Act as a HIPAA-compliant business

JANUARY 6, 2023

US state privacy bills on the horizon in 2023

Onetrust All Rights Reserved