January 12, 2023
Ultimate guide to the EU CSRD ESG regulation for businesses
16 Min Read
Most large businesses today publish ESG sustainability reports. But one of the challenges with voluntary ESG reporting is lack of consistency in the information shared. Businesses can choose which ESG reporting framework to use and what to disclose (or not). This makes it difficult for investors and other stakeholders to compare apples to apples when it comes to ESG risks and impacts.
And policymakers are taking note. Several countries have passed or proposed new regulations to improve corporate transparency and accountability around these risks and impacts. In 2022, the US announced new climate disclosure rules for companies and investment advisors. It also unveiled a new federal ESG disclosure rule as part of its plan to become net zero by 2050. Germany passed a due diligence law that requires companies to divulge ESG risks and impacts in their supply chain, and the Dutch Parliament introduced consultation on a similar bill. More recently, the European Parliament approved one of the most important new ESG disclosure rules to date: the Corporate Sustainability Reporting Directive (CSRD). Companies that are affected by the EU CSRD ESG regulation will need to provide detailed reports on their operations, as well as their environmental, social, and governance (ESG) impacts.
To help you get your company ready for the CSRD, we’ll cover the following topics:
- What’s the Corporate Sustainability Reporting Directive ESG regulation?
- Is the EU CSRD mandatory? Which companies are affected?
- When do companies have to start ESG reporting for the CSRD?
- Why was the CSRD adopted?
- How does the CSRD relate to the European Green Deal, EU taxonomy, and SFDR?
- How can companies comply with the EU CSRD? What are the ESG disclosure requirements?
- Which ESG reporting framework or standard applies to the CSRD? What are the ESRS?
- How many people/hours will it take to support ESG disclosure reporting for the CSRD?
- What will it cost to prepare ESG reports for the Corporate Sustainability Reporting Directive?
- How should I set up my team to support CSRD ESG reporting? What is the best team structure?
- What are the benefits of EU CSRD reporting?
- What are the consequences of not complying with the CSRD? Will there be penalties or sanctions?
- What steps can businesses take now to get ready for the EU CSRD?
- How can OneTrust help companies comply with the CSRD?
Download the eBook: Ultimate guide to the EU CSRD
What’s the Corporate Sustainability Reporting Directive ESG regulation?
The EU Corporate Sustainability Reporting Directive (CSRD) is a policy requiring large companies and public-interest entities operating in the EU to disclose information on their ESG performance annually. The European Council approved the CSRD on November 28, and it was published in the Official Journal of the European Union (OJEU) on Dec 16, 2022. It will enter into force 20 days after publication, and member states then have 18 months to integrate the new rules into their national laws as an ESG regulation.
The purpose of the EU CSRD is to improve transparency and accountability around corporate ESG performance. This will help investors and other stakeholders have a better understanding of how these companies are addressing ESG issues, so they can make more informed decisions. The CSRD also seeks to accelerate integration of ESG considerations into corporate business practices to support the transition to a more sustainable, inclusive economy.
The CSRD replaces the Non-Financial Reporting Directive (NFRD), expanding the number of companies that will have to comply by nearly four times (from nearly 12,000 to 50,000). In-scope companies will need to prepare a non-financial statement that discloses information on their policies, risks, impacts, and outcomes relating to ESG issues. The statement must be audited by an independent third-party and included in the company’s annual financial report.
Is the EU CSRD mandatory? Which companies are affected?
The CSRD is mandatory for in-scope companies, which include the following:
- Listed companies
- Large companies that meet two of these criteria: More than 250 employees, net turnover of more than EUR 40 million, or total assets exceeding EUR 20 million.
- Non-EU companies with at least one subsidiary in the EU and a net turnover of more than EUR 150 million.
When do companies have to start reporting for the CSRD?
Companies meeting the criteria will need to start reporting:
- Jan 2025 for companies already subject to the NFRD (based on 2024 fiscal year data).
- Jan 2026 for all other companies (based on 2025 fiscal year data).
- Jan 2027 for listed small and medium enterprises that request an extension (based on 2026 fiscal year data).
Why was the CSRD adopted?
The CSRD is part of the European Green Deal, a set of policies and initiatives focused on shifting the EU to a more sustainable, responsible, and digital economy. To help fund the Green Deal, the EU launched the Action Plan for Financing Sustainable Growth that outlines reforms in three areas:
- Moving capital flows toward sustainable investment.
- Mainstreaming sustainability into risk management.
- Fostering transparency and long-termism in economic activity
The CSRD is a key supporting element of this plan. By requiring companies to disclose finance-grade information on their ESG performance in their annual reports, it will improve the transparency, credibility, and comparability of this data. This will help investors and other stakeholders make informed decisions about the companies they engage with, funneling more capital toward sustainable businesses and investments. It also facilitates greater corporate accountability by encouraging companies to integrate ESG considerations into their business practices.
“The new rules will make businesses more accountable for their impact on society and will guide them towards an economy that benefits people and the environment. Data about the environmental and societal footprint would be publicly available to anyone interested in this footprint.”
Jozef Síkela, Czech Republic Minister for Industry and Trade
How does the CSRD relate to the European Green Deal, EU taxonomy, and SFDR?
The CSRD, EU Taxonomy, and Sustainable Finance Disclosure Regulation (SFDR) are all key policies supporting the European Green Deal and EU Action Plan for Financing Sustainable Growth. They aim to improve private sector transparency and accountability around ESG impacts and risks to promote sustainable economic growth and investment in the EU.
NFRD and CSRD
The CSRD and NFRD focus on the transparency of companies. The NFRD (Directive 2014/95/EU) has been in force since 2018, and it applies to companies with over 500 employees. Companies affected by the NFRD must disclose information on:
- Environmental matters
- Social responsibility and the treatment of employees
- Respect for human rights
- Anti-corruption and bribery
- Diversity on company boards (age, gender, etc.)
Designed to overcome some noted shortcomings in the NFRD, the CSRD expands and replaces it. The CSRD is expected to be in force for companies already subject to the NFRD by 2025 (reporting based on 2024 data) and 2026 for all other companies (reporting based on 2025 data). It adds the following requirements:
- Clarification of double materiality to identify “outside-in” (ESG impacts on business) and “inside-out” (business impacts on people and planet)
- More detailed reporting aligned with the EU Taxonomy and European Sustainability Reporting Standards (ESRS)
- Integrating ESG disclosures into financial and management reporting
- External audit of reported information
- Digitally tag reported information so it can be fed into a central database
The EU Taxonomy is a classification system that defines what economic activities can be considered environmentally sustainable. It was initially established to provide a common language and set of criteria for assessing the sustainability of investments under the SFDR. To qualify as being sustainable, an activity must contribute to at least one of the following six environmental objectives and not significantly harm the other objectives:
- Climate change mitigation
- Climate change adaptation
- Sustainable use and protection of water and marine resources
- Transition to a circular economy
- Pollution prevention and control
- The protection and restoration of biodiversity and ecosystems
Companies are also required to disclose their alignment with the EU Taxonomy under the CSRD.
The SFDR ESG regulation focuses on the transparency of financial market participants, including banks, insurance companies, asset managers, and pension funds. It requires these organizations to disclose information about their ESG policies, risks, impacts and performance at both an entity (company) and product level. Financial firms with investment funds must also disclose what percentage of their products are in line with the EU taxonomy. And, for products that don’t meet the criteria, these companies must provide an explanation for why not. By requiring the EU Taxonomy as a reference, the SFDR aims to encourage financial market participants to consider the ESG impacts of the products and services they offer and to grow the financing of sustainable economic activities.
How can companies comply with the EU CSRD? What are the ESG disclosure requirements?
To comply with the CSRD, companies must prepare a non-financial statement that includes information on their ESG policies, risks, and results. The specific content will vary depending on the size and nature of the company but could include policies and performance details around:
- Environmental issues such as GHG emissions, energy consumption, waste management, and the use of natural resources
- Social issues such as employment practices, working conditions, diversity, health and safety, supply chain management, and community engagement
- Governance structures and practices such as board composition and diversity, executive compensation, and risk management
Companies will need to follow a “comply or explain” approach, meaning they must disclose the requested ESG information or provide an explanation of why they are not able to do so. In either case, the statement must be approved by the board of directors and included in the annual financial report. It must also be audited by an independent third party to ensure accuracy and credibility.
Which ESG reporting framework or standard applies to the CSRD? What are the ESRS?
To comply with the CSRD, companies will be required to use the European Reporting Sustainability Reporting Standards (ESRS) to prepare their ESG disclosure information. The ESRS have taken existing ESG reporting frameworks and standards such as CDP, GRI, SASB, and others into account as part of the development process. Like many of these frameworks, the ESRS will include both general and sector-specific standards. The first set of ESRS reporting standards is expected to be adopted by June 30, 2023, and the EU will release ESRS sector-specific standards by June 30, 2024. The ESRS reporting standards will enable companies to align their non-financial statements with the requirements of the CSRD. This will give stakeholders a better understanding of how these companies are addressing non-financial issues, so they can make more informed decisions. It will also help the EU advance its sustainability goals.
How many people/hours will it take to support ESG disclosure reporting for the CSRD?
The number of resources/hours it takes will depend on several factors. These include the size and complexity of the business, the availability and quality of data, and the ESRS reporting requirements. Small to medium enterprises with simple business operations may be able to support CSRD ESG disclosure reporting with one person or a small team. Large companies will typically need a bigger team with a range of different skills and responsibilities to support the process. Depending on the situation, preparing a comprehensive, compliant ESG report can take anywhere from a few days to months. Allow enough preparation time to ensure your report meets CSRD requirements and provides a clear and accurate picture of your company’s ESG performance.
What will it cost to prepare ESG reports for the Corporate Sustainability Reporting Directive?
Insights from a study conducted by the European Council on the average costs required to support ESG disclosure reporting for NFRD may be helpful for planning purposes:
- Average total administrative costs were EUR 200 million in the first year and EUR 140 million for following years
- Average recurring administrative costs to provide NFRD non-financial statements are EUR 82,000 per year, of which about 40% can be attributed to legal costs
- Large companies pay an estimated EUR 100,000 for assurance services on average, while smaller companies pay between EUR 28,000 and 42,000 on average
Average total administrative costs by sector (EUR million)
Source: European Council
These costs include activities such as the following, which many companies (70%) rely on external service providers to perform:
- Purchasing/developing IT systems, tools, and processes to collect and analyze the data
- Performing the materiality assessment
- Measuring and calculating GHG emissions
- Providing legal advice for compliance
- Training staff
- Finalizing the ESG disclosure report (editorial support, design, translation, etc.)
How should I set up my team to support CSRD ESG reporting? What is the best team structure?
Supporting ESG disclosure requirements for CSRD compliance requires a range of skills. Be sure that your team has the right expertise to address the responsibilities. Key areas to focus on include:
- Program management: Manage ESG program and stakeholders.
- IT: Identify and implement ESG reporting software and tools to help streamline the data collection and reporting process.
- Data collection: Identify the relevant data sources and collect the data from internal and external operations and databases.
- Data analysis: Use statistical tools to interpret data and identify ESG risks, opportunities, impacts, and trends according to ESG calculation standards and methodologies.
- Reporting: Apply writing and editing skills to prepare and present the ESG data in a clear, consistent manner aligned with the CSRD requirements.
To support these activities, your team will need to have access to resources such as databases and analysis software and may require training and support on ESG reporting guidelines and standards. Since ESG reporting typically involves working with a range of internal and external stakeholders, strong communication and collaboration skills are also essential. It’s also important to determine which tasks will be addressed with internal staff versus external service providers as part of your strategy.
What are the benefits of EU CSRD reporting?
Compliance with the EU Corporate Sustainability Reporting Directive will depend on having a strong ESG program. This can bring several potential benefits to companies including:
- Improved transparency and trust: By disclosing detailed information about their ESG performance, companies are demonstrating commitment to transparency, which helps build trust with stakeholders. This can be particularly important in the modern business environment where investors, customers, partners, employees, and others are increasingly demanding sustainable, ethical corporate behavior.
- Decreased costs: Having a strong ESG program can contribute to decreased expenses across the board. Examples include lower costs in operations (energy, water, materials, waste), HR (productivity, hiring), avoiding non-compliance penalties, easier access to capital, etc.
- Stronger competitive advantage: Companies that comply with the CSRD may have a competitive advantage over those that do not. Investors are more likely to invest in companies that disclose their ESG performance. Partners and customers are increasingly looking for responsible companies to do business with. And employees want to work for, and stay with, companies that are committed to building positive impact for people and the planet.
- Better risk management: Preparing the CSRD ESG disclosure will help companies identify and manage potential risks and opportunities. For example, a company that discloses information about its carbon emissions may be able to identify opportunities to reduce those emissions, mitigate the associated risks, and lower costs.
What are the consequences of not complying with the CSRD? Will there be penalties or sanctions?
The specific penalties and sanctions for CSRD non-compliance will depend on how EU member states enact the CSRD ESG regulation. However, understanding how member states implemented the NFDR can help provide some headlights. According to insights from Accountancy Europe, EFRAG, and The CPA Journal on NFRD implementation by member states:
- 27 countries include some form of penalty in the case of non-compliance.
- Fines: Depending on the country, fines may be assessed on individual responsible persons or entities. Fines can range from EUR 50 to 1,500 (Portugal) up to the highest of the following (Germany): EUR 10 million or 5% of the total annual turnover of the company, or twice the amount of profits gained or losses avoided because of the breach.
- Imprisonment: Prison sentences can range from six months (Ireland) to six years (Iceland).
Beyond legal sanctions, additional consequences of not complying with the CSRD could include reputational damage, loss of stakeholder confidence, and legal action from non-governmental entities.
What steps can business take now to get ready for the EU CSRD?
Here are six quick steps that companies can take now to get ready for the CSRD.
- Familiarize your team with the CSRD ESG disclosure requirements and mandatory ESRS reporting standards. For an excellent source of training, register for our upcoming CSRD Masterclass series (starts in February).
- Identify which parts of the business are covered by the CSRD and what ESG information needs to be disclosed. Communicate with and gather input from key stakeholders as part of this.
- Update policies and processes as needed to address expanded CSRD scope (e.g., double materiality assessment, third-party assurance, etc.)
- Select and onboard ESG reporting software to help streamline the data collection and reporting process.
- Collect and analyze ESG data from your operations, including third-party suppliers and business partners. Ensure that is complete and accurate.
- Prepare your ESG disclosure non-financial statement aligned with the CSRD requirements.
Preparing for the CSRD also provides an opportunity for companies to build a strong ESG program that can lead to many benefits such as improved brand image, reduced risk, and positive financial valuation and growth. For practical guidance on how to get started, download the ESG Program Checklist.
How can OneTrust help companies comply with the CSRD?
The OneTrust ESG & Sustainability Cloud can help you set up your ESG program for success and get ready for the CSRD. With clear target setting, automated reporting, and transparent benchmarking, the ESG Cloud helps you manage risk, demonstrate impact, and drive change through features including:
- Streamlined, centralized ESG data collection
- Automated ESG reporting that saves you time
- A global database of ESG frameworks that keeps you up to date
- Out-of-the-box templates based on industry standards and frameworks like the CSRD, GRI, SASB, WEF, and the SEC’s proposed ESG disclosure regulation
- Centralized target setting, benchmarking and gap analysis that accelerates your goals
- Real-time action-oriented insights that equip you to adapt and respond fast
- Proven templates and automated workflows that make it easier to collaborate on ESG priorities across your enterprise, portfolio, and supplier base
The ESG Cloud is also part of the Trust Intelligence Platform™ from OneTrust that unifies and delivers visibility across four trust domain areas (ESG, GRI, ethics, and privacy). Empower your organization to collaborate seamlessly and unlock value by doing what’s good for people and the planet.
Also stay tuned for our CSRD Masterclass series (starting in Feb).