Skip to main content

On-demand webinar coming soon...


Ultimate guide to the EU CSRD ESG regulation for businesses

How to prepare your organization for the Corporate Sustainability Reporting Directive (CSRD)

Male and female coworker speaking in open office building

Most large businesses today publish ESG sustainability reports. But one of the challenges with voluntary ESG reporting is lack of consistency in the information shared. Businesses can choose which ESG reporting framework to use and what to disclose (or not). This makes it difficult for investors and other stakeholders to compare apples to apples when it comes to ESG risks and impacts.

And policymakers are taking note. Several countries have passed or proposed new regulations to improve corporate transparency and accountability around these risks and impacts. In 2022, the US announced new climate disclosure rules for companies and investment advisors. It also unveiled a new federal ESG disclosure rule as part of its plan to become net zero by 2050. Germany passed a due diligence law that requires companies to divulge ESG risks and impacts in their supply chain, and the Dutch Parliament introduced consultation on a similar bill. More recently, the European Parliament approved one of the most important new ESG disclosure rules to date: the Corporate Sustainability Reporting Directive (CSRD). Companies that are affected by the EU CSRD ESG regulation will need to provide detailed reports on their operations, as well as their environmental, social, and governance (ESG) impacts.

Download the eBook: Ultimate guide to the EU CSRD


What is the Corporate Sustainability Reporting Directive ESG regulation?

The EU Corporate Sustainability Reporting Directive (CSRD) is a policy requiring large companies and public-interest entities operating in the EU to disclose information on their ESG performance annually. The European Council approved the CSRD on November 28, and it was published in the Official Journal of the European Union (OJEU) on Dec 16, 2022. It will enter into force 20 days after publication, and member states then have 18 months to integrate the new rules into their national laws as an ESG regulation.

The purpose of the EU CSRD is to improve transparency and accountability around corporate ESG performance. This will help investors and other stakeholders have a better understanding of how these companies are addressing ESG issues, so they can make more informed decisions. The CSRD also seeks to accelerate integration of ESG considerations into corporate business practices to support the transition to a more sustainable, inclusive economy.

The CSRD replaces the Non-Financial Reporting Directive (NFRD), expanding the number of companies that will have to comply by nearly four times (from nearly 12,000 to 50,000). In-scope companies will need to prepare a non-financial statement that discloses information on their policies, risks, impacts, and outcomes relating to ESG issues. The statement must be audited by an independent third-party and included in the company’s annual financial report.


Is the EU CSRD mandatory? Which companies are affected?

The CSRD is mandatory for in-scope companies, which include the following:

  • Listed companies
  • Large companies that meet two of these criteria: More than 250 employees, net turnover of more than EUR 40 million, or total assets exceeding EUR 20 million.
  • Non-EU companies with at least one subsidiary in the EU and a net turnover of more than EUR 150 million.


When do companies have to start reporting for the CSRD?

Companies meeting the criteria will need to start reporting:

  • Jan 2025 for companies already subject to the NFRD (based on 2024 fiscal year data).
  • Jan 2026 for all other companies (based on 2025 fiscal year data).
  • Jan 2027 for listed small and medium enterprises that request an extension (based on 2026 fiscal year data).


Why was the CSRD adopted?

The CSRD is part of the European Green Deal, a set of policies and initiatives focused on shifting the EU to a more sustainable, responsible, and digital economy. To help fund the Green Deal, the EU launched the Action Plan for Financing Sustainable Growth that outlines reforms in three areas:

  • Moving capital flows toward sustainable investment.
  • Mainstreaming sustainability into risk management.
  • Fostering transparency and long-termism in economic activity

The CSRD is a key supporting element of this plan. By requiring companies to disclose finance-grade information on their ESG performance in their annual reports, it will improve the transparency, credibility, and comparability of this data. This will help investors and other stakeholders make informed decisions about the companies they engage with, funneling more capital toward sustainable businesses and investments. It also facilitates greater corporate accountability by encouraging companies to integrate ESG considerations into their business practices.

“The new rules will make businesses more accountable for their impact on society and will guide them towards an economy that benefits people and the environment. Data about the environmental and societal footprint would be publicly available to anyone interested in this footprint.”
Jozef Síkela, Czech Republic Minister for Industry and Trade


How does the CSRD relate to the European Green Deal, EU taxonomy, and SFDR?

The CSRD, EU Taxonomy, and Sustainable Finance Disclosure Regulation (SFDR) are all key policies supporting the European Green Deal and EU Action Plan for Financing Sustainable Growth. They aim to improve private sector transparency and accountability around ESG impacts and risks to promote sustainable economic growth and investment in the EU.


Infographic mapping the CSRD European green deal EU taxonomy and NFRD SFDR



The CSRD and NFRD focus on the transparency of companies. The NFRD (Directive 2014/95/EU) has been in force since 2018, and it applies to companies with over 500 employees. Companies affected by the NFRD must disclose information on:

  • Environmental matters
  • Social responsibility and the treatment of employees
  • Respect for human rights
  • Anti-corruption and bribery
  • Diversity on company boards (age, gender, etc.)

Designed to overcome some noted shortcomings in the NFRD, the CSRD expands and replaces it. The CSRD is expected to be in force for companies already subject to the NFRD by 2025 (reporting based on 2024 data) and 2026 for all other companies (reporting based on 2025 data). It adds the following requirements:

  • Clarification of double materiality to identify “outside-in” (ESG impacts on business) and “inside-out” (business impacts on people and planet)
  • More detailed reporting aligned with the EU Taxonomy and European Sustainability Reporting Standards (ESRS)
  • Integrating ESG disclosures into financial and management reporting
  • External audit of reported information
  • Digitally tag reported information so it can be fed into a central database

EU Taxonomy

The EU Taxonomy is a classification system that defines what economic activities can be considered environmentally sustainable. It was initially established to provide a common language and set of criteria for assessing the sustainability of investments under the SFDR. To qualify as being sustainable, an activity must contribute to at least one of the following six environmental objectives and not significantly harm the other objectives:

  • Climate change mitigation
  • Climate change adaptation
  • Sustainable use and protection of water and marine resources
  • Transition to a circular economy
  • Pollution prevention and control
  • The protection and restoration of biodiversity and ecosystems

Companies are also required to disclose their alignment with the EU Taxonomy under the CSRD.


The SFDR ESG regulation focuses on the transparency of financial market participants, including banks, insurance companies, asset managers, and pension funds. It requires these organizations to disclose information about their ESG policies, risks, impacts and performance at both an entity (company) and product level. Financial firms with investment funds must also disclose what percentage of their products are in line with the EU taxonomy. And, for products that don’t meet the criteria, these companies must provide an explanation for why not. By requiring the EU Taxonomy as a reference, the SFDR aims to encourage financial market participants to consider the ESG impacts of the products and services they offer and to grow the financing of sustainable economic activities.


How can companies comply with the EU CSRD? What are the ESG disclosure requirements?

To comply with the CSRD, companies must prepare a non-financial statement that includes information on their ESG policies, risks, and results. The specific content will vary depending on the size and nature of the company but could include policies and performance details around:

  • Environmental issues such as GHG emissions, energy consumption, waste management, and the use of natural resources
  • Social issues such as employment practices, working conditions, diversity, health and safety, supply chain management, and community engagement
  • Governance structures and practices such as board composition and diversity, executive compensation, and risk management

Companies will need to follow a “comply or explain” approach, meaning they must disclose the requested ESG information or provide an explanation of why they are not able to do so. In either case, the statement must be approved by the board of directors and included in the annual financial report. It must also be audited by an independent third party to ensure accuracy and credibility.

Which ESG reporting framework or standard applies to the CSRD? What are the ESRS?

To comply with the CSRD, companies will be required to use the European Reporting Sustainability Reporting Standards (ESRS) to prepare their ESG disclosure information. The ESRS have taken existing ESG reporting frameworks and standards such as CDP, GRI, SASB, and others into account as part of the development process. Like many of these frameworks, the ESRS will include both general and sector-specific standards. The first set of ESRS reporting standards is expected to be adopted by June 30, 2023, and the EU will release ESRS sector-specific standards by June 30, 2024. The ESRS reporting standards will enable companies to align their non-financial statements with the requirements of the CSRD. This will give stakeholders a better understanding of how these companies are addressing non-financial issues, so they can make more informed decisions. It will also help the EU advance its sustainability goals.

How many people/hours will it take to support ESG disclosure reporting for the CSRD?

The number of resources/hours it takes will depend on several factors. These include the size and complexity of the business, the availability and quality of data, and the ESRS reporting requirements. Small to medium enterprises with simple business operations may be able to support CSRD ESG disclosure reporting with one person or a small team. Large companies will typically need a bigger team with a range of different skills and responsibilities to support the process. Depending on the situation, preparing a comprehensive, compliant ESG report can take anywhere from a few days to months. Allow enough preparation time to ensure your report meets CSRD requirements and provides a clear and accurate picture of your company’s ESG performance.

What will it cost to prepare ESG reports for the Corporate Sustainability Reporting Directive?

Insights from a study conducted by the European Council on the average costs required to support ESG disclosure reporting for NFRD may be helpful for planning purposes:

  • Average total administrative costs were EUR 200 million in the first year and EUR 140 million for following years
  • Average recurring administrative costs to provide NFRD non-financial statements are EUR 82,000 per year, of which about 40% can be attributed to legal costs
  • Large companies pay an estimated EUR 100,000 for assurance services on average, while smaller companies pay between EUR 28,000 and 42,000 on average


Average total administrative costs by sector (EUR million)

Bar chart showing average total administrative costs by sector between the first year and following years

Source: European Council


These costs include activities such as the following, which many companies (70%) rely on external service providers to perform:

  • Purchasing/developing IT systems, tools, and processes to collect and analyze the data
  • Performing the materiality assessment
  • Measuring and calculating GHG emissions
  • Providing legal advice for compliance
  • Training staff
  • Finalizing the ESG disclosure report (editorial support, design, translation, etc.)


How should I set up my team to support CSRD ESG reporting? What is the best team structure?

Supporting ESG disclosure requirements for CSRD compliance requires a range of skills. Be sure that your team has the right expertise to address the responsibilities. Key areas to focus on include:

  • Program management: Manage ESG program and stakeholders.
  • IT: Identify and implement ESG reporting software and tools to help streamline the data collection and reporting process.
  • Data collection: Identify the relevant data sources and collect the data from internal and external operations and databases.
  • Data analysis: Use statistical tools to interpret data and identify ESG risks, opportunities, impacts, and trends according to ESG calculation standards and methodologies.
  • Reporting: Apply writing and editing skills to prepare and present the ESG data in a clear, consistent manner aligned with the CSRD requirements.

To support these activities, your team will need to have access to resources such as databases and analysis software and may require training and support on ESG reporting guidelines and standards. Since ESG reporting typically involves working with a range of internal and external stakeholders, strong communication and collaboration skills are also essential. It’s also important to determine which tasks will be addressed with internal staff versus external service providers as part of your strategy.


What are the benefits of EU CSRD reporting?

Compliance with the EU Corporate Sustainability Reporting Directive will depend on having a strong ESG program. This can bring several potential benefits to companies including:

  • Improved transparency and trust: By disclosing detailed information about their ESG performance, companies are demonstrating commitment to transparency, which helps build trust with stakeholders. This can be particularly important in the modern business environment where investors, customers, partners, employees, and others are increasingly demanding sustainable, ethical corporate behavior.
  • Decreased costs: Having a strong ESG program can contribute to decreased expenses across the board. Examples include lower costs in operations (energy, water, materials, waste), HR (productivity, hiring), avoiding non-compliance penalties, easier access to capital, etc.
  • Stronger competitive advantage: Companies that comply with the CSRD may have a competitive advantage over those that do not. Investors are more likely to invest in companies that disclose their ESG performance. Partners and customers are increasingly looking for responsible companies to do business with. And employees want to work for, and stay with, companies that are committed to building positive impact for people and the planet.
  • Better risk management: Preparing the CSRD ESG disclosure will help companies identify and manage potential risks and opportunities. For example, a company that discloses information about its carbon emissions may be able to identify opportunities to reduce those emissions, mitigate the associated risks, and lower costs.


What are the consequences of not complying with the CSRD? Will there be penalties or sanctions?

The specific penalties and sanctions for CSRD non-compliance will depend on how EU member states enact the CSRD ESG regulation. However, understanding how member states implemented the NFDR can help provide some headlights. According to insights from Accountancy Europe, EFRAG, and The CPA Journal on NFRD implementation by member states:

  • 27 countries include some form of penalty in the case of non-compliance.
  • Fines: Depending on the country, fines may be assessed on individual responsible persons or entities. Fines can range from EUR 50 to 1,500 (Portugal) up to the highest of the following (Germany): EUR 10 million or 5% of the total annual turnover of the company, or twice the amount of profits gained or losses avoided because of the breach.
  • Imprisonment: Prison sentences can range from six months (Ireland) to six years (Iceland).

Beyond legal sanctions, additional consequences of not complying with the CSRD could include reputational damage, loss of stakeholder confidence, and legal action from non-governmental entities.


What steps can business take now to get ready for the EU CSRD?

Here are six quick steps that companies can take now to get ready for the CSRD.

  1. Familiarize your team with the CSRD ESG disclosure requirements and mandatory ESRS reporting standards. For an excellent source of training, register for our upcoming CSRD Masterclass series (starts in February).
  2. Identify which parts of the business are covered by the CSRD and what ESG information needs to be disclosed. Communicate with and gather input from key stakeholders as part of this.
  3. Update policies and processes as needed to address expanded CSRD scope (e.g., double materiality assessment, third-party assurance, etc.)
  4. Select and onboard ESG reporting software to help streamline the data collection and reporting process.
  5. Collect and analyze ESG data from your operations, including third-party suppliers and business partners. Ensure that is complete and accurate.
  6. Prepare your ESG disclosure non-financial statement aligned with the CSRD requirements.

Preparing for the CSRD also provides an opportunity for companies to build a strong ESG program that can lead to many benefits such as improved brand image, reduced risk, and positive financial valuation and growth. For practical guidance on how to get started, download the ESG Program Checklist.


 Strengthen your ethical framework 

In a world where ethical considerations are becoming paramount in business operations, it’s essential to have a robust ethics program. OneTrust's Ethics Program Management solution offers a comprehensive suite of tools designed to enhance transparency, accountability, and corporate integrity. Our platform facilitates easier management of ethical policies, training programs, and compliance reporting, ensuring that your organization upholds its commitment to ethical standards. 

Discover how the OneTrust Ethics Program Management solution can transform your organization’s approach to ethics and compliance. Learn more and get started by visiting our Ethics Program Management page

You may also like


Ethics Program Management

From reactive to proactive: Transforming your ethics & compliance program

Join this webinar to hear experts explore actionable strategies employed by Ethics & Compliance programs to drive a more ethical culture.

September 12, 2024

Learn more


Ethics Program Management

Drive employee engagement with Ethics Program Management

In this tech talk, we will walk you through the customer's employee journey utilizing our Ethics Program Management suite of tools.

May 21, 2024

Learn more


Ethics Program Management

EthicsConnect: Risk - It’s not just for breakfast anymore

Join us for a deep dive into embedding privacy by design into the fabric of your business to promote the responsible use of data.

April 25, 2024

Learn more


Ethics Program Management

Business messaging apps: A guide to corporate compliance

How can your business use third-party messaging apps while staying compliant? Dive into key usage considerations based on the DOJ’s 2023 guidance.

February 13, 2024

Learn more


Ethics Program Management

Ethics Exchange: Third-party applications and ephemeral apps

Learn practical advice on how to navigate the risks of ephemeral apps and employee privacy in BYOD world.

December 05, 2023

Learn more


Speak-Up Program Management

Navigating the EU Whistleblower Protection Directive: New rules, new risks

Join our expert-led webinar where we explore the EU Whistleblower Protection Directive and practical steps towards compliance. 

November 02, 2023

Learn more


Ethics Program Management

Ethics Exchange: Risk assessments

Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.

October 25, 2023

Learn more


Ethics Program Management

Ethics Exchange: Investigations

Join our live webinar and learn how to conduct comprehensive ethics investigations that are trustworthy and efficient.

September 07, 2023

Learn more


Third-Party Due Diligence

Driving excellence in third-party risk management: An in-depth look at different due diligence approaches

Join our in-depth webinar and learn how to define third-party due dilligence levels and when to apply them during your vendor management lifecycle.

July 20, 2023

Learn more


Third-Party Due Diligence

The global regulations driving third-party due diligence

Download our eBook learn how to start building a robust third-party due dilligence (TPDD) strategy that protects your brand and minimizes risk.

May 30, 2023

Learn more


Ethics Program Management

Policy on development and administration of policies template

Get a head start on your ethics program and create a policy on development and administration of policies with our customizable template.

May 10, 2023

Learn more


Ethics & Compliance

Unpacking the global third-party due diligence regulatory landscape

Learn how a strategic plan for compliance can help companies eliminate human rights and environmental violations and avoid costly consequences.

March 06, 2023

Learn more


Ethics & Compliance

The number one metric for effective compliance programs: Continuous improvement

Join our webinar to learn how to develop and/or maintain a High-Quality E&C Program and what role data analytics play in improving your compliance program.

November 27, 2022

Learn more


Ethics Program Management

Live demo: Conflicts of interest management webinar

Learn how to develop a holistic disclosure program, how to make it part of your risk assessment, and how to use it to meet regulatory obligations.

November 01, 2022

Learn more


Ethics Program Management

Local vs. central intake and case management: What the EU Whistleblower Directive requires

One of the challenges to come out of the EU Whistleblower Protection Directive is how companies should adopt local vs. centralized case management.

July 06, 2022

Learn more


Ethics & Compliance

GDPR and the EU Whistleblower Protection Directive webinar

Join this webinar to learn how to review your whistleblowing processes to comply with the EU Whistleblower Protection Directive, the GDPR and others.

July 06, 2022

Learn more