Zum Hauptinhalt springen
Zurück zu Einblicke
Reporting and Communications

Sustainability Reporting in the EU under the CSRD

Keslio Team
Last updated: April 3, 2026
12 Min. Lesezeit
Abstract editorial illustration for Sustainability Reporting in the EU under the CSRD

Last updated: May 27, 2026. The Corporate Sustainability Reporting Directive (CSRD) is still the central EU sustainability reporting framework, but the practical question has changed. Companies should no longer rely on older summaries that say the CSRD will simply expand to around 50,000 companies over the original 2024 to 2028 timetable. The EU has since adopted a stop-the-clock directive and an Omnibus I simplification directive that change timing, scope, value-chain requests, and assurance expectations.

Short answer: companies already reporting under the first CSRD wave still need to manage their reporting position carefully, especially if they may fall out of scope under the new thresholds. Companies that expected to report for the first time as wave two or wave three reporters received a two-year delay under the stop-the-clock directive. Under the 2026 Omnibus I changes, the mandatory CSRD scope is narrowed to companies with more than 1,000 employees and above EUR450 million net annual turnover, with separate rules for third-country groups. Smaller companies may be outside mandatory CSRD reporting, but they can still face customer, lender, investor, and procurement requests for sustainability data.

What the CSRD is trying to do

The CSRD amended the EU accounting, transparency, audit, and related reporting framework so that sustainability information sits closer to financial reporting. Its core idea is simple: users of reports should be able to understand both how sustainability matters affect a company and how the company affects people and the environment.

That is why the CSRD is built around the European Sustainability Reporting Standards (ESRS), double materiality, board and management oversight, value-chain information where material, digital reporting, and assurance. For companies that remain in scope, CSRD is not just a marketing report. It is a regulated sustainability statement that must connect governance, strategy, risk management, metrics, targets, policies, actions, and financial-reporting context.

What changed after the original CSRD timetable?

Many older CSRD explainers were written before the EU's 2025 and 2026 simplification package. Those explainers often describe the original staged rollout: first reports from large public-interest entities for financial year 2024, then other large companies, then listed SMEs, and later certain non-EU companies. That is no longer enough.

The main changes are:

  • Stop-the-clock: Directive (EU) 2025/794 postponed the start of CSRD reporting by two years for companies that were previously due to report for financial years beginning on or after 1 January 2025 or 1 January 2026. In practice, this affected wave two and wave three companies.
  • Narrower mandatory scope: Directive (EU) 2026/470 narrowed the CSRD scope by raising the key threshold to companies with more than 1,000 employees and above EUR450 million net annual turnover.
  • Transition relief for some wave one companies: companies that had to start reporting from financial year 2024 but fall out of the amended scope receive a transition exemption for 2025 and 2026.
  • Value-chain cap: reporting companies face clearer limits when requesting sustainability information from smaller value-chain undertakings, with voluntary standards expected to become the reference point for those requests.
  • ESRS simplification: EFRAG has published draft simplified ESRS, following a Commission mandate to reduce reporting burden while retaining the core reporting objectives.
  • Assurance changes: limited assurance remains central, but the EU has delayed the deadline for limited assurance standards and removed the obligation to adopt reasonable assurance standards on the previous timetable.

Who is likely to be in scope now?

As of May 2026, the practical starting point is narrower than the original CSRD. For many EU companies and groups, mandatory sustainability reporting is now focused on undertakings that exceed both of the following thresholds:

  • more than 1,000 employees on average during the financial year; and
  • more than EUR450 million net annual turnover.

There are also amended rules for third-country undertakings. The Council described the updated third-country requirements as applying to companies with net turnover above EUR450 million for the parent undertaking within the EU and above EUR200 million generated turnover for the subsidiary or branch. Companies with EU listings, EU subsidiaries, EU branches, insurance activities, credit institutions, or group structures should check the detailed legal route rather than rely only on a simple size test.

This is also a directive framework. Member States still need to transpose amendments into national law, and some countries have their own implementation timelines and legacy non-financial reporting rules. The correct answer for a company is therefore not just "are we an EU company?" but "which national law applies to us, what is our reporting year, which wave did we fall into, and do the amended thresholds remove, delay, or preserve our obligation?"

How the timing works in practice

The timing now depends on the company's original wave and whether it remains in scope after the Omnibus I amendments.

  • Wave one companies: companies already required to report for financial years beginning on or after 1 January 2024 have been closest to full CSRD implementation. Some may continue reporting. Others may fall out of scope under the new thresholds and benefit from transition relief for 2025 and 2026.
  • Wave two companies: other large companies that were previously expected to report for financial years beginning on or after 1 January 2025 were delayed by two years under stop-the-clock.
  • Wave three companies: listed SMEs and certain other entities that were previously expected to report for financial years beginning on or after 1 January 2026 were also delayed by two years, and the Omnibus I changes remove many SMEs from mandatory CSRD reporting altogether.
  • Third-country groups: non-EU groups need to check the amended EU turnover and subsidiary or branch thresholds, as well as the date when third-country reporting obligations apply.

The important practical point is that timing and scope now need to be checked together. A company may be delayed, remain in scope, fall out of scope, or remain indirectly affected through customer, lender, investor, or procurement requirements.

What companies report under ESRS

Companies that remain in scope report using ESRS. The first set of ESRS covers cross-cutting requirements and topical standards for environment, social, and governance matters. The standards are designed to produce a structured sustainability statement, not a collection of disconnected ESG claims.

The reporting process usually includes:

  • double materiality assessment: identifying sustainability impacts, risks, and opportunities from both impact materiality and financial materiality perspectives;
  • governance and controls: explaining oversight, roles, responsibilities, policies, due diligence processes, and internal controls over sustainability information;
  • strategy and business model: showing how material sustainability matters affect the company's strategy, resilience, transition planning, and value chain;
  • metrics and targets: reporting relevant quantitative and qualitative data, including climate, workforce, value-chain, business conduct, and other material topics;
  • climate reporting: where material, reporting on climate risks, transition planning, energy use, and greenhouse gas emissions, including Scope 1, Scope 2, and relevant Scope 3 categories;
  • EU Taxonomy reporting: for companies in scope of Article 8 obligations, reporting taxonomy-eligible and taxonomy-aligned turnover, capital expenditure, and operating expenditure; and
  • assurance readiness: preparing evidence, calculation files, data-owner sign-off, and version control so that the sustainability statement can withstand limited assurance.

Why double materiality matters

Double materiality is one of the main differences between CSRD reporting and a voluntary sustainability narrative. It asks two related questions. First, where does the company have actual or potential impacts on people and the environment? Second, where do sustainability matters create financial risks or opportunities for the company?

A weak double materiality assessment creates problems later. If the assessment is too broad, the reporting exercise becomes unnecessarily heavy. If it is too narrow, the company may miss topics that investors, customers, employees, regulators, or assurance providers expect to see. The goal is not to make every ESG topic material. The goal is to document a defensible process that explains which topics matter, why they matter, and what information needs to be reported.

What the EU Taxonomy has to do with CSRD

The EU Taxonomy is separate from the CSRD, but the two frameworks often meet in the sustainability statement. The Taxonomy is the EU classification system for environmentally sustainable activities. It uses technical screening criteria to determine whether economic activities substantially contribute to environmental objectives, do no significant harm to other objectives, and meet minimum safeguards.

For companies that are in scope of Taxonomy Article 8 reporting, the CSRD reporting process needs to include taxonomy data. This can require activity mapping, turnover and capex analysis, technical-criteria checks, documentation of assumptions, and finance-team involvement. Even companies outside mandatory CSRD scope may still receive taxonomy-related questions from banks, investors, customers, or public tenders.

The value-chain effect has not disappeared

One of the biggest misunderstandings after Omnibus I is that smaller companies can ignore sustainability reporting completely. Many smaller companies will not have to publish a full CSRD sustainability statement. That does not mean they will stop receiving sustainability requests.

Large customers, banks, investors, and public-sector buyers may still need value-chain information, especially for climate data, supplier due diligence, product or service emissions, workforce practices, and procurement screening. The difference is that the EU has tried to limit the trickle-down burden. The amended framework introduces protections for smaller value-chain undertakings and points toward voluntary sustainability reporting standards as a practical cap on what larger companies can ask from protected undertakings for CSRD reporting purposes.

For SMEs and suppliers, the practical move is usually not to build a full CSRD report. It is to keep a concise, reusable sustainability data pack: company profile, basic policies, energy and emissions data, workforce information, high-level risks, and a clear explanation of data boundaries and assumptions. The Commission's VSME recommendation is relevant here because it gives smaller companies a more proportionate reference point for voluntary sustainability information.

Assurance and evidence

CSRD reporting is subject to assurance. In practice, this means the company needs more than a polished narrative. It needs evidence trails, consistent methodology, documented judgments, and data controls. Assurance providers will typically want to understand how numbers were calculated, who owned the data, what changed from prior periods, and how management reviewed the final disclosure.

The Omnibus I directive changes the assurance trajectory. It postpones the deadline for EU limited assurance standards and removes the previous requirement for the Commission to adopt reasonable assurance standards. That reduces some future escalation pressure, but it does not remove the need to prepare evidence. Limited assurance still requires discipline, especially for greenhouse gas emissions, EU Taxonomy KPIs, workforce metrics, and materiality judgments.

What companies should do now

Before starting a full report, companies should check whether the reporting obligation still applies and what has changed in their Member State. A practical CSRD readiness review should answer these questions:

  • Which legal entity or group is being assessed?
  • Which Member State law applies?
  • Was the company originally wave one, wave two, wave three, or a third-country case?
  • Does the company exceed the amended employee and turnover thresholds?
  • Does any listing, regulated-market, insurance, banking, subsidiary, branch, or parent-company rule change the analysis?
  • Does the company still need to prepare EU Taxonomy disclosures?
  • Which sustainability requests are coming from customers, lenders, investors, or procurement teams even if full CSRD no longer applies?
  • What data already exists, and what is missing for climate, workforce, governance, and value-chain topics?
  • What level of assurance or evidence review is likely to be needed?

A practical CSRD preparation sequence

For companies that remain in scope, Keslio would usually sequence the work like this:

  • 1. Scope and timeline check: confirm whether the company remains in scope, whether it is delayed, and what reporting year matters.
  • 2. Reporting architecture: map legal entities, reporting boundaries, business units, value-chain areas, data owners, and approval responsibilities.
  • 3. Double materiality assessment: identify and document material impacts, risks, and opportunities using a defensible process.
  • 4. ESRS gap assessment: compare current sustainability disclosures, policies, processes, and data against likely ESRS disclosure needs.
  • 5. Data collection: build data requests for climate, workforce, value-chain, governance, and EU Taxonomy information where relevant.
  • 6. Evidence pack: keep source files, calculations, methodology notes, assumptions, and sign-offs in a form that can be reviewed.
  • 7. Draft sustainability statement: write the report in a way that connects governance, strategy, risks, impacts, metrics, targets, and financial context.
  • 8. Assurance readiness: run a pre-assurance review before final sign-off so avoidable gaps are fixed before the assurance provider is involved.

Common mistakes

The most common CSRD mistake in 2026 is using an outdated scope or timeline. The second is treating Omnibus I as a reason to stop all sustainability data work. Both can create problems. A company that remains in scope may lose preparation time. A company that falls outside full CSRD may still be unprepared for customer questionnaires, bank requests, supplier scorecards, tender requirements, or voluntary reporting needs.

Other common mistakes include starting with a long ESG report before confirming material topics, collecting data without defining boundaries, separating finance from sustainability too late, underestimating EU Taxonomy work, ignoring Scope 3 emissions until the end, and assuming that assurance is only a final-stage audit exercise. The better approach is to design the evidence trail from the beginning.

How Keslio can help

Keslio supports companies that need practical sustainability reporting help without building a large internal ESG team. For CSRD-related work, we can help with:

  • CSRD scope and timeline checks;
  • double materiality planning and documentation;
  • ESRS gap assessments;
  • data request templates and evidence trackers;
  • GHG emissions calculations for Scope 1, Scope 2, and relevant Scope 3 categories;
  • EU Taxonomy readiness support;
  • sustainability reporting and communications support;
  • supplier and customer-request response support where CSRD questions are being pushed through the value chain; and
  • annual refreshes once the reporting process is in place.

If you are not sure whether CSRD still applies to your company, the first step is not to write a report. The first step is to confirm the scope, deadline, reporting boundary, and likely data requirements.

Official sources and further reading

Conclusion

The CSRD has not gone away, but it has changed. For companies still in scope, the reporting burden remains serious and should be managed with finance-grade discipline. For companies outside the amended scope, the direct legal obligation may be lighter, but sustainability information can still matter commercially through customers, banks, investors, and procurement teams.

The right next step is to avoid both overreacting and underreacting. Confirm scope first, then build a reporting process proportionate to the company's real obligation and commercial needs. Keslio can help translate the amended CSRD landscape into a practical reporting plan, data request list, and evidence-backed sustainability statement.

Keslio support

Need help applying this?

If this article maps to a live customer request, report, or emissions project, these services are the most relevant next step.

Reporting

Reporting and communications

Turn sustainability data, standards, and disclosures into clear reports, claims, and stakeholder-ready materials.

Supplier requests

Supplier request support

Respond to customer requests for emissions, CDP, EcoVadis, clean-energy evidence, and annual refreshes.

GHG accounting

GHG emissions calculations

Build Scope 1, Scope 2, and relevant Scope 3 calculations with a clear methodology and evidence trail.

Bereit loszulegen?

Entdecken Sie, was Keslio für Sie tun kann

Gehen Sie den nächsten Schritt auf Ihrer Nachhaltigkeitsreise in Partnerschaft mit unserem Team

Kontakt aufnehmen