CSRD & CSDDD: key provisions and concepts

Objective

CSRD

The CSRD is a reporting framework aiming to enhance transparency, consistency and reliability of sustainability reporting by undertakings. It requires to disclose high-quality, standardised, comparable and reliable information for sustainable decision making. It helps undertakings identify and manage their own sustainability risks, and opportunities as well as investors and civil society actors access the information to evaluate EU companies’ performance, development, position, and impact on sustainability matters.

CSDDD

The CSDDD establishes a sustainable corporate behavioural framework to ensure that companies’ activities are aligned with the EU’s sustainability objectives. It mandates companies to identify and address adverse human rights and environmental impacts throughout their “chains of activities” (see below). Companies will also need to develop transition plans to ensure that their business model and strategy are aligned with the transition to a sustainable economy.

Scope (phased-in approach)

CSRD – 2025

Reporting on the 2024 data

• large undertakings and parent undertakings of a large group that are Public Interest Entities (PIEs)* exceeding:
  • average number of 500 employees and
  • balance sheet total: € 25 million and/or
  • net turnover: € 50 million

*PIEs as defined per Accounting Directive:

• companies listed on an EU regulated market
• credit institutions
• insurance undertakings
• undertaking designated as a PIE by a Member State (MS)

CSDDD – 2025

N/A

CSRD – 2026

Reporting on the 2025 data

• large undertakings exceeding at least two of these three criteria:
  • balance sheet total: € 25 million
  • net turnover: € 50 million
  • average number of employees: 250

• parent companies of a large group that exceed the above-mentioned criteria on consolidated basis during the financial year

CSDDD – 2026

N/A

CSRD – 2027

Reporting on the 2026 data

• listed small and medium enterprises (SMEs)* that do not exceed two of these three criteria:
  • balance sheet total € 25 million
  • net turnover € 50 million
  • employees 250 per financial year
• small and non-complex financial institutions (that are large or listed SMEs)
• captive insurance and reinsurance undertakings (that are large or listed SMEs)

N.b. micro-enterprises are excluded from the scope

*Possibility to opt-out for the first two years if the SME provides a statement explaining why their management does not capture sustainability information

CSDDD – 2027

Companies with the following features

• > 5000 employees on average and a global net turnover of > € 1.5 billion in the last financial year for which annual financial statements (should) have been adopted
• not reaching the thresholds mentioned above but is the ultimate parent company of a group that does

N.b. non-EU companies operating in the EU fall within the same scope, but with two exceptions:

• no specified number of employees limit
• only the net turnover generated in the EU is counted

CSRD – 2028

N/A

CSDDD – 2028

Companies with the following features

• 3000 employees on average and a global net turnover of > € 900 million in the last financial year for which annual financial statements (should) have been adopted
• not reaching the thresholds mentioned above but being the ultimate parent company of a group that does

N.b. non-EU companies operating in the EU fall within the same scope, but with two exceptions:

• no specified number of employees limit
• only the net turnover generated in the EU is counted

CSRD – 2029

Reporting on the 2028 data

• non-EU company generating a net turnover > € 150 million in the EU for each of the last two consecutive financial years and having either:
  • an EU subsidiary fulfilling the criteria of a large company or a listed SME (except micro)
  • an EU branch generating > € 40 million net turnover

N.b. these companies are expected to report on their impacts

CSDDD – 2029

Companies meeting the following features

• 1000 employees on average and a global net turnover of > € 450 million in the last financial year for which annual financial statements (should) have been adopted (the CSDDD phases the number of employees and the net turnover in. See the section ‘application’ for more information)
• not reaching the thresholds mentioned above but being the ultimate parent company of a group that does
• entered into franchising or licensing agreements in the EU with independent third-party companies where:
  • the agreements ensure common identity
  • there is a common business concept and method
  • royalties > €22,5 million
  • the company itself or as head of a belonging group that generated a global net turnover > €80 million 

N.b. non-EU companies operating in the EU fall within the same scope, but with two exceptions:

• no specified number of employees limit
• only the net turnover generated and royalties in the EU is counted

CSRD

Value chain definition

Value chain encompasses the full range of activities, resources and relationships an undertaking uses and relies on to create its product/service, from the conception to delivery, consumption and end-of life. It includes those that related to its business model and external environment where it operates (as per ESRS).

Relevant activities, resources and relationships include those in:

• the undertaking’s own operations such as human resources
• the undertaking’s supply, marketing and distribution channels such as materials and service sourcing and product and service sale and delivery
• financing, geographical, geopolitical and regulatory environments where the undertaking operates

Value chain includes both:

• upstream actors, e.g. suppliers, provide products or services that the undertaking uses in the developments of its products or services
• downstream actors, e.g. distributors, customers, receive products or services from the undertaking

CSDDD

Chain of activities definition

Chain of activities: activities of a company’s direct and indirect, upstream and downstream business partners which are defined as follows:

• direct business partners have a commercial agreement with the company relating to the operations, products or services of the company
• indirect business partners are not direct business partners but perform business operations related to the operations, products, and services of the company
• upstream business partners’ activities relate to the production of goods and the provision of services.
• downstream business partners’ activities relate instead to the distribution, transport and storage of a product

N.b. as per CSDDD, regulated financial undertakings are only subject to due diligence obligations for the upstream part of their chains of activities

Assurance/verification provisions

CSRD – Assurance

The CSRD requires limited assurance over sustainability reporting as from 2025. The CSRD foresees a possibility of moving to reasonable assurance in 2028 subject to the EC’s positive assessment whether the transition is feasible for undertakings and assurance practitioners.

CSDDD – Verification on provisions

The CSDDD allows for voluntary independent third-party verification:   

• companies may use independent third-party verification on and from companies in their chains of activities
• companies shall bear the cost of the third-party verification to verify compliance of an SME. If the SME requests to pay part of the verification costs, it can then in turn share the results of such verification with other companies

CSRD – Engagement scope

The limited assurance opinion should cover:

• the compliance with the CSRD, including:
  • the sustainability reporting rules with the European Sustainability Reporting Standards (ESRS)
  • the process to identify the information to be reported pursuant ESRS
  • the sustainability mark-up requirement
• the compliance with the EU Taxonomy Article 8 reporting requirements

CSDDD – Engagement scope

• support the due diligence obligations implementation
• compliance with the company’s code of conduct
• compliance with a preventive and corrective action plan

CSRD – Service providers

• Statutory auditors
• MSs might mandate:
  • statutory auditors other than the financial statements auditors
  • Independent Assurance Service Provider (IASP)

N.b. Shareholders with > 5% voting rights or 5% capital of the undertaking have the right to ask to involve an accredited third party to prepare a report on some elements of sustainability reporting. This accredited third party cannot belong to the same firm or network as the auditor carrying out the statutory audit.

The CSRD requires statutory auditors to obtain knowledge on specific subjects to be allowed to carry out assurance engagements of sustainability reporting:

• legal requirements and reporting standards relating to the preparation of annual and consolidated sustainability reporting  
• sustainability analysis  
• sustainability due diligence processes  
• legal requirements and assurance standards for sustainability reporting  

Statutory auditors should also complete practical training to carry out assurance engagements of sustainability reporting. The CSRD includes transitional arrangements for statutory auditors who have been qualified before 1 January 2026.

The Audit Directive 2006/43/EC) requires statutory auditors to comply with the rules on professional ethics, independence, objectivity, confidentiality and professional secrecy. These rules also are extended to statutory auditors carrying out sustainability reporting assurance.

MSs, that have authorised IASPs to carry out sustainability assurance should ensure that IASPs are subject to equivalent requirements to those set out in the Audit Directive 2006/43/EC concerning assurance of sustainability reporting, incl. ethics, independence, objectivity, confidentiality and professional secrecy, training and examination, continued education.

CSDDD – Services providers

• Independent third-party verification providers such as other companies or industry or multi-stakeholder initiatives

• Verifiers must have:
  • objectivity and complete independence from the company, be free from any conflicts of interest and external influence, whether direct or indirect, and shall refrain from any action incompatible with their independence
  • experience and competence in environmental or human rights matters and shall be accountable for the quality and reliability of the verification they carry out.

CSRD – Assurance standard

The EC shall adopt, via delegated acts, an EU limited assurance standard by 1 October 2026.

MSs may apply national assurance standards, procedures or requirements as long as the EC has not adopted an assurance standard covering the same subject matter.

The Committee of European Auditing Oversight Bodies (CEAOB) adopted non-binding guidelines for limited assurance engagements to facilitate the harmonisation of sustainability assurance across EU MSs in the transitional period.

By 1 October 2028, the EC shall adopt an assurance standard for reasonable assurance, following an assessment to determine if the transition is feasible for undertakings and assurance practitioners. The delegated act should specify when reasonable assurance requirement would start applying.

CSDDD – Verification guidance

The EC will issue guidance setting out fitness criteria and a methodology for companies to assess the fitness of third-party verifiers, and guidance for monitoring the accuracy, effectiveness and integrity of third-party verification.

CSRD

The CSRD mandates companies to disclose their transition plan to ensure that their business model and strategy align with the transition to a sustainable economy and the objectives of limiting global warming to 1,5 °C as well as the objective of achieving climate neutrality by 2050.

As per the ESRS delegated act, disclosure requirement E1-1 – Transition plan for climate change mitigation, companies shall disclose their transition plan for climate change mitigation, including climate change mitigation actions. In case the undertaking does not have a transition plan in place, it shall indicate whether and, if so, when it will adopt a transition plan.

While the CSRD requires companies to disclose information related to their transition plans, it does not mandate them to set one up.

CSDDD

The CSDDD mandates that undertakings establish a transition plan, update it every 12 months and include a report that describes their progress toward meeting the targets. This report should:

• set time-bound climate change targets for 2030 and in five-years steps up to 2050 based on conclusive scientific evidence
• outline identified decarbonisation levers and key actions planned to reach the targets listed above
• explain and quantify the investments and funding supporting the implementation of the transition plan
• describe the administrative, management and supervisory bodies’ role in executing the transition plan

Companies within CSRD’s scope that report a transition plan, or those covered by  their parent company’s transition plan, are deemed to be compliant with the obligation to adopt a transition plan under CSDDD Article 22. For such companies, CSDDD’s additional obligations include expectations to put the plan into effect and to update it every 12 months.

CSRD

The CSRD extends the scope of reporting requirements to non-EU companies generating a net turnover > € 150 million in the EU with a subsidiary that is a large company or a listed SME or a branch exceeding 40million  meeting specific criterion (under Article 40a) (see scope section above).

Those companies are required to report on their impacts on social and environmental matters; no obligation to include the EU Taxonomy Regulation Article 8 disclosures.

Non-EU companies can report sustainability information using:

• standards for third-country companies (in development)
• a full set of ESRS
• standards deemed equivalent to ESRS by the European Commission (EC)
• note: depending on the choice, different scenarios apply

MSs shall require an EU subsidiary, or an EU branch of the non-EU company to publish and make accessible the sustainability report on behalf of its parent company;

• alternatively, an EU subsidiary or EU branch may prepare, publish and make accessible the report
• if the necessary information to prepare the report is not available, the subsidiary or branch shall prepare and publish a sustainability report with all the information possessed and issue a statement indicating that the non-EU parent company did not make the necessary information available

The non-EU company shall also obtain assurance over its sustainability report by an authorised entity in that third country. If the company does not obtain any assurance opinion, its EU subsidiary or EU branch must issue a statement indicating that their non-EU parent company did not provide it.

Non-EU parent company can choose to publish a consolidated sustainability statement using a full set of ESRS available to date.

Subsidiary exemption should apply when the non EU parent company established in a third country reports sustainability information in accordance with ESRS or equivalent sustainability reporting standards. As equivalence assessment  of sustainability reporting standards will take place at a later stage, transitional provisions have been put in place until 2030 so that MSs shall permit EU subsidiaries to report under the European standards. The CSRD also applies to non-EU companies listed on an EU regulated market (see scope section).

• if a non-EU company is a subsidiary which is listed on an EU regulated market and meets a large company threshold, it cannot be exempted and has to publish its own sustainability statement using the ESRS

CSDDD

As per CSDDD, third country companies within CSDDD’s scope (see above) are subject to the same requirements as EU companies. In addition to this:

• such companies must assign an authorised representative (natural or legal person). This representative or the company itself must then inform a supervisory authority in the EU that their company fulfils the scope requirements, as well as provide other specified information
• the supervisory authority responsible for the liaison depends on one of the two criteria:
  • the authority of the MS where this third-country company’s authorised representative is domiciled or established
  • and where these differ, the authority in the MS in which the company generated most of its net turnover in the EU

The EC will establish a secured system for the exchange of information regarding the net turnover generated in the EU by third country companies without an EU branch or with branches in multiple MSs. MSs shall communicate regularly through this secured system the information they have regarding the net turnover generated by such companies. The EC will then analyse the data and notify the MS where the third country company generated most of its net turnover in the EU, indicating that the company falls under CSDDD’s scope and the oversight of that MS’ national supervisor.

CSRD

The CSRD does not introduce any changes to the existing EU supervisory regime. MSs are required to have penalties in place that are effective, proportionate and dissuasive for the cases of non-compliance and to establish a national supervisory authority with powers to supervise compliance by listed companies.

This means that National Competent Authorities (NCAs) are responsible for supervision of sustainability reporting by listed companies on a regulated market in the European Economic Area (EEA).

The European Supervisory and Markets Authority (ESMA) coordinates NCAs’ supervision of sustainability reporting. As per the CSRD, ESMA issued guidelines on the supervision of sustainability reporting by NCAs to promote supervisory convergence. MSs can decide whether to extend supervision of non-listed companies to NCAs or opt for another competent body.

CSDDD

MSs must assign one or more national authorities to be their national supervisory authority for CSDDD’s purposes:

• for EU undertakings, the authority is in the MS where they have their registered office
• for non-EU undertakings this is in the MS in which they have a branch. If the company has no branch in any MS or has branches in several MSs, then the authority is the one of the MS where they generate most of their net turnover in the EU

Supervisory authorities must posses at least the following powers:

• issue orders to companies:
  •  to cease infringements of CSDDD by taking relevant action
  • to abstain from repeating the relevant conduct
  • to provide remediation that is proportionate to the infringement and necessary to bring it to an end
• impose penalties on companies that fail to comply

• adopt interim measures in situations where there is an imminent risk of severe and irreparable harm

CSRD

SMEs do not fall under the CSRD scope (see scope), but they are likely to be impacted indirectly. Their larger counterparts might request information to comply with their own CSRD reporting requirements.

The CSRD mandates the EC to adopt proportionate standards for listed SMEs (LSME). It stipulates that LSME standard should establish a ‘value chain cap’ – include a reference to the level of information that companies within the CSRD scope can ask SMEs within their value chains to comply with their own requirements.

EFRAG has also developed a voluntary standard for non-listed SMEs (VSME) as tasked by the EC. VSME aims at addressing growing demands for sustainability data from business partners and lowering entry market barriers for non-listed SMEs to sustainability reporting. MSs should consider introducing measures to support small and medium-sized undertakings in applying the sustainability reporting standards.

CSDDD

Although SMEs are not in CSDDD’s scope, they are indirectly affected by the Directive. CSDDD mandates some measures to mitigate the impact on SMEs, for example:

• requiring large companies to provide targeted and proportionate support to their SME business partners, including financial support, capacity-building, training, upgrading management systems etc.
• ensuring that contractual assurances obtained from and contracts with SMEs uphold non-discriminatory, fair and reasonable terms
• allowing MSs to provide financial support to SMEs, in line with EU state aid rules