[Last Updated: June 17, 2026]
The Corporate Sustainability Reporting Directive — CSRD — is the most significant overhaul of corporate sustainability disclosure in European Union history. For EHS and ESG professionals who have been tracking it from a distance, 2026 is the year it stops being a future obligation and starts being an operational reality.
This guide explains what CSRD is, who it applies to, what the 2026 Omnibus changes mean in practice, and what EHS and ESG managers specifically need to do next.
CSRD in 30 Seconds
- Mandatory EU sustainability reporting framework — not voluntary
- Uses ESRS (European Sustainability Reporting Standards) — not self-selected frameworks
- Requires a double materiality assessment to determine what to report
- Requires third-party limited assurance on all disclosed data
- Large EU companies (Wave 2) are filing their first reports right now in 2026
What Is CSRD?
CSRD is an EU regulation that requires companies to report on their sustainability impacts, risks, and opportunities using a standardized framework called the European Sustainability Reporting Standards (ESRS). It replaced the Non-Financial Reporting Directive (NFRD), which had applied to a relatively small number of large public-interest entities, with a far more demanding framework that will eventually cover tens of thousands of companies operating in or selling into Europe.
The key distinction from previous sustainability reporting regimes is that CSRD disclosures are:
- Mandatory — not voluntary or best-effort
- Standardized — using ESRS, not self-selected frameworks
- Audited — subject to third-party limited assurance, moving toward reasonable assurance over time
- Digital — required to be published in machine-readable XBRL format as part of the annual management report
For organizations accustomed to voluntary GRI or CDP reporting, the shift to CSRD is significant. The standard of evidence, the audit trail requirements, and the integration with financial reporting all represent a material increase in what sustainability disclosure actually demands.
| Framework | Mandatory | Assurance Required | Geographic Scope | Primary Audience |
|---|---|---|---|---|
| CSRD / ESRS | Yes — for in-scope EU companies | Yes — limited assurance minimum | EU (+ non-EU with EU revenue threshold) | Large companies, listed SMEs |
| GRI | No — voluntary | Optional | Global | Any organization |
| ISSB / IFRS S1-S2 | Depends on jurisdiction | Depends on jurisdiction | Global (adopted by 30+ jurisdictions) | Capital markets, investors |
| CDP | No — voluntary | No | Global | Supply chain, investors |
CSRD is the only framework in this table that mandates both the specific standards used and third-party assurance of outputs — making it structurally more demanding than any voluntary alternative.
Who Must Comply — and When
Overview of the four CSRD reporting waves under the EU Corporate Sustainability Reporting Directive.
CCSRD applies in four waves, defined by company size, listing status, and geographic origin, as outlined by the European Commission’s official CSRD guidance.
Wave 1 — Already reporting (FY2024 data, published 2025) Large public-interest entities previously subject to the NFRD — typically listed companies, banks, and insurers with 500+ employees. These companies filed their first CSRD reports in 2025 and are now preparing their second cycle.
Wave 2 — Reporting now (FY2025 data, published 2026) Large EU companies exceeding two of three criteria: 250+ employees, €25M+ balance sheet, or €50M+ turnover must report on their 2025 fiscal year. For many, this is the first mandatory CSRD filing.
Wave 3 — Preparing now (FY2026 data, published 2027) Listed SMEs, with an optional two-year opt-out available until 2028.
Wave 4 — Non-EU companies (FY2028 data, published 2029) Non-EU companies generating €150M+ revenue within the EU with at least one large EU subsidiary or branch. Under the revised Omnibus thresholds, this figure has been raised to €450M for the broader scope.
Key point for non-EU organizations: Even companies not yet legally in scope are receiving CSRD-related data requests from European customers and supply chain partners who are themselves subject to the directive. Scope 3 reporting pulls supplier data upstream — CSRD compliance requirements effectively travel beyond the legal perimeter.
The Omnibus Update: What Changed in 2026
The EU’s Simplification Omnibus proposals continue to progress through the EU legislative process in 2026. Companies should monitor developments closely, but should not pause compliance preparations while awaiting final implementation.
The most significant changes proposed include:
Narrower scope. The revised thresholds raise the employee minimum to 1,000 and the turnover threshold to €450M, reducing the number of companies in scope significantly from the original estimate.
Simplified ESRS. A 61% reduction in mandatory data points is proposed — from approximately 1,100 to roughly 430 — while voluntary disclosures are eliminated altogether. Simplified ESRS standards are expected for mandatory reporting starting FY2027, with optional early adoption available for FY2026.
Materiality first. Under the revised approach, all topical disclosures — including climate — are subject to materiality assessment. Companies are not required to report on topics that are not material to their business.
What has not changed. Wave 1 and Wave 2 companies must continue publishing reports under current requirements. Double materiality and limited assurance remain the two most operationally demanding CSRD requirements regardless of Omnibus developments. Companies should treat the proposed simplifications as a potential reduction in future burden, not as permission to slow current preparations.
What CSRD Requires: The ESRS Framework
ESRS is the reporting standard that specifies what companies must disclose under CSRD. It is organized into cross-cutting standards that apply to all companies, and topical standards organized across environmental (E), social (S), and governance (G) topics.
Cross-cutting standards (apply to all companies):
- ESRS 1 — General requirements (materiality, reporting scope, value chain)
- ESRS 2 — General disclosures (governance, strategy, risk management, metrics)
Environmental standards (E1–E5):
- E1 — Climate change (GHG emissions, climate risks, transition plans)
- E2 — Pollution
- E3 — Water and marine resources
- E4 — Biodiversity and ecosystems
- E5 — Resource use and circular economy
Social standards (S1–S4):
- S1 — Own workforce
- S2 — Workers in the value chain
- S3 — Affected communities
- S4 — Consumers and end-users
Governance standard:
- G1 — Business conduct
Not every standard applies to every company. The double materiality assessment determines which topics are material — and therefore which ESRS disclosures are required.
Double Materiality: The Hardest Part Explained
Double materiality is the concept that distinguishes CSRD from previous sustainability reporting frameworks. It requires companies to assess sustainability topics from two directions simultaneously.
According to EFRAG, the double materiality assessment forms the foundation of ESRS reporting and determines which sustainability topic disclosures become mandatory for a given undertaking. No other disclosure obligation under CSRD can be properly scoped without completing this assessment first.
Impact materiality (inside-out): How your company’s activities affect people and the environment — actual and potential, positive and negative impacts, across your own operations as well as upstream and downstream value chain.
Financial materiality (outside-in): How sustainability-related issues affect your company’s financial performance, position, cash flows, access to finance, or cost of capital over the short, medium, or long term.
A topic is material under CSRD if it is material from either perspective — not both. S&P Global’s 2025 Corporate Sustainability Assessment found that about 48% of assessed companies globally now use a double materiality approach. The gap between those who have an approach and those who can execute one that withstands limited assurance is significant — and closing this gap is the practical challenge for most organizations currently in CSRD preparation.
In practice, the double materiality assessment involves identifying all potential Impacts, Risks, and Opportunities (IROs), scoring them for magnitude and likelihood across short, medium, and long timeframes, engaging stakeholders, and documenting the methodology in a way that an external auditor can verify.
What EHS Managers Need to Do
CSRD is not just an ESG reporting obligation — it directly implicates EHS programs. Several ESRS topics require data that EHS teams own and produce.
E1 — Climate change: GHG emissions data for Scope 1, 2, and 3 — including energy consumption, fleet emissions, and process emissions. Many EHS teams already track Scope 1 and 2; Scope 3 often requires new supplier engagement workflows.
E2 — Pollution: Air, water, and soil emissions data from operational processes. Existing environmental permit compliance data is often the starting point, but the ESRS format and granularity requirements may exceed what is currently captured.
S1 — Own workforce: Health and safety metrics including injury rates, fatality rates, work-related ill health, and near miss data are explicitly required. TRIR, LTIFR, and related metrics that EHS teams already track map directly to ESRS S1 disclosure requirements.
Practical actions for EHS managers:
- Audit what data you currently collect against ESRS E1, E2, and S1 requirements
- Identify gaps in data quality, frequency, and documentation
- Engage early with the sustainability reporting team — EHS data is now a disclosure input, not just an operational metric
- Ensure incident management and environmental monitoring systems produce audit-ready outputs
What ESG Managers Need to Do
For ESG managers, CSRD represents a shift from managing a voluntary reporting process to managing a regulated disclosure process — with assurance requirements and board sign-off obligations.
Complete or validate your double materiality assessment. If your organization is in Wave 2, this should already be done. If you are preparing for Wave 3 or Wave 4, start now — the assessment process typically takes three to six months to execute properly, and it determines the scope of everything else.
Map your data gaps against material ESRS topics. Once materiality is established, identify which data points are required, which systems currently collect that data, and where the gaps are. This gap analysis drives the technology and process investment decisions for the next reporting cycle.
Engage your auditor early. CSRD requires limited assurance from a third-party auditor. What auditors will accept as evidence varies. Starting conversations early avoids surprises during the assurance process.
Build the connection between ESG and financial reporting. CSRD is published within the management report alongside financial statements. Finance, legal, and ESG teams need aligned processes — and ideally a shared platform — to produce a coherent, consistent disclosure.
The Role of Technology
Manual CSRD compliance — using spreadsheets and email to collect data across entities and frameworks — is possible but operationally fragile. The assurance requirements alone, which demand a traceable evidence chain for every disclosed data point, are difficult to satisfy without a system of record.
Dedicated ESG reporting platforms address these challenges by automating data collection, maintaining audit trails, mapping data to ESRS requirements, and producing disclosure-ready outputs. Several platforms have been specifically recognized for their CSRD capabilities:
- Sweep — Verdantix 2026 Green Quadrant Leader for enterprise carbon management, with strong multi-framework coverage including CSRD and ESRS
- Workiva — the platform of choice for organizations integrating CSRD disclosure with financial reporting and SOX compliance
- IBM Envizi — Verdantix 2025 Leader for ESG data management, recognized for data acquisition and quality control
- KEY ESG — purpose-built for multi-entity portfolios with full SFDR, EU Taxonomy, and CSRD coverage
Common Mistakes to Avoid
Treating CSRD as a reporting project rather than a data program. The most common failure mode is focusing on producing the disclosure document without building the underlying data infrastructure. CSRD requires audit-ready data — which means data collection systems, governance processes, and quality controls need to be in place before the reporting cycle begins.
Waiting for Omnibus to be finalized before preparing. The Omnibus simplification proposals are reducing scope and data points for future waves, but Wave 1 and Wave 2 companies remain in scope under current requirements. Organizations that paused work in 2025 are now behind.
Underestimating the value chain dimension. CSRD’s Scope 3 and value chain requirements mean that even companies not directly in scope will receive data requests from those that are. Suppliers, service providers, and business partners of CSRD-subject companies should prepare regardless of their own regulatory status.
Conducting the double materiality assessment as a checkbox exercise. Auditors are increasingly scrutinizing the quality of materiality assessments. A thin, internally-produced assessment that does not document stakeholder engagement, scoring methodology, and governance will not withstand limited assurance review.
Looking for Software to Simplify CSRD Compliance?
These platforms are designed specifically to support CSRD data collection, ESRS mapping, and audit-ready reporting:
- Sweep — multi-framework ESG & carbon platform · Verdantix 2026 Leader
- Workiva — financial + ESG reporting integration · 6,400+ enterprise clients
- IBM Envizi — ESG data foundation · 500+ data connectors · Verdantix 2025 Leader
- KEY ESG — SFDR, EU Taxonomy, CSRD for fund managers and PE firms
Compare all CSRD-capable platforms → Best ESG Reporting Software 2026 (available July 2026)
Frequently Asked Questions
Does CSRD apply to non-EU companies? Yes, under certain conditions. Non-EU companies generating €150M or more in EU revenue with at least one qualifying EU subsidiary or branch are in scope from FY2028. Omnibus proposals have raised certain thresholds, but these changes are still progressing through the EU legislative process — verify current status before making compliance decisions.
What is the difference between CSRD and ESRS? CSRD is the EU directive — the law that mandates sustainability reporting. ESRS (European Sustainability Reporting Standards) specifies what must be disclosed. CSRD is the obligation; ESRS is the framework for meeting it.
How is CSRD different from GRI reporting? GRI is a voluntary framework that companies can apply selectively. CSRD with ESRS is mandatory for in-scope companies, standardized across all reporters, and subject to third-party assurance. Companies with mature GRI programs have a head start, but the mandatory and audited nature of CSRD creates a materially higher bar.
What is double materiality in simple terms? A topic is material under CSRD if it affects your company financially (financial materiality) or if your company affects the world through it (impact materiality) — or both. You report on topics that meet either test.
Is CSRD the same as ESG reporting? Not exactly. ESG reporting is a broad term covering any disclosure about environmental, social, and governance performance. CSRD is a specific mandatory EU regulation requiring ESG disclosure under ESRS standards, with assurance and digital tagging requirements that go beyond most voluntary ESG reporting practices.
