The Corporate Sustainability Reporting Directive, Directive (EU) 2022/2464, requires companies to report on sustainability matters and to put that report inside a dedicated section of their management report. It amends the EU Accounting Directive rather than standing alone. Companies report against the European Sustainability Reporting Standards, using a double-materiality test that covers both their impact on people and the environment and the financial effect of sustainability matters on the business. The report must be digitally tagged and given an independent assurance opinion. One thing has changed since 2022: the Omnibus simplification package raised the size thresholds and pushed back the timetable, so the original waves and thresholds no longer describe who is in scope. Current scope has to be checked against the live EU text.
Most financial reporting covers how a company performed. The CSRD reaches wider: what effect does the company have on the world around it, and how do sustainability matters feed back into its own performance and resilience. The disclosure now lives inside the management report, follows a common standard, carries machine-readable tags, and goes through an independent assurer before it is published. The era of the glossy voluntary report has closed.
This guide is a practitioner's walk through the CSRD as it operates today: what the Directive does, who it brings into scope, the double-materiality test, reporting against the standards, the required content, digital tagging, assurance, and where it all sits in the management report. Because the rules shifted in 2025 and 2026, there is a dedicated section on currency that you should read before relying on any scope figure. Where a point turns on detail, the live consolidated EU text is the source of record.
What the CSRD is, and what it amends
The CSRD is Directive (EU) 2022/2464, adopted on 14 December 2022. Rather than standing alone, it amends the EU's existing company-reporting law, principally the Accounting Directive (Directive 2013/34/EU), along with the Transparency Directive and the audit framework. The practical effect is that sustainability reporting becomes part of the normal corporate reporting cycle rather than a separate exercise.
The Directive widened the population of companies that must report and raised the standard of what they disclose. It made the disclosure follow a common European rulebook and added an independent assurance requirement, replacing the narrower non-financial reporting regime that came before it.
Who is in scope
The base Directive draws several catchment categories. A company can fall into one of them:
| Category | What it covers |
|---|---|
| Large undertakings | Companies that meet the size test in the Accounting Directive, whether or not they are listed. Size is judged on a two-of-three basis across balance sheet total, net turnover, and average number of employees. |
| Listed companies | Companies whose securities are admitted to trading on an EU regulated market, reporting at the level the Directive sets for their size and group position. |
| Listed SMEs | Small and medium-sized enterprises listed on an EU regulated market, other than micro companies. They report against a lighter, proportionate version of the standards and could use a transitional opt-out under the original regime. |
| Certain non-EU companies | A company based outside the EU that generates significant net turnover in the Union and operates through an EU subsidiary or branch. The EU subsidiary or branch publishes the report. |
Group reporting is allowed: a parent can report for its group, which can exempt subsidiaries from reporting individually. The original Directive phased these categories in over three annual waves, starting with the largest listed public-interest companies and working down to listed SMEs. Those original waves and the figures behind them have since been changed. The next section explains how, and why you cannot rely on the 2022 numbers.
Critical currency: the Omnibus changes
The base Directive (EU) 2022/2464 remains in force. But the 2025-2026 "Omnibus I" simplification package changed both who is in scope and when they report. Treat the original 2022 wave dates and size thresholds as superseded for any real decision.
The Stop-the-Clock Directive came into force on 17 April 2025 and postponed application by two years. Companies that were due to start in the second wave (large companies not already reporting) now report for financial year 2027, and listed SMEs in the third wave now report for financial year 2028.
The substantive Omnibus I Directive was published in the Official Journal on 26 February 2026 and entered into force on 18 March 2026. It raised the size thresholds, which sharply reduces how many companies are caught, and it simplifies the standards.
The practical consequence: a company that looked in scope under the 2022 thresholds may no longer be, and a first-reporting year quoted from the original waves is likely wrong. Current scope and timing must be verified against the live consolidated EU text for the specific company before any reliance.
Scope gates everything else, which is why this matters. A scoping answer built on stale thresholds can put a company through a full reporting build it does not owe, or leave a company that is in scope believing it has more time than it does. Treat the original 2022 figures as a way to understand the regime. For any individual company, the current answer comes from the live text.
Double materiality
Double materiality is the test that decides what a company actually reports. It has two sides, and the company runs both:
| Perspective | The question it asks |
|---|---|
| Impact materiality | How does the company affect people and the environment, through its own operations and its value chain. This looks outward at the company's actual and potential adverse impacts, ranked by how severe and how likely they are. |
| Financial materiality | How do sustainability matters affect the company's development, performance, and position over the short, medium, and long term. This looks inward at sustainability risks, opportunities, and dependencies. |
The two assessments are run and then combined. A topic is reported if it is material from either perspective on its own. It does not have to be material from both. A climate impact that matters to the planet but has yet to hit the company financially is still reported. So is a sustainability-driven risk that threatens the business even if the company's own footprint is small.
The Directive also asks the company to report how it identified what it reports. The materiality process itself is part of the disclosure, so a defensible, repeatable method matters as much as the conclusion.
Reporting against the ESRS
The Directive sets the obligation to report, but it does not contain the line-item disclosures. Those live in the European Sustainability Reporting Standards, the ESRS. The structure matters: the ESRS are set by a separate delegated act that sits on top of the Directive, adopted by the European Commission. Reporting in line with the ESRS is the route to compliance with the Directive.
The Directive fixes the subject matter the standards must cover, across three areas:
- Environmental: climate change mitigation, including greenhouse gas emissions, climate change adaptation, water and marine resources, resource use and the circular economy, pollution, and biodiversity and ecosystems.
- Social and human rights: equal treatment and opportunity, working conditions, and respect for human rights anchored in international human-rights instruments and core labour conventions.
- Governance: the role of the company's governing bodies, internal control and risk management over sustainability reporting, business ethics and anti-corruption, lobbying and political influence, and the management of relationships with customers, suppliers, and affected communities.
The Omnibus simplification package is reducing the number of required data points within the standards, so the current standard set must be checked before use rather than assumed from an earlier version. Listed SMEs report against a lighter, proportionate version of the standards.
What the report has to contain
The Directive sets the mandatory content of the sustainability statement. A practitioner can build the statement around these blocks:
| Content block | What it requires |
|---|---|
| Business model and strategy | How the business model handles sustainability risks and opportunities, and a transition plan describing how the company will align with limiting global warming to 1.5 degrees Celsius and reaching climate neutrality by 2050. |
| Targets | Time-bound sustainability targets, including, where appropriate, absolute greenhouse gas reduction targets for at least 2030 and 2050, progress against them, and whether environmental targets are science-based. |
| Governance roles | The role of the company's governing bodies on sustainability, their expertise and skills, and any sustainability-linked incentive schemes. |
| Policies | The policies the company has in place on sustainability matters. |
| Due diligence | The due-diligence process, the principal actual and potential adverse impacts across the company's own operations and its value chain, and the actions taken to prevent, reduce, remedy, or end them. |
| Principal risks and dependencies | The principal sustainability risks and dependencies the company faces, and how they are managed. |
| Indicators | The indicators relevant to the disclosures above. |
For the first few years, value-chain information that is genuinely unavailable can be explained rather than fully reported, which gives companies time to build the data flows from suppliers and partners.
Digital tagging and the single electronic format
The CSRD report is built to be read by machines as well as people. The management report must be prepared in a single electronic reporting format, the same Inline XBRL format used for financial reporting, and the sustainability information must be tagged so that each disclosed item is machine-readable. The tagging also covers the company's EU Taxonomy disclosures where those apply.
Build the tagging into the production workflow as you go. The assurance opinion expressly extends to whether the tagging requirement was met, so a report that is substantively complete but poorly tagged still falls short.
Assurance
The CSRD requires an independent assurance opinion on the sustainability reporting. The requirement begins at the limited assurance level, which is a lower level of scrutiny than the reasonable assurance that applies to audited financial statements. The framework is designed to move toward reasonable assurance later, once the Commission assesses that it is feasible and sets the date for the step-up.
The assurance covers compliance with the Directive and the standards, the process the company used to identify what it reported, and the digital tagging. The assurer is typically the statutory auditor or another statutory auditor, and some Member States allow an accredited independent assurance services provider. The Commission is set to adopt common limited-assurance standards, and until they apply, national assurance standards are used.
Where it sits in the management report
The sustainability statement is part of the management report, in a clearly identifiable dedicated section, rather than a separate voluntary publication. The company's administrative, management, and supervisory bodies bear collective responsibility for it, which puts sustainability reporting on the same footing as the rest of the management report. It is published with the assurance opinion attached.
A CSRD readiness checklist
Run this against a company before treating its CSRD program as ready:
- The company's scope and first reporting year are re-checked against the live EU text, not quoted from the original 2022 waves and thresholds.
- A double-materiality assessment is run on both impact and financial materiality, the results are combined, and the topics are ranked and justified.
- The process used to identify reported information is documented, because the method is itself part of the disclosure.
- Each material topic is mapped to the relevant current ESRS data points, checked against the simplified standard set.
- Every required content block is graded Have, Partial, or Gap, with the 1.5 degree transition plan and the 2030 and 2050 targets handled explicitly.
- The digital tagging requirement is built into the report production workflow, not added at the end.
- An assurance engagement is scoped at limited assurance, with the assurer identified and the path to reasonable assurance anticipated.
- The sustainability statement is placed in a dedicated section of the management report, and the governing bodies acknowledge their collective responsibility.
- For uncertain points, the position is checked against the live consolidated EU text rather than assumed from an earlier version.
Under the CSRD, a persuasive narrative counts for little. What carries weight is a company that can show its materiality work, its data, and its controls. The standard is whether the disclosure is complete, identified through a defensible process, tagged, and able to survive an assurer's review. That is the record the Directive asks for.
For the terms used throughout this guide, see the EU CSRD glossary.