The CSRD represents the most significant expansion of corporate reporting requirements in the EU since IFRS adoption. For companies now entering Wave 2, the practical challenge isn't understanding the regulation — it's implementing the data collection, materiality assessment, and reporting processes needed to produce compliant reports within the required timeline. This guide focuses on what compliance teams and CFOs need to do, not the policy rationale.
CSRD Scope: Who Must Report and When
The CSRD applies in four waves, each expanding the scope of covered entities:
| Wave | Entities | Reporting Year | Report Due |
|---|---|---|---|
| Wave 1 | Large PIEs (500+ employees, already under NFRD) | FY 2024 | 2025 |
| Wave 2 | All large companies (2 of 3: 250+ employees, €50M+ revenue, €25M+ assets) | FY 2025 | 2026 |
| Wave 3 | Listed SMEs (except micro-entities) | FY 2026 | 2027 |
| Wave 4 | Non-EU companies with €150M+ EU revenue | FY 2028 | 2029 |
For Wave 2 companies, the immediate deadline is clear: sustainability reports for FY 2025 must be included in your annual report filed in 2026. If your reporting infrastructure isn't already in place, you're behind.
The 12 ESRS Standards
The European Sustainability Reporting Standards (ESRS), adopted by the Commission as delegated acts, define what companies must report. There are 12 standards organised into three categories:
Cross-Cutting Standards
- ESRS 1 — General Requirements: Defines the architecture of CSRD reporting — materiality assessment process, reporting boundaries, time horizons, and quality characteristics. Every company subject to CSRD must comply with ESRS 1.
- ESRS 2 — General Disclosures: Mandatory for all reporting companies. Covers governance, strategy, impact/risk/opportunity management, and metrics. Includes required disclosures on business model, value chain, stakeholder engagement, and the materiality assessment process.
Environmental Standards (E1–E5)
- E1 — Climate Change: GHG emissions (Scope 1, 2, and 3), transition plan, climate targets, carbon pricing exposure, energy consumption
- E2 — Pollution: Air, water, and soil pollution; substances of concern
- E3 — Water and Marine Resources: Water consumption, water stress areas, marine impact
- E4 — Biodiversity and Ecosystems: Impact on biodiversity, land use, ecosystem degradation
- E5 — Resource Use and Circular Economy: Material flows, waste generation, circular design
Social Standards (S1–S4)
- S1 — Own Workforce: Working conditions, equal treatment, labour rights, health and safety
- S2 — Workers in the Value Chain: Supply chain labour conditions, due diligence
- S3 — Affected Communities: Community impacts, indigenous rights, land rights
- S4 — Consumers and End-Users: Product safety, information quality, responsible marketing
Governance Standard
- G1 — Business Conduct: Anti-corruption, lobbying, payment practices, supplier relationships
Critically, topical standards E1–E5, S1–S4, and G1 are subject to the double materiality assessment. A company only reports on a topical standard if the related sustainability matter is material from either an impact or financial materiality perspective. ESRS 2 and ESRS 1 are always mandatory.
Track CSRD implementation guidance, EFRAG updates, and national transposition details automatically.
Start free trial →Double Materiality: The Assessment That Drives Everything
The double materiality assessment is the foundation of CSRD reporting. It determines which topics you report on and which you can legitimately exclude. Double materiality means assessing each sustainability matter from two perspectives:
- Impact materiality: Does your company have actual or potential positive or negative impacts on people or the environment? This is an "inside-out" perspective.
- Financial materiality: Do sustainability matters create risks or opportunities that could materially affect your company's financial performance, position, or cash flows? This is an "outside-in" perspective.
A sustainability matter is material if it meets the threshold on either perspective — you don't need both. The assessment must be documented, stakeholder-informed, and defensible to auditors.
What the Big 4 Are Flagging
The major audit firms reviewing Wave 1 CSRD reports have identified several common weaknesses that Wave 2 companies should avoid:
- Insufficient documentation of the materiality process: Simply listing which topics are material isn't enough. Auditors expect documented evidence of the assessment methodology, stakeholder input, thresholds applied, and rationale for exclusions.
- Scope 3 emissions data quality: E1 (Climate Change) requires Scope 3 GHG emissions reporting, but many companies lack reliable value chain emissions data. Auditors are flagging the gap between reported numbers and verifiable data sources.
- Value chain data gaps: ESRS S2 (Workers in the Value Chain) and E1 Scope 3 both require value chain data that many companies don't have. ESRS allows estimation and the use of sector averages, but the methodology must be transparent and conservative.
- Transition plan credibility: E1 requires disclosure of a transition plan for climate change mitigation. Auditors are challenging plans that lack quantified targets, interim milestones, and capital expenditure commitments.
SFDR Interaction
For financial services firms, the CSRD intersects directly with the Sustainable Finance Disclosure Regulation (SFDR). SFDR requires financial market participants to disclose sustainability risks and adverse impacts — and CSRD data from investee companies provides the underlying information. In practice, this means asset managers need CSRD-quality ESG data from portfolio companies to meet their own SFDR obligations (particularly principal adverse impact indicators), banks need CSRD data from borrowers for their own IFRS 9 climate-adjusted credit risk models, and the alignment between CSRD data points and SFDR principal adverse impact indicators is intentional — but not yet seamless.
Limited Assurance: What Auditors Will Check
CSRD requires limited assurance on sustainability reports — a lower standard than the reasonable assurance required for financial statements, but still a significant step beyond self-reported ESG data. Limited assurance means the auditor will perform inquiry and analytical procedures, review the materiality assessment process and documentation, test key data points for accuracy and completeness, assess the consistency of sustainability disclosures with financial statements, and issue an assurance opinion stating whether anything has come to their attention that causes them to believe the sustainability report is materially misstated.
The Commission plans to move to reasonable assurance by 2028, meaning assurance requirements will tighten over time.
Practical Compliance Roadmap for Wave 2
- Double materiality assessment (if not done): Complete the assessment immediately. Engage stakeholders, document methodology, and submit for board approval.
- Data gap analysis: For each material topic, map required ESRS data points to your current data availability. Identify gaps — particularly in Scope 3 emissions, value chain social data, and biodiversity metrics.
- Data collection infrastructure: Implement or upgrade systems for sustainability data collection. This may require new data feeds from operations, procurement, HR, and supply chain functions.
- XHTML tagging preparation: CSRD reports must be filed in XHTML format with ESRS taxonomy tags. Ensure your reporting software supports ESEF-compliant digital tagging for sustainability data.
- Assurance provider engagement: Engage your auditor (or a separate assurance provider) early. Agree on the limited assurance scope, timeline, and information requests.
- Board and governance preparation: ESRS 2 requires disclosure of board oversight of sustainability matters. Ensure board governance structures and meeting minutes reflect active sustainability oversight.
- Transition plan development: If E1 is material, develop a credible transition plan with quantified targets, interim milestones, and capital allocation commitments. This is one of the most scrutinised disclosures.
"CSRD is not a reporting exercise bolted onto your annual report. It's a fundamental expansion of what 'corporate reporting' means. Companies that treat it as a compliance checkbox will produce reports that fail assurance. Companies that integrate it into strategy will discover it drives better decision-making."
For related regulatory frameworks, see our guides on GDPR compliance (data protection implications of ESG data collection), EU AI Act (AI used in ESG scoring), and IFRS 9 (climate-adjusted credit risk). RegPulse tracks EFRAG updates, national CSRD transposition, ESRS implementation guidance, and assurance standard developments.
Stop tracking regulatory changes manually
RegPulse monitors 200+ sources so you don't have to. Stay ahead of CSRD deadlines, ESRS guidance, and sustainability reporting developments.
Request a Demo →