The countdown is running. For thousands of European companies, the Corporate Sustainability Reporting Directive (CSRD) is no longer a distant regulatory horizon — it is an active compliance obligation with binding deadlines, mandatory audits, and reputational consequences for those who fall behind.

Whether you are a CFO trying to understand the financial reporting implications, a sustainability manager mapping out your disclosure strategy, or a business owner wondering whether your company is even in scope, this guide cuts through the complexity and tells you exactly what CSRD compliance requires and what you need to do before 2027.

What Is the CSRD — and Why Does It Exist?

The Corporate Sustainability Reporting Directive (CSRD) is an EU regulation that entered into force on 5 January 2023. It replaces the previous Non-Financial Reporting Directive (NFRD), which the European Commission had concluded was producing sustainability reports that were too inconsistent, too incomplete, and too difficult for investors to compare across companies.

The CSRD exists to fix that. Its core purpose is to standardise ESG reporting across the EU so that sustainability data becomes as reliable, auditable, and comparable as financial data. The directive is also a structural component of the EU's Green Deal and its broader sustainable finance agenda, including the Sustainable Finance Disclosure Regulation (SFDR) and the EU Taxonomy.

What makes the CSRD fundamentally different from its predecessor is scope, depth, and enforceability. Companies subject to CSRD must report according to the European Sustainability Reporting Standards (ESRS) — a framework of 12 standards developed by the European Financial Reporting Advisory Group (EFRAG), covering environmental, social, and governance topics in granular detail.

Who Is In Scope?

This is the question most companies are asking first — and rightly so, because the answer has changed.

In December 2025, the European Parliament approved the Omnibus I simplification package, which significantly revised the CSRD's scope. The updated thresholds now apply CSRD obligations to companies with:

  • More than 1,000 employees, AND
  • Net annual turnover exceeding €450 million

This represents a substantial reduction from the original scope, which would have captured any company meeting two of three criteria: 250+ employees, €50M+ turnover, or €25M+ balance sheet. Listed SMEs and financial holding companies are no longer automatically included, though review clauses exist that could re-expand requirements in future.

For non-EU companies, the trigger is different: organisations generating €450M or more in net EU turnover with at least one EU subsidiary or branch will also fall within scope, with their first reports due by 2029.

If you are unsure whether your organisation is in scope, that assessment should be your first step — not your last.

The CSRD Reporting Timeline: Phase by Phase

CSRD compliance is being rolled out in waves. Understanding which wave applies to your organisation determines your deadline.

Wave 1 — Already Reporting (Reports published 2025)

Companies previously subject to the NFRD — large listed companies with 500+ employees — had to publish their first CSRD-compliant reports in 2025, covering financial year 2024.

Wave 2 — Large Companies (Reports due 2026)

Large EU companies meeting the size thresholds (prior to the Omnibus revision) must report on their 2025 financial year in 2026.

Wave 3 — Listed SMEs (Reports due 2027)

Listed small and medium-sized enterprises must start reporting on their 2026 financial year, with reports due in 2027. There is a two-year opt-out provision available, allowing deferral until 2028 — but companies using this option must explain why the required information has not been provided.

Wave 4 — Non-EU Companies (Reports due 2029)

Non-EU parent companies with significant EU operations submit their first report in 2029, covering financial year 2028.

For Wave 3 companies in particular, the 2027 deadline sounds comfortable — but the data collection, gap analysis, and assurance process required makes 2026 the real window of preparation.

What the CSRD Actually Requires You to Report

CSRD compliance is not a checkbox exercise. It demands a structured, evidenced, and externally verified account of your company's sustainability impacts, risks, and opportunities. The ESRS framework organises this across three dimensions:

Environmental (ESRS E1–E5)
Climate change, pollution, water and marine resources, biodiversity and ecosystems, and resource use and circular economy. The requirement to report on Scope 3 emissions — indirect emissions across your entire value chain — is among the most technically demanding elements.

Social (ESRS S1–S4)
Own workforce, workers in the value chain, affected communities, and consumers and end-users.

Governance (ESRS G1)
Business conduct, including anti-corruption, lobbying, and supplier relationships.

Two structural requirements cut across all of these:

Double Materiality Assessment
Unlike previous reporting frameworks, CSRD requires companies to apply a double materiality lens. This means assessing not only how sustainability issues affect your financial performance (financial materiality), but also how your operations impact people and the environment (impact materiality). Both dimensions must be considered, and the assessment process must be documented and defensible.

External Assurance
All CSRD sustainability reports must be independently verified by an accredited external auditor. The initial requirement is limited assurance — roughly equivalent to a review-level audit — though the original transition to reasonable assurance by 2028 has been removed under the Omnibus revision, reducing audit complexity and cost.

Reports must also be submitted in machine-readable European Single Electronic Format (ESEF), with sustainability data digitally tagged to allow automated processing and comparison across the EU's financial data infrastructure.

The Omnibus Simplification: What Has Changed and What Remains Uncertain

The Omnibus I package introduced meaningful relief, but also regulatory uncertainty. Key changes confirmed as of early 2026 include:

  • The employee threshold raised to 1,000+ (from 250+)
  • Mandatory datapoints in the revised ESRS reduced by approximately 61%
  • Voluntary disclosures eliminated from the ESRS framework
  • Extended phase-in provisions through 2026 for Wave 1 companies
  • Simplified ESRS standards expected to apply for FY2027 reporting

However, the revised ESRS is still in public consultation (Q1/Q2 2026) and has not yet been formally adopted. This means that while simplification is coming, its precise contours are not fully settled. Companies planning for FY2027 reporting need to monitor EFRAG's final standards closely while simultaneously building the foundational data infrastructure that any version of CSRD will require.

"The direction of travel is clear even if some details are not. Waiting for absolute regulatory certainty before beginning preparation is a strategy that routinely leads to rushed, non-compliant reports."

Seven Practical Steps to Prepare Before 2027

  1. Determine Your Scope and Deadline: Confirm whether your company meets the revised thresholds and which reporting wave applies. For groups with complex cross-border structures, this requires entity-level analysis, not just group-level assumptions.
  2. Conduct a Double Materiality Assessment: This is the foundation of your entire CSRD report. It requires stakeholder engagement, impact mapping across the value chain, and a structured evaluation of both financial and impact materiality. Budget adequate time — this process typically takes three to four months when done properly.
  3. Perform a Gap Analysis Against the ESRS: Map your existing sustainability data against each applicable ESRS standard. Where are the data gaps? Which metrics do you currently collect, and which require new measurement systems, supplier engagement, or third-party data?
  4. Build Your Data Collection Infrastructure: CSRD-compliant reporting requires consistent, auditable data collection processes. This often means integrating ESG data management into existing ERP or finance systems, establishing supplier data request workflows for Scope 3 emissions, and assigning clear internal ownership for each disclosure area.
  5. Align With Your Financial Reporting Process: CSRD sustainability disclosures must be included within the management report — the same document that contains your financial statements. This requires close collaboration between sustainability, finance, and legal teams, and in many cases a redesign of the annual reporting workflow.
  6. Engage an Assurance Provider Early: External assurance is mandatory. Engaging your auditor or an accredited sustainability assurance firm early — before the data collection phase, not after — significantly reduces last-minute pressure and increases the reliability of your final report. Assurance providers will want to assess your data trail, not just your output.
  7. Monitor Regulatory Developments: With the revised ESRS entering final consultation in 2026, companies should designate someone responsible for tracking regulatory updates from EFRAG and the European Commission. A standard that shifts between your preparation phase and your reporting year creates significant rework if caught late.

The Cost of Non-Compliance

Penalties for CSRD non-compliance are determined at the national level by member state competent authorities. While specific fines vary by jurisdiction, enforcement frameworks typically include financial penalties, mandatory corrective reporting, and public disclosure of sanctions — the reputational exposure of which can be more damaging than the fine itself.

Beyond regulatory risk, CSRD non-compliance carries commercial consequences. Institutional investors, procurement teams, and large corporate clients are increasingly screening supply chain partners against ESG disclosure standards. A company unable to produce a credible sustainability report is a liability in that context, not just a regulatory offender.

Start Now, Not Later

The companies that will navigate CSRD most successfully are not those with the most sophisticated sustainability programmes today — they are those that begin the structural preparation earliest. Gap analyses, materiality assessments, and data infrastructure take time to build correctly, and the 2027 deadline will arrive faster than most finance calendars currently reflect.

CSRD compliance is also an opportunity. Done well, the process produces a clearer strategic picture of where your company's sustainability risks and impacts actually lie — intelligence that informs better business decisions, not just better reports.