The new EU Corporate Sustainability Reporting Directive (“CSRD”) is set to create unprecedented levels of ESG reporting for companies with a global footprint. Certain large EU companies are already conducting double materiality assessments and collecting data for the first round of reports (due in 2025). EU subsidiaries of foreign companies and non-EU parent companies with significant business in the EU will soon be required to do the same.

What is the CSRD?

The CSRD is an EU Directive which replaces the Non-Financial Reporting Directive.

It requires certain entities operating or generating revenue within the EU to disclose their ESG impacts, risks and opportunities according to an extensive set of prescribed standards: the European Sustainability Reporting Standards (“ESRS”). The ESRS cover a broad range of ESG issues, from climate and other environmental issues, through to labour and other human rights issues in a company’s own workforce and supply chain, as well as impacts such as the effect of the company’s operations, products and services on communities and consumers.

Companies must conduct a “double materiality” assessment to determine their material ESG impacts on people and the planet (“impact materiality”); and how ESG issues create financial risks and opportunities for the company (“financial materiality”). This double materiality assessment (which is subject to mandatory external assurance by auditors) determines the specific standards which will apply and the data which the company must collect and report.

On 26 September 2024, the European Commission published infringement decisions to ensure complete and timely transposition of EU directives. One of those infringement notices concerns 17 Member States who have failed to notify full transposition of the CSRD into national law (including required amendments to the national measures transposing the Accounting Directive, the Transparency Directive and the Audit Directive) by 6 July 2024. If the Member States fail to respond to letters of formal notice satisfactorily, then the Commission may issue a reasoned opinion.

Which companies are in scope and when?

The CSRD came into force on 5 January 2024. However, the implementation dates are staggered according to the size, type, and domicile of in-scope companies. In-scope companies have been classified into four groups (see table below). The first group of companies to report will be required to do so in 2025 for calendar year 2024. Non-EU companies are therefore affected when they have large EU-seated subsidiaries in Group 2 or meet the criteria for Group 4. However, their subsidiaries may be exempted where a consolidated report is provided by the parent company, provided that certain conditions are met:

  1. the parent company publishes a management report containing prescribed information in the consolidated report; and
  2. the consolidated report is consistent with the ESRS, or their equivalent.

In the case of Group 4 companies, the reporting information can cover the consolidated group, including the non-EU entity, but shall be delivered by each in-scope EU subsidiary or branch in a sustainability report.

 

GroupDescriptionReport Due
1(EU) firms which are “Large Undertakings” that also:

·       averaged more than 500 employees during the financial year; and

·       are “Public-Interest Entities”, meaning they have stock trading on a regulated EU market, are credit institutions, are insurance undertakings, or are specially designated by their national government.

(Non-EU) firms which meet the criteria for “Large Undertakings” that also:

·       averaged more than 500 employees during the financial year; and

·       have securities trading on a regulated EU market.

2025 (based on financial year FY2024 activities)
2(EU) firms which are “Large Undertakings”, meaning they exceed two of the following three criteria:

·       Averaged 250 employees during the financial year

·       Balance sheet total of EUR 25,000,000

·       Net turnover of EUR 50,000,000

(Non-EU) firms that meet the criteria for “Large Undertakings” and also have securities trading on a regulated EU market.

2026 (based on financial year FY2025 activities)
3(EU) firms which are “Small” or “Medium” sized undertakings and both:

·       have securities admitted to trading on an EU regulated market; and

·       do not qualify as a “Micro-Undertaking.”

(Non-EU) firms which meet the criteria for “Small” or “Medium” sized undertakings (excluding Micro-Undertakings) and that also have securities trading on a regulated EU market.

*A “Micro-Undertaking” is an entity that meets two of the following three criteria: (1) under 10 employees; (ii) balance sheet no more than EUR 450,000; and (iii) net turnover no more than EUR 900,000. This effectively means that all EU-listed companies which do not meet the Micro-Enterprise exclusion must report.

2027 (based on financial year FY2026 activities)
4(Non-EU) firms with a net turnover above EUR 150,000,00 in the EU over each of the last two years and which either:

·       have an EU subsidiary that is itself already subject to CSRD reporting; or

·       have an EU branch which itself generates more than EUR 40,000,000 in revenue; or

·       reporting is at the ultimate parent level.

2029 (based on financial year FY2028 activities)

What should the report cover?

According to the ESRS, the report must contain:

  • Business model and strategy: a description of the company’s business model and strategy including sustainability opportunities and resilience to sustainability risks, as well as transition and implementation plans.
  • Targets: a description of the company’s progress on sustainability targets.
  • Governance: a description of the company’s sustainability governance process.
  • Policies: a description of the company’s sustainability policies.
  • Incentives: information on incentive schemes linked to sustainability matters offered to members of the administrative, management and supervisory bodies.
  • Due diligence: a description of the due diligence of sustainability matters. A description of principal actual or potential adverse impacts and actions to prevent, mitigate and remediate them.
  • Risks: a description of the company’s principal sustainability risks and how these are being managed.
  • Indicators: a description of the indicators relevant to the disclosure requirements mentioned above.
  • Process: the process carried out to identify the information required above.
  • Value chain: where applicable, companies must include information on their business operations and their value chain, including relating to products and services and business relationships (including in the supply chain, from tier one right down to the extraction of raw materials as relevant).

Practical steps in preparation for CSRD compliance

The reporting obligations will be applied progressively and will not be immediately applicable to all companies caught by the CSRD, but the magnitude and complexity of the undertaking to comply means that all multinationals need to plan ahead.

Practical steps include:

  1. An assessment of eligibility to comply with the CSRD.
  2. Coordinate a steering group to ensure that all relevant internal stakeholders are identified and informed.
  3. Map external stakeholders (including workers, supply-chain workers, affected community members, and users of products and services) and their proxies and develop a plan for stakeholder engagement.
  4. Conduct a preliminary double materiality assessment.
  5. Evaluate existing sustainability data and reporting, and conduct a gap analysis against the applicable ESRS.
  6. Start collecting the data necessary to meet reporting standards and prepare the report. There is a requirement for the process to be assured by an independent third party.

Critically, steps 1 to 5 must be complete before the beginning of the reporting period.

CSDDD overview

The Corporate Sustainability Due Diligence Directive (CSDDD) aims to create a “level playing field” regarding human rights and environmental due diligence obligations across the European Union, with France and Germany having already introduced similar legislation in the form of the Loi Vigilance (Vigilance Law) and Lieferkettensorgfaltspflichtengesetz (Germany Supply Chains Act).

Companies in scope of the CSDDD will be required to comply with the CSDDD by 2027, with obligations for smaller companies coming into effect at a date yet to be determined.

In a nutshell, the key feature of the CSDDD is that it will apply to both EU and non-EU companies in the following way:

 

CategoryNet turnover thresholdNumber of employeesDate of application for companies
EU CompaniesEUR 1,500 m (global)500026 July 2027
EUR 900 m (global)300026 July 2028
EUR 450 m (global)100026 July 2029
Non-EU companiesEUR 1,500 m (in EU)N/A26 July 2027
EUR 900 m (in EU)N/A26 July 2028
EUR 450 m (in EU)N/A26 July 2029
EU Franchisors/ LicensorsTurnover: EUR 80 m (global)N/A26 July 2028
Royalties:  EUR 22.5 m (global)N/A26 July 2029
Non-EU Franchisors/ LicensorsTurnover: EUR 80 m (global)N/A26 July 2029
Royalties: EUR 22.5 m (in EU)N/A26 July 2029

 

What are the specific obligations for companies?

The CSDDD requires companies to take various measures to manage actual and potential adverse impacts of their activities on human rights and environmental matters, arising from: (i) their own operations; (ii) the operations of their subsidiaries; and (iii) the operations of their business partners in its chain of activities.

The “chain of activities” does not cover disposal of products, or activities of a company’s downstream business partners related to the services of the company. It does cover the following:

  • The activities of a company’s upstream business partners related to the production of goods or the provision of services by the company (including the design, extraction, sourcing, manufacture, transport, storage and supply of raw materials, products or part of the products and development of the product or the service).
  • The activities of a company’s downstream business partners related to the distribution, transport and storage of the product – where the business partners carry out those activities for the company or on behalf of the company.

The CSRD and the CSDDD are complementary. They establish a coherent regulatory framework covering the full sustainability due diligence lifecycle, from identifying and assessing adverse impacts to addressing and reporting on them.

The CSDDD covers all due diligence steps, while the CSRD focuses on reporting. Both laws adopt a risk-based approach grounded in internationally recognized responsible business conduct standards, with some differences such as value chain activities in scope.

The CSRD goes beyond reporting on adverse impacts by also looking at positive impacts, financial risks and opportunities.

The inter-dependence between the CSRD and the CSDDD means that it makes sense for companies to consider their compliance with both of these Directives in a coordinated way. This is important to leverage resources and to avoid wasteful duplication of effort.

If you have any questions about any of the issues raised in this article, please contact Jonathan Chibafa and Carolyn Bane.

For further information please contact:

This article is for general information purposes only and does not constitute legal or professional advice. It should not be used as a substitute for legal advice relating to your particular circumstances. Please note that the law may have changed since the date of this article.