TLDR;
The Corporate Sustainability Reporting Directive (“CSRD”) updates company-reporting rules for companies active in the European Union to give investors and the public consistent, comparable, and assured information about the sustainability of a company’s activities.
The CSRD applies to large EU companies, EU-listed Small-Medium-Enterprises, and non-EU groups with substantial EU turnover. They must capture and report specific sustainability related information in respect of software products and services they develop, provide and/or operate.
The direct addressees of the CSRD will in turn rely on their suppliers for data about their products and services to meet their obligations. Suppliers globally will want to be able to capture and report sustainability information to retain access to EU based customers.
Who does the Corporate Sustainability Reporting Directive apply to?
The Corporate Sustainability Reporting Directive imposes obligations on the following types of parties:
- EU “public-interest entities” already in scope of the Non-Financial Reporting Directive
- Large EU undertakings and EU parent groups in scope of the Accounting Directive
- Non-EU parent companies exceeding €150m turnover from the EU market plus a large/listed EU subsidiary or a large EU branch
- EU-listed Small-Medium-Enterprises (subject to an opt-out period)
Companies that supply to organizations to which the Corporate Sustainability Reporting Directive applies are likely to be affected indirectly. Suppliers will need to provide information about certain sustainability related aspects of their products and activities.
What are the most important obligations for organizations under the Corporate Sustainability Reporting Directive?
These are the most important obligations that apply under the Corporate Sustainability Reporting Directive:
- Organizations must follow phased-in ESRS requirements and digital reporting practices as set by the EU framework.
- Organizations must report sustainability related information in their management report using ESRS. They must take into account a double materiality: the sustainability impact of activities and the financial risks/opportunities associated with the sustainability of activities.
- Organizations must report on strategy, resilience, targets, transition plans (incl. Paris-aligned where relevant), due-diligence processes, and value-chain impacts (with temporary grace options for hard-to-get data)
- Organizations must obtain external assurance over their compliance. This is limited in scope initially, but expands to having to provide reasonable assurance eventually.
How is compliance with the Corporate Sustainability Reporting Directive supervised and enforced?
Member States transposed Corporate Sustainability Reporting Directive into their national laws. Member States designated one or more national competent authorities with powers to supervise sustainability reporting under these laws and to impose effective, proportionate and dissuasive penalties in cases of non‑compliance.
Organisations must obtain independent assurance from statutory auditors/audit firms over their reporting under the Corporate Sustainability Reporting Directive. Limited assurance is required initially. A level of “reasonable assurance” must be provided when the European Commission adopts heightened assurance standards.
What are the consequences of (non)compliance with the Corporate Sustainability Reporting Directive?
The Corporate Sustainability Reporting Directive may have the following consequences for organizations:
License to operate: The performance of organizations on different sustainability dimensions and the public’s perception of (non)compliance with the Corporate Sustainability Reporting Directive may affect an organisation’s brand in a market that is increasingly sensitive to this.
Financial valuation: The performance of organizations on different sustainability dimensions and the public’s perception of (non)compliance with the Corporate Sustainability Reporting Directive may affect companies’ financial valuations.
Compliance overhead: Compliance with the Corporate Sustainability Reporting Directive requires organisations to have processes in place to track and produce specific data, and to report on the sustainability of their activities (including adequate controls and providing assurance). An inefficient or ineffective design and operation of supporting processes is likely to create unnecessary administrative overhead. Suppliers may face intensive data requests.
Investigations: National competent authorities can open inquiries for deficient or missing reports. Investigations may interfere with the normal course of business. Organizations will need to commit the capacity of staff and resources to respond to investigations.
Fines/penalties: National competent authorities can impose penalties for non-compliance with the Corporate Sustainability Reporting Directive.
Liabilities: Omissions and misrepresentations in assured sustainability statements may trigger auditor findings and supervisory actions. Non-compliance may lead to civil liabilities.
Consolidated publication | Latest amendment | Initial legal act
Informal name: Corporate Social Responsibility Directive
Formal name: Directive (EU) 2025/794 of the European Parliament and of the Council of 14 April 2025 amending Directives (EU) 2022/2464 and (EU) 2024/1760 as regards the dates from which Member States are to apply certain corporate sustainability reporting and due diligence requirements
Jurisdiction: The law applies in the European Union. It must be transposed into national law by the Member States of the European Union. The law has certain limited extraterritorial effect and addresses certain non-EU based organizations directly.
Adoption date (latest amendment): 14 April 2025
Publication date (latest amendment):: 16 April 2025 (official publication)
Applicability date(s):
- Financial years starting 1 Jan 2024: entities previously under Non-Financial Reporting Directive (reports in 2025).
- 1 Jan 2025: other large EU undertakings (reports in 2026).
- 1 Jan 2026: EU-listed SMEs (opt-out available).
- 1 Jan 2028: certain non-EU parent groups with >€150m EU turnover (reports in 2029).
Enforcement date: The original law entered into force 5 Jan 2023. The national enforcement of the law follows transposition by the Member States into national law, which had to take place by 6 July 2024 at the latest.