Corporate Sustainability Reporting Directive (CSRD) Guide

The evolving world of ESG reporting consists of a complex maze of frameworks and standards intended to address the environmental, social, and governance stance of organizations. Recently, both the European Union and the United States have moved toward consolidating ESG reporting requirements to create greater alignment across the field of disclosure requirements. Such consolidation aims to curtail greenwashing and provide companies, investors, and stakeholders with a common set of criteria and expectations for ESG reporting.

A cornerstone of this consolidation project is the EU’s Corporate Sustainability Reporting Directive (CSRD), which went into effect in 2023. A part of the European Green Deal, the CSRD made significant strides towards unifying ESG reporting standards, incorporating practices from the GRI, ISSB, and TCFD. In 2025, approximately 11,000 EU companies and non-EU-based multinationals and their EU subsidiaries are expected to issue their first reports for fiscal year 2024. More and more companies will begin reporting over the next several years. As of March 2025, the majority of EU member states have transposed the CSRD into National Law, while 8 states, including Germany, Spain, and the Netherlands, are still in the draft phase. Notably, the German government petitioned the EU for a reporting extension to 2027 and an easing of reporting requirements on SMEs.

As companies gear up for first-time reporting in 2025 and beyond, how can they best make sense of the CSRD’s new requirements and streamline their ESG reporting efforts? Read on, and we’ll cover the core principles of the Corporate Sustainability Reporting Directive and everything you need to know as you head into compliance year 1.

What are the basics of CSRD?

There are a lot of acronyms related to ESG frameworks and guidance. For the purposes of the CSRD, the most important ones to pay attention to will be:

• CSRD: The Corporate Sustainability Reporting Directive, an EU regulation that requires eligible companies to disclose ESG metrics and information in annual reports that align with the European Sustainability Reporting Standards (ESRS).
• ESRS: European Sustainability Reporting Standards, which detail the reporting and disclosure requirements for companies that must comply with the CSRD.
• EFRAG: The European Financial Reporting Advisory Group, a private organization under the CSRD that provides technical advice to the European Commission and drafted the European Sustainability Reporting Standards for use in CSRD reporting.

The CSRD expands on the 2014 Non-Financial Reporting Directive (NFRD) with the twelve European Sustainability Reporting Standards (ESRS), and increases the scope of disclosure requirements to include businesses’ supply chains and value chains. The CSRD also notably add requirements for third-party assurance.

The CSRD has both sector-specific disclosure requirements, such as for banking and financial services, infrastructure, and manufacturing, plus overarching common sustainability reporting standards. In addition to expanding on the previous NFRD, the updated CSRD also incorporates and integrates the EU Taxonomy system and the Sustainable Finance Disclosure Regulation (SFDR).

CSRD eligibility criteria

Not all EU organizations need to comply with the CSRD, however large companies, regardless of whether they are public or private, must comply with the CSRD if they meet two out of three of the following criteria:

1. The company has over 250 employees.
2. The company has €20 million or more in total assets.
3. The company has €40 million or more in net turnover.

Any non-EU undertakings that either generate EU revenues over €150 million or are EU-listed companies, EU subsidiaries, or have EU branches generating at least €40 million in revenue will need to release CSRD reports beginning in 2028. Although CSRD reporting is EU-centric, some international organizations may opt to consolidate their ESG reporting into a global report that supports their business model.

The timeline below from RSM helpfully breaks the phased compliance requirements for companies of different sizes.

Double materiality and the CSRD

One of the main concepts included in the Corporate Sustainability Reporting Directive is “double materiality.” Like with financial statements and financial disclosures, the concept of materiality as a way of prioritizing and managing risks applies to the CSRD as well. Unlike financial statement reporting, the CSRD asks companies to consider both the impact of climate change and other ESG matters on the company and the impact of the company on the environment and society as they complete their materiality assessments. If the impact from either perspective is material, then that matter, account, issue, or topic is considered material.

From limited assurance to reasonable assurance

The CSRD, crucially, introduces an assurance or independent third-party review requirement as part of the standard, unlike the NFRD in which third-party review was optional. In the interest of a phased approach, the CSRD permits for limited assurance in reporting until 2028, when reasonable assurance will be required (if deemed feasible by the European Commision).

As KPMG notes in their Get ready for European Sustainability Reporting Standards:

What are the European Sustainability Reporting Standards (ESRS)?

The Corporate Sustainability Reporting Directive requires businesses to create their EU sustainability reports in accordance with the European Sustainability Reporting Standards (ESRS) developed by EFRAG, and aligned with the EU Taxonomy. These disclosures should be integrated into the company’s management report, and will be publicly available. The ESRS is based on the European Green Deal and is supported by the EU Taxonomy and the Sustainable Finance Disclosure Regulation (SFDR). Given the scope of ESRS implementation (see below), AuditBoard recommends leveraging a technology solution to help ease the burden on assurance staff.

General disclosures

As part of the ESRS, and by extension, the CSRD, companies must include information about strategy, risk management, governance, metrics, and objectives, especially as they relate to ESG and sustainability matters. In this section, businesses are encouraged to demonstrate alignment with the EU Taxonomy and details about stakeholder and leadership engagement. An organization’s general disclosures must include the company’s materiality assessments using a double materiality approach, and justification for those designations.

Referred to as “cross-cutting” standards, there are two ESRS items that fall into this bucket,

• ESRS 1: General requirements
• ESRS 2: General disclosures

Environmental standards

The Environmental Pillar of the CSRD includes five specific ESRSs:

• ESRS E1: Climate Change
• ESRS E2: Pollution
• ESRS E3: Water and marine resources
• ESRS E4: Biodiversity and ecosystems
• ESRS E5: Resource use and circular economy

As companies collect metrics and data to complete their ESG reporting, the CSRD asks them to set targets, measure baselines, and continuously report on progress. Information should account for historical data, forward-looking insights, and the end-to-end value chain. Compiling these types of disclosures can be a challenge for many organizations that do not have technical controls or systems in place to aggregate and analyze ESG-related data. Companies and their teams must consider what solutions and processes need to be implemented to adequately meet reporting directives like the CSRD.

Social standards

There are four social standards included in the ESRSs, which examine the company’s impact on human rights, employees, the wider workforce, marginalized communities, customers, and other similar considerations — as well as the impact of society on the organization. These four ESRSs are:

• ESRS S1: Own workforce
• ESRS S2: Workers in the value chain
• ESRS S3: Affected communities
• ESRS S4: Consumers and end-users

Governance standard

The Governance pillar of the ESRS has only one standard, but it covers topics from anti-corruption and bribery to policies and procedures. Both qualitative and quantitative measures are taken into account for this area, and figures like executive compensation may be included as part of the scope of disclosures. The lone standard in this category is:

• ESRS G1: Business conduct

EFRAG provides a detailed Q&A platform for each of these ESRS items here.

Why CSRD matters for audit, risk, and compliance

The CSRD represents a massive expansion in corporate environmental reporting requirements compared to its predecessor, the Non-Financial Reporting Directive (NFRD).

Organizations now face the daunting challenge of managing an exponential increase in data volume, encompassing not only environmental metrics but also extensive policy disclosures and qualitative information regarding governance, data accuracy, and risk management. The introduction of double materiality principles further complicates matters, requiring companies to assess impacts both on their business and external stakeholders.

Even for organizations with established sustainability teams and greenhouse gas emissions tracking capabilities, the sheer magnitude of data collection, validation, and reporting processes presents a significant operational burden that requires robust data management strategies and resources.

The cross-functional data challenge

CSRD compliance demands an enterprise-wide approach to data collection. Risk, compliance, and audit teams play crucial roles, but data must be sourced from diverse business functions, including facility managers, HR departments, and strategy teams across multiple countries and regions.

With thousands of potential data points required for disclosure, companies must navigate a complex landscape of information stored in disparate systems — from Excel spreadsheets and SharePoint sites to specialized software platforms. Centralizing this information represents a formidable challenge that impacts numerous business areas to ensure complete and accurate reporting. Further complicating matters is the need to standardize units of measurement that may vary by region to maintain consistency throughout reporting.

Adopting a collaborative approach to CSRD compliance

No assurance team should tackle CSRD compliance in isolation. Audit, risk, ESG, and compliance professionals must collaborate to optimize the data collection, validation, and reporting process. The following are several collaboration tips for assurance groups to consider as they approach CSRD this year:

1. Establish a CSRD working group: Elect a knowledgeable representative from your audit, risk, and compliance teams to identify areas of overlap in data collection, controls, issue management, and reporting. This group of leaders can assess the methodologies and resources of all three groups to optimize resources and streamline processes in preparing for CSRD.
2. Partner up through integration: Wherever possible, integrate existing workflows for data validation and control implementation, and to help ensure climate-related risks are properly prioritized within overall business risk disclosures.
3. Work with consultants: Many organizations will need help with double materiality and may need to leverage experts to help them navigate the new requirement that is part of CSRD.
4. Leverage technology solutions with key features including:
   • A centralized repository for data storage, unit conversion, and report drafting within the CSRD framework
   • Automated workflows for data collection with consistent processes, controls, and approvals that create evidence trails for reporting and auditing
   • Connections across the Three Lines model—engaging first-line risk owners and ESG data owners throughout the business, then collaborating with internal audit to verify workflows, processes, controls, and data accuracy before external assurance

By integrating their data and working cross-functionally, audit, risk, and compliance teams can develop a comprehensive approach to CRSD reporting that goes beyond mere regulatory compliance and creates genuine organizational value. Beyond the data itself, companies face the added complexity of integrating this information with their broader audit, risk management, and compliance efforts. Thus, leveraging the right technology partner is crucial to efficiently navigate the ESG reporting landscape and ensure holistic alignment across your organization.

Purpose-built ESG technology can change the game for your team and your organization, providing the tools to collaborate, visualize data, and collect evidence in a single source of truth. By implementing the right platform, your organization can get ahead of CSRD compliance and execute on a high-level ESG program.

Frequently asked questions About CSRD

What are the basics of CSRD?

CSRD stands for the Corporate Sustainability Reporting Directive issued by the EU, which requires companies to disclose environmental, social, and governance (ESG) information publicly based on the European Sustainability Reporting Standards (ESRS).

What are the European Sustainability Reporting Standards?

There are currently twelve European Sustainability Reporting Standards that provide guidance for reporting on general, environmental, social, and governance topics. The ESRS supports the CSRD.

About the authors

Claire Feeney is a Senior Product Marketing Manager at AuditBoard focused on ESG and RiskOversight. In her role, she helps support organizations in transforming their enterprise risk management and sustainability programs. Prior to joining AuditBoard, Claire worked in product marketing at OneTrust, VMware, and Infor. Connect with Claire on LinkedIn.