A guide to the EU’s

Corporate Sustainability
Reporting Directive
(CSRD)
Contents 01 → 04 →
What is the CSRD timelines
EU (CSRD)? and key dates
for organizations
02 →
Who needs to comply 05 →
with the CSRD? Penalties for
non-compliance
03 →
CSRD reporting 06 →
requirements explained How software
can help
01
What is the EU CSRD?
The European Union’s Corporate
Sustainability Reporting Directive (CSRD)
is a law that prescribes requirements
for organizations to report sustainability
disclosures across several topics including
environmental and social issues. Longer
term, the intended outcomes of CSRD
are to contribute to Europe’s 2050
climate-neutrality targets and European
Green Deal objectives, such as providing a
“globally competitive and resilient industry,
renovated energy efficient buildings and
cleaner energy and cutting-edge clean
technological innovation.”
The CSRD aims to strengthen and extend
the scope of the existing EU reporting
requirements from its predecessor, the
Non-Financial Reporting Directive (NFRD).
It requires social and governance metrics
to be reported along with environmental
performance, including employee health,
human rights, bribery, anti-corruption
and diversity across management.
The CSRD is informed by the concept of
double materiality, which acknowledges
that risk and opportunity can be material
from both a financial and impact perspective.
To meet the requirements of the CSRD,
organizations must disclose their strategies
for addressing environmental and social
risks and opportunities and explain how
these issues will impact their company from
both a financial and impact perspective.
Not only do these disclosures need to
be made publicly available, but the CSRD
also mandates independent auditing. This
emphasis on independent auditing of ESG
data sends a strong signal to organizations
that claims relating to ESG metrics and
sustainability performance must be
backed by data.
Previous chapter Next chapter 3
02

Who needs to comply

with the CSRD?
CSRD is mandatory for all large European
companies and those listed on the
EU-regulated markets, including EU
subsidiaries of non-EU parent companies.
Reporting under CSRD is required of non-
European companies that generate an
annual net turnover of EUR 150 million in
the EU and that have at least one subsidiary
or branch in the EU. Non-EU companies will
have to comply from 2028.
Specifically, CSRD applies to organizations
that meet at least two points of the
following criteria: over EUR 20 million
in total assets, a net turnover of EUR 40
million and 250+ employees. These entities
are classified as “large undertakings”
within the CSRD and include both EU
companies and EU subsidiaries of
non-EU companies.
This directive also applies to listed small
and medium-sized companies, which the
EU defines as those meeting two points
of the following criteria: less than 250
employees, less than EUR 40 million in
turnover and EUR 20 million in assets.
Companies with less than ten employees
or below EUR 20 million in turnover are
considered "micro companies” and excluded
from the mandatory sustainability reporting.
Based on the applicability criteria outlined
in CSRD, nearly 50,000 organizations
are expected to be subject to CSRD’s
reporting requirements once it is rolled
out in its entirety.
Who needs to comply with the CSRD?
European companies
– All large companies
– All companies listed
on EU-regulated markets
and their subsidiaries
Small and medium sized companies
(that meet 2/3 criteria)
– <250 employees
– <EUR 40 million in turnover
– <EUR 20 million in assets
Non-european companies
(that meet both points of criteria)
– Net turnover of EUR 150 million
in the EU
– Have at least one subsidiary
or branch in the EU
All companies
(that meet 2/3 criteria)
– >EUR 20 million in assets
– Net turnover of EUR 40 million
– 250+ employees

Previous chapter Next chapter 4

03
CSRD reporting
requirements explained
In 2022, the European Financial Reporting
Advisory Group (EFRAG) released the draft
of the European Sustainability Reporting
Standards (ESRS), which will fall under the
CSRD. To become law, the ESRS need to be
put in place by the European Commission
and agreed on by the European Parliament
and the governments of the countries
composing the EU Council.
The difference between CSRD and ESRS
CSRD is the law that mandates subject
companies to report on sustainability
issues, whereas the ESRS provide a
framework on how—and what—companies
must report on ESG metrics to comply
with the requirements of the CSRD.
The 13 ESRS are key to achieving the
CSRD’s goal of improved reporting against
ESG metrics across the region.
Previous chapter Next chapter
These 13 draft ESRS outline requirements
across four broad categories:
Cross-cutting
General principles, strategy, governance
and materiality assessment
Environment
Climate change, pollution, water and
marine resources, biodiversity, resource
use and circular economy
Social
Own workforce, workers in the value
chain, affected communities, consumers
and end-users
Governance
Governance, risk management, internal
control and business conduct
5
CSRD reporting
requirements explained

The cross-cutting reporting requirements CSRD at a glance

will be required of all organizations in scope
of the CSRD, while the other standards be
mandatory for those organizations that Passed: 2023
consider them material. Organizations will Required: 2024
be subject to reporting on double materiality,
ensuring disclosures are made about both
issues that impact the wider community Who does it apply to? Categories covered by the ESRS
and issues that impact the company itself.
Additionally, industry-specific standards, – 50,000+ organizations Environmental Governance
which are still being developed, will be – Companies listed on EU – Scope 1 and 2 emissions* – Board diversity
published over the next few years. regulated markets – Climate risks – Ethics and corruption
– All companies within the EU meeting – Pollution, biodiversity – Stakeholder engagement
These categories and the reporting specific size and revenue criteria and ecosystem impacts
approach reflect a move towards more – Multinationals with significant EU Cross-cutting
holistic ESG reporting and include factors presence Social – General principles,
beyond environmental metrics, such as – Relevant for reporting in all sectors; – Human rights strategy, governance and
social and governance and risk management intended to make activities more – Employee diversity materiality assessment
performance indicators. transparent for public, private, and – Working conditions, EHS
institutional investors

*Scope 3 emissions requirement anticipated in 2024

Previous chapter Next chapter 6

04
CSRD timelines and
key dates for organizations
While key dates are a few years away for
some, organizations subject to the CSRD
would be well advised to start preparing
their data foundation and sustainability
reporting processes now to avoid the
risk of non-compliance:
By September 2023: EU Commission to
adopt the first set of reporting standards
By the end of 2023: First set of reporting
standards will be approved by the European
Parliament and Council
Through 2024: Requirements will be
phased in after EU law is implemented into
the national law of EU member states
January 1, 2024: Effective date for the law
that will require companies that are already
subject to the NFRD to report on 2024 data
(reporting year 2025)
January 1, 2025: Effective date for
the law that will require other large
companies not previously subject to
the NFRD to start reporting (reporting
year 2026)
January 1, 2026: Effective date for
the law that will require listed SMEs
to commence their reporting
January 1, 2028: Effective date for
the law when CSRD will apply for
third-country companies (reporting
year 2029)
For more information on the exact CSRD
reporting requirements and changes to
the current draft, refer to the European
Commission’s draft ESRS.
Previous chapter Next chapter 7
CSRD timelines and
key dates for organizations

CSRD summarized

1. CSRD implements mandatory reporting 2. Standards incorporate the concept 3. CSRD requires forward-looking
standards: European Sustainability of double materiality and cover four disclosures, including targets set and
Reporting Standards (ESRS) broad categories progress toward their achievement

4. Reports must undergo mandatory 5. Companies must file an annual report 6. ESRS and CSRD complement existing
limited assurance by an independent via the European Single Electronic disclosures—non-compliance can result
services provider to validate disclosures Format (ESEF) in administrative and financial penalties

Previous chapter Next chapter 8

05

What are the penalties for

non-compliance to CSRD?
The CSRD requires EU member states
to “have in place an investigations and
sanctions regime,” directing them to
impose “effective, proportionate and
dissuasive” penalties based on several
factors, including the gravity and duration
of the breach and the financial standing
of the company.
The CSRD also states that it is necessary
“to require that the persons responsible
within the issuer confirm in the annual
financial report that, to the best of their
knowledge, the management report
is prepared in accordance with the
sustainability reporting standards.”

As such, penalties for non-compliance

to the CSRD will be determined by
individual member states based on
relevant member state laws. For this
reason, it is recommended for every
company to stay up-to-date with any
changes in legislation and get legal
advice to ensure proper compliance
and avoid investigation processes and
possible penalties.

Previous chapter Next chapter 9

06
How software can help
ESG reporting is complex. Staying on
top of requirements can be extremely
difficult for organizations that need to
meet the reporting requirements of
multiple frameworks and directives such
as the CSRD. In order to comply with the
CSRD, impacted organizations will have
to gather and consolidate an extensive
amount of data, sometimes even reaching
into the tens of thousands of data points.
Counting on a strong ESG data foundation
and having a single source of truth for your
ESG data can help ease reporting and make
your CSRD disclosures auditable, so your
organization can be better prepared for
the changes coming into effect from
2024 onwards.
The IBM® Envizi™ ESG Suite specializes in:
Capturing and managing operational and
ESG data to create a solid data foundation
With IBM Envizi, your organization’s data
can be collected, arranged, and processed
by a universal metrics engine, which
enables users to analyze it from their
own perspectives and in the units they
prefer to view and report in. Some data
sources that Envizi can capture to support
ESRS reporting requirements for CSRD
disclosures include:
– Utility billing data from third-party
service companies, such as bill pay
providers, data capture specialists
or energy consultants
– Directly ingesting files from other
suppliers, specialist systems such as HR
software, and ERP or accounting systems
– Systematically capturing data via surveys
from suppliers, investees or other value
chain participants
Helping you report with confidence With over a decade of experience, including
knowing that your data is auditable in GHG-reporting-regulated markets, IBM
and finance-grade Envizi is well-positioned to meet ESRS
IBM Envizi’s suite of software products disclosure requirements for organizations
allows organizations to report in alignment reporting under the CSRD.
with frameworks such as GRI, SASB, GRESB,
the UN SDGs and others by consolidating To learn more about how IBM Envizi can
questions from these frameworks into one support your CSRD reporting requirements,
platform in an easily exportable format. Key request a live demo today.
features across the ESG reporting suite of
products include: Explore IBM Envizi ESG Suite →
– Access to multiple framework questions
in one place
– Access to compliance and management
reporting templates
– Single portal for value chain stakeholders
to report their ESG metrics
– Provide auditors login access to a robust
system with supporting data, documents
and audit trails
Previous chapter Next chapter 10
© Copyright IBM Corporation 2023

IBM Corporation
New Orchard Road
Armonk, NY 10504

Produced in the United States of America

August 2023

IBM, the IBM logo, and Envizi are trademarks or

registered trademarks of International Business
Machines Corporation, in the United States and/or
other countries. Other product and service names
might be trademarks of IBM or other companies. A
current list of IBM trademarks is available on ibm.
com/trademarks.

This document is current as of the initial date of

publication and may be changed by IBM at any time.
Not all offerings are available in every country in which
IBM operates.

THE INFORMATION IN THIS DOCUMENT IS

PROVIDED “AS IS” WITHOUT ANY WARRANTY,
EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY
WARRANTIES OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE AND ANY WARRANTY OR
CONDITION OF NON-INFRINGEMENT. IBM products
are warranted according to the terms and conditions
of the agreements under which they are provided.

11