The European Union has recently updated its standards surrounding sustainability and non-financial reporting. The newly passed CSRD legislation will have sweeping impacts across European businesses as well as global companies with business in EU nations. Below we’ll review what the CSRD is, who it impacts, and what you need to know about compliance going forward.
What is the Corporate Sustainability Reporting Directive?
The European Union Council passed the Corporate Sustainability Reporting Directive in November 2022, and it went into effect on January 5, 2023. The legislation requires large companies and listed companies to publish regular reports on the social and environmental risks they face, and on how their activities impact people and the environment. All reporting must also be independently audited based on a newly defined common reporting framework.
The purpose of the CSRD is to help investors, consumers, civil organizations, and other stakeholders to better evaluate companies’ sustainability performance while streamlining the reporting process to reduce the cost burden on companies over time.
Expanding on the NFRD
The CSRD expands and revises existing sustainability reporting requirements under the Non-Financial Reporting Directive (NFRD). The NFRD, which went into effect in 2014, applies to public interest entities with more than 500 employees. It requires companies to report on non-financial issues such as the environment, social matters, employee treatment, human rights, anti-corruption, and diversity on boards.
However, the NFRD did not establish a clear reporting standard, instead allowing companies to choose whatever reporting framework they wanted (e.g., the Global Reporting Initiative, UNGC, TCFD, etc.). This lack of standardization made it difficult-if not impossible-for stakeholders to reliably assess a company’s performance or accurately compare them against other organizations. This led to rising reporting costs for companies trying to meet multiple, conflicting reporting standards-and a growing lack of credibility for the resulting reports.
To correct these issues, the EU adopted the new CSRD legislation. It is much more expansive in scope and affects more companies than the NFRD (50,000 companies under the CSRD compared to just 11,700 under the NFRD).
Who is impacted?
The CSRD covers a significantly broader scope of organizations than the NFRD.
It applies to:
- Entities already subject to the NFRD (namely large public-interest organizations with more than 500 employees)
- Large companies that meet two out of the following criteria:
- More than 250 employees
- Balance sheet totals more than 20 million dollars
- Net turnover of more than 40 million euros
- SMEs (small-medium size enterprises) listed on EU regulated markets except for micro undertakings
- Non-EU companies with a net turnover >150 million euros that have either an EU subsidiary that follows above criteria or a branch that generates >40 million euros net turnover in the previous financial year
Timeline of Implementation & Reporting
The CSRD standards will be finalized by July 2023 at which point companies will have a better idea of their obligations and the consequences of non-compliance. By January 2024, large companies will need to start preparing their reports for publication in 2025.
Here’s a quick breakdown of the timeline:
- January 2024: Large EU ‘public interest entities’ already subject to NFRD must start preparing CSRD reporting obligations and publish their report by Jan 2025
- January 2025: Other large EU organizations not subject to NFRD must start preparing and submit reports in 2026
- January 2026: Listed SMEs must start preparing to report in 2027
Additionally, beginning January 1, 2028, the CSRD will also apply to non-EU undertakings that generate a net turnover of more than 150 million euros in the EU and have either
- an EU branch office with a net turnover of at least 40 million euros in the EU, or
- a large or listed EU subsidiary.
What Must Companies Disclose?
Companies will be required to make the same ESG disclosures covered under the NFRD, including:
- Environmental protection
- Respect for human rights
- Social responsibility and treatment of employees
- Anti-corruption and bribery
- Diversity on company boards
For each issue, organizations must outline their policies, policy outcomes, risks, and key performance indicators.
In addition to these requirements, under the CSRD, companies will need to account for:
Double materiality: Companies must consider the impacts of sustainability issues on the business (from the outside in), like climate change, for example, as well as how the company itself impacts society and the environment (looking from the inside out).
So financial materiality means reporting on how sustainability issues create financial risk for companies. While the impact materiality looks at how the company impacts the environment. This focus is different from the SEC disclosure proposals, which only consider financial impact in their reporting.
Business model & strategy: Companies must report on their current business models and strategies for addressing sustainability risks and opportunities.
Climate transition plans: Companies are not required to create a transition plan if they don’t already have one. However, if they do, they must disclose their plans and align them with the climate goals under the Paris Agreement and EU climate law.
Time-bounded targets: Companies with climate transition plans must share clear, time-bounded targets (e.g., GHG emission reduction targets for 2030) and their plans for achieving those goals.
Sustainability due diligence process: Companies must disclose their due diligence processes they have implemented in regard to sustainability issues.
Information about company operations: This includes reports on a company’s value chain, business relationships, and supply chain, including their impacts and the company’s plans for risk mitigation and prevention. This level of reporting will require comprehensive n-tier supplier data. So having a supplier intelligence platform with n-tier mapping capabilities and real-time information will be essential for transparency and compliance in future disclosures.
Assurance: Unlike the NFRD, the CSRD has an auditing requirement that must be qualified by a third party to confirm accuracy and reliability.
Manually sourcing credible supplier data can be time-consuming and error-prone-putting you at risk for non-compliance in future reports. Using a robust supplier intelligence tool for objective, third-party information can reduce that burden and provide in-depth insight into your business operations to uncover new opportunities and identify risks you may otherwise have missed.
Penalties for Non-Compliance
The CSRD is a directive, not an EU regulation. This means that member states (not the EU) are responsible for developing their own penalties for non-compliance.
However, the CSRD does mandate that any penalties must be effective, proportionate, and dissuasive. And they must consider context, such as the gravity and duration of the breach, whether the company has had previous infringements, etc. While this approach allows for greater control and flexibility among member states to manage enforcement, it does mean that penalties for non-compliance will vary from country to country.
Next Steps for Impacted Companies
So, where do you go from here? The first step is to put the right people in place who will ensure compliance, and just as-if not more importantly-make sure that they have the tools and resources they need so that the company is doing due diligence.
Because of the additional requirements around company value chains and auditing, compliance and ESG/sustainability teams must make sure they have objective, reliable data on hand to track the ESG scores, carbon emission, etc., from the tier 1, 2, and 3 suppliers.
Craft’s supplier intelligence solution gives companies a 360-degree view of their supplier landscape, with real-time monitoring that alerts you to emerging risks and opportunities. With Craft, you get access to n-tier supplier data that you can trust, to mitigate risks, prevent disruption, streamline the reporting process, and ensure compliance with the new CSRD standards.