Introduction
The Corporate Sustainability Reporting Directive (CSRD) is a European Union regulation that mandates detailed sustainability disclosures from large companies operating in or with significant ties to the EU. It applies to large EU companies, listed SMEs, and non-EU companies with substantial EU revenue or operations. The directive governs reporting on environmental, social, and governance impacts and risks, requiring disclosures to be prepared against the European Sustainability Reporting Standards and independently assured.
Key Takeaways
- The Corporate Sustainability Reporting Directive (CSRD) is an EU regulation that expands the scope, depth, and standardization of sustainability reporting, replacing the earlier NFRD framework.
- It applies to large EU companies, certain listed entities, and non-EU companies with significant EU operations, with a phased rollout extending over the next several years.
- CSRD reporting is built on the principle of double materiality, requiring companies to assess both their impact on the environment and society, and the financial risks and opportunities arising from sustainability factors.
- The directive mandates detailed disclosures across environmental, social, and governance areas, guided by the European Sustainability Reporting Standards (ESRS), along with third-party assurance requirements.
- Unlike many existing ESG frameworks, CSRD is legally binding, standardized, and subject to external verification.
- Conducting a double materiality assessment involves defining scope, mapping impacts and risks, prioritizing material topics, validating findings with leadership, and maintaining audit-ready documentation.
- Organizations may face challenges in meeting CSRD requirements, particularly around data availability, aligning with existing frameworks, and gathering reliable supply chain data.
- GRC platforms help streamline CSRD compliance by centralizing data, mapping controls to ESRS requirements, and enabling oversight through structured reporting.
What Is the CSRD?
The Corporate Sustainability Reporting Directive is a European Union regulation that mandates structured, standardized sustainability disclosures from in-scope companies. Adopted in December 2022 as Directive (EU) 2022/2464, it entered into force on January 5, 2023, and began applying to the first wave of companies for the financial year 2024, with reports due from 2025.
The CSRD replaces the Non-Financial Reporting Directive (NFRD), which had been in place since 2014. The NFRD applied to approximately 11,700 large public-interest entities across the EU and required relatively high-level non-financial disclosures with limited standardization. The CSRD fundamentally changes the scope and depth of that obligation. It introduces mandatory European Sustainability Reporting Standards (ESRS), requires third-party assurance of sustainability data, and applies a concept called double materiality that goes well beyond what the NFRD ever demanded.
The scale of change is significant. Under the original CSRD text, over 50,000 companies were expected to fall within scope. Following the European Commission's 2025 Omnibus Simplification Package and the "Stop-the-Clock" directive that entered into force on April 17, 2025, timelines have been revised and scope thresholds adjusted. Despite these revisions, the CSRD remains one of the most comprehensive corporate sustainability reporting framework legislated to date, and the first wave of approximately 11,000 companies that were part of the NFRD framework have been phasing into CSRD reporting from 2025, based on fiscal year 2024 data.
Who Must Comply with the CSRD?
The CSRD applies across three broad categories of entities, with compliance obligations determined by company size, listing status, and geographic footprint.
- Large EU Companies are the primary entities to fall within this ambit. Under the revised Omnibus thresholds, a company must have more than 1,000 employees and exceed €50 million in net turnover to be subject to mandatory reporting. This represents a significant narrowing from the original criteria, which applied to companies with more than 250 employees.
- Listed SMEs were originally included with an opt-out provision. Under the Omnibus revisions, listed SMEs may be removed or deferred under current proposals, though some may still face indirect pressure from larger supply chain partners or capital markets that require ESG data. Bearing in mind the speed of regulatory changes in this regard in just the past few years, as well as the evolving nature of the legislation itself, listed SMEs would do well to expect compliance changes on the horizon.
- Non-EU Companies with Significant EU Revenue remain subject to the CSRD if they generate more than €450 million in net turnover within the EU and have either an EU subsidiary or a branch generating more than €200 million in EU revenue, subject to evolving technical criteria for EU presence. These entities adhere to their own reporting timeline and will generally use a separate set of reporting standards adapted for third-country companies.
The phased applicability is summarized below:
| Wave | Entity Type | Reporting Year | Report Due |
|---|---|---|---|
| Wave 1 | Large public-interest entities with 500+ employees (NFRD scope) | FY 2024 | 2025 |
| Wave 2 | Other large companies meeting Omnibus thresholds (1,000+ employees, €50M+ turnover) | FY 2027* | 2028 |
| Wave 3 | Listed SMEs, small non-complex credit institutions, captive insurers | FY 2027* | 2028 |
| Wave 4 | Non-EU parent companies with €450M+ EU turnover | FY 2028 | 2029 |
Delayed by two years under Directive (EU) 2025/794 (Stop-the-Clock), adopted April 14, 2025.
(Sources: European Parliament, Stop-the-Clock Directive; Sidley Austin, April 2025; Karomia CSRD Guide, 2026)
What Must Be Reported Under the CSRD?
CSRD reporting is organized around the European Sustainability Reporting Standards and structured by a concept unique to this directive: double materiality.
Double Materiality Assessment
Double materiality requires companies to assess sustainability from two directions simultaneously. The first is impact materiality, which captures how the company's operations affect the environment and society. The second is financial materiality, which identifies how sustainability factors create risks or opportunities for the company itself. Both dimensions must be assessed, documented, and disclosed. This bidirectional lens distinguishes the CSRD from frameworks like the TCFD, which focuses primarily on financial materiality.
Environmental Disclosures
The ESRS environmental standards span key areas such as climate change (ESRS E1), pollution (ESRS E2), water and marine resources (ESRS E3), biodiversity and ecosystems (ESRS E4), as well as resource use and the transition to a circular economy (ESRS E5). Companies are required to disclose transition plans, Scope 1, 2, and 3 greenhouse gas emissions, and how they are managing nature-related risks.
Social Disclosures
The social standards focus on impacts related to the organization’s workforce (ESRS S1), value chain workers (ESRS S2), affected communities (ESRS S3), and consumers and end-users (ESRS S4). This dimension requires companies to report on working conditions, human rights due diligence, pay equity, and community impact.
Governance Disclosures
ESRS G1 covers governance, risk management, and internal controls as they relate to sustainability. It includes disclosures on board-level oversight of sustainability matters, corporate culture, anti-corruption and anti-bribery policies, and political engagement.
European Sustainability Reporting Standards (ESRS) Overview
The ESRS were developed by the European Financial Reporting Advisory Group (EFRAG). They consist of two cross-cutting standards applicable to all companies (ESRS 1, which sets general principles, and ESRS 2, which requires general disclosures) along with the topical standards organized across environment, social, and governance themes. Following EFRAG's simplified technical advice submitted to the European Commission in December 2025, the mandatory datapoint count was significantly reduced, with a 71% overall reduction when including the removal of voluntary data points based on EFRAG’s technical simplification proposals.
CSRD Reporting Timeline
The original phased rollout has been restructured following the Stop-the-Clock directive and the Omnibus Content Proposal, formally adopted as a directive in February 2026.
| Reporting Wave | Companies | Fiscal Year | Report Submission |
|---|---|---|---|
| Wave 1 | Large public-interest entities (NFRD scope, 500+ employees) | FY 2024 | 2025 |
| Wave 1 (continued) | Same entities with quick-fix relief | FY 2025 and FY 2026 | 2026 / 2027 |
| Wave 2 | Large companies meeting Omnibus thresholds | FY 2027 | 2028 |
| Wave 3 | Listed SMEs, small credit institutions | FY 2027 | 2028 |
| Wave 4 | Non-EU third-country companies (€450M+ EU turnover) | FY 2028 | 2029 |
Wave 1 companies are not covered by the Stop-the-Clock delay, though they benefit from "quick-fix" amendments adopted by the European Commission on July 11, 2025, which extended certain transitional relief for FY 2025 and FY 2026 reporting.
CSRD vs. ESG Reporting: What's Different?
The CSRD is legally binding EU legislation. Most other sustainability reporting frameworks are voluntary or apply only to specific investor or market contexts. The table below outlines the primary distinctions:
| Framework | Legal Status | Materiality Approach | Assurance Required | Scope |
|---|---|---|---|---|
| CSRD | Mandatory (EU law) | Double materiality | Yes (limited, moving to reasonable) | Large EU companies + non-EU with EU revenue |
| GRI (Global Reporting Initiative) | Voluntary | Impact materiality | Optional | Global, any organization |
| TCFD | Voluntary (some jurisdictions mandatory) | Financial materiality | Optional | Primarily financial sector |
| SFDR (Sustainable Finance Disclosure Regulation) | Mandatory (EU law) | Financial materiality | No specific requirement | Financial market participants |
The key difference is legal enforceability and assurance: CSRD disclosures are mandatory, included in management reports, and subject to third-party assurance, unlike voluntary frameworks like GRI and TCFD.
How to Conduct a Double Materiality Assessment: Step-by-Step Guide
The double materiality assessment is the foundation of CSRD compliance. It determines which sustainability topics are reportable under ESRS and must be documented in a way that can withstand an external audit.
- Step 1: Define Scope and Stakeholders: Establish the organizational boundary for the assessment, including subsidiaries and value chain activities where relevant. Identify the stakeholder groups whose interests and impacts are material, including employees, suppliers, customers, investors, and affected communities.
- Step 2: Map Impact Materiality: Assess how the company's own activities and value chain create actual or potential impacts on people and the environment. Consider the severity, scale, and remediability of negative impacts, and the significance of positive ones. This analysis should draw on operational data, supply chain assessments, and stakeholder input.
- Step 3: Map Financial Materiality: Identify sustainability-related risks and opportunities that could affect the company's financial condition, cash flows, access to capital, or cost of doing business. Timeframes should span short, medium, and long-term horizons.
- Step 4: Prioritize Material Topics: Consolidate the impact and financial materiality findings into a prioritized list of topics. Topics that are material from either or both perspectives are subject to ESRS reporting. The prioritization should be based on defined thresholds and criteria, not subjective judgment.
- Step 5: Validate with Leadership: Present findings to senior leadership and the board for review and approval. The CSRD places governance-level accountability on sustainability disclosures, so executive sign-off is not procedural; it is a compliance requirement.
- Step 6: Document for Audit Readiness: Maintain a comprehensive audit trail that captures the methodology used, data sources, stakeholder engagement records, and rationale for materiality determinations. This documentation must be sufficient to support external limited assurance.
Managing ESG disclosures alongside your existing GRC obligations? See how MetricStream connects sustainability reporting to enterprise risk. Explore Our Solutions
Common CSRD Compliance Challenges
Here are some of the common CSRD compliance challenges:
Data Availability and Quality
The ESRS requires granular, quantitative data across environmental, social, and governance dimensions, much of which many companies do not currently collect in a structured or audit-ready format. Scope 3 emissions, workforce pay gap data, and biodiversity impact metrics are among the most consistently cited gaps. Establishing data collection infrastructure retroactively is time-consuming and resource-intensive.
Aligning ESRS with Existing Sustainability Frameworks
Many organizations already report under GRI, TCFD, or the UN Global Compact. Reconciling those legacy disclosures with ESRS requirements is not straightforward. The ESRS were designed with interoperability in mind, and EFRAG has published mapping documents, but aligning data definitions, materiality thresholds, and reporting structures across frameworks remains a practical challenge requiring cross-functional coordination.
Third-Party and Supply Chain Data Gaps
A material portion of CSRD disclosures requires data from suppliers and value chain partners, particularly for Scope 3 emissions and social indicators under ESRS S2. Many companies lack contractual mechanisms or technical systems to collect this data reliably at scale. The stop-the-clock delay has provided additional time, but organizations that treat this period as a deferral rather than a preparation window will face compressed timelines.
How GRC Platforms Support CSRD Compliance
Below are some ways in which GRC platforms can support CSRD compliance:
Centralized Data Collection and Audit Trail
A GRC platform provides a single system of record for sustainability data across business units, geographies, and reporting periods. This centralization supports the documentation requirements of the double materiality assessment and creates the audit trail that external assurance providers require. Without it, organizations typically rely on fragmented spreadsheet processes that are difficult to control and nearly impossible to audit.
Policy and Control Mapping to ESRS Standards
CSRD compliance intersects directly with an organization's policy management and internal control environment. GRC platforms enable organizations to map existing policies and controls to specific ESRS requirements, identify gaps, and track remediation. This approach ensures that sustainability disclosures are grounded in verifiable governance processes, not narrative statements.
Board-Level Reporting Dashboards
The CSRD assigns sustainability oversight to the board, not only to sustainability functions. GRC platforms with executive reporting capabilities allow boards and audit committees to access real-time ESG metrics, track compliance status across reporting waves, and fulfill their governance obligations under ESRS G1.
Not sure where your CSRD readiness stands? Talk to a GRC expert and get a clearer picture. Talk to an Expert
How MetricStream Can Help
MetricStream's ESG Risk solution is designed to integrate sustainability reporting obligations into the broader enterprise GRC framework, rather than treating them as a standalone compliance exercise. For organizations managing CSRD alongside other regulatory obligations, this connected approach means that data collected for risk management, internal audit, and regulatory compliance can be leveraged for sustainability reporting, reducing duplication and improving data quality.
The platform supports the end-to-end double materiality assessment process, from stakeholder mapping and impact identification through to prioritization and documentation for audit readiness. It provides a centralized repository for ESRS-aligned data collection across entities and value chain partners, with workflow controls that enforce data governance and maintain an auditable record of each reporting cycle.
For boards and CFOs navigating the CSRD's governance requirements, MetricStream's analytics and dashboarding capabilities provide the visibility needed to fulfill oversight obligations and respond to investor and regulatory inquiries with confidence.
The Corporate Sustainability Reporting Directive (CSRD) is a European Union regulation that mandates detailed sustainability disclosures from large companies operating in or with significant ties to the EU. It applies to large EU companies, listed SMEs, and non-EU companies with substantial EU revenue or operations. The directive governs reporting on environmental, social, and governance impacts and risks, requiring disclosures to be prepared against the European Sustainability Reporting Standards and independently assured.
- The Corporate Sustainability Reporting Directive (CSRD) is an EU regulation that expands the scope, depth, and standardization of sustainability reporting, replacing the earlier NFRD framework.
- It applies to large EU companies, certain listed entities, and non-EU companies with significant EU operations, with a phased rollout extending over the next several years.
- CSRD reporting is built on the principle of double materiality, requiring companies to assess both their impact on the environment and society, and the financial risks and opportunities arising from sustainability factors.
- The directive mandates detailed disclosures across environmental, social, and governance areas, guided by the European Sustainability Reporting Standards (ESRS), along with third-party assurance requirements.
- Unlike many existing ESG frameworks, CSRD is legally binding, standardized, and subject to external verification.
- Conducting a double materiality assessment involves defining scope, mapping impacts and risks, prioritizing material topics, validating findings with leadership, and maintaining audit-ready documentation.
- Organizations may face challenges in meeting CSRD requirements, particularly around data availability, aligning with existing frameworks, and gathering reliable supply chain data.
- GRC platforms help streamline CSRD compliance by centralizing data, mapping controls to ESRS requirements, and enabling oversight through structured reporting.
The Corporate Sustainability Reporting Directive is a European Union regulation that mandates structured, standardized sustainability disclosures from in-scope companies. Adopted in December 2022 as Directive (EU) 2022/2464, it entered into force on January 5, 2023, and began applying to the first wave of companies for the financial year 2024, with reports due from 2025.
The CSRD replaces the Non-Financial Reporting Directive (NFRD), which had been in place since 2014. The NFRD applied to approximately 11,700 large public-interest entities across the EU and required relatively high-level non-financial disclosures with limited standardization. The CSRD fundamentally changes the scope and depth of that obligation. It introduces mandatory European Sustainability Reporting Standards (ESRS), requires third-party assurance of sustainability data, and applies a concept called double materiality that goes well beyond what the NFRD ever demanded.
The scale of change is significant. Under the original CSRD text, over 50,000 companies were expected to fall within scope. Following the European Commission's 2025 Omnibus Simplification Package and the "Stop-the-Clock" directive that entered into force on April 17, 2025, timelines have been revised and scope thresholds adjusted. Despite these revisions, the CSRD remains one of the most comprehensive corporate sustainability reporting framework legislated to date, and the first wave of approximately 11,000 companies that were part of the NFRD framework have been phasing into CSRD reporting from 2025, based on fiscal year 2024 data.
The CSRD applies across three broad categories of entities, with compliance obligations determined by company size, listing status, and geographic footprint.
- Large EU Companies are the primary entities to fall within this ambit. Under the revised Omnibus thresholds, a company must have more than 1,000 employees and exceed €50 million in net turnover to be subject to mandatory reporting. This represents a significant narrowing from the original criteria, which applied to companies with more than 250 employees.
- Listed SMEs were originally included with an opt-out provision. Under the Omnibus revisions, listed SMEs may be removed or deferred under current proposals, though some may still face indirect pressure from larger supply chain partners or capital markets that require ESG data. Bearing in mind the speed of regulatory changes in this regard in just the past few years, as well as the evolving nature of the legislation itself, listed SMEs would do well to expect compliance changes on the horizon.
- Non-EU Companies with Significant EU Revenue remain subject to the CSRD if they generate more than €450 million in net turnover within the EU and have either an EU subsidiary or a branch generating more than €200 million in EU revenue, subject to evolving technical criteria for EU presence. These entities adhere to their own reporting timeline and will generally use a separate set of reporting standards adapted for third-country companies.
The phased applicability is summarized below:
| Wave | Entity Type | Reporting Year | Report Due |
|---|---|---|---|
| Wave 1 | Large public-interest entities with 500+ employees (NFRD scope) | FY 2024 | 2025 |
| Wave 2 | Other large companies meeting Omnibus thresholds (1,000+ employees, €50M+ turnover) | FY 2027* | 2028 |
| Wave 3 | Listed SMEs, small non-complex credit institutions, captive insurers | FY 2027* | 2028 |
| Wave 4 | Non-EU parent companies with €450M+ EU turnover | FY 2028 | 2029 |
Delayed by two years under Directive (EU) 2025/794 (Stop-the-Clock), adopted April 14, 2025.
(Sources: European Parliament, Stop-the-Clock Directive; Sidley Austin, April 2025; Karomia CSRD Guide, 2026)
CSRD reporting is organized around the European Sustainability Reporting Standards and structured by a concept unique to this directive: double materiality.
Double Materiality Assessment
Double materiality requires companies to assess sustainability from two directions simultaneously. The first is impact materiality, which captures how the company's operations affect the environment and society. The second is financial materiality, which identifies how sustainability factors create risks or opportunities for the company itself. Both dimensions must be assessed, documented, and disclosed. This bidirectional lens distinguishes the CSRD from frameworks like the TCFD, which focuses primarily on financial materiality.
Environmental Disclosures
The ESRS environmental standards span key areas such as climate change (ESRS E1), pollution (ESRS E2), water and marine resources (ESRS E3), biodiversity and ecosystems (ESRS E4), as well as resource use and the transition to a circular economy (ESRS E5). Companies are required to disclose transition plans, Scope 1, 2, and 3 greenhouse gas emissions, and how they are managing nature-related risks.
Social Disclosures
The social standards focus on impacts related to the organization’s workforce (ESRS S1), value chain workers (ESRS S2), affected communities (ESRS S3), and consumers and end-users (ESRS S4). This dimension requires companies to report on working conditions, human rights due diligence, pay equity, and community impact.
Governance Disclosures
ESRS G1 covers governance, risk management, and internal controls as they relate to sustainability. It includes disclosures on board-level oversight of sustainability matters, corporate culture, anti-corruption and anti-bribery policies, and political engagement.
European Sustainability Reporting Standards (ESRS) Overview
The ESRS were developed by the European Financial Reporting Advisory Group (EFRAG). They consist of two cross-cutting standards applicable to all companies (ESRS 1, which sets general principles, and ESRS 2, which requires general disclosures) along with the topical standards organized across environment, social, and governance themes. Following EFRAG's simplified technical advice submitted to the European Commission in December 2025, the mandatory datapoint count was significantly reduced, with a 71% overall reduction when including the removal of voluntary data points based on EFRAG’s technical simplification proposals.
The original phased rollout has been restructured following the Stop-the-Clock directive and the Omnibus Content Proposal, formally adopted as a directive in February 2026.
| Reporting Wave | Companies | Fiscal Year | Report Submission |
|---|---|---|---|
| Wave 1 | Large public-interest entities (NFRD scope, 500+ employees) | FY 2024 | 2025 |
| Wave 1 (continued) | Same entities with quick-fix relief | FY 2025 and FY 2026 | 2026 / 2027 |
| Wave 2 | Large companies meeting Omnibus thresholds | FY 2027 | 2028 |
| Wave 3 | Listed SMEs, small credit institutions | FY 2027 | 2028 |
| Wave 4 | Non-EU third-country companies (€450M+ EU turnover) | FY 2028 | 2029 |
Wave 1 companies are not covered by the Stop-the-Clock delay, though they benefit from "quick-fix" amendments adopted by the European Commission on July 11, 2025, which extended certain transitional relief for FY 2025 and FY 2026 reporting.
The CSRD is legally binding EU legislation. Most other sustainability reporting frameworks are voluntary or apply only to specific investor or market contexts. The table below outlines the primary distinctions:
| Framework | Legal Status | Materiality Approach | Assurance Required | Scope |
|---|---|---|---|---|
| CSRD | Mandatory (EU law) | Double materiality | Yes (limited, moving to reasonable) | Large EU companies + non-EU with EU revenue |
| GRI (Global Reporting Initiative) | Voluntary | Impact materiality | Optional | Global, any organization |
| TCFD | Voluntary (some jurisdictions mandatory) | Financial materiality | Optional | Primarily financial sector |
| SFDR (Sustainable Finance Disclosure Regulation) | Mandatory (EU law) | Financial materiality | No specific requirement | Financial market participants |
The key difference is legal enforceability and assurance: CSRD disclosures are mandatory, included in management reports, and subject to third-party assurance, unlike voluntary frameworks like GRI and TCFD.
The double materiality assessment is the foundation of CSRD compliance. It determines which sustainability topics are reportable under ESRS and must be documented in a way that can withstand an external audit.
- Step 1: Define Scope and Stakeholders: Establish the organizational boundary for the assessment, including subsidiaries and value chain activities where relevant. Identify the stakeholder groups whose interests and impacts are material, including employees, suppliers, customers, investors, and affected communities.
- Step 2: Map Impact Materiality: Assess how the company's own activities and value chain create actual or potential impacts on people and the environment. Consider the severity, scale, and remediability of negative impacts, and the significance of positive ones. This analysis should draw on operational data, supply chain assessments, and stakeholder input.
- Step 3: Map Financial Materiality: Identify sustainability-related risks and opportunities that could affect the company's financial condition, cash flows, access to capital, or cost of doing business. Timeframes should span short, medium, and long-term horizons.
- Step 4: Prioritize Material Topics: Consolidate the impact and financial materiality findings into a prioritized list of topics. Topics that are material from either or both perspectives are subject to ESRS reporting. The prioritization should be based on defined thresholds and criteria, not subjective judgment.
- Step 5: Validate with Leadership: Present findings to senior leadership and the board for review and approval. The CSRD places governance-level accountability on sustainability disclosures, so executive sign-off is not procedural; it is a compliance requirement.
- Step 6: Document for Audit Readiness: Maintain a comprehensive audit trail that captures the methodology used, data sources, stakeholder engagement records, and rationale for materiality determinations. This documentation must be sufficient to support external limited assurance.
Managing ESG disclosures alongside your existing GRC obligations? See how MetricStream connects sustainability reporting to enterprise risk. Explore Our Solutions
Here are some of the common CSRD compliance challenges:
Data Availability and Quality
The ESRS requires granular, quantitative data across environmental, social, and governance dimensions, much of which many companies do not currently collect in a structured or audit-ready format. Scope 3 emissions, workforce pay gap data, and biodiversity impact metrics are among the most consistently cited gaps. Establishing data collection infrastructure retroactively is time-consuming and resource-intensive.
Aligning ESRS with Existing Sustainability Frameworks
Many organizations already report under GRI, TCFD, or the UN Global Compact. Reconciling those legacy disclosures with ESRS requirements is not straightforward. The ESRS were designed with interoperability in mind, and EFRAG has published mapping documents, but aligning data definitions, materiality thresholds, and reporting structures across frameworks remains a practical challenge requiring cross-functional coordination.
Third-Party and Supply Chain Data Gaps
A material portion of CSRD disclosures requires data from suppliers and value chain partners, particularly for Scope 3 emissions and social indicators under ESRS S2. Many companies lack contractual mechanisms or technical systems to collect this data reliably at scale. The stop-the-clock delay has provided additional time, but organizations that treat this period as a deferral rather than a preparation window will face compressed timelines.
Below are some ways in which GRC platforms can support CSRD compliance:
Centralized Data Collection and Audit Trail
A GRC platform provides a single system of record for sustainability data across business units, geographies, and reporting periods. This centralization supports the documentation requirements of the double materiality assessment and creates the audit trail that external assurance providers require. Without it, organizations typically rely on fragmented spreadsheet processes that are difficult to control and nearly impossible to audit.
Policy and Control Mapping to ESRS Standards
CSRD compliance intersects directly with an organization's policy management and internal control environment. GRC platforms enable organizations to map existing policies and controls to specific ESRS requirements, identify gaps, and track remediation. This approach ensures that sustainability disclosures are grounded in verifiable governance processes, not narrative statements.
Board-Level Reporting Dashboards
The CSRD assigns sustainability oversight to the board, not only to sustainability functions. GRC platforms with executive reporting capabilities allow boards and audit committees to access real-time ESG metrics, track compliance status across reporting waves, and fulfill their governance obligations under ESRS G1.
Not sure where your CSRD readiness stands? Talk to a GRC expert and get a clearer picture. Talk to an Expert
MetricStream's ESG Risk solution is designed to integrate sustainability reporting obligations into the broader enterprise GRC framework, rather than treating them as a standalone compliance exercise. For organizations managing CSRD alongside other regulatory obligations, this connected approach means that data collected for risk management, internal audit, and regulatory compliance can be leveraged for sustainability reporting, reducing duplication and improving data quality.
The platform supports the end-to-end double materiality assessment process, from stakeholder mapping and impact identification through to prioritization and documentation for audit readiness. It provides a centralized repository for ESRS-aligned data collection across entities and value chain partners, with workflow controls that enforce data governance and maintain an auditable record of each reporting cycle.
For boards and CFOs navigating the CSRD's governance requirements, MetricStream's analytics and dashboarding capabilities provide the visibility needed to fulfill oversight obligations and respond to investor and regulatory inquiries with confidence.
Frequently Asked Questions
The CSRD is a European Union law that requires large companies to publicly disclose how their business affects the environment and society, and how sustainability-related risks affect their business. It replaces an older, less demanding directive and requires companies to follow standardized reporting rules developed by EFRAG.
Following the 2025 Omnibus revisions, mandatory compliance applies to companies with more than 1,000 employees and net turnover above €50 million. Non-EU companies generating more than €450 million in EU revenue are also in scope, provided they have a qualifying EU subsidiary or branch. Listed SMEs are no longer mandatorily in scope under the revised framework.
Double materiality requires companies to assess sustainability from two perspectives: how their operations impact the environment and society (impact materiality), and how sustainability risks and opportunities affect the company's own financial position (financial materiality).
Wave 1 companies, primarily large public-interest entities that were already subject to the NFRD, began reporting in 2025 for fiscal year 2024. Wave 2 and Wave 3 companies have had their deadlines pushed back by two years under the Stop-the-Clock directive, with their first reports now due in 2028 covering fiscal year 2027. Wave 4 non-EU companies remain scheduled to report in 2029.
ESG reporting is a broad term covering a range of voluntary and mandatory frameworks. The CSRD is a specific piece of EU legislation with binding requirements, mandatory assurance, prescribed reporting standards (ESRS), and enforcement by member state authorities. Voluntary ESG frameworks such as GRI or TCFD allow companies to select what they disclose and how they disclose it. The CSRD does not.
The CSRD delegates penalty enforcement to individual EU member states, which are required to establish sanctions that are effective, proportionate, and dissuasive. Consequences can include financial penalties, exclusion from public procurement, and in some jurisdictions, criminal liability for executives.
Yes. Non-EU companies that generate more than €450 million in annual net turnover within the EU and have either an EU subsidiary exceeding €200 million in turnover or an EU branch exceeding the same threshold are subject to Wave 4 reporting requirements. These entities are expected to report for fiscal year 2028, with their first reports due in 2029.
The ESRS are the mandatory reporting standards that specify what companies must disclose under the CSRD. They were developed by EFRAG and cover two cross-cutting standards applicable to all companies (ESRS 1 on general requirements and ESRS 2 on general disclosures), plus twelve topical standards addressing specific environmental, social, and governance matters.
The NFRD, introduced in 2014, applied to approximately 11,700 large public-interest entities and required general non-financial disclosures with no prescribed standard format. The CSRD expands the original scope significantly, introduces mandatory standardized reporting under the ESRS, requires external assurance of sustainability data, mandates the double materiality assessment, and applies to a much broader range of company types including non-EU entities with significant EU operations.
Organizations not yet in scope should use the extended timeline productively. Priority actions include completing a double materiality assessment to determine which ESRS topics apply, conducting a gap analysis against the required data points, establishing data collection processes across business units and value chain partners, engaging with external assurance providers early to understand what audit-readiness requires, and integrating sustainability data management into existing GRC or ERP infrastructure.
