CSRD requirements: What companies need to do to comply with the new EU directive

Ar19
Jul 25
11 min read

Updated: 2 days ago

The CSRD, or Corporate Sustainability Reporting Directive, is the new European directive that redefines how companies should report on their environmental, social and governance (ESG) performance.

Starting in 2024 (with effect on 2025 financial statements), thousands of European –and many Italian– companies will be required to publish a sustainability report according to rigorous and uniform criteria. The change is not only about what is communicated, but also how, with what standards (ESRS), and according to the principle of double materiality.

In this article, we explain clearly and operationally who is involved, what the main requirements of CSRD are, and how to prepare for adjustment.

What the CSRD Directive provides

The CSRD (Corporate Sustainability Reporting Directive) marks a clear shift from the previous NFRD. It extends the number of companies involved and introduces a more rigorous, integrated, and verifiable reporting model.

From 2024 (with reference to the 2025 financial statements), subject companies will have to publish ESG information according to European ESRS standards, including it in the management report and no longer in separate documents. The report shall be prepared in XHTML digital format and audited by an external auditor (limited assurance).

The underlying principle is that of dual materiality: enterprises must explain both how ESG factors affect their business and what impacts business generates on the environment, people and society.

The goal of CSRD is clear: to build comparable and reliable reporting, useful for investors, banks, public and private stakeholders. This is not a bureaucratic requirement, but an operational tool for managing risk, accessing capital, and strengthening corporate credibility.

Who is obliged to comply with CSRD requirements

The CSRD applies progressively, but involves a much wider audience than the previous directive. The reporting requirement covers not only large listed companies, but also many unlisted entities, including SMEs under certain conditions.

The application calendar is structured as follows:

From 1° January 2024 (with reporting in 2025): companies already subject to the NFRD.
From 1° January 2025: all large European companies, even unlisted ones, that exceed at least two of the following three criteria: 250 employees, 40 million euros in net turnover, 20 million euros in total assets.
From 1° January 2026: Listed SMEs and some non-EU companies with significant subsidiaries in the Union.
From 1° January 2028: non-EU companies with revenues exceeding €150 million in the EU and at least one relevant subsidiary or branch.

For many companies not yet accustomed to ESG reporting, CSRD represents a substantial innovation. In addition to regulatory aspects, it implies a rethinking of internal processes, information systems and skills. Firms exceeding size thresholds must start immediately to assess their readiness and define an adjustment plan.

When CSRD obligations come into force

The CSRD formally came into force on January 5, 2023, but its effects are materializing starting with the 2024 financial statements. Companies already subject to the previous NFRD Directive (large listed companies, banks, and insurance companies with more than 500 employees) are completing the first round of CSRD reporting in recent months, with deadlines expected in 2025.

Here is the full, updated timeline:

2025 → publication of the first CSRD-compliant financial statements by companies already subject to the NFRD.

2026 → obligation extended to all large EU companies, even unlisted ones, that exceed at least two of the three criteria: 250 employees, 40 million net turnover, 20 million total assets.

2027 → Listed SMEs enter, with the possibility of opting out until 2028.

2028 → obligation for large non-EU companies with revenues >150 million in the Union and a stable presence in at least one Member State.

By mid-2025, many companies are completing their first structured ESG budget, while others are already at an advanced stage of data collection and requirements alignment. Those who have not yet embarked on a structured journey are in a critical situation: organizational delay can compromise the reliability of disclosure, with consequences for audits, access to credit, and permanence in supply chains regulated by KPI ESG.

CSRD leaves no margin: it is necessary to transform environmental, social and governance data into stable, controlled, verifiable flows. Postponing today is tantamount to exposing oneself to structural risks tomorrow.

The main requirements of CSRD: structure, content and standards

The CSRD defines precisely what must be reported, how the disclosure must be structured and according to which criteria ESG data must be collected and published. These are no longer generic recommendations: companies must comply with ESRS – European Sustainability Reporting Standards, developed by EFRAG under a mandate from the European Commission.

The report must be integrated into the management report, with equal dignity with financial information, and follow an electronic XHTML format compliant with ESEF standards. Assurance is mandatory: initially in a limited form, but with possible evolution towards more stringent forms.

Mandatory content includes:

Strategy and business model, in relation to ESG factors.
Objectives, action plans and resources dedicated to sustainability.
Governance, roles and responsibilities, including oversight and oversight principals.
Policies and metrics, including sectoral ones, to measure impacts, risks and opportunities.
Results obtained with respect to the stated objectives.
Dual materiality, with analysis of inbound and outbound impacts.
Value chain, including suppliers, partners and indirect impacts.

Data must be comparable, verifiable, understandable and timely. Businesses need to demonstrate how ESG information affects their financial position and how business activities contribute, positively or negatively, to EU environmental and social objectives.

What are ESRS and what do they include

ESRS (European Sustainability Reporting Standards) are the technical and regulatory reference on which CSRD reporting is based. They were developed by EFRAG and approved by the European Commission to ensure consistency, comparability, and methodological soundness in ESG reporting.

Currently, there are 12 published standards and they are divided into three categories:

Cross-cutting standards (cross-cutting):

ESRS 1: general requirements, reporting principles, dual materiality, report structure.

ESRS 2: Mandatory disclosure on governance, strategy, impacts, risks and metrics.

Environmental Thematic Standards (ESRS E1–E5):

E1: climate change (mitigation and adaptation)

E2: pollution

E3: water and marine resources

E4: biodiversity and ecosystems

E5: use of resources and circular economy

Social and Governance Standards (ESRS S1–S4, G1):

S1: own workforce

S2: workers in the value chain

S3: communities concerned

S4: consumers and end-users

G1: business conduct

Each standard includes qualitative and quantitative disclosure requirements, with specific metrics and indicators. Enterprises must apply all ESRS, except for exclusions justified through materiality analysis.

Over time, further developments are expected: sectoral standards, simplified for listed SMEs, and proportionate standards for unlisted enterprises. The ESRS are not just a technical annex: they represent the backbone of the new European enterprise accountability system.

How to prepare a compliant sustainability report

Drawing up a sustainability report compliant with the CSRD means building an integrated, evidence-based document capable of engaging with the strategic dimension of the company. Compiling an outline is not enough: a structured, cross-functional process is needed, guided by a clear vision and specific skills.

The first step is to define reporting governance: assign responsibilities, create direction among the functions involved (sustainability, HSE, finance, HR, procurement), and activate regular internal planning. Next, data collection should be structured according to ESRS requirements, ensuring that information is available, traceable, and verifiable.

Once the material aspects have been selected, companies must coherently report:

what policies and objectives are being pursued
with what resources and tools
according to which metrics measure the impact generated

All of this must be documented and supported by internal, auditable evidence. Qualitative data can no longer be generic: it must be anchored in processes, indicators, and responsibilities. The narrative must also change: the balance sheet is no longer just a reputational tool, but a strategic asset.

From an organizational point of view, this step forces companies to activate a real internal transformation project. It requires greater maturity in the management of non-financial data, the introduction of supporting digital systems (reporting tools, ESG platforms, business intelligence), and above all the dissemination of a corporate culture oriented towards transparency and measuring impacts.

Those anticipating this work today will tomorrow be able to better engage with banks, international customers, and supply chains that are already adopting KPI ESG to evaluate suppliers and partners.

The principle of double materiality explained in a simple way

The CSRD introduces in a binding way the concept of dual materiality, which represents the core of the entire regulatory framework. This is not just a technical criterion for deciding what to include in the sustainability budget, but a change of perspective on the role of the company in society and the economy.

With dual materiality, companies must consider two dimensions:

Financial materiality: How environmental, social, and governance factors influence a company's economic performance (e.g., climate change impacting the supply chain or production capacity).
Impact materiality: how the company's activities influence the environment, people, and society (e.g., emissions, land use, working conditions in the supply chain).

Both dimensions need to be analyzed and reported. The CSRD balance sheet can no longer simply report the risks to the company, but must also highlight the risks generated by the company to the outside world.

This approach requires in-depth analysis and engagement of internal and external stakeholders. A questionnaire is not enough: continuous dialogue is needed, supported by structured tools (interviews, workshops, scenario assessments) and a corporate culture capable of reading weak signals and anticipating impacts.

Those who correctly apply dual materiality not only comply with a regulatory requirement, but gain a more robust and integrated vision of their business model. And it can use it to guide strategic choices, proactively manage risks, and strengthen its long-term positioning.

The Role of Assurance: What CSRD Provides

One of the qualifying elements of the CSRD is the requirement for external assurance on the sustainability balance sheet. Firms will have to subject ESG information to independent verification, initially with a “limited” and, in the future, “reasonable” level of assurance, similarly to what happens for financial statements.

Limited assurance involves the auditor making a judgement on the absence of material error, based on a selected number of audits. Although less thorough than the full review, it still represents a qualitative leap compared to the past: it forces companies to structure a robust and documentable internal process, and auditors to equip themselves with specific ESG skills.

The following are subject to the assurance obligation:
the quantitative and qualitative data required by the ESRS,
the analysis of double materiality,
compliance with the report structure according to the XHTML digital format.

From an operational perspective, this requires building an internal control system for non-financial reporting, with roles, responsibilities, audit trails, and data traceability. The ESG area can no longer function in isolation: it must engage with management control, finance, compliance, and operations.

For businesses, assurance is not just an obligation. If approached strategically, it can become an accelerator of organizational maturity. External verification actually pushes us to anticipate errors, reduce exposure to reputational risks, improve data quality, and strengthen credibility with banks, investors, and institutional stakeholders.

Organizational impacts: governance, processes and required skills

Adapting to CSRD isn't just about updating a document, it's about deeply rethinking how the company manages data, assigns responsibilities, and develops its internal expertise. Sustainability reporting becomes a cross-cutting process, requiring alignment between governance, operations, and strategy.

The first impact concerns governance: the board of directors must take an active role in overseeing sustainability, defining priorities, material risks, and long-term objectives. The ESG function must be formally recognized and equipped with a stable internal garrison.

At the operational level, ESG reporting needs to be integrated into existing business processes:

structured and continuous data collection, no longer “project”;
information systems capable of managing ESG metrics alongside economic and financial data;
internal control, audit and document validation procedures.

The real issue is that of skills. CSRD pushes enterprises to develop new job profiles and update existing ones. We need figures capable of reading ESRS standards, interpreting climate scenarios, analyzing non-financial data, communicating transparently, and, above all, working from a systemic perspective.

This process involves ESG managers, controllers, HSE, HR, procurement and legal functions. But it also requires an investment in corporate culture: raising awareness among management, training middle managers, and engaging operations teams. Sustainability, to be credibly reported, must first be understood and practiced.

CSRD and SMEs: what changes for small and medium-sized enterprises

SMEs also enter the CSRD perimeter, but at different times and in different ways. Starting in 2026, SMEs listed on European regulated markets will be required to prepare sustainability reports according to a simplified standard, currently being defined by EFRAG. A transitional regime is planned until 2028, but the direction is set.

For unlisted SMEs, the obligation is not direct, but many effects are already visible: industrial chains and international groups are also anticipating ESG reporting requests to suppliers. SMEs operating in exposed sectors (chemicals, construction, energy, fashion, large-scale retail trade) are increasingly faced with materiality questionnaires, social audits, and environmental metrics.

In this context, sustainability becomes a competitive factor, not just an obligation. SMEs that equip themselves with tools to map their impacts, formalize ESG policies, and manage the supply chain will be more credible, more resilient, and more attractive to customers, financiers, and talent.

To get started, you don't need to immediately build a complex report: it's more useful to activate gradual paths, with clear priorities, starting with materiality analysis, the definition of relevant KPIs, and the training of key people. Compliance can be managed in a modular way, but awareness and a strategic vision are needed.

How to equip yourself: tools, training and specialist support

CSRD compliance is not achieved with a single intervention. It requires a transformation path that combines digital tools, process evolution, and skills development. Every company must build a tailor-made structure, starting from its organizational maturity.

On an operational level, it is essential to equip ourselves with adequate tools to:

map and monitor ESG data in a structured way;
manage approval workflows, versioning, audit trails;
integrate non-financial metrics with ERP and management control systems;
generate reports that comply with ESRS standards and ESEF/XHTML format.

Many enterprises are adopting vertical ESG platforms, tools for materiality assessment, centralized data collection systems and evolved dashboards. But technology is just an accelerator. We need an ecosystem capable of transforming reporting into decision-making leverage.

Training is the second pillar. Generic courses are not enough: targeted courses are needed for ESG Officers, HSEs, figure finance, legals and HRs. Training is needed that connects regulatory standards with real business processes. The most critical skills today are hybrid ones: sustainability and management control, ESG and procurement, data and strategy.

Finally, in many cases it is strategic to activate qualified external support: ESRS experts, ESG auditors, technical partners, and advisors capable of supporting the company in setting up roadmaps, readiness assessments, data governance, KPI definition, and reporting models.

An effective approach starts from a simple but central question: “What ESG information would I be able to produce today, with what reliability and with what level of verification?”. From here the path is built, made up of awareness, tools and data culture.

Conclusion – road map for adjustment and useful resources

CSRD is not just a regulation to be complied with: it is a concrete opportunity to strengthen internal systems, improve transparency and align with market expectations. Businesses that address this step early will not just comply: they will be more credible, more resilient, and more attractive.

To address adjustment effectively, it is useful to define a realistic but ambitious roadmap:

Internal assessment: Readiness analysis, gap to ESRS, mapping of available data.
Governance: definition of roles, involvement of functions and oversight bodies.
Targeted training: pathways for ESG officers, controllers, HSEs, HRs and key figures.
Tools and systems: introduction of digital tools for managing and monitoring ESG data.
Reporting process: perimeter definition, materiality, data collection and budget construction.
Assurance: preparation for external verification, audit trail, document validation.
Communication and stakeholder engagement: building a solid, transparent, and coherent narrative.

In the meantime, it is advisable to stay updated through official sources such as:

EFRAG – for ESRS standards
European Commission – CSRD
ESG observatories, think tanks and academic research centres.

Those leading this change today will tomorrow be able to transform sustainability from a regulatory obligation to a competitive advantage.

FAQ – CSRD Frequently Asked Questions

My company is not listed: I still have to adapt?

It depends. If you exceed two of the three size thresholds (250 employees, 40 million turnover, 20 million assets), the obligation is triggered by the 2025 financial statements. Even if not directly obligated, many enterprises are involved indirectly as suppliers or partners of subject companies.

Can I use the old sustainability budgeting schemes?

No. CSRD mandates the use of ESRS, which define content, structure, and methodological standards. Pre-existing reports need to be reviewed and realigned.

Who has to approve the sustainability budget?

It must be integrated into the management report and approved by the competent corporate bodies, as is the case for the civil budget. Assurance from a third-party auditor is also needed.

What are the penalties for non-compliance?

Each Member State will define its own sanctioning system. But beyond fines, the real risk is reputational: failing to comply means exposing yourself to exclusion from procurement, supply chains, or access to ESG-linked credit.

How does the assurance process on the report?

There is currently a limited level of assurance, with verification of the consistency, traceability and completeness of the information. Looking ahead, it will evolve towards forms closer to auditing.

Can SMEs get off to a simplified start?

Yes. Proportional standards for listed SMEs are on the way, but non-directly subject SMEs can also adopt a light model, focused on a few material KPIs and a phased improvement plan.

What are the estimated costs of adjusting?

Costs depend on business complexity. For many enterprises, this is an important initial investment (training, systems, advisory support), but recoverable in the medium term through reputational, operational and financial advantages.