The Corporate Sustainability Reporting Directive (CSRD) is the EU's mandatory framework for corporate sustainability reporting. Introduced in 2023 to replace the Non-Financial Reporting Directive (NFRD), it requires in-scope companies to publish standardized, auditable sustainability information alongside their financial reports. In 2026, the EU Omnibus Directive, a legislative reform initiative to simplify multiple EU sustainability directives, changed the CSRD's scope and timelines significantly.
Some companies have taken this as a reason to deprioritize compliance. That reading is incorrect. The Omnibus narrows who must report and when, but does not remove the core obligations or ease CSRD disclosure requirements. This guide covers who falls in scope after the Omnibus, how timelines shifted, what CSRD double materiality means in practice, and where the real operational challenge lies.
- CSRD: Key Facts at a Glance
- What Is the CSRD?
- CSRD Timeline: What the Omnibus Changed
- Who Must Comply with the CSRD After Omnibus?
- CSRD Double Materiality: Does It Still Apply After the Omnibus?
- The Scope 3 Data Challenge Behind CSRD Compliance
- CSRD Penalties for Non-Compliance
- Beyond CSRD Reporting: Building a Sustainability Steering Strategy
- FAQ
CSRD: Key Facts at a Glance
-
Mandatory EU framework: The CSRD requires standardized, auditable sustainability disclosures across environmental, social, and governance topics.
-
Omnibus changes: The EU Omnibus Directive raised the compliance threshold to >1,000 employees and >€450M net turnover, confirmed Wave 2's two-year delay, and removed listed SMEs from mandatory scope entirely.
-
Reduced but real scope: Roughly 80% of previously in-scope companies now fall outside mandatory scope, but many still face CSRD-driven data requests from value chain partners.
-
Double materiality intact: Double materiality remains fully mandatory under all post-Omnibus CSRD rules.
-
ESRS standards: CSRD disclosures follow the European Sustainability Reporting Standards (ESRS) and require limited assurance from an independent auditor.
-
The real challenge: The hardest part of CSRD reporting is not the materiality analysis – it is sourcing reliable Scope 3 data across the value chain.
What Is the CSRD?
The Corporate Sustainability Reporting Directive (CSRD) is an EU law requiring in-scope companies to disclose standardized, comparable sustainability information in their management reports. CSRD disclosure requirements span environmental, social, and governance topics and must follow the European Sustainability Reporting Standards (ESRS), the official CSRD standards that define what companies report and how. All disclosures require limited assurance from an independent auditor.
The core purpose of the CSRD directive is comparability. By aligning disclosures to a single set of standards, the EU enables investors, regulators, and supply chain partners to assess and compare corporate sustainability performance consistently and reliably.
How Did the CSRD Replace the NFRD?
The NFRD (Non-Financial Reporting Directive), adopted in 2014 and applicable from 2017, covered fewer than 12,000 EU companies and allowed each to choose its own reporting framework, making meaningful comparison across companies nearly impossible.
The CSRD was designed to close those gaps. Originally set to cover roughly 50,000 companies, it introduced mandatory CSRD standards, structured CSRD reporting requirements, and external assurance, raising sustainability disclosure to the level of financial reporting.
CSRD Timeline: What the Omnibus Changed
The CSRD rolled out in phases. Wave 1 companies – large public-interest entities with more than 500 employees – were already in scope for FY 2024 and submitted their first reports in 2025. Those obligations remain unchanged.
A two-year reporting delay, commonly referred to as the stop-the-clock measure, was first introduced by Directive (EU) 2025/794, which entered into force in April 2025. The EU Omnibus Directive, advancing through the legislative process as of 2026, then went further: it raised the compliance threshold substantially (see the next section) and removed listed SMEs (Wave 3) from mandatory CSRD scope entirely. The revised timeline now looks like this:
.png?width=650&height=453&name=csrd_timeline_en%20(1).png)
Wave overview: CSRD reporting obligations before and after the EU Omnibus Directive (in force March 2026).
For more on what the Omnibus amendments mean for corporate CSRD obligations, see our CSRD Omnibus article.
Who Must Comply with the CSRD After Omnibus?
To fall under mandatory CSRD scope after the Omnibus, a company must meet both of the following criteria:
-
More than 1,000 employees, and
-
More than €450M in net turnover
The previous framework used an "any two of three" test across employees, turnover, and balance sheet total. Raising the thresholds substantially removes roughly 80% of previously in-scope companies from mandatory CSRD compliance.
Falling outside mandatory scope does not mean freedom from CSRD-related reporting pressure. Companies that remain in scope must disclose Scope 3 emissions, and meeting that requirement depends on value chain reporting data from their suppliers. Those data requests flow downstream regardless of whether the supplier falls under the CSRD directly. Non-EU companies with significant EU operations also face tailored group-level CSRD reporting requirements under Wave 4. The Omnibus includes a review clause, so today's threshold status is not necessarily permanent.
The CSRD is also not the only EU instrument shaping expectations along the value chain. The closely related Corporate Sustainability Due Diligence Directive (CSDDD) obliges the largest companies to actively identify, prevent, and address adverse human rights and environmental impacts across their chain of activities – a behavioral obligation to act that complements the CSRD's disclosure obligation to report.
CSRD Double Materiality: Does It Still Apply After the Omnibus?
The CSRD mandates double materiality as a fundamental assessment requirement for every in-scope company. Defined in ESRS 1, the assessment requires companies to evaluate each sustainability topic from two angles: how company activities affect people and the environment (impact materiality), and how sustainability risks and opportunities affect the company's own financial performance (financial materiality).
One of the most persistent misreadings of the Omnibus Directive is that it removed or diluted this obligation. It did not. The Omnibus cut the number of mandatory ESRS datapoints by more than 60%. The double materiality assessment itself remains a non-negotiable prerequisite for CSRD disclosure.
What the assessment produces is a map of material topics. The operational challenge that follows is what separates compliance-ready companies from the rest: sourcing the data needed to measure, steer, and report on those topics. For ESRS E1, the climate standard, that challenge leads directly to Scope 3 emissions across the value chain.
The Scope 3 Data Challenge Behind CSRD Compliance
Scope 3 emissions – the indirect emissions that span the entire value chain – represent the most data-intensive element of CSRD reporting. Under ESRS E1, in-scope companies must calculate and disclose a full corporate carbon footprint (CCF). Scope 3 typically accounts for 70 to 90% of total corporate emissions and is the area where data quality, traceability, and completeness are hardest to achieve.
Most companies approach this with a pure compliance mindset: gather enough data to satisfy the CSRD reporting requirement. The companies that gain a lasting advantage ask a different question: what does this data reveal about risk, cost, and opportunity across the supply chain?
IPOINT directly addresses the Scope 3 data challenge at the heart of CSRD compliance, with capabilities across the full reporting and steering lifecycle:
-
Collect: Pull product, process, energy, and supply chain emissions data.
-
Analyze: Calculate CCF across Scope 1, 2, and 3, run LCAs, and identify emission hotspots.
-
Govern: Manage data quality, roles, and calculation cycles across the value chain.
-
Report: Produce audit-ready CSRD disclosures for ESRS E1, EPD, and DPP.
-
Evolve: Drive emission reductions across materials, suppliers, and production processes.
-
Scale: Move from initial CCF pilots to portfolio-wide sustainability steering.
For a closer look at how Scope 3 fits into CSRD obligations, see our article on CSRD and Scope 3 emissions.
Calculate Your Corporate Carbon Footprint With Full Scope 3 Coverage

Map your entire value chain carbon footprint with audit-ready results for ESRS E1 and CSRD reporting. Connect Scope 1, 2, and 3 data in a single compliance-ready workflow.
CSRD Penalties for Non-Compliance
The CSRD does not establish EU-wide fines. Each member state defines its own enforcement regime, with the requirement that penalties be "effective, proportionate, and dissuasive."
Current examples of national enforcement include:
-
Germany: Fines of up to €10M or a defined share of annual turnover.
-
France: Penalties that extend to director liability.
The direct financial exposure is only part of the risk. Non-compliance also exposes companies to reputational damage, higher cost of capital, exclusion from public procurement processes, and heightened scrutiny from institutional investors. For in-scope companies, building robust CSRD reporting infrastructure reduces exposure across all of these dimensions simultaneously.
Beyond CSRD Reporting: Building a Sustainability Steering Strategy
The Omnibus simplified the CSRD. It did not eliminate it. For companies still in scope, the reporting obligation stands and the Scope 3 data challenge is no less demanding.
The companies that come out ahead are not those that minimize compliance effort. They treat CSRD data as a strategic asset, building infrastructure that drives better decisions, not just disclosure.
Turn CSRD Data
Into Smarter Sustainability Decisions

See how leading companies move from CSRD reporting to data-driven sustainability steering with a structured six-step framework. Download IPOINT's Sustainability Intelligence Whitepaper for the full methodology.
Frequently Asked Questions
What is the difference between ESG and CSRD?
ESG (Environmental, Social, and Governance) is a broad framework used in investment analysis, voluntary reporting, and sustainability ratings. The CSRD is mandatory EU law that specifies which companies must disclose sustainability information, in what format, and against what standards. ESG describes what companies choose to measure and communicate; the CSRD defines what in-scope companies must disclose, following the structured datapoints of the ESRS and subject to limited assurance.
What needs to be reported under the CSRD?
CSRD-obligated companies must report sustainability information across environmental, social, and governance topics following the ESRS. Core disclosures include governance and strategy information, the results of the double materiality assessment, and the metrics and targets tied to material topics. All disclosures appear in the management report and require limited assurance from an independent auditor.
Does double materiality still apply under the Omnibus?
Yes. Double materiality remains fully mandatory under all post-Omnibus versions of the CSRD. The Omnibus simplification reduced the number of mandatory ESRS datapoints by more than 60%, but it did not remove the requirement to conduct a double materiality assessment. Companies still in scope must assess both their impacts on people and the environment and the sustainability risks and opportunities affecting their own business.
What are the audit requirements for the CSRD?
CSRD disclosures require limited assurance from an independent auditor. This formal verification step requires companies to maintain structured, traceable, and auditable data, including for complex datapoints such as Scope 3 emissions. A move to reasonable assurance, a higher standard closer to a full financial audit, may follow in a later phase of implementation.
What are the penalties for non-compliance with the CSRD?
The CSRD does not set a single EU-wide penalty. Each member state defines its own enforcement rules, with the requirement that penalties be effective, proportionate, and dissuasive. In Germany, fines can reach up to €10M or a share of annual turnover. France has introduced director liability provisions. Beyond fines, non-compliance exposes companies to reputational damage, restricted access to capital, and exclusion from procurement. Note: This overview is informational only and does not constitute legal advice.
