contact us

The Corporate Sustainability Reporting Directive (CSRD): A Comprehensive Guide

In this article

The Corporate Sustainability Reporting Directive (CSRD) is a European Union regulatory initiative aimed at strengthening and standardizing sustainability reporting by companies. Replacing the Non-Financial Reporting Directive (NFRD), the CSRD imposes stricter requirements on the transparency and quality of reporting on environmental, social and governance (ESG) performance. This article takes an in-depth look at the key aspects of the CSRD, its background, its requirements, its potential impact on companies, and the steps involved in its implementation.

Background and origin of CSRD

The importance of sustainability in business activities has grown considerably in recent years. Investors, consumers, regulators and other stakeholders are increasingly demanding transparency on companies' sustainable practices. CSRD is a response to these growing expectations, aimed at harmonizing ESG reporting standards and ensuring that the information disclosed is reliable, comparable and relevant.

The CSRD is part of the European Green Deal and the EU's sustainable finance strategy. It was proposed by the European Commission in April 2021 and adopted in April 2022. The directive applies to large companies as well as certain listed SMEs, extending the scope compared with the NFRD.

Companies concerned by CSRD

The Corporate Sustainability Reporting Directive (CSRD) significantly extends the scope of application compared to the previous Non-Financial Reporting Directive (NFRD). The CSRD aims to include a greater number of companies in Europe, with precise criteria for determining which companies are required to comply with the new sustainability reporting requirements. Here is a detailed overview of the companies concerned:

1. Large companies

Size criteria

The CSRD applies to large companies that exceed at least two of the following three criteria:

  • 250 employees or more
  • 40 million euros in net annual sales or more
  • 20 million euros in total assets or more

These criteria are more inclusive than those of the NFRD, thus increasing the number of companies required to comply with the CSRD.

2. Listed SMEs

Small and medium-sized enterprises (SMEs) listed on EU regulated markets are also covered by the CSRD. This includes all SMEs that are publicly listed, regardless of their sector of activity.

Temporary exemptions

For listed SMEs, there is a transition period and temporary exemptions to allow them to adapt to the new requirements. This transition phase offers a little more time for compliance, recognizing the limited resources these companies often have.

3. Non-European Group subsidiaries

The CSRD also applies to subsidiaries of non-European groups if they meet certain EU activity thresholds. These thresholds include financial and operational criteria similar to those applied to European companies.

Specific criteria

Subsidiaries of non-European groups must comply with the CSRD if they :

  • Generate sales in excess of 150 million euros in the EU
  • Have a legal entity in the EU that exceeds the large enterprise thresholds defined above

4. Unlisted companies and the public sector

Although CSRD focuses primarily on large, listed companies, some large unlisted companies may also be involved, particularly those of systemic importance or with a significant impact on the environment and society.

Public companies

Certain public companies may also be included, particularly if they are considered to have a significant impact on the economy, the environment or society. However, the specific criteria for inclusion may vary, and require assessment on a case-by-case basis.

5. Financial entities

Financial institutions, such as banks and insurance companies, are also required to comply with the CSRD. These entities play a crucial role in financing the transition to a sustainable economy, and are therefore subject to detailed reporting requirements.

CSRD requirements

The CSRD introduces much more detailed and stringent reporting requirements than the NFRD. Key requirements include:

1. Extended scope of application

CSRD applies to a wider range of companies, including :

  • Large companies: those exceeding two of the following three criteria: 250 employees, sales of €40 million, assets of €20 million.
  • SMEs listed on EU regulated markets.
  • Subsidiaries of non-European groups if they meet certain EU activity thresholds.

2. European Reporting Standards (ESRS)

Companies must use the European Sustainability Reporting Standards (ESRS), drawn up by the European Financial Reporting Advisory Group (EFRAG). These standards cover various ESG aspects and are designed to ensure consistent and comparable reporting.

3. External insurance

Published information must be verified by an external auditor, adding a layer of credibility and reliability to the reports.

4. Double Materiality

Companies must assess and report not only on how their activities impact the environment and society (environmental and social materiality), but also on how ESG issues influence their financial performance (financial materiality).

5. Digital Reports

Reports are to be published in digital format and included in the European Sustainability Register, facilitating data access and comparability.

Impact on businesses

CSRD has significant implications for companies in terms of preparation, data collection and reporting.

1. Strengthening governance and internal processes

Companies will need to strengthen their internal ESG data collection and management processes to meet the new requirements. This often means investing in additional information systems and human resources.

2. Transparency and accountability

Increased transparency requirements are encouraging companies to adopt more responsible and sustainable business practices. This can enhance their reputation and attractiveness to sustainability-minded investors.

3. Financial risks and opportunities

Greater transparency on ESG risks enables more proactive management of the associated financial risks, while identifying opportunities for sustainable investment and innovation.

CSRD implementation

The implementation of CSRD involves several key stages:

1. Initial Assessment and Planning

Companies need to start with an initial assessment of their current ESG reporting practices and the gaps in relation to the new CSRD requirements. A compliance plan should then be drawn up.

2. Setting up systems and processes

Collecting ESG data will probably require significant adjustments to internal systems and processes. The adoption of technological solutions to automate and centralize data collection may be essential.

3. Training and awareness

Employee awareness and training at all levels of the organization are crucial to the successful implementation of CSRD. This includes training on new requirements, data collection methodologies, and reporting processes.

4. Insurance and External Audit

Companies should select qualified external auditors to verify their ESG reports. Working with auditors early in the process can facilitate compliance and improve report quality.

5. Publication and Communication

Once the data has been collected, verified and analyzed, companies must publish their ESG reports in compliance with ESRS standards, and submit them to the European Sustainability Register. Proactive communication of results to stakeholders is also essential.

How can Phishia help companies comply with CSRD?

As a consulting firm specializing in sustainability and cybersecurity, Phishia is ideally positioned to help companies comply with the Corporate Sustainability Reporting Directive (CSRD). Our expertise and comprehensive services enable companies to meet the stringent requirements of the CSRD while optimizing their environmental, social and governance (ESG) performance. Here's how Phishia can help at every stage of CSRD compliance:

1. Initial Assessment and Diagnosis

Analysis of Current Practices

Phishia begins with a comprehensive assessment of the company's current ESG reporting practices. This includes:

  • A review of existing reports.
  • An assessment of data collection systems.
  • Identification of deviations from CSRD requirements.

Personal Diagnosis

We provide a detailed diagnostic that highlights areas for improvement and proposes specific recommendations to close the gaps identified.

2. Setting up systems and processes

Implementation of Data Management Systems

Phishia helps set up or improve ESG data management systems to ensure efficient collection and management of the required information. This includes:

  • Selection and installation of suitable software.
  • Automation of data collection and reporting processes.
  • Staff training in the use of these systems.

Defining Performance Indicators

We help define and implement Key Performance Indicators (KPIs) in line with the European Sustainability Reporting Standards (ESRS). These indicators enable ESG performance to be monitored and measured in a consistent and transparent way.

3. Training and awareness

Training Programs

Phishia offers customized training programs to educate and train employees at all levels of the organization on the new CSRD requirements. Training courses cover :

  • The principles of CSRD.
  • ESG data collection and analysis methodologies.
  • Reporting best practices.

Raising awareness among stakeholders

We also organize awareness-raising sessions for internal and external stakeholders to ensure a clear understanding of the objectives and benefits of CSRD compliance.

4. Insurance and External Audit

Audit preparation

Phishia helps companies prepare their ESG reports for external audit. This includes:

  • Internal data verification.
  • Preparing the necessary documentation.
  • Coordination with external auditors.

Continuous Assistance

We offer ongoing support during the audit process to answer auditors' questions and ensure that all aspects of ESG reporting comply with CSRD requirements.

5. Publication and Communication

Report writing and presentation

Phishia assists with the drafting and presentation of ESG reports in line with ESRS standards. We ensure that reports are clear, complete and accessible, and that they meet the expectations of regulators and stakeholders.

Strategic Communication

We also help develop a communications strategy to share the results of ESG reporting with key stakeholders. This includes:

  • Preparation of communication documents.
  • Planning meetings and presentations.
  • Managing communication on digital platforms and social networks.

In this article

ISO 50001, Strategic Guide for Energy Management.

ISO 26000, Strategic Guide for Corporate Social Responsibility.

Everything you need to know about the ISO 14069 standard.

Everything you need to know about the ISO 14064 standard.

Everything you need to know about the ISO 14040 standard.

Understanding and Implementing ISO 14001

All CSR articles

Phishia helps you understand and reduce your company's impact on the environment

Our CSR services

Paris - Nantes

contact@phishia.fr

+33 6 85 25 99 28

Monday – Friday: 8:00 AM – 8:00 PM.

Cybersecurity

Artificial Intelligence

CSR

Terms of use

Privacy policy

I have a project
en_US
fr_FR de_DE it_IT en_US

Cybersecurity

PhishiaSOC

Crisis management

Prevention

Outsourced CISO

AI

ISO 42001 & SMIA support

CSR

Carbon Footprint Assessment and Climate Strategies

Life Cycle Analysis and Eco-design

Support for CSRD compliance

Sustainable cybersecurity

Managed SOC

Who we are

Join us

All articles

Cybersecurity blog

Blog IA

Sustainability blog

Contact us