CSRD explained: complete 2026 guide for UK and EU companies
CSRD (Corporate Sustainability Reporting Directive) is the EU's corporate sustainability reporting regime.
CSRD (Corporate Sustainability Reporting Directive) is the EU's corporate sustainability reporting regime. It has changed repeatedly, including through the 2025-2026 Omnibus simplification process, but the practical message is still clear: large companies need auditable sustainability data, and smaller suppliers will increasingly be asked to provide evidence. This guide explains who is in scope, what changed, how ESRS (European Sustainability Reporting Standards) works, what UK companies should watch, and how to prepare without wasting effort.
For related guidance, start with the CSRD reporting guide, then compare this article with UK exposure, ESG (environmental, social and governance) reporting frameworks, data rooms, due diligence, ESRS E1 climate disclosure and Scope 3 evidence.
Important 2026 context
Older CSRD summaries often quote the original 50,000-company scope and the 250-employee large-company threshold. The EU's simplification package has materially changed the practical picture. As of May 2026, the official direction is a narrower CSRD scope focused on larger companies, with a threshold of more than 1,000 employees and more than EUR 450 million net annual turnover, plus updated third-country thresholds. Companies should still check local implementation and take legal advice before relying on a threshold conclusion.
What is CSRD?
It is an EU law that requires in-scope companies to publish sustainability information inside their management report, using European Sustainability Reporting Standards (ESRS). The goal is to make sustainability reporting more comparable, more reliable and more useful to investors, lenders, customers, regulators and other stakeholders.
CSRD replaced and expanded the older Non-Financial Reporting Directive. The original policy direction was a major expansion of mandatory sustainability reporting. The later Omnibus process narrowed that direction, but it did not remove the core requirement for large in-scope companies to produce structured, assurance-ready sustainability information.
The difference between CSRD and older voluntary ESG reporting is the level of discipline. A glossy sustainability section is not enough. CSRD asks companies to connect sustainability topics to governance, strategy, risk management, targets, policies, actions, metrics and underlying evidence. It also brings sustainability reporting closer to financial reporting because the information sits in the management report and is subject to assurance.
CSRD in one minute
| Question | Short answer |
|---|---|
| What does CSRD require? | In-scope companies must report sustainability information under ESRS in the management report. |
| What is the reporting lens? | Double materiality: how sustainability issues affect the business, and how the business affects people and the environment. |
| Is it audited? | Yes. CSRD introduces limited assurance, with the possibility of stronger assurance over time. |
| Does it affect UK companies? | Yes, where there is sufficient EU exposure, qualifying EU subsidiaries or branches, or major EU customer pressure. |
| Does it affect SMEs? | Many SMEs are not directly in scope, but may still receive value-chain data requests from larger customers. |
What changed in the 2025-2026 Omnibus process?
The reason CSRD guidance is confusing is that the original directive and the later simplification process point in different directions. The original CSRD expanded mandatory sustainability reporting to a much wider group of companies. The Omnibus process then tried to reduce administrative burden, delay some waves of reporting and narrow the companies directly caught by the regime.
That does not mean CSRD disappeared. It means the direct reporting obligation is more focused, while the data expectations around large companies, banks, investors and suppliers remain important for commercial relationships. A business reading CSRD guidance should therefore separate legal scope from market pressure. Legal scope decides whether a report must be published. Market pressure decides whether customers, lenders, investors or acquirers will still ask for CSRD-style evidence.
| Area | Original direction | Practical 2026 position |
|---|---|---|
| Company scope | Much broader large-company and listed-SME coverage. | Narrower direct scope focused on larger companies, subject to final local implementation. |
| Timing | Multiple reporting waves starting from financial year 2024 and expanding quickly. | Some later waves delayed through stop-the-clock measures and simplification changes. |
| SMEs | Listed SMEs were expected to enter the regime later. | Direct burden reduced, but voluntary reporting and customer questionnaires still matter. |
| Value chain | Large companies needed broad value-chain information. | Policy intent is to limit excessive trickle-down, but material Scope 3 and supplier evidence still create requests. |
| ESRS | Detailed sector-agnostic ESRS apply to in-scope reporters. | Core ESRS structure remains central, with simplification and proportionality debates continuing. |
Who is in scope in 2026?
The most important thing to understand is that CSRD scope has been a moving target. If you read a guide written before the Omnibus simplification package, it may overstate the number of companies directly caught by the regime. The original CSRD timetable had multiple waves, including large EU companies, listed SMEs and later certain non-EU companies. The "stop-the-clock" process then delayed reporting for some waves, and the wider simplification package narrowed the scope.
As of the latest official EU direction available in May 2026, CSRD is being focused on larger companies. The Council of the EU announced final approval of simplification rules that narrow the CSRD scope to companies with more than 1,000 employees and more than EUR 450 million net annual turnover. For third-country groups, the updated requirements focus on companies with substantial EU-linked turnover and qualifying EU operations.
| Group | Practical 2026 interpretation | What to check |
|---|---|---|
| Very large EU companies | Most likely to remain directly in scope. | Employee count, net turnover, public-interest status, group structure and local law. |
| Wave-one reporters | Some may already have started reporting; transitional relief may affect 2025 and 2026 disclosures. | Whether the company remains in scope after simplification and whether transitional provisions apply. |
| Listed SMEs | The direct mandatory burden has been reduced under the simplification direction. | Whether voluntary reporting or customer data requests still make a lighter evidence process useful. |
| Non-EU and UK groups | Can still be affected if EU activity is large enough or if EU subsidiaries and branches meet relevant conditions. | EU turnover, EU subsidiary/branch turnover, group parent location and customer contracts. |
| SME suppliers | Usually not directly in scope, but may be asked for emissions, workforce, policy and supply-chain evidence. | Procurement questionnaires, tender requirements and major customer reporting calendars. |
Why smaller companies still care
One of the policy goals of the simplification package is to limit the "trickle-down" effect on smaller companies. In practice, however, large companies still need Scope 3 emissions data, supplier policies, human-rights information, product information and governance evidence from parts of their value chain. That means suppliers may still see CSRD-style questions even when they are not directly required to publish a CSRD report. For that specific situation, the Voluntary Sustainability Reporting Standard for non-listed small and medium-sized enterprises (VSME) guide explains the voluntary reporting route for smaller companies.
For a smaller business, the commercial risk is not usually an EU enforcement action. The risk is losing a tender, slowing a renewal, failing a supplier onboarding questionnaire, or looking weak during investor diligence. A proportionate evidence file is therefore useful even for companies outside direct scope.
What are ESRS?
ESRS are the European Sustainability Reporting Standards. They are the reporting standards used under CSRD. Our ESRS explainer goes deeper on how the standards connect to double materiality, climate evidence, Omnibus simplification and assurance readiness. The dedicated ESRS E1 climate change guide explains the climate standard. ESRS 1 sets general principles. ESRS 2 sets general disclosures that apply across sustainability topics. The topic standards then cover climate, pollution, water, biodiversity, resource use, own workforce, value-chain workers, affected communities, consumers and business conduct.
| ESRS area | What it covers | Typical evidence |
|---|---|---|
| ESRS 1 and 2 | General principles, governance, strategy, impacts, risks, opportunities and reporting basis. | Board papers, risk registers, materiality assessment, reporting boundary and controls. |
| ESRS E1 Climate | Transition plans, Scope 1, 2 and 3 emissions, climate risks, targets and energy. | GHG (greenhouse gas) inventory, methodology notes, energy bills, supplier data, targets and transition plan. |
| ESRS E2-E5 | Pollution, water, biodiversity and circular economy. | Site data, permits, waste records, water use, biodiversity screening and resource-flow data. |
| ESRS S1-S4 | Own workforce, value-chain workers, affected communities, consumers and end users. | HR metrics, policies, grievance channels, supplier code, safety data and customer-impact controls. |
| ESRS G1 | Business conduct, corruption, lobbying, payment practices and supplier relationships. | Anti-bribery policy, training records, whistleblowing process, payment data and governance records. |
Not every topic standard requires the same depth of reporting for every company. The double materiality assessment determines which topics are material and therefore need more detailed disclosure. Some disclosures are mandatory regardless of materiality, especially under the general disclosure requirements.
What does a CSRD report actually include?
A CSRD report is not a loose sustainability narrative. It is a structured disclosure that connects sustainability matters to governance, strategy, risk management, policies, actions, targets and metrics. The report sits inside the management report, which means sustainability information becomes part of the annual reporting discipline rather than a separate marketing document.
For most companies, the hard part is not writing the text. It is proving the disclosure. If a company says climate risk is managed by the board, it needs board records. If it reports Scope 3 emissions, it needs a methodology. If it says it has a supplier human-rights policy, it needs the policy, rollout evidence and governance around exceptions.
| Disclosure area | What readers expect | Evidence weakness to avoid |
|---|---|---|
| Governance | Who oversees sustainability matters and how decisions are escalated. | Generic board oversight wording with no minutes, papers or assigned owners. |
| Strategy | How material sustainability issues affect business model, value chain and plans. | A purpose statement that does not connect to risks, opportunities or resources. |
| Impacts, risks and opportunities | Material topics identified through a documented double materiality process. | A matrix with no scoring rationale or stakeholder evidence. |
| Policies and actions | Policies, responsibilities, action plans and progress. | Policies that exist as PDFs but are not implemented, monitored or reviewed. |
| Metrics and targets | Quantitative data, baselines, calculation methods and target progress. | Numbers with no source system, data owner or version control. |
ESRS E1 climate disclosures in plain English
For many companies, ESRS E1 is the most operationally demanding topic standard because it pulls together greenhouse gas accounting, energy use, transition planning, climate risk and target evidence. It is also the area most likely to affect suppliers because large companies often need value-chain data to understand Scope 3 emissions.
A strong ESRS E1 file should explain the organisational boundary, reporting period, emissions factors, Scope 1 and 2 calculations, material Scope 3 categories, exclusions, data quality and any market-based electricity claims. It should also connect the numbers to reduction actions. A footprint with no reduction plan is weak. A target with no baseline is weak. A transition plan with no capex, operating changes or governance is weak.
For suppliers, the practical starting point is simpler: calculate a basic Scope 1 and 2 footprint, screen material Scope 3 categories, document methods honestly and improve data quality over time. That is usually more useful than trying to mimic a full CSRD report before knowing what customers actually need.
Double materiality explained
Double materiality is the concept that makes CSRD different from purely investor-focused reporting. It has two sides.
Financial materiality asks how sustainability issues could affect the company's financial position, performance, cash flows, access to finance or enterprise value. For example, carbon pricing could raise costs, flooding could disrupt operations, or regulation could change product demand.
Impact materiality asks how the company affects people and the environment. For example, the company may have greenhouse gas emissions, pollution impacts, water use, labour risks in the supply chain, consumer safety issues or community impacts.
Under CSRD, companies need to consider both. A topic can be material because it affects the business, because the business affects the outside world, or both. That is why CSRD reporting can cover topics that a traditional finance-only materiality exercise might not capture.
How to run a practical double materiality process
A sensible double materiality process starts with the business model, not with a blank spreadsheet. Map where the company makes money, where it operates, what it buys, what it sells, where its people are, which assets it depends on, and which stakeholders are affected by its activities. Then map possible sustainability impacts, risks and opportunities against that reality.
For each topic, assess severity, likelihood, scale, scope, remediability and financial relevance. The process should be documented because the materiality conclusion itself becomes part of the audit trail. The most common failure is treating materiality as a survey exercise with no evidence behind the scoring.
| Step | Output | Common mistake |
|---|---|---|
| Map activities and value chain | Business model, operations, suppliers, customers and geographies. | Ignoring outsourced or upstream impacts. |
| Identify topics | Longlist of impacts, risks and opportunities mapped to ESRS topics. | Starting from generic ESG themes rather than actual business exposure. |
| Assess materiality | Scored and justified topic list. | No evidence for why a topic was included or excluded. |
| Validate with management | Approved materiality matrix or topic register. | Treating the result as a sustainability-team opinion only. |
| Link to disclosure plan | ESRS data requirements and owners for each material topic. | Stopping at the matrix and not building a reporting workplan. |
What UK companies should check first
For a UK company, the first CSRD question is not "are we sustainable?" It is "what is our EU exposure?" Map EU subsidiaries, EU branches, EU turnover, EU customers, EU listings, EU lenders and EU supply-chain relationships. Then identify whether any group entity could be caught directly or whether major customers will require sustainability data.
UK companies should also watch UK Sustainability Reporting Standards, based on the ISSB (International Sustainability Standards Board) standards, because UK climate and sustainability disclosure may develop separately from CSRD while still overlapping with it. A company can therefore face CSRD-style requests from EU customers, ISSB-style expectations from investors, and Scope 3 data requests from both.
The evidence file companies actually need
CSRD readiness lives or dies on evidence. A company can write a report quickly, but it cannot invent controls, data ownership or methodology notes at the end of the process. Build an evidence file before the reporting timetable becomes urgent.
| Evidence area | Documents and data to gather | Why it matters |
|---|---|---|
| Governance | Board oversight, management responsibilities, committee papers and approval records. | Shows who owns sustainability risks and disclosures. |
| Climate | Scope 1, 2 and 3 inventory, energy data, emissions factors, methodology notes and targets. | Supports ESRS E1 and customer Scope 3 requests. |
| Policies | Human rights, supplier code, anti-bribery, diversity, health and safety, whistleblowing and data protection. | Provides the baseline for social and governance disclosures. |
| Risk management | Risk register, climate risk screening, mitigation actions and owner assignments. | Connects sustainability topics to enterprise risk. |
| Controls | Data owners, source systems, review workflow, sign-off records and version control. | Prepares the report for assurance. |
Assurance: why evidence matters
CSRD brings sustainability reporting closer to financial reporting because disclosures are subject to assurance. Limited assurance does not mean the assurance provider checks every line as if it were a full audit, but it does mean the company needs a credible evidence trail. The assurance provider will want to understand how data was collected, who approved it, what controls exist and whether disclosures are consistent with underlying records.
This is where many sustainability programmes break. A company may have good intentions and strong narrative, but weak controls. If Scope 3 figures are copied from a spreadsheet with no source references, if supplier questionnaires are not version-controlled, or if policies are not linked to implementation records, the reporting process becomes fragile. The earlier those weaknesses are found, the cheaper they are to fix.
| Control question | Why it matters |
|---|---|
| Who owns each datapoint? | Every metric needs a named owner who can explain the source and method. |
| Where is source evidence stored? | Assurance becomes painful if invoices, HR data, supplier responses and calculations are scattered. |
| How are estimates documented? | Estimates are normal, but assumptions, factors and limitations need to be visible. |
| What changed from last year? | Restatements, boundary changes and methodology changes should be explained, not hidden. |
| Who signs off the final disclosure? | Finance, legal, sustainability and operational owners should review the sections they own. |
Tool via The Carbon Workbench
CSRD preparation plan
A practical CSRD programme should be phased. Trying to answer every ESRS datapoint before scoping and materiality is wasteful. Start with scope, then materiality, then evidence, then reporting controls.
Phase 1: scope and governance
Confirm whether the group is directly in scope, indirectly affected or mainly exposed through customers. Assign an executive owner, legal/accounting owner, sustainability owner and data-process owner. Define which entities, subsidiaries and value-chain boundaries are being assessed.
Phase 2: materiality and gap assessment
Run the double materiality assessment, then compare the resulting material ESRS topics with available data. Identify gaps in climate data, supplier information, workforce metrics, controls and policy evidence.
Phase 3: data architecture
Decide where each data point comes from, who owns it, how it is reviewed and how evidence is stored. Do not rely only on one-off spreadsheets if the process needs to repeat annually.
Phase 4: reporting and assurance readiness
Draft disclosures, test the audit trail, check consistency with the annual report, prepare management sign-off and run a pre-assurance review. The aim is to find weak evidence before the assurance provider does.
Common CSRD mistakes
- Using pre-Omnibus scope thresholds without checking the latest position.
- Treating CSRD as a sustainability copywriting exercise rather than a data-control exercise.
- Running double materiality without documenting assumptions and evidence.
- Ignoring value-chain data until customers request it.
- Assuming Scope 3 emissions can be estimated at the last minute.
- Publishing broad climate claims without linking them to targets, transition plans and evidence.
- Leaving finance, legal and internal audit out of the process.
CSRD FAQ
Is CSRD only an EU issue?
No. CSRD is EU law, but it can affect non-EU groups through EU subsidiaries, branches, listings, turnover and customer relationships. UK companies should not assume Brexit removes the issue. The right question is whether the group has enough EU exposure, and whether major customers or investors will ask for sustainability data anyway.
Do SMEs need a full CSRD report?
Most SMEs do not need to publish a full CSRD report. What they may need is a proportionate evidence pack: basic emissions data, policies, governance evidence, supplier controls and a clear explanation of data quality. The VSME standard is designed for this lighter evidence route, especially where customer or lender requests are the trigger.
Is double materiality the same as an ESG materiality matrix?
Not quite. A traditional ESG materiality matrix often ranks stakeholder interest and business importance. CSRD double materiality is more formal. It asks both whether sustainability issues affect the company financially and whether the company affects people or the environment. It also needs documentation and a clear link to ESRS disclosure decisions.
Can a company wait until it knows it is definitely in scope?
Waiting is risky if the business is likely to face customer, lender or investor requests. The sensible low-regret work is to map EU exposure, assign data owners, calculate basic emissions, gather policies and document material sustainability risks. That work remains useful even if the company later confirms it is outside direct CSRD scope.
Related CSRD guides to use next
CSRD is easier to manage when the work is split into linked tasks rather than treated as one reporting project. Start with the CSRD gap analysis checklist to identify missing governance, data and evidence. Use the double materiality assessment guide to decide which topics belong in scope. Build the evidence base with the ESG data room checklist, then use the supplier data collection guide where value-chain emissions or supplier evidence are weak. Smaller companies outside direct scope should also read the VSME guide before turning customer questionnaires into an oversized report.
Companies comparing UK and EU disclosure paths should also read the UK SRS and IFRS S2 guide. The regimes are not identical, but the underlying discipline is similar: governance, materiality, data quality, controls and source-backed disclosure. Reading the linked guides together turns CSRD from a long acronym into a sequence of practical decisions.
Useful source links
- European Commission: corporate sustainability reporting
- European Commission: CSRD implementing and delegated acts
- Council of the EU: 2026 simplification approval
- EFRAG: sector-agnostic ESRS
- EUR-Lex: Directive (EU) 2022/2464
Bottom line
CSRD has become narrower than originally planned, but it is still a serious reporting regime for large companies and a commercial data requirement for many suppliers. The smart approach is proportionate readiness: confirm scope, document double materiality, build a clean evidence file, and make climate and ESG data repeatable before reporting pressure arrives.