Corporate Sustainability Reporting Directive (CSRD)

What Is the Corporate Sustainability Reporting Directive?

The Corporate Sustainability Reporting Directive (CSRD), formally known as EU Directive 2022/2464, is a cornerstone of the EU’s Sustainable Finance Agenda and the European Green Deal. Its aim is to transform corporate sustainability disclosure from a largely voluntary exercise into a regulated reporting framework with rigor comparable to that of financial reporting.

Companies in scope must publish annual sustainability reports covering environmental, social, and governance (ESG) matters in accordance with the European Sustainability Reporting Standards (ESRS), developed by the European Financial Reporting Advisory Group.

The CSRD replaced the Non-Financial Reporting Directive (NFRD), significantly expanding the scope of covered companies and the depth of required reporting. Compared to the NFRD’s 11,000 large public-interest entities, the CSRD’s original scope included roughly 50,000 companies, although its subsequent Omnibus I amendments reduced this number considerably.

Omnibus I raised the scope thresholds substantially, removing requirements for sector-specific reporting standards, simplifying assurance requirements, and introducing a value-chain cap that limits the information large companies can demand from small suppliers.

The CSRD was adopted by the European Parliament and Council of the EU on the 14th of December 2022. It went into effect on the 5th of January 2023, with its Omnibus I amendment entering into force on the 18th of March 2026. Member States have until 19 March 2027 to transpose the CSRD-related Omnibus I provisions into national law.

The CSRD directly complements the Corporate Sustainability Due Diligence Directive (CSDDD). Where the CSRD requires companies to report on sustainability matters, the CSDDD obliges them to act, identifying, preventing, and remediating actual and potential human rights and environmental impacts across their operations and value chains. 

Who Is Responsible for the Corporate Sustainability Reporting Directive?

The enforcement of the CSRD sits entirely at the national level. Each Member State must designate competent authorities responsible for supervising compliance, defining penalties, and granting investigative powers to ensure that covered companies prepare and file sustainability reports in accordance with the directive and the ESRS.

At the EU level, the European Commission oversees transposition, adopts delegated acts such as the ESRS, and monitors Member States’ implementation. The European Financial Reporting Advisory Group (EFRAG) develops and maintains the ESRS and supporting guidance, although it is not an enforcement body.

What are the Possible Penalties Under the CSRD?

The CSRD does not prescribe penalties at the EU level. While Omnibus I capped financial penalties at 3% of net worldwide turnover, enforcement and sanctions are set by individual Member States during transposition, meaning penalties vary considerably across jurisdictions. This requires organizations to assess exposure on a case-by-case basis.

Penalties for non-compliance must be effective, proportionate, and dissuasive, and responsible authorities must have the power to require cessation of non-compliant conduct, issue public notices, and impose penalties.

France, the first country to transpose the CSRD, established financial penalties of up to €18,750 for failure to publish a sustainability report. Obstructing an assurance audit or failing to appoint an accredited third-party auditor can result in exclusion from public procurement and criminal penalties, including fines of up to €375,000 and up to five years' imprisonment.

The Czech Republic introduced fines of up to 3% of a company's total assets for failing to submit a sustainability report, which is one of the more stringent approaches among early adopters. Meanwhile, other jurisdictions, such as Germany and the Netherlands, are still finalizing their national transposition frameworks, with penalties yet to be established.

What Does the CSRD Require?

Under the CSRD, as amended by Omnibus I, the companies required to comply with the directive starting on, or from the financial years after the 1st of January 2027, include:

• EU undertakings with an average of over 1,000 employees and an annual net turnover of more than 450 million EUR.
• Non-EU issuers listed on EU-regulated markets meeting the same thresholds on a consolidated basis.
• Non-EU parent companies generating over 450 million EUR in EU net turnover with an EU subsidiary or branch generating more than 200 million EUR.
• Large public-interest entities already reporting under the original CSRD thresholds.

Organizations already subject to the EU Whistleblower Directive must provide evidence of the robustness of their reporting and grievance mechanisms as part of their CSRD disclosures, which cover topics such as business conduct, anti-bribery, and internal controls.

Why Is the CSRD Important?

The CSRD represents a structural shift in how large EU companies and EU-based multinationals are held accountable for their environmental and social impacts. By requiring sustainability disclosure under audited, standardized frameworks, the directive aims to close the gap between what companies say about their sustainability and what they actually do.

For investors, lenders, and business partners, this creates a new layer of reliable information for decision-making. Large companies that cannot withstand audit scrutiny expose themselves to regulatory sanctions, reputational damage in capital markets, and exclusion from procurement processes where sustainability credentials are increasingly required.

How Does FaceUp Help Comply with the CSRD?

The CSRD does not directly require organizations to operate a whistleblowing platform. However, the directive’s governance and business conduct reporting requirements on anti-corruption, business ethics, and internal controls require companies to demonstrate that they have functioning mechanisms to identify and address misconduct.  

FaceUp helps organizations comply with the CSRD and the EU Whistleblower Directive by providing easy-to-use anonymous reporting channels and a centralized case management system with audit-ready logs that support auditors, employees, and internal compliance teams.