Preparing for Mandatory Sustainability Reporting

In recent years, the European Union (EU) has been at the forefront of environmental regulation and policy actions aimed at mitigating climate change. In this regard, two of the most important policy changes that entities should be aware of are CSRD and ESRS, which we will discuss in this article.

CSRD and ESRS form part of a broader European regulatory landscape that aims to accelerate a green and just transition. These measures were triggered by the European Green Deal, a set of policy initiatives with the overarching aims of making the EU climate neutral by 2050, to decouple economic growth from resource use and to ensure that no person and no place are left behind.

What is CSRD?

CSRD stands for Corporate Sustainability Reporting Directive, an EU Directive that came into force on January 5, 2023. The aim of the Directive is to strengthen standards regarding how organisations report their environmental, social and governance (ESG) information. Furthermore, it aims to introduce a comprehensive and standardised means for entities within scope to disclose information regarding the sustainability-related impacts of their activities and thereby provide increased transparency to investors, funding bodies and institutions, consumers, the general public and other stakeholders on the impact their entities have on people and the environment.

The CSRD builds on the existing requirements of the Non-Financial Reporting Directive (NFRD) by expanding the number of entities required to mandatorily report on sustainability matters and to increase the level of information and disclosures required to be reported.

All EU member states have been given a maximum of 18 months to incorporate the provisions of the European CSRD into their national law.

What is ESRS?

ESRS stands for European Sustainability Reporting Standards. The European Commission adopted these standards on 31st July 2023. The ESRS are the sustainability reporting standards that entities subject to the CSRD will be required to apply.

The standards address a wide range of environmental, social, and governance challenges. Initially, the ESRSs consist of 12 standards including:

  • 2 cross-cutting standards
    • ESRS 1 General Requirements and ESRS 2 General Disclosures
  • 5 sector agnostic environment standards
    • ESRS E1 Climate Change
    • ESRS E2 Pollution
    • ESRS E3 Water and Marine Resources
    • ESRS E4 Biodiversity and Ecosystems
    • ESRS E5 Resource Use and Circular Economy
  • 4 sector agnostic social standards
    • ESRS S1 Own Workforce
    • ESRS S2 Workers in the Value Chain
    • ESRS S3 Affected Communities
    • ESRS S4 Consumers and End Users
  • 1 sector agnostic governance standard
    • ESRS G1 Business Conduct

Other ESRSs including sector-specific standards, SME proportionate standards and third-country company standards are expected to follow in the coming years.

The ESRSs are comprehensive in scope and require entities to rethink their reporting and sustainability strategies, resulting in significant changes to how entities will report on their ESG impacts going forward.

These new reporting requirements for entities will be phased in over time.

What is the CSRD Implementation Timeline?

Entities will come within the scope of the CSRD in four waves depending on the size and nature of the entities and the effective dates for reporting are as follows:

FY 2024 (Report in FY 2025)

  • Large undertakings and large groups with more than 500 employees that have securities listed on an EU-regulated market (i.e. Listed PIEs)
  • All entities currently subject to NFRD
  • Non-EU companies that have securities listed on an EU-regulated market and who meet the above criteria

FY 2025 (Report in FY 2026)

  • EU PIEs with less than 500 employees
  • All other large undertakings and large groups

FY 2026 (Report in FY 2027)

  • SMEs listed on an EU-regulated market
  • Certain small and non-complex institutions
  • Captive insurance undertakings

Note however that listed SMEs may opt out until years commencing January 1, 2028 and separate disclosure standards are expected to be developed for these SMEs.

FY 2028 (Report in FY 2029)

  • Ultimate non-EU parent companies who have generated net turnover of greater than €150m in the EU for each of the last 2 consecutive years and who have at least either a large subsidiary in the EU or an EU branch generating a net turnover of greater than €40m in the preceding year

Note however that separate disclosure standards are expected to be developed for ultimate non-EU parent companies.

What is a large undertaking?

Currently a large undertaking is defined as a large EU company or an EU company that is a parent of a large group where at least two of the following three criteria are exceeded on two consecutive balance sheet dates:

  • > 250 average number of employees in the financial year
  • > €40 million turnover
  • > €20 million total assets

How many entities are expected to be subject to CSRD?

It is currently estimated that approximately 49,000 entities will be subject to CSRD across the EU. This is a significant increase on the estimated 11,000 entities currently subject to NFRD.

What is the scope of the sustainability reporting requirements?

  • Entities in scope will be required to report on a double materiality basis. This means that entities will have to disclose not only the impacts on financial performance they face from a changing climate and other ESG matters (i.e. financial materiality), but also the impacts they themselves may have on the environment and society (i.e. impact materiality). If a matter is material from either viewpoint then an entity must disclose it.
  • The type of sustainability information that each entity will be required to disclose will depend on the specific circumstances and characteristics of each entity and their activities. However, generally entities will be required to disclose information on governance, climate, strategy, management of risks and opportunities, and various metrics and targets related to ESG matters.
  • Entities within the scope of CSRD will automatically also be in scope of Article 8 of the EU Taxonomy Regulation which requires reporting in respect of three KPIs and for eight qualitative disclosures to be made.
  • Entities will also have to consider and provide ESG information in respect of their entire value chain. However, to assist entities with the transition to the new requirements, for the first three years of reporting, where all reportable information on the value chain is not available, entities may elect to explain the efforts made to obtain this information, the reasons why the information could not be obtained and the plans the entity has to obtain the information in the future.

Where should entities report the required ESG information?

The information required by the ESRSs should be reported within the Directors’ Report and published with the entity’s annual financial statements.

In what format should entities report?

Entities must report sustainability information in a format that is both human readable and machine readable. Reports will have to be created in accordance with the European Single Electronic Format and be electronically tagged.

Is independent third-party assurance mandatory?

The assurance of ESG information by an appropriately qualified third party (which subject to national law options may include statutory auditors and other assurance service providers) is mandatory for those entities that fall within the scope of CSRD. Initially the level of assurance to be provided will be limited but over time the aim is for the level of assurance required to move to reasonable i.e. similar to the level of assurance currently required in respect of the annual audit of financial statements.

In order for an assurance provider to be able to provide an assurance opinion it will be crucial for the ESG data reported by entities to be verifiable. Similar to financial reporting, entities will therefore need to establish sound control frameworks over the capture and reporting of ESG data. A core element of this will be the establishment of effective ESG governance structures and the tone from the top. Roles and responsibilities of all involved in collecting ESG data will need to be clearly defined, where the data is stored and / or who holds the data (internally or externally) will need to be identified, systems for the collection and processing of the data will need to be determined, implemented and controlled and the data will ultimately need to be validated internally in the first instance before it is submitted to the assurance provider for audit.

If you require further information in relation to sustainability and future reporting requirements, please reach out to Natalie Kelly (Partner, Audit & Assurance), Fiona O’Sullivan (Director, Risk Consulting) or Ciara Long (Senior Associate, Audit & Assurance) for assistance.