CSRD guide 2025-2026: obligations, deadlines and ESRS

The CSRD framework for 2025-2026 is no longer a future obligation for large companies — wave 1 companies are already reporting, wave 2 companies have their infrastructure build window closing, and the EU Omnibus simplification proposals have created uncertainty that requires careful monitoring without using it as a reason to pause preparation.

This guide maps the current CSRD obligations as of 2025-2026: who is in scope, which ESRS standards apply, what the assurance requirements are, and how the Omnibus proposals affect your specific situation. It’s designed for finance, legal, and sustainability teams who need operational clarity, not a policy overview.

Which companies are required to report under CSRD

CSRD dramatically expands the number of companies required to report sustainability. It no longer only affects large listed corporations, but a much broader spectrum of organizations.

Large companies (the bulk of those obligated)

All companies that meet at least two of these three criteria are obligated:

• ≥ 250 employees (average workforce)
• ≥ 40 million € in net turnover annually
• ≥ 20 million € in total assets on the balance sheet

These conditions define "large companies" in the EU, including both private and listed companies. It's estimated that around 50,000 companies in the EU fall within this scope.

Listed companies (including SMEs)

All companies listed on EU regulated markets will be subject to CSRD, regardless of their size (except micro-enterprises).

This includes listed SMEs, although certain reliefs and simplified standards are provided for them.

Third-country companies with EU presence

The directive also reaches non-European business groups with substantial activities in the EU.

Specifically, any company from a third country that:

• Generates more than 150 million € annually in revenues in the EU, and
• Has at least one large or listed subsidiary in the EU (or a branch with >40M€ in business)

...must prepare a consolidated sustainability report of its EU operations according to CSRD standards.

Implementation calendar: when CSRD comes into force

CSRD implementation is phased, with different dates depending on the type and size of company. Here's the updated calendar after the 2025 modifications:

Phase 1: Large public interest companies (already in force)

Affected companies: Large listed or financial companies with >500 employees (already subject to the previous NFRD directive)

• First covered fiscal year: 2024
• Publication of first report: 2025

These companies are already reporting under CSRD since fiscal year 2024.

Phase 2: Other large companies (POSTPONED)

Affected companies: Other large EU companies (≥250 employees, ≥€40M turnover, ≥€20M assets)

• Original calendar: Fiscal year 2025 (report in 2026)
• Revised calendar after "stop-the-clock": Fiscal year 2027 (report in 2028)

The "stop-the-clock" Directive approved in April 2025 postponed the entry into force by two years for these companies, giving them more preparation time.

Phase 3: Listed SMEs (POSTPONED)

Affected companies: Small and medium-sized companies listed on regulated markets (excluding micro-enterprises)

• Original calendar: Fiscal year 2026 (report in 2027)
• Revised calendar: Fiscal year 2028 (report in 2029)

Listed SMEs also benefited from the two-year postponement and will be able to use a simplified standard (VSME).

Important note: There are proposals under negotiation (Omnibus I) to exclude companies between 250 and 1,000 employees from the mandatory scope, but as of late 2025 these modifications are not yet in force.

Phase 4: Third-country companies

Affected companies: Non-EU groups with revenues >€150M in the EU and significant subsidiaries/branches

• First covered fiscal year: 2028
• Publication of first report: 2029

This calendar remains unchanged from the original plan.

ESRS standards: the technical framework for ESG reporting

To comply with CSRD, companies must report following the European Sustainability Reporting Standards (ESRS) developed by EFRAG (European Financial Reporting Advisory Group).

ESRS are a set of technical standards that specify in detail what ESG information must be disclosed and how. Their objective is to standardize reporting in the EU, providing comparability and rigor.

ESRS structure: 12 standards in total

The first set of ESRS consists of 12 standards, divided into two categories:

Cross-cutting standards (2 general standards)

ESRS 1 – General Requirements: Defines how to perform the double materiality assessment and other reporting principles that all companies must follow.

ESRS 2 – General Disclosures: Specifies mandatory disclosures on sustainability governance, business model, strategy, materiality processes, policies, and management systems.

These two standards establish the common basis that all companies must comply with, regardless of their sector or specific situation.

Topical standards (10 specific standards)

The 10 topical standards cover environmental, social, and governance areas. Companies must apply them only if they consider the topic material after their double materiality analysis.

Environmental Standards (ESRS E1 to E5):

• ESRS E1 – Climate Change: Mitigation and adaptation, GHG emissions (scopes 1, 2, 3), energy consumption, decarbonization strategies, and climate transition plans
• ESRS E2 – Pollution: Air, water, and soil pollution; pollutant emissions, hazardous substance management
• ESRS E3 – Water and marine resources: Water extraction and consumption, discharges, impact on marine resources
• ESRS E4 – Biodiversity and ecosystems: Impact on biodiversity, habitat loss, ecosystem services
• ESRS E5 – Circular economy: Raw material use, waste generated, recycling and reuse strategies

Social Standards (ESRS S1 to S4):

• ESRS S1 – Own workforce: Working conditions, wages, health and safety, training, equality, diversity, gender pay gap
• ESRS S2 – Workers in the value chain: Working conditions and human rights of suppliers and contractors
• ESRS S3 – Affected communities: Impact on local communities, respect for economic, social, and cultural rights
• ESRS S4 – Consumers and end-users: Product safety, data protection, responsible marketing, accessibility

Governance Standards (ESRS G1):

• ESRS G1 – Business conduct: Corporate culture, ethics, prevention of corruption and bribery, whistleblower protection, business partner relations, lobbying, animal welfare

Flexibility based on materiality

Companies can omit information from a standard if they conclude the topic is not material, although they must briefly explain that conclusion.

The only significant exception is ESRS E1 (Climate Change): if considered non-material, an explicit and detailed justification is required.

Relief measures for the transition

To facilitate adoption, the regulation provides for gradual phases in the first years:

• Companies with <750 employees can omit Scope 3 emissions and certain workforce data in their first year
• In the first two years, companies can omit detailed information on biodiversity (E4) and workers in the value chain (S2)
• During the first year, qualitative descriptions of anticipated financial effects of climate change are allowed

What practical information needs to be reported

Under CSRD, companies must collect a wide variety of quantitative and qualitative data on their ESG impacts, risks, and performance. Let's see what each dimension includes:

Environmental Dimension: your footprint and approach to environmental sustainability and environmental management

Emissions and climate:

• GHG emissions detailed by scopes (1, 2, and 3)
• Energy consumption and energy efficiency measures
• Climate neutrality transition strategy
• Analysis of climate risks and opportunities (aligned with TCFD)

Pollution and resources:

• Pollutant emissions to air and water discharges
• Hazardous waste management
• Water resource use (extraction, recycling, impact on basins)
• Percentage of reused or recycled materials

Biodiversity:

• Operations in or near protected areas
• Impact on ecosystems and species (deforestation, land use)
• Restoration or compensation initiatives

Examples of specific indicators: Tons of CO₂ emitted, carbon footprint per revenue unit, energy intensity, volume of recovered waste, water consumption by source.

Social Dimension: impact on people

Internal labor practices:

• Number of employees (broken down by contract type, gender, location)
• Equality and diversity policies (women in management, gender pay gap)
• Training and professional development (training hours)
• Occupational health and safety (accident rates)
• Working conditions (schedules, work-life balance, living wage)

Supply chain:

• Supplier monitoring on labor rights
• Audits of critical suppliers
• Prevention of child labor and forced labor
• Safe conditions and living wage in the chain

Local communities:

• Impacts of operations on communities
• Social investments and public consultations
• Management of displacements or impacts

Customers and consumers:

• Product and service safety
• Personal data protection and cybersecurity
• Responsible advertising
• Access for vulnerable groups

Examples of indicators: Employee injury rate, proportion of critical suppliers evaluated on social matters, number of customer complaints related to privacy.

Governance Dimension: ethics and transparency

Sustainability governance:

• ESG governance structure and roles (committees, responsible persons)
• Frequency of Board discussions
• ESG competencies of management
• Linking management remuneration to ESG objectives

Corporate ethics:

• Anti-corruption and anti-bribery policies
• Code of ethics and compliance training
• Internal controls to prevent fraud
• Detected corruption incidents and investigations

Integrity and transparency:

• Confidential whistleblowing channels
• Whistleblower protection
• Tax policy and country-by-country reporting
• Lobbying activity and political contributions

Third-party management:

• Supplier ethics monitoring
• Anti-corruption practices in contracts with third parties
• Average payment times to suppliers

How to prepare for CSRD compliance

Complying with CSRD is not a one-time procedure, it's a structural change in how companies manage and communicate their ESG information. Here are the keys to prepare:

1. Conduct a double materiality analysis

The first step is to identify which ESG topics are material for your company from both perspectives (impact and financial).

This analysis will determine which ESRS standards you must apply in depth and allows you to prioritize data collection efforts.

2. Map and centralize ESG data sources

You need to identify where the data is (ERP systems, CRM, spreadsheets, suppliers) and establish processes to consolidate it in an automated and traceable way.

This is where a platform like Dcycle makes the difference. Instead of working with multiple dispersed tools, we centralize all ESG information in a single system that:

• Integrates directly with your data sources
• Automates collection and normalization
• Keeps data updated in real-time
• Ensures complete traceability for audits

3. Implement automated reporting systems

The days of manually compiling ESG reports are over. You need a solution that:

• Automatically generates reports according to applicable ESRS
• Adapts the format to each standard (CSRD, but also SBTi, EU Taxonomy, ISOs)
• Guarantees coherence and consistency in information
• Prepares the required XHTML digital format with tagging

4. Prepare for external verification

Remember that the CSRD report must be audited by an independent third party. This means your data must be:

• Documented: with clear evidence of each metric
• Traceable: with a complete audit trail
• Verifiable: with internal quality control processes

5. Train teams and assign responsibilities

ESG management is not just for the sustainability department. It involves:

• Legal and compliance
• Finance and accounting
• Human resources
• Operations and supply chain
• General management

Everyone must understand their responsibilities in collecting and validating ESG data.

CSRD 2025-2026: What to Prioritise Right Now

ESRS Applicability: Mandatory vs Voluntary

Not all ESRS standards are mandatory for all companies. Cross-cutting standards ESRS 1 and ESRS 2 are mandatory. Topical standards (E1-E5, S1-S4, G1) apply only if material. The first operational step is mapping which topical standards your double materiality assessment triggers — this determines your actual disclosure scope and data requirements.

Assurance: What Limited Assurance Actually Requires

Limited assurance under CSRD is not the same as reading your sustainability report. Auditors will test: the double materiality process and its documentation, controls over data collection and calculation, traceability from source to published figure, and consistency with financial statements. Companies treating assurance as a final review rather than a design constraint will face observations in year one.

Value Chain Data: The 3-Year Relief and Its Limits

CSRD allows companies to explain gaps in value chain data during the first three years, but requires documenting the gap, the effort made to close it, and the roadmap. This is not permission to skip Scope 3 — it’s permission to be incomplete with explanation. Build your Scope 3 data collection programme now so the gap shrinks each year.

Why Dcycle is the most efficient solution for CSRD compliance

When we talk about implementing CSRD, the difference between complying on time or being late is not only in understanding the regulation, but in having the right infrastructure to manage the data.

And that's where Dcycle stands out as the most agile and automated alternative.

One platform, all standards

We are not consultants who help you occasionally. We are a complete SaaS platform that:

• Centralizes all your ESG data in a single system
• Automates collection from your data sources (ERP, CRM, spreadsheets)
• Structures information automatically to comply with CSRD, ESRS, SBTi, EU Taxonomy, ISOs...
• Generates audit-ready reports without manual processes

Ready for CSRD from day one

While other solutions require complex implementations or custom developments, with Dcycle:

• You're operational in a matter of minutes
• You don't need constant external consulting
• All departments work on the same reliable database
• Data is always updated and traceable

Beyond compliance: strategic sustainability

CSRD shouldn't just be a formality. We help you turn ESG data into a competitive advantage:

• Anticipate future regulations
• Improve your operational performance based on real data
• Strengthen your position with investors, clients, and administrations
• Make strategic decisions with reliable information

In summary: if you don't measure well, you can't comply well. And if you don't comply with agility, you lose competitive advantage.

With Dcycle, ESG management stops being a burden and becomes a business lever.

Frequently Asked Questions (FAQs)

Is my company required to report under CSRD?

You are obligated if you meet at least two of these criteria:

• ≥ 250 employees
• ≥ 40 million € in annual turnover
• ≥ 20 million € in assets

Also if you are a listed company (including listed SMEs, except micro-enterprises) or if you are a non-EU group with >150M€ in EU revenues and significant subsidiaries/branches.

When do I have to start reporting?

It depends on your category:

• Large listed companies (>500 employees): Already since 2024 (report in 2025)
• Other large companies: Fiscal year 2027 (report in 2028) after postponement
• Listed SMEs: Fiscal year 2028 (report in 2029)
• Third-country companies: Fiscal year 2028 (report in 2029)

What happens if I don't comply with CSRD?

Non-compliance can result in:

• Administrative sanctions from national regulators
• Loss of access to financing (many investors and banks require ESG compliance)
• Significant reputational damage
• Exclusion from public tenders (increasingly linked to ESG criteria)

Do I need an external audit of the CSRD report?

Yes, it's mandatory. The sustainability report must undergo verification by an independent auditor or reviewer, with at least a limited assurance level (similar to a limited review of financial statements).

Can I use a simplified standard if I'm an SME?

Listed SMEs will eventually be able to use the voluntary VSME standard (more simplified), although they must comply with the complete ESRS unless there are future regulatory changes.

Non-listed SMEs are not obligated by CSRD, but can use VSME voluntarily if they wish (or if their clients request it).

How does CSRD relate to other frameworks like GRI or SASB?

ESRS have been designed to be interoperable with other international frameworks (GRI, SASB, TCFD, GHG Protocol). In many cases, if you already report under GRI or SASB, you'll have much of the work advanced.

However, ESRS are more comprehensive and have specific requirements (such as double materiality and digital format) that other frameworks don't require.

What data is most difficult to obtain for CSRD?

The areas that usually present the most challenges are:

• Scope 3 emissions (complete value chain)
• Supplier data on social and environmental aspects
• Biodiversity impacts (requires geospatial analysis)
• Anticipated financial effects of ESG risks
• International subsidiary data if not centralized

That's why it's essential to have a platform that automates collection and allows managing the complexity of multiple sources.

Can Dcycle help me comply with CSRD?

Absolutely. Dcycle is specifically designed to:

• Centralize all your ESG data automatically
• Structure information according to ESRS without manual work
• Generate audit-ready CSRD reports
• Maintain complete traceability of each data point
• Scale as your ESG maturity grows

You don't need external consultants or custom developments. With Dcycle, you have total control of your ESG information from day one.