The Corporate Sustainability Reporting Directive

The Corporate Sustainability Reporting Directive (EU) 2022/2464 (CSRD) came into force on 5 January 2023. It requires companies to provide information regarding their sustainability strategy, and environmental, social, and governance issues. This information includes, for example

  • The company's sustainability objectives, strategies, and policies
  • The main risks to which the company is exposed in relation to sustainability issues
  • The due diligence process in place for identifying and handling sustainability issues
  • The primary actual or potential adverse impacts (Principal Adverse Impacts) relating to the company's value chain, the measures taken to prevent any actual or potential adverse impacts, and the outcome of those measures
  • The role of administrative, management and supervisory bodies in relation to sustainability issues

The European Financial Reporting Advisory Group (EFRAG) has been appointed technical advisor to the European Commission and is responsible for developing the European Sustainability Reporting Standards (ESRS). The first set of ESRS was approved by EFRAG on 15 November 2022 and consists of 12 intersectoral standards. The Commission now has to adopt the ESRS drafts or revise them before they can be applied to companies under the scope of the CSRD.

The CSRD goes further than the existing Non-Financial Reporting Directive (NFRD) and will extend its reach over four stages to apply to the following businesses:

  • As of 1 January 2024: all EU companies that are already subject to the NFRD, and non-EU companies listed on a regulated market in the European Union within the definition of large companies (see below) but with more than 500 employees
  • As of 1 January 2025, all EU companies regardless of capital market orientation, that exceed two of the following three size criteria (large companies):
    Annual average of 250 employees
    A balance sheet total of more than ?20 million
    Annual revenue of more than ?40 million
  • As of 1 January 2026, all small and non-complex credit institutions and captive insurance undertakings; and listed small and medium-sized enterprises (SMEs), including non-EU companies listed on a regulated market in the European Union, with the exception of micro-companies. According to Directive 2013/34/EU, companies are considered "small" rather than "micro" if they exceed two of the following criteria:
    10 employees
    ?350,000 balance sheet total
    ?700,000 net revenue.
  • As of 1 January 2028, non-EU companies with annual net revenue at the consolidated or individual level in the European Union of more than ?150 million for each of the last two consecutive financial years, and at least one subsidiary (either a large EU company or an SME) or an EU branch that generated an annual net revenue over ?40 million in the preceding financial year

The NFRD rules will continue to apply to companies until the relevant stage of the CSRD comes into effect. Reporting at group level will still exempt the subsidiaries from their own reporting obligations, as long as the subsidiary refers to the group report.

Reports must be provided in a machine-readable format that will support the tagging of sustainability information in the future. This is also intended to establish compatibility with a European Single Access Point-a central register for digitally prepared reports-that is yet to be developed. The sustainability information must also be externally verified, initially with limited assurance.

The CSRD outlines minimum penalties for non-compliant companies, and provides a process for the investigation, but the Member States are left to determine the actual penalties for violations.

Corporate Sustainability Due Diligence Directive

In February 2022, the European Commission adopted a proposal for a Directive on Corporate Sustainability Due Diligence (CSDDD). The stated aim of this Directive is to

  • Encourage sustainable and responsible corporate behaviour
  • Anchor human rights and environmental considerations in companies' operations and corporate governance
  • Ensure companies address the adverse impacts of their actions, including in their value chains inside and outside Europe.

The legislative proposal is currently making its way through the European Parliament committee process and receiving comments and amendments.

The Directive is intended to harmonise rules across the EU Members States, as binding due diligence legislation has already been implemented in France (Loi de Vigilance, 2017) and Germany (the Lieferkettensorgfaltspflichtengesetz, 2021).


Under the proposal, the Directive will apply to EU companies that meet one of the following criteria:

  • More than 500 employees on average and a net worldwide turnover of more than ?150 million in the last financial year
  • More than 250 employees on average and a net worldwide turnover of more than ?40 million in the last financial year, provided that at least 50% of this net turnover was generated in one or more of the sectors identified as high-impact, such as
    Textile manufacturing
    Agriculture, forestry, and fisheries
    The extraction, wholesale, and processing of mineral resources.

The Directive will also apply to companies outside the European Union that either

  • Generated an EU net turnover of more than ?150 million in the financial year preceding the last financial year; or
  • Generated an EU net turnover of between ?40 million and ?150 million in the financial year preceding the last financial year, provided that at least 50% of that net worldwide turnover was generated in one high impact sector.


The Directive takes a somewhat soft approach as initially it will simply require companies to implement certain procedures, in particular

  • Identifying actual or potential adverse impacts (Article 6)
  • Preventing and mitigating potential adverse impacts, bringing actual adverse impacts to an end, and minimising their extent (Articles 7 and 8)
  • Establishing and maintaining a complaints procedure (Article 9)
  • Monitoring the effectiveness of due diligence policies and measures (Article 10)
  • Publicly communicating this due diligence (Article 11).

The legislation does not provide for directly regulating, sanctioning, or stopping any behaviour that may be identified as problematic as the result of the mandatory due diligence process. The requirements under Articles 7 and 8 will, however have a significant impact on companies.

These Articles require companies to follow a path of escalating measures with regard to identifying potential adverse human rights or environmental impacts, including the development and implementation of a prevention action plan, and seeking contractual assurances from direct business partners and subsequent monitoring. The Directive prioritises engagement with the problematic aspect of a value chain over termination. The CSDDD takes into account the indirect nature of business relationships with third party suppliers, but expects that a company is able to stop actual adverse impacts in its own operations and in subsidiaries.

Companies will have to show that they are establishing dedicated compliance functions to monitor the implementation and effectiveness of their due diligence measures. These measures will need to include periodical assessments of the operations of subsidiaries and established business relationships, creating a link with the CSRD.


The CSDDD is expected to be enforced through public supervision and private litigation and contract law.

EU Member States will be required to establish supervisory authorities to carry out investigations on their own initiative or based on substantiated complaints, and must provide for effective sanctions for infringements.

As part of the drive to minimise harmful behaviour, Member States must permit the termination of contracts and allow victims to sue for compensation of adverse impacts. The Directive also provides for the development of model contracts to help companies shape their contractual relationships.

Member States will be required to provide rules governing the civil liability of companies for damages arising as a result of their failure to take reasonable steps to reduce harmful practices. And, although the draft Directive currently stops short of resolving questions on what constitutes reasonably adequate measures, it takes account of the fact that they will arise.

National legislation will also have to modify rules on the duty of care of managing directors, as the responsibility for due diligence will be assigned to the company's directors.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.