What Companies Must Report Under CSRD in 2025

Key Takeaways

• CSRD expands ESG reporting to 50,000+ companies.
  
• ESRS introduces detailed, standardized disclosure rules.
  
• Double materiality is now the foundation of ESG reporting.
  
• Reports must include Scope 3, supply chain, and value chain data.
  
• External assurance and digital tagging are mandatory.
  
• Early action on data and materiality is essential for compliance.

The ESG playbook just changed.

In 2025, reporting is no more a branding exercise. It’s regulated. Auditable. Mandatory.

The Corporate Sustainability Reporting Directive (CSRD) has replaced the outdated NFRD. The scope? Wider. The detail? Deeper. The consequences? Real. 

Over 50,000 companies—including many headquartered outside the EU are now required to disclose not just what they emit, but what climate risk means for their bottom line.

Yes, that does mean more paperwork. But it’s also a credibility reset.

For years, companies have set targets with no audits. Published reports no one verified. Framed ESG as ambition, not obligation.

That era is closing.

This blog unpacks what’s changing, how the ESRS standards work, and why double materiality is a mental shift most teams aren’t ready for. Miss the shift, and you risk fines, losing investor confidence, supply chain access, and regulatory standing.

What’s Changing: The CSRD and ESRS in Focus

The rules have changed and they’re not only stricter, but also structural.

In 2025, CSRD and ESRS define a new baseline for ESG reporting across the EU and beyond. They don’t just ask what you’re doing. They demand to know how you know it, what it impacts, and whether it holds up under audit.

Together, CSRD and ESRS form a mandatory, detailed, and enforceable reporting regime that marks the end of discretionary sustainability disclosures.

a. The CSRD: Enforcement Meets Expectation

The Corporate Sustainability Reporting Directive (CSRD) replaces the outdated NFRD and casts a much wider net. Roughly 50,000 companies fall under its scope, including non-EU companies with significant EU activity. 

For instance, companies with EU subsidiaries or branches exceeding €150 million in net turnover will be required to report starting in 2029.

But it’s not just who it affects, as it’s also about what it demands:

• ESG data must be included in the management report, subject to audit—not tucked into a standalone sustainability PDF.
  
• Reports must reflect performance across the entire value chain, including Scope 3 emissions, supply chain risks, and upstream/downstream impacts.
  
• The directive requires integrated, verifiable data—not estimates, not summaries, and not marketing spin.

This is a shift from reporting as storytelling to reporting as evidence.

b. The ESRS: The New Reporting Grammar

If CSRD sets the mandate, ESRS defines the language.

Developed by EFRAG, the European Sustainability Reporting Standards break ESG into detailed, sector-neutral standards across environmental, social, and governance themes. These aren’t broad frameworks—they’re built on structured KPIs across 12 core areas, covering:

• Environment (E1–E5): Climate change, pollution, water, biodiversity, circularity
  
• Social (S1–S4): Workforce, supply chain labor, affected communities, end users
  
• Governance (G1): Business conduct, ethics, and more
  

Each standard links directly to other EU frameworks like the EU Taxonomy and SFDR, creating a tightly interconnected disclosure landscape.

The challenge is interpreting these requirements and also operationalizing them.

A recent survey showed that 83% of companies struggle to collect accurate CSRD data, and 29% feel unprepared for ESG data audits. The scale and complexity of ESRS disclosures demand digital infrastructure, not manual patchwork. Many firms simply aren’t equipped yet.

What this means for business leaders: For you it means mobilizing finance, legal, compliance, IT, and sustainability around a common reporting standard.

The Most Misunderstood Part of CSRD: Double Materiality

The biggest shift under CSRD and ESRS isn’t the volume of data. It’s the mindset behind it.

For companies used to financial-only reporting, double materiality can feel like a curveball. But it’s not optional and it’s not abstract.

This concept is the foundation of the entire ESRS framework. It determines what you report, how you prioritize, and whether your disclosures pass assurance.

What It Means in Practice

Double materiality requires businesses to assess ESG topics through two lenses, not one:

• Impact Materiality (inside-out): How your company affects people, the environment, and society. Think carbon emissions, deforestation, labor rights, water use, and more.
  
• Financial Materiality (outside-in): How environmental and social issues impact your company’s financial health—through regulation, physical climate risk, reputation damage, or supply chain disruption.
  

Under CSRD, you must report on any topic that’s material from either perspective. Not both. Not optional. And not vague.

Why It Matters

This acts as the gatekeeper for everything else.

Your double materiality assessment determines which parts of the ESRS you report on. Get it wrong, and you risk disclosing too little or wasting resources on areas that don’t align with your actual exposure or impact.

The process must be documented, repeatable, and ready for limited assurance from your first reporting cycle. Over time, the standard will likely move toward reasonable assurance on par with financial audits.

Yet many companies underestimate the complexity. A survey found that 54% of firms see identifying material Impacts, Risks, and Opportunities (IROs) as the most valuable part of CSRD compliance, but also one of the hardest to execute well.

What It Takes

A tool won’t solve this alone. You need:

• A cross-functional working group: ESG can’t live in one department anymore.
  
• Decision logic that’s documented and defensible: Auditors will want to see how you selected, ranked, and justified material topics.
  
• Early auditor engagement: Surprises during assurance reviews can derail your entire timeline.
  

Double materiality is the compass for how your business communicates impact and risk. If your foundation is shaky, everything that follows will be too.

The ESG Disclosure Checklist Just Got Real

Once you’ve nailed double materiality, the next step is clear: know what you’re on the hook to report and how deep you have to go.

CSRD and ESRS don’t leave much room for ambiguity. They lay out exactly who must report, when, and what those reports must include. 

But executing this at scale? That’s where the real challenge begins.

a. Scope: Who’s Affected and When

The CSRD is rolling out in phases. Here’s how it breaks down:

That last group is critical as many non-EU firms still aren’t tracking this obligation. But the threshold is clear, and enforcement will follow.

b. Depth: What You Need to Report On

This isn’t high-level commentary. It’s deep, detailed, and designed for comparability.

You’ll need to cover impacts, risks, and opportunities across your entire value chain—not just internal operations. That includes:

• Scope 3 emissions
  
• Supply chain labor practices
  
• Biodiversity and ecosystem impacts
  

Reports must align with the ESRS standards, broken into 12 key areas:

• Environment (E1–E5): Climate, pollution, water, biodiversity, resource use
  
• Social (S1–S4): Workforce, supply chain labor, community impact, product end-use
  
• Governance (G1): Business conduct, corruption, transparency

These are structured disclosures with KPIs, narrative context, and performance tracking over time.

Some early adopters have already filed reports ranging from 30 to over 300 pages, with disclosed IROs (Impacts, Risks, and Opportunities) ranging from under 15 to over 80. That’s how wide the interpretation and complexity can get.

c. Assurance and Tagging: What Makes It Real

Two big additions raise the bar:

• External Assurance: Mandatory from day one. You start with limited assurance, but regulators have signaled a move toward reasonable assurance, like financial audits.
  
• Machine-Readable Format: All reports must be published in XHTML, aligned with the European Single Electronic Format (ESEF), and uploaded to the European Single Access Point (ESAP).
  

This requires collaboration across legal, IT, finance, and sustainability from the start.

And that’s where most companies hit friction. ESG data is spread across systems, formats, and teams. Without infrastructure that connects the dots, reporting becomes a fire drill.

Get Ready: 5 Strategic Moves for 2025 Compliance

So now you know what’s required. The next question is: what do you actually do?

For many companies, the challenge lies in execution. ESG data lives in silos. Reporting teams are overextended. Most haven’t done a formal double materiality assessment. 

And yet, the first CSRD deadlines have already landed.

What you need is to build a system that holds up internally, externally, and under audit.

Here’s where to start:

1. Run a Proper Double Materiality Assessment

Not a box-tick. Not a workshop and a spreadsheet. You need a defensible process with documented decision logic, clear criteria, and a multidisciplinary team.

This assessment is the foundation of your CSRD report. It determines what you include, how you frame risk, and what your auditors will evaluate.

In a recent survey, 54% of companies said identifying material IROs (Impacts, Risks, Opportunities) was the most valuable part of the CSRD process, but also one of the hardest to get right.

2. Map and Mobilize Your Data Supply Chain

ESG data doesn’t sit in one system. It’s buried in finance software, utility logs, procurement workflows, HR platforms, and third-party vendor files.

You need to find it, structure it, and assign ownership. That means:

• Defining who owns what
  
• Automating what you can
  
• Setting up validation rules and audit trails
  

83% of companies report difficulty collecting CSRD-compliant data. Without automation and clarity, the cracks show fast.

3. Match the Standards to Your Material Topics

The ESRS includes 12 disclosure areas, but you’re not expected to report on all of them. You report on what’s material, based on your assessment.

That means your reporting can and should be scoped. But only if your rationale is defensible. If you leave something out, auditors will ask why.

Defaulting to “everything” isn’t safer. It’s just slower and harder to maintain.

4. Bring Your Auditors Into the Process Early

Don’t wait for your first report to discover that your materiality logic or data formats don’t pass muster. Auditors are looking for:

• Clear, documented methodology
  
• Assurance-ready metrics
  
• Evidence of internal review and governance
  

Early engagement de-risks the process and builds confidence across your reporting chain.

5. Stop Relying on Last Year’s Template

Many companies will fall into a “default bias”, recycling their 2023 ESG deck and trying to retrofit it for CSRD.

It won’t work.

CSRD is about forward-looking, traceable, verifiable reporting. That takes systems, not slides. And it takes infrastructure that can scale across reporting cycles, not a scramble every Q1.

Lead the Shift or Fall Behind

The way we talk about ESG has changed. Now the way we report it has to catch up.

Customers and stakeholders, are asking for proof line by line, system by system. Because it’s not about having a report. It’s about having one that holds up under pressure.

What used to be optional is now enforced. What used to be broad is now specific, making it more of a business process, and not a branding exercise.

Reporting now means structure. Traceability. Accountability. No more picking and choosing what looks good. You’re expected to report what’s material whether it’s comfortable or not.

Companies that treat this as a compliance exercise will fall into reactive cycles. Long reports, late nights, fractured data, missed expectations.

But companies that treat it as a strategic reset? They’ll gain more than compliance. They’ll gain control.

Control over how they track risk. How they communicate performance. How they attract capital, respond to regulators, and future-proof their business.

The EU alone is onboarding over 50,000 companies into this new framework. Non-EU companies with €150M+ in EU revenue are next. And 83% of companies say ESG data readiness is still a challenge.

The window for getting ahead is closing. What was once voluntary is now a condition of access to markets, funding, and credibility.

FAQs

Who has to comply with CSRD?

Any large EU company and many non-EU companies with significant EU operations. If you have an EU branch or subsidiary and €150M+ in EU revenue, you’re likely in scope by 2029.

What makes CSRD different from previous ESG reporting?

It’s mandatory. It requires assurance. And it demands structured, value-chain-level data, not self-selected highlights in a glossy PDF. ESG is now part of the financial reporting process.

What is ESRS, and why does it matter?

The European Sustainability Reporting Standards (ESRS) define how you report under CSRD. They break down what to disclose and how — across climate, workforce, governance, and more.

What is double materiality, in plain English?

You don’t just report how climate affects your business. You also report how your business affects climate, people, and society. If it’s material in either direction, it goes in the report.

How detailed does the reporting need to be?

Very. You’ll need to cover Scope 3 emissions, supply chain labor, biodiversity impact, and more. Reports must be machine-readable and pass limited assurance with stricter audits likely coming.

What’s the biggest challenge for most companies?

The data. ESG data is scattered across systems and teams. Most firms aren’t set up to collect, standardize, or audit it at scale, yet they’re now expected to do exactly that.

What’s one thing I should do right now?

Run a formal double materiality assessment. It decides what you report. It drives the entire process. And it’s the first thing auditors will ask to see.