What is the CSRD?
The Corporate Sustainability Reporting Directive (CSRD) is the EU directive on sustainability reporting. It requires companies to report standardized environmental, social and governance (ESG) information under the European Sustainability Reporting Standards (ESRS) once national transposition and the undertaking's structure trigger the obligation. Reports must then be verified by an independent auditor.
Directive (EU) 2026/470 significantly narrowed the scope. CSRD thresholds for EU undertakings now sit at more than 1,000 employees and more than €450m net turnover; the revised ESRS are finalised separately as a delegated act.
Who must report after the Omnibus Reform?
After the Omnibus Reform, both criteria must be met cumulatively for EU undertakings; group scope and national transposition still need to be assessed separately:
- More than 1,000 employees — AND more than €450 million net turnover — both thresholds must be exceeded.
- From financial year 2027 — Unified reporting start for all newly obligated companies, publication in 2028.
- Non-EU parent companies — Check more than EUR 450m EU net turnover for the parent undertaking plus an EU subsidiary or EU branch with more than EUR 200m turnover.
- Listed SMEs — Many SMEs are outside mandatory CSRD reporting, but may still receive customer, lender or investor data requests.
ESRS — What data must be reported?
The ESRS define mandatory reporting content based on the principle of double materiality: which sustainability topics have a financial impact on the company, and what impact does the company have on the environment and society?
- Climate change (E1) — CO₂ emissions Scope 1, 2 and 3, climate risks, decarbonization pathway.
- Resource use & circular economy (E5) — Material consumption, recycling rates, waste avoidance — direct link to the DPP.
- Own workforce (S1) — Own employees, supply chain workers, human rights due diligence.
- Supply chain (S2) — Working conditions at suppliers, transparency over production sites.
- Governance (G1) — Corporate governance, compliance structures, anti-corruption.
CSRD and Digital Product Passport — one data source
DPP product data on carbon footprint, material composition and supply chain can support ESRS reporting, but it does not replace company-level CSRD reporting duties. Companies that build DPP-compliant data structures early can reuse the same sources for product compliance, Scope 3, E5 and supply-chain evidence. Nulara connects these data flows in one system, reducing duplicate data collection.
ESRS simplification after Omnibus
The ESRS are being simplified after the Omnibus process. EFRAG's December 2025 technical advice proposes a major reduction of mandatory datapoints and deletion of voluntary disclosures; the legally relevant text is the final European Commission delegated act. Until then, companies should not plan around old datapoint lists, but keep data models for E1, E5, S2 and governance evidence robust.
National implementation status in Germany
Germany must transpose the amended CSRD requirements into national law. German companies therefore need to track both national transposition of the Omnibus Directive and the final ESRS delegated act. Companies that already build robust data structures for climate, circularity and supply-chain evidence reduce later rework.
Limited vs. Reasonable Assurance
CSRD reports must be externally assured. The Omnibus Directive keeps assurance at Limited Assurance and removes the requirement to move to Reasonable Assurance later:
- Limited Assurance — Limited assurance remains the relevant assurance level for sustainability reports.
- Reasonable Assurance — The Omnibus Directive removes the requirement to move to reasonable assurance in the future.
- Eligible auditors — Eligible assurance providers depend on national transposition and professional rules.
VSME — the voluntary SME standard
The Voluntary SME Standard (VSME) was developed by EFRAG specifically for non-reporting micro and small enterprises. It consists of two modules:
- Basic module (B-Module) — Minimal data scope — energy, CO₂, water, working conditions. Sufficient for micro and small enterprises without banking obligations.
- Comprehensive module — Extends the basic module with additional information typically requested by banks, investors and larger buyers.
- Value-chain protection — The Omnibus Directive limits which information reporting companies should request from smaller value-chain companies.
SME protection
Companies with fewer than 1,000 employees should be protected from disproportionate data requests by larger CSRD-reporting companies. The voluntary VSME standard is a practical reference for information that smaller suppliers can provide in a structured way.
This overview is technical and editorial information, not legal advice. Thresholds, group exemptions, third-country rules and national transposition must be checked case by case.
Sources