The Corporate Sustainability Reporting Directive (CSRD) will significantly change the management reports of around 49,000 companies in Europe: In the future, they will also have to report on the topic of sustainability (ESG). Specifically, the CSRD requires companies within the EU to add a variety of ESG-related topics and metrics to their management report. ESG stands for Environment, Social and Governance. The report must include the impact of sustainability aspects on the company’s economic situation and also provide information on the effects of the company’s activities on the environment and people. What this means in concrete terms is defined by the EU Commission in standards by means of delegated acts. It issued an initial set of reporting standards on July 31, 2023.
As an EU directive, the CSRD still has to be implemented by national legislators. The deadline for this is July 06, 2024. However, many companies cannot wait until the implementation deadline has passed. Even before the fiscal year on which they have to report, they should gain clarity about what needs to be reported. In addition, the companies concerned should ensure that the collection of the necessary data is started in good time and that the internal systems are prepared for this.
Companies are subject to the reporting obligation under the CSRD if they meet at least two of the following three criteria on two consecutive balance sheet dates:
When the reporting obligation under the CSRD occurs depends on the size of the company. For the 2024 financial year, public interest entities with more than 500 employees that are already subject to non-financial reporting must report.
For the 2025 financial year, all large corporations and partnerships are also affected in accordance with section 264a of the German Commercial Code (HGB). Capital market-oriented SMEs must publish the first reporting for fiscal year 2026.
Only micro-enterprises and non-capital-market-oriented SMEs are exempt from sustainability reporting.
To further supplement and flesh out the CSRD, the EU Commission issues technical standards as delegated acts. An initial set of regulations was published on July 31, 2023. This set is based on a draft by EFRAG (European Financial Reporting Advisory Group) and is also referred to as “ESRS” (short for: European Sustainability Reporting Standards).
The purpose of the standards is to ensure uniform and comparable sustainability reporting. The standards include application notes as well as metrics and KPIs. They are subdivided in particular according to the reporting areas of environment (E), social affairs (S) and good corporate management/governance (G).
The starting point for the reporting obligation is the so-called double materiality: companies should analyze which sustainability issues are relevant to them.
In doing so, they should consider the issues from two perspectives (hence “double materiality”):
The content of CSRD reporting spans numerous individual measures and metrics that touch on nearly every area of corporate activity.
Not all individual aspects must necessarily be preserved in the report in every case. Some aspects are optional – at least in the initial phase. Others will remain permanently voluntary. In some places, the reporting obligation also depends on the assessment of materiality.
If the report contains errors, it is not only the company’s reputation that is at stake. Even the accusation of greenwashing can result in negative press coverage and also carries the risk of being targeted by environmental organizations.
But there are also harsh consequences ahead:
First, ESG-related metrics are increasingly being used as the basis for financing decisions. In this respect, the companies’ financing partners will in all likelihood also access CSRD reporting in the future in order to verify the companies’ disclosures.
Failure to report or incorrect sustainability reporting will also be subject to sanctions under national law. It is expected that these will be similar to those in the area of incorrect financial reporting. Ultimately, CSRD reporting should lead to ESG aspects being reported on in a similarly informed manner as financials. This means that, in addition to fines against the company, sanctions can also be imposed directly on the management or the Executive Board and Supervisory Board as the responsible bodies.
Finally, there is the threat of civil law suits: On the one hand, competitors could use the reporting to take action under unfair competition law / UWG. On the other hand, there could be proceedings under tort law, for example with allegations of capital investment fraud. This may also include mass proceedings.
In all these cases, if damage occurs within the company, the next step is to clarify internal responsibility. There is therefore a threat of a typical constellation of directors’ and officers’ liability, which leads to paralysis and loss of trust-based internal cooperation for the company.
A legally sound interpretation of the CSRD and ESRS can help reduce these liability risks. Therefore, the legal department should accompany the reporting process every step of the way. In particular, it should assess in advance what the company needs to report on in detail and then later control the specific wording and KPIs to be published.
Existing law should also be included in the interpretation. In many cases, this already provides a framework that must be taken into account in sustainability reporting. Companies operating internationally may need to consider more than one jurisdiction, which adds an additional layer of complexity to the interpretation.
Data protection must also always be taken into account: many of the details to be provided in the social area are very sensitive, for example the details on gender quotas or mother and family protection. If data may not be collected under applicable data protection law, it must be weighed up on a case-by-case basis which provision takes precedence.
Perhaps the biggest challenge in implementing the CSRD is that so many provisions are not clear, but are open to interpretation. Companies may also need to realign or completely rebuild their processes and structures. Additional difficulties may also arise from the reporting requirements under the EU taxonomy. Because there are some parallels here.
Time for implementation is short. From 2024, relevant data must already be collected. The following measures are recommended:
Reporting may require new processes and new employee profiles, especially for those companies that have not been subject to non-financial reporting requirements to date. This should be planned and implemented in good time. In addition, to fill in the metrics and KPIs, a lot of data will need to be collected and consolidated. Any resulting data protection issues should be clarified in good time. Good data management will also pay dividends in reporting.
© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.
KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.