06.10.2023 | KPMG Law Insights, KPMG Law Insights

Implement CSRD and standards: a lot of work, little time

The Corporate Sustainability Reporting Directive (CSRD) will significantly change the management reports of around 49,000 companies in Europe: In the future, they will also have to report on the topic of sustainability (ESG). Specifically, the CSRD requires companies within the EU to add a variety of ESG-related topics and metrics to their management report. ESG stands for Environment, Social and Governance. The report must include the impact of sustainability aspects on the company’s economic situation and also provide information on the effects of the company’s activities on the environment and people. What this means in concrete terms is defined by the EU Commission in standards by means of delegated acts. It issued an initial set of reporting standards on July 31, 2023.

As an EU directive, the CSRD still has to be implemented by national legislators. The deadline for this is July 06, 2024. However, many companies cannot wait until the implementation deadline has passed. Even before the fiscal year on which they have to report, they should gain clarity about what needs to be reported. In addition, the companies concerned should ensure that the collection of the necessary data is started in good time and that the internal systems are prepared for this.

These companies are obliged to report in accordance with the CSRD

Companies are subject to the reporting obligation under the CSRD if they meet at least two of the following three criteria on two consecutive balance sheet dates:

  • Annual average of more than 250 employees
  • Annual sales of more than 40 million euros
  • Balance sheet total of at least 20 million euros

When the reporting obligation under the CSRD occurs depends on the size of the company. For the 2024 financial year, public interest entities with more than 500 employees that are already subject to non-financial reporting must report.

For the 2025 financial year, all large corporations and partnerships are also affected in accordance with section 264a of the German Commercial Code (HGB). Capital market-oriented SMEs must publish the first reporting for fiscal year 2026.

Only micro-enterprises and non-capital-market-oriented SMEs are exempt from sustainability reporting.

Standards specify the reporting obligations under the CSRD

To further supplement and flesh out the CSRD, the EU Commission issues technical standards as delegated acts. An initial set of regulations was published on July 31, 2023. This set is based on a draft by EFRAG (European Financial Reporting Advisory Group) and is also referred to as “ESRS” (short for: European Sustainability Reporting Standards).

The purpose of the standards is to ensure uniform and comparable sustainability reporting. The standards include application notes as well as metrics and KPIs. They are subdivided in particular according to the reporting areas of environment (E), social affairs (S) and good corporate management/governance (G).

Double materiality – consideration from two perspectives

The starting point for the reporting obligation is the so-called double materiality: companies should analyze which sustainability issues are relevant to them.

In doing so, they should consider the issues from two perspectives (hence “double materiality”):

  1. Inside-out perspective: Impact of entrepreneurial activity on people and the environment
  2. Outside-in perspective: impact of sustainability issues on the company’s financial position

Content of the report according to the CSRD

The content of CSRD reporting spans numerous individual measures and metrics that touch on nearly every area of corporate activity.

  • On the subject of the environment, organizations must report in detail. For example, they must analyze how business activities affect the environment, air, water and soil pollution, biodiversity and ecosystems, and what resources are used.
  • Other reporting requirements relate to social aspects. This includes the social impact of the company’s activities both on its own employees and on external people. Here, both the social environment and the supply chain must be considered. Measures to counter certain impacts will also be addressed in the social area.
  • The third part of the reporting concerns the governance aspect of ESG. The subject matter includes the compliance structure of the company. It must be clear here that the company monitors sustainability aspects and integrates them into everyday business.

Not all individual aspects must necessarily be preserved in the report in every case. Some aspects are optional – at least in the initial phase. Others will remain permanently voluntary. In some places, the reporting obligation also depends on the assessment of materiality.

Reputation risk and fine risks due to errors and greenwashing

If the report contains errors, it is not only the company’s reputation that is at stake. Even the accusation of greenwashing can result in negative press coverage and also carries the risk of being targeted by environmental organizations.

But there are also harsh consequences ahead:

First, ESG-related metrics are increasingly being used as the basis for financing decisions. In this respect, the companies’ financing partners will in all likelihood also access CSRD reporting in the future in order to verify the companies’ disclosures.

Failure to report or incorrect sustainability reporting will also be subject to sanctions under national law. It is expected that these will be similar to those in the area of incorrect financial reporting. Ultimately, CSRD reporting should lead to ESG aspects being reported on in a similarly informed manner as financials. This means that, in addition to fines against the company, sanctions can also be imposed directly on the management or the Executive Board and Supervisory Board as the responsible bodies.

Finally, there is the threat of civil law suits: On the one hand, competitors could use the reporting to take action under unfair competition law / UWG. On the other hand, there could be proceedings under tort law, for example with allegations of capital investment fraud. This may also include mass proceedings.

In all these cases, if damage occurs within the company, the next step is to clarify internal responsibility. There is therefore a threat of a typical constellation of directors’ and officers’ liability, which leads to paralysis and loss of trust-based internal cooperation for the company.

Risk avoidance through legal interpretation of the CSRD and Delegated Acts.

A legally sound interpretation of the CSRD and ESRS can help reduce these liability risks. Therefore, the legal department should accompany the reporting process every step of the way. In particular, it should assess in advance what the company needs to report on in detail and then later control the specific wording and KPIs to be published.

Existing law should also be included in the interpretation. In many cases, this already provides a framework that must be taken into account in sustainability reporting. Companies operating internationally may need to consider more than one jurisdiction, which adds an additional layer of complexity to the interpretation.

Data protection must also always be taken into account: many of the details to be provided in the social area are very sensitive, for example the details on gender quotas or mother and family protection. If data may not be collected under applicable data protection law, it must be weighed up on a case-by-case basis which provision takes precedence.

Time is short and good preparation pays off

Perhaps the biggest challenge in implementing the CSRD is that so many provisions are not clear, but are open to interpretation. Companies may also need to realign or completely rebuild their processes and structures. Additional difficulties may also arise from the reporting requirements under the EU taxonomy. Because there are some parallels here.

Time for implementation is short. From 2024, relevant data must already be collected. The following measures are recommended:

  • Interpretive issues should be resolved by the Legal Department at an early stage.
  • All decisions should be documented in a comprehensible manner.
  • To the extent that strategic issues arise from the findings, they should be incorporated into further management work.

Reporting may require new processes and new employee profiles, especially for those companies that have not been subject to non-financial reporting requirements to date. This should be planned and implemented in good time. In addition, to fill in the metrics and KPIs, a lot of data will need to be collected and consolidated. Any resulting data protection issues should be clarified in good time. Good data management will also pay dividends in reporting.

Explore #more

12.07.2024 | Business Performance & Resilience, In the media

Guest article in the IPE Dach: Necessary contract adjustments for DORA implementation

Deadline January 17, 2025: Financial companies and other service providers should start implementing the rules of the “Digital Operational Resilience Act” today, because the preparations,…

08.07.2024 | In the media

Article in In-house Counsel with KPMG Law Statement: Have software modules delivered, assemble, fine-tune, done

The article from 05.07.2024 contains an article with a statement by KPMG Law expert Kai Kubsch. IT applications for the legal department programmed by…

05.07.2024 | In the media

Guest article in Deutscher AnwaltsSpiegel: Transformation in legal departments

The KPMG Legal Department Report, now in its tenth edition (see here), has established itself as the standard work for general counsel since 2005…

03.07.2024 | KPMG Law Insights

BImSchG amendment to speed up approval procedures

On 17.05.2024, the traffic light parliamentary groups agreed on the amendment to the Federal Immission Control Act (BImSchG). The law is intended to create faster…

01.07.2024 | In the media

Guest article in Business Punk: Startup insolvency – bargain for investors or incalculable risk?

The issue of June 25, 2024 contains a guest article by KPMG Law experts Stefan Kimmel and Gunars Urdze. The Covid-19 pandemic and the…

01.07.2024 | In the media

Guest article in IT-Zoom: The path to safe and ethical AI

The June 25, 2024 issue of IT-Zoom contains a guest article by KPMG Law expert Francois Maartens Heynike and KPMG Law expert Kerstin Ohrem.…

28.06.2024 | KPMG Law Insights

Podcast series “KPMG Law on air”: ESG and employment law

Sustainable corporate governance is increasingly becoming a legal obligation. The HR department is also affected. Because “sustainable” also includes social aspects. Accordingly, companies have numerous…

25.06.2024 | In the media

Guest article in the ESGZ: Is antitrust law becoming “greener”? – An update

The June issue of ESGZ contains a guest article by KPMG Law expert Jacqueline Unkelbach. Sustainability goals and criteria – in a broader sense…

19.06.2024 | In the media

Guest article in the Börsenzeitung: Tackling succession planning for family businesses early on

Experience shows that less is better than nothing – even individual measures can have a major impact. KPMG Law expert Mark Uwe Pawlytta knows which…

13.06.2024 | In the media

Commentary on the Whistleblower Protection Act (HinSchG) published with contributions from KPMG Law

After years of wrangling, the Bundestag and Bundesrat transposed the EU Whistleblowing Directive into national law in 2023: The Whistleblower Protection Act (HinSchG), which has…


Dr. Lisa Kopp


Friedenstraße 10
81671 München

tel: +49 89 5997606-1289

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.