CSRD in 2026: Who’s in scope and what’s due when

CSRD in 2026: a complete run-down of perhaps the most complex ESG reporting legislation in the world, and where it comes down to you. 

We’ve already arrived at the new normal when it comes to sustainability reporting. No amount of polarised debate and political backlash can stop the EU’s long-standing goal of overseeing top-quality disclosures and compliance in this area. And now, the Corporate Sustainability Reporting Directive (CSRD) and the European Sustainability Reporting Standards (ESRS) demand a level of non-financial data precision that boards would historically only see in financial documents. 

CSRD hasn’t completely escaped the negativity and is responding to “teething issues” that will be a breath of relief for many. However, the underlying principle of mandated, integrated reporting frameworks is definitely set in stone. 

For the modern board of directors, especially those in the largest global organisations, the challenge is quality and consistency. You want to engage with what you’re discussing as well as simply comply with the informational requirements. 

It’s also key to understand the revised timelines and the scope of what’s required. Don’t generalise in this area; ensure you have a clear picture of what these mean for your company. This is critical for boards to avoid the pitfalls of complacency.

Many corporate leaders came to know (and often fear) the original CSRD rulebook in the years before it came into force. That rulebook was substantively altered by the 2025 Omnibus Simplification Package, designed to address the ongoing debate in major world economies: how strict can we be without affecting competitiveness?

Essentially, the omnibus package narrowed the scope. Different companies were divided into ‘waves’ for purposes of defining responsibilities. Waves 2 and 3 (companies with over 1000+ employees and non-EU companies with enough EU turnover) have seen start dates delayed from 2026 to 2028 and thresholds relaxed. Wave 4 (listed SMEs) has been removed from the plans entirely. These reprieves will go down well with those affected, but they will inevitably shine a brighter light on larger ones who have less room to hide. 

What’s important is realising that these kinds of teething delays are not invitations to pause your preparations, not if you will eventually have to follow the rules regardless. Robust implementation programs could take up to a year and a half to implement fully. If you haven’t started preparing yet, you have alarmingly little time.

Double materiality remains at the heart of sustainability reporting, chiefly through the ESRS. Think of it as a starting the overarching structure and a common starting point for all reports. You need to assess your business in the following ways:

1. Its impact on people and the environment, with each sub-impact broken down in terms of severity and likelihood. 
2. Its impact on its own financial health, performance and market position, broken down by risks to the company’s bottom line and their likely magnitude. 
3. The crucial step for “double” materiality: you need to consider both of them above together as well as apart. 

This is intended to create a more dynamic workflow that links finance and environmental impact. Ultimately, it will frame both in the context of business innovation. Here’s an example under the umbrella of ESRS E5, which deals with resource use and waste management. Double materiality means considering the risk of the companies’ waste management on the environment and (especially if they change practices to deal with that first risk) on their revenue streams. The typical end-end result here would be targeting design innovations that reduce costs and open revenue streams. 

The crucial thing to remember about double materiality is that it’s designed to force you beyond simple box-ticking, so engage with that. Failure to do so can result in regulatory fines and a damaging loss of “ESG credibility.”

With such huge demands coming on stream quite quickly, many organisations are forced into an “accuracy crisis” due to a heavy reliance on unstructured data from spreadsheets. They need structure to combat this and, fortunately, there is a template that will help in COSO Internal Control over Sustainability Reporting (ICSR) framework.

Effective internal controls for sustainability need proper standardisation. They show you understand your own company’s statistics and aren’t just giving regulators everything you have without checking first. Explicitly showing how energy, waste, and labour data are collected, boards gain a “single version of the truth” that can be contextualised easily. This clarity pleases stakeholders, and it also allows for more confident decision-making regarding capital allocation for decarbonisation projects and resource optimisation.

The CSRD’s Article 40a is a crucial provision that expands these new ESG reporting laws beyond the EU’s borders. Basically, a non-EU parent company is in scope if it generates more than €450 million in net turnover within the Union for two consecutive years.

While this might be cumbersome for many, the EU remains an essential active market for many global companies, and struggling against the regulations may be as useful as swimming against a strong current. 

The flipside is that your company can turn compliance requirements into a strategic advantage by harmonising your global sustainability data. A single, science-backed model, applied with the appropriate stakeholder involvement, can meet the requirements of multiple jurisdictions—from California to Australia, incorporating the EU in the journey—reducing the administrative burden of running separate climate risk assessments for each region.

For boards looking to address CSRD in 2026, your priorities should be as follows:

• Recalibrate fiduciary duty: Understand that your oversight of non-financial data now needs to match the rigour of financial statements. Boards should engage the key personnel, like the CFO, to leverage existing expertise in building out internal controls to the new standards. 
• Manage the “trickle-down” effect: Although there has been a reduction in CSRD’s scope, firms will likely face data requests from somewhere along their business chain, even if they themselves are not in scope. Because of this, all boards should get proactive about data, ensuring it’s audit-ready from the get-go.
• Migrate safely from GRI: For those who need to alter their data frameworks away from the Global Reporting Initiative (GRI) standards, the GRI-ESRS Interoperability Index provides a safe pathway. However, this translation requires adding an “outside-in” perspective to existing impact reports, and it’s up to boards to understand their needs in this area.

CSRD is changing, and some firms will see relief from new rules in the short term. However, these firms may get caught in larger reporting chains in the longer-term, and there’s no denying the intensifying spotlight on larger companies in the meantime.

• CSRD Reporting Requirements: A Practical Climate & ESRS E1 Guide
• Corporate Sustainability Reporting Directive (CSRD) – European Commission
• Key features of ESRS – KPMG International
• Navigating the EU Omnibus Simplification Package: CSRD
• European Parliament Approves Delay to CSRD and CSDDD
• CSRD – Double Materiality Assessment
• Everything you need to know about European Sustainability Reporting Standards
• Internal Control – COSO.org
• Prioritizing Internal Controls for Sustainability Reporting
• The EU Corporate Sustainability Reporting Directive: What Non-EU Multinational Companies Need to Know
• EU CSRD: sustainability reporting requirements extended and scope broadened to include non-EU groups
• GRI vs. ESRS: Overlaps & Differences
• Mastering ESG reporting: frameworks, standards, and best practices