What do the rules say and do they apply to you? How to submit your report and what happens if you fail to do so?

ESG Report Pro

What are the new sustainability and ESG rules coming in Europe? When do they start? Does every company have to comply?

In January 2023, the EU passed the Corporate Sustainability Reporting Directive (CSRD) which compliments the Sustainable Finance Disclosure Regulation (SFDR) and the EU Taxonomy. As part of the CSRD, the EU created the European Sustainability Reporting System (ESRS) which outlines all the criteria and relevant indicators that organisations must use to fulfil their Environmental, Social and Governance (ESG) reporting commitments, as per the CSRD.

The rules initially only apply to large organisations, but the threshold for organisational size reduces each year. In 2025, entities with more than 500 staff must report for the year 2024, and in 2026, the company size reduces to 250+ staff for the reporting year 2025. In 2026, listed companies with 10 or more staff will need to report for 2025 and we may well see SMEs needing to make their first limited reports either then or the year after.

ESRS CSRD Timeline until 2028

What are the differences between these new laws, including ESRS and CSRD?

CSRD and ESRS are essentially the same thing – the Corporate Sustainability Reporting Directive is part of the EU Green Deal and was passed in Jan this year. The European Sustainability Reporting Standards define the criteria and indicators that apply within the CSRD… so by meeting them you are compliant with the CSRD.

What is the structure of fines if companies fail to report? 

Firstly, organisations have a maximum of 12 months after the balance sheet date, to submit the duly approved annual sustainability statements in the required electronic reporting format.

We are still waiting for final clarification of the process for evaluation and punitive measures. At the moment, if an organisation is guilty of being non-compliant with the CSRD it can expect administrative sanctions and three possible penalties: a public denunciation; an order to change conduct; and financial punishment of periodic penalty payments of up to EUR 50k amounting up to EUR 10 million or 5% of their annual revenue

Why are the new ESG laws (including ESRS & CSRD) in EU relevant to SME’s?

Let’s first define which companies have to submit ESG reports for 2024 – they need to have >500 employees and/or >40mEuro turnover and/or >20mEuro assets. So, at the moment the new ESG laws are not directly relevant to SMEs. However, an SME might be part of a supply chain for a company that does need to report, in which case you should expect to have to provide details about your Environmental, Social and Governance (ESG) performance.

However, the thresholds for companies that must report is reduced each year… at the moment listed SMEs with 10 employees or more will need to start reporting from 2027 and there are suggestions that all companies, listed or otherwise, with 40 employees or more having to report from 2028.

Who do we submit the ESG report to and how?

Companies will be expected to provide all ESRS related information in either their annual or management reports to the European Securities and Markets Authority (ESMA) in European Single Electronic Format (ESEF) digital format. This is to ensure that financial and ESG information is published at the same time and considered as a whole, rather than two separate entities. It is not yet clear which additional documents, for example for verification or as evidence, may be required to be reported.

In line with regulations, all sustainability information will need to be provided in XHTML format for standardisation and easier verification.

Does our ESG report need to be independently audited or verified?

Only public organisations will need to include an assurance report for sustainability disclosures subject to:

  • On or before 1 October 2026, the European Commission will provide limited assurance standards for auditors to use when assessing the assurance of sustainability reports.
  • On or before 1 October 2028, reasonable assurance standards will be provided—but only if it’s determined that reasonable assurance is feasible for auditors.

ESG is important for several reasons

Identify and Manage Risks and Opportunities

First, it helps identify and manage risks and opportunities associated with environmental and social issues, such as climate change, biodiversity, water, pollution, product end of life management, labour practices, and human rights. By addressing these risks and opportunities, companies can enhance their long-term sustainability and avoid potential legal, reputation and financial consequences.

Considered by Investors, Lenders and New Staff

Second, ESG factors are increasingly considered by investors, lenders, potential new staff and other stakeholders when making decisions. Demonstrating a commitment to ESG can attract capital and talent, improve access to funding, and enhance a company's valuation and reputation.

Aligns with Growing Societal Expectations

Third, ESG aligns with growing societal expectations. Consumers, employees, and communities are increasingly concerned about environmental and social issues, and they favour companies that prioritise sustainability, diversity, and responsible practices. By embracing ESG, companies can foster trust, loyalty, and positive relationships with their stakeholders.

In summary, ESG is a comprehensive framework that helps companies manage risks, identify new opportunities, attract capital, and align with societal expectations. By integrating ESG principles into their strategies and operations, companies can enhance their long-term success and contribute to a more sustainable and equitable future.

The International ESG Landscape is constantly evolving, this is where things are at in October 2023


The Corporate Sustainability Due Diligence Directive is coming in 2024 and it applies to every company in some form. We still don’t have full details, but this is what we do know right now:

Implementing the CSDDD

STEP 1: Policy Commitment

Develop, implement and communicate a policy on human rights due diligence. Incorporate your policy(s) and expectations in supplier and business relationships.

STEP 2: Process to Identify Risks

Develop a process to assess and identify the most significant risks within operators, suppliers and business relationships.

STEP 3: Act and Provide Remedy

Take action on the most significant risks. Develop and implement a remediation plan to cease, prevent and mitigate risks.

STEP 4: Track and Review Results

Track the implementation and results to evaluate the effectiveness of your due diligence processes. Implement continuous improvement and review process.

STEP 5: Communicate Publicly

Communicate human rights due diligence procedures, risks, activities and findings to stakeholders.

STEP 6: Cooperate for Remedy

Cooperate with other parties to enable remedy. Provide and promulgate grievance mechanisms.