The EU’s Corporate Sustainability Reporting Directive (CSRD) is a significant expansion of reporting obligations for organisations that operate in the EU.
Organisations are now required to report on the entire value chain. The first set of draft European Sustainability Reporting Standards (ESRS) points out the clear direction the EU is taking towards standardised disclosure.
For the first time, it will be mandatory for EU organisations to apply double materiality to their reporting. With the ESRS, the EU hopes to generate comparable and reliable information on:
- Corporate sustainability;
- Social impact;
- Governance policies.
Adherence to the ESRS will make it easier for organisations to address adverse impacts caused by their business activities. In order to comply, they’ll need to increase the scope and detail of ESG reporting. While this could be burdensome, regulatory preparedness can bring:
- Reputational gains;
- Improve investor confidence;
- Identify and mitigate risks in the value chain.
The data required help organisations assess their ESG performance year-on-year against realistic benchmarks to improve efficiency and decision-making. Additionally, mandatory independent audits will guarantee the reliability of disclosed information.
Who Needs to Comply?
The CSRD builds on the scope of the Non-Financial Reporting Directive (NFRD). The requirements will come into effect on 01 January 2024 for around 50,000 organisations in the EU.
The CSRD has a phase-in period for organisations that depends on their size. Read our guide to the CSRD to see if and when they apply to your organisation.
What’s New with the ESRS?
The first set of ESRS standards cover:
- Impact, risk and opportunity management;
- Metrics and targets.
Disclosure will happen on 3 levels:
- Sector agnostic, which are cross-cutting standards;
- Topical standards. For example, climate, pollution, and water.
- Sector-specific standards.
The ESRS were created by the European Financial Reporting Advisory Group. The latter has been charged by the European Commission to create and implement sustainability reporting standards. The European Commission is expected to adopt the first set of standards in June 2023. Sector-specific and SME standards are due in June 2024.
Organisations with experience in non-financial materiality reporting requirements like the Global Reporting Initiative (GRI) will be familiar with the ESRS. However, it’s likely that the scope will be broader than existing reporting frameworks. Organisations ought to assess gaps in their reporting and consider if additional data points are needed.
The ESG information to disclose are:
- Climate change
- Water and marine resources
- Resource and circular economy
- Own workforce
- Workers in the value chain
- Affected communities
- Business conduct (corporate governance)
Note that this list isn’t exhaustive. Should businesses discover material risks not covered by the ESRS, they must provide additional disclosures.
On the other hand, businesses will no longer need to justify any gaps in their reporting if they have nothing material to report in a given area.
Third-party audits will be mandatory from the beginning and will become stricter over time.
To start with, audits will imply limited assurance engagements. That means auditors will mainly focus on the reporting process and areas with a higher potential for misstatement through data review.
However, the level of assurance is expected to increase to 'reasonable'. This is the highest assurance level, comparable to the one granted in financial statement audits. It requires more extensive verifications, such as data sampling and internal controls.
Avoiding a Double Materiality Calamity
When disclosing environmental or social risk, double materiality should be deployed. Double materiality prioritises sustainability alongside finance. This means organisations have to assess next to financial risks the real impacts of their business activities on stakeholders and the environment. Organisations need to report on:
- The main risks and opportunities;
- Due diligence processes for identifying and mitigating negative impacts;
- Remediation processes.
The complexity of supply chains can make materiality assessments difficult for organisations. Initial feedback rounds show that many will struggle to adequately report on the above if they don’t engage with stakeholders in the whole value chain.
There are a variety of tools and approaches available for capturing this data that may be suitable for your organisation.
IISB reporting is typically used for financial materiality, whereas the GRI is most frequently used for impact. Double materiality means organisations will need to get closer than ever to their value chains, using tools and processes to gather data on any environmental and social impacts. For organisations that have yet to implement value chain data collection processes, this could mean venturing into uncharted territory.
Social Impact: A Practical Example
If we look at the requirements for social impact disclosures, we can see how reporting obligations have expanded. Organisations will need to do more than just report what policies they have in place. They will report on how they identify the main human-and-labour-rights related risks and opportunities their activities cause. On top of that, they need to share what they are doing about them.
Additionally, organisations need to disclose:
- Due diligence processes they have in place to engage with relevant stakeholders (unions, lawyers, NGOs, business leaders, industry organisations);
- How they ensure “the perspectives of value chain workers” are included in decision-making processes;
- Their processes for deploying safe, anonymous complaints channels for affected persons;
- Processes they have to engage with more vulnerable groups of workers, such as the disabled, or migrant workers;
- The social impact of their activities beyond the workers in the supply chain, in affected communities.
Once organisations have these processes in place, they will be expected to report metrics, for example, statistics on complaint type, or the affected populations and set future targets.
The common approach of using a grievance hotline may no longer be adequate to meet the ESRS’ demands. To benefit from regulatory preparedness, organisations should consider a holistic approach with an end-to-end social impact management system. They could consider the following:
- Digital surveys;
- Multi-device or multi-language grievance mechanisms;
- Stakeholder-inclusive co-design to ensure vulnerable groups aren’t left behind.
Social impact is just one example; the same end-to-end, holistic, approach applies to all areas covered by the ESRS.
For example, if organisations find that their activities result in deforestation, they need to report metrics on those changes over time. They will also need to report what policies they have in place to address them.
One way or another, organisations will need detailed information about impacts along the entire value chain. The expected bare minimum consists of disclosing what plans they have to implement ESRS-ready due diligence processes if any.
Transition into a Better Business
The balance is shifting from policies to actual implementation. Although the CSRD is a reporting directive, what it really does is ensure that organisations have the processes in place to guarantee sustainability within the reporting organisation. It’s about all the actions that are taken before complying with the directive, guaranteeing strategy, engagement and ultimately reporting. Additionally, the standards ensure comparability.
The ESRS means that organisations will have to adapt their existing due diligence processes to comply. With the ESRS, the EU equates non-financial reporting with financial reporting. This makes sustainability as important in corporate decision-making as financial motives.
Organisations can get a head start by building sustainability into their business model and business processes, preparing them for the future. Compliance with regulations isn’t the only benefit. Organisations can look forward to improving stakeholder relationships, streamlining operations and protecting their reputations.