CSRD Compliance in 8 Easy Steps

‍Implementing CSRD compliance at your company might seem like an overwhelming, energy- and money-absorbing blackhole of a task. The regulation itself spans a vast amount of text, and the European Sustainability Reporting Standards (ESRS) add a few hundred more pages to the reading list. It's easy to get lost in all this information, especially with conflicting interpretations and only a few early adopters to look to for guidance. But at denxpert, we believe CSRD compliance isn't rocket science. We've broken down the process into 8 manageable baby steps so that implementing CSRD feels less like an impossible mission and more like a series of achievable goals.

‍

1. Understanding the CSRD Compliance

The Corporate Sustainability Reporting Directive (CSRD), introduced by the European Commission, came into effect in January 2024. As part of the European Green Deal, it aims to create a transparent, comprehensive framework for corporate sustainability reporting. Based on the principle of double materiality, companies must report both their sustainability impacts and the financial risks and opportunities related to these impacts, connecting the two dimensions to ensure sustainability aligns with business strategy.  Companies also need to disclose how they prevent, mitigate and remediate their negative impacts and manage their sustainability risks with policies and actions, what are the targets for these actions and how progress is measured.  To comply with CSRD, companies need to report according to European Sustainability Reporting Standards (ESRS), developed by the European Financial Reporting Advisory Group (EFRAG). The ESRS features over 80 disclosure requirements and 1,200 associated data points.  

Familiarizing yourself with the legislation and ESRS—even if you don't plan on reading them cover to cover in one dull evening—is a crucial, though sometimes tedious, first step. Start by understanding how the CSRD has been transposed into your country’s legislation. Be sure to check the phasing-in timelines, thresholds for being within scope, and audit requirements, as these can vary from country to country. Take time to explore the ESRS themes and structure, even if the logic feels a bit off in places. Don’t forget—the Application Requirements and Appendices are just as important as the main standards.

There are plenty of workshops, webinars, and learning groups available to support you, and at this point, you might also want to consider software assistance. This step may feel a bit monotonous, but trust us—it’s worth it! The time and resources you invest now will pay off once you fully understand what’s being asked of you, and you’re not just mechanically entering data into Excel.

‍

2. State of the Union

Once you’ve familiarized yourself with the rules and standards, it’s time to move on to the next step: understanding your starting point. This isn’t the gap assessment just yet, since you don’t know which disclosure requirements and data points are material and relevant to you. At this stage, you're simply reviewing the information you already have about your company’s sustainability performance. This might include existing sustainability reports inspired by or complying with GRI, annual reports with TCFD segments, CDP submissions, or internal documents like ISO certifications or EcoVadis documentation.

Having a clear view of what you can build on will make it much easier to plan the implementation timeline, identify the resources you’ll need, and assign responsibilities across the company. Plus, these documents may come in handy during your Double Materiality Assessment process.

‍

3. Double Materiality Assessment

One of the key innovations of the CSRD is the Double Materiality Assessment (DMA). It introduces a combined evaluation of a company’s impact on society and the environment, alongside sustainability-related financial risks and opportunities.

What makes DMA especially helpful is that it helps you identify which ESRS topics are material to your company. The best part? You only need to gather data and report on the topics that are relevant to you!  

According to EFRAG, the DMA can be done in four basic steps:

1. Understanding the context: Start by mapping your value chain, paying special attention to impact, risk, and opportunity (IRO) hotspots and key affected stakeholders. This will help you figure out who to involve in your DMA and how to reach them.

2. Identifying IROs: Next, identify the actual and potential, negative and positive impacts your company has on the environment and society, as well as the sustainability-related risks and opportunities listed in the ESRS.

3. Evaluating IROs and determining materiality: Now, assess which topics count as material to your company, using the ESRS framework but applying your own company-specific thresholds. The ESRS provides clear criteria to guide this evaluation.

4. Disclosing your DMA process and results: Finally, report on the IROs you’ve identified and the process you used to assess them. These disclosures will be part of your ESRS-aligned sustainability statement, not a separate report.

Read more about how to do a DMA here.

‍

4. Information Materiality

One of the most underrated steps in CSRD implementation is figuring out exactly which disclosure requirements and data points you need to report on—this process is also known as information materiality. Beyond matching disclosure requirements to your material topics and sub-topics, it's important to understand the voluntary and phased-in disclosure requirements too. For instance, in the first year of reporting, companies aren't required to include value chain information, and minimal reporting on Social topics is sufficient. For the first two years, reporting on biodiversity is voluntary, and for the first three years, financial effects can be disclosed qualitatively. Additionally, companies with fewer than 750 employees can phase in reporting on all social standards.  

A thorough information materiality assessment can save you significant time and effort by allowing you to focus only on the data points that are truly relevant to your business.

‍

5. Mastering the Gap Assessment

Despite what many consultants may claim, a gap assessment only makes sense once you know exactly what data you need for your Sustainability Statement. By step 5, you’ve reached that point. Earlier, in step 2, you gathered the relevant sustainability or CSR reports and certifications that can serve as a foundation for your CSRD report. Now, you’ll compare what you already have with what’s required for CSRD compliance.

For example, you might find that some of the data from your GRI reports or ISO certification processes can be reused. Since collecting data from scratch can be time-consuming, a precise gap analysis will help you identify what’s missing and save you a lot of effort.

‍

6. Data Collection

This is the part that most companies fear the most—data collection. Yet, it doesn’t get nearly enough attention in discussions about CSRD compliance. CSRD data can be broken down into two main types: narrative data, like disclosing your company’s policies and actions, and numerical data, such as your carbon footprint, CapEx on climate action, or the average number of FTEs. It’s a bit more complex than that, but for simplicity, let’s stick with these two categories for now. Interestingly, 70% of the data points in the ESRS are narrative.

Each type of data requires its own strategy, systems, controls, and management processes. Narrative data might be easier to gather, with input from a few stakeholders or even compiled by the project manager. Numerical data, however, often needs to be collected from multiple sites, suppliers, or departments. But don’t underestimate the challenges of narrative data either—when disclosing policies, actions, or targets, your text must include all the relevant data points. Imagine having to write about your company’s biodiversity preservation efforts according to specific criteria, ensuring you capture all the necessary details in a concise way.

A good first step in building your data collection strategy is dividing the responsibilities within the company. Different teams or departments can handle different types of data to streamline the process.

Also, consider using software—it can be a game changer for reporting on policies, actions, and targets (PAT) as well as for collecting, controlling, and processing numerical data.

If you want to get ahead and start early, even before your DMA is finalized, you can begin by tackling the mandatory disclosures under ESRS 2, which apply to every company. Another smart move is to focus on two key areas: E1 (Climate Change) and S1 (Own Workforce). These topics are likely to be material for most companies and are rich in both narrative and numerical data points. For example, you might need to gather carbon footprint data, provide detailed information on your workforce, or summarize your company’s climate transition plan. Starting here will definitely give you a head start.

‍

7. Validation/ Internal Audit

Since ESRS involves teamwork across different departments—like finance, HR, and OHS—and includes up to 1,200 data points under 80 disclosure requirements, it’s easy to feel overwhelmed. That’s why, in addition to planning your DMA and data collection strategies, it’s crucial to establish an internal validation process. This will ensure your disclosures are complete and of high quality, preparing your reporting process for external audits.

To support the validation process, document every step along the way, such as your methodological choices for the DMA, how you conducted your information materiality assessment, and which voluntary or phased-in data points you filtered out. This way, if an auditor flags missing data, you can show that it was a deliberate decision, not an oversight.

Remember, CSRD implementation is a learning process for everyone—including the auditors. Instead of fearing the audit, focus on your progress, your processes, and gaining a deeper understanding of your data.

‍

8. A Winning Sustainability Statement

The final step in this process is, of course, producing your sustainability statement. Under CSRD, all the required data should be presented in one coherent document, published as part of your company’s management report. While there may be up to 1,200 data points to report on, the goal is to create a readable and understandable narrative. Additionally, once the European Commission and ESMA finalize the XBRL taxonomy, you’ll need to publish your sustainability statement in xHTML format with XBRL labels. This will allow for large-scale data collection and comparison across companies.

While the path to CSRD compliance may seem complex, breaking it down into manageable steps can make the journey far more achievable. From building your data collection strategies to crafting your sustainability statement, each phase is an opportunity to enhance your company’s sustainability practices. With careful planning and teamwork, you’ll not only meet regulatory requirements but also strengthen your long-term business strategy.

‍

‍

If you want to learn more about CSRD, we recommend our DMA Master Class course.