The Corporate Sustainability Reporting Directive (CSRD) introduced new requirements for companies established or operating in the EU to report on a wide range of sustainability matters, including environmental, social, human rights and governance topics.
Its reach extends well beyond the EU - companies around the world can be caught:
- directly, if they have listed securities in the EEA or have sufficiently large EU operations; or
- indirectly, if they sit in the value chain of a company that is in scope.
In this blog post, we consider how the CSRD is expected to impact companies outside the EU. For more information about the CSRD as a whole, see our CSRD Quick Guide.
Key takeaways
Companies need to reassess their CSRD scoping following Omnibus I changes. The Omnibus I Directive has changed the CSRD’s scope and timelines. Companies that assessed their obligations before March 2026 should revisit that analysis under the revised rules, as some previously in-scope companies may now fall out.
Non-EU parent companies will face tailored reporting standards. Non-EU ultimate parent companies that are in scope can report under dedicated standards (N-ESRS), which are expected to be purely impact-focused and narrower in scope than the main European Sustainability Reporting Standards (ESRS). The N-ESRS are still in development, with consultation expected from July 2026.
In-scope non-EU companies should start preparing now. Although both the main ESRS and N-ESRS are still being updated or in development, and no equivalence decisions have been taken yet on non-EU sustainability reporting frameworks, companies not yet reporting under the CSRD should begin mapping their data gaps, assurance arrangements and governance structures now, rather than waiting for the final standards to be adopted.
Companies outside the CSRD scope should prepare for value chain data requests. Companies that fall outside the direct scope of the CSRD are likely to receive requests for sustainability data from in-scope EU customers and business partners. Building sustainability data collection capabilities now will put companies in a strong position to respond when those requests arrive.
Watch for conflicts between ESRS and local standards or laws. The European Financial Reporting Advisory Group (EFRAG) has published interoperability guidance on the alignment of the ESRS with the ISSB standards (the latter being used across many non-EU jurisdictions), but meaningful differences remain - notably in the approach to materiality and available reliefs. In some jurisdictions, domestic rules may create direct tensions with CSRD that will need careful navigation.
Background
The CSRD entered into force in 2023, and EU Member States had until 6 July 2024 to transpose it into national law. Some Member States have not met this deadline and are yet to implement the rules.
In the meantime, a number of changes have been made to the CSRD as part of the EU Omnibus simplification initiative, aimed at reducing the regulatory burden on companies operating in the EU. The Omnibus I package consists of two separate Directives:
the “Stop-the-Clock” Directive, which delayed by two years the application of the CSRD for in-scope companies that had not yet started reporting (so-called “second wave” and “third wave” companies); and
the Omnibus I Directive, which made more substantial changes to the CSRD, including changes to the scoping and timing rules.
The Stop-the-Clock Directive came into force in April 2025, and the Omnibus I Directive came into force on 18 March 2026.
Both Directives need to be transposed by the different EU Member States (see our Transposition Tracker).
Who does it apply to and when?
As well as EU companies meeting the relevant thresholds, the CSRD reporting obligations, as amended by the Omnibus I package, apply to the following non-EU companies:
Non-EU issuers (i.e., entities with equity or debt listed on a European Economic Area (EEA) regulated market) which on an individual or group basis have:
more than EUR 450 million net turnover; and
more than 1,000 employees on average during the financial year.
Some non-EU issuers may already have started reporting under the CSRD if they fell within the "first wave” of companies subject to the reporting requirements before the Omnibus I amendments. Even if they would fall out of scope under the revised tests, they will need to continue reporting until (and excluding) the financial year starting on or after 1 January 2027, unless the relevant Member State opts to exempt them.
Non-EU issuers that did not fall within the first wave will need to start reporting in 2028 (in respect of the financial year starting on or after 1 January 2027).
Non-EU ultimate parent companies that have:
more than EUR 450 million net turnover generated in the EU (individually or on a consolidated basis) for each of the last two consecutive financial years; and
an EU subsidiary or, where there is no such EU subsidiary, a branch in the EU with more than EUR 200 million net turnover in the preceding financial year.
The reporting obligations will fall on the relevant EU subsidiary or branch which pulls the non-EU ultimate parent company into scope. These companies will need to report under Article 40a of the Accounting Directive (as amended by the CSRD) and will need to start reporting in 2029 (in respect of the financial year starting on or after 1 January 2028). EFRAG estimates that around 1,200 non-EU companies would be caught by this category.
It is possible that groups will be caught by both reporting obligations, requiring reports with different contents and scopes to be prepared. There are, however, options to provide for more extensive voluntary reporting at the ultimate group level to avoid such situations.
What are the main exemptions?
Subsidiaries do not have to report on an individual basis if they and their subsidiaries are included in the consolidated disclosures of their parent prepared pursuant to the more extensive ESRS or in a manner deemed equivalent, and to the extent certain formalities and conditions are complied with. This also applies to EU subsidiaries of a non-EU parent, provided again that the consolidated disclosure is prepared in accordance with the more extensive ESRS or in a manner deemed equivalent by the European Commission. No equivalence decisions have been made so far.
“Financial holding undertakings” whose sole object is to acquire holdings in other undertakings and to manage such holdings and turn them to profit, without involving themselves directly or indirectly in the management of those undertakings (without prejudice to their rights as shareholders) if their subsidiaries have business models and operations that are independent from one another, also do not have to report. The Recitals to the Omnibus I Directive make it clear that the intention was for this exemption to be interpreted narrowly, and transposition of this exemption into Member State laws will need to be carefully monitored. Additionally, it is indicated that financial holding undertakings should only have this option where they have diverse holdings, namely in undertakings whose business models and operations are independent of one another. This excludes cases where those latter undertakings are closely interconnected through their business activities, for example when the activities of one subsidiary enable or directly support the activities of another subsidiary. Finally, it is clarified that this option does not affect any reporting obligations that may apply to other undertakings in the group.
What does the CSRD require?
The CSRD requires in-scope companies to report in accordance with mandatory European Sustainability Reporting Standards (ESRS).
The ESRS were developed by EFRAG and approved by the European Commission as a Delegated Act to the CSRD.
The ESRS require companies to apply a “double materiality” perspective when making sustainability disclosures. This means reporting both on a company's impacts on people and the environment, and on how social and environmental issues create financial risks and opportunities for the business.
The current ESRS contain:
two cross-cutting standards: ESRS 1 (General Requirements) and ESRS 2 (General Disclosures); and
topical (sector-agnostic) standards:
five standards related to the environment (climate, pollution, water and marine resources, biodiversity and ecosystems and resource use and circular economy);
four social standards (own workforce, workers in the value chain, affected communities and consumers and end-users); and
one standard on governance (business conduct).
ESRS 1 sets general principles to be applied when reporting under all of the ESRS and does not itself set specific disclosure requirements. ESRS 2 specifies essential information to be disclosed irrespective of which sustainability matter is being considered. ESRS 2 is mandatory for all in-scope companies.
All the other ESRS and the individual disclosure requirements and datapoints they contain are subject to a materiality assessment. This means that the entity will need to report only relevant (material) information and may omit information that is not relevant for its business model and activity. In addition, some datapoints will only be triggered if certain conditions apply.
The European Commission is in the process of simplifying the existing (non-sector-specific) ESRS, including by substantially reducing the amount of specific information that in-scope entities are required to disclose. The Commission launched a consultation on the revised ESRS, which closed on 3 June 2026. Adoption of the revised ESRS is planned for the second quarter of 2026, with the full legislative process expected to be finalised by the end of 2026.
The CSRD also requires the Commission to adopt tailored standards for reporting to be prepared by non-EU ultimate parent companies under Article 40a of the Accounting Directive (N-ESRS). According to the EFRAG Work Programme, EFRAG intends to consult on the draft N-ESRS from July to October 2026 and that this will feed into technical advice to be delivered to the Commission by January 2027.
EFRAG confirmed during a recent meeting on 16 June that the N-ESRS will be purely impact-focused, meaning it explicitly excludes any reporting on sustainability-related risks, opportunities, resilience of the business model, and principal dependencies. Financial information is not excluded outright but may only be included where it is necessary to give the reader context to understand the impact being reported. This would also mean that preparing a report pursuant to the N-ESRS would not allow subsidiaries otherwise subject to the CSRD in their own right to be exempted from reporting.
What is the “value chain cap”?
Even where a non-EU company does not fall directly within the scope of the CSRD, it may be affected indirectly if it forms part of the value chain of an in-scope company subject to CSRD reporting obligations.
To fulfil their sustainability reporting requirements under the ESRS, in-scope companies must report on certain value chain information, which may require them to obtain sustainability data from suppliers and other commercial counterparties, the so-called "trickle-down" effect.
The Omnibus I Directive introduced a new "value chain cap" to limit this trickle-down effect. Companies with 1,000 or fewer employees ("protected undertakings") can decline to provide sustainability information beyond what is required by a voluntary sustainability reporting standard to be adopted by the Commission. Where a CSRD-reporting company requests information in excess of that, it must clearly identify which items exceed the cap and notify the counterparty of its right to refuse.
Accordingly, non-EU companies with 1,000 or fewer employees that receive sustainability data requests from in-scope counterparts should be aware that such requests are capped by the voluntary standard, and that they retain a statutory right to decline any requests exceeding it.
The Commission launched a consultation on the voluntary reporting standard in parallel with the main ESRS consultation, which also closed on 3 June 2026. The plan is to adopt the standard in the second quarter of 2026 and finalise all legislative procedures by the end of 2026.
What is required in relation to transition plans?
The CSRD requires in-scope companies to disclose a transition plan for climate change mitigation, if they have one. The ESRS set out more detail on what should be disclosed.
Under the current ESRS, the disclosure must include - by reference to the company’s greenhouse gas (GHG) emission reduction targets - an explanation of how those targets are compatible with limiting global warming to 1.5°C in line with the Paris Agreement. If a company does not have a transition plan, it must disclose whether and, if so, when it intends to adopt one. The proposed revised ESRS would require companies whose transition plan targets are not compatible with the 1.5°C goal to be transparent about that gap.
The Corporate Sustainability Due Diligence Directive (CSDDD / CS3D) originally required in-scope companies to produce transition plans. However, that requirement was removed as part of the Omnibus I changes. For more information, see our CSDDD Quick Guide.
Do sustainability reports need third-party assurance?
A sustainability report prepared under the CSRD by the EU companies and non-EU issuers must be published together with the “limited assurance” opinion of a statutory auditor or, if the relevant EU Member State allows it, an independent assurance services provider.
Non-EU issuers can also use a non-EU auditor subject to certain conditions. The Omnibus I Directive introduced a transitional regime from 2025 to 2030 under which third-country auditors issuing assurance opinions on non-EU issuers’ sustainability report benefit from simplified registration conditions.
The assurance opinion on the consolidated sustainability report of the non-EU parent may be expressed by a person or firm authorised under the national law of such non-EU parent to give an opinion on the assurance of sustainability reporting, provided that certain conditions are met.
The CSRD (as amended by Omnibus I) requires the European Commission to adopt limited assurance standards by 1 July 2027.
What are the consequences of non-compliance?
The applicable sanctions will depend on the implementing legislation of the relevant EU Member State.
The CSRD requires Member States to provide for "effective, proportionate and dissuasive" penalties for infringements of national legislation adopted in accordance with the CSRD.
How does the CSRD interplay with the disclosure standards in other countries?
Important questions remain about the interoperability of the CSRD reporting obligations and the ESRS with other sustainability reporting standards - in particular with the standards (IFRS S1 and S2) developed by the International Sustainability Standards Board (ISSB), given that more than 30 jurisdictions have adopted the ISSB standards or are taking steps to introduce them into their own frameworks (albeit with national variations).
In the APAC region, this includes (but is not limited to) Japan, Singapore, Hong Kong SAR, South Korea, Malaysia, Thailand, the Philippines, mainland China and Australia.
The UK formally endorsed the ISSB standards for voluntary use in February 2026, with some minor amendments. This was done via the UK Sustainability Reporting Standards (UK SRS). At present, use of the UK SRS is voluntary but the UK is consulting on whether to make this mandatory for listed and other types of companies. For more information, see our UK SRS Quick Guide.
In the US, some states have developed (or are in the process of developing) their own climate disclosure rules such as California and New York. For more information, see our California Quick Guide and New York Guide Guide.
EFRAG has published interoperability guidance illustrating the alignment between the ISSB standards and the ESRS, explaining how companies can comply with both sets of standards, with a particular focus on climate-related reporting.
As part of the revised ESRS, several changes have been proposed to enhance compatibility with ISSB standards. These include framing ESRS as a “fair presentation” framework, aligning terminology for common provisions, and adopting certain ISSB reliefs, such as exemptions where reporting would involve undue cost or effort. The Commission's view is that the revised ESRS enhance interoperability with international standards to the maximum extent compatible with the simplification objective. For more information, see our blog post.
Even with improved alignment, differences however remain, notably in the approach to materiality and certain reliefs, and companies will need to navigate these carefully.
What do non-EU companies have to consider?
The practical implications will differ depending on a company's relationship with the EU: through a listing, a group structure, or commercial relationships with EU counterparties.
Any group with a presence or activities in the EU, securities listed on an EEA regulated market, or significant commercial relationships with EU businesses should review its group structure and business activities to identify which entities, if any, fall within the CSRD's reporting requirements as amended by the Omnibus I Directive, and when those obligations begin, or how the group could otherwise be required to provide sustainability information to their counterparts.
For in-scope companies
Decide on reporting architecture (entity vs consolidated). Non-EU groups with several in-scope EU subsidiaries need to decide whether to let each subsidiary publish its own CSRD/ESRS report or to centralise reporting at parent level, thereby making use of the subsidiary exemption. This choice affects governance, internal reporting lines, and where in the organisation the sustainability statement will sit. Formalities for exemption will also need to be considered.
Consider N-ESRS vs ESRS strategy. Where a non-EU group is in scope only as a “non-EU group” under Article 40a and has no large EU subsidiaries reporting, using N-ESRS may reduce the reporting burden but also narrows interoperability with EU peers. Voluntarily adopting the full ESRS may better position the group with EU investors but requires a more extensive reporting infrastructure and assurance requirements.
Participate in N-ESRS consultations. The number of non-EU companies in scope of the CSRD is small compared to EU-based reporters, but their business models, regulatory environments and data constraints can differ significantly to those of EU groups. Without active engagement, there is therefore a risk that standards will be designed primarily around European realities. Non-EU companies should engage early and actively in consultations through industry associations and by submitting concrete, technical feedback on feasibility, timelines and interoperability with home country rules, so that their specific challenges and priorities are taken into account in the final N-ESRS architecture.
Define board and management oversight. Non-EU companies need to allocate clear responsibilities for sustainability reporting at board and senior management level, including through committee charters or terms of reference. This usually means integrating ESG matters into regular board agendas, establishing escalation lines for ESG risks, and, where relevant, aligning remuneration and KPIs with CSRD objectives.
Align internal policies and operating model. Companies should review and, where needed, update key policies (e.g. codes of conduct and policies on human rights, climate, anti-corruption and supply chain) to ensure they support the disclosures and targets that will appear in the sustainability report.
Double materiality and strategy alignment. A challenge we have seen in practice is companies and groups to move from traditional single-materiality to a CSRD-compliant double materiality assessment, which combines impact and financial perspectives with stakeholder engagement and a documented methodology. Companies need to define criteria, thresholds and governance for materiality decisions, document the process carefully, and ensure the outcome directly drives selection of ESRS topics and metrics in the report.
Map current data landscape and gaps. Non-EU companies should map what ESG data they currently collect (scope 1 - 3 emissions, workforce, supply chain, governance metrics, etc.), who owns it and how reliable it is, against CSRD and ESRS/N-ESRS requirements. This gap analysis should cover availability, quality, granularity, audit trail and system support.
Prepare for assurance. Companies should engage external auditors early, well before the sustainability report is finalised, to align on the scope of the assurance review and data requirements. Starting this process in advance gives companies time to address auditor findings ahead of the first mandatory assurance year.
Plan for interaction with other regimes. Non-EU companies and groups already subject to sustainability reporting obligations under other frameworks should design a shared materiality and data framework that can serve multiple regimes efficiently.
Monitor Member State transposition and sanctions. The CSRD is implemented via national law, so non-EU groups should monitor the specific requirements and sanction regimes in the Member States where they operate or have listed securities. Differences may arise in, for example, scope interpretations, filing processes, language requirements and levels of fines or director liability for non-compliance.
Address contractual and liability implications. CSRD disclosures may influence existing contracts where sustainability KPIs, representations and warranties or covenants are embedded. Legal, finance and sustainability teams should coordinate to ensure consistency between CSRD disclosures and contractual commitments, reducing litigation and greenwashing risks.
For companies out of scope
For non-EU companies not in scope of the CSRD, the main issue is being “pulled in” via customer and investor requests. Here are some practical actions to consider.
Prepare for value chain data requests. In-scope EU companies and groups will increasingly send ESG questionnaires to collect the data they need for their own CSRD reporting. These information requests are likely to be embedded in RFPs, supplier onboarding, annual vendor reviews and loan covenants. Non-EU companies should be prepared to negotiate the scope, frequency and format of such requests. Proactively offering a standard ESG information pack, instead of answering every bespoke question in full, can keep the workload manageable and ensure consistency in information sharing, while still supporting customers’ CSRD compliance.
Contract clauses. Non-EU companies should anticipate contractual clauses requiring them to provide sustainability data on request, notify of breaches of ESG policies, and commit to minimum standards (e.g. environmental, labour, anti-corruption). They should also monitor how sustainability scoring is used in their key customers’ procurement processes and adapt their ESG responses as this can directly impact their ability to win or retain EU business.
Consider voluntary reporting. Adopting a recognised framework such as the voluntary standard to be adopted by the Commission makes it easier to respond consistently to diverse data requests and present information in a format that EU customers and lenders recognise.
Work on ESG data systems and management. Even limited, customer driven, reporting requires a clear process and responsibility for collecting ESG data and to answer requests. Non-EU companies should map what data they already hold (e.g. energy consumption, waste, headcount, diversity, health and safety incidents) and where it sits across the business, then establish a data management process focused on the metrics customers most frequently request.
Codify ESG policies. CSRD questionnaires often ask about the existence and implementation of policies (for example on climate, human rights, anti-corruption and supply chain). Non-EU companies should ensure they have at least baseline written policies that can be shared or summarised in response to customer due diligence requests. Where policies exist informally, codifying them helps demonstrate to EU business partners that risks are managed systematically.
Using CSRD as a lever for improvement
Beyond compliance, non-EU companies can use the CSRD process to surface risks and opportunities across their business such as energy use, supply chain, workforce issues and climate resilience. This can then inform capital allocation and strategic decisions. Framing CSRD internally as a tool for value creation, not merely a reporting obligation, makes it easier to secure leadership buy-in and justify the necessary investment in data and systems.
Challenges for sharing ESG data across borders
Some non-EU jurisdictions are becoming a constraint, because they restrict or politically contest the kind of sustainability data their companies can share with foreign regulators and counterparties, especially when it touches on value chains, human rights or geopolitically sensitive sectors. Divergent regulatory agendas create a risk that companies are pulled between conflicting expectations. Companies need to assess where sharing certain ESG data could trigger sanctions issues, local political backlash, data sovereignty rules or even cyber espionage risks, and design governance so that cross border ESG transparency is aligned with their overall geopolitical and security strategy.
In the United States, for example, several states and industry groups challenged the federal climate disclosure rules, which the federal administration is now taking actions to formally rescind (see our client briefing). “Anti ESG” narratives, which have intensified significantly since January 2025, have made some firms wary of appearing to submit to EU driven standards, even while global investors and EU customers demand CSRD compatible information.
Businesses with China operations should be aware that in March 2026, the Chinese government introduced the Regulations on the Security of Industrial and Supply Chains (Decree 834) to help enhance supply chain security (for more information, see our blog post). The new rules stipulate that any supply-chain-related information collection activities, if in violation of Chinese laws and regulations, shall be subject to corresponding measures taken by the relevant authorities in accordance with the relevant provisions. Third-party due diligence and ESG audits are likely to be captured by this provision, which means that any foreign enterprise or its PRC subsidiaries conducting such activities within China must strictly comply with China’s laws. Given the potential restrictions on information-gathering, multinationals conducting supply chain audits and due diligence should consider reviewing how their data collection processes are structured to minimise exposure.
Further reading
/Passle/5f6c57568cb62a0d7c9eadee/SearchServiceImages/2026-01-28-14-47-21-400-697a2179e8715be98458d80a.jpg)
/Passle/5f6c57568cb62a0d7c9eadee/SearchServiceImages/2026-06-16-16-27-45-581-6a31798103345ef073015cd7.jpg)
/Passle/5f6c57568cb62a0d7c9eadee/MediaLibrary/Images/2025-01-15-13-59-32-056-6787bf44ab56ae4f199ac135.jpg)
/Passle/5f6c57568cb62a0d7c9eadee/SearchServiceImages/2026-06-16-14-10-47-070-6a3159671b24d2a7505b299b.jpg)
/Passle/5f6c57568cb62a0d7c9eadee/SearchServiceImages/2026-06-16-10-04-29-051-6a311fad36440f76103ab3e2.jpg)