The European Union is introducing a new set of rules covering all three pillars of ESG (environmental, social and governance). The main regulations in force include: CSRD (Directive on Corporate Sustainability Reporting, Directive 2022/2464/EU), CSDDD (Directive on responsible business conduct – due diligence, Directive 2024/1760/EU) and EU taxonomy (Regulation 2020/852 on sustainable economic activities).

• CSRD significantly expands sustainability reporting obligations for companies – replaces the older NFRD. Covers all E/S/G aspects – companies must regularly disclose environmental (e.g. emissions, climate targets, pollution, resource consumption), social (human rights, working conditions, diversity) and governance information (management practices, ethical policies) in their sustainability report. The “double materiality” approach means that companies describe the SUSTAINABILITY risks that threaten them, as well as their own impact on the environment and society. From 2023, mandatory ESRS standards (European Sustainability Reporting Standards), which harmonize the form and content of this report.
• CSDDD (in full force from 25.7.2024, transposition by July 2027) introduces mandatory due diligence responsibility for human rights and the environment in global supply chains. Companies of all sizes must identify and prevent (or mitigate) the actual or potential negative impacts of their own and suppliers' activities on the environment and working conditions. Large companies must adopt an action plan to mitigate climate change (in line with the 2050 objective and the EU's cross-cutting objectives). The CSDDD also enshrines complaint mechanisms and legal liability - in case of insufficient due diligence, companies may face civil liability for damages.
• EU taxonomy (Regulation 2020/852) defines which economic activities are environmentally sustainable (focused mainly on climate mitigation and adaptation objectives, gradually supplemented by water, circular economy, pollution, biodiversity). Companies subject to the CSRD must report what proportion of their turnover or investments is in line with the taxonomy ("Taxonomy-aligned"). This information is included in the sustainability report (mainly in section E), thus providing an overview for investors about the greenness of the business. The taxonomy is part of a wider framework of "sustainable finance" including the SFDR regulation (from 2021 for financial markets).

In addition, there are other relevant measures: NFRD (2014/95/EU) was replaced by the CSRD, Whistleblower protection (Whistleblower Directive 2019) strengthens governance, preparations of the EU Social Market Economic Policy (e.g. Board Diversity, Pay Transparency), EU regulation against deforestation (EUDR 2023) etc. These often complement ESG requirements (e.g. EUDR obliges companies to ensure that their products do not come from illegally deforested areas).

Prepared and proposed legislative measures

The EU continues legislative initiatives to simplify and expand ESG obligations:

• Omnibus package (February 2025) – The Commission has put forward proposals to amend the CSRD and CSDDD to reduce the administrative burden, in particular for smaller companies. The proposed changes include a shift of deadlines by 1-2 years: for example, SME issuers (those with listed securities) will only have to report from 2028 (instead of 2026). It is also proposed to postpone the first application of the CSDDD by one year. The aim is to focus the obligations on really large companies, while giving smaller companies more time to prepare.
• Social taxonomy – The EU is exploring extending the taxonomy to social objectives (e.g. labour rights, inclusion, education). Consultations by the Sustainable Finance Platform and the European Economic and Social Committee highlight the need to define criteria for “social sustainability”. While final legislation does not yet exist, further discussion and possible regulation are expected in the medium term.
• Other initiatives – Other measures in the pipeline include, for example, a proposal for a directive on “green” (environmental) claims for consumers, strengthening the integration of ESG into corporate governance (e.g. directives on remuneration disclosure or employee representation) and revisions of the taxonomy. For example, the Commission plans to finalise delegated acts on the taxonomy for water objectives, sustainability – and update the criteria, including for gas and nuclear. These proposals are still awaiting approval.

Requirements according to company size

EU law differentiates obligations according to the size of the enterprise (micro, small, medium, large, as defined in Article 3 of the Accounting Directive). The basic thresholds are (supplemented by indexation):

• Microenterprise: ≤10 employees, ≤€900 thousand in sales, ≤€450 thousand in assets.
• Small business: ≤50 employees, ≤€10 million in sales, ≤€10 million in assets (newer euro adjustment).
• Medium-sized enterprise: ≤250 employees, ≤€50 million in sales, ≤€25 million in assets.
• Big business: exceeds at least two of the upper SME limits (i.e. employees >250 and/or sales >€50 million, assets >€25 million).

CSRD by size: Full obligations are applied by large companies. In practice, this means:

• From 2024, reporting will be introduced for public entities (PAE) and companies with >500 employees, turnover >€50 million and assets >€25 million.
• From 2025, expansion to the rest are big companies (i.e. meeting ≥2 of 3 thresholds: 250 employees, €50M turnover, €25M assets).
• From 2026, mandatory reporting also for small and medium issuers (SME – from published securities, excluding micro-enterprises), with the possibility of a two-year deferral.
• Microenterprises are basically exempt from reporting (are exempted).
  Example: A company with 300 employees and a turnover of €60 million is considered large (two of the thresholds) and must report from 2025. A private retail company with 20 employees and a turnover of €5 million is an SME and does not have to report (unless it is an issuer of shares).

CSDDD by size: The scope includes only very large companies: EU companies (with legal form sro, as, etc.) with >1000 employees and turnover >€450 million. (global). Foreign companies with more than €450 million in EU turnover are also included. Smaller companies (micro, small/medium) are not directly subject to the CSDDD obligation.

Taxonomy and others: Companies subject to the CSRD must report taxonomy compliance data, regardless of whether they are large or SME – if they fall within the scope of the CSRD. Smaller companies outside the CSRD (micro/SME) do not have these obligations, even if they are indirectly affected (investors or large customers will call on them for data).

Implementation obligations

Businesses covered by the legislation must implement specific processes and internal controls:

• ESG reporting: The company will prepare sustainability report as part of the management report (business report) for the year. According to the CSRD, this report is submitted electronically in a single format (XHTML). It is to be published 4 months after the end of the year and is then sent to the European Financial Data Access Point (ESAP). It contains detailed information according to ESRS standards: e.g. climate targets, emissions, biodiversity, working conditions, human rights, supplier impacts, corporate governance, etc. (each ESG pillar has its own module). Companies must demonstrate that they responsibly evaluate and report their environmental and social impacts, as well as measures (plans) to manage them (e.g. climate plan).
• Audit / independent verification: The data in the sustainability report must be verified by an independent provider (either internal audit or auditors). The CSRD requires first a level limited certainty (limited assurance) and from 2028 the transition to full certainty (reasonable assurance). Verification is carried out by a state auditor or an accredited verification service provider, according to European standards. The strengthening of the audit is a new element - for comparison, the older NFRD directive did not have external verification.
• Due diligence processes: Companies within the scope of the CSDDD must systematically implement a process for assessing impacts in their supply chains. This includes internal policies, mapping risk areas (e.g. suppliers in areas with high risk of human rights violations), adopting preventive and corrective measures (e.g. switching to greener inputs, improving working conditions in factories), as well as engaging stakeholders (dialogue with communities, redressing grievances). Large companies must also develop plan to achieve carbon neutrality by 2050 in line with the Paris Agreement. The requirements also include a complaints and redress mechanism to allow businesses to address actual negative impacts.
• Disclosure of information: In addition to the main sustainability report, there are also obligations to disclose detailed data on compliance with the Taxonomy (Article 8 of the Taxonomy). These are integrated into the environmental part of the report (e.g. the share of turnover from taxonomy-aligned activities) and are subject to audit verification. The disclosed information covers all ESG topics (climate strategies, risks, indicators and targets) and guarantees transparency for investors and the public.
  From a technical perspective, reported data must be tagged using a uniform digital taxonomy (XHTML tagging).
• Differences by size: For microenterprises and large parts WE There are no direct responsibilities; however, they are usually expected to be sensitive to the demands of their partners. Medium-sized companies (if not listed) remain outside the scope of the rules. Only large companies (and addressed SME issuers) have a complete set of obligations (report, audit, due diligence). Examples: A multinational corporation (thousands of employees) will be required to implement the entire ESG framework – reporting according to the CSRD, verifying data, conducting due diligence and a climate plan. On the other hand, a family business with 5 employees may not have to voluntarily apply it. A smaller publicly traded company (e.g. with 30 employees) will be under the CSRD (from 2027) and will only apply reporting (but not the CSDDD, if it does not meet the higher thresholds).

The overall EU ESG reporting framework will therefore define obligations mainly for the largest companies, with micro and small companies being exempted in most areas. Organisations should measure their size against threshold criteria (employees, turnover, assets) and prepare accordingly for the need to implement internal ESG reporting, auditing and due diligence systems. Official guidance and implementation documents (including ESRS guidelines, OECD tools and Commission guidance) will help companies understand the specific requirements and anticipate their commitments in the area of sustainable business. Spring

Sources: Official EU documents and specialist analyses, such as the CSRD Directive, CSDDD, EU taxonomy and accompanying materials from the European Commission, set out precise threshold criteria and timelines that companies must meet, in line with their size and legal status.