Updated 23 April 2026 — integrates Stop-the-Clock (April 2025) and the Omnibus I directive (OJEU, 26 February 2026).
Half of the CSRD decks still circulating in audit committees in 2026 cite the 250-employee threshold, the original wave-2 deadline, and listed SMEs reporting from FY 2026. All three are now wrong. The European legislator has rewritten the calendar twice since the directive was first published — once to stop the clock, once to raise the threshold — and the operational picture looks very different from what compliance officers were briefed on in 2023.
This page walks through what Directive (EU) 2022/2464 actually says as of April 2026 — after two amendments, one set of ESRS, and the first year of real-world filings. We cite articles, not commentary, but we do not pretend that the directive reads itself. There is a difference between what the text imposes and what auditors are already asking for in practice, and this is where most of the confusion sits.
Editorial note. We link every fact to EUR-Lex or Légifrance. In case of any difference between a summary on this page and the consolidated text, the official text prevails — that is the lawyer's reflex, and it is also what Article 51 of the amended Accounting Directive expects from us. Our reading of the text is exactly that: a reading. If you need to rely on a precise wording for a board decision, open the ELI link and read the article yourself.
What CSRD actually is — a directive that rewrites four other acts
CSRD is a short directive. The body runs six articles. Nothing in the six articles directly tells a company what to disclose. The substance sits in what CSRD amends — the Accounting Directive 2013/34/EU, mainly, with knock-on changes to the Transparency Directive, the Audit Directive, and the Audit Regulation.
Why this matters: if you search the CSRD for "double materiality" or "Article 19a", you will not find either in the CSRD itself. You will find them in the amended Directive 2013/34/EU, which is where CSRD inserts them. The practical consequence is that the text you should be reading day-to-day is the consolidated Accounting Directive, not CSRD. CSRD is the vector; the Accounting Directive is the destination.
| CSRD article | What it actually does |
|---|---|
| Art. 1 | Amends the Transparency Directive 2004/109/EC — reporting obligations for issuers on regulated markets |
| Art. 2 | Amends the Audit Directive 2006/43/EC — gives statutory auditors a role in assuring sustainability statements |
| Art. 3 | Amends the Accounting Directive 2013/34/EU — this is the operational core; everything substantive sits here |
| Art. 4 | Amends the Audit Regulation (EU) No 537/2014 — extends public-interest-entity audit rules to sustainability |
| Art. 5 | Transposition deadline — 6 July 2024 |
| Art. 6 | Entry into force — 5 January 2023 (20th day after publication on 16 December 2022) |
There are two corollaries auditors latch onto. First, because CSRD amends rather than replaces, every sustainability obligation sits alongside pre-existing financial obligations in the same directive — and the statutory auditor's mandate is widened accordingly. Second, Member States had until 6 July 2024 to transpose. France did it seven months early, in December 2023. Germany and Italy missed the deadline and got infringement letters. Poland pushed a transposition law through in June 2024. The transposition quality varies, and that matters: the Accounting Directive leaves about a dozen options to Member States, and those options produce real differences in national regimes.
The articles you will actually cite
Inside the amended 2013/34, the articles that come up in every board meeting, every audit planning session, and every ESG vendor pitch are the following. We have read the consolidated text and stripped the cross-references for clarity.
Article 19a — the core obligation
Article 19a is the one you will cite most often. It says, in substance: large undertakings and parent undertakings of large groups must include a sustainability statement in their management report. That statement must cover environmental, social and human rights, and governance factors, and it must be prepared in line with the European Sustainability Reporting Standards (ESRS). The scope of what has to be disclosed includes the undertaking's business model, strategy, policies, targets, due diligence processes, and — this is the piece that catches people off guard — the principal actual or potential adverse impacts connected with the undertaking's own operations and its value chain.
That value-chain extension is where the directive bites hardest. A mid-cap industrial group with 800 employees and a supplier base of 3 000 SMEs across 40 countries is, in practice, being asked to gather data from suppliers that have no sustainability team and no ESG controller. The directive does not say "go get primary data from every tier-3 supplier". It says, at Article 19a(3), that information about the value chain "shall not be required for the first three years of application" — a phase-in. Auditors read that phase-in strictly: after three years, the data has to come from somewhere. Most groups are already building the supplier data collection machinery now, because retrofitting it in 2027 is a known operational nightmare.
Article 29b — double materiality, written into the law
Double materiality used to be an EFRAG concept. Article 29b of the amended Accounting Directive turned it into binding EU law. Companies must disclose both impact materiality (how the company affects people and the environment — inside-out) and financial materiality (how sustainability matters affect the company — outside-in). You cannot pick one. The matrix has to be produced, documented, reviewed with stakeholders, and re-assessed every reporting cycle.
In practice, this is where most wave-1 filers in 2025 got their assurance engagement notes. Auditors consistently flagged materiality assessments that were too abstract, too top-down, or not evidenced by stakeholder consultation. If you are preparing for FY 2025 or later, plan the materiality assessment as a two-to-three-month process involving operations, procurement, HR, and an external stakeholder panel. Treat it as a project, not a workshop.
Article 29d — XBRL tagging (and why it will quietly reshape your data stack)
Under Article 29d, the sustainability statement must be tagged in the single electronic reporting format (ESEF), with a sustainability-specific taxonomy that the Commission is still rolling out incrementally. This is the Scope E1-to-G1 analogue of the XBRL tagging already in force for financial statements.
Why it matters beyond IT: ESEF tagging forces you to commit to a specific number. You cannot report "approximately 2 000 tonnes" when the taxonomy demands a numeric datapoint with a specific unit of measure. Companies that have outsourced their sustainability reporting to PDFs generated by a consultant are discovering that the tagged version needs a data governance layer underneath. We see this converge towards the same tooling used for statutory ESEF compliance — NetSuite, Workiva, Lucanet, and the big-four proprietary platforms — not the standalone ESG SaaS that dominated the 2023 buying cycle.
Article 34 — assurance
The sustainability statement must be independently assured. The initial standard is limited assurance — a negative-form conclusion, roughly: "nothing has come to our attention that would lead us to believe the statement is materially misstated". The Commission is empowered, by delegated act, to raise the bar to reasonable assurance, which is the same level as the financial audit opinion.
The timetable for that shift is not fixed in the directive. In practice, Big Four assurance partners we have talked with expect reasonable assurance to become mandatory somewhere between FY 2028 and FY 2030, depending on Commission appetite and ESRS maturity. Between now and then, limited assurance is the practical floor — and it is enough to require a defensible audit trail for every material datapoint in the sustainability statement. This is the operational cost that gets under-budgeted: assurance fees for a mid-cap tend to run 20–40% of the annual financial audit fee, and reasonable assurance would double that.
Article 40a to 40d — the extraterritorial reach
If you are a non-EU parent group with more than €150M net turnover in the EU and at least one EU subsidiary or branch, CSRD catches you. Article 40a creates a specific regime for third-country undertakings, applicable from FY 2028 for reports in 2029. The standards used in this case are a specific set of ESRS for third-country reporting, which the Commission is drafting separately.
US-headquartered groups with meaningful EU footprints are the obvious population here. In our client conversations, Japanese and Swiss holding companies are also quietly preparing, because the EU revenue threshold is easy to hit and the reputational cost of visibly ducking EU disclosure is higher than the compliance cost of just doing it.
ESRS — what the directive does not contain, and where the real rules live
CSRD does not spell out what you have to disclose. It empowers the Commission to adopt delegated acts that contain the reporting standards. The first such act is Commission Delegated Regulation (EU) 2023/2772 of 31 July 2023 — the ESRS. Twelve standards, roughly 450 datapoints depending on how you count, adopted through the delegated-act procedure that lets the European Parliament and Council veto but not amend.
The 12 standards split into two cross-cutting ones (ESRS 1 on general principles, ESRS 2 on minimum disclosure requirements) and ten topical ones: five environmental (E1 climate, E2 pollution, E3 water, E4 biodiversity, E5 resources and circular economy), four social (S1 own workforce, S2 workers in the value chain, S3 affected communities, S4 consumers), and one governance (G1 business conduct).
ESRS E1 is the standard you will hear the most about — partly because climate is where the regulation has teeth, partly because it is the standard with the most concrete datapoints (Scope 1/2/3 GHG emissions, transition plans, climate-related targets, financial effects of physical and transition risks). E1 alone can take 4–6 months to implement for a company that has never done a Scope 3 inventory. We covered the digital-emissions angle — the intersection between E1 and website carbon footprint — in our CSRD digital sustainability guide.
One practical point the ESRS fights about in every audit: the materiality assessment determines which topical standards are mandatory. If S3 (affected communities) is not material — and for many services businesses it genuinely is not — you do not disclose it. But you have to document the materiality reasoning. "Not material" without a paper trail is not an acceptable defence, and EFRAG's post-implementation reviews confirm this is where most first-year filers got flagged.
SCOPE 3 — ESRS E1 · DIGITAL EMISSIONS
Your website emissions must enter the ESRS E1 inventory. Most companies miss this.
Carbon Badge measures any URL against the Sustainable Web Design Model v4 (SWDM v4) — the methodology EU assurance partners accept. Per-URL CO₂ in grams, annual totals in kg, hosting green-factor audit. Output format matches what CSRD auditors already ask for.
Run a free scan → See Business planThe 2025 rewrites — Stop-the-Clock and Omnibus I
This is the part where most 2023-vintage slide decks go out of date. The European legislator has adjusted the CSRD calendar and scope twice since adoption, and the current picture is not what the original directive laid out.
Stop-the-Clock (April 2025)
The Stop-the-Clock directive was adopted by the Council on 14 April 2025. The political driver was pragmatic: wave 2 was due to report in 2026, ESRS implementation was lagging, and the Commission had not yet issued the sector-specific standards that were supposed to follow the cross-cutting set. Forcing wave 2 into the water without clarity on several unresolved ESRS points would have produced a large volume of defensively drafted, comparability-poor reports. The Council blinked.
Concretely, Stop-the-Clock postponed by two years the application of CSRD for wave 2 (large undertakings above the original 250-employee threshold) and for listed SMEs — and delayed by one year the transposition deadline for the related Corporate Sustainability Due Diligence Directive (CS3D). Wave 1, already in the water, was not affected.
Omnibus I (February 2026 publication)
The heavier rewrite came from the Omnibus I simplification package. Proposed by the Commission on 26 February 2025, politically agreed between the Council and Parliament in December 2025, and published in the Official Journal of the European Union on 26 February 2026, Omnibus I did two things that fundamentally change who CSRD captures.
First, it raised the applicability threshold. The original wave 2 caught large undertakings above 250 employees with €40M net turnover or €20M balance sheet. Omnibus I raised that to more than 1 000 employees AND more than €450M net turnover. The cumulative effect is significant — estimates from the Commission's own impact assessment suggest around 80% of companies originally in wave 2 are now out of scope. That is not a rounding error; it is a political decision to narrow CSRD to genuinely large undertakings.
Second, it removed listed SMEs from the scope entirely. Wave 3 no longer exists as a CSRD population. SMEs listed on regulated markets can still disclose voluntarily — and EFRAG is working on a voluntary SME standard — but there is no mandatory CSRD obligation for them anymore.
The net effect after Omnibus I: only undertakings above 1 000 employees AND €450M net turnover are caught, either directly (if they are EU large undertakings) or as parent groups. Wave 4 (third-country groups with €150M+ EU revenue) is unchanged. This is a much narrower regime than the original CSRD promised, and the political compromise to get there involved real trade-offs with due-diligence regimes like CS3D.
| Scenario | Before Omnibus I | After Omnibus I (April 2026) |
|---|---|---|
| Wave 1 large PIE (already under NFRD) | Reports FY 2024 in 2025 | Unchanged — reports filed |
| Large undertaking >250 staff / >€40M turnover | Reports FY 2025 in 2026 | Out of scope unless >1,000 staff AND >€450M turnover; in which case FY 2027 in 2028 after Stop-the-Clock delay |
| Listed SME | Reports FY 2026 in 2027 (two-year opt-out available) | Removed from scope entirely |
| Non-EU parent with EU subsidiary and >€150M EU net turnover | Reports FY 2028 in 2029 | Unchanged |
French transposition — where it actually lands in your books
France was the first Member State to transpose CSRD, via Ordonnance n° 2023-1142 du 6 décembre 2023, published in the JORF on 7 December 2023. Implementation decree n° 2023-1394 of 30 December 2023 then set the thresholds for what counts as a large undertaking under French law.
For practical purposes, the French transposition slotted everything into the Code de commerce rather than creating a standalone CSRD law. The articles to bookmark:
- Art. L. 232-6-3 — obligation to produce a sustainability statement as part of the management report.
- Art. L. 233-28-4 — consolidated sustainability reporting for parent groups.
- Art. L. 821-54 et seq. — auditor obligations specific to sustainability assurance, reshaped after the H3C became the Haute Autorité de l'Audit (H2A) on 1 January 2024.
The French regime adds almost no gold-plating. That was a deliberate political choice — CSRD was contentious enough at EU level without adding national layers on top. The main national specificity is the transition role of the H2A, which now oversees not just statutory auditors but also the independent assurance service providers (prestataires de services d'assurance indépendants, or PSAI) that France authorised earlier than most Member States. If you are scoping a sustainability audit in France, you have a choice between a Big Four-style audit firm and a PSAI — and the fee differential can be meaningful.
What an audit committee should actually do in April 2026
If you sit on an audit committee or you are the CFO/DAF of a group close to the new threshold, three questions determine the next six months of your agenda.
One: are we still in scope? Run the Omnibus I threshold against your consolidated figures for the last two financial years. 1 000 employees and €450M net turnover, both met. The "and" matters — before Omnibus I, companies met the threshold with one of three tests out of three. Now it is a combined condition. A company with 1 200 employees and €380M turnover is out. A company with 800 employees and €600M is out. Only the intersection matters.
Two: if we are in scope, are we a wave-2 filer or did we already file? Wave 1 already reported for FY 2024 in spring 2025. If you were in wave 1 and you meet the new threshold, you keep reporting annually — no pause. If you were originally slated for wave 2, you now file for FY 2027 in 2028, unless your group structure changed in a way that pushes you back or forward.
Three: what do we do with the data-collection infrastructure we already built? This is where most groups are today. Materiality matrices, supplier data portals, internal training, dual assurance engagements — a lot of money went into CSRD readiness before Omnibus I raised the threshold. The infrastructure does not go to waste: investor demand for ESG data is not retreating, customers with their own CSRD obligations will ask you for supplier-level sustainability data regardless of your own scope, and the voluntary SME standard that EFRAG is drafting will most likely draw on ESRS logic. Our view — and it is our view, not the directive's — is that the companies that treat CSRD infrastructure as strategic rather than compliance will pull ahead in procurement from wave-1 clients that are now in scope and need upstream data.
What this page does not cover
We are deliberately not covering: the Corporate Sustainability Due Diligence Directive (CS3D / CSDDD) — it is a separate directive with different scope and triggers, treated in its own register entry; the EU Taxonomy — that is a classification, not a reporting standard, and it is covered by Regulation (EU) 2020/852 and its delegated acts; the digital product passport and ESPR — a different regime for products rather than companies.
These interact with CSRD — Taxonomy alignment disclosures are required under ESRS 2 — but they are not what the CSRD text says, and conflating them is how slides end up wrong.
How to read the official text
If you need to be precise for a board memo, an opinion, or a discussion with the auditor, here is the practical reading order we recommend:
- Open the consolidated EUR-Lex version of CSRD as of 17 April 2025. This integrates Stop-the-Clock. Omnibus I has not yet been merged into that consolidation at the time of writing — you have to read the Omnibus I amending directive alongside.
- Open the consolidated Accounting Directive 2013/34/EU. This is where Articles 19a, 29a, 29b, 29d, 34, 40a–d actually live. Always read in parallel with the CSRD version above.
- For France, open the Code de commerce on Légifrance and go straight to the sections on rapport de gestion and commissariat aux comptes.
- For ESRS, read Delegated Regulation (EU) 2023/2772 with the consolidated ESRS text as annex. The Commission republishes the consolidated version whenever it amends.
Pro tip: do not try to read ESRS linearly. Start with ESRS 2 (the disclosure requirements matrix), then cherry-pick the topical standards you determined material.
Related texts in this register & primary sources
Other register entries
- CSRD digital sustainability reporting — how website carbon emissions feed into ESRS E1 Scope 3 disclosures.
- CSRD regulatory register — full index of official texts (coming soon).
- Scope 3 emissions for digital businesses — 2026 guide.
Primary sources — cite these, not us
- Directive (EU) 2022/2464 — EUR-Lex (ELI)
- Consolidated CSRD as of 17 April 2025
- Consolidated Accounting Directive 2013/34/EU
- Commission Delegated Regulation (EU) 2023/2772 — ESRS
- European Commission — Corporate sustainability reporting (official guidance page)
- Ordonnance n° 2023-1142 (France) — Légifrance
- Haute Autorité de l'Audit (H2A, France)
- EFRAG (Commission's technical adviser on ESRS)
Revision history
- 23 April 2026 — Initial publication. Integrates Stop-the-Clock (April 2025) and Omnibus I (OJEU 26 February 2026) in the scope/calendar analysis. Verified Articles 19a, 29a, 29b, 29d, 34, 40a–d against the consolidated EUR-Lex text. Verified French transposition articles (L. 232-6-3, L. 233-28-4, L. 821-54) against the Code de commerce via the PISTE Légifrance API.
Carbon Badge Compliance Desk
Reviewed 23 April 2026 against the consolidated EUR-Lex text and Légifrance via the PISTE API.
This page is a structural and editorial guide to the CSRD text. It does not constitute legal advice. Dates, article numbers, and authority names have been verified against EUR-Lex and Légifrance as of April 2026; interpretive comments are our reading, flagged as such. Only texts published in the Official Journal of the European Union and in the Journal officiel de la République française prevail. For a board decision, open the ELI link and read the article yourself.