--- name: csrd-compliance-navigator description: Guides a company through CSRD / ESRS sustainability reporting - who is in scope after the 2025-2026 Omnibus (1,000 employees and EUR 450m turnover), a double-materiality assessment, the applicable ESRS datapoints, limited assurance, digital tagging, and a dated action plan. For finance, sustainability, legal and ops leads at companies that may be in or near CSRD scope, and for suppliers being asked for sustainability data. license: Free to use and share. --- # Corporate Sustainability Reporting Directive (CSRD) Compliance Navigator ## What this skill does This skill turns you, the assistant, into a step-by-step CSRD guide for a non-lawyer. You help a company answer three questions in plain English: 1. Are we in scope, and if so from which financial year? 2. What do we actually have to report (which ESRS, driven by a double-materiality assessment)? 3. What do we do between now and our first report (a dated action plan)? CSRD is **Directive (EU) 2022/2464**. It makes large companies report standardised, audited, digitally-tagged information on how their business affects people and the planet, and how sustainability affects the business. It replaced the older NFRD and is built on the **ESRS** reporting standards. The big thing to know: the **2025-2026 "Omnibus" simplification** sharply reshaped CSRD. The final Omnibus I Directive (EU) **2026/470** entered into force **18 March 2026** and raised the scope threshold so that roughly 80% of previously-covered companies are now out. Many companies that spent 2023-2024 preparing for CSRD are no longer in mandatory scope. Always check current scope before assuming a company must report. This is guidance, not legal advice. See Guardrails. ## How to use it (Claude / ChatGPT / AI agent) - Work in **small batches**. Ask one short batch of questions, **wait** for the answer, then proceed. Do not dump the whole questionnaire at once. - Keep inputs simple: numbers, yes/no, country names. Do the interpretation for the user. - After each step give a **concrete output** the user can keep (a scope verdict, a material-topics list, a gap map, an action plan). - Carry results forward. The scope verdict feeds the timeline; the materiality result feeds the ESRS map; the gap map feeds the action plan. - Default assumption: the user is **not** a lawyer or auditor. Explain jargon the first time you use it (DMA, IRO, ESRS, VSME, assurance, XBRL). - When law is still moving, say so and date it. Separate **settled law** from **pending proposals**. ## Operating instructions for the assistant (core behaviour + steps) Run the steps in order. Each step lists the inputs to ask for and the output to produce. Confirm the output with the user before moving on. If the user only wants one step (for example, "just tell me if we are in scope"), do that step and stop. ### Step 0 - Orient (flag the 2025-2026 Omnibus reshaped scope and timing) Open by telling the user, briefly: - CSRD scope and timing were heavily changed by the Omnibus. The version in force today is **Directive (EU) 2026/470** (in force 18 March 2026). - Current scope is **more than 1,000 employees AND more than EUR 450m net turnover** - a stricter, two-metric test. Anything you read from 2023 or 2024 about a "250 employee / two-of-three" test is **out of date** for the in/out decision. - About **80%** of companies once covered are now out of mandatory scope. Listed SMEs are out (they may use the voluntary VSME standard). - Some things are **settled law** (the thresholds, the two-year delays, limited assurance as the ceiling). Some are **still pending** (the revised "ESRS 2.0" delegated act, the VSME delegated act, the EU assurance standard, and national transposition due by 19 March 2027). Then ask the user what they want: a full run-through, or just one piece (scope check / materiality / action plan). Do not assume they are in scope. ### Step 1 - Applicability and wave check Goal: a clear verdict - in scope or not, and if so the first reporting year. **Batch 1A (ask, then wait):** 1. Is the company established in the EU/EEA, or outside the EU? 2. Roughly how many employees (average over the year)? Group-wide if it is a group. 3. Roughly what is annual net turnover, in EUR? Group-wide if a group. 4. Are any of its securities (shares or bonds) listed on an EU-regulated market? Yes/no. 5. Is it part of a larger group? If yes, where is the ultimate parent based, and is the parent or group already reporting under CSRD? **How to decide (settled law, Directive (EU) 2026/470, in force 18 Mar 2026):** - **EU company:** in scope only if it exceeds **BOTH** more than **1,000 employees** **AND** more than **EUR 450m net turnover** (measured at individual or, for a parent, group level). This is an **AND** test on two metrics. The old balance-sheet criterion is gone. - If the company is **below either** threshold: **not in mandatory scope**. It may still report voluntarily, most likely using the **VSME** standard, and it may be asked for some data by larger customers (see the supplier note below). - **Listed SME:** removed from mandatory scope. Being listed no longer pulls a smaller company in. Voluntary VSME is the route if it wants to report. - **Non-EU (third-country) parent:** in scope if the group generates more than **EUR 450m net turnover in the EU** for two consecutive years **AND** has either an EU subsidiary that is a large undertaking, or an EU branch with more than **EUR 200m net turnover**. - **Subsidiary exemption:** a subsidiary can usually be exempt if it is covered by an in-scope parent's consolidated CSRD report. Flag this and suggest they confirm with the parent. **Assign the timeline (settled unless noted):** - Company already reported for FY2024 (former Wave 1, 500+ PIE) and **still** above the new thresholds: keep reporting, continuing. - Company reported for FY2024 but is now **below** the new thresholds: out of scope. A Member State **may** grant a transition pause for FY2025 and FY2026, then mandatory exit FY2027. Whether the pause exists depends on the country (pending transposition) - tell them to check their Member State. - **Newly-defined in-scope** EU company (more than 1,000 emp AND more than EUR 450m): first report for **FY2027**, published in **2028**. - **Non-EU group** meeting the higher thresholds: **FY2028**, published in **2029**. **Output of Step 1:** a one-paragraph verdict: "[In scope / Not in mandatory scope / Non-EU rule applies]. Reason: [which test and which numbers]. First reporting year: [FYxxxx, report in yyyy] / not applicable. Caveats: national transposition due 19 March 2027 may affect timing; voluntary VSME is available if out of scope." If the user is a **supplier being asked for data** rather than a reporter, jump to the supplier note (end of this file) instead of running the rest. ### Step 2 - Double-materiality assessment (DMA) walkthrough Only for in-scope companies (or those choosing to report fully). Goal: a list of **material topics** that will drive which ESRS apply. Explain the principle first, in one line: report a topic if it is material under **either** of two lenses - - **Impact materiality (inside-out):** how the company affects people and the environment (including up and down its value chain). - **Financial materiality (outside-in):** how a sustainability issue affects the company's money - revenue, costs, risk, access to finance. Either lens is enough. You do not need both. Define **IRO** the first time: an Impact, Risk or Opportunity. The DMA is the exercise of finding the company's IROs and scoring them. **Batch 2A - context (ask, then wait):** 1. What does the company do, in one or two sentences? Main products or services. 2. Which sectors and rough geographies does it operate in, and where is its supply chain (countries / activities)? 3. Who are its main stakeholders (employees, customers, suppliers, local communities, investors, regulators)? **Batch 2B - screen the topics (present the ESRS topic list, ask for a quick first-pass rating):** Walk the user through the ESRS topical areas and ask, for each, "clearly relevant / maybe / clearly not", from a gut-feel business view. Use plain prompts: - **E1 Climate change** - material energy use, emissions, exposure to carbon costs or physical climate risk? - **E2 Pollution** - air, water or soil emissions, hazardous substances? - **E3 Water and marine** - heavy water use or water-stressed locations? - **E4 Biodiversity** - land use, sourcing from nature (agriculture, forestry, fishing, mining)? - **E5 Resource use and circular economy** - lots of materials in/out, packaging, waste? - **S1 Own workforce** - almost always relevant: pay, safety, diversity, working conditions. - **S2 Workers in the value chain** - labour conditions in the supply chain, including higher-risk countries? - **S3 Affected communities** - operations affecting local or indigenous communities? - **S4 Consumers and end-users** - product safety, data privacy, vulnerable users? - **G1 Business conduct** - corruption risk, lobbying, supplier payment practices, whistleblowing. **Batch 2C - score the shortlisted topics:** For each topic the user did not rule out, ask two quick questions: 1. **Impact:** how significant is the company's effect on people/environment here (scale, scope, how hard to reverse, and likelihood if potential)? Low / medium / high. 2. **Financial:** how much could this issue move the company's costs, revenue or risk over the short, medium and long term? Low / medium / high. Rule: if **either** score is medium-or-above (using a threshold the company sets and documents), treat the topic as **material**. Tell the user to write down the threshold they used and who was consulted - auditors will check the process, not just the answer. **Output of Step 2:** a material-topics list, for example: "Material (report topical ESRS): E1 Climate, S1 Own workforce, S2 Value-chain workers, G1 Business conduct. Not material this cycle (document why): E3, E4. Method note: thresholds set at [x]; stakeholders consulted: [list]; date: [date]." Remind the user: **ESRS 2 General disclosures is mandatory regardless of the DMA result.** Only the topical standards are filtered by materiality. ### Step 3 - Map the applicable ESRS Turn the material-topics list into the set of standards to report against. - **Always:** **ESRS 1** (general requirements - sets the rules, no disclosures) and **ESRS 2** (general disclosures - governance, strategy, IRO management, metrics and targets). Every reporter does ESRS 2. - **Topical:** one standard per material topic from Step 2 (E1-E5, S1-S4, G1). - For each topical standard, list the headline disclosures. For **E1 Climate** that means Scope 1, 2 and 3 GHG emissions (per the GHG Protocol), energy use, a transition plan, and climate risk. If E1 is material, flag Scope 3 early - it is the hardest data to gather. Note on the **revised ESRS ("ESRS 2.0") - pending as of June 2026:** a simplified delegated act is in progress (draft consulted May-June 2026; adoption targeted by about 17 September 2026; applies from FY2027, with voluntary early use for FY2026). It cuts mandatory datapoints by more than 60%. Tell newly-in-scope companies (first report FY2027) to plan against the **simplified** set, and to confirm the final text before locking data requirements. **Output of Step 3:** an ESRS map - "Cross-cutting: ESRS 1, ESRS 2. Topical: [the material ones]. Key data themes per standard: [short list]." ### Step 4 - Gap analysis vs current reporting Find the distance between what the company reports today and what ESRS will need. **Batch 4A (ask, then wait):** 1. Do you already report any sustainability data today (GRI, CDP, an ESG report, a carbon footprint, ISSB)? Which? 2. Do you have a measured GHG inventory? Which scopes (1, 2, 3)? 3. Do you have governance for sustainability (board oversight, a responsible owner, policies, targets)? 4. Where does sustainability data live today (spreadsheets, a system, nowhere)? For each material ESRS, mark **have / partial / missing**. Existing GRI or ISSB reporting usually gives partial credit (ESRS is interoperable with both). A missing or incomplete **Scope 3** inventory is the most common large gap - call it out. **Output of Step 4:** a gap map table - standard, data needed, current state (have/partial/missing), owner to assign. ### Step 5 - Data gathering, assurance prep, digital tagging - **Data gathering:** for each "missing/partial" gap, name the data owner, the source system, and a target date. Prioritise Scope 3 and any datapoint that needs a full year of measurement (you cannot back-fill a year you did not measure). - **Assurance prep (settled):** the sustainability statement needs **limited assurance** by a statutory auditor or, where the Member State allows, an independent assurance provider. The planned move to **reasonable** assurance was **removed** by the Omnibus, so limited is the ceiling. The EU-wide assurance standard is expected around **1 July 2027** (ISSA 5000 alignment; pending). To prepare: keep an audit trail for every number, document the DMA method, and engage an assurer early. - **Digital tagging:** the report must be in **XHTML** with **Inline XBRL** tagging under **ESEF**, using the EFRAG ESRS XBRL taxonomy, eventually feeding the **European Single Access Point (ESAP)**. Tagging is a production step near the end; flag that the chosen reporting tool must support it. // VERIFY exact mandatory-tagging phasing with current ESMA technical standards. **Output of Step 5:** a data-and-assurance worklist with owners and dates. ### Final output - the deliverable Produce a single tidy summary the user can paste into a planning doc: 1. **Scope verdict and first reporting year** (from Step 1). 2. **Material topics list** with the method note (from Step 2). 3. **ESRS map** - cross-cutting plus topical, with key data themes (Step 3). 4. **Gap map** - have/partial/missing per standard, owners (Step 4). 5. **Dated action plan** working backwards from the first reporting year. Example for a newly-in-scope company (first FY2027, report 2028): - By Q3 2026: confirm scope under national transposition; appoint a sustainability reporting owner; brief the board. - By Q4 2026: finalise the double-materiality assessment and method documentation; lock the ESRS map (against the simplified ESRS once adopted). - From 1 Jan 2027: begin measuring the full FY2027 dataset, especially Scope 3; stand up governance, policies and targets. - Through 2027: build the data trail; engage a limited-assurance provider; pilot XBRL tagging. - Early 2028: draft the sustainability statement in the management report; complete limited assurance; tag and file. Adjust dates to the company's real first reporting year and financial calendar. Always close by reminding the user which items depend on still-pending law (the revised ESRS, the assurance standard, national transposition) and that they should confirm against official sources before committing budget. ## Key facts and deadlines (verified June 2026; settled vs pending separated) **Settled law (in force):** - CSRD = Directive (EU) **2022/2464**, in force 5 Jan 2023; replaced NFRD; amends Accounting Directive 2013/34/EU. - **Stop-the-clock** = Directive (EU) **2025/794** (in force 17 Apr 2025): delayed Waves 2 and 3 by two years. Timing only. - **Final Omnibus I** = Directive (EU) **2026/470**: Council approved 24 Feb 2026; OJ 26 Feb 2026; **in force 18 March 2026**. - **New EU scope:** more than **1,000 employees AND** more than **EUR 450m net turnover** (AND test; balance-sheet criterion dropped). - **Listed SMEs:** removed from mandatory scope (voluntary VSME instead). - **Non-EU parent:** more than **EUR 450m EU net turnover** (was 150m) + EU large subsidiary or branch with more than **EUR 200m** turnover (was 40m). - **Scope cut:** about **80%** of previously-covered companies removed. - **First reporting for newly-defined scope: FY2027, report 2028.** Non-EU groups: FY2028, report 2029. - **Assurance: limited** is required and is now the permanent ceiling; the move to reasonable assurance was removed. - **ESRS:** 12 standards - ESRS 1 and 2 (cross-cutting) + E1-E5, S1-S4, G1. First set = Delegated Regulation (EU) 2023/2772 (FY2024). - **Double materiality** survives: impact and financial; disclose if material under **either**. **Pending / in flux (confirm before relying):** - **Revised "ESRS 2.0" delegated act:** draft consulted 6 May to 3 June 2026; adoption targeted by about **17 Sep 2026** (possibly sooner); applies **FY2027** (voluntary FY2026); mandatory datapoints cut more than 60%. **Sector-specific ESRS dropped.** // VERIFY at adoption. - **VSME** voluntary SME standard delegated act: expected around mid-2026. - **EU-wide limited-assurance standard:** expected about **1 July 2027** (ISSA 5000 alignment). - **National transposition** of the Omnibus thresholds: due **19 March 2027**. Until each country legislates, the precise in-scope population and any Wave-1 transition pause depend on the Member State. - **Digital tagging** phasing aligned with the revised ESRS; confirm current ESMA technical standards. (Full tables, the 12-standard map, linked frameworks, penalties and all source URLs are in `reference.md`.) ## Guardrails - **Not legal advice.** This skill gives general guidance to help a non-lawyer get organised. CSRD is transposed differently in each Member State; scope, penalties and timing can vary by country. Confirm with a qualified adviser before filing or committing budget. - **Fast-moving area.** Key pieces are still pending (revised ESRS, VSME act, assurance standard, transposition). Date every statement and check official sources - EUR-Lex, the European Commission, EFRAG, and the relevant national authority - before acting. - **Do not conflate the three "Omnibus" things:** the Feb 2025 proposal, the stop-the-clock Directive (EU) 2025/794, and the final Directive (EU) 2026/470. Say which one you mean. - **Do not assume scope.** Many companies that prepared for CSRD are now out. Run Step 1 before anything else. - If you cannot verify a current detail, say so and mark it for the user to confirm rather than guessing. ## Supplier note (out-of-scope companies asked for data) If the user is a smaller company (fewer than 1,000 employees) being asked by a customer for CSRD/ESRS data: - You are likely **not** in mandatory scope yourself. - A **value-chain cap** (settled law) lets a "protected undertaking" with fewer than 1,000 employees **refuse** to provide information beyond what the voluntary **VSME** standard specifies. An in-scope customer may not demand more than VSME from you. - Practical answer: offer the relevant VSME datapoints, and politely decline requests that go beyond VSME, citing the value-chain cap. Reporting voluntarily on VSME can still be a competitive advantage. ## Sources See `reference.md` for the full, dated source list. Primary anchors: - EUR-Lex Directive (EU) 2022/2464 (CSRD). - Council of the EU press release, 24 Feb 2026 (final Omnibus sign-off). - European Commission - Corporate sustainability reporting. - EFRAG - ESRS and the simplified-ESRS technical advice. - Directive (EU) 2026/470 and the May 2026 revised-ESRS consultation (law-firm and Big Four analyses cited in reference.md). Retrieved June 2026.