Amendments to the European Union’s Corporate Sustainability Reporting Directive (CSRD) adopted through the Omnibus process simplify and streamline key requirements of the legislation.
In this piece, we outline the CSRD’s updated scoping thresholds and reporting timelines, as well as changes to disclosure and assurance obligations.
Final CSRD Scope
Higher revenue and employee thresholds introduced under the Omnibus significantly reduce the number of companies in the CSRD’s scope, compared to the original version adopted in 2022.
In addition to increased size thresholds for both EU and non-EU companies, the revised directive eliminates reporting requirements for listed small and medium-sized enterprises (SMEs).
Financial holding companies are also now exempt from CSRD reporting, provided they (1) do not directly or indirectly manage their subsidiaries and (2) their subsidiaries’ business models and operations are independent of each other.
Updated CSRD scoping requirements are summarized in the table with more detailed comparisons to the original version outlined in the next section.
| Entity Type | Revised CSRD Scope | First Reports Due |
Large EU companies, groups, and issuers1 | >€450M global revenue & >1,000 employees (average)2 |
|
| Non-EU groups | >€450M revenue in the EU3 & an EU branch or subsidiary with >€200M revenue2 |
|
1 If a U.S. company is listed on an EU exchange and meets the scoping criteria, this category applies.
2 During the previous fiscal year (for revenue and employees).
3 At the group level for each of the last two consecutive fiscal years.
Comparison of Omnibus & Original CSRD Scope
To understand the full extent of revisions and future reporting obligations for companies that had already begun reporting under the original CSRD, it is useful to compare the legislation’s scope before and after the Omnibus.
Originally, CSRD compliance was phased in over four different reporting waves determined by business size and type. Wave 1 reporting began in 2025 before revisions to the CSRD were final. These companies were not included in a “Stop-the-Clock” relief that pushed back reporting due dates for some other reporting waves, although certain “quick fix” transitional reliefs were put in place to temporarily omit certain disclosures.
Companies that were already reporting under the original CSRD and still fall within the revised scoping thresholds (more than €450 million revenue and more than 1,000 employees) must continue to disclose annually, with the next report due in 2026 covering 2025 fiscal year data.
Under the new, higher thresholds, some Wave 1 companies now fall out of scope of the post-Omnibus CSRD. However, it is not as simple as immediately stopping reporting. CSRD obligations continue for original Wave 1 companies through the 2026 reporting year, meaning that these companies must continue publishing reports in 2026 (fiscal year 2025 data) and in 2027 (fiscal year 2026 data). EU member states may issue an exemption to relieve companies of these requirements, but this will be on a country-by-country basis.
Companies that were part of Wave 2 under the original CSRD and are large enough to meet the revised scoping thresholds must begin to report in 2028 covering fiscal year 2027 data. Smaller entities that made up Wave 3 under the original CSRD, including listed SMEs, are no longer in scope following the Omnibus revisions. Non-EU groups that were part of Wave 4 under the original CSRD and are large enough to meet the revised scoping thresholds must begin fulfilling reporting requirements in 2029 covering fiscal year 2028 data.
CSRD Compliance: Original & Omnibus Scope
Compliance Wave (Original CSRD) | Original Scope | First Reports Due: Reflects “Stop-the- Clock” Timing | Revised Scope (Post- Omnibus) |
| Wave 1 | Large listed entities: >500 employees & >€50M revenue or >€25M assets | 2025 (fiscal year 2024 data) | Large EU companies, groups, and issuers1 >€450M worldwide revenue & >1,000 employees (average)2 |
| Wave 2 | Other large entities: Two of the following:
| 2028 (fiscal year 2027 data) | |
| Wave 3 | Listed SMEs, small credit institutions, and insurance undertakings | No longer in scope under revised CSRD, was previously 2029 (fiscal year 2028 data) | No longer in scope |
| Wave 4 | Non-EU groups: >€150M revenue in EU & large branch or large or listed subsidiary | 2029 (fiscal year 2028 data) | Non-EU groups: >€450M revenue in the EU3 & an EU branch or subsidiary with >€200M revenue2 |
1 If a U.S. company is listed on an EU exchange and meets the scoping criteria, this category applies.
2 During the previous fiscal year (for revenue and employees).
3 At the group level for each of the last two consecutive fiscal years.
Reporting and Assurance Requirements
The CSRD continues to require limited assurance over sustainability reporting from the first year of application. However, revisions have removed the possibility of raising assurance requirements to the reasonable level at a later date. The EU will develop limited assurance standards to define requirements, which must be adopted by July 2027.
The European Sustainability Reporting Standards (ESRS), which specify the information that must be reported under the CSRD, are also being revised. This work is underway, with the final simplified ESRS expected to be published later this year with mandatory reporting starting in 2028 (fiscal year 2027 data) and optional early adoption in 2027 (fiscal year 2026 data). The simplified ESRS are expected to significantly reduce the number of required disclosures with increased emphasis on materiality. The double materiality assessment process is also being clarified and streamlined. The ESRS apply to U.S. companies that are registered on an EU exchange.
In addition, a separate set of reporting standards for non-EU groups is also being developed — the ESRS for Non-EU Groups (N-ESRS) for reporting in 2029 (fiscal year 2028 data). This project is currently paused, with work set to resume after simplifications to the main set of ESRS are final. Plans have been cancelled to develop sector-specific ESRS and a set of ESRS for listed SMEs.
EU Taxonomy reporting required as part of the CSRD has also been simplified. Revisions include modified reporting templates with fewer data points and specific materiality thresholds. They also simplify certain Do No Significant Harm (DNSH) criteria – technical screening requirements that help ensure activities contributing to one environmental objective do not harm others.
Protections for SMEs in Value Chains
Revisions to the CSRD introduce safeguards to help ensure that SMEs in value chains of larger, in-scope companies are protected from data requests that may be impractical for organizations of their size and resources.
Companies with up to 1,000 employees are not required to provide CSRD disclosures beyond the information that is included in the voluntary sustainability reporting standards, which the EU will adopt at a later date. The contents of these standards are expected to align with the Voluntary Standard for SMEs (VSME):
U.S. Business Impact
U.S. businesses may continue to be impacted by the CSRD if they fall within the new, higher scoping thresholds. The primary U.S. impact will be on U.S. parent companies with significant business in the EU (Wave 4 under the original CSRD), with reporting beginning in 2029 for the 2028 fiscal year aligned with the N-ESRS requirements.
However, if a U.S. company is listed on an EU-regulated market with operations large enough to be in scope (more than €450 million revenue and more than 1,000 employees), earlier reporting is required along with EU companies aligned with the ESRS requirements.
Additionally, a U.S. parent company (non-EU group) may have a large EU subsidiary that falls within the CSRD’s scope. If a U.S. parent company chooses to issue a consolidated report in accordance with the ESRS, its EU subsidiary would be exempt from having to issue a separate report.
Preparing for CSRD
Companies that do business in the EU should review the CSRD’s updated scoping criteria to determine applicability. If a company expects to have obligations under the CSRD, it should begin to evaluate its data collection processes and controls to help ensure that they are sufficient for fulfilling reporting and assurance requirements. Undergoing a reporting and assurance readiness assessment the year before compliance obligations begin can help organizations to be better prepared for these significant compliance requirements.
How BDO Can Help
BDO can help companies navigate CSRD reporting and compliance while identifying opportunities associated with integrating sustainability into broader enterprise risk management and resiliency.
Have questions or want to learn more?