In this article, we’ll make sure to explain everything you need to know about compliance, including the latest Omnibus-related news and the new deadlines for each specific case.

Key points that will be covered:

• Brief overview of CSRD & requirements

• Omnibus changes: what applies to you when?

• Step-by-step process to be compliant with CSRD

• How to perform CSRD reporting

• Common pitfalls when implementing CSRD

• Get inspired by our clients

A brief overview of the CSRD standards and its requirements for corporate sustainability

In short, the CSRD is a European Union directive adopted by the European parliament. It builds on the financial reporting directive logic, to increase transparency and accountability in sustainability reporting. It is the most ambitious regulation ever introduced in terms of sustainability demanding new data-driven efforts from companies, which are required to disclose information on their environmental, social and governance (ESG) performance.

There are different application dates for companies subject to this reporting based on their size & financial metrics. All EU companies will eventually be affected, but large companies are the first to be impacted. If you have a doubt by when you need to comply, reach out to our team of experts:

How does your timeline look like after the Omnibus?

With the Omnibus “stop-the-clock” directive being approved in April, many changes have occurred that will likely impact your timeline. Lets’ see them shortly in this paragraph.

Originally, the CSRD would have applied to:

• Wave 1 companies (already subjected to the prior directive, NFRD), which are still reporting on 2024 data in 2025.

• Wave two companies, starting from 2025 (with first report due in 2026), and

• Wave three companies, starting the year after (in 2026, to be reported in 2027).

With the ongoing changes, the last two groups (respectively, large companies and SMEs) are experiencing a 2-year postponement of their duties (reporting on 2027 data, from January 2028) and, when the employee number stays below the 1,000 mark, a new framework for voluntary reporting: the VSME.

What's the impact of not being prepared soon enough to comply with the directive?

When drafting the directive, the EFRAG aimed to increase the reliability of ESG data: it must become as reliable and accurate as financial information. With the recent changes, the additional aim was to make this process leaner, easier for companies to reach, while also giving them some extra time to prepare.

It stays fundamental, still, to provide the audit trail of every piece of data. For a specific data point, you should be able to:

• Prove that the information source is reliable.

• Track and log every update of the data point.

• Define a person responsible for each data point (data owner).

Note that external auditors should reach the same conclusions as you. Consequently, if you must report in 2028 on 2027 data, your company should have the systems in place to collect audit-proof data as of the beginning of your 2027 fiscal year - meaning January for most companies. 

Risks of Delaying the Data Capture Process

If you start the data capture process later, you will face two types of risks:

• Missing Data: If you don't conduct a thorough data mapping before 2027, you may miss important data points that will be difficult to obtain later.

• Breaking the Audit Trail: Similar to financial statements, auditors need to be able to trace and access all ESG data points relevant to the audited year. Inadequate data capture can compromise the audit process.

Getting ready: A Step-by-Step guide following the European Sustainability Reporting Standards (ESRS)

As of May 2025, the European Sustainability Reporting Standards are under work again: it’s safe to assume they’ll be made lighter in size, but it’s impossible to draw conclusions as to what they will look like in the near future.

Despite this, many companies had already started working with them: sharing the results we got so far will surely provide some helpful insight, as you prepare for what will come next.

It may seem obvious, but the first step is dedicating time to familiarize yourself with the CSRD requirements, scope, and timeline. The EFRAG website and our articles are good places to start.

You can run the entire project on your own or with the support of a partner. At ROSE, we assist our clients with all the following steps during the software implementation phase. Our methodology aligns with EFRAG's guidance: 

Step 1: Perform the Double Materiality Assessment in 4 phases

The Double Materiality Assessment (DMA) is a critical step that may seem complex at first but is manageable with the right methodology, meaning one following the ESRS standards.

Phase 1: Perform the value chain & stakeholders mapping 

Value chain mapping is about identifying and visualizing the key activities, processes, and stakeholders involved in creating and delivering a product or service. Here are the main steps. 

• A division by business areas is made.

• Each activity involved at a specific point in the value chain (downstream, upstream, on operation) is reviewed.

• Dependencies & affected stakeholders can be described as well.

For the stakeholder mapping, there are two main types: those affected by the impacts and those who will use the sustainability reports. We recommend mapping the existing interactions that your company already has with them (for instance an existing employee survey) and the related expectations that are already clear from those. This will form a basis to then understand where stakeholder involvement is missing and will be most needed.

Phase 2: Impact, Risk, Opportunities (IROs)

It involves determining what is material for your company and, therefore, what elements are mandatory for your CSRD report. During this process, we list the company's impacts (positive and negative), risks, and opportunities (IROs) related to the sustainability matters (topics, sub-topics and sub-sub-topics). This is an extensive process which is further described in this article .

Phase 3: Setting Thresholds & Scoring

In this phase, the company defines whether each IRO is considered material or not. 

• Only elements exceeding certain thresholds will be material and applicable to your company.

• A formula considering factors like scale, scope, remediability and likelihood defines these thresholds.

• When a score exceeds the threshold, the topic is material, and applicable data points are then identified for reporting.

Based on the material IROs, the final list of material sustainability matters (topics, sub-topics and sub-sub-topics) is narrowed down.

Phase 4: From sustainability matters to disclosure requirements

Once the sustainability matters have been identified, the final step will be to define the disclosure requirements deriving from them.

Step 2: Retrieve and manage corporate data

To comply with CSRD, companies must collect data on identified disclosure requirements and include this information in their sustainability reports.

In our experience, this step is the biggest challenge due to the sustainability data complexity:  

• Holistic nature: Data covers environmental, governance, and social aspects, involving diverse metrics such as tons, cubic meters, gender gaps, or written policies.

• Scattered data: Sustainability data is stored in various places—accounting software, HR suites, ERPs, payrolls, or even local sensors in the field. Retrieving and managing this data takes time.

• Data quality: After retrieving data, ensuring its quality, consistency, and completeness is key.

Proper data management is essential at every stage of sustainability management: becoming CSRD compliant, setting achievable goals, and making business decisions based on sustainability impacts.

Note: At ROSE, we simplify this process using the Data Studio, a dedicated part of our software that allows you to upload source files from different source systems and work on the data in one place.

Step 3: Define sustainability goals and targets for your business (required by legislation)

A common mistake is thinking the job is done after addressing the data gathering. CSRD goes beyond previous regulations, requiring companies to set goals and prove continuous improvement.

• Alignment: Goals should align with your materiality assessment and the EU taxonomy.

• Ownership: Goals should be assigned to a specific person (owner), held accountable for the progress, making sure that the work is coordinated and ensuring deadlines are met.

• Action steps: Break down goals into smaller actions, each with its owner and deadline.

Note: Using dedicated software for managing goals and actions is not mandatory but helpful, as all of it needs to be consolidated into the report. ROSE offers this feature.

Step 4: Start drafting your first report, aligned with CSRD reporting standards 🎉

Reporting requirements may look demanding, but if you've followed the previous steps, this last part should be straightforward. There are still a few things to consider:

• Report structure: Ensure it aligns with CSRD requirements.

• Readability: Reports must be readable by both humans and machines, so keep them concise and clear, and include XBRL tags. ‍

• Real-Time updates: Ideally, use a tool that allows you to create multiple templates and update data in real time. This will enable you to track progress and provide information to internal and external stakeholders (e.g., communication and marketing departments, clients, suppliers).

Common pitfalls and how to avoid them

Here are the most common pitfalls we've identified and suggestions on how to avoid them.

➡️ Trying to do everything on your own: The CSRD is an unprecedented regulation on the sustainability topic. It is ambitious and involves a certain degree of complexity. At least for the first year, it is a good idea to be helped by CSRD experts, whether they come from consultancy or software companies. 

➡️ Over-relying on consultancy: From one extreme to another! Some companies may over-rely on external expertise instead of building internal skills. Balance is key: external expertise can be valuable, but building internal skills is crucial to avoid unpredictable costs as regulations become more complex.

➡️ Underestimating the data topic: The data topic is often the biggest challenge. Sustainability information is as diverse as pieces of data related to climate change, HR policies, corporate governance, etc. You may also need to retrieve data from subsidiaries. Dedicate time to understand where every piece of data is stored, how to retrieve it properly, clean it, and ensure its reliability. Involve your IT department if necessary.

➡️ Trying to automate everything: Not everything needs to be automated. The key to identify what should be automated first is the update frequency. If a data point needs to be updated every day or every week, it probably needs to be automated. If the frequency is quarterly or yearly, probably not. 

➡️ Forgetting about the audit trail: Ensure that every data point has a dedicated owner, logs of every update, and explanations for any assumptions made. Remember that an external auditor should reach the same conclusions as yours.

➡️ Forgetting about continuous improvement: The CSRD isn't just a static picture of your sustainability practices—it's about proving continuous improvement. Set goals, break them down into actions, and involve everyone. You will also have to produce regular reports.

➡️ Considering this exercise only from a compliance perspective : CSRD is a tremendous opportunity to generate value and gain advantages over your competitors, as beside the regulator, other stakeholders (clients, suppliers) are asking for more sustainability performance. The CSRD is an excellent opportunity to make virtuous decisions that will positively impact business conduct.

➡️ Solely using excel: You must be equipped with a dedicated sustainability management software. It may sound like self-interested advice, but the software does not even have to be ROSE. The alternative of having a dedicated tool is generally using Excel, which leads to breaking the audit trail and generating mistakes due to manual entries and multiple file versions shared among stakeholders. Make sure to choose a software that guarantees at least the following:

• Ability to import source files from your information systems and manipulate the data into the platform. Note: without using templates!! That would be missing the point.

• Goals and actions management feature imbedded in the platform 

• Unlimited template creation for reports and updates in real time

Get Inspired: read about companies preparing for CSRD compliance and sustainability reporting

It's always valuable to learn from companies facing similar challenges. At ROSE, we're fortunate to support businesses across various industries. Here are a few examples:

• Italdesign (Automotive design and mobility industry): Discover how they're focusing on data to make ESG data as reliable as the financial one.

• Bolsius (Europe's largest candle manufacturer): See how they are future-proofing their ambitious sustainability strategy by centralizing all ESG topics in one hub

• Vroon (International shipping sector): Learn how they are leveraging ROSE at every step, from DMA to continuous improvement in order to minimize their environmental impact.

✉️ Do you have a comment, suggestion, or question? We'd love to hear from you. Feel free to contact us here .