Clarification on EU CSRD: What's Next and Timeline Confusion

In the ever-evolving landscape of corporate sustainability reporting, few regulations have generated as much discussion, and confusion, as the EU Corporate Sustainability Reporting Directive (CSRD). With recent developments including implementation delays, simplification proposals, and international pushback, many organisations are struggling to understand what is happening and how to prepare.

This article cuts through the noise to provide clarity on the current status of the CSRD, what is coming next, and what your organisation should be doing right now.

The "Stop-the-Clock" directive: finally official

After months of speculation and conflicting reports, the situation has been largely resolved with the official adoption of the "Stop-the-Clock" directive, which took effect on 17 April 2025. This directive is part of the broader "Omnibus I" package, which aims to simplify EU sustainability legislation.

The approval process followed a clear timeline:

• European Parliament vote: 3 April 2025 (531 votes for, 69 against, 17 abstentions)
• European Council final approval: 14 April 2025
• Publication in the EU Official Journal: 16 April 2025
• Entry into force: 17 April 2025

This brings much-needed certainty to the implementation timeline, even as debates continue about the substantive requirements.

Revised implementation timeline: who reports when?

The most significant change in the "Stop-the-Clock" directive is the revised implementation timeline.

First wave (no change)

• Who: public interest entities with 500+ employees
• When: still required to report in 2025 for the 2024 financial year
• Impact: these organisations have no reprieve and must continue their implementation efforts

Second wave (two-year delay)

• Who: large companies and parent companies of large groups
• When: postponed from financial year 2025 to financial year 2027 (reporting in 2028)
• Impact: these organisations now have two additional years to prepare

Third wave (two-year delay)

• Who: listed SMEs, small and non-complex credit institutions
• When: postponed from financial year 2026 to financial year 2028 (reporting in 2029)
• Impact: these smaller organisations benefit from the same two-year extension

Political context: why the confusion persists

While the implementation timeline is now clear, the substantive changes to the CSRD (the "Simplification Proposal" or full Omnibus package) remain under debate, with significant political divisions:

• Centre-right EPP: pushing for urgent procedure and further simplifications, with the goal of reducing regulatory burden on businesses, especially SMEs.
• Centre-left: criticising the proposal for not delivering on simplification, concerned that changes may undermine the directive's effectiveness.
• Greens: arguing that the changes undermine the green transition and that watering down requirements will hamper sustainability progress.
• Council of the EU: broad consensus supporting the delays, focused on balancing regulatory burden with sustainability goals.

These political divisions explain much of the conflicting information that has circulated in recent months.

Next steps in the legislative process

The path forward for the CSRD involves several key milestones.

Member state implementation

• Deadline: member states must transpose the Stop-the-Clock directive into national law by 31 December 2025
• Current status: many countries are incorporating these changes into their ongoing CSRD implementation process
• Variation: implementation progress varies significantly across member states

Substantive changes timeline

• European Parliament: expected to adopt its negotiating position on the full Omnibus proposal in Q4 2025
• Council: aiming to conclude its negotiations as soon as possible in 2025
• Trilogue negotiations: expected to begin in early 2026
• Final adoption: likely in 2026

This means that while the reporting timeline is now fixed, the exact requirements may continue to evolve throughout 2025 and into 2026.

The international dimension: US opposition

Adding another layer of complexity is the international pushback, particularly from the United States:

• The PROTECT USA Act, proposed by Republican senators, would prohibit US entities from participating in foreign sustainability due diligence regulations
• This creates potential compliance challenges for multinational companies operating in both the EU and US
• The international tension may influence how aggressively the EU pursues implementation and enforcement

Organisations with global operations need to monitor these developments closely as they could significantly impact compliance strategies.

What your organisation should do now

With this clarified understanding of the CSRD's current status, here are practical steps for different types of organisations.

For first wave companies (500+ employees, public interest entities)

1. Continue preparation for the 2024 financial year reporting. Maintain momentum on data collection systems, proceed with materiality assessments, and develop reporting frameworks.
2. Special consideration for 501 to 1,000 employee companies. You may be removed from scope in the future, but you must still comply for the 2024 financial year. Consider a balanced approach that meets minimum requirements while avoiding over-investment.

For second and third wave companies

1. Leverage your extended timeline. You now have a two-year extension before reporting requirements apply. Use this time strategically rather than delaying all preparation.
2. Monitor developments in the full Omnibus proposal. Stay informed about potential scope and requirement changes, and adjust your implementation strategy as the final form becomes clearer.
3. Consider a phased preparation approach. Begin with gap analysis and materiality assessments, gradually implement data collection systems, and avoid rushed implementation as your deadline approaches.

For all companies

1. Monitor the ongoing political negotiations. The scope reduction (to companies with 1,000+ employees) is not yet final, and requirements may still change as the full Omnibus package moves through the legislative process.
2. Consider your international compliance strategy. If you operate globally, assess how international tensions might affect your approach, and develop a strategy that can adapt to potentially divergent requirements.
3. Look beyond compliance to strategic value. Despite the delays and potential simplifications, sustainability reporting is here to stay. Organisations that view this as a strategic opportunity rather than a compliance burden will gain a competitive advantage.

The unified compliance approach: a better way forward

While the CSRD timeline changes provide some breathing room, they do not fundamentally alter the direction of travel toward more comprehensive sustainability reporting. Moreover, CSRD is just one of many frameworks that organisations must manage simultaneously. This is where a unified compliance management approach becomes essential.

The challenge of multiple frameworks

Most organisations today are managing multiple compliance frameworks simultaneously:

• CSRD for sustainability reporting
• ISO 27001 for information security
• DORA for digital operational resilience
• Industry-specific regulations
• National and regional requirements

Each framework traditionally exists in its silo, with separate teams, processes, documentation, and reporting. This creates significant inefficiencies, with studies showing that organisations typically spend 80% of their compliance effort on administrative tasks rather than creating strategic value.

How unified compliance management helps

Secure Step Forward specialises in helping organisations transform their approach to compliance through a unified compliance management platform that:

1. Centralises multiple frameworks. CSRD, ISO 27001, DORA, and other frameworks are managed in a single platform, with overlapping requirements mapped to eliminate duplication and cross-framework visibility through unified dashboards.
2. Transforms compliance from burden to strategic asset. Compliance activities connect directly to business objectives, compliance data converts into business intelligence, and risk-based decision making is enabled across the organisation.
3. Reduces compliance effort by up to 80%. Duplicate activities across frameworks are eliminated, routine compliance tasks are automated, and reporting is streamlined through centralised data collection.

Practical application to CSRD

For organisations navigating the CSRD changes, a unified compliance approach offers particular benefits. First wave companies can efficiently meet current requirements while maintaining flexibility to adapt to future changes. Companies with 501 to 1,000 employees can implement a right-sized approach that meets immediate needs without over-investing. Second and third wave companies can use the extended timeline to implement a strategic, unified approach rather than rushing into siloed compliance.

Conclusion: beyond compliance to strategic value

The recent CSRD changes provide welcome clarity on implementation timelines, even as debates continue about the final scope and requirements. Organisations should use this clarity to develop a strategic approach to compliance that goes beyond mere regulatory adherence.

By adopting a unified compliance management approach, organisations can not only navigate the complexities of CSRD and other frameworks more efficiently but also transform compliance from a cost centre into a source of strategic business intelligence. Whether you are in the first wave, facing imminent reporting requirements, or benefiting from the two-year extension, now is the time to reassess your approach to compliance and sustainability reporting.