ESG Regulations in the EU: CSRD, Taxonomy, and SFDR Explained

The European ESG regulatory package consists of several interlinked legal acts that have been entering into force in stages since 2021. Three instruments are central: the Corporate Sustainability Reporting Directive (CSRD, EU 2022/2464), the EU Taxonomy Regulation (EU 2020/852), and the Sustainable Finance Disclosure Regulation (SFDR, EU 2019/2088). They pursue different but complementary objectives: CSRD governs what companies must report on sustainability; the EU Taxonomy defines which economic activities qualify as environmentally sustainable; SFDR requires financial market participants to be transparent about the sustainability risks and opportunities of their products.

For management of a reporting-obligated company, this means: all three frameworks can be simultaneously relevant and draw on each other substantively. Those who understand the interactions save implementation effort. This article describes the three frameworks, their requirements, and the practical overlaps.

The Corporate Sustainability Reporting Directive (CSRD, EU 2022/2464) entered into force on 5 January 2023 and requires companies above defined thresholds to produce sustainability reports in accordance with the European Sustainability Reporting Standards (ESRS). The reports must be integrated into the management report, externally audited, and submitted in ESEF format with XBRL markup.

CSRD applies in four stages: from FY 2024 for former NFRD companies; from FY 2025 for all large companies (more than 250 employees, more than €40 million turnover, or more than €20 million balance sheet total); from FY 2026 for capital-market-oriented SMEs; and from FY 2028 for non-EU companies with significant EU presence.

The CSRD report must include, among other things, disclosures on Taxonomy alignment (ESRS E1-6 in conjunction with Art. 8 EU Taxonomy Regulation), Scope 1, 2, 3 emissions, working conditions, governance, and material sustainability risks. An external ESG Officer via CIVAC coordinates this data collection and ensures consistency between the various reporting requirements.

The EU Taxonomy Regulation (EU 2020/852) is the classification system for environmentally sustainable economic activities in the EU. It defines six environmental objectives: climate change mitigation; climate change adaptation; sustainable use and protection of water and marine resources; transition to a circular economy; pollution prevention and control; and protection and restoration of biodiversity and ecosystems.

An economic activity qualifies as taxonomy-aligned if it makes a substantial contribution to at least one of the six objectives; does not significantly harm any of the other five objectives (Do No Significant Harm, DNSH); and complies with the minimum social safeguards under ILO core labour standards. The Technical Screening Criteria (TSC) for the first four environmental objectives were established in Delegated Acts 2021/2139 and 2023/2486.

For companies subject to CSRD, Taxonomy reporting under Art. 8 of the Regulation is a mandatory component of the CSRD report: they must disclose the proportion of their taxonomy-eligible and taxonomy-aligned turnover, capital expenditure (CapEx), and operating expenditure (OpEx). These metrics are reported under ESRS E1.

The Sustainable Finance Disclosure Regulation (SFDR, EU 2019/2088) is directed primarily at financial market participants and financial advisers — fund managers, insurance companies with an investment component, asset managers, and pension funds. It requires these actors to disclose at entity and product level how sustainability risks are integrated into investment decisions and what sustainability impact financial products have.

SFDR does not apply directly to non-financial companies. However, it has a considerable indirect effect: financial institutions distributing Article 8 or Article 9 products under SFDR require sustainability data from the companies in their portfolios. The Principal Adverse Impact Indicators (PAIs) under SFDR Annex I cover 14 mandatory and 46 optional indicators on greenhouse gases, biodiversity, water, waste, social topics, and governance.

For companies receiving or seeking capital from SFDR-regulated investors: the better the CSRD reporting, the easier the fulfilment of investor requests for PAI data. The CSRD data points cover the majority of SFDR PAI requirements. A coherent data strategy serving both requirements significantly reduces the overall effort.

The three frameworks are not isolated provisions — they are conceptually aligned and in part draw on the same data points. The most important overlaps are:

• Climate data: Scope 1, 2, 3 emissions under the GHG Protocol are required for ESRS E1 (CSRD), SFDR PAI indicators (PAI 1–3), and the Taxonomy climate mitigation contribution (TSC Mitigation).
• Taxonomy metrics: Proportions of taxonomy-aligned activities in turnover, CapEx, and OpEx are disclosed in the CSRD report under ESRS E1 and simultaneously form the basis for SFDR PAI indicator 1 (proportion of non-Taxonomy-aligned investments).
• Minimum social safeguards: The ILO core labour standards as a DNSH prerequisite of the Taxonomy are substantively compatible with ESRS S1 (own workforce) and LkSG due diligence obligations under § 4 LkSG.

Companies that take a coordinated approach to all three requirements can consolidate data collection processes and avoid multiple collection of the same data points under different definitions.

In addition to the CSRD-Taxonomy-SFDR triptych, two further regulatory frameworks are relevant for many companies. The Supply Chain Due Diligence Act (LkSG, in force since 1 January 2023 for companies with 3,000 or more employees, since 1 January 2024 for companies with 1,000 or more employees) requires the carrying out of risk analyses along the supply chain, the establishment of a complaints procedure, and annual reporting to BAFA. LkSG will from 2027 be supplemented by the EU Corporate Sustainability Due Diligence Directive (CSDDD, EU 2024/1760), which imposes more extensive requirements.

The Carbon Border Adjustment Mechanism (CBAM, EU 2023/956) has been in its transitional phase since October 2023 and will be fully operative from 2026. It affects importers of certain emission-intensive goods (steel, aluminium, cement, fertilisers, electricity, hydrogen) and requires them to report embedded emissions and purchase CBAM certificates. For manufacturing companies with these materials in the supply chain, new reporting obligations arise towards importers.

The LkSG Officer coordinates due diligence obligations under LkSG and CSDDD, while the ESG Officer takes on overall coordination of reporting obligations from CSRD, Taxonomy, and SFDR.

The EU AI Act (EU 2024/1689), which has been entering into force in stages since August 2024, touches on ESG in an often overlooked dimension: governance. ESRS G1 (business conduct, risk ethics, and corruption) requires disclosures on internal control systems and ethical principles. The AI Act prescribes transparency, documentation, and risk management requirements for high-risk AI systems (Arts. 9–15 AI Act), which are substantively compatible with ESRS G1 requirements.

For companies deploying AI systems in sensitive areas (HR decisions, credit granting, security infrastructure), reporting obligations arise both under the AI Act and potentially under ESRS G1. Coordinated governance documentation serving both requirements reduces the double effort.

This is not a marginal topic: BaFin announced in 2024 that it would pursue AI governance transparency as part of the CSRD review for financial institutions. For industrial companies with high-risk AI applications, early coordination between AI compliance and ESG reporting is advisable.

For management, the question arises of how priorities should be set in the face of several simultaneously relevant ESG regulations. A pragmatic order:

1. Step 1 – Applicability analysis: Clarify for each of the described frameworks whether and from when your company is directly affected. CSRD thresholds (§ 267 HGB), LkSG employee count, CBAM product categories, SFDR regulatory status.
2. Step 2 – Prioritisation by deadline logic: CSRD first-time reporting has the closest deadline for most companies. Build data processes so that they simultaneously cover SFDR PAI requirements and Taxonomy metrics.
3. Step 3 – Function clarification: Designate a responsible function for coordination — internal or external. Without ownership, no regulation runs itself.
4. Step 4 – Supply chain: Clarify data requirements towards your suppliers and customers. Anyone acting as a supplier to reporting-obligated customers should proactively provide data.

Deadlines run from the point of knowledge — a statement that has particular significance in the ESG regulatory context: those who recognise their applicability must act.

Enforcement of ESG regulations lies with different authorities. For CSRD reporting, in Germany the Federal Office of Justice (Federal Gazette publication) and the German Financial Reporting Enforcement Panel (DPR) are responsible; for capital-market-oriented companies additionally BaFin. The EU Commission has reserved the review of the delegated acts on the EU Taxonomy; national oversight of Art. 8 disclosures for financial companies also lies with BaFin.

For LkSG, the Federal Office for Economic Affairs and Export Control (BAFA) is the competent authority and may impose fines of up to €8 million or 2% of annual turnover (§ 24 LkSG). For CBAM, customs is the competent authority for notification obligations.

The European Securities and Markets Authority (ESMA) has published guidelines on enforcement of CSRD reporting and coordinates the national supervisory authorities. Inspection priorities for 2025 and 2026 explicitly include the quality of the materiality analysis and completeness of Taxonomy metrics.

The European ESG regulatory package — CSRD, EU Taxonomy Regulation, SFDR, LkSG, CSDDD — is no longer a niche topic for listed corporations. It systematically captures the German SME sector, requires structured data processes, external audit, and named accountability. Others manage compliance like a filing cabinet. We manage it like software.

CIVAC offers the compliance platform and Officer-as-a-Service for all 25 officer roles — including the ESG Officer and the LkSG Officer. Licence the workspace for your internal officers — or commission our officers to take on coordination. Both models use the same workspace, the same audit log, and the same documentation structure.

If you wish to clarify which ESG regulations apply specifically to your company and how to structure implementation, contact us: info@civac.de. Turn reading into action.