Complete Guide to ESG Reporting in 2026

TL;DR

Following the Omnibus I Directive (24 February 2026), mandatory ESRS reporting now applies only to companies with more than 1,000 employees and over €450 million in annual turnover, bringing the number of companies in scope down from approximately 45,000 to around 10,000.

SMEs are not required to report, but are encouraged to use the VSME, a voluntary modular standard endorsed by the European Commission on 30 July 2025. The ESRS themselves have been simplified by 72%, from 1,212 to 334 data points, and the first mandatory report is due in 2028, covering FY2027 data. A new value chain cap means large companies can no longer demand more ESG data from their suppliers than what the VSME specifies.

The EU sustainability reporting landscape has just gone through its most significant overhaul yet. With the Omnibus I Directive adopted on 24 February 2026, the rules have changed again. Thresholds have shifted, timelines have moved, and the standards themselves have been dramatically simplified.

If you're trying to figure out what applies to your company, what you actually need to report, and how to prepare without wasting months of effort, this guide is for you.

What Is ESG Reporting?

ESG reporting is how a company communicates its performance on environmental, social, and governance (ESG) issues. Think of it as a structured way to answer the question: "What impact are we having on the world, and how are we managing the risks and opportunities that come with it?"

At its core, ESG reporting isn't just about publishing data, but it's also about building trust. It gives stakeholders, from investors and regulators to customers and employees, a transparent look into your sustainability strategy, your ethics, and your long-term resilience.

An ESG report typically covers:

  • Environmental metrics like carbon emissions, energy use, and resource management
  • Social data such as workforce diversity, human rights practices, and community engagement
  • Governance topics including board structure, anti-corruption policies, and executive pay

The format and depth of your report will depend on your company's size and obligations, but the goal is always the same: to show how your business is creating value responsibly.

Why ESG reporting matters more than ever

Regulatory expectations have fundamentally shifted. With the EU banking package (CRR III and CRD VI), ESG risk is no longer a footnote. It's central to how capital requirements are set, how boards are held accountable, and how supervisory authorities evaluate institutions.

Financial institutions now need to collect detailed ESG data to fulfil their own reporting and risk management obligations: emissions, energy efficiency, asset locations, exposure to high-emitting sectors, and clients' transition plans. When that data isn't available from companies directly, institutions are forced to rely on third-party estimates, which introduces governance risk and audit scrutiny for everyone involved.

Insurers face a similar dynamic. Under the updated Solvency II framework, sustainability risks must be modelled over 30-year climate scenarios and integrated directly into solvency assessments. Reliable ESG data from businesses across the economy makes this more accurate and less burdensome for all parties.

In short: high-quality ESG data benefits the entire financial ecosystem. The more companies can provide credible, standardised ESG information, the smoother the flow of sustainable finance, and the more accurately risk is priced across the board.

Market momentum is building

In Belgium, the Kube platform was created on the initiative of Febelfin and Isabel, with advice from various federations, government bodies, and investors, and built on Karomia. It enables financial institutions to collect standardised ESG data from SME clients, aligned with the VSME standard, making it easier for both sides to work with the same data in the same format.

The message is clear: if you're seeking financing or operating in a supply chain, you'll need to speak the same ESG language as your partners.

ESG as a driver for sustainable growth

Modern ESG isn't a checkbox exercise. It's about:

  • How efficiently your business uses resources
  • How exposed you are to environmental or climate risks
  • How resilient your supply chain is to disruption
  • How ethically and transparently you operate

Companies that can demonstrate their ESG performance clearly gain a real competitive edge: better access to finance, stronger supply chain relationships, and greater trust from employees and customers alike.

What Changed with the Omnibus I Directive (February 2026)?

The Omnibus I Directive, adopted by the EU Council on 24 February 2026, significantly narrows the scope of mandatory sustainability reporting under the CSRD. Here's what you need to know.

Narrower scope: who must now report?

Mandatory ESRS reporting now applies only to companies that exceed both of the following thresholds:

  • More than 1,000 employees on average during the financial year
  • Net annual turnover above €450 million

This is a major change from the previous rules, which covered large companies above 250 employees or €40M turnover. The vast majority of companies that expected to fall under CSRD from 2026 or 2027 are now out of scope for mandatory reporting. According to European Commission estimates, the number of companies required to report on sustainability in the EU is expected to drop from approximately 45,000 to around 10,000.

For non-EU companies, mandatory reporting applies if they generate more than €450 million in EU revenue, with subsidiary or branch thresholds set at €200 million.

What about the earlier "wave 1" companies?

Companies that were already required to report under the old NFRD rules (the first wave, from FY2024) remain in scope through FY2026. From FY2027 onward, only companies meeting the new thresholds (more than 1,000 employees AND more than €450M turnover) will be required to report under CSRD. Member States may also exempt smaller wave 1 companies for FY2025 and FY2026.

Simpler standards: the ESRS have been dramatically revised

On 3 December 2025, EFRAG published the first draft of the amended ESRS. The numbers speak for themselves:

simplified esrs: fewer data points

That's a 72% reduction in data points in total. The Commission is also required to revise the first set of ESRS within six months of Omnibus I entering into force, focusing on: removing low-priority datapoints, prioritising quantitative over narrative disclosures, improving clarity on how to apply materiality, and improving interoperability with global standards.

Key structural improvement: the IROs to PAT (Policies, Actions, Targets) traceability chain is now much cleaner. The confusing many-to-many logic between impacts, risks, and opportunities on one side, and policies, actions, and targets on the other, has been significantly clarified.

Revised timeline

The "stop the clock" mechanism means the first mandatory obligation under the new simplified ESRS is pushed to 2028(reporting on FY2027 data). This applies to all companies in scope under the new thresholds.

What Type of ESG Report Does Your Company Need?

CSRD (ESRS) — Mandatory for the largest companies

If your company exceeds both 1,000 employees and €450M annual net turnover, ESRS reporting is mandatory. Your report must include:

  • A Double Materiality Assessment (DMA)
  • Verifiable ESG data across material topics
  • Machine-readable, tagged reporting formats (XHTML)
  • Limited assurance from an approved auditor

The Commission will adopt limited assurance standards by 1 July 2027.

Read more: Comprehensive Guide to Corporate Sustainability Reporting Directive (CSRD)

VSME — The voluntary path for SMEs

If you're below the mandatory thresholds, the VSME (Voluntary Sustainability Reporting Standard for SMEs) is your framework. Developed by EFRAG and formally recommended by the European Commission on 30 July 2025 (Commission Recommendation 2025/1710), VSME is a simplified, modular standard created specifically for non-listed micro, small, and medium-sized enterprises with fewer than 250 employees, though companies up to 1,000 employees can also apply it.

Important nuance: the Commission Recommendation is not legally binding in itself. However, the Omnibus I Directive introduces a new Article 29ca requiring the Commission to adopt a formal delegated act based on this Recommendation within 4 months of Omnibus I's entry into force. Once adopted, that delegated act will give the voluntary standard full legal standing. Until then, companies can and should already apply the Recommendation directly.

Why this matters for SMEs in practice:

  • The VSME is designed to help non-listed SMEs respond to ESG data requests from large companies and financial institutions in a standardised, proportionate way.
  • It covers the same sustainability topics as the ESRS, but on a proportionate basis suited to smaller organisations.
  • Reporting against VSME gives you a credible, reusable dataset for banks (via platforms like Kube), buyers, and regulators, without the complexity of full CSRD compliance.
  • The Commission actively encourages large companies and financial institutions to base their ESG data requests on the VSME standard, reducing fragmentation and questionnaire fatigue across supply chains.

VSME has two modules:

  • Basic Module — for micro-enterprises or first-time reporters. Covers key topics including Scope 1 and 2 greenhouse gas emissions, environmental metrics, own workforce, and anti-corruption (11 disclosure requirements).
  • Comprehensive Module — for small and medium-sized companies or those working with banks and larger corporates. Adds topics such as climate risk, value chain sustainability, and additional workforce disclosures (20 disclosure requirements in total).

Read more for further details: VSME Standard for SMEs: A Practical Guide to ESG Reporting.

Note on Scope 3: the VSME references Scope 3 greenhouse gas emissions as an example of an additional disclosure, but it is not a mandatory requirement under either module.

The value chain cap: a new protection for smaller companies

One of the most important changes in Omnibus I is the introduction of a value chain cap. Large companies subject to CSRD cannot require their suppliers or value chain partners with fewer than 1,000 employees to provide information beyond what the VSME standard specifies. Contracts that try to impose stricter requirements are legally void.

This means: if you're an SME, you now have formal legal protection against being buried in sustainability questionnaires from large clients.

The Double Materiality Assessment: Still the Starting Point

Whether you're subject to CSRD or using VSME voluntarily, the Double Materiality Assessment (DMA) is how you define what really matters.

What is Double Materiality?

The DMA combines two lenses:

  • Impact Materiality — how your activities affect the environment and society
  • Financial Materiality — how ESG risks and opportunities affect your business performance

Both lenses are required under CSRD. Even for voluntary reporters, a well-conducted DMA helps you focus on the right topics, align with stakeholder expectations, and build a credible, forward-looking ESG narrative.

What changed in the simplified DMA?

The philosophy has shifted from bottom-up to top-down first. Previously, companies started with the full list of ESRS topics, scored everything, and filtered afterward. Now, the approach starts with your business model, activities, and value chain. You pre-select plausibly material topics, then go deeper only where needed.

DMA 2023 vs 2025: what changed

In practice, this changes the numbers significantly. In a Karomia client case study with a manufacturing company, the simplified DMA approach delivered the same outcome — 5 material topics — but with:

  • 30% fewer thematic standards evaluated
  • 50% fewer IROs to assess internally
  • 75% fewer stakeholder responses to collect

Same result, dramatically less effort.

The DMA is more than compliance

A well-executed DMA doesn't just feed your report. It reveals blind spots, surfaces strategic opportunities, and gives leadership a 360° view of the business. It's not just a compliance exercise, but it's also a strategic one.

What Should Be in an ESG Report?

The three pillars

Environmental (E):

This section covers your company's impact on the planet and how you manage environmental risks. Standard indicators include greenhouse gas emissions (Scope 1, 2, and where material, Scope 3), energy consumption, waste generation, water usage, and biodiversity impacts.

Social (S):

Social data reflects how your company treats people — internally and across your value chain. This includes workforce demographics and diversity metrics, health and safety performance, labor practices, and human rights safeguards.

Governance (G):

The governance section evaluates how your company is run. A high-quality report covers board structure, anti-corruption measures, whistleblower protections, ESG-related risk management, and tax transparency.

The IRO to PAT traceability chain

One of the most important structural improvements in the simplified ESRS is the clarity around how Impacts, Risks, and Opportunities (IROs) connect to Policies, Actions, and Targets (PAT). Under the original version, this relationship was confusing and often led to duplicated disclosures. Under the simplified ESRS, the logic is linear and traceable, making it far easier to demonstrate coherence between what you've identified and what you're doing about it.

Data sources and KPIs

Strong ESG reports are built on traceable, verifiable inputs. Common data sources include:

  • Internal policies and audits (DEI policies, anti-bribery frameworks)
  • HR data (gender balance, turnover, training hours)
  • Utility bills and meter readings (Scope 1 and 2 emissions)
  • Financial records and invoices (for Scope 3 estimation)
  • Procurement records (supplier sustainability)

Commonly referenced KPIs:

  • Scope 1, 2, and 3 greenhouse gas emissions
  • Energy intensity per unit of output or revenue
  • Diversity ratios in leadership
  • Reported ethics violations and resolutions
  • Training hours on ESG-related topics

Common ESG Reporting Challenges — and How to Overcome Them

Challenge 1: "We don't have enough data"

Most companies already have more ESG data than they realise. It's sitting in invoices, utility bills, HR policies, sustainability memos, and supplier documents. Karomia's platform automatically extracts relevant information from uploaded documents and maps it to the appropriate ESRS or VSME disclosures.

For CSRD reporters, Karomia's integrated Fit Gap Assessment flags missing data in real time and suggests sources or draft disclosures, so you focus only on what's genuinely missing.

Challenge 2: "The standards are too complex"

With the simplified ESRS, total data points have dropped from 1,212 to 334 — a 72% reduction. But as Karomia's ESG Expert Éloïse Le Potier put it: "Simplified doesn't mean easier. Fewer boxes to tick. More precision required."

The expectation on quality has gone up even as the volume has gone down. That's why having a platform that maintains the IRO to PAT logic automatically, and ensures traceability without manual cross-referencing, makes such a difference.

Challenge 3: "We don't have an ESG team"

Karomia is built for teams without dedicated sustainability resources. Upload your documents, and the platform automatically defines your reporting scope, fills VSME or ESRS disclosures, and flags what's still needed. The built-in AI assistant walks you through next steps, suggests phrasing, and identifies appropriate data sources.

Challenge 4: "We already did a DMA, do we need to redo it?"

Not from scratch. The simplified DMA approach changes the process (top-down first, proportional depth, sub-topic level materiality) but often arrives at the same material topics. Your existing DMA can serve as an input to the new approach, meaning the process becomes lighter and more defensible rather than starting over.

Your Roadmap: 2026 to 2028

Here's how to structure your preparation:

ESRS roadmap 2026 to 2028

Now (2026):

  • Conduct or update your Double Materiality Assessment using the simplified approach
  • Load existing documentation into Karomia and run a Fit Gap analysis against the simplified ESRS
  • Identify your most significant data gaps and start addressing them

2027:

  • Set up your data collection infrastructure for FY2026 data
  • Produce an internal ESRS report on FY2026 data (not yet mandatory, but valuable as a dry run)
  • Engage with your auditor early on limited assurance expectations

2028:

  • Collect FY2027 data
  • Publish your first mandatory ESRS report with limited assurance

This timeline applies to companies in scope under the new Omnibus I thresholds (more than 1,000 employees AND more than €450M turnover).

One ESG Report, Done Right, Is All You Need

At Karomia, we believe that one ESG report, done well, should be enough. Whether you're reporting under ESRS (via CSRD) or VSME, you don't need different reports for different audiences. You need a single, verifiable ESG report that's built for reuse — across banks, investors, clients, and regulators.

  • Choose the right path: ESRS for companies above the Omnibus I thresholds, VSME for everyone else
  • Report once, using a standard that's credible, structured, and easy to share
  • Use automation to surface the data you already have and fill what's missing
  • Benefit from the value chain cap: if you're an SME, you now have legal protection against excessive data requests

ESG reporting in 2026 is not about doing more. It's about doing it right.

Frequently Asked Questions

What is an ESG report?

An ESG report is a structured disclosure covering a company's environmental, social, and governance performance. It includes metrics like carbon emissions, workforce diversity, and governance practices, and is used by stakeholders to evaluate sustainability and risk.

Who must do mandatory ESG reporting in the EU?

Following the Omnibus I Directive (February 2026), only companies with more than 1,000 employees AND more than €450 million in annual net turnover are subject to mandatory CSRD reporting. SMEs are not required to comply but are encouraged to use the VSME framework.

What is the VSME and who should use it?

The VSME (Voluntary Sustainability Reporting Standard for SMEs) is a proportionate, modular ESG reporting standard developed by EFRAG and endorsed by the European Commission on 30 July 2025 (Recommendation 2025/1710). It was originally designed for non-listed micro, small, and medium-sized enterprises with fewer than 250 employees, but companies up to 1,000 employees can also apply it.

The VSME defines the maximum amount of ESG data that can be requested from your company by supply chain partners and financial institutions, once the related delegated act under Omnibus I is formally adopted.

Is the VSME legally binding?

The Commission Recommendation itself is not legally binding. However, Omnibus I requires the Commission to adopt the VSME as a formal delegated act within 4 months of the Directive entering into force. Until then, companies can and should already apply the Recommendation. The content of the future delegated act may differ slightly from the current Recommendation, depending on the final legislative outcomes.

When do I need to publish my first CSRD report?

For companies in scope under the new Omnibus I thresholds, the first mandatory report is due in 2028, covering FY2027 data.

What changed in the simplified ESRS?

The total number of data points dropped from 1,212 to 334 — a 72% reduction. The biggest reductions are in E4 (Biodiversity, -88%), E2 (Pollution, -82%), and S4 (Consumers, -82%). The IRO to PAT traceability chain has been clarified, and repetitive cross-standard disclosures have been eliminated.

Do I need to redo my Double Materiality Assessment?

Not necessarily from scratch. The simplified DMA approach changes the process (top-down first, proportional depth, sub-topic level materiality) but often arrives at the same material topics. Your existing DMA can serve as an input to the new approach.

What are the key ESG reporting standards?

  • ESRS — mandatory for EU companies above the Omnibus I thresholds
  • VSME — voluntary standard for non-listed SMEs, formally recommended by the Commission and serving as the basis for a future delegated act
  • Global frameworks like GRI, SASB, and TCFD remain relevant depending on geography and investor expectations