CSRD Updates 2026: Omnibus, ESRS Simplification & To-dos

CSRD Updates 2026: What the Omnibus procedure truly changes and how you can effectively prepare now

2026 kicks off with a rare mix of relief and pressure to act: Relief, because the Omnibus package significantly narrows the scope of companies subject to CSRD. Pressure to act, because the companies that remain in scopemust provide robust reporting from the next reporting cycle onwards, including auditability.

In our first article of 2026, we broke down exactly that: What has been politically decided (Omnibus)? What needs to be implemented operationally (ESRS simplification by EFRAG)? And what does that specifically mean for data, processes, the supply chain, and auditing?

Here is the condensed, practical overview, as a blog article that you can directly use as guidance and an internal roadmap.

CSRD 2.0: Fewer companies affected and a clearer implementation focus

In December 2025, the European Parliament decided on a significant streamlining of sustainability reporting: In the future, CSRD reporting will only apply to companies that (i) have over 1,000 employees and (ii) have over €450 million in net turnover .

In parallel, EFRAG – the institution behind the ESRS – revised the standards: Mandatory data points (“shall”) were reduced by 61%, and voluntary data points were completely removed.

The result: less scope, more clarity, but still a high standard for materiality, data quality, and auditability.

Who is subject to CSRD and from when?

Following the final Omnibus simplification, CSRD obligations (in the EU) apply to companies with:

• > 1,000 employees and
• > €450 million net turnover

Important: As of today (January 9, 2026), the Omnibus text has been politically adopted, the formal finalization/implementation is still underway (including legal-linguistic review and final steps). Many commentators expect the formal finalization early 2026. The focus is on the reporting year 2027, when the CSRD will apply to most companies. The pragmatic consequence is that 2026 can be used as a trial and build-up year, when reporting becomes mandatory from 2027. By then, data flows, responsibilities, controls, documentation logic, and audit readiness must function smoothly.

Value Chain Cap & “Shielding” via the VSME

A key political idea in the Omnibus package is to address the trickle-down effect to limit: meaning that large, CSRD-obligated companies effectively pass on reporting obligations to the supply chain.

To achieve this, the Value Chain Cap is strengthened: companies within the CSRD scope should not demand information from companies outside the scope more information than a defined upper limit – this should be based on the voluntary VSME standard .

What does this mean in practice?

• If you have <1,000 employees, you will have a legal basis, to decline requests that go beyond VSME.
• If you are subject to CSRD, you must be prepared for this:
  • You will receive less primary data from the supply chain.
  • You will need to do more estimating / modeling (e.g., via industry averages, proxy data, extrapolated activity data).

The cap will be legally enshrined, but enforcement takes time. In our last webinar on the topic, the absolutely typical question arose: "Our customer (a large OEM) is still demanding more data. What should we do?"
The honest answer: Being in the right doesn't mean you immediately get your way. The cap will only become established practice over time and through precedents. For many suppliers, the short-term advice is: Secure business relationships, simultaneously build data structures, and transition to VSME standardization in the medium term.

ESRS Simplification by EFRAG: What Really Changes Operationally

In early December 2025, EFRAG published the technical recommendation for simplified ESRS. The key takeaways are:

1. Fewer Data Points

• -61% "shall" data points (if material)
• 100% of voluntary ("may") data points removed

This leads to one of the most significant improvements overall: Clarity on what is truly mandatory.

2. No Sector-Specific Standards

The Omnibus removes the obligation to mandatorily introduce sector-specific ESRS. This reduces uncertainty and prevents the data point burden from skyrocketing again later.

3. Double Materiality (DMA) becomes simpler to apply

The logic remains: Impact Materiality + Financial Materiality, including stakeholder engagement.
However: The process becomes significantly more structured (top-down approach via topics/subtopics; less granularity in sub-subtopics). This makes DMA more comprehensible and easier to audit.

Auditing remains within the scope of Limited Assurance

The omnibus adheres to the principle of auditability. It remains withLimited Assurance, i.e., the assurance report with limited certainty. The step towards Reasonable Assurance, as an assurance report with sufficient certainty, is explicitly removed.

To simplify the audit process, the EU Commission will by no later than July 1, 2027 provide EU-wide uniform standards for Limited Assurance.

What auditors primarily want to see in practice is:

• Process logic (who does what, when, how is it controlled?)
• Evidence (invoices, measured values, reliable sources)
• Calculation methods (verification through recalculation and plausibility checks)
• Interviews (who was responsible, how was the data collected?)

If 2026 is used as a trial year, we recommend the To build data collection and documentation logic in a way that would withstand an audit.

CO2 accounting in ESRS E1 remains the core

EFRAG's simplification strongly emphasizes proportionality and phasing-in, but regarding the topic of Greenhouse gas emissions (Scope 1–3) expectations are high – not least because data availability and methods are the most developed. EFRAG describes precisely this approach: relief through relevance/proportionality while simultaneously focusing on robust core information.

The implications for reporting in 2026 or preparation for 2027 are as follows:

• Define GHG data model (Scopes, categories, sources)
• Improve data quality (activity-based where possible; spend-based where necessary)
• Plan value chain strategy (factor in the VSME cap, clearly document estimation methodology)

Digital Tagging (XBRL / ESEF) is coming

Many companies ask: “Do we need to XBRL-tag already?” However, the official position is: Digital Tagging will only become mandatory when the EU Commission adopts the XBRL taxonomy within the framework of the ESEF RTS (prepared by ESMA).

In practical implementation, this means that the content & data model should be properly structured (structured data collection, clear definitions). Tagging should only be implemented once the XBRL taxonomy is final.

Conclusion

The CSRD simplification in conjunction with the Value Chain Cap has consequences for companies subject to the obligation, but also for smaller companies within the value chain.

Recommendation for companies subject to CSRD (1,000 / €450 million)

Goal for 2026: become audit-ready.

1. Scope clarity (Consolidation, reporting boundaries, value chain)
2. Re-establish/validate DMA (Top-down, Topics/Subtopics, Stakeholders)
3. Data Inventory (where is data located? who provides it? how often? at what quality?)
4. GHG first (Scope 1–3, Methodology, Evidence, Controls)
5. Document estimation/proxy methods (Factor in Value Chain Cap)
6. Implement controls (Dual control principle, Approvals, Change logs)
7. Structure the reporting narrative (Executive Summary + clear narrative flow)

If you have fewer than 1,000 employees (suppliers, SMEs)

Goal for 2026: Ensure data availability with VSME instead of ad-hoc stress.

1. Establish VSME as a standard (so you don't have to set up something new for every customer request)
2. Classify data requests (VSME-compliant vs. “over cap”)
3. Ensure deliverability