CSRD Reporting and CSDDD Compliance: Fewer Companies in Scope, and Why VSME Is the Answer

What Is the Omnibus Package and Why Does It Matter?

On 13 November 2025, the EU Parliament adopted its final position on the Omnibus package for the CSRD (Corporate Sustainability Reporting Directive) and CSDDD (Corporate Sustainability Due Diligence Directive) reforms in a plenary vote. With its new position now formally accepted, the legislative process can move forward, but a final text for the directive is not yet completed.

This is part of a growing simplification and deregulation agenda across multiple files, not just CSRD and CSDDD. Other Omnibus packages this year or coming soon cover topics like Defense, Digital (including simplifying GDPR), Cybersecurity, Environmental permitting for mining and energy projects, Chemicals, agriculture, automotive, and corporate tax. The sustainability package is now clearly part of a larger political push to “cut red tape.”

The changes have sparked significant debate. Many feel that the initial ambition of the directives has been considerably reduced, with scope in particular taking a large cut. But does that fundamentally undermine the spirit of these directives, or does the core intent remain intact? What can we realistically foresee?

CSRD Reporting: How the Omnibus Package Reduces Scope

Regarding CSRD, the scope thresholds go up from a turnover threshold of €50m to €450m, and the employee threshold moves from 1,000 to 1,750 employees. This means fewer companies in scope, including some that were in “Wave 1”.

Those Wave 1 companies still must report for the first year (current reporting cycle) under the existing rules. The Omnibus rules kick in later from the new application year, so companies may fall out of scope going forward, not retroactively.

It is worth noting that while the scope is reduced and the reporting simplified, the core of the directive has not changed. The need to report on demonstrable controls and measures regarding ESG (Environmental, Social and Governance) remains fully in place for the companies that are still in scope.

CSDDD Compliance: Fewer Companies, Same Core Obligations

For CSDDD, the major changes relate to scope reduction, moving from 1,000 employees and €450m turnover, to 5,000 employees and €1.5bn turnover. As a result, the estimated number of companies in scope drops from about 10,000 to about 2,000.

The inclusion of civil liability has also been removed. The idea of a harmonized EU civil liability regime for CSDDD is gone, leaving only national civil liability regimes. This makes it more complex for affected parties to bring claims across borders.

However, the core content of the directive has been untouched. The requirement to manage proactively by being risk centric and introducing a cycle of continuous improvement remains unchanged. What companies will actually have to do, once in scope, is the same as before. That is a key point worth keeping in mind.

What Changes in the ESRS Reporting Standard?

For the reporting standard under CSRD, the ESRS (European Sustainability Reporting Standards), EFRAG (European Financial Reporting Advisory Group) proposes a reduction of the number of data points by 50%.

This allows for a more reasonable and manageable reporting exercise. For more detailed information, this EFRAG document provides a helpful summary of changes.

There is also a reorganization of the reporting to a top-down approach starting from the business model, rather than a bottom-up exercise. On the social side in particular, where scoring has proven difficult and responses are largely subjective and textual, the original ESRS proposal was widely considered burdensome.

The new ESRS also clarifies previously unclear topics regarding how mitigation, prevention, and remediation actions influence impact assessment and materiality criteria.

The Global Reach of CSRD: Non-EU Companies Are Not Exempt

One aspect that deserves attention is the approach to non-EU companies. If an EU subsidiary qualifies as “large”, meaning it has more than 1,750 employees and €450m in revenue, it reports like any EU company under CSRD.

If all EU subsidiaries combined generate over €450m in turnover, the ultimate parent can be required to produce a global sustainability report.

Notably, this will be done under a third-country standard called NSRS (Non-EU Sustainability Reporting Standard), not ESRS. EFRAG is currently preparing this standard, which is simpler than full ESRS and mostly impact focused. It is planned to apply around 2028 to third-country groups falling under CSRD scope.

This will lead to one ESRS report for the in-scope EU subsidiary plus one global NSRS report for the whole group, with an option to produce one combined ESRS report globally. The key takeaway here is that large US or Asian companies with significant EU revenue will be in scope. CSRD is reaching beyond Europe, requiring reporting on global operations via this new NSRS.

Greenhushing: Why Companies Are Going Quiet on ESG

When looking at all these developments, it is tempting to conclude that ESG is in retreat. That political pressure and lobbying campaigns are successfully pushing back against environmental and social initiatives under the banner of protecting business competitiveness.

But is that really the full picture?

The immediate effect seems to be less about corporations abandoning their ESG work, and more about them going quieter on it. This is known as Greenhushing. And there are rational business decisions behind it.

For companies in sectors like coffee and chocolate, the pressures driving their sustainability work have not gone away. Climatic changes continue to put real stress on supply chains, as evidenced by the sharp rise in prices for both commodities. Social issues related to migration, worker exploitation, and unsafe working conditions remain present, along with the associated reputational and regulatory risks.

Responsible companies and their risk managers continue to treat these as live and material concerns.

As noted in this article from the Harvard Business Review: Are Companies Actually Scaling Back Their Climate Commitments?, the evidence suggests that many companies are continuing their sustainability efforts even as the public narrative shifts. This article is not alone in this finding, and it corroborates what broader research seems to show.

What Large Companies Will Do: Staying the Course on CSRD Reporting

Large companies, even those that fall outside the new scope, will mostly continue with ESRS, possibly in its new simplified and amended version. The reasons are practical. They need ESG data for clients, investors and banks, and reversing course is not straightforward. They also see ESRS as part of a broader global reporting direction.

This global direction is also being shaped by California’s climate disclosure laws, as well as laws in progress outside the EU. China, India, Canada, Thailand and many others have similar laws enforced or in preparation, covering a similar ESG scope or a partial one.

Global groups are currently prioritizing California’s climate rules over European changes, seeing those as the next significant reporting frontier.

The Omnibus Paradox: The Hidden Risk for SMEs

A critical question is what smaller or borderline companies will do. Some may fall back to traditional CSR (Corporate Social Responsibility) narratives with less standardized data, stepping away from ESRS entirely.

But many of them may find themselves caught in what is called the Omnibus Paradox. This effect was analyzed and described by Tommy Borglund, senior lecturer and researcher in Sustainability and Corporate Social Responsibility at Stockholm School of Economics, whose research examines how the gap between mandatory and voluntary reporters could reshape competition.

In a study of the top 100 Nordic companies, Borglund found that companies sitting just under the reporting threshold risk falling behind. Their larger competitors, who are required to report, will build stronger sustainability management systems and greater transparency over time.

The smaller non-reporting companies may then find themselves excluded from sustainability indexes, customer shortlists, and investor funds.

The logic is straightforward. When choosing between a supplier that reports and one that does not, the reporting supplier is the lower-risk choice. That competitive dynamic does not go away just because a company is no longer legally required to report.

SME Sustainability Reporting: Why VSME Is the Answer

We can therefore foresee that a good number of smaller companies will shift to VSME (Voluntary Standard for non-listed micro-, small- and medium-sized enterprises) type simplified reporting.

Worst case scenario, they return to responding to personalized questionnaires driven by individual customer requests, time and again, every time they apply to an RFP (Request for Proposal).

VSME is a voluntary sustainability reporting standard designed to help non-listed SMEs understand and communicate their ESG impacts. Developed and published in December 2024 by EFRAG, it provides a framework for smaller businesses to produce their own sustainability reports in a way that is adapted to their more limited means and resources.

The VSME was developed to achieve four main goals:

1. Supporting information requests from the supply chain: Large companies covered by CSRD will increasingly request sustainability information from their suppliers. The VSME gives SMEs a practical framework for responding to those requests.
2. Better access to finance: Banks and investors are increasingly asking for ESG data. The VSME allows companies to provide this information in a standardized and credible way.
3. Improving sustainability performance: The VSME helps businesses systematically address their sustainability challenges, building resilience over both the short and long term.
4. Contributing to a more sustainable economy: By bringing SMEs into sustainability reporting, the VSME supports Europe’s broader transition to a more sustainable and inclusive economy.

Reduced scope or not, many companies, whether inside or outside the formal scope of CSRD and CSDDD, will continue to report and conduct due diligence to stay competitive. The scope of both directives has been reduced, but their impact will remain significant. What remains in scope represents the largest players, and a binding standard continues to set the direction for corporate sustainability more broadly. CSRD and CSDDD remain meaningful steps forward, even in their revised form.

How FSSC 24000 Helps SMEs Respond to the Challenge

This is where FSSC 24000 becomes directly relevant. FSSC 24000 is a certification scheme for social management systems, built on PAS 24000 and developed by Foundation FSSC. It follows the ISO Harmonized Structure, allowing seamless integration with other ISO management system standards. While VSME is a reporting standard and FSSC 24000 is a management system certification, they are closely complementary.

FSSC 24000 helps organizations build the internal structures, controls and documented evidence needed to respond to exactly the kind of social sustainability data requests that VSME addresses.

For SMEs facing the Omnibus Paradox, this offers a practical and structured way to demonstrate social responsibility performance to customers, investors and supply chain partners.

Rather than responding to endless individual questionnaires, a certified organization can point to a recognized and audited standard as proof of their social management practices. That is precisely what VSME reporting aims to communicate.

In a landscape where fewer companies are legally required to report but the competitive pressure to demonstrate ESG performance keeps growing, FSSC 24000 gives SMEs a credible and internationally recognized answer.

This article draws on the original analysis by Francisco Javier Esteve, ESG and Compliance specialist with expertise in Social Audits, Social Management Systems, PAS 24000 and FSSC 24000, Compliance Governance, ISO 27000 and Data Protection, published on LinkedIn. Foundation FSSC has reframed and structured the content to highlight its relevance to social sustainability certification and SME reporting. Read the original article here.