Latest articles
Regulation

2nd wave for CSRD: how to start gradually to be compliant in 2028?

A man climbs stairs
Written by:
Mathis Aussiette
Published on:
18/5/26

The entry into force of the CSRD (Corporate Sustainability Reporting Directive) has changed the business world over the past two years. While large groups (the “first wave”) are currently experiencing the pain of their very first reporting, many mid-sized companies (ETI) are looking at a horizon that seems distant: 2028.

Faced with this delay, it is tempting to postpone the exercise, but nevertheless, building robust and auditable extra-financial reporting requires a long time of work. CSRD compliance cannot be improvised when you close your accounts. Find out why Anticipation is your best strategy and how to get your business up and running by going step by step, from analyzing double materiality to choosing your tools.

1. Who is part of this 2nd wave of CSRD and why is the year 2028 crucial?

Before allocating internal resources, it is essential to understand if your business is targeted by this deadline.

Which businesses are directly affected?

Following recent changes by the European Commission via the Omnibus proposal, the application thresholds have been raised. Now, second-wave companies are the big structures surpassing 1,000 employees and achieving more than 450 million euros in turnover. It is these companies that will have to comply with European sustainability reporting standards (the standards ESRS) for their fiscal year 2027 with a report published in 2028.

Who can be indirectly affected by this wave?

This is where the most massive phenomenon is found. If you are an SME or an ETI that does not reach these thresholds (1,000 employees and €450 million in turnover), you can be in the value chain (supplier, subcontractor, partner) of these large companies subject to the directive.

To calculate their own carbon footprint or assess the risks of their supply chain, these large companies may require ESG (Environmental, Social, Governance) data from you. You will not be asked to produce a comprehensive CSRD report, but to provide reliable indicators.

Fortunately, a regulatory shield for SMEs exists: the Value Chain Cap. This principle states that large companies cannot require more information from their suppliers and value chain partners than what is strictly contained in the voluntary standard dedicated to SMEs: the standard VSME. So you know exactly what the maximum level of requirements is to be prepared for.

The trap of the “N-1" year: why act now?

If your official obligation is set at 2028 (covering the financial year 2027), The countdown has in fact already started. A report published in year N must be based on real and consolidated data for year N-1. This means that as of January 1, 2028, all your data collection, traceability and calculation systems must be 100% operational and bug-free. Arriving in 2028 without having tested these processes in 2026 and 2027 exposes the company to missing data, to the non-certification of the report, and in fine, to the loss of strategic markets.

To navigate peacefully and guarantee the reliability of your future report, we have identified four priority projects to be undertaken as of today:

  • Make a double materiality assessment
  • Secure this analysis by an advance audit
  • Conduct a dry-run reporting exercise in 2027
  • Deploy an adapted digital tool.
The steps to produce your CSRD report as a second-wave company

2. Conduct a double materiality assessment now and secure it through an early audit

If the CSRD was a house, the double materiality assessment would be the foundations. It is useless to try to collect hundreds of data without having carried out this strategic and mandatory exercise first.

The foundation of your compliance

The methodology requires you to filter all environmental, social and governance issues through the filter of two prisms:

  • Impact materiality: Do your activities have a material impact (positive or negative) on ecosystems, climate or populations?
  • Financial materiality: Do climate changes or social changes represent a risk or a material financial opportunity for your business model?

This exercise will allow you to sort out. If the subject of biodiversity is not material for your business, you will not have to publish the corresponding indicators. This analysis saves you valuable time by targeting your collection efforts. The good news is that you can already start these reflections in order to consider the exercise more calmly.

Once you've established your double materiality assessment, don't put it away in a drawer. the best practice is to have it audited immediately by an auditor (CAC) or an independent third party organization (OTI).

Why is it a good idea to have its double materiality audited?

Having its double materiality audited is necessary because it is this type of organization that will certify your final report. If, on D-Day, your auditor feels that your methodology and justifications are not appropriate, they can invalidate your entire report. By having your DMA validated in advance, you fully secure the perimeter of your future data collection in front of control authorities.

3. Doing a blank check in 2027: serenity insurance

Once your double materiality assessment has been validated, the year 2027 should become your training ground.

What is a dry-run reporting?

The dry-run exercise consists in simulating the entire production of your CSRD report on the data of the 2026 fiscal year, strictly for internal use. You will ask your HR, Purchasing and Environment teams to report back the data required by the identified hardware ESRS. The objective is not perfection, but to test your organization's processes.

The strategic benefits of dry-run reporting

The dry-run exercise is the only way to confront yourself with the reality on the ground. This life-size test will allow you to:

  • identify the “holes in the racket”: You will quickly realize that some data simply does not exist to date and you will thus be able to correct the situation in order to produce the missing data.
  • train and unify teams: The CSRD requires that the CSR Director, the Administrative and Financial Director and the operational staff speak the same language. The dry-run creates this synergy without the pressure of regulatory compliance.
  • adapt and optimize internal processes: you can take a step back at the end of this first test to identify the blocking points and prepare a more effective process for the real exercise in 2028.

4. Equip yourself to automate and make data reliable

The CSRD marks the end of an era: that of sustainability reporting carried out on Excel files exchanged by e-mail once a year. The European Union now requires the same rigor, traceability and reliability for extra-financial data as for your financial data.

The limits of traditional tools in the face of CSRD

The volume of data required makes manual management impossible. In addition, spreadsheets present unacceptable flaws for auditors: lack of a clear audit trail, untimely overwriting of histories, formula errors and consolidation difficulties between subsidiaries.

In addition, The CSRD imposes, in the long term, a digital markup of your report of sustainability in format XBRL (the same format as your annual financial reports), so that it is machine-readable and easily comparable across Europe. A classic Excel file does not allow this format to be generated natively.

Why adopt a dedicated software platform?

To approach 2028 peacefully, the deployment of a digital tool specialized in ESG reporting must be initiated at the time of your blank exercise. Such a platform allows you to:

  • automate the collection: By connecting directly to your existing software (ERP, HRIS), the tool drastically limits the risk of human error.
  • guarantee compliance and auditability: A CSRD software allows you to document each data (source, manager, update date, associated supporting document). This integrated traceability is valuable for you internally but especially for external auditors.
  • manage your data: Thanks to dedicated software, you can monitor your ESG indicators over time, visualize your progress and identify areas of focus.

Conclusion

In summary, the 2028 CSRD compliance is at stake today. Anticipation is not only a question of managing stress, it is an imperative to control your compliance costs and secure your reporting. Start with your double materiality analysis, involve your auditors beforehand, test your processes during a blank exercise, and equip yourself with the right technological tools. By following this gradual path, CSRD will be child's play.

Are you part of the “second wave”? Do not wait any longer and book a demonstration of our tool !

Last articles

Discover more articles

Dive into the heart of the subjects

Regulation
A man climbs stairs

2nd wave for CSRD: how to start gradually to be compliant in 2028?

CSRD second-wave companies must gradually work to achieve compliance in 2028, and should start today!
Mathis Aussiette
18/5/2026
Regulation
The crossroads in a forest

How to use CSRD to build your CSR approach?

Thanks to the CSRD, companies have already completed part of the path towards a robust CSR approach.
Erika Su
7/5/2026
Regulation
changement de direction

Que doit contenir un plan de transition conforme pour la CSRD ?

Un plan de transition climatique est une feuille de route stratégique qui définit comment une organisation va réduire ses émissions de gaz à effet de serre et adapter ses activités afin d’atteindre des objectifs alignés avec la lutte contre le changement climatique.
Mahis Aussiette
31/3/2026

FAQs

Find answers to common questions about CSRD and Kiosk

What is CSRD?

The CSRD or Corporate Sustainability Reporting Directive is the new European directive which aims to impose and better regulate corporate sustainability reports.

It makes companies more transparent, with standardized ESG reporting standards called ESRS (European Sustainability Reporting Standards)

CSRD: Who is impacted?

The application of the Corporate Sustainability Reporting Directive is progressive. Here is a summary table.

Effective yearBusinesses impactedStandard
2025 (over the financial year 2024)Listed companies with more than 500 employeesESRS
2026 (sur l’exercice 2025)Autres grandes entreprises de plus de 1000 salariésESRS
2026 (over the financial year 2025)Businesses that meet two out of three criteria:VSME
2027 (over the year 2026)SMEs listed on the stock exchangeVSME
2029 (over the fiscal year 2028)Non-European companies with at least €150M in turnover on the European marketESRS

Want to know when your business is impacted? Use our regulatory monitoring tool to find out.

What is the Omnibus Bill?

The "omnibus" bill is a recent initiative by the European Commission aimed at reducing the scope of the CSRD directive. It proposes, in particular, to raise the application thresholds: only companies with more than 1,000 employees would be affected, compared to 250 previously.

It promotes the adoption of the VSME framework to reduce the reporting burden on SMEs and mid-cap companies.

What is the VSME framework?

The VSME (Voluntary Sustainability Reporting Standard) is a voluntary European standard designed to help unlisted small and medium-sized enterprises (SMEs) structure and communicate their sustainability initiatives. Developed by EFRAG, this standard offers a lighter framework compared to ESRS standards, covering ESG aspects. It allows in particular to:

  • Harmonizing sustainable reporting practices in Europe
  • Facilitate the response to the expectations of business partners
  • Improving access to responsible financing

It aims to harmonize sustainable reporting practices, facilitate meeting the expectations of business partners, and improve access to responsible financing. Although not mandatory, adopting VSME allows SMEs to demonstrate their commitment to sustainability and anticipate future regulatory developments.

How to get ready for the CSRD?
  1. Complete the preliminary steps for the CSRD

These steps are dual materiality analysis and gap analysis. They will help you understand the material issues, impacts, risks, and opportunities for your business. They will also allow you to create a roadmap based on what you have already achieved.

Check out our article on double materiality here.

  1. Compile your data and produce your indicators

Centralizing sustainability data is essential for your compliance, particularly to facilitate understanding and consistency when producing quantitative indicators.

  1. Produce your detailed report in XHTML format with XBRL tags

Thanks to its tagging and visualization technologies, Kiosk guarantees a very high level of consistency.

Find our article on XBRL tagging here .

  1. Audit your data

At the end of these steps, your sustainability report is ready to be audited by an Independent Third Party Organization (ITO).

Kiosk supports your compliance journey throughout this process. For more information on these steps, we invite you to contact our team.

Why use software dedicated to CSRD?

CSRD compliance requires companies to:

  • understanding the 12 ESRS and 82 disclosure requirements
  • the collection of more than 1,000 data points
  • the calculation of 50-147 quantitative indicators
  • tagging 4,000 items in the final report

Kiosk is a software that allows companies to save 5 months on the preparation of their CSRD report by automating the most time-consuming steps.

How is my data processed?
  • First of all, the security of your data is our priority.
  • All data is stored in France, in Paris, via our French hosting provider.
  • During transit, your data is encrypted in SSL/TLS from the user's browser to our servers guaranteeing the security of communications.
  • Data is also encrypted at rest, both on the database and on file storage, protecting the data in the event of a leak or attempted theft.
  • Kiosk's technical teams are the only ones who can access your data.
  • Kiosk is in the process of ISO27001 certification.
  • Our technical support is available 24/7.