CSRD Updates 2026: What the Omnibus Procedure Really Changes and How You Can Prepare Wisely Now
2026 begins with a rare combination of relief and pressure to act: relief because the Omnibus Package significantly restricts the group of companies subject to CSRD requirements; pressure to act because the companies that remain subject to these requirements must provide reliable information, including verifiability, starting with the next reporting cycle.
In our first post in 2026, we broke down exactly that: What has been decided politically (Omnibus)? What needs to be implemented operationally (ESRS by EFRAG)? And what does that mean specifically for data, processes, the supply chain, and auditing?
Here is a concise, practical overview in the form of a blog article that you can use directly as a guide and internal roadmap.
1) CSRD 2.0: Fewer companies affected and a clearer focus in implementation
In December 2025, the European Parliament decided to significantly streamline sustainability reporting: CSRD reporting will in future only apply to companies that (i) have more than 1,000 employees and (ii) have net sales of more than €450 million.
At the same time, EFRAG—the institution behind the ESRS has revised the standards: mandatory data points ("shall") have been reduced by 61%, and voluntary data points have been completely eliminated.
The result: less scope, more clarity, but still high standards of materiality, data quality, and verifiability.
2) Who is subject to CSRD and from when?
Following the final omnibus simplification, CSRD requirements (in the EU) apply to companies with:
- > 1,000 employees and
- > €450 million in net sales
Important: As of today (January 9, 2026), the omnibus text has been politically approved, but formal finalization/implementation is still ongoing (including legal and linguistic review and final steps). Many commentators expect formal finalization in early 2026. The time frame focuses on the 2027 reporting year, when the CSRD will take effect for most companies. The pragmatic consequence is that 2026 can be used as a trial and development year if reporting is required from 2027 onwards. At that point, data flows, responsibilities, controls, documentation logic, and audit readiness must be functioning smoothly.
3) Value Chain Cap & “Shielding” via the VSME
A key political idea in the Omnibus Package is to limit the trickle-down effect: in other words, to prevent large companies subject to CSRD requirements from effectively "passing on" their reporting obligations to the supply chain.
To this end, the value chain cap will be strengthened: companies within the CSRD scope will no longer be allowed to request more information from companies outside the scope than a defined upper limit – this will be based on the voluntary VSME standard.
What does that mean in practice?
- Wenn du <1.000 Mitarbeitende hast, bekommst du ein rechtliches Argument, Anfragen abzulehnen, die über VSME hinausgehen.
- If you are subject to CSRD, you have to be prepared for it:
- You receive less primary data from the supply chain.
- You need to estimate/model more (e.g., using industry averages, proxy data, extrapolated activity data).
The cap will be enshrined in law, but enforcement will take time. In our last webinar on the subject, the following question was asked, which is absolutely typical: "Our customer (a large OEM) is still demanding more data. What should we do?"
The honest answer: being right does not mean you will immediately get your way. The cap will only become established in practice over time and through precedents. For many suppliers, the short-term strategy is to secure business relationships, build up data structures in parallel, and switch to VSME standardization in the medium term.
4) ESRS by EFRAG: What really changes operationally
EFRAG ESRS its technical recommendation for simplified ESRS at the beginning of December 2025. The key points are:
1. Fewer data points
- -61% "shall" data points (if material)
- 100% of optional ("may") data points removed
This provides one of the most important improvements of all: clarity about what is really mandatory.
2. No sector-specific standards
Omnibus removes the obligation to introduce sector-specific ESRS . This reduces uncertainty and prevents the data point burden from skyrocketing again later on.
3. Double materiality (DMA) becomes easier to apply
The logic remains the same: impact materiality + financial materiality, including stakeholder engagement.
However, the process becomes significantly more structured (top-down approach via topics/subtopics; less granularity in sub-subtopics). This makes DMA more transparent and easier to audit.
5) The scope of the audit remains limited assurance.
Omnibus adheres to the principle of verifiability.Limited assurance, i.e., audit evidence with limited certainty, remains in place. The step toward reasonable assurance, as audit evidence with sufficient certainty, is explicitly removed.
To simplify the audit process, the EU Commission will provide uniform EU-wide standards for limited assurance by July 1, 2027, at the latest.
What auditors want to see in practice is above all:
- Process logic (who does what, when, how is it controlled?)
- Supporting documents (invoices, measurements, reliable sources)
- Calculation methods (verification through recalculation and plausibility checks)
- Surveys (who was responsible, how were they conducted?)
If 2026 is used as a trial year, we recommend structuring the data collection and documentation logic in such a way that it would stand up to scrutiny.
6) CO₂ in ESRS remains the hard core
EFRAG's simplification approach relies heavily on proportionality and phasing-in, but expectations are high when it comes to greenhouse gas emissions (Scope 1–3) – not least because the data and methods are the most advanced in this area. EFRAG describes precisely this approach: relief through relevance/proportionality while focusing on reliable core information.
The following applies as a consequence for reporting in 2026 or preparation for 2027:
- Define GHG data model (scopes, categories, sources)
- Improve data quality (activity-based where possible; spend-based where necessary)
- Plan value chain strategy (take VSME-cap into account, clearly document estimation logic)
7) Digital tagging (XBRL/ESEF) is coming
Many companies are asking: "Do we have to start XBRL tagging now?" However, the official line is that digital tagging will only become mandatory once the EU Commission adopts the XBRL taxonomy as part of the ESEF RTS (prepared by ESMA).
In practical terms, this means that the content and data model should be set up correctly (structured data collection, clear definitions). Tagging should only be implemented once the XBRL taxonomy is final.
Conclusion:
The CSRD simplification in conjunction with the value chain cap has consequences for companies that are subject to the obligation, but also for smaller companies that are part of the value chain.
Recommendation for companies subject to CSRD (1,000 / €450 million)
Goal for 2026: become audit-ready.
- Scope clarity (consolidation, reporting boundaries, value chain)
- Reset/validate DMA (top-down, topics/subtopics, stakeholders)
- Data inventory (where is the data stored? Who supplies it? How often? What is its quality?)
- GHG first (Scope 1–3, methodology, evidence, controls)
- Document estimation/proxy methods (take value chain cap into account)
- Incorporate controls (dual control principle, approvals, change logs)
- Structure the reporting story (executive summary + clear reading logic)
If you have fewer than 1,000 employees (suppliers, medium-sized companies)
Goal for 2026: Ensure information availability with VSME instead of ad hoc stress.
- Establish VSME as the standard (so you don't have to set up something separate for every customer inquiry)
- Classify data requests (VSME-compliant vs. "over cap")
- Ensure delivery capability (respond to data requests pragmatically in the short term, cleanly and in a standardized manner via VSME in the medium term)
