by Maria El. Stefanaki, Attorney-at-Law, LL.M. Cambridge/ESG Officer (ISO/ IEC 17024), MSc (c) in Sustainability Management,
On the 18nth of March 2026 the Omnibus I Directive (EU) 2026/470 entered into force, offering a substantial reduction in both the number of companies in scope, as well as the weight of their obligations.
We hereby summarize the key points of Corporate Sustainability Reporting Directive (CSRD) and Corporate Sustainability Due Diligence Directive (CS3D), having incorporated the recent amendments of the Omnibus Directive (EU) 2026/470, as well as the remarks and conclusions of the most recent Cleon Conference in Athens, on 31/03/2026, regarding the new regulatory landscape on ΕSG. (Subject of Conference: “The New ESG Regulatory Landscape: Simplification, Flexibility or Regression?”).
I. ΕU CΟRPORATE SUSTAINABILITY REPORTING DIRECTIVE (CSRD)
1. Status
The CSRD entered into force on January 1, 2024 and has been amended by two Omnibus Directives:
(i) Directive (EU) 2025/794 (“Stop the Clock”), by which the reporting obligation for companies in the second and third waves[1] has been postponed by two years;
(ii) Directive (EU) 2026/470 adjusting the thresholds and content of CSRD (see below).
2. Content and Objectives
CSRD replaces the current ΝFRD[2]. According to CSRD, companies must release publications on the following main topics: environment, social matters and the treatment of employees, anti-corruption and anti-bribery, respect for human rights, diversity on company boards (in terms of age, gender, educational and professional background).
3. Scope
After the Omnibus Directive (EU) 2026/470, the CSRD thresholds have been reset to apply only to:
-From 2025 for 2024:
Large EU companies of public interest (capital market- oriented companies, credit institutions and insurance companies) with more than 500 employees and a balance sheet total over 25 million euros or turnover over 50 million euros (the same thresholds apply to EU parent companies on a consolidated basis).
Adjustment by Omnibus Directive (EU) 2026/470: If the above companies in the first wave (Wave 1 companies) exceed the old thresholds but not the new ones (see below), national legislators may stipulate that these companies may suspend their reporting obligations for two years and only have to report in 2028 for the 2027 financial year.
However, the Greek legislator has transposed the “Stop the Clock” Directive via Law 5255/2025 by which the Wave 1 companies (already under ΝFRD), continue normally under the CSRD landscape without being affected by the “Stop-the-Clock” mechanism – whereas companies under Wave2 (“large companies”) and Wave 3 (“listed SMEs”), have had their reporting obligations shifted for 2 years.[3].
-From year 2028 for financial year of 2027:
EU companies with more than 1.000 employees and 450 million euros in net turnover.
This is a significant increase, compared to the previous thresholds, which were set at 50 million euros in net turnover, 25 million on the balance sheet and 250 employees.
Actually, it has been estimated that the Omnibus will exclude 80% of companies from the scope of CSRD.
–From year 2029 for financial year of 2028:
Νon-EU parent companies that generate over 450 million euros within the European Union (previously set at 150 million euros), for two consecutive years and maintain either an EU local subsidiary or an EU branch with a turnover of at least 200 million euros (up from the current 40 million euros).
Significant Remarks
Non – EU companies whose securities are listed on a regulated market in the EU are obliged in the same way as EU companies. The Omnibus amendments also exempt parent financial holding companies, which act only as holding companies, without being involved in the management of other undertakings.
4. Elimination of Obligations by Omnibus Directive
Value Chain Protections
To protect smaller entities, a “value chain cap” has been introduced.
”Protected undertakings”(with fewer than 1.000 employees) may decline to provide data that exceeds voluntary reporting standards. The relevant sustainability reporting standards(ESRS) should take account of the difficulties that undertakings may encounter in gathering information from actors throughout their value chain, especially those that are not subject to CSRD, or based in emerging markets and economies.
Removal of Sector – Specific Standards
The Commission’s mandate to adopt mandatory sector- specific standards has been replaced by a mandate to provide non-binding guidance, which will be developed based on industry demand.
5. Main Obligations under CSRD
Following the above amendments, the main Obligations of the Companies in scope are:
-Obligation to publish a sustainability report on material sustainability topics; fulfilment of disclosure requirements in accordance with the ESRS (European Sustainability Reporting Standards); description of sustainability targets; description of the role of the company’s management with regard to sustainability and the inclusion of sustainability topics in the remuneration structure.
-Obligation to identify material sustainability topics through materiality analysis based on the concept of the double materiality.
-Obligation to audit the sustainability report.
II. EU CORPORATE SUSTAINABILITY DUE DILIGENCE DIRECTIVE (CS3D)
The most drastic revisions by Omnibus Directive, appear within the CS3D, where the scope of application has been reduced significantly to target only the largest market players.
1. Status
Entered into force on 25 April 2024, applies from July 2029. The results of the omnibus procedure have been taken into account in the following presentation. The CSDDD, as amended in the course of the omnibus procedure, was published in the Official Journal of the EU on 26 February 2026.
2. Content and Objectives
CS3D regulates corporate due diligence obligations to avoid human rights violations and the breach of environmental obligations in the supply chain.
3. Scope
From 2029:
The Directive now applies only to:
- EU companies with more than 5.000 employees and a global net turnover exceeding 1,5billion euros,
- For non-EU companies, the threshold is set at 1.5 billion euros generated within the Union,
- Companies with:
(a) EU franchising or licensing agreements for annual royalties that exceed 75 million euros and
(b) an annual net turnover excess of 275 million euros worldwide (for EU companies) or in the EU (for non-EU companies), or the ultimate parent companies of such a corporate group.
For the calculation of the thresholds, the parent company is taken into account.
4. Elimination of Obligations by Omnibus Directive
– Removal of the Climate Transition Plan: In a major shift, the requirement for companies to adopt and implement climate transition plans (aligned with the 1,5 C Paris Agreement goal) has been removed from the CS3D.
– A “Scoping” rather than “Mapping” Approach for Due Diligence Obligations: Companies are now required to identify adverse impacts based on “already reasonably available” information. Following the scoping exercise, undertakings must conduct in-depth assessments, where the most severe crisis have been identified. Data may be requested from business partners only where necessary and, with respect to smaller business partners (under 5.000 employees), as a measure of “last resort”. In particular:
– Risk-based assessment: CS3D requires companies to identify and assess actual or potential adverse impacts, through a risk- based approach taking account of risk factors such as those relating to geographical context, sector, product or service and whether the business partner is covered by CS3D.
For this risk-based assessment, the Omnibus describes a two-step process:
-Step one: Α scoping exercise to identify general areas across the company’s own operations, subsidiaries and, where related to their chains of activities, those of their business partners where, based on reasonably available information, adverse impacts are most likely to occur and to be most severe.
-It states that “reasonable available information” will “as a general rule preclude requesting information from business partners” although companies will have “flexibility in judging what information is reasonably available to them”.
-Step two: Based on the results of the above scoping, the company should carry out an in- depth assessment in the areas, where the most severe and likely adverse impacts have been identified.
-For this purpose, companies should not seek to obtain information from business partners “unless this is necessary”. Where a business partner has fewer than 5.000 employees, the company shall only seek such information where information “cannot reasonably be obtained by other means”.
-Where such information can be obtained from more than one business partner, companies should, where reasonable, prioritize seeking it directly from the partner(s) “where the adverse impacts are most likely to occur”.
-Termination/Suspension of Business Relationships: The final text of the Directive eliminates the “last resort” requirement to permanently sever ties with business partners when mitigation fails. Instead, the focus shifts to a more flexible approach: where allowed by the applicable governing law, companies are now expected to suspend specific activities or relationships until the issues are resolved.
-Liability and Fines: The proposed EU-wide harmonized civil liability regime has been removed, leaving enforcement to national systems. Furthermore, the ceiling for financial penalties has been lowered to 3% of net worldwide turnover.
5. Main Obligations under CS3D
Following the above amendments, the main Obligations of the Companies in scope are:
–Fulfilment of the following due diligence obligations (duty to make an effort to fulfil the due diligence obligations, the CSDDD requires increased consultation with stakeholders):
(i) Integration of risk-based due diligence into corporate policy,
(ii) Identification and assessment of actual and potential adverse impacts (in the activity chain, where there is a limited obligation to obtain information, downstream only to a limited extend),
(iii) Taking prevention and mitigation measures (in the event of actual adverse impacts),
(iv) Setting up a complaints procedure (accessible to internal and external persons), monitoring and reviewing the effectiveness of strategies and measures,
(v) Documentation and reporting once a year, usually via the sustainability report as part of the CSRD.
III. NEXT STEPS AND STRATEGIC OUTLOOK
At first, the Omnibus I package seems to provide a “relief” for companies navigating the CSRD and CS3D landscape. However, the scope of the Omnibus I Directive isn’t to undermine ΕSG procedures (CSRD reporting/CS3D due diligence), but to reframe them, through simplification and focus on real value creation. Without the heavy burden of excess bureaucratic overload, companies should fundamentally reassess the ΕSG regulatory frameworks, from being perceived as compliance obligations into principal strategic instruments of RISK MANAGEMENT and CAPITAL ALLOCATION. In particular, through the double materiality exercise – that remains intact by Omnibus I – as well as the due diligence procedure, companies are encouraged to collect valuable data related to their operations, that will help them reassess their current status of maturity on sustainability issues. By following the above mentioned procedures, companies will trace weaknesses, as well as risks and opportunities in stake and take strategic decisions accordingly, by allocating also the necessary funds. Rather than treating disclosures and due diligence requirements as box-ticking exercises, forward-looking organizations should use the extra time offered by the Omnibus procedure, to strengthen risk management, improve supply chain transparency and anticipate regulatory, environmental and social disruptions. By embedding ESG considerations into core business strategy, firms can identify material risks earlier, unlock operational efficiencies, allocate the necessary funds early on and build trust with investors, customers and stakeholders. Ultimately, approaching ESG reporting and CS3D through a strategic lens enables companies not only to meet evolving regulatory expectations but also to secure resilience and competitive advantage – mainly by strategically investing on the areas that mostly matter – in an increasingly complex and sustainability-driven global economy.
[1] Wave 2 (“large companies”):
Α company qualifies as “large” if it meets at least 2 of 3 criteria:
-250 employees,
-EUR 40 million net turnover
-EUR 20 million total assets
Wave 3 (“Listed SMEs – except micro – and small financial entities):
Α company qualifies as “SME” if it meets at least 2 of 3 criteria:
– Fewer than 250 employees,
– Less than EUR 40 million net turnover
– Less than EUR 20 million total assets
By the “Stop-the-Clock” Directive, the reporting obligations of Wave 2&3 have been shifted for 2 years:
-Wave 2: Reporting Obligation from 2028 for financial year 2027 (previously, from 2026 for financial year 2025)
-Wave 3: Reporting Obligation from 2029 for financial year 2028 (previously, from 2027 for financial year 2026)
[2] Non –Financial Reporting Directive (Directive 2014/95/EU), is the first EU Directive requiring large companies to disclose non-financial (ESG) information. It applied to:
– Large public-interest entities (PIEs) with more than 500 employees (ex listed companies, banks, insurance companies).
It has now been replaced and significantly expanded by CSRD.
Practically, companies previously under ΝFRD are included in Wave 1 of CSRD.
They are the first to apply CSRD (from 2025, for financial year 2024).
[3] Law 5255/2025 (Αrt.57) shifts the application dates of CSRD by amending the relevant provisions of Law 5164/2024:
Timeline:
Wave 1 (Large listed – under NFRD): Reporting Obligation from 2025, for financial year 2024(remains unchanged)
Wave 2 (Large non – NFRD): Reporting Obligation from 2028, for financial year 2027
Wave 3 (Listed SMEs & small financial entities: Reporting Obligation from 2029, for financial year 2028.
