The CSRD (Corporate Sustainability Reporting Directive) requirements for Italian companies are not an optional “green report.” They are a mandatory reporting obligation with ESRS standards, consolidation scopes, verifiable data, and assurance. In Italy, the CSRD has been transposed through Legislative Decree (D.Lgs.) 125/2024 (in force since September 2024), and in 2025 the “stop-the-clock” shifted the timeline, not the scope of the entities involved.

Which Italian companies fall under the CSRD—and how to tell if you’re required (size, groups, listed companies and SMEs)

The thing most

CSRD scope “in waves” (who is in)

  1. Companies already under the NFRD In practice: public-interest entities (PIEs) already subject to the NFRD, typically with more than 500 employees. They are the first wave and start earlier.

  2. Large undertakings (including non-PIEs) Companies that exceed the size thresholds set for a “large undertaking.” This includes many unlisted B2B industrial businesses.

  3. Listed SMEs (excluding micro-undertakings) If you are an SME but are listed on a regulated market, you may be in scope. Micro-undertakings are excluded. For some SMEs, deferral/opt-out options are available and should be assessed as a strategic choice (compliance cost vs access to capital and supply chains).

  4. Non-EU groups with “significant” activity in the EU If you are part of a non-EU group with a significant presence in the Union, a reporting obligation may apply at group level. For many Italian subsidiaries, this means “we inherit processes and data requests from HQ.” (Context: Italy is an EU Member State, so EU-level thresholds and group rules apply to Italian entities.)

Key point: the stop-the-clock (Directive (EU) 2025/794) postponed certain deadlines, but did not narrow the population of entities in scope.

Practical “large undertaking” test (CFO / Corporate Affairs checklist)

If you want a quick B2B-style check, use this checklist. It does not replace legal analysis, but it tells you whether you are “CSRD-exposed” and how much work is likely required.

A. Size (typical thresholds to verify)

  • Employees: are you above the relevant threshold?
  • Revenue: do you exceed the threshold?
  • Total assets: do you exceed the threshold?

B. Group structure (this changes everything)

  • Are you the parent company and do you prepare consolidated accounts? Then you must consider the reporting scope and which subsidiaries are included.
  • Are you a subsidiary of an EU group? Typically, HQ will cascade data and process requirements down to you for CSRD consolidation.
  • Are you an Italian subsidiary in a group with multiple legal entities? Expect requests on: energy consumption, Scope 1–2 emissions, HR data, accidents, procurement and suppliers.

C. Listing status

  • Are you listed (including as an SME)? Check whether you qualify as a listed SME and whether you can use any available deferral options.

Listed companies and SMEs: what “listed SME” and “excluding micro” mean

If you are an SME but listed, the CSRD may apply. Micro-undertakings are excluded. For some SMEs there are deferral/opt-out mechanisms: this is not only a legal issue, it is a positioning decision. In many supply chains, showing up “CSRD-ready” helps with tenders, vendor ratings, and access to financing.

Supply-chain effect: even if you’re not required, you may still be involved

If one of your customers is subject to the CSRD, they will ask you for data for their Scope 3 and for value-chain disclosures. And they will often ask for it with audit-like frequency and formatting.

Concrete example: a mechanical components or packaging supplier

  • emission factors and energy consumption, sometimes even monthly
  • data on materials, traceability, recycled content, end-of-life
  • labour, human-rights, and subcontracting policies
  • supplier audits or evidence of controls

This is where the CSRD (Corporate Sustainability Reporting Directive) requirements for Italian companies effectively become a commercial requirement.

Italy: transposition and national references

In Italy, the CSRD was transposed through Legislative Decree (D.Lgs.) 125/2024 (effective September 2024). In 2025, measures were introduced to align the timeline with the EU “stop-the-clock” deferral, which is useful for certainty in project planning. (Context: “D.Lgs.” is the Italian instrument used to implement EU directives into national law.)

When CSRD obligations start in Italy: timeline, reporting financial years, and first operational deadlines

What matters is the reporting financial year (FY) and the year the report is published. With the stop-the-clock (Directive (EU) 2025/794), waves 2 and 3 were postponed by two years; wave 1 remains the first to start.

Updated timeline (FY → publication)

WaveWho (in brief)First reporting on financial yearReport publication
Wave 1already under NFRD (typically PIEs >500 employees)FY 20242025
Wave 2large undertakings not previously subjectFY 20272028
Wave 3listed SMEs (excluding micro)FY 20282029

Note: these are the dates to use to avoid operational confusion. The deferral shifted wave 2 and wave 3 compared with the previous timeline.

Italy: national alignment with the deferral

Industry sources and regulatory updates pointed to Italy’s 2025 alignment with the EU deferral. For those planning budgets, tools, and resources, this matters for legal certainty and to avoid projects launched against deadlines that later changed. (Context: Italy must align its national implementation with EU-level timing changes.)

First “project-style” operational deadlines (retroplanning that actually works)

The legal deadline comes last, but the data must be closed earlier. A typical retroplan:

  • T-9/12 months: double materiality + ESRS gap analysis Output: IRO matrix, value-chain scope, “must-have” datapoint list.
  • T-6/9 months: ESRS data model + controls + ownership Output: data dictionary, consolidation rules, quality checks.
  • T-3/6 months: consolidated dry run Output: “near-final” numbers, methodological notes, first reconciliations.
  • Ongoing: assurance readiness and evidence collection Output: evidence repository, calculation traceability, versioning.

Practical example: if you publish in 2025, emissions and energy-consumption data often need to be closed by the end of Q1 to avoid blocking the reporting cycle.

Strategic note on Omnibus and simplifications

In 2025–2026, the context was influenced by simplification packages and deferrals. Operational translation: build a robust but modular data system, so you can adapt to clarifications and updates without rebuilding everything.

What you must report under ESRS: double materiality, value chain, and minimum data to collect

The ESRS do not ask for “stories.” They ask for comparable information, with traceable datapoints linked to governance, metrics, targets, and plans.

ESRS Set 1: what it looks like and what it implies

The foundation is ESRS Set 1:

  • ESRS 1 and ESRS 2 (general principles and general disclosures)
  • topical standards on E, S and G

Practical implication: for each disclosure you must know who owns the data, which system it comes from, how it is calculated, and what evidence supports it.

Double materiality (impact + financial): what it means in practice

Double materiality is not a theoretical exercise. It is a documented process that produces a list of material topics and an IRO (Impacts, Risks, Opportunities) map.

In practice:

  • internal workshops and sessions with relevant stakeholders
  • documented criteria and scoring
  • IRO map and linkage to ESRS disclosures that are “mandatory if material”

B2B example: manufacturing

  • financial side: risk from carbon costs, energy, customer requirements
  • impact side: health and safety in contracting, impacts on workers in the supply chain

Value chain: data boundaries and typical cases

Many disclosures require looking upstream and downstream. The boundary is not just “inside the gates.”

Typical cases:

  • packaging: end-of-life, recyclability, collection and treatment systems
  • chemicals: feedstock suppliers and input traceability
  • machinery: use phase (energy consumed by the product), maintenance, end-of-life

Here, requesting data from suppliers becomes part of the reporting system, not a one-off activity.

Minimum “climate-ready” data (ESRS E1)

If you want to start from the minimum needed to be credible and auditable on climate, prepare at least:

  • energy consumption and energy mix
  • Scope 1 and Scope 2 (with a clear organisational boundary)
  • methodology for Scope 3 (relevant categories, estimates vs primary data)
  • emission factors and sources
  • consolidation rules and boundaries (sites, companies, joint ventures)
  • base year and recalculation logic if boundaries change
  • gross emissions and linkage to targets and the transition plan

Transitional provisions: how to use them without creating “gaps”

For undertakings below certain size thresholds (for example <750 employees), there are temporary omissions allowed for some datapoints (including, under certain conditions, Scope 3 in the first year and some social disclosures along the value chain for a limited period). Operationally, it only works if:

  • you state what you omit and why
  • you define a data ramp-up plan with responsibilities and internal deadlines

How CSRD changes the management of emissions and carbon credits: Scope 1-2-3, transition plans, and claims

Under ESRS E1, emissions become “financial-statement-grade” data: boundaries, controls, reconciliations. This also changes how you talk about carbon credits.

Scope 1-2-3: the backbone of climate disclosure

ESRS E1 requires gross emissions by scope and total. For many companies, Scope 3 outweighs Scope 1–2, so:

  • Procurement must manage supplier data and contractual clauses
  • SRM must manage data quality, audits, and improvement plans
  • Operations must ensure measurement and traceability of energy and fuels

Transition plan: what it must contain in practice

A transition plan is not a slide. It must connect targets and numbers to operational decisions:

  • decarbonisation capex and opex
  • interim milestones and governance
  • dependencies: PPAs, electrification, biomethane, efficiency, logistics
  • incentives and internal accountabilities

Carbon credits and offsets: from claim to controllable data

If you use carbon credits, you must treat them as controllable information. In practice, it helps to prepare an “internal register” with:

  • volumes and type of credits
  • standards and registry traceability
  • vintage year and retirement status
  • use logic: what they cover and what they do not

Key point: always separate real reductions (gross emissions going down) from compensation and “net” claims. This is where many companies become exposed to challenges.

Claims and greenwashing risk: what changes for those selling to EU customers or public bodies

If you claim “carbon neutral” or similar, you must be able to defend it with:

  • a consistent emissions inventory
  • targets and a transition plan
  • internal rules on who approves claims (Legal and Compliance)
  • traceable evidence for any credits used

Tokenisation and MRV: a concrete example (no shortcuts)

Tokenising credits or environmental assets does not replace MRV (monitoring, reporting, verification) requirements. With CSRD and assurance, it becomes:

  • token issued or transferred
  • corresponding credit on a registry
  • proof of retirement when the credit is “used”

Without this audit trail, the risk is having information that looks good on blockchain but cannot be defended under verification.

Mandatory assurance: who verifies the report, level of control, and how to prepare for audits and checks

Assurance is not an add-on. It is part of the CSRD package and pushes companies to treat ESG data like financial data: controls, evidence, traceability.

Assurance as the default requirement (and level of control)

The path typically starts with limited assurance, with an expected evolution towards stricter requirements. Immediate impact:

  • you must retain evidence
  • you must have process controls
  • you must be able to reproduce calculations and explain methodological choices

Who verifies and how it coordinates with the financial audit

Verification is performed by the statutory auditor or an authorised assurance provider under national rules. In practice, you must coordinate:

  • the audit calendar (walkthroughs, samples, requests)
  • alignment with the financial audit team, because cycles influence each other (closures, controls, governance)

Audit-ready data: essential checklist

To avoid findings in year one, prepare at least:

  • ESRS data dictionary (definitions, units of measure, sources)
  • datapoint ownership (who signs off on what)
  • IT controls: access, logs, versioning
  • evidence for emission factors and sources
  • Scope 2 calculations using the applicable method (location-based and, if used, market-based)
  • reconciliation of consumption with bills, meters, and industrial accounting

Double materiality under assurance: typical risk and how to defend it

The most common risk is a materiality process that is “not defensible.” To reduce it:

  • document stakeholder mapping
  • retain criteria, scoring, and rationale
  • minute decisions (minutes)
  • link IROs to ERM and business risks, not opinions

Supply-chain controls: what the assurer may ask for

On Scope 3 and supplier data, requests may include:

  • questionnaires and response rates
  • contracts and data clauses
  • supplier audits or sample checks
  • rules for estimation when primary data is missing

Example: an automotive component supplier with many Tier-1s and PCF requests. Without a process, Scope 3 data remains fragile.

Practical roadmap to get compliant: gap analysis, governance, tools, and internal responsibilities (CFO/ESG/Procurement)

The roadmap must produce deliverables, not just activities. If you are in wave 2 or 3, the deferral gives you time, but it does not remove the work. And if you are a supplier, it is still worth moving because requests arrive earlier.

6-step roadmap (with deliverables)

  1. Scoping and wave Deliverable: legal scope, consolidated scope, project plan.
  2. Double materiality Deliverable: IRO matrix, stakeholder map, material topics.
  3. ESRS gap analysis Deliverable: datapoint list, priorities, data collection plan.
  4. Data architecture and tools Deliverable: data model, integrations, supplier workflow, evidence repository.
  5. Controls and assurance readiness Deliverable: controls manual, testing, pre-audit, remediation.
  6. Reporting and continuous improvement Deliverable: report, lessons learned, ramp-up plan (Scope 3 and value chain).

Governance and roles: a practical RACI

  • CFO: reporting owner, controls, assurance coordination
  • Head of Sustainability/ESG: methodologies, stakeholders, targets, ESRS consistency
  • Procurement: upstream Scope 3, supplier clauses, SRM and questionnaires
  • Operations / Energy manager: Scope 1–2, meters, fuels, efficiency
  • HR: social disclosures (e.g., S1)
  • Legal/Compliance: claims, risks, policies and approvals
  • IT/Data: systems, audit trail, access, integrations

Tools: a typical stack (without overcomplicating it)

Generally you need a combination of:

  • ESG data platform
  • integration with ERP and energy systems
  • LCA/PCF tools where needed
  • supplier workflow for Scope 3
  • evidence repository (DMS) with versioning and access controls
  • controls (GRC) if already present in the company

Technical quick win: automate the collection of utility bills and meter readings to reduce errors and time.

Project KPIs (the ones that actually help)

  • % of ESRS datapoints covered and with an assigned owner
  • % of Scope 3 based on primary data (vs estimates)
  • supplier response lead time
  • number of pre-audit non-conformities
  • data quality indicators: completeness and accuracy

Realistic goal: a first-year “minimum viable report” that is auditable.

Quick wins even for non-required companies

If you are not in scope today, you can still prepare a package for customers who are:

  • ESG data questionnaire and completion guide
  • template for emission factors and consumption
  • rules on boundaries and units of measure
  • a single internal point of contact (Procurement or ESG)

This reduces the risk of being dropped from vendor lists and improves tender performance.