What IT Leaders Need to Know about the Corporate Sustainability Reporting Directive (CSRD)

You may also be interested in

by Lakeside Team

The Corporate Sustainability Reporting Directive (CSRD) is a European Union (EU) regulation that will extend sustainability reporting requirements to about 50,000 companies in the EU and 10,000 in-scope U.S.-based organizations doing business in the EU. Designed to increase transparency, reliability, and comparability of corporate sustainability initiatives, the directive requires publicly traded companies to disclose their sustainability reporting data.

It is important to note that the CSRD differs from the U.S. Security and Exchange Commission’s climate disclosure requirements, as the CSRD goes well beyond climate reporting to include social topical standards and governance ones.

Which Standards Matter Most to IT Leaders?

The CSRD will require companies to make disclosures using a detailed set of 12 European Sustainability Reporting Standards (ESRS) , including resource use and circular economy.

1. Energy consumption: Companies are expected to disclose the energy consumption of their IT infrastructure, including data centers, servers, networking equipment, and other IT assets. This metric may involve reporting on energy usage intensity, sources of energy, and efforts taken to reduce energy consumption.

2. Carbon emissions: Companies may need to report on the carbon emissions associated with their IT infrastructure and IT assets, including both direct emissions, such as GHGs from data centers, and indirect emissions, such as electricity consumption and supply chain emissions.

3. Resource usage: Reporting on the use of natural resources associated with IT infrastructure is another aspect of climate-related reporting. Such natural resources include water, rare minerals, and other resources used in manufacturing IT assets or operating data centers.

4. E-waste management: Many companies are now expected to report on their efforts to manage electronic waste (e-waste) generated by IT assets as part of the ESRS circular economy standard. Within this metric are details on electronic recycling programs, responsible disposal practices, and efforts to extend product lifecycles through refurbishment and reuse.

5. Data privacy and security: As part of reporting on IT infrastructure, companies may need to disclose their practices and investments in data privacy and security measures, including sharing information on cybersecurity protocols, data protection measures, and compliance with relevant regulations.

6. IT asset lifespan and management: Reporting on the lifespan and management practices of IT assets is crucial. This standard may include information on the average lifespan of devices, strategies for extending their lifespan, and responsible end-of-life management, such as recycling or donation programs.

What are the Broader Implications of CSRD for IT Leaders?

1. Data Strategy: IT leaders must collaborate across business units to gather relevant data, design systems, and processes that capture the necessary information for reporting.

2. Detailed Reporting: IT leaders must ensure that systems are capable of collecting, analyzing, and presenting diverse data points accurately.

3. Digital Reporting Standardization: IT leaders will need to ensure their organization's reporting systems comply with the digital reporting standards provided by the European Financial Reporting Advisory Group (EFRAG), enabling stakeholders to analyze and compare sustainability data across companies.

4. Data Quality and Assurance: The CSRD emphasizes data quality and assurance, requiring internal controls and external assurance for sustainability reports. IT leaders play a pivotal role in implementing data governance frameworks, establishing robust data quality management practices, and collaborating with auditors to ensure the accuracy and reliability of sustainability data.

Now is the Time to Get Started

CSRD is poised to have a significant impact on organizational sustainability reporting practices across the EU and among U.S. companies that are required to comply with the directive. IT leaders have an essential role in successfully implementing the CSRD requirements by establishing robust data management systems and scalable reporting processes; ensuring data quality and security; and enhancing stakeholder engagement. By understanding the implications of the CSRD and the ESRS framework and taking proactive steps to comply, IT leaders can contribute to driving sustainable practices within their organizations.

CSRD reporting deadlines begin in early 2025 and will be staggered depending on certain reporting requirements. Given that the first CSRD reports due will reflect the company's 2024 fiscal year environmental performance, time is of the essence. Now is the time to implement the underlying data collection and reporting structure to capture metrics across the company, including data related to IT infrastructure and IT assets.

IT leaders with a granular understanding of IT infrastructure and enterprise technology usage are uniquely positioned to measure carbon emissions and pollutants from digital operations and develop strategies for reducing them. This reporting starts with robust data. As workforces have expanded to remote and hybrid environments, the enterprise IT estate includes thousands of endpoint devices, which must not be overlooked while reporting on energy consumption and e-waste management.