CSRD Double-Materiality Assessments Expose Critical Data-Quality Gaps in ESG Reporting

The Corporate Sustainability Reporting Directive is the most demanding ESG disclosure regime ever enacted, and the first wave of mandatory filings is revealing just how far most organizations are from meeting its data requirements. The directive's double-materiality standard requires companies to report not only how sustainability issues affect their financial performance (financial materiality) but also how their operations affect people and the environment (impact materiality). Fulfilling both dimensions demands granular, verifiable data across hundreds of data points defined by the European Sustainability Reporting Standards. Early filings show that while financial-materiality data is generally adequate — it overlaps with existing risk-management processes — impact-materiality data is frequently incomplete, inconsistent, or based on estimates with insufficient documentation.

Double-materiality data requirements

The European Sustainability Reporting Standards (ESRS) define over 1,100 individual data points organized across environmental, social, and governance topics. Environmental disclosures cover greenhouse-gas emissions across all three scopes, energy consumption by source, water usage, waste generation, biodiversity impacts, and pollution metrics. Social disclosures address workforce composition, pay equity, training hours, health-and-safety incidents, supply-chain labor conditions, and community engagement. Governance disclosures cover board diversity, anti-corruption measures, lobbying expenditures, and sustainability governance structures.

The double-materiality assessment requires companies to evaluate each ESRS topic from both perspectives and disclose information on any topic that is material from either angle. This means a company whose operations have negligible financial exposure to climate risk may still need to report detailed emissions data if its operations have a material impact on climate — and vice versa. The bidirectional assessment significantly expands the scope of required data collection beyond what most organizations have historically gathered for voluntary ESG reports.

Data-quality expectations are elevated by the requirement for limited assurance in the first reporting cycle, with a transition to reasonable assurance over subsequent years. Auditors must be able to trace reported metrics back to source data, verify calculation methodologies, and assess the completeness and accuracy of underlying datasets. This auditability requirement effectively mandates that ESG data systems provide the same level of documentary support that financial accounting systems have provided for decades.

The timeline is compressing. Companies that fell into the first wave — large public-interest entities with more than 500 employees — are filing for the fiscal year 2025 reporting period. The second wave, covering all large companies meeting two of three size criteria, must file for fiscal year 2026. The third wave extends the obligation to listed SMEs. Each successive wave faces the same data-quality bar, but with less preparation time and typically fewer resources.

Scope 3 emissions data as a systemic challenge

Scope 3 greenhouse-gas emissions — indirect emissions occurring across a company's value chain — represent the most acute data-quality challenge in CSRD reporting. For most companies, Scope 3 constitutes 70 to 90 percent of their total carbon footprint, yet the data is notoriously difficult to collect because it depends on information from suppliers, logistics providers, customers, and other third parties who may not track or disclose their own emissions.

Early filings reveal three recurring patterns. First, many companies rely heavily on spend-based estimation methods that multiply procurement expenditures by sector-average emission factors. While accepted by the GHG Protocol as a fallback, spend-based estimates are imprecise and can fluctuate significantly with currency movements and price changes rather than actual emission changes. Auditors are flagging cases where spend-based estimates are used for categories where activity-based data should be obtainable.

Second, supply-chain data-collection initiatives are hampered by inconsistent response rates and data formats. Companies that survey suppliers for emissions data report response rates ranging from 20 to 60 percent, with wide variation in the quality and comparability of responses. The absence of standardized data-exchange formats means that aggregating supplier emissions data is a manual, error-prone process for most organizations.

Third, category-15 emissions — those associated with investments and financial products — present unique challenges for financial-services firms. Banks, insurers, and asset managers must estimate the emissions attributable to their lending and investment portfolios, a calculation that requires emissions data from every portfolio company. The Partnership for Carbon Accounting Financials (PCAF) provides methodological guidance, but implementation reveals significant estimation uncertainty that may not meet assurance standards.

Supply-chain labor and social metrics

Social-dimension data gaps are less discussed than environmental shortcomings but equally significant. The ESRS S1 and S2 standards require detailed disclosures about the company's own workforce and its value-chain workers, respectively. For the company's own employees, data on compensation ratios, training investments, collective-bargaining coverage, and health-and-safety incident rates is typically available in HR information systems, although reconciling data across subsidiaries, geographies, and legacy payroll platforms remains a challenge for multinational organizations.

Value-chain worker data — information about labor conditions in supplier and subcontractor operations — is far more difficult to obtain. Companies must disclose whether they have identified risks of forced labor, child labor, or unsafe working conditions in their supply chains, and what due-diligence measures they have implemented. Many organizations have conducted supplier audits and assessed compliance with codes of conduct, but the data generated by these processes is often qualitative, inconsistently structured, and difficult to aggregate into the quantitative metrics that ESRS requires.

The data-governance challenge is compounded by the nested nature of modern supply chains. A Tier-1 supplier may have adequate labor-practices documentation, but visibility drops sharply at Tier 2 and beyond. Companies that source raw materials from regions with known labor-rights risks face particular scrutiny, and auditors are asking for evidence of due-diligence depth beyond the first tier. Building the data infrastructure to collect, verify, and report multi-tier supply-chain social metrics is a multi-year effort that most organizations have only recently begun.

Building enterprise sustainability data architecture

The CSRD's data demands are forcing organizations to build sustainability data systems with the same architectural rigor applied to financial data. The emerging best-practice architecture includes four layers: data ingestion, normalization, governance, and reporting.

The ingestion layer collects data from internal systems — ERP, HR, facilities management, procurement — and external sources including supplier surveys, utility providers, and emissions-factor databases. API-based integrations are preferred over manual data collection to reduce error rates and improve timeliness. Organizations are now using sustainability data platforms such as Watershed, Persefoni, and Sweep to centralize ingestion and automate data-flow management.

The normalization layer applies consistent calculation methodologies, emission factors, and unit conversions to raw data. This layer is critical for auditability: every reported metric must be traceable to a documented calculation methodology and source dataset. Version control for emission factors and methodology changes ensures that year-over-year comparisons are meaningful and that auditors can verify the computational chain from source to reported figure.

The governance layer enforces data-quality rules, manages access controls, and maintains audit trails. Data stewards are assigned to each ESRS topic area, responsible for validating completeness, accuracy, and timeliness of submissions. Automated quality checks flag anomalies — sudden changes in emission intensity, missing supplier responses, inconsistent unit conversions — before data enters the reporting pipeline. Governance processes should mirror the internal-controls framework applied to financial reporting, including segregation of duties and management review.

The reporting layer generates CSRD-compliant disclosures in the required XHTML-iXBRL format. The European Financial Reporting Advisory Group (EFRAG) has published the ESRS digital taxonomy, defining machine-readable tags for each disclosure element. Reporting tools must support this taxonomy to produce filings that can be processed by the European Single Access Point (ESAP), the centralized database through which regulators, investors, and other stakeholders will access sustainability disclosures.

Assurance readiness and auditor expectations

Limited assurance — the initial standard for CSRD filings — requires auditors to conclude that nothing has come to their attention that causes them to believe the sustainability information is materially misstated. While this is a lower bar than the reasonable assurance applied to financial statements, it still demands robust documentation, traceable calculation methodologies, and evidence of internal controls over sustainability data.

Auditors from the Big Four firms and specialized sustainability assurance providers report that early engagements are revealing three common readiness gaps. First, companies lack documented methodologies for key calculations, particularly Scope 3 emissions and social impact metrics. Auditors need written procedures describing data sources, calculation steps, assumptions, and limitations — documentation that many organizations have not formalized. Second, data lineage is incomplete: auditors cannot always trace a reported figure back through the calculation chain to its source data, undermining the verifiability of disclosures. Third, internal controls over sustainability data are immature, with insufficient segregation of duties and inadequate review processes.

The transition to reasonable assurance, expected to be required for reporting years beginning in 2028, will significantly raise the bar. Reasonable assurance requires auditors to obtain sufficient evidence to reduce assurance engagement risk to an acceptably low level — the same standard applied to financial audits. Organizations that build limited-assurance-grade systems now will need to upgrade data quality, documentation, and controls within the next two to three years.

Recommended actions for the next 90 days

Data and sustainability teams should conduct a gap assessment comparing current data availability against the full set of ESRS data points deemed material in their double-materiality assessment. Prioritize closing gaps in Scope 3 emissions data and supply-chain social metrics, as these areas consistently present the greatest audit risk.

Technology teams should evaluate sustainability data platforms and select tools that support automated data ingestion, calculation-methodology documentation, and XHTML-iXBRL reporting. Ensure the selected platform integrates with existing ERP and HR systems to minimize manual data handling.

Finance and internal-audit teams should extend their internal-controls framework to cover sustainability data processes. Define control activities, assign data stewards, and implement automated quality checks that mirror the rigor applied to financial reporting controls.

Procurement teams should initiate structured supplier data-collection programs for Scope 3 emissions and social-metrics reporting. Standardize the data-request format, set clear response deadlines, and escalate non-response through supplier-relationship-management channels.

Forward analysis

The CSRD is exposing a structural gap between sustainability reporting ambition and organizational data capability. Closing this gap requires sustained investment in data architecture, governance processes, and cross-functional collaboration between sustainability, finance, technology, and procurement teams. Organizations that treat CSRD compliance as a narrow reporting exercise will struggle with recurring data-quality issues; those that build genuine sustainability data infrastructure will gain a competitive advantage as ESG data becomes a strategic asset for investor relations, customer engagement, and regulatory positioning.

The regulatory trajectory is clear: more data, higher quality, stronger assurance. Organizations that begin building robust sustainability data systems now will be better prepared not only for CSRD but for the convergence of global sustainability reporting standards being driven by the International Sustainability Standards Board (ISSB) and the SEC's climate disclosure rules. Data strategy leaders who treat 2026 as the foundation-building year will find their organizations far better positioned for the decade ahead.

See also

Selected articles on related subjects.

Data Strategy · Credibility 92/100 · February 3, 2026

Real-Time Data Mesh Architectures Move from Theory to Production Across Financial Services

Financial-services organizations are deploying data mesh architectures in production at increasing scale, moving beyond the conceptual discussions that dominated 2023 and 2024 into operational implementations that…

Data Strategy · Credibility 91/100 · December 9, 2025

CSRD digital reporting and XBRL tagging update

CSRD reports are going digital. The EU's XBRL taxonomy means companies will need to tag over 1,200 data points in a machine-readable format for sustainability disclosures. While digital tagging is voluntary for now, it…

Data Strategy · Credibility 86/100 · August 26, 2025

Data Strategy — Sustainability reporting

Large EU groups under CSRD must digitally tag FY2025 sustainability statements using the European Single Electronic Format. The EU's 2025 simplification proposals do not change this requirement. Use 2025 to map ESRS…

Data Strategy · Credibility 92/100 · January 18, 2026

ISO 27001 and ISO 42001 Certification Convergence Drives Integrated Governance

The ISO 27001 certification market is projected to reach $21.42 billion in 2026 as organizations respond to cyber threats and regulatory pressure. ISO 42001, the first certifiable AI management system standard, is seeing…

Data Strategy · Credibility 92/100 · February 11, 2026

Synthetic Data Generation Reaches Enterprise Maturity for Privacy-Preserving Analytics and AI Training

Enterprise adoption of synthetic data generation has accelerated as organizations discover that high-fidelity synthetic datasets can satisfy privacy regulations, unlock previously restricted analytical use cases, and…

Continue in the Data Strategy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Data Strategy Operating Model Guide

  Design a data strategy operating model that satisfies the EU Data Act, EU Data Governance Act, U.S. Evidence Act, and Singapore Digital Government policies with measurable…

• Data Interoperability Engineering Guide

  Engineer interoperable data exchanges that satisfy the EU Data Act, Data Governance Act, European Interoperability Framework, and ISO/IEC 19941 portability requirements.

• Data Stewardship Operating Model Guide

  Establish accountable data stewardship programmes that meet U.S. Evidence Act mandates, Canada’s Directive on Service and Digital, and OECD data governance principles while…

Coverage intelligence

Published

January 26, 2026

Coverage pillar

Data Strategy

Source credibility

92/100 — high confidence

Topics

CSRD · Double Materiality · ESG Data Quality · Sustainability Reporting · Scope 3 Emissions · Data Architecture

Sources cited

3 sources (eur-lex.europa.eu, efrag.org, pwc.com)

Reading time

9 min

Cited sources

1. Corporate Sustainability Reporting Directive (EU) 2022/2464 — eur-lex.europa.eu
2. European Sustainability Reporting Standards — Full Set — efrag.org
3. CSRD Early Filing Analysis: Data Quality Trends — pwc.com