.png)
Introduction
CSRD reporting in 2026 is no longer a compliance sprint. The second wave of ESRS-aligned reports published in early 2026 reveals something more structural: sustainability reporting is beginning to function as a sustainability governance tool rather than a regulatory obligation.
How CSRD Reporting in 2026 Marks the Shift from Compliance to Governance
The first wave of CSRD reporting, published throughout 2025, was largely a compliance sprint. Companies were scrambling to understand the European Sustainability Reporting Standards (ESRS), map their value chains, and produce something auditable before the deadline hit. Even when technically aligned with ESRS requirements, many disclosures remained loosely connected to core enterprise risk management processes.
However, it is important to acknowledge that the examples analysed here come predominantly from Denmark and the Benelux region. These markets have historically operated at a high level of sustainability reporting maturity, well before CSRD entered into force. As a result, this is a small, highly specific, and comparatively advanced sample. It does not necessarily predict the average disclosure quality across all EU member states.
By contrast, the second wave of reports emerging from this region reflects visible consolidation. Organizations have now lived with the ESRS framework for over a year. They have benchmarked peers, undergone assurance reviews, and confronted inconsistencies between sustainability disclosures and financial risk registers.
The result is not perfection, but measurable progress within an already mature reporting environment.
From Compliance Sprint to Governance Integration
One of the most meaningful shifts visible in CSRD reports we examined so far is the integration of Enterprise Risk Management (ERM) and the double materiality assessment (DMA).
ERM and Double Materiality Alignment
In year one, ERM and DMA frequently operated in silos. Risk teams maintained traditional registers covering operational and financial risks, while sustainability teams conducted materiality assessments under ESRS guidelines. The outputs often conflicted. .
A cybersecurity breach might rank as a principal risk in ERM while being deemed “non-material” in the sustainability statement.
The DSB Case:
A strong example of this evolution can be seen in DSB’s annual report. In their 2024 annual report, the ERM and DMA sections read like documents from two separate organizations. Cyber-attacks featured in the principal risk register, yet cybersecurity was assessed as non-material in the sustainability statement.
.png)
By 2025, DSB had integrated its DMA directly into its enterprise risk framework. Sustainability risks are now assessed on equal footing with operational and strategic risks. Cybersecurity moved from a generic description under risk governance to a fully developed disclosure requirement section complete with policies, actions, targets, measurable metrics, and year-over-year progress tracking. That is exactly the kind of integration the ESRS framework was designed to incentivize.
.png)
Climate Risk Through the Full ESRS Lens
The insurance sector provides another telling example. Tryg, the Danish-Norwegian insurer, came into CSRD reporting with a significant head start with climate risk already embedded in underwriting and pricing decisions.
In its 2024 sustainability statement, climate risk was presented narrowly, primarily as weather-related claims exposure. Residual climate risks were described as managed under ERM rather than treated comprehensively within the ESRS framework.
.png)
By 2025, Tryg structured its material impacts, risks, and opportunities along the full value chain, aligning environmental, social, and governance topics with operational areas. In the environmental dimension, the company highlights:
- Claims handling in the upstream value chain
- Exposure to severe weather events within own operations
- Prevention measures in high climate-impact sectors downstream
This structure reflects a systematic approach to mapping climate-related impacts and risks across upstream, operational, and downstream activities. Rather than presenting climate as a single aggregated risk, Tryg discloses how it materializes at different stages of the value chain, linking operational exposure to prevention-oriented responses.
This is where ESRS-aligned reporting begins to demonstrate strategic clarity: not by abstract categorization, but by showing where climate risk sits, how it affects the business model, and where the company positions itself in response.
Year-on-Year Transparency Becomes Normalized
Another notable shift in second-wave CSRD reporting in the first reports published is the normalization of year-on-year recalibration with genuine transparency.
In 2024, most first-wave reports established baselines and stated targets. In 2025, leading reporters are explaining what has changed and why.
- Revised IROs,
- restated baselines following acquisitions or methodology updates,
- recalculated progress figures with clear accounting policies,
tell readers and auditors exactly how numbers are defined and measured.
This is what rigorous financial reporting has long expected: not just a snapshot, but an explanation of how the snapshot relates to last year's. The ESRS framework does not explicitly mandate year-on-year restatement, just the transparency around it, however the audit requirement and the investor community's expectations are moving companies toward the discipline voluntarily.
%20(29)-modified.png)
The PATM Chain: From Lists to Logic
Beyond the structural integration of risk management and materiality, the best 2025 reports show significant maturation in how companies communicate the connection between their material topics and the actions they are taking. Referenced as the PATM chain: Policies, Actions, Targets, and Metrics.
In first-wave reports, this often manifested as four separate lists sitting next to each other with limited narrative linking them. A company might have a climate policy, a set of emissions reduction actions, a net-zero target, and a scope 1 and 2 metric. We were often left to interpret whether these four elements were genuinely coordinated or simply assembled for reporting purposes.
Entity-Specific Disclosures: Strategic Tool or Escape Hatch?
The question of information architecture becomes sharper when considering entity-specific disclosures under ESRS. This provision allows companies to replace or supplement standard topical disclosures with company-defined metrics when these better reflect their business model and impacts.
.png)
Pandora offers one of the most thought-provoking examples from the 2025 reporting season. Given its precious metals supply chain, topics such as pollution (E2), biodiversity (E4), and resource use and circular economy (E5) would typically be expected to qualify as material. Pandora assessed all three as below its materiality threshold. Instead, it introduced four entity-specific disclosures: environmental impacts of mining, environmental impacts of materials, environmental impacts of indirect procurement, and responsible marketing. These are reported with full policies, actions, targets, and metrics, including a complete PATM chain for “circular jewellery,” tracking recycled silver and gold, which reached 100% in 2025.
.png)
This raises a difficult question. Is this a legitimate use of materiality as an information filter, allowing Pandora to tell a more tailored and relevant sustainability story? Or is it report engineering, disclosing important issues while avoiding the stricter requirements that would apply if those ESRS topics were classified as material?
The answer likely depends on perspective. Pandora states that it sought ESRS guidance even for below-threshold topics and applied comparable disclosure logic. The narrative is specific and arguably more informative than generic E5 reporting would have been. The 100% recycled silver milestone is substantive and disclosure-worthy.
.png)
Yet ambiguity remains. It is not clear whether these entity-specific topics represent material IROs disclosed differently, or important but formally non-material issues. Because Pandora reports year-on-year progress, metrics, and strategic framing, the disclosures resemble material topics in practice. The governance rationale behind the materiality judgment, whether readability, assurance risk management, or genuine assessment, is not fully visible to the external reader.
Comparability Challenges That Remain
In stronger 2025 reports, the sequence is clearer:
The difference since last year is subtle but fundamental. Instead of reporting components, companies are demonstrating causality. Targets are increasingly supported by operational roadmaps. Metrics are explicitly linked to strategic commitments.
- This shift significantly enhances the credibility of sustainability reporting standards.
- The Comparability Challenge Remains
- Despite progress, one structural limitation persists: cross-company comparability.
At firms like DSB, ERM, and DMA, integration reflects governance transformation, not cosmetic adjustment. At companies like Tryg, granular climate IRO analysis demonstrates improved internal risk comprehension.
The distance that remains is real. Sector harmonization is incomplete. Comparability challenges persist. Yet the direction of travel is clear: sustainability disclosures are becoming embedded in how companies manage their businesses.
For companies currently preparing their own second-wave reports, the signal from the leaders is consistent: use the ESRS structure not as a form to fill in, but as a strategic reporting tool. The companies that do this well in 2025 are producing disclosures that serve investors, auditors, and internal decision-makers simultaneously. That is a standard worth aiming for.
The Governance Shift Was Explored in Our CSRD Reporting 2026 Webinar
The structural evolution described in this article was analysed in depth during a recent denxpert webinar led by senior sustainability expert Anna Csonka. For organizations preparing their next ESRS disclosure, the on-demand session provides a practical benchmark for what maturing CSRD reporting can look like in practice.
%20(28)-modified.png)
.png)
.png)