The revision of the EU’s sustainability reporting and due diligence framework is underway in Finland in accordance with the EU’s Sustainability Omnibus Directive, which entered into force on 18 March 2026. The legislative revisions have significant implications for many Finnish companies, particularly by reducing the number of companies subject to reporting requirements. While many obligations have been eased, sustainability compliance remains firmly on the agenda.
Introduction
Mario Draghi’s report on the future of European competitiveness, published in autumn 2024, triggered significant shifts in EU corporate sustainability regulation. These changes are becoming visible in 2026, particularly in the Corporate Sustainability Reporting Directive (“CSRD”) and the Corporate Sustainability Due Diligence Directive (“CSDDD”).
Over the past few years, the EU has positioned itself as a global frontrunner in the field of corporate sustainability, using regulation as a key instrument to advance the objectives of the Green Deal. However, the adoption of the Omnibus I package signalled a recalibration of this approach. Driven by geopolitical instability, increased foreign competitive pressure, and a growing political focus on strengthening the EU’s overall competitiveness, the package introduced simplifications and so-called stop-the-clock provisions affecting both the CSRD and the CSDDD. While the EU’s sustainability objectives remain unchanged, the regulatory approach has shifted towards streamlining and phased implementation.
Against this backdrop, a timely question arises: where does the EU stand in summer 2026 regarding its core corporate sustainability regulation, and what do these developments mean for Finnish companies going forward?
The EU’s Corporate Sustainability Framework: CSRD, CSDDD and Omnibus I
Although the EU’s sustainability regulation has expanded rapidly in recent years, the core corporate obligations applicable to large companies are contained in the CSRD and the CSDDD. Together, these instruments structure the EU’s approach to corporate sustainability by combining transparency requirements with substantive due diligence obligations.
The CSRD requires companies to identify and disclose sustainability risks, impacts, and governance practices in accordance with the EU’s Sustainability Reporting Standards (“ESRS”). The CSDDD, by contrast, imposes a due diligence obligation, requiring companies to identify, prevent, mitigate, and account for actual and potential adverse human rights and environmental impacts across their operations and value chains. Its aim is to ensure that businesses take responsibility for the negative impacts they may cause.
The two directives are complementary: the CSRD focuses on reporting and transparency, while the CSDDD focuses on action and accountability. In practice, CSRD reporting should reflect the results of due diligence conducted under the CSDDD to the extent they are both applicable. Notably, the directives were not adopted in substantive sequence — the CSRD preceded the CSDDD, meaning the EU regulated what companies must report before establishing a harmonised framework for what they must substantively do in terms of due diligence.
The Omnibus I package amended both directives by introducing targeted simplifications and revised implementation timelines, thereby adjusting their scope and practical application. The key amendments introduced by the simplification package are outlined below.
Key changes to the CSRD
Scope of Application
The CSRD will now apply only to EU businesses with more than 1,000 employees and a net turnover exceeding EUR 450 million
Regarding third-country companies, the updated requirements will apply only to companies with a net turnover exceeding EUR 450 million for the parent undertaking within the EU and turnover exceeding EUR 200 million generated by the subsidiary or branch.
Following these revisions, for example, the listing status is no longer relevant for determining the scope of application. These changes are expected to significantly reduce the number of companies subject to reporting obligations under the CSRD – in Finland from approximately 1,300 companies to just 130.
Furthermore, under the revised directive, the initial reporting deadlines have each been postponed by two years. Large undertakings, originally required to report for financial year 2025, must now do so for financial year 2027. The CSRD now also provides for a transition exemption for companies that had to start reporting from financial year 2024 (the so-called ‘wave one’ companies) falling out of scope for 2025 and 2026.
Simplification of reporting standards
A significant change is the easing of the ESRS, aimed at simplifying and clarifying reporting requirements to reduce the administrative burden on companies. The Commission tasked the European Financial Reporting Advisory Group (“EFRAG”), its independent multi-stakeholder advisory body on reporting standards, with providing technical advice on the necessary changes. The revised ESRS largely build on EFRAG’s technical advice, with the Commission proposing targeted adjustments to further ease the reporting burden.
On 6 May 2026, the Commission launched a one-month public feedback period on draft final versions of two delegated acts: the revised ESRS, and a voluntary reporting standard for smaller companies based on EFRAG’s 2024 voluntary sustainability reporting standard for non-listed SMEs (the “VSME“). The draft standards reduce mandatory datapoints by over 60% and total datapoints by over 70% and are expected to reduce reporting costs per company by more than 30%.
Previously, the sustainability reporting directive required the Commission to develop sector-specific ESRS standards, particularly for issues specific to each sector. However, with the upcoming revised standards, the development of these sector-specific ESRS standards will be discontinued. The revised standards will start to apply for the reporting period of the financial year 2027.
‘Protected undertaking’ and the right to reject requests for information
A significant change under the revised CSRD is the introduction of the ‘protected undertaking’ concept. The VSME serves a dual purpose in this regard: beyond simplifying voluntary reporting for smaller companies, it will also function as a “value chain cap.” Companies with no more than 1,000 employees that fall outside the mandatory scope of the CSRD are thereby shielded from disproportionate sustainability data requests flowing down from their larger value chain partners, with their protection being specifically grounded in the VSME framework, which sets the ceiling for what information can lawfully be requested of them based on the CSRD.
Such protected undertakings may reject any information requests that go beyond what the VSME requires. Reporting companies cannot contractually impose more extensive information obligations to fulfil their own CSRD-related obligations. Where additional information is nevertheless requested based on the CSRD, the reporting company must inform the protected undertaking that the request exceeds what is required under the VSME and draw their attention to their right to decline.
Following the close of the feedback period of the revised ESRS and VSME, the Commission intends to adopt the two delegated acts as soon as possible, after which they will be transmitted to the European Parliament and the Council for scrutiny under the no-objection procedure.
Key changes to the CSDDD
Scope of application
The scope of application has been limited to companies with more than 5,000 employees and more than EUR 1.5 billion in net turnover worldwide, and companies from third countries with more than EUR 1.5 billion in net turnover on the European market. The change in the scope of application of the CSDDD represents approximately a 70% reduction in companies compared to the Commission’s original proposal.
Adverse impact identification and ‘reasonably available’ information in due diligence
Companies may now conduct a scoping exercise focused on their own operations and those of their direct and indirect business partners, assessing general risks and potential adverse impacts. A detailed, entity-level mapping of all activities and impacts is no longer required. To protect smaller businesses from excessive information requests, companies may now rely on ‘reasonably available information’ when conducting assessments, avoiding the burden of extensive data collection from resource-constrained entities in their supply chains.
By focusing on ‘reasonably available information’, businesses are expected to demonstrate that they are undertaking reasonable efforts to identify and mitigate potential adverse impacts, consistent with broader due diligence obligations under the CSDDD.
Mandatory climate transition plan removed
Under the original CSDDD, in-scope companies had to adopt and implement a climate transition plan aligned with the Paris Agreement’s 1.5°C target, including time-bound targets to 2050. This requirement has been removed entirely, potentially reducing the directive’s influence on corporate alignment with climate science.
However, climate considerations are not rendered irrelevant. As the board of directors retains responsibility for overseeing the company’s due diligence obligations under the directive, its overarching duty of care continues to encompass climate risks and transition-related matters. Even without an explicit requirement to adopt a transition plan, these issues can be considered integral to sound governance.
Fragmentation of civil liability and sanctions
Civil liability refers to a company’s legal responsibility to compensate for harm or damages caused to others, including breaches of environmental, social, or human rights obligations. The simplification package removed the directive’s civil liability provisions, limiting victims’ access to effective remedies under the CSDDD and leaving companies subject to national liability regimes.
Furthermore, the percentage for the maximum fine has been adjusted. Now, the maximum fine may not exceed 3% of global net turnover.
What does this mean for Finnish companies?
In Finland, the legislature has moved quickly to address the changes to the CSRD and CSDDD introduced by the simplification package.
CSRD in Finnish legislation
While the Omnibus amendments have not yet been transposed into national legislation regarding the CSRD, amendments have been proposed to several key national acts. These include the Accounting Act, the Auditing Act, the Companies Act, and the Securities Market Act. The amendments will likely take effect on 30 June 2026.
The Government Proposal amending the Accounting Act and Auditing Act was submitted to the Parliament in March 2026, and the Parliamentary Finance Committee has since issued its report (TaVM 15/2026 vp) on the proposal. The proposal contains adjustments included in the Omnibus package, such as revised thresholds. Finnish companies are subject to the new cumulative thresholds of more than 1,000 employees and net turnover exceeding EUR 450 million, raised from the current thresholds of 250 employees, a balance sheet total of EUR 20 million, and net turnover of EUR 40 million.
According to the proposal, a publicly listed company employing more than 500 people, which has published a sustainability report for the 2024 financial year, could refrain from preparing and publishing a sustainability report for the financial year beginning on or after 1 January 2025, if it no longer falls under the reporting obligations based on the new threshold values. In addition, the proposed laws can be applied retroactively to financial years beginning on or after 1 January 2026, meaning that companies which remain subject to reporting obligations under the new thresholds may apply the new rules to the full 2026 financial year, thereby avoiding a situation where different rules would apply to different parts of the same financial year. In such cases, any provision in the company’s articles of association regarding the appointment of a sustainability assurance provider would also become ineffective, as the company would no longer have a statutory reporting obligation. The Parliamentary Finance Committee has clarified that a company in this situation is not required to convene an extraordinary general meeting solely to remove such a provision from its articles of association, as this would be disproportionate given the administrative and financial burden of convening general meetings of listed companies.
The reduction in the scope of the directive does not necessarily limit the sustainability reporting of Finnish companies. In fact, many companies that have been subject to reporting obligations under the current legislation since the 2024 financial year may have already invested significantly in their internal reporting processes, with these processes now well established. Continued reporting allows companies to fully leverage benefits for internal operations, clarify the sustainability roadmap and corporate strategy, and ensure effective stakeholder communication.
A company that, due to the raised thresholds, is no longer subject to the reporting obligation, could still voluntarily commit to publishing its sustainability information to the same extent as those still required to report. In this case, the company’s board must decide on such a commitment, and the reporting must fully comply with all mandatory obligations. This includes submitting the report for verification in accordance with the Auditing Act, as well as ensuring that the sustainability assurance provider is elected by the annual general meeting, in the same manner as for companies subject to mandatory reporting.
A company may also voluntarily prepare a separate document on sustainability-related matters, but it should not refer to it as a sustainability report in order to avoid confusion. Although there is no obligation to verify such a report, the company may nonetheless choose to obtain verification voluntarily.
Financial market participants such as banks and insurance companies may require ESG information as a condition for lending or insurance, as they need such data to meet their own regulatory obligations, meaning that companies outside the reporting scope may still face indirect information requests that are not based on CSRD-related regulations. The right of a protected undertaking to reject information requests applies only in the context of sustainability reporting and does not affect obligations arising under other EU or national legislation, or contractual arrangements.
CSDDD in Finnish legislation
The CSDDD will be implemented through a new legislative instrument – a separate act on corporate responsibility. The Government Proposal regarding this new act was opened for public consultation on 30 April and will remain open until 24 June 2026. In addition to transposing the directive into national law, the legislation will establish a national supervisory authority to oversee compliance. The Finnish Supervisory Agency has been proposed for this role. The government intends to submit the proposal to Parliament during the autumn session of 2026. The law would apply to companies from July 2029 onwards. In Finland, the new legislation would affect approximately 30 companies, groups, and cooperatives.
Our Strategic Advisory team is ready to advise on the EU’s Sustainability Omnibus Directive and its implications for Finnish companies.
Contact authors
