Author: Simone Hauser

CSRD-Nachhaltigkeitsbericht nach den Simplified ESRS
17.04.2026

Simplified ESRS: What Is Changing and What Companies Should Do Now

The new Simplified ESRS are set to replace ESRS Set 1. This will make them the new standards for mandatory CSRD reporting. In this blog article, you will find everything important about the simplified standards for sustainability reports.

The Simplified ESRS

The ESRS (European Sustainability Reporting Standards) are set to become simpler, but not less important. With the planned Simplified ESRS, also referred to as Amended ESRS or ESRS Set 2, the focus is shifting: away from maximum detail and toward sustainability reporting that presents material topics more clearly, more consistently, and in a more practical way. For companies, this raises not only the question of what will be removed in the future. More importantly, it is about what will actually matter in reporting going forward.

The planned changes are linked to the EU’s Omnibus initiative. The aim is to streamline sustainability reporting requirements under the CSRD (Corporate Sustainability Reporting Directive) without abandoning the core logic of the ESRS. For companies, this means fewer mandatory disclosures, but still a clear focus on material information, transparent disclosures, and a robust presentation of their sustainability topics.

At a glance: What the Simplified ESRS mean for you now

Already deep into ESRS? → Map existing data points to the Simplified ESRS instead of starting from scratch.

Just getting started? → Clarify early whether VSME, Simplified ESRS, or another reporting framework is a better fit, then set up data collection directly along that logic.

No longer in scope? → Assess which form of voluntary reporting makes strategic sense.

Still have time until 2028? → Use the additional time to align materiality, data architecture, and responsibilities cleanly with the Simplified ESRS.

Where do the Simplified ESRS currently stand and what can be expected next?

The Simplified ESRS have not yet been formally adopted. So far, EFRAG’s technical recommendation to the European Commission is available. The final version of future ESRS Set 2 still needs to be adopted by the Commission as a delegated act.

Since the EU plans to adopt EFRAG’s draft as it stands, the direction is already clear: fewer data points, fewer redundancies, greater focus on material information, and more principles-based reporting.

For companies, the draft status is therefore not a reason to wait. Those who understand the logic behind the Simplified ESRS now can already begin aligning reporting processes more effectively toward relevance, coherence, and practical data use.

What is new in the Simplified ESRS and what stays the same?

The planned Simplified ESRS are intended to make sustainability reporting leaner and easier to understand. At the core, the aim is to place greater focus on decision-useful information while reducing the burden on companies where previous requirements were particularly extensive, redundant, or difficult to apply in practice.

Was ist neu und was bleibt bei den Simplified ESRS, den Berichtsstandards der CSRD.

What is new?

Focus on material information

Going forward, only material data points are expected to be disclosed. The goal is a sustainability report that is clearer and less driven by formally checking off every single requirement wherever possible.

Significantly fewer data points

According to EFRAG, mandatory data points are expected to be reduced by around 61 percent. At the same time, voluntary disclosures will be removed. So this is not just about less volume, but also about stronger focus on what is truly relevant for users and decision-making.

Shorter and more understandable standards

The standards are expected to be streamlined. Redundant content will be cut back, and overlaps between ESRS 2 and the topical standards will be reduced. This is intended to improve readability and make application easier in practice.

More principles-based narrative reporting

Key governance topics such as SBM-3, IRO-1, as well as Policies, Actions and Targets will be brought together more strongly. At the same time, presentation is expected to become more flexible. As a result, the report should function less like a checklist and more like a coherent overall picture.

Less burden around value chain data

Going forward, there will no longer be an explicit preference for primary data. Estimates and secondary data are also expected to be allowed where robust primary data is unavailable or can only be obtained with disproportionate effort.

Simplified materiality assessment and clearer disclosure logic

Disclosure logic is also becoming more focused. Companies should be better able to distinguish between material and non-material information. This also affects the question of which mandatory disclosures are actually required and where narrative context matters more than completeness for its own sake.

What stays the same?

Despite the simplification, the core logic of the ESRS remains in place. ESRS Set 1 is not being reinvented, but rather condensed, focused, and further developed in the form of the Simplified ESRS. The double materiality assessment (DMA) also remains a central starting point for reporting. The following three points will continue to be central in the new Set 2:

Double materiality remains mandatory.

Companies must therefore continue to systematically assess which sustainability topics are material, both from an impact perspective and a financial perspective. What is new is mainly that application is intended to become more practical: EFRAG refers to clearer guidance, less documentation effort, and stronger focus on truly decision-useful information.

The 12 topical standards remain structurally in place.

The Simplified ESRS continue to build on the same architecture: ESRS 1 and ESRS 2, along with the familiar environmental, social, and governance standards, remain in place. For companies, this means existing structures, responsibilities, and mapping logic can generally continue to be used, while the depth and volume of required disclosures will be reduced in many places.

The objective remains a transparent presentation of material sustainability topics.

Even with simplified requirements, companies are not expected to simply check off data points, but to explain clearly which material topics they have identified and how they manage them. EFRAG emphasizes stronger focus on relevance, Fair Presentation, and reporting that is less purely compliance-driven. Companies therefore still need to provide an internally coherent story around their material topics.

Fair Presentation: Why the report should be less checklist and more overall picture

A central point in ESRS Set 2 is that it does not just shorten individual requirements, but also shifts the logic behind reporting. This is especially visible in the principle of Fair Presentation.

What does Fair Presentation mean?

A report should not merely appear formally complete. It should provide a coherent, balanced, and understandable overall picture of a company’s material sustainability topics.

In other words, it is no longer enough to simply work through individual Disclosure Requirements. What matters is whether the report as a whole makes it understandable

  • which topics are material
  • why they are material
  • how the company is addressing them

What changes in practice as a result?

With the Simplified ESRS, three things move more strongly into focus:

  • Relevance instead of maximum detail
  • Coherence instead of isolated individual disclosures
  • Clarity instead of overloaded reports

Fair Presentation therefore describes quite precisely what good reporting will increasingly be measured against in the future: not just the quantity of information, but its explanatory value.

Undue Cost or Effort: More pragmatism in data collection

The Undue Cost or Effort principle is intended to reduce the burden on companies wherever data can only be collected with disproportionate effort.

Where is the practical relief?

This is especially relevant for data that is hard to obtain, for example in the value chain or where information cannot be gathered reliably in the short term.

Going forward, there is expected to be more flexibility for:

  • estimates
  • secondary data
  • a more pragmatic approach to data gaps

This is a noticeable relief, especially for companies that are still building reliable ESG data structures.

What does this not mean?

Undue Cost or Effort is not a free pass to simply leave out information.

Companies therefore cannot rely on this principle in a blanket way by saying that data collection is difficult or expensive. What remains decisive is that assumptions, methods, and approaches are transparent and understandable.

What matters here:

  • Decisions should be justifiable
  • Estimates should be plausible
  • Data gaps should be contextualized, not hidden
  • the report should still provide a robust overall picture despite simplification

This principle therefore stands for a more realistic approach to data collection. The focus is not on perfection at any cost, but on an approach that remains practical while still being transparent.

Fewer data points, but not automatically lower expectations

Reducing data points is a clear form of relief. According to EFRAG, mandatory data points that must be disclosed when material are expected to decrease by around 61 percent. At the same time, voluntary disclosures will be removed.

What has been reduced in concrete terms?

The simplification mainly affects the volume of disclosures that companies previously had to collect, document, and prepare consistently in addition to core requirements. At the same time, the standards as a whole are expected to become shorter, clearer, and more principles-based. This comes with fewer overlaps, more flexibility in narrative disclosures, and a simplified materiality assessment.

But a reduction of around 61 percent does not mean that sustainability reporting will automatically become 61 percent easier. And it does not mean that companies will only need to prepare a heavily shortened report.

Even with fewer mandatory disclosures, the central task remains the same: companies must transparently explain in the ESG report which topics are material, which information is relevant in that context, and how this results in a coherent report.

What does this mean for companies?

The effort therefore shifts in part:

  • away from pure data collection
  • toward prioritization, contextualization, and clear presentation

The real simplification, then, is not that everything becomes easy. It is that the focus becomes clearer.

VSME or Simplified ESRS: Decision support for mid-sized companies

With the Simplified ESRS, the question becomes more relevant which framework makes sense for companies that are currently not subject to reporting requirements or want to report voluntarily. VSME is not automatically the better choice simply because it is leaner. What matters is what the reporting is intended to achieve: a pragmatic starting point or voluntary reporting with stronger alignment to ESRS logic.

Answer the following questions for yourself. The more often you answer “yes” to a statement, the more likely the respective standard is a good fit.

VSME is more suitable if …

  • You want to start voluntary reporting with the lowest possible effort.
  • You need a pragmatic framework without immediately having to work deeply into ESRS systematics.
  • Your reporting is primarily intended to provide an initial overview and is not yet meant to reflect all strategic management questions.
  • You are still at an early stage when it comes to data, processes, and responsibilities.
  • You first want to establish a solid foundation before expanding reporting and management further.

The Simplified ESRS are more suitable if …

  • You want voluntary reporting that is already closer to future ESRS logic.
  • You want to use sustainability not only for documentation, but also more actively for management and strategic purposes.
  • You are already working with a double materiality assessment or plan to do so.
  • Your sustainability information also needs to be robust and compatible with expectations from banks, business partners, or more complex customer requirements.
  • You want to build reporting today that is more robust and future-proof in the long term.

As a rule of thumb

If you mainly want to get started simply and with minimal use of resources, VSME is usually the more suitable entry point.
If you want to report voluntarily in a more structured way, with greater compatibility and closer alignment to the ESRS, there are stronger arguments in favor of the Simplified ESRS.

How companies should move forward now

Which next steps make sense depends above all on where your company currently stands. For most companies, this is not about rebuilding everything from scratch now. It is about adjusting the current course in a targeted way to align with the logic of the Simplified ESRS.

If you are already reporting under ESRS or have prepared extensively for it

Then you should not discard the work you have already done. A sensible approach is to

  • continue using existing preparatory work
  • map previously collected ESRS data points to the Simplified ESRS
  • assess which disclosures will be removed in the future, merged, or only remain relevant if material
  • review content for opportunities to shorten, improve relevance, and strengthen coherence
  • question where completeness has so far taken priority over materiality

The next step here is therefore not a restart, but a mapping from the previous ESRS approach to the logic of the Simplified ESRS.

If you are just starting with reporting

Then now is a good time to clarify whether VSME, Simplified ESRS, or another reporting framework is a better fit, and then set up data collection directly along that logic.

What matters now:

  • build processes around materiality from the outset
  • avoid creating unnecessarily broad data collection
  • keep the reporting structure clear and flexible
  • assess early whether the Simplified ESRS or a VSME-oriented starting point makes more sense

Anyone starting now should therefore no longer follow the principle of “just collect everything first,” but instead orient themselves early around a more focused framework.

If you have fallen out of CSRD scope

Then you should not automatically stop your preparatory work. Instead, now is the right time to reassess your sustainability reporting:

  • Which ESG information will continue to be expected by customers, banks, or business partners?
  • Is a leaner voluntary approach such as VSME sufficient for that?
  • Or is it worth staying voluntarily closer to ESRS logic?

For these companies, the focus is therefore shifting away from pure compliance and toward the question of which form of voluntary reporting makes strategic sense.

If you still have time until 2028

Then waiting is not the best solution. It is more useful to use the additional time deliberately to

  • set up the double materiality assessment properly
  • align data architecture early with the logic of the Simplified ESRS
  • define internal responsibilities and processes clearly
  • systematically build only the data that is actually relevant for the future sustainability report
  • design the reporting structure to be more focused and easier to understand from the start

Anyone who lays the right foundations early can report far more efficiently later and avoid unnecessary effort caused by overly broad ESG data collection or a setup that no longer fits.

Need support?

If you need support preparing your next sustainability report – or your first one – we are here to help with software and advisory services, depending on your needs.

Schedule a meeting

* This information is summarized editorial content and should not be construed as legal advice. VERSO accepts no liability.

This might be also interesting for you:

Doppelte Wesentlichkeitsanalyse
27.11.2024

Mastering CSRD challenges: The double materiality analysis in seven steps

Read article
Holzwürfel, die ein Diagramm mit steigendem Pfeil abbilden: Richtig gemacht, können Nachhaltigkeitesberichte zur Steigerung des Unternehmenserfolgs beitragen Rising bar chart made of wooden blocks symbolizing measurable progress and continuous improvement in a sustainability report.
19.11.2024

Sustainability Report: What Is It and What Do You Need to Know? 

Read article

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Current ESG topics and legislative changes
  • Individual advice from the VERSO experts
  • News about VERSO
  • Sustainability Events and more
Bild von Windrädern in der Natur. Sie tragen u.a. dazu bei, die Emissionen von Unternehmen zu reduzieren und ihre Klimaziele zu erreichen.
08.04.2026

Setting climate targets for companies: how to develop well-founded reduction goals

In this article, you will learn how companies can set well-founded climate targets, why the base year of the carbon footprint is crucial, and how to develop a reliable emissions reduction pathway.

The carbon footprint is complete. For many companies, the next step seems obvious: setting climate targets.

In practice, however, this step is often more challenging than expected. Because between a completed carbon footprint and robust climate targets lies a key question: what is actually realistic, effective, and strategically meaningful for our company?

Many companies define CO₂ reduction targets before they fully understand their potential. This leads to targets that are either too cautious or unrealistic. Neither is helpful.

In this article, you will learn how companies can set well-founded climate targets, why the base year of the carbon footprint is crucial, and how to develop a reliable emissions reduction pathway.

Common mistakes when setting climate targets

When setting climate targets, many people initially think in terms of a target year and a percentage. This is exactly where the first mistake often begins. A target such as “40 percent fewer emissions by 2030” may sound concrete, but it is only robust if it is clear what it refers to and how it will be achieved.

In practice, three typical mistakes occur when defining targets:

1. Reducing climate targets to a single number1. Klimaziele auf eine Zahl reduzieren

Strong climate targets for companies consist of more than a target year and a reduction value. They also answer key questions:

  • What is the company’s starting point?
  • Which emissions are included?
  • How ambitious yet realistic is the target?
  • How can progress be measured later?

Only then does a target become a manageable foundation for climate management.

2. Defining reduction targets before understanding the potential

A carbon footprint is the foundation for any target setting. Without reliable emissions data, no well-founded climate targets can be developed.

However, the footprint alone is not sufficient. It shows where emissions occur, but not automatically where real reduction potential exists.

The biggest lever is not in the same place for every company. Depending on the business model, it may lie in energy supply, vehicle fleets, production processes, logistics, or the supply chain.

This is why it is important to clarify before defining targets which emission sources are most relevant, what potential arises from them, and what is realistically feasible from an operational perspective.

3. Focusing only on the target year instead of the reduction pathway

Many companies focus heavily on the target year. However, a target for 2030 or 2040 alone says little about how emissions will decrease along the way.

This is why a robust emissions reduction pathway is essential.

A reduction pathway describes how emissions should evolve over several years. It helps define interim targets, measure progress, and avoid pushing achievement to a distant endpoint.

A meaningful reduction pathway helps to

  • make development over time transparent
  • assess interim results more effectively
  • identify deviations earlier
  • manage climate targets more strategically

This turns a climate target from a future promise into a manageable development pathway.

What makes strong climate targets

Robust climate targets consist of more than a number and a target year. They are formulated in a way that provides guidance, is understandable internally, and can be managed reliably over time.

This requires more than ambition. Strong climate targets are primarily defined by clarity and measurability. Key elements include:

  • a clear base year
  • a defined target year
  • a specific reduction value
  • a clearly defined scope
  • a transparent data foundation
  • a realistic reduction pathway

Especially for CO₂ reduction targets, it is important not only to define the target itself, but also to make the underlying logic understandable. Only then can targets be communicated internally, embedded strategically, and monitored reliably.

The base year of the carbon footprint: what companies should consider

To set climate targets, companies need a clear reference point. This is where the base year of the carbon footprint becomes critical.

The base year is the year against which future reductions are measured. If a company aims to reduce emissions by 50 percent by 2030, it must be clear which year serves as the reference.

A suitable base year should:

  • be based on reliable data
  • be methodologically sound
  • be representative of the company
  • not be heavily distorted by one-off effects

This is more important than it may seem at first glance. An unsuitable base year can make target achievement appear artificially easier or unnecessarily difficult. For robust climate targets, this foundation is essential.

CO₂ reduction targets for companies: ambitious but realistic

In practice, companies often face a tension: climate targets should be ambitious but must remain grounded in reality.

A target that is too cautious fails to leverage existing potential. A target that is too ambitious quickly loses credibility if it is not viable internally. Strong target setting lies somewhere in between.

Key questions include:

  • What level of reduction is plausible based on emissions data?
  • Where are the biggest levers?
  • Which conditions limit implementation?
  • What developments are realistic in the short, medium, and long term?

For sustainability managers, striking this balance is critical. Climate targets should not only sound good, but also provide real guidance within the company.

Science-based climate targets for robustness and credibility

In principle, companies are free to choose how they define their climate targets. However, more and more companies are aligning with science-based standards. Science-based climate targets, such as those defined by the SBTi, are characterized by the following:

  • alignment with the 1.5°C pathway
  • clear and measurable structure (base year, target year, reduction percentage, clearly defined scope (1, 2, 3))
  • use of real emissions data
  • inclusion of Scope 3 (if relevant)
  • immediate implementation of measures
  • limited reliance on offsetting

Not every company needs to adopt science-based targets. However, it is often worthwhile to align with the core principles of such frameworks. For companies seeking particularly robust and credible targets, this can provide valuable guidance. Those interested in exploring this further should take a closer look at SBTi requirements.

Setting climate targets in companies: a five-step process to an effective reduction pathway

A practical process for defining targets typically looks like this:

Understand the carbon footprint

The carbon footprint shows where emissions occur and which areas are most relevant.

2. Assess hotspots and potential

Before defining targets, it is essential to understand where realistic reduction potential exists.

3. Define the base year and target framework

Determine which year serves as the reference and which emissions are included in the target.

4. Evaluate target options

Only at this stage should decisions be made about target ambition and time horizon.

5. Align targets internally

Climate targets should not be developed in isolation, but in alignment with strategy, data, and operational realities.

Conclusion: setting climate targets means making reduction manageable

Companies that want to set climate targets should not start with an isolated percentage. The key starting point is a robust carbon footprint, combined with a realistic understanding of internal potential.

A strong target system requires a well-defined base year, a transparent emissions reduction pathway, and a target definition that is ambitious yet achievable.

This turns CO₂ reduction targets into more than a communication statement. They become the foundation for effective, strategically managed climate action.

If you want to develop well-founded climate targets and take the next steps in a structured way, feel free to reach out. We support you with practical and expert guidance.

Let's talk

* This information is summarized editorial content and should not be construed as legal advice. VERSO accepts no liability.

This might be also interesting for you:

Schmelzender Eisberg im Wasser als Symbol für die Klimastrategie
17.04.2024

Step by step to Net Zero: how to develop a climate strategy for your company

Read article
Corporate Carbon Footprint berechnen und reduzieren
26.06.2025

How is the Corporate Carbon Footprint (CCF) calculated?

Read article

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Current ESG topics and legislative changes
  • Individual advice from the VERSO experts
  • News about VERSO
  • Sustainability Events and more
Cyber-Sicherheit in der Lieferkette
12.03.2026

Cybersecurity in the Supply Chain: Identifying and Systematically Managing Risks

“Cyber insecurity” is one of the biggest risks and affects the entire supply chain. In this article, you will learn why and how to implement cybersecurity across your supply chain.

In its latest Global Risks Report, the World Economic Forum (WEF) ranks “cyber insecurity” among the most significant global risks (ranked 6th in the short term). According to the Hackett Group, it is even the number one risk factor for procurement leaders. At the same time, the new NIS2 directive makes one thing clear: cybersecurity concerns the entire supply chain and does not end at a company’s own factory gates. It is therefore time to take a closer look at cybersecurity in the supply chain and to consistently address cyber risks from a procurement and supply chain perspective.

Key takeaways on cybersecurity in the supply chain

What is cybersecurity in the supply chain?

Cybersecurity in the supply chain refers to all measures that ensure IT security and information security among external service providers, suppliers, and third parties that have access to systems, data, or critical processes. It therefore covers the systematic protection of the entire supply chain against digital threats.

Why is cybersecurity in the supply chain important?

Modern supply chains are highly interconnected: companies collaborate with cloud providers, IT service providers, logistics companies, consultancies, outsourcing partners, and many other actors. Data flows across system boundaries, external partners access internal business applications, and critical processes depend on third parties. In globally connected supply chains in particular, this creates new digital attack surfaces.

This interconnectedness is exactly what makes supply chains vulnerable to cyberattacks. A single weak point—such as a poorly secured service provider with VPN access or a software supplier with inadequate security standards—may be enough to give attackers access to a company’s systems. This so-called third-party cyber risk is now one of the main drivers behind security incidents in companies and therefore a core challenge for cybersecurity in the supply chain.

As Bitkom President Dr. Ralf Wintergerst puts it:

Attackers look for the weakest link. Even in highly protected companies, that weak point is often a less protected supplier. (…) Improving cybersecurity therefore requires raising awareness among business partners across the supply chain, agreeing on protective measures, and implementing them together.

The consequences range from operational disruptions and financial losses to severe reputational damage. Cybersecurity in the supply chain therefore means that not only a company itself must be resilient, but the entire supply chain ecosystem in which it operates.

The challenges of cybersecurity in the supply chain

In theory, it is clear: supply chain risks—including those related to IT security—must be systematically identified and managed. In practice, however, the challenge rarely lies in a lack of willingness, but rather in missing structures. This is exactly where the complexity of cyber risk management becomes apparent.

Typical challenges:

  • Lack of transparency regarding relevant suppliers
    Many companies do not have a clear overview of which suppliers are particularly critical from an IT perspective. System access, data flows, or dependencies are often not centrally documented. As a result, it remains unclear where an attack would cause the most damage.
  • Different maturity levels among suppliers
    While some partners can demonstrate established security standards and certifications, others have little to no documented measures or defined security levels. This heterogeneity makes consistent risk and measure assessment difficult and highlights that there is no one-size-fits-all solution. Instead, dedicated supplier engagement discussions are required.
  • Manual and unstructured data collection
    Information about security measures is often collected via email, Excel files, or individual questionnaires. Such manual risk assessments are time-consuming, error-prone, and not scalable—especially when managing large supplier portfolios.
  • Outdated information
    Once collected, data is rarely updated regularly. As a result, changes—such as updates in a supplier’s IT landscape, security incidents, or new certifications—often go unnoticed.
  • Limited auditability in case of reviews
    Even when measures are implemented, they are often not documented consistently. In the event of audits, regulatory reviews, or security incidents, companies lack a central, reliable overview.

These points highlight a key insight: cybersecurity in the supply chain cannot be addressed through isolated, one-off measures. What is needed are structured, repeatable, and traceable risk assessments that create transparency and enable continuous risk management.

Cyber risk management as the foundation for cybersecurity in the supply chain

Effectively addressing cyber risks in the supply chain requires a holistic approach. Cybersecurity in the supply chain is not an isolated IT topic but part of strategic supply chain risk management.

Key considerations include:

  • Structured supplier risk management
    Suppliers should not only be assessed based on price, quality, and delivery capability, but also on their cyber risk profile. This includes standardized risk assessments, clear criteria, and consistent evaluation frameworks.
  • Binding security requirements for third parties
    Security standards—such as requirements for access control, encryption, incident management, or patch management—should be contractually defined. This is the only way to make cybersecurity a fixed component of collaboration.
  • Clear communication and escalation paths
    In critical situations, every minute counts. Companies need defined contacts, reporting channels, and processes to quickly identify, assess, and jointly address incidents involving suppliers.
  • Regular review and updates
    Threat landscapes evolve, as do IT environments, supplier relationships, and risk assessments. Cyber risks therefore need continuous monitoring, and evaluations must be updated regularly—not only once during supplier onboarding.

How can cybersecurity in the supply chain be ensured?

How can companies take concrete steps to systematically manage cybersecurity as a supply chain risk? A step-by-step approach has proven effective:

1. Identify and prioritize relevant suppliers, access points, and dependencies

The first step is to create transparency regarding which external partners are truly critical from a cybersecurity perspective. The decisive factors are not only contractual relationships but also actual system access, data flows, and operational dependencies—meaning the real potential impact on availability, integrity, and confidentiality. This helps segment the truly relevant partners and dependencies in a targeted way:

  • Centrally document all external system access points (e.g., VPNs, APIs, cloud integrations)
  • Classify suppliers into criticality levels based on their access and data impact
  • Identify particularly sensitive or business-critical dependencies (single points of failure)
  • Consistently reduce unnecessary or over-privileged access (principle of least privilege)

2. Continuously monitor risks and ensure transparency

Cyber risks in the supply chain evolve continuously—due to new threats, changing IT environments, or adjustments in collaboration. Assessments should therefore not only be updated regularly but also be made manageable across the entire supplier portfolio:

  • Establish regular reassessments for critical suppliers
  • Conduct event-driven reassessments in case of incidents or significant changes
  • Introduce aggregated risk dashboards for portfolio management
  • Continuously monitor central KPIs (e.g., open high-risk findings, remediation rate, assessment coverage, security monitoring)
  • Ensure compliance with regulatory requirements, including documentation for NIS2 compliance

3. Document measures and ensure auditability

All assessments, decisions, and measures should be documented centrally. This makes it possible to demonstrate

  • that risks were identified and addressed,
  • which requirements were defined for suppliers,
  • how incidents were handled.

Such auditability is not only important for audits and regulatory requirements, but also for internal confidence in the company’s security approach.

Conclusion: Rethinking cybersecurity – from supply chain risk to strategic management

Cybersecurity today goes far beyond firewalls, virus scanners, and internal IT policies. Companies that want to protect their business must consider the entire supply chain—from selecting critical service providers and defining clear requirements and contracts to conducting recurring assessments and maintaining proper documentation.

The good news: Companies that consistently extend their cybersecurity strategy to include the supply chain gain not only resilience but also control. They know where their biggest dependencies lie, can prioritize risks, and are able to respond faster when incidents occur.

In short: cybersecurity starts within your company—but it does not end at your factory gates.

We are happy to support you in collecting the necessary supplier information centrally and efficiently on one platform.

Contact us to schedule an introductory meeting.

Schedule a meeting

* This information is summarized editorial content and should not be construed as legal advice. VERSO accepts no liability.

This might be also interesting for you:

Bild von einem Cyber-Angriff mit Computer und Code.
04.02.2026

NIS-2 in the supply chain

Read article
c
23.02.2026

PPWR: Questions and Answers

Read article

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Current ESG topics and legislative changes
  • Individual advice from the VERSO experts
  • News about VERSO
  • Sustainability Events and more
c
23.02.2026

PPWR: The moste important questions and answers for companies

The PPWR (Packaging and Packaging Waste Regulation) introduces comprehensive requirements for companies across the entire packaging value chain. In this article, we answer the key PPWR questions and outline which obligations will apply starting in 2026.

The PPWR (Packaging and Packaging Waste Regulation) – also known as the new EU Packaging Regulation – introduces comprehensive requirements for companies across the entire packaging value chain. It covers packaging design, recyclability, labeling, extended producer responsibility (EPR), and packaging waste reduction. Here, you will find the key PPWR questions and learn which obligations will apply starting in 2026.

1. What is the PPWR (Packaging and Packaging Waste Regulation)?

The PPWR (Packaging and Packaging Waste Regulation) is a key component of the European Green Deal. As a uniform, directly applicable framework, it replaces the previous Packaging Directive. The regulation aims to strengthen the circular economy across the EU, reduce packaging waste, increase recyclability and material efficiency, and harmonize existing rules throughout the EU.

2. When does the PPWR apply?

The PPWR entered into force on February 11, 2025. It will apply starting August 12, 2026, and will be rolled out in stages through 2040, with key milestones in 2028 and 2030.

3. Who is affected by the PPWR?

The PPWR applies to all packaging and packaged products placed on the EU market. Starting August 12, 2026, goods packaged in non-compliant packaging may no longer be marketed within the EU.
Exceptions and specific provisions apply to packaging for dangerous goods, medical devices, sensitive food contact materials, and innovative packaging, providing flexibility where safety or innovation considerations justify it.

To the question on PPWR roles: The PPWR has an extremely broad scope. As a result, it affects a wide range of companies, including:

  • Suppliers of packaging or packaging materials
  • Manufacturers of packaging or packaged products
  • Distributors, importers, and fulfillment service providers
  • Brand owners placing packaged goods on the EU market
  • Non-EU suppliers delivering products or packaging to the EU

The following sectors are particularly impacted:

  • FMCG / fast-moving consumer goods (food, beverages, personal care)
  • Retail, e-commerce, and online marketplaces
  • Packaging manufacturing
  • Logistics, fulfillment, and transport packaging
  • Textiles, apparel, and footwear (packaging-related aspects)
  • Hospitality, food service, and take-away (HORECA)

20. Mai: PPWR umsetzen – Compliance bis zur Frist sichern

In diesem Webinar zeigen wir, was die zentralen PPWR-Aufgaben bis zum 12.08.2026 sind und wie sich Verpackungsdaten, Dokumentation und Compliance-Anforderungen effizient und unterstützt durch eine integrierte Softwarelösung abbilden lassen.

20.05.2026 um 11:00 Uhr

Zum Webinar anmelden

4. Which roles does the PPWR define?

The PPWR establishes clear obligations for each economic operator along the supply chain and generally distinguishes between producers, importers, distributors, and suppliers.

Manufacturer

A natural or legal person that manufactures packaging or a packaged product, or has packaging or a packaged product designed or manufactured under its own name or trademark. (This includes packaging manufacturers as well as companies such as Amazon.)

Supplier

Any natural or legal person that supplies packaging or packaging materials to a producer.

Importer

Any natural or legal person established in the EU that places packaging from a non-EU country on the EU market.

Distributor: Any natural or legal person in the supply chain—other than the producer or importer—that makes packaging or packaged products available on the market.

PPWR: To-Dos across the Supply Chain

Who is affected by the PPWR – and what needs to be done by when? Our concise checklist helps you assess the PPWR in a structured way and define the right next steps.

Download now

5. What does the PPWR role “Producer” mean, and how does it differ from “Manufacturer”?

This is a quite often asked PPWR question: Under the PPWR, “Producer” refers to any producer, importer, or distributor—regardless of where they are established—that places packaging or packaged products on the market in a Member State for the first time. Producers assume additional obligations, including extended producer responsibility (EPR) for collection and recycling. The term should not be confused with “Manufacturer.” The Manufacturer is one of the roles covered under the broader term “Producer.” There is also potential for confusion in German terminology: in the regulatory context, “Hersteller” refers to the entity responsible for first placing packaging on the market, while “Erzeuger” refers to the entity that manufactures packaging or packaged products.

It is important to understand that within a packaging value chain, there is only one Manufacturer, but there may be multiple Producers. Whether a company qualifies as a Producer must be assessed separately for each Member State, depending on who places the packaging or packaged product on the market first.

6. What does “Extended Producer Responsibility” mean in the context of the PPWR?

A key element of the PPWR is the principle of Extended Producer Responsibility (EPR). EPR compliance requires producers to take responsibility not only for manufacturing and distributing their products, but also for managing the end-of-life treatment of the associated packaging.

For example, online retailers based in Germany that sell goods to end customers in Austria must appoint an authorized representative in Austria, register in the national producer register, and pay the applicable fees there.

7. How will EPR fees change under the PPWR?

Starting 18 months after publication of the EU criteria, EPR fees will be modulated based on environmental performance. This means the fees will be structured according to how sustainable the packaging is. For example, lower fees will apply to packaging with higher recyclability.

8. What obligations does the PPWR introduce for companies?

The PPWR introduces extensive sustainability and information requirements for companies across the entire value chain. These obligations cover packaging design and material selection as well as documentation, labeling, traceability, and reporting.

Key obligations—depending on the company’s role—include:

1. Compliance & chemical safety (from 2026)

  • Compliance with limits for substances of concern (e.g., PFAS, heavy metals), especially for food contact materials
  • Conducting conformity assessment procedures
  • Preparing technical documentation
  • Issuing an EU Declaration of Conformity (DoC)

2. Labeling & transparency (from 2028 onward)

  • Harmonized labeling on material composition
  • Information on compostability, take-back schemes, or deposit return systems
  • Labeling of reusable packaging
  • Providing information to authorities and market surveillance bodies
  • Registration and compliance within the framework of extended producer responsibility (EPR)

3. Design and sustainability requirements (phased in through 2040)

  • Minimizing weight, volume, and empty space (maximum 50% for transport and e-commerce packaging from 2030)
  • Ban on certain single-use plastic packaging formats
  • Recyclability requirements (at least 70% from 2030, 80% from 2038)
  • Design for recycling to enable material recovery
  • Minimum recycled content in plastic packaging (10–35% from 2030, up to 65% by 2040)
  • Compliance with binding reuse targets
  • Industrial-scale recyclability (from 2035)

4. Specific requirements for certain packaging types

  • Mandatory compostability for specific applications (e.g., tea bags or fruit labels)
  • Reuse options in take-away settings
  • Allowing customers to use their own containers

9. What specific requirements apply starting in 2026?

If you are the Manufacturer of the packaging or packaged products:

  • You must carry out a conformity assessment procedure and prepare the technical documentation and EU Declaration of Conformity.
  • You may not use substances of concern in packaging materials (e.g., PFAS, heavy metals).
  • You are subject to general labeling requirements.

If you purchase packaging or packaged products downstream from a Manufacturer or from your suppliers, you are subject to due diligence obligations. These include, among other things, verifying compliance of the packaging and ensuring that labeling requirements have been properly fulfilled.

10. What requirements apply regarding empty space and overpackaging?

Starting January 1, 2030, grouped, transport, and e-commerce packaging may contain no more than 50% empty space. Filling material is considered empty space. Packaging weight and volume must be reduced to what is strictly necessary, and cosmetic practices such as double walls or false bottoms are prohibited, with only limited exceptions.

11. What impact does the PPWR have on the supply chain?

The PPWR increases data requirements for suppliers and packaging manufacturers across the entire packaging supply chain. It requires clear allocation of responsibilities within the packaging value chain and leads to greater coordination efforts between procurement, sustainability, quality management, and suppliers. At the same time, risks increase due to incomplete or outdated supplier data. As a result, transparency and a digital, readily accessible data foundation become increasingly important.

12. How should companies prepare for the PPWR now?

Companies should establish transparency at an early stage regarding affected packaging and suppliers, review existing data and supporting documentation, and define clear processes for data collection and maintenance. It is also crucial to involve suppliers in a timely manner and build digital structures to ensure scalable and audit-proof compliance.

Our approach:

  1. Assess PPWR readiness across the supply chain
  2. Raise supplier awareness and provide training – without additional workload
  3. Collect and analyze packaging data in an automated way
  4. Optional advisory services for strategic and operational implementation

Software and consulting services for PPWR compliance

Capture technical documentation and EU Declarations of Conformity from your suppliers in a structured and standardized way with our PPWR module. We are also happy to support you with advisory services on your path to compliance.

Learn more

13. How does the PPWR relate to other ESG requirements?

Supply chain decarbonization

The PPWR promotes recyclable and material-efficient packaging, reducing the use of virgin raw materials and energy-intensive production steps. This creates a direct lever for lowering Scope 3 emissions.

REACH / RoHS

The PPWR builds on existing chemicals regulations and further specifies substance requirements for packaging, for example by setting limits for PFAS and heavy metals to systematically reduce environmental and health risks.

ESRS E5 – Circular Economy

The PPWR operationalizes ESRS E5 requirements by defining binding criteria for recyclability, material composition, and recoverability of packaging. This enables robust and comparable ESG metrics.

EUDR – Traceability

Similar to the EUDR, the PPWR requires transparent traceability of materials and suppliers to demonstrate regulatory compliance across the supply chain.

Digital Product Passport (DPP)

The PPWR provides key data points for the Digital Product Passport, particularly regarding material composition, substances, recyclability, and compliance. It thus lays the foundation for digital, standardized transparency at product and packaging level.

14. Why should companies implement the PPWR early?

Companies should implement the PPWR at an early stage to reduce compliance, liability, and market access risks, while avoiding last-minute implementation challenges and supply chain bottlenecks. Acting now enables companies to build robust data structures instead of relying on manual, ad hoc solutions and strengthens their positioning toward customers, retailers, and authorities. At the same time, the PPWR can serve as a lever for more efficient and sustainable packaging strategies. Early action also ensures sufficient time for necessary adjustments in research and development, including planning, testing, and scaling.

15. What penalties apply in case of PPWR violations?

In Germany, missing EU Declarations of Conformity, technical documentation, registrations, licensing obligations, or incorrect information may result in fines of up to €200,000. In addition, sales bans may be imposed. Specific penalties for individual PPWR obligations will be further defined through additional legal acts.

Implement PPWR with ease

We hope, we could answer most of your questions! Be aware: Starting in 2026, PPWR compliance will become an operational reality—manual Excel spreadsheets will no longer be sufficient. With VERSO, you can digitize data collection, supplier communication, and documentation management in one central platform.

Want to understand your specific obligations? Take the PPWR Check. In just three minutes and a few clicks, you will see what applies to your company—and receive a practical checklist to help you get started.

Take the PPWR Check now

* This information is summarized editorial content and should not be construed as legal advice. VERSO accepts no liability.

This might be also interesting for you:

LKW-Fahrer mit Klemmbrett – Symbolbild für die Dekarbonisierung der Lieferkette
02.12.2025

Decarbonizing the Supply Chain: How To Achieve Climate Goals Along the Supply Chain

Read article
Bild von einem Cyber-Angriff mit Computer und Code.
04.02.2026

NIS-2 in the supply chain

Read article

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Current ESG topics and legislative changes
  • Individual advice from the VERSO experts
  • News about VERSO
  • Sustainability Events and more
Bild von einem Cyber-Angriff mit Computer und Code.
04.02.2026

What does the NIS-2 cyber security directive mean for the supply chain?

NIS-2 tightens the requirements for cyber security – for the first time, the entire supply chain is in focus, from your service providers to cloud providers. Find out which companies are affected and how you can build effective risk management for your supply chain and NIS-2 compliance step by step.

What is the NIS 2 Directive and what does it mean for the supply chain?

With the NIS 2 Directive, the EU is tightening the requirements for companies’ cyber resilience. The focus is not only on a company’s own IT, but also on the entire supply chain: service providers, suppliers and IT or cloud providers are increasingly becoming a gateway for attacks. Companies must therefore be aware of their dependencies, systematically assess risks and implement suitable security measures for partners and service providers. The supply chain is thus becoming a central lever for compliance with the directive and for the company’s digital resilience.

Which institutions and companies are affected by NIS-2?

This no longer only affects traditional operators of critical infrastructure, but also numerous so-called “particularly important” and “important” facilities – including many companies from industry, production, IT, logistics, energy, healthcare and digital services with 50 or more employees or a turnover of EUR 10 million or more. The “particularly important” facilities, shown in the table, have to implement the strictest requirements.

Particularly important facilities Facilities / Examples
Energy Electricity, gas, oil, district heating/cooling, water supply, charging infrastructure for electric vehicles
Transportation & Logistics Air, rail, road and shipping transportation, including shipping companies and port operators
Finance Banks, trading platforms, market infrastructures, insurance companies
Healthcare Hospitals, research institutions, pharmaceutical companies, medical technology
Water supply Drinking water and wastewater management
Digital infrastructure DNS services, operators of top-level domains
Public administration Authorities and other state institutions

Although the “important” facilities – depending on their size and sector – do not have quite as far-reaching obligations and are not classified as critical per se, they must nevertheless act in a NIS-compliant manner. These include:

  • Food production
  • Postal and courier services
  • Chemical industry
  • Manufacturing industry
  • Digital services
  • Research facilities
  • Waste management

When does NIS-2 apply to companies and their supply chains?

All EU member states should have transposed the NIS-2 Directive into national law by October 17, 2024, but many, including Germany, missed the deadline. In Germany, NIS-2 has therefore only been law since December 2025.

Whether in one country sooner or later, the fact is: companies in the EU must now adapt their security measures in the company and in the supply chain to NIS-2. And they need to be careful: NIS-2 affects significantly more companies than its predecessor, NIS-1. In Germany, around 30,000 organizations are covered by NIS-2, while fewer than 2,000 were affected by NIS-2.

The difference between NIS-2 and ISO-27001

In contrast to established information security standards such as ISO/IEC 27001, NIS-2 goes much further: the focus is not only on securing the company’s own IT, but also on holistic risk management that includes the entire corporate environment, including the supply chain.

Aspect ISO 27001 NIS-2
Regulatory status International standard (voluntary) EU directive (mandatory)
Area of application Industry-independent, for organizations of all sizes Specific sectors and companies
Objective Establishment and operation of an information security management system (ISMS) Increasing the cyber security level of critical and important infrastructures in the EU
Information protection Protection of all types of information (digital, physical, cloud) Focus on IT, OT and network security with critical importance
Risk management Systematic information security risk management Extended and deeper requirements for cyber and information security risks
Asset Management Part of the ISMS Significantly expanded and explicitly required
Supply chain & procurement security Generally addressed Explicit and central requirement (suppliers & partners)
Awareness & training Employee training recommended Training courses planned, especially mandatory for management and the Executive Board
Management involvement Responsibility defined, but limited personal liability Strong involvement of top management including personal liability
Degree of coverage Covers approx. 70% of NIS 2 requirements Goes well beyond ISO 27001

What does NIS-2 require of companies and supply chains?

The NIS 2 directive takes cyber security to a new level – organizationally, technically and strategically. Essentially, the requirements can be divided into three central fields of action:

1. establish systematic risk management: Use of technical protective measures such as multi-factor authentication (MFA), documented cryptography guidelines, established incident response and emergency plans, regular training to raise employee awareness

2. clear responsibilities at management level: active co-design and approval of cybersecurity measures, mandatory further training, personal liability in the event of gross breaches of duty

3. binding reporting obligations & business continuity: early warning report within 24 hours in the event of serious incidents, detailed report after 72 hours with root cause analysis and initial countermeasures, final report within one month including long-term preventive measures

NIS-2 requirements for supply chain management

What is particularly relevant with NIS-2 is that the requirements extend into the supply chain. Companies must be able to clearly demonstrate which suppliers and service providers have access to systems, data or critical processes – and how the associated risks are managed. This applies in particular to IT and cloud service providers, software providers, external service providers with system or data access and suppliers with digitally connected processes.

The specific requirements for supply chain management:

Risk management for third parties

Companies must identify risks arising from collaboration with suppliers and service providers – especially where external partners have access to systems, data or critical processes.

  • Example: An external IT service provider has remote access to productive systems or administers cloud infrastructures. Companies must assess what impact a failure, a security incident or inadequate protective measures at this service provider would have.

Evaluation of security measures at suppliers

It is not enough to rely on contractual assurances. Companies must be able to understand which security measures are actually in place at relevant suppliers and whether they match their own risk profile.

  • Example: A software provider confirms “appropriate security measures”. NIS-2 compliance is only achieved when it is clear whether, for example, access controls, patch management, incident response processes or certifications are in place – and how up-to-date they are.

Documentation and verifiability

Assessments, decisions and measures must be documented in a structured manner. In the event of an audit or incident, it is not just what has been implemented that counts, but that risks have been systematically assessed, decisions justified and measures recorded in a comprehensible manner.

  • Example: Why a certain supplier was classified as an “acceptable risk” – or why additional measures are required – must be explained transparently even months later.

Regular checks instead of one-off queries

NIS-2 understands cyber security as an ongoing process. Information from the supply chain must therefore not be collected once, but must be checked and updated regularly.

  • Example: The risk assessment must be adjusted in the event of contract extensions, new system access, changed services or security-relevant incidents – not just at the next audit.

How companies ensure NIS 2 compliance (also in the supply chain)

NIS-2 can seem complex at first glance, but with a clear roadmap, the requirements can be systematically implemented. This step-by-step guide shows which measures companies should take now – from risk assessment to audit preparation.

Step-by-step guide to NIS-2 compliance: what measures companies should take now — from risk assessment to audit readiness.

1. clarify NIS-2 affectedness

To begin with, you should check whether your company is affected by the scope of the directive. Anyone who is part of the supply chain may also fall under the requirements.

2. carry out a gap analysis

Check risk management and incident response in particular: Are there clear processes for detecting and reporting incidents? Have access rights, encryption and MFA been implemented? How well are your service providers secured and are emergency and recovery plans up to date?

3. develop a risk management strategy

Effective risk management forms the basis of every NIS 2 strategy.
The core components are:

  • Regular risk assessments for early identification of weak points
  • Strong access controls (incl. MFA)
  • Encryption
  • Consistent patch management
  • Regular penetration tests
  • Establish a structured incident response plan and reporting process

Those who proactively implement these measures reduce risks in the long term and strengthen cyber security throughout the company.

4. clarify and strengthen governance and responsibilities

NIS-2 clearly makes cybersecurity a management task. Management is responsible for actively designing, adopting and regularly reviewing security guidelines.

The central elements are:

  • Mandatory training for managers
  • Clearly defined responsibilities (e.g. a designated security officer)
  • a systematic review of the entire security strategy
  • continuously maintained and complete safety documentation

Strong governance not only ensures fewer security risks, but also reduces personal liability risks for management.

5. secure the supply chain

Third-party providers and service providers are increasingly becoming a central cyber risk factor – and with NIS-2, they also have a clear responsibility.

To secure your supply chain, you should in particular:

  • Systematically check the security level and protective measures of your service providers
  • Make NIS 2 and compliance requirements binding in contracts
  • Establish ongoing monitoring and control mechanisms to identify risks at an early stage

This turns the supply chain into an effective protective shield: your company reduces both the real attack surface and the regulatory risk.

Conclusion: NIS-2 does not start in IT, but in the supply chain

NIS-2 makes it clear that cyber risks cannot be managed in isolation in IT. Transparency in the supply chain, uniform assessments and the ability to monitor and verify risks on an ongoing basis are crucial. This is precisely where many companies fail due to manual processes and a lack of structure.

With the VERSO Supply Chain Hub, the NIS-2 guideline and cyber security in the supply chain can be mapped centrally: from structured risk queries with suppliers and a uniform assessment of third parties to the ongoing updating and central documentation of all evidence. In this way, NIS-2 is not only implemented in the supply chain in compliance with regulations, but also in a practicable and scalable manner.

Talk to us

* This information is summarized editorial content and should not be construed as legal advice. VERSO accepts no liability.

This might be also interesting for you:

LKW-Fahrer mit Klemmbrett – Symbolbild für die Dekarbonisierung der Lieferkette
02.12.2025

Decarbonizing the Supply Chain: How To Achieve Climate Goals Along the Supply Chain

Read article
Product
18.11.2025

PCF Automation in 6 Steps

Read article

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Current ESG topics and legislative changes
  • Individual advice from the VERSO experts
  • News about VERSO
  • Sustainability Events and more
Product
18.11.2025

PCF Automation in 6 Steps

The calculation of a Product Carbon Footprint (PCF) is becoming increasingly important for many companies. Automation can be a real game changer here. These six steps show how to move effectively from a manual PCF assessment toward full process automation.

The calculation of product emissions — a Product Carbon Footprint (PCF) — is becoming increasingly important for many companies. With a wide product portfolio, this quickly turns into a major challenge.

Automation can be a real game changer here. To unlock automation potential within your organization, it helps to break the entire PCF process into small, understandable steps. These six steps show how to move effectively from a manual PCF process toward full process automation.

1. Clarify the basics: What is reported, to whom, and based on which standard?

Before you move into the practical phase, you should be able to answer a few key questions:

  • Who receives the PCF data — customers, authorities, or internal stakeholders?
  • How should the data be presented — as a report, a digital interface, or an audit result?
  • Which standards guide the reporting — GHG Protocol, ISO 14067, or other norms?

These questions define the methodological framework. They determine how deep the calculation needs to go (e.g., cradle-to-gate or cradle-to-grave) and which system boundaries apply.

2. Understand your role in the value chain

Your position within the value chain defines which data is relevant:

  • Companies delivering to a single customer often need standardized downstream data.
  • Companies at the end of the value chain must prepare information for final products and end customers.
  • Suppliers in between need both: incoming data collection and outgoing data transmission.

This classification helps identify the right interfaces and automate them later on.

3. No automation without data quality

Automation depends entirely on the data foundation. Companies need to ask:

  • Where do the data points come from — ERP systems, production data, supplier information?
  • How can they be structured in a product-level and usable format?
  • How can you ensure that the data is complete, consistent, and up to date?

Only when these questions are resolved is it worth moving toward technical automation. Otherwise, errors multiply instead of decreasing.

4. From databases to supplier data: Evaluate emissions correctly

A central step in calculating a Product Carbon Footprint is linking material data to emissions. There are two approaches:

  1. Emission factors from databases: easy to access, but based on averages.
  2. Factors based on data from your own supply chain: more complex, yet far more precise.

Many companies rely on databases in the short term. There are already many reliable sources with filtering options to find the most accurate factor possible. At VERSO, for example, we give you access to about 50 databases with over 200,000 emission factors.

In the long run, though, there is no alternative to supply chain data for real transparency and comparability. You should therefore request emission data or individual PCFs from your suppliers as soon as possible. You can also do this via the VERSO Supply Chain Hub. You then transfer the data directly into your PCF in the VERSO Climate Hub.

5. Automate step by step — instead of rushing ahead

Automation should definitely be the goal. However, many companies begin automating before the right foundations are in place. Often, materials are simply linked to emission factors — which may save time, but does not deliver reliable results.

A better approach: first build a solid methodological concept, structure processes in modules, and automate step by step. A modular system helps you start with a few well-defined processes. You can then transfer rules and calculation logic to additional products over time.

6. From partial to full automation

Once the methodology and data quality are right, automation can expand step by step:

  • Automated data transfers between internal systems (ERP) and PCF software
  • Intelligent and automated allocation of emission factors to materials
  • Fully automated calculation processes
  • Automated management and updates of emission factors

The goal: end-to-end, reliable PCF calculations — without manual intervention.
This frees teams to focus on what matters: reducing emissions, implementing measures, and improving products.

Conclusion: Automate with intention

PCF automation succeeds when methodology and data quality come first. Clear goals, roles, and standards, structured data sources, and gradual automation lead to robust results with less effort. A modular approach supports automation, transparency, and comparability — all the way to end-to-end PCF calculation without manual input.

We are happy to support you with software and consulting.

Guide: Calculate the PCF in 7 steps

Determine the emissions of your products in 7 steps: This guide takes you through the PCF calculation in an understandable way.

Download guide

* This information is summarized editorial content and should not be construed as legal advice. VERSO accepts no liability.

This might be also interesting for you:

Eine Hand mit Arbeitshandschuhen hält eine gerade produzierte Glasflasche – Symbolbild für den PCF
03.07.2025

Understanding and Calculating PCF

Read article
Corporate Carbon Footprint berechnen und reduzieren
26.06.2025

How is the Corporate Carbon Footprint (CCF) calculated?

Read article

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Current ESG topics and legislative changes
  • Individual advice from the VERSO experts
  • News about VERSO
  • Sustainability Events and more

Sign up now!

Corporate Carbon Footprint berechnen und reduzieren
26.06.2025

How is the Corporate Carbon Footprint (CCF) calculated?

What are your company’s CO₂ emissions—and how can they be reliably calculated? This article explains why the Corporate Carbon Footprint matters—and how to approach it step by step.

Introduction and content overview

The Corporate Carbon Footprint (CCF) refers to the total greenhouse gas emissions a company causes, both directly and indirectly—from office heating to global supply chains. It is calculated based on Scopes 1, 2, and 3 as defined by the Greenhouse Gas Protocol. Scope 3 is particularly critical, as it often accounts for more than 70% of total emissions. Calculating the CCF is a prerequisite for setting effective climate targets, implementing reduction measures, and communicating sustainability efforts credibly. For many companies, it is increasingly becoming a requirement—whether driven by legislation, market expectations, or customer demands.

Content:

Why the Corporate Carbon Footprint matters now

The pressure on companies to understand and reduce their emissions is increasing. Not only due to legal requirements such as the EU Climate Law, CBAM, or the CSRD: More and more companies are being asked to provide climate-related data – whether in tenders, across supply chains, or as part of voluntary sustainability reporting.

Especially for mid-sized businesses, the Corporate Carbon Footprint is becoming a key competitive factor. Those who know their carbon footprint can take targeted action, reduce risks, and position themselves sustainably in the market.

What is the Corporate Carbon Footprint?

The Corporate Carbon Footprint (CCF) refers to the total greenhouse gas emissions a company causes – both directly and indirectly – from office energy use to the entire supply chain.

The CCF illustrates how much CO₂ and other greenhouse gases a company emits through its business operations. It typically follows internationally recognized standards such as the GHG Protocol, which categorizes emissions into three scopes: Scope 1 (direct emissions), Scope 2 (indirect emissions from purchased energy), and Scope 3 (other indirect emissions).

The three scopes for calculating the carbon footprint (CCF) according to the GHG Protocol

What is the difference between the CCF and the PCF?

While the CCF looks at a company’s overall carbon footprint, the Product Carbon Footprint (PCF) focuses on a single product. It analyzes the emissions generated throughout the product’s entire life cycle, from raw material extraction and production to transportation, use, and disposal. Both concepts complement each other and are essential building blocks for credible climate action within companies.

 

Aspect Corporate Carbon Footprint (CCF) Product Carbon Footprint (PCF)
Definition Total greenhouse gas emissions of a company Greenhouse gas emissions of a single product throughout its entire life cycle
System boundary All company activities (operations, vehicle fleet, supply chain, etc.) The complete product life cycle (raw materials, production, use, disposal)
Objective Overview of company-wide emissions, management of climate targets and reduction measures Assessment of a product’s environmental impact, foundation for eco-design and supply chain requirements
Relevance Foundation for climate strategy, carbon accounting, CSRD reporting, climate targets Relevant for customer requirements, eco-design, product development, supplier assessments
Data sources Energy data, business travel, vehicle fleet, procurement, production processes, suppliers, distribution Material and process data, supplier data, usage scenarios, disposal routes
Scopes Scopes 1, 2, and 3 according to the GHG Protocol Scopes not applicable; assessment based on the product life cycle (e.g., cradle-to-gate, cradle-to-grave)
Target audience Executive management, investors, banks, regulatory authorities, general public Customers, procurement, product development, suppliers, end users

 

Step by step toward a reliable PCF

Want to know how to accurately calculate the emissions of your products—and what it really takes? You’ll find everything you need in the practical PCF guide.

Download the PCF guide

Why is Scope 3 so important?

Many companies start with Scope 1 and 2 – and that often makes sense. These data points are usually easier to access: energy consumption, vehicle fleets, or heating systems can typically be tracked internally without much effort.

Scope 3, on the other hand, is more complex but also critical. Why? Because it covers everything that happens outside a company’s direct operations. And that’s usually where the majority of emissions occur: for many companies, Scope 3 accounts for over 70% of total CO₂ emissions and in some industries, it can be as high as 95%.

Despite the challenges, it’s essential to include all three scopes to gain an accurate picture. Ignoring Scope 3 often leads to a serious underestimation of a company’s climate impact and means missing out on valuable opportunities.

Why? Because Scope 3 often holds surprisingly straightforward levers for reduction, such as switching suppliers, optimizing logistics, or improving product design. These opportunities only become visible when Scope 3 is systematically included in the assessment.

Our tip: Even if you don’t have precise data yet, rough estimates can still provide valuable insights. And they’re far better than doing nothing at all.

Which companies is Scope 3 especially relevant for?

Scope 3 is relevant for all companies including mid-sized businesses. Why?

Many mid-sized companies have:

  • complex or global supply chains,
  • components and materials they don’t produce in-house,
  • transport and logistics structures over which they have limited direct control.

All these emissions fall under Scope 3. For these companies, this means: even if their own operations are energy-efficient, the majority of emissions may occur in upstream or downstream processes – precisely where gaining insight and influence becomes particularly important.

How is the Corporate Carbon Footprint calculated?

Calculating the Corporate Carbon Footprint (CCF) involves several clearly structured steps. The goal is to create a reliable and plausible CO₂ balance for the company that serves as a foundation for management decisions, reduction measures, and external reporting.

1. Scope screening: Defining system boundaries

  • Determining the systematic, organizational, and operational boundaries in line with the GHG Protocol.
  • Deciding which emission categories (Scopes 1, 2, 3) and subcategories will be included.
  • Defining the consolidation scope: Which sites, entities, and company sizes are covered?

2. Responsibilities and project organization

  • Defining who is internally responsible for data collection and preparation.
  • Aligning on the approach, responsibilities, and timeline
  • Holding a joint kickoff meeting with all relevant departments.

3. Data collection within departments

  • Gathering relevant activity data from the departments involved.
  • Closing data gaps through extrapolations and well-founded assumptions.
  • Reviewing whether reliable emission factors are already available or need to be added.
  • Collecting specific data, such as employee commuting patterns, and sending targeted supplier requests to capture upstream emissions.

4. Data validation

  • Reviewing and verifying the collected data, ideally with support from external experts to ensure data quality.

5. Evaluation and interpretation of results

  • Joint analysis of the results with the company.
  • Identification of emission hotspots and priority areas.
  • Discussion on whether additional data needs to be gathered in more detail (e.g., follow-up supplier requests).
  • Discussion on whether additional data needs to be gathered in more detail (e.g., follow-up supplier requests).

What happens after the carbon footprint has been calculated?

The carbon footprint is a key part of any decarbonization strategy – but it’s only the beginning. Calculation alone is not enough. It’s the foundation for taking the next targeted steps:

  • Define measurable climate targets and actions
  • Effectively reduce greenhouse gas (GHG) emissions
  • Responsibly offset unavoidable emissions
  • Responsibly offset unavoidable emissions
    Communicate progress and potential transparently

We support you: with software and expertise

Whether you’re working on a Corporate or Product Carbon Footprint or developing a decarbonization strategy: We support you wherever you need it.

Our software is built for both climate professionals and beginners. It lets you structure your data in the way that works best for you, whether for reporting, internal management, or external requirements related to communication or compliance.

And if you’re looking for additional sparring or targeted guidance, our Climate Experts are here to help. Because one thing is clear: only those who truly understand their emissions can take effective action.

Let’s start the conversation.

Questions and answers about the Corporate Carbon Footprint (CCF)

What’s the difference between the Corporate and Product Carbon Footprint?

The Corporate Carbon Footprint (CCF) shows how much CO₂ a company emits overall, from office heating to the supply chain. The Product Carbon Footprint (PCF) focuses on a single product, from raw materials to disposal. Simply put: CCF = company perspective, PCF = product perspective.

How often should the carbon footprint be calculated?

At least once a year, ideally as part of the sustainability report. This makes it easier to track progress and manage measures effectively. Those with ambitious goals can also reassess quarterly.

Is the Corporate Carbon Footprint mandatory?

Not in general, but for many companies, it effectively becomes mandatory due to reporting obligations such as the CSRD, CBAM, industry-specific requirements, or customer expectations. And without knowing their footprint, companies will struggle to speak credibly about climate targets.

Which companies is the CCF relevant for?

For all companies that want to act responsibly and build a future-proof business. It becomes especially relevant when investors, customers, or regulations demand transparency – and that’s happening more and more often.

How accurate are the results?

In general, the calculation is only as accurate as the data it’s based on. Scope 1 and 2 data are usually solid, while Scope 3 tends to be more complex. What matters is this: even rough estimates provide valuable insights – and they’re far better than doing nothing.

Is it enough to calculate just Scope 1 and 2?

As a starting point: yes. For a complete picture: no. In many companies, the majority of emissions fall under Scope 3, such as those in the supply chain. Ignoring them means missing out on key levers for reduction.

What is the Greenhouse Gas Protocol?

The GHG Protocol is the global standard for corporate carbon accounting. It defines what belongs to Scope 1, 2, and 3, and ensures that carbon footprints are consistent, comparable, and transparent.

* This information is summarized editorial content and should not be construed as legal advice. VERSO accepts no liability.

This might be also interesting for you:

LKW-Fahrer mit Klemmbrett – Symbolbild für die Dekarbonisierung der Lieferkette
02.12.2025

Decarbonizing the Supply Chain: How To Achieve Climate Goals Along the Supply Chain

Read article
Schmelzender Eisberg im Wasser als Symbol für die Klimastrategie
17.04.2024

Step by step to Net Zero: how to develop a climate strategy for your company

Read article

Nachhaltiges Wirtschaften im Mittelstand
23.04.2025

Sustainable Business Practices: The Business Case for SMEs

Stakeholders, ESG obligations, or simply conviction – For many reasons, sustainability is on the agenda of companies. Whether mandatory or voluntary: sustainability must not only be promised, it must be implemented. This article explains why sustainable business practices are important for all companies – from SMEs to large corporations.

Why is Sustainable Business Important for Small and Medium-sized Enterprises (SMEs)?

Sustainability creates transparency in the supply chain

Sustainable business practices are becoming a prerequisite for medium-sized companies to remain supply-capable and competitive in the long term – as large companies today expect full transparency across the entire supply chain.

Many small and medium-sized enterprises (SMEs) supply products or materials to larger companies that are subject to legal requirements such as the Supply Chain Due Diligence Act (LkSG), the Corporate Sustainability Reporting Directive (CSRD), the EU Deforestation Regulation (EUDR), etc. These companies are often also bound by industry-specific guidelines that demand sustainability information from the supply chain.

Large companies must not only disclose their own ESG information but also that of their suppliers. This means that you, as a supplier, are also affected by the regulations and will be asked for extensive sustainability information:

  • You will need to undergo thorough due diligence processes, such as the EcoVadis sustainability assessment, which identifies potential risks to people and the environment in the supply chain.
  • Proof must often be provided not only by suppliers but also by sub-suppliers.

Sustainability as a factor for financing

Sustainable business practices not only improve the ESG rating but also provide access to better financing terms – whether for loans, investments, or insurance.

Medium-sized companies seeking capital from investors or loans from banks should be prepared for ESG inquiries. In practice, the ESG rating directly influences credit terms – the better the rating, the more favorable the loan conditions.

Investors are also increasingly incorporating ESG criteria into ratings and M&A decisions. At the latest, during transactions or investment decisions, robust sustainability metrics will be expected from you.

In addition, (re)insurers also require ESG information from their clients. Sustainability risks are increasingly being incorporated into the risk assessment during contract negotiations, which can directly impact insurance premiums and coverage.

Sustainability expectations from customers and business partners

Anyone who wants to have a say, collaborate, or bid today needs a clear sustainability position – because ESG criteria are increasingly determining partnerships and contract awards.

In partnerships, collaborations, and tenders, certifications and ESG information are increasingly being requested to demonstrate a company’s sustainability ambitions. When entering negotiations, you need to be well-prepared:

  • No Open Doors without ESG Certifications: A prerequisite for serious discussions – alongside, for example, well-known standards for information security – are increasingly ESG-related certifications. Undergo the assessments early – they are often time-consuming and cannot be “quickly submitted.”
  • Sustainability and ESG Criteria in Tender Processes: If there is a tender, your company might be excluded from consideration due to the lack of a robust sustainability strategy. This is demonstrated, among other things, through recognized ESG certifications. With sustainability and ESG criteria in tender processes, companies want to ensure from the outset that ecological and social standards are adhered to in the supply chain.
  • Sustainability also plays a significant role in other quality standards, such as Fairtrade, organic certifications, employer rankings, or ISO standards: ESG criteria are also requested here.

Protection against greenwashing accusations

Simply labeling oneself as “green” is a thing of the past. With the Green Claims Directive and the EmpCo Directive, the EU specifically outlines what constitutes greenwashing and what does not.

  • Soon, companies will be required to scientifically verify the accuracy of their environmental claims. Failure to do so will not only result in reputational damage, but also actual legal and financial consequences.

You certainly do not intentionally engage in greenwashing, but it can easily happen unintentionally in small and medium-sized enterprises: many greenwashing accusations originate from marketing activities that portray the company in too favorable a light. This often happens when a company’s sustainability data is not transparent.

A climate and sustainability strategy ensures transparent sustainability communication: through a data-driven strategy, KPI tracking, and a CO2 balance, you can communicate numbers, facts, and goals in a verifiable manner.

Improved risk management and resilience

A solid sustainability strategy helps you identify ecological and social risks early – not just within your company but throughout the entire value chain. The foundation for this is the Double Materiality Analysis, which adds a holistic ESG perspective to your existing risk management – including the consideration of opportunities.

This allows risks to be assessed in a targeted way, measures for avoidance or reduction to be derived, and their impact in ESG management to be systematically monitored. This makes your company more resilient to climate impacts, geopolitical changes, or resource shortages – while also saving costs and preventing future losses.

Efficient resource use and optimized processes

A well-thought-out sustainability management system helps you use resources more efficiently. It drives process optimizations and innovations – for example, through energy-saving machines or the recycling of production waste. This saves raw materials, reduces costs, and protects the environment.

With effective ESG management, you not only reduce waste and energy consumption but also save time: you focus on the truly important issues – and can drive them forward in a targeted way. A clear advantage for the future viability of your company.

Holistic corporate strategy and future viability

Individual measures are of little use if the strategic connection is missing. A sustainability strategy provides the necessary overall view: All measures are part of a larger plan – rather than isolated individual initiatives.

The foundation for this is the Double Materiality Analysis, which helps you identify the most important topics. This results in a long-term, systematic strategy – ideally integrated into your corporate strategy. In this way, sustainability becomes a top priority and is managed, measured, and communicated in a targeted manner – for example, with a suitable software solution like the VERSO ESG Hub.

How do you embed sustainability in your company?

For sustainable business practices to be more than just a good intention, they must be deeply embedded in the company. This is achieved with the following building blocks, which demonstrate how small and medium-sized enterprises can move into action in a structured and impactful way.

1. status quo and material topics

Before developing a sustainability strategy, a solid status-quo analysis is needed as a foundation – it provides transparency on data, processes, and challenges within the company. Building on this, a materiality analysis highlights which ESG topics are truly material and where the greatest impacts, risks, and opportunities lie.

2. Setting SMART goals and appropriate measures

Goals are the heart of any sustainability strategy and should be scientifically grounded, formulated in a SMART way, and closely linked to the corporate strategy to avoid conflicts of interest. The development of appropriate measures is crucial for implementation – ideally in collaboration with employees and relevant stakeholders who can contribute practical solutions.

3. Creating awareness for sustainability across the company

Sustainability is a company-wide team project – and that’s why it requires a shared awareness and clear alignment. When developing your sustainability strategy, you should define vision, mission, and values to provide direction, motivate employees, and anchor the topic effectively in the overall strategy. Being transparent about ambitions and strategically using internal communication lays the foundation for living sustainability throughout the company.

4. Moving into implementation: Control is key

After the strategy, the real work begins: Implementing ESG measures is a long-term process that requires continuous adjustment and perseverance. To maintain an overview and be able to respond flexibly to new developments, structured ESG management, regular monitoring, and transparent communication – both internally and externally – are essential. Only in this way will progress remain visible, stakeholders stay engaged, and motivation within the company be maintained.

Start with VERSO

Now it’s time to move from planning to action. We support you every step of the way – with the right software solutions and services throughout your entire sustainability journey: from the first report and goal setting to tracking concrete measures. Step by step, you will build the foundation for sustainable business practices in your company.

Get in touch with us.

This might be also interesting for you:

Mann im Anzug mit Fahrrad – Symbolbild für Nachhaltigkeit im Unternehmen
23.04.2024

Why is sustainability important for companies?

Read article
Holzwürfel, die ein Diagramm mit steigendem Pfeil abbilden: Richtig gemacht, können Nachhaltigkeitesberichte zur Steigerung des Unternehmenserfolgs beitragen Rising bar chart made of wooden blocks symbolizing measurable progress and continuous improvement in a sustainability report.
19.11.2024

Sustainability Report: What Is It and What Do You Need to Know? 

Read article

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Current ESG topics and legislative changes
  • Individual advice from the VERSO experts
  • News about VERSO
  • Trusted by 250+ customers

Sign up now!

Der Aufbau der ESRS: SO berichten Sie CSRD-konform.
28.11.2024

Structuring an ESRS report: How to ensure CSRD compliance

Tens of thousands of companies are required to publish a CSRD compliant sustainability report for the first time. Many are now faced with over 1,000 data points and wondering: How do we turn this into a structured sustainability report? What is the structure of an ESRS report?

This article will guide you through the process and provide you with a checklist to help identify the key data points for your report.

Creating an ESRS report – What needs to be done?

For most companies, preparing a CSRD-compliant sustainability report is uncharted territory. So far, only a few have completed this process, meaning you are not alone. To understand the structure of an ESRS report, it is helpful to first familiarize yourself with the individual ESRS standards. The next step is to focus on the disclosure requirements and data points that are most relevant to your company. To support you in this process, we have prepared a practical checklist.

What do CSRD and ESRS require?

Being affected by the CSRD means that a company is required to publish a sustainability report as part of its management report. This sustainability report is not meant to be a marketing brochure but a comprehensive document covering environmental, social, and governance (ESG) topics.

A key aspect: Companies do not have the freedom to choose their reporting framework – the ESRS are the mandatory standards they must follow. Additionally, just like the management report, the sustainability report must be audited by external auditors. This makes it even more crucial to understand the framework, be familiar with the structure of the report, and ensure that you report on the correct, material data points.

How should I approach the double Materiality Assessment?

Speaking of key data points: The double materiality assessment is the core of the ESRS report.

Download the full blog post now and gain access to:

  • Tips for conducting the double materiality assessment,
  • An overview of the ESRS structure,
  • In-depth insights into the content of the ESRS standards, and
  • A checklist for identifying the key material data points.

Before we continue

The content on this website is the result of the work of people who immerse themselves in the world of ESG with much passion and care. We take the time to present complex topics in an understandable way and provide practical tips. To prevent our work from being copied or used as AI training material, we ask you to leave us your e-mail address for particularly extensive and detailed content such as this. You will then receive the article as a PDF directly in your mailbox.

This might also interest you:

Eine Nachhaltigkeitsstrategie ist für Unternehmen wichtig, um ihre ESG-Ziele zu erreichen
11.03.2024

5 reasons why a sustainability strategy is important for companies

Read article
Doppelte Wesentlichkeitsanalyse
27.11.2024

Mastering CSRD challenges: The double materiality analysis in seven steps

Read article

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Current ESG topics and legislative changes
  • Individual advice from the VERSO experts
  • News about VERSO
  • Trusted by 250+ customers

Sign up now!

Doppelte Wesentlichkeitsanalyse
27.11.2024

Mastering CSRD challenges: The double materiality analysis in seven steps

Which topics are relevant for the CSRD report?
The answer is provided by the double materiality analysis. In this article, you will learn how to efficiently master the analysis step by step with the support of our AI-based software solution.

The goal of double materiality

With the introduction of the CSR reporting obligation CSRD, the European Union wants to increase the scope of sustainability disclosures. This will make CSR reports more meaningful and comparable.

The impact of the sustainability report will also be increased because the dual materiality contributes to a shift from a shareholder perspective to a stakeholder perspective. The CSR report is aimed at investors, but also at employees, customers and society.

Definition: What is double materiality?

Double materiality means: it must be stated
how sustainability aspects affect the company (outside-in perspective)
AND
how the company affects society and the environment (inside-out perspective). The dual materiality will change the materiality principle used in Germany in particular and lead to significantly more information being relevant to reporting and CSR reports becoming more meaningful as a result. In future, companies will have to state both perspectives – independently of each other – in the sustainability report.

Previously, both aspects had to be fulfilled at the same time. In the case of the outside-in perspective (“financial materiality”), disclosures must be made that are necessary for an understanding of the company’s business performance, results or position. Particularly in the world of finance, this perspective is often the only one considered today and referred to as “ESG” or “ESG-related risks” – in other words, only the risk perspective is considered from a sustainability perspective.

With the inside-out perspective (“environmental and social materiality”), information must be provided that is necessary for an understanding of the impact of business activities on sustainability aspects. In short, it must be explained: What impact does my company have on the planet and society?

Infografik: Erklärung doppelte Wesentlichkeit der CSRD

What is the outside-in perspective in double materiality?

Many companies have so far focused on the outside-in perspective, as it represents a form of risk management. This field will also be covered in the future. The information is primarily aimed at investors. From the outside-in perspective, companies must disclose the following information:

  • How do external developments affect the business model, strategy and sales, among other things? External developments include unexpected weather events, for example, but also stricter regulatory requirements.
  • Industry-specific topics also play a role: Are there sustainability aspects that have already been identified by competitors, customers or suppliers?
  • What are the main risks for the company, a product or a service? And how are they managed or mitigated?

What is the inside-out perspective?

The inside-out perspective significantly broadens the view. Contact persons are not only investors, but also employees, consumers and environmental and social organizations. From the inside-out perspective, companies must disclose how their activities affect society and the environment. The impact of products, services and business relationships (including the supply chain) should also be mentioned here. Information is required on, among other things

Environmental issues:

  • Climate impact
  • Prevention and reduction of environmental pollution
  • Environmental impact of energy use
  • Biodiversity

Social:

  • Health and safety in the workplace
  • Diversity and equal treatment
  • Human rights
  • Social commitment

Governance:

  • Management and control processes
  • Combating corruption and bribery

In 7 steps through the double materiality analysis

1. Create an understanding of dual materiality

In the dual materiality analysis, you determine how sustainability aspects affect your company and how its activities impact the environment and society. The double materiality analysis forms the start and basis for your sustainability reports in the coming years. A high-quality process and a well-founded result are therefore a must.

In addition, auditors will audit the materiality analysis process and the finished CSRD report in the future. It is therefore worth going through the analysis in a tool that is recognized by auditors. VERSO’s AI-supported software solution for dual materiality guides you through the process step by step; the auditor can check directly in the tool. First, it is important for you and your sustainability team to take a closer look at the concept of double materiality. Here are some questions that are helpful in this first phase:

  • Are we familiar with the concept of dual materiality? Does everyone in the team understand which perspectives (financial and impact materiality; impacts, risks and opportunities) need to be considered?
  • What are the general conditions of our company, which topics could be relevant from the outset due to the environment, industry and products?
  • Which upstream and downstream economic activities, from raw material extraction to consumption and disposal, are part of the value chain?
  • Do we all understand what the dual materiality analysis process should look like, what our goal is, how we will proceed?
  • Who are important stakeholders (e.g. those affected by impacts; groups with an interest in information) with whom we work and to whom we turn?
  • Have we brought the management team on board and kept them sufficiently informed? Can we count on their commitment?

AI-supported materiality analysis from the industry pioneer

As a sustainability software pioneer, we also have your back when it comes to CSRD reporting: save time, money and nerves with the market-leading solution for double materiality.

Get to know the module for dual materiality

2. Create a roadmap for the dual materiality analysis

Once everyone is familiar with the topic and has gained an overview, the next step is to plan the analysis. Fundamental decisions should be made in three areas:

Responsibilities: Clarify who in your team is responsible for what. You can define these responsibilities in the VERSO software. This allows you to assign different levels of authorization and keep track of who is working on which topics at all times.

Time and resource plan: Analyzing dual materiality takes time. Create a schedule and consider what human and financial resources you need. Plan in such a way that you can talk to all affected stakeholders, involve management in the process and also coordinate the results well at the end. Think about all of this in the context of the sustainability report: have you considered the double materiality analysis when preparing the report or do you need to adjust the project plan?

Sources and stakeholders: Consider which methods and with which stakeholders and colleagues you want to carry out the materiality analysis. The ESRS and other frameworks as well as industry standards and findings from the corporate environment provide you with starting points for possible relevant topics.

Einblick in das KI-gestützte Modul zur Wesentlichkeitsanalyse von VERSO

At VERSO, we have already supported many customers throughout the entire process – from the double materiality analysis to reporting. This includes, for example, the Deutsche Automobil Treuhand GmbH (DAT)which also uses the AI-supported VERSO software.

3. Identifying impacts, risks and opportunities (IROs)

A sustainability aspect of the ESRS is material and reportable if the associated impacts, risks or opportunities (IROs) are considered material. Example: If the pollution of wastewater by substances used is a material impact, this must be reported on the data points in the associated standard E2 “Environmental pollution”.

Identifikation der Auswirkungen, Risiken und Chancen (IROs) in der VERSO Software

But how do you get to the IROs?

The IROs can arise from a wide variety of sources, such as industry or company specifics and discussions with various stakeholder groups. Sparring with the VERSO consultants is helpful here. In addition, internal data from whistleblower systems, occupational health and safety information or discrimination cases can provide you with information on relevant ESG issues in your company.

VERSO makes it easier for you to determine the IROs: Based on your information on company activities, NACE codes, locations, industries, etc., our AI module suggests possible material topics. So you don’t start with a blank sheet of paper. You can start directly with individual effects and assign them to the respective topics. Anyone with a little knowledge of the subject will have noticed that our AI-supported materiality analysis module takes a bottom-up approach to IRO identification.

Here, you first identify and evaluate the IROs so that the material topics of the ESRS emerge at the end. You could also do it the other way around – but in our experience, important topics often fall through the cracks.

The bottom-up approach in detail:

  • Identify all actual and potential impacts that your company or your economic activities have or could have on stakeholders along the entire value chain(impact materiality or inside-out perspective).
  • Define which financial opportunities and risks could arise for your company from sustainability issues(financial materiality or outside-in perspective). Here you can build on the results of the impact assessment.
  • Sharpen the IROs to make them as specific as possible. You have clearly listed your collected impacts in the VERSO module. For a CSRD-compliant ESRS report, you must also specify the information and interests of your stakeholders. You must roughly describe which of your material IROs the stakeholders influence or experience impacts on. VERSO’s materiality module saves you time here too: you can enter the affected stakeholders when specifying the material topics and also describe these groups and their impacts in more detail.

Get to know our materiality analysis module

Would you like to try out our AI-supported software solution for analyzing double materiality? Then arrange a demo for the VERSO ESG Hub now and we will answer your questions!

Book a demo

4. Coordinating and sharpening of the IROs with the management

Now it is time to coordinate the preliminary results with your company’s management. The management level has a different view of the company and also knows other perspectives, such as those of investors.

And finally, the dual materiality analysis should be supported by the entire company and form the basis for strategy development – management must be on board for this. It is best to present the results to management directly in our software. The data is clearly presented in the module, but can of course also be exported in the desired format and incorporated into presentations.

5. Definition of the main topics

In order to classify the IROs as material in accordance with the CSRD, they must be assessed according to the ESRS criteria. Among other things, you evaluate the IROs according to

  • Extent,
  • Scope,
  • Immutability and
  • Probability of occurrence.

Attention:
Depending on the type or category of IROs (e.g. actual or potential impact), different assessment criteria must be used. These categories are already stored in the VERSO software. You can select these for your IROs and assess the scope, extent and probability of occurrence with just a few clicks. Suitable threshold values are also already stored in the software solution. They help you to determine the IROs that are actually material for your sustainability report. The software automatically calculates the severity of the respective IRO. At the end, you can see at a glance which IROs are classified as material.

Festlegung und Bewertung der wesentlichen IROs im VERSO Tool

You can easily assign the identified IROs to the ESRS-compliant subtopics in the module. This results in the relevant topics for your report. IROs that do not fit any of the predefined topics can of course still be included and assigned to your own topics in the software.

There is also a completeness check in the VERSO module to check whether you have evaluated and assigned all topics. You will see those ESRS topics and subtopics for which you have not entered any IROs. If such a topic seems important to you, you can refine it in the IROs.

This way, no IRO will slip through. Topics for which you have not identified any material IROs are not included in the reporting obligation. At the end, you have all topics that have been assessed as material from either a financial or an impact perspective. You can present the results graphically in a materiality matrix or in a classic table. According to the CSRD, a graphical representation of the materiality analysis is not mandatory. And that’s it for the analysis itself: with our software, you can save your information in the final step and lock it for editing. The auditor can then check your analysis directly in the module.

This last step is immensely important so that you can guarantee that the materiality analysis process has been carried out in accordance with the CSRD and checked by an auditor. With our software, you can also be sure that your double materiality analysis is ESRS-compliant and audit-proof in accordance with the requirements of the Institute of Public Auditors in Germany (Institut der Wirtschaftsprüfer – IDW). Once the materiality analysis has been completed, the material topics, standards and data points are transferred to the VERSO ESG Hub reporting module so that you can continue directly with your reporting.

6. Definition of measures

The double materiality analysis does not stand for itself: The material IROs serve as the basis for your sustainability report. This shows the status quo and, over the years, the development of your company in the area of sustainability. In addition, the materiality analysis is the basis for your sustainability strategy, in which you define targets and measures.Incidentally, the ESRS already provides you with valuable input for the definition of targets and measures. And you can find out how to approach the CSRD report in the CSRD practical guide.

7. Stick with it, adapt, repeat

A final tip from us: don’t see the double materiality analysis as a one-off project, but as an analysis tool that will accompany you in your sustainability work.

If there are significant changes in the company, you will have to repeat the double materiality analysis. You usually revise individual parts and adapt the analysis annually. This keeps the key IROs up to date and makes your company’s developments measurable.

Get to know the AI-supported materiality analysis directly

The dual materiality analysis is the basis of your CSRD report. We make this process easier and faster for you: with our AI-supported software solution for the dual materiality analysis, you can be sure that your analysis is CSRD-compliant. Try it out for yourself and book a demo where we will show you all the functions.

Get to know VERSO Software

* This information is summarized editorial content and should not be construed as legal advice. VERSO accepts no liability.

This might also interest you:

Der Aufbau der ESRS: SO berichten Sie CSRD-konform.
28.11.2024

ESRS report structure: How to report in compliance with CSRD

Read article
Gespiegelte Blätter – Symbolbild für die doppelte Wesentlichkeit
23.05.2022

What does double materiality mean?

Read article

Subscribe to our newsletter!

Sign up and receive regular news about:

  • Current ESG topics and legislative changes
  • Individual advice from the VERSO experts
  • News about VERSO
  • Trusted by 250+ customers

Sign up now!