CSRD Penalties and Non-Compliance: What Happens If You Don't Report?

With CSRD reporting deadlines now in full effect, a critical question is surfacing in boardrooms across Europe: what actually happens if we don't comply? The answer is more severe — and more varied — than many companies expect.

Unlike earlier sustainability frameworks that were largely voluntary, the CSRD comes with real enforcement mechanisms. Each EU member state is responsible for defining its own penalties, which means the consequences of non-compliance differ depending on where your company is registered. But across the board, the direction is clear: regulators are taking sustainability reporting seriously.

How CSRD Enforcement Works

The CSRD itself doesn't prescribe specific fine amounts. Instead, it requires each EU member state to transpose the directive into national law and establish "effective, proportionate, and dissuasive" penalties for non-compliance. This mirrors how other EU directives — like GDPR — are enforced at the national level.

In practice, enforcement typically falls to:

• National financial regulators (e.g., AMF in France, BaFin in Germany)
• Company registrars and commercial courts
• Securities market authorities for listed companies
• Statutory auditors providing assurance on sustainability reports

The Role of Assurance Providers

A key enforcement mechanism built into the CSRD is mandatory third-party assurance. Your sustainability report must be verified by an independent auditor, which means non-compliance isn't something you can quietly ignore — it will surface during the assurance process. If your data collection is incomplete or your disclosures don't meet ESRS standards, auditors are obligated to flag it.

Types of Penalties Across EU Member States

While each country sets its own rules, the penalties generally fall into several categories:

Financial Fines

Most member states impose monetary fines for failure to publish a sustainability report or for publishing materially misleading information. Examples include:

• France: Fines up to €75,000 for individuals and €375,000 for legal entities, with potential criminal liability for knowingly publishing false sustainability information.
• Germany: Administrative fines that can reach up to €10 million or 5% of annual turnover for serious infringements of reporting obligations.
• The Netherlands: The Dutch Authority for Financial Markets (AFM) can impose fines and issue public warnings.
• Italy: CONSOB can levy fines ranging from €25,000 to €2.5 million depending on the severity of the violation.

These amounts may seem modest compared to GDPR's headline fines, but they can be imposed per violation and per reporting period, meaning costs compound quickly.

Personal Liability for Directors

In several jurisdictions, CSRD non-compliance doesn't just hit the company — it can target individual directors and board members. This includes:

• Personal fines for executives who signed off on incomplete or misleading reports
• Disqualification from serving as a company director
• Criminal liability in cases of deliberate fraud or misrepresentation

This personal dimension makes CSRD compliance a board-level priority, not just a sustainability team concern.

Reputational and Market Consequences

Beyond formal penalties, the market consequences of non-compliance can be even more damaging:

• Investor scrutiny: Institutional investors increasingly screen for CSRD compliance. Non-reporting companies risk being excluded from ESG-focused investment funds.
• Supply chain exclusion: Large companies conducting double materiality assessments across their value chains may drop non-compliant suppliers.
• Public naming: Some regulators publish lists of non-compliant companies, creating lasting reputational damage.
• Credit rating impact: Rating agencies are integrating sustainability reporting quality into their assessments.

Inability to Access Public Procurement

Several EU member states are linking sustainability reporting compliance to eligibility for public contracts. Companies that fail to report may find themselves locked out of government procurement processes — a significant revenue impact for many businesses.

Which Companies Face the Highest Risk?

The risk profile varies depending on your company's situation:

Companies already reporting (Phase 1 — former NFRD scope): These companies should already have filed their first CSRD-aligned reports. Any gaps now will be flagged by auditors and regulators.

Large companies entering scope (Phase 2): Companies meeting two of three criteria (250+ employees, €50M+ turnover, €25M+ balance sheet) faced their first reporting deadline for financial year 2025. Many are still scrambling to build internal processes.

SMEs and third-country companies: While SMEs have some exemptions, listed SMEs will need to report soon. Third-country companies with significant EU revenues face 2028 deadlines.

The companies at highest risk are those that know they're in scope but haven't started preparing. The gap between "aware" and "ready" is where most penalties will land.

The Hidden Cost: Greenwashing Liability

The CSRD doesn't just penalize companies for not reporting — it also creates liability for misleading reporting. With mandatory assurance and detailed ESRS disclosure requirements, there's now a clear legal standard against which sustainability claims can be tested.

This intersects with the EU's Green Claims Directive and broader anti-greenwashing regulations. Companies that make sustainability claims in marketing or investor communications that aren't backed by their CSRD report face:

• Regulatory enforcement action
• Consumer protection complaints
• Shareholder litigation
• NGO-driven legal challenges

The message is clear: if you're going to report, report accurately. And if you're going to make claims, make sure your data supports them.

How to Mitigate Non-Compliance Risk

1. Start With a Gap Analysis

Before worrying about penalties, understand where you stand. A thorough gap analysis will reveal which ESRS disclosures you can already address and where you need to build capacity.

2. Engage Leadership Early

Given the personal liability dimension, make sure your board and C-suite understand CSRD obligations. Compliance isn't just a reporting exercise — it's a governance requirement.

3. Build Robust Data Systems

Most compliance failures stem from poor data, not bad intentions. Invest in systems that can capture and verify ESG data across your operations and value chain.

4. Work With Experienced Advisors

Whether you choose a Big 4 firm or an independent consultant, get expert support early. The cost of advisory is a fraction of the cost of penalties, reputational damage, or scrambling to comply at the last minute. Our consultant directory can help you find the right expert.

5. Plan for Continuous Improvement

CSRD compliance isn't a one-time project. Build transition plans and reporting processes that improve year over year. Regulators will look more favorably on companies that demonstrate good-faith progress.

What About Companies Outside the EU?

Non-EU companies aren't exempt. If your company generates over €150 million in annual EU revenue and has a subsidiary or branch in the EU, you'll need to comply with CSRD reporting requirements by 2028. The penalties for non-EU companies will be enforced through their EU-based entities.

This means US, UK, Swiss, and other international companies with significant European operations need to prepare now. Ignoring the directive because your headquarters is outside the EU is not a viable strategy.

The Bottom Line

CSRD non-compliance isn't a theoretical risk — it's an operational, financial, and reputational one. With enforcement mechanisms active across EU member states, the question isn't whether penalties will be applied, but when.

The smartest approach is straightforward: understand your obligations, start preparing early, and treat sustainability reporting as what it is — a legal requirement with teeth. Companies that get ahead of compliance will not only avoid penalties but position themselves favorably with investors, customers, and regulators.

Need help getting compliant? Browse our directory of CSRD consultants to find an expert who can guide your company through the process, or reach out to us directly for guidance.