The entry into force of the CSRD for the second wave of obligated companies — large non-listed companies that exceed the size thresholds in the Directive — makes fiscal year 2025 the first reporting year for thousands of Spanish companies. Preparing the first sustainability report in conformity with the European Sustainability Reporting Standards (ESRS) is a complex process requiring advance planning, dedicated resources and cross-functional coordination. This guide describes the practical steps involved.
Step 1: The Double Materiality Assessment
The double materiality assessment is the mandatory starting point for any CSRD report. Without it, the company cannot determine which ESRS standards apply or what information must be included.
Impact materiality (inside-out). The company must identify its positive and negative impacts — actual and potential — on people and the environment throughout its value chain: own operations, supply chain and customers. For each identified impact, the company must assess severity (magnitude, scope and irreversibility) and the probability of occurrence.
Financial materiality (outside-in). The company must identify sustainability-related risks and opportunities that could have a material impact on its financial position, results or cash flows in the short, medium and long term. Climate transition and physical scenario analysis (ESRS E1) is the most significant element of this analysis for the majority of companies.
The outcome of the assessment is a list of material matters that determines which thematic ESRS standards apply. The company may omit standards that, following documented analysis, are not material to its activities — but must document the reasoning for each exclusion.
ESRS 1 requires that the materiality assessment involve the company’s stakeholders: employees, customers, suppliers, investors and affected communities. An internal management team analysis is not sufficient; there must be evidence of consultation with the most relevant stakeholder groups.
Step 2: Data Inventory and Gap Analysis
Once material matters have been identified, the company must map the information available internally and compare it against the data requirements of the applicable ESRS standards.
Climate and energy data (ESRS E1). The most demanding data points are greenhouse gas emissions in Scope 1 (direct emissions), Scope 2 (purchased electricity) and Scope 3 (value chain). Scope 3 is the most complex because it requires data from suppliers and customers. For the first reporting year, the European Commission has published guidance on using reference emission factors where direct supplier data is unavailable.
Workforce data (ESRS S1). The company must report on headcount composition (by contract type, working hours and gender), health and safety (accident rates), gender pay gap, training and development, and collective labour rights. Much of this data is accessible from HR management systems, but the format and granularity required by the ESRS may need adaptation.
Governance data (ESRS G1). Information on anti-corruption policies, internal control mechanisms, stakeholder engagement, and disclosure of remuneration for governance bodies.
For each required data point, the gap analysis must answer: Does the data exist? Is it available in the correct format? Is it verifiable? Is it consolidated at group level or only available at entity level?
Step 3: Designing the Data Collection System
CSRD data must be collected systematically throughout the reporting year — not reconstructed retroactively at year-end. Designing the collection system involves:
Assigning responsibilities. Each data category (energy, emissions, waste, HR, governance) must have a designated owner with documented procedures for data collection and validation.
Selecting tools. Options range from structured spreadsheets — appropriate for first-year reporters with a limited number of material indicators — to specialist ESG platforms (such as Workiva, Enablon or Microsoft Sustainability Manager) for companies with complex structures or multiple operating sites.
Data audit trail. External assurance requires that every reported data point be traceable back to its primary source. The company must document the collection process, calculations performed, conversion factors used, and estimates applied where primary data is unavailable.
Step 4: Drafting the Report
The sustainability report under the CSRD follows the structure of the ESRS standards:
Mandatory section (ESRS 2): General information on the business model and value chain, sustainability strategy and targets, governance of the reporting process, and the double materiality process.
Thematic sections: One section per applicable thematic standard, including the general narrative and the required quantitative and qualitative data points. Each section must include the risk and opportunity analysis, the company’s policies and targets, and the actions implemented.
Data point index: At the end of the report, a cross-reference index must map each disclosed data point to the relevant ESRS standard.
ESRS 1 requires the report to be presented in digital format in the European Single Electronic Format (ESEF/iXBRL), so that the data is machine-readable and supports automated analysis and comparability across companies.
Step 5: External Assurance
External assurance is mandatory and represents a new challenge for many companies that have not previously subjected non-financial information to audit procedures.
Who can provide assurance. The CSRD allows assurance to be provided by the statutory auditor or an independently accredited sustainability assurance provider. In Spain, the ICAC and the ROAC (Official Register of Auditors) regulate the accreditation of sustainability verifiers.
Assurance scope. For the initial years (until 2028), assurance may be limited assurance, which involves analytical procedures and inquiries — without the depth of a reasonable assurance engagement — aimed at concluding that no evidence has been identified that the report contains materially incorrect statements.
Preparing for assurance. The company must provide the assurer with access to data systems, documented data collection procedures, calculations and estimates applied. A pre-assurance gap review — conducted internally or by an external adviser — allows the company to identify report weaknesses before formal assurance begins, reducing the number of findings and the cost of corrections.
Common Challenges in the First Reporting Year
Companies that have completed their first CSRD report consistently identify the following challenges:
Scope 3 emissions. Value chain emission data collection is the most complex task. Companies should prioritise the Scope 3 categories most relevant to their business model and establish a multi-year plan to improve data quality over successive reporting years.
Supply chain materiality. ESRS S2 (workers in the value chain) and governance aspects related to human rights due diligence require supplier information that may not be available, particularly for complex international supply chains where direct supplier engagement is limited.
Cross-functional coordination. The CSRD report requires data from finance, operations, HR, legal and procurement. Coordinating these departments — which do not normally collaborate in annual reporting — is one of the primary bottlenecks in the first reporting year.
Consistency with financial information. ESG data with financial impact must be consistent with the financial statements. Discrepancies between sustainability data and financial figures — for example, energy consumption data that does not reconcile with the energy costs declared in the accounts — are among the most common findings raised by external assurers.
Planning the Multi-Year Improvement Path
The first CSRD report is rarely the best. The European Commission and EFRAG explicitly acknowledge a maturity curve in their guidance: companies are expected to improve data quality, disclosure depth and assurance scope over successive years. A pragmatic approach to the first report focuses on: getting the double materiality analysis right, reporting all material matters even where data quality is imperfect (with appropriate disclosures about data limitations), and documenting a clear improvement plan for subsequent years.
The companies that approach the first report as a one-time compliance exercise rather than the beginning of an ongoing process tend to incur higher costs in subsequent years when assurance requirements increase and stakeholder expectations rise.
At BMC we offer strategic advisory across the full CSRD reporting cycle, from double materiality assessment to coordination with the external assurer. See our ESG and sustainability services.
