Will assurance be the first thing to go under CSRD revisions?

Vodafone’s global head of sustainability and transparency has said delaying assurance requirements for CSRD reports would be the first thing she’d ask the European Commission for, if given the chance.

During a recent interview with sustainability consultancy SB+CO, Bobbie Mellor said companies needed more time to “get our CSRD reports up to a standard before we start having them assured”.

Large companies advocating for looser sustainability regulation will be a theme of 2025, but Mellor’s suggestion is likely to be more palatable than most of the requests – some civil society representatives even say they agree with it.

Speaking off-the-record, one senior figure at a corporate sustainability NGO said they see assurance requirements as a sensible place to start reducing the burden on companies, without altering the substance of the disclosure rules, predicting that there would be little  pushback from broader civil society if companies lobbied for such a change.

German climate think-tank Theia Finance Labs has already publicly proposed an update to CSRD to require assurance every two years, instead of annually.

“The role of assurance is manifold, but primarily to ensure credibility of the information provided in a way that is consistent with the regulatory requirement,” it wrote in a paper published in November.

“However, it is unclear why this assurance is needed annually. If disclosure is assured in Year 1, then the assurance provides comfort to the reporting entity that they have the right scope and approach for Year 2.”

It estimates a biennial approach could cut the cost of sustainability reporting for European companies by “around €3-5bn per year” in aggregate.

Lack of guidance

For Mellor, the fact the European Commission hasn’t provided any guidance on sustainability-related assurance is the biggest stumbling block, and is likely to be contributing to auditors’ decision to “go a little bit heavier than perhaps what might be required” during the process.

“We don’t know yet, because we don’t have the guidance,” she said.

Vodafone will have to issue its first CSRD report in 2026 – the same year limited assurance becomes a requirement under the law.

CEAOB, the official consortium of European auditing oversight bodies, has adopted non-binding guidelines for limited assurance in a bid to fill the vacuum left by the Commission, and EU Member States are also allowed to use national standards.

There are concerns that this will lead to a fragmented approach, but things could become clearer in May, when CEAOB is set to advise the Commission on an EU standard for limited assurance.

Its advice is expected to be based heavily on ISSA 5000 – a sustainability assurance standard published in November by the International Auditing and Assurance Standards Board (IAASB).

CEAOB will identify the parts of ISSA 500 that should be amended for the EU context.

Beyond Europe

But other jurisdictions are rethinking the role of assurance for the time being.

India’s market regulator, SEBI, for example, has removed the need for companies to get assurance on some of their sustainability disclosures. Instead, it will work with the national standards body, the ISF, to develop an assessment framework.

It’s a move that seems to have spooked some of the larger financial services firms, who are currently positioned to rake in billions from assuring sustainability statements over the coming decade (Europe’s advisory body estimates the cost of reasonable assurance could reach nearly €10bn a year).

In a note published last week, KPMG said SEBI’s decision would “certainly broaden the horizon for the reporting entities to select the service providers”.

However, it pointed out, the International Organisation of Securities Commissions, better known as IOSCO, has come out in support of ISSA 5000.

“In light of this, as SEBI is a member of [the] IOSCO board, it is imperative that while formulating the assessment standard in collaboration with ISF, SEBI provides guidance to develop a standard that aligns with the global benchmarks and assurance requirements,” KPMG continued.

“Companies and their management will be required to engage with stakeholders to determine whether assurance as per globally acceptable [sic] would be preferred.”

But with companies, NGOs and even some regulators now rethinking the need for assurance on sustainability reports any time soon, the auditing firms may soon find themselves outnumbered.