CSRD Penalties & Enforcement

Penalties by country

Germany: Up to €10M or 2% of group turnover (whichever is higher). Enforced by BaFin for listed companies, Bundesanzeiger for others.

France: Up to €5M for the company, €500,000 for individuals. AMF enforcement for listed companies.

Netherlands: Up to €4M or 4% of turnover. AFM enforcement.

Poland: Up to €1M fixed fine. KNF enforcement.

Sweden: Up to €2M or 3% of turnover. FI enforcement.

Italy: Up to €5M. CONSOB enforcement for listed companies.

Ireland: Up to €1M plus daily penalties for continuing breach. IAASA enforcement.

Penalties in all member states are reviewed and potentially increased following the first enforcement cycle.

Risks beyond financial penalties

Exclusion from EU public procurement: Companies found in material breach of CSRD can be excluded from public tenders across the EU. For companies with significant public sector revenues, this risk exceeds any direct fine.

Access to EU finance: EIB, cohesion funds and other EU financing mechanisms increasingly require CSRD compliance. Non-compliant companies may lose access to below-market-rate EU financing.

Investor pressure: Institutional investors with SFDR obligations cannot hold non-compliant companies in Article 8 or 9 funds. A CSRD breach can trigger forced divestment.

What triggers enforcement

National regulators focus initial enforcement on: absence of report (no filing), materially incomplete reports (major ESRS 2 disclosures missing), and unassured reports (no third-party assurance obtained).

In subsequent years, regulators will move to content review — assessing whether disclosures are accurate, consistent, and free from greenwashing. ESMA coordinates EU-wide enforcement consistency.

Whistleblower mechanisms: CSRD is covered by the EU Whistleblower Directive. Employees who report non-compliance have legal protection — this creates an internal enforcement mechanism alongside regulatory enforcement.

Frequently asked questions