ESMA’s First ESRS Enforcement Report

What the 109 Actions Tell Us About Where Regulators Are Looking

For the first time since the Corporate Sustainability Reporting Directive (CSRD) and the European Sustainability Reporting Standards (ESRS) became operational, European regulators have published real enforcement data on sustainability reporting.

And the signal from the market is now unmistakable.

The European Securities and Markets Authority (ESMA) has released its first enforcement report covering sustainability disclosures under the ESRS framework, revealing 109 enforcement actions across European issuers. The findings provide the clearest picture yet of where regulators are focusing their attention — and where companies are most likely to face scrutiny in upcoming reporting cycles.

For sustainability leaders, CFOs, compliance teams, and auditors, this is more than a retrospective compliance document. It is effectively an enforcement roadmap.

With the revised ESRS consultation closing in just weeks and the temporary “learning curve” flexibility from the Omnibus package gradually narrowing, organizations now have a short but critical window to recalibrate their reporting strategies around what regulators are actually examining in practice.

The Enforcement Data: Climate Dominates the Agenda

According to ESMA’s findings, climate-related disclosures accounted for approximately 40% of all enforcement actions, making climate by far the most scrutinized reporting area.

A further 36% of actions targeted general reporting requirements — including issues around materiality assessments, governance disclosures, consistency, structure, and transparency of methodologies.

Together, these two categories represented over three-quarters of all identified enforcement concerns.

The remaining actions were distributed across areas such as:

• Social disclosures
• Governance matters
• Taxonomy alignment
• Entity-specific disclosures
• Presentation and connectivity issues

The message is difficult to misinterpret:

Regulators are prioritising foundational reporting integrity and climate credibility above all else.

Why Climate Is Receiving Disproportionate Attention

This should not surprise anyone closely following the evolution of EU sustainability regulation.

Climate disclosures remain the most mature, quantifiable, and financially material area within sustainability reporting. They are also the most exposed to greenwashing risk and therefore the easiest area for regulators, investors, NGOs, and media to challenge publicly.

In practice, this means regulators are focusing heavily on:

• Scope 1, 2, and especially Scope 3 methodologies
• Transition plan credibility
• Emissions boundary consistency
• Assumptions and estimation methodologies
• Reconciliation between narrative claims and underlying data
• Links between climate targets and capital allocation
• Evidence supporting net-zero or decarbonisation claims

This trend is likely to intensify as assurance requirements mature and as ESRS disclosures become increasingly machine-readable through XBRL tagging and digital filing structures.

General Reporting Requirements: The Hidden Enforcement Risk

One of the most important findings in ESMA’s report is that more than one-third of all actions focused not on specific ESG metrics, but on general reporting quality itself.

This is highly significant.

Many organizations have spent enormous effort collecting emissions and ESG data while underestimating the importance of reporting architecture, governance logic, and disclosure coherence.

Regulators are clearly examining whether companies can explain:

• Why certain topics were deemed material or non-material
• How methodologies were selected
• How estimates and assumptions were validated
• How governance bodies were involved
• Whether disclosures are internally consistent
• Whether narrative sections align with quantitative metrics
• Whether omissions are adequately justified

In other words, enforcement is moving beyond “Do you disclose?” toward “Can you defend your disclosure logic under scrutiny?”

This aligns closely with the broader direction of EU sustainability regulation, where traceability and auditability are becoming just as important as the disclosures themselves.

The Omnibus “Learning Curve” Is Narrowing

Many companies initially interpreted the early years of CSRD implementation as a soft-launch period where regulators would focus more on education than enforcement.

To some extent, that assumption was correct.

However, ESMA’s publication indicates that the grace period is already evolving into structured supervisory scrutiny.

The practical implication is that FY2027 reporting preparation must now be approached with a significantly higher degree of operational maturity.

Organizations that still rely on:

• fragmented spreadsheets,
• disconnected ESG workflows,
• undocumented assumptions,
• opaque AI-generated summaries,
• or weak evidence management

may face increasing regulatory exposure.

This is especially true for large companies with complex supply chains and significant Scope 3 dependencies.

What Companies Should Prioritise Now

The enforcement data provides a surprisingly actionable prioritisation framework.

1. Strengthen Climate Data Governance

Climate remains the primary enforcement hotspot.

Companies should urgently review:

• Scope 3 calculation methodologies
• Emission factor provenance
• Version control for methodologies
• Supplier data validation
• Transition plan assumptions
• Internal auditability of carbon calculations

Systems should ideally maintain full traceability from disclosure output back to source signals, assumptions, and evidence documentation.

2. Revisit Materiality Assessments

Double materiality assessments are likely to become one of the biggest future enforcement battlegrounds.

Organizations should ensure they can clearly document:

• stakeholder engagement logic,
• scoring methodologies,
• threshold definitions,
• governance oversight,
• and rationale for exclusions.

Weakly documented materiality decisions may become increasingly difficult to defend under assurance review.

3. Focus on Disclosure Consistency

Regulators are paying attention to contradictions between:

• sustainability reports,
• financial statements,
• investor presentations,
• websites,
• and public climate claims.

Consistency controls are rapidly becoming essential.

This is particularly important where companies make ambitious transition claims externally while underlying ESRS disclosures reveal major data gaps or uncertainty.

4. Improve Evidence and Assurance Readiness

The direction of travel is clear: sustainability reporting is becoming structurally similar to financial reporting.

That means companies should increasingly treat ESG evidence as auditable infrastructure rather than supporting documentation.

Future-ready organizations are building:

• validation engines,
• immutable audit trails,
• verifier workflows,
• evidence registries,
• and AI governance layers

The Revised ESRS Consultation Changes the Timing

The timing of ESMA’s report is particularly important because it arrives just as EFRAG’s revised ESRS consultation period approaches its close.

Many companies are currently waiting for simplifications or adjustments before refining their reporting strategies.

But the enforcement data suggests organizations should not wait passively for regulatory finalisation.

Instead, this is likely the optimal moment to align internal systems with observable supervisory priorities before reporting expectations harden further.

The organizations that adapt fastest now will likely gain substantial advantages later in:

• assurance readiness,
• investor confidence,
• reporting efficiency,
• and regulatory resilience.

The Bigger Shift: ESG Reporting Is Becoming Operational Infrastructure

Perhaps the most important takeaway from ESMA’s first enforcement report is that sustainability reporting is no longer being treated as a communications exercise.

It is rapidly becoming operational governance infrastructure.

The companies that succeed in the next phase of ESRS maturity will not necessarily be those producing the most polished sustainability reports. They will be the ones capable of demonstrating:

• traceable methodologies,
• governance accountability,
• explainable assumptions,
• structured validation,
• and consistent, defensible reporting logic.

The first 109 enforcement actions may only be the beginning.

But they already provide one of the clearest indicators yet of how Europe’s ESG enforcement landscape is evolving — and where companies should focus before the next reporting cycle arrives.

‍