CSRD Wave 1 Reports Are In. The Data Quality Problem Is Worse Than Expected.

By Wingston Sharon | March 2025

The first wave of CSRD-mandated sustainability reports is landing. Large public-interest entities with more than 500 employees — previously subject to the Non-Financial Reporting Directive — were required to report against the European Sustainability Reporting Standards for financial year 2024, with reports due in 2025.

I've been going through these reports. The data quality situation is worse than I expected, and I expected it to be bad.

This matters to me directly: Agentosaurus is building infrastructure to analyze sustainability data at scale. If the underlying data is structurally inconsistent — not just noisy, but incomparable at a fundamental level — that shapes everything about how you build systems to work with it. So let me share what I'm actually seeing.

The Standards Allow Too Much Flexibility

The ESRS standards were designed with flexibility in mind. The ESRS 1 General Requirements allow companies to determine their own materiality through a "double materiality assessment" — identifying which sustainability topics are material to the company both from an impact perspective (what effect does the company have on people and environment) and a financial perspective (what sustainability factors affect the company financially).

In principle, this makes sense. Materiality should be context-specific — the sustainability topics material to an oil company are different from those material to a software company.

In practice, what's happening is that materiality assessments are being used to narrow disclosure scope dramatically. Companies are determining that topics aren't material to them in ways that look, charitably, optimistic. The flexibility meant to allow appropriate scoping is being used to avoid disclosure.

What's Consistent and What Isn't

ESRS E1 (Climate) is the bright spot. The climate metrics are reasonably standardized — Scope 1 and Scope 2 emissions have established methodologies (GHG Protocol), many companies have been reporting them for years under voluntary frameworks, and the concepts are relatively well understood. Wave 1 E1 disclosures are patchy in quality but at least roughly comparable.

ESRS E2-E5 (other environmental topics) are messier. Water, biodiversity, resource use — these are areas where many companies don't have established measurement infrastructure, where the metrics are less standardized, and where "not material" determinations are common. Some of those determinations are defensible. Many look like they're avoiding disclosure of genuine issues.

ESRS S1 (Own Workforce) is the weakest area I've seen. The standard requires disclosures on workforce characteristics, working conditions, equal treatment, and health and safety. But the specific metrics, the scope of what's counted, and the methodologies for calculating things like gender pay gap or employee turnover vary enormously between companies — even within the same sector. Two companies in the same industry reporting on "employee turnover rate" may be using definitions that produce numbers that genuinely cannot be compared.

ESRS G1 (Business Conduct) is similarly inconsistent. Anti-corruption, supplier relationships, political engagement — the narrative disclosures vary from detailed and specific to boilerplate that tells you essentially nothing about actual governance practices.

Scope 3: The Hardest Part

The value chain emissions question — Scope 3 under the GHG Protocol, which corresponds to several ESRS E1 sub-disclosures — is where the gap between ambition and reality is widest.

Scope 1 and 2 emissions are things companies directly control or purchase. Scope 3 covers everything in the upstream and downstream value chain: purchased goods and services, capital goods, business travel, employee commuting, use of sold products, end-of-life treatment of sold products, and more.

For most large companies, Scope 3 is 70-90% of their total emissions footprint. It's also the hardest to measure, because it requires your suppliers to measure and share their emissions data, which requires their suppliers to do the same, recursively.

What I'm seeing in Wave 1 reports: companies either report Scope 3 with heavy reliance on industry-average emission factors (which produces numbers that feel precise but may be systematically wrong), or they don't report it at all on materiality grounds. Very few are doing genuine supplier-level primary data collection.

This isn't unique to CSRD — it was the same problem under voluntary TCFD and CDP reporting. But CSRD was supposed to be the moment when reporting became mandatory and quality improved. For Scope 3, the improvement isn't materializing yet.

The Aggregation Problem for AI Analysis

Here's the issue this creates for anyone trying to build systems that analyze CSRD data programmatically.

When two companies report "total greenhouse gas emissions" using the same ESRS standard, you can at least attempt to compare them. The metric names are the same, even if methodological choices differ.

When two companies report on "own workforce health and safety incidents" — one using total recordable incident rate (TRIR), one using lost-time injury frequency rate (LTIFR), and one using a custom definition — you have three numbers that cannot meaningfully be compared. They're not measuring the same thing. Aggregating them into any kind of score or ranking produces nonsense.

The ESRS standards have a concept of "quantitative metrics" — specific numbers that should be reported in consistent units. But the standards also allow extensive narrative disclosure in lieu of specific metrics in many areas, and the specific metric definitions still leave room for methodological interpretation.

This means that building AI systems to analyze CSRD data requires a layer of data normalization and qualification that's genuinely difficult. You need to:

1. Identify what metric the company actually reported (not just the ESRS data point label)
2. Determine the methodology they used
3. Assess comparability with other companies reporting the same ESRS data point
4. Flag where comparison isn't valid

That's a significant undertaking. And it's before you get to the challenge that the data is in long PDF documents with inconsistent formatting, mixed with narrative context that's sometimes essential for interpreting the numbers.

What Third-Party Assurance Actually Provides

CSRD requires "limited assurance" for Wave 1 reports, with a trajectory toward "reasonable assurance" over time. (Article 26 of CSRD amends the Accounting Directive; the assurance requirements are in Directive 2006/43/EC as amended.)

Limited assurance means the auditor checked that nothing came to their attention indicating material misstatement. It's lower than the "reasonable assurance" standard applied to financial statements, which requires the auditor to actively gather evidence that statements are correct.

This matters for data quality interpretation. A CSRD report with limited assurance attached tells you that an auditor didn't see obvious red flags. It does not tell you that the methodology was sound, that the numbers are calculated correctly, or that the disclosures are meaningfully complete. Treating assured CSRD data as validated ESG data understates what the assurance actually says.

Where This Leaves ESG Verification

I'm not making a pessimistic argument. CSRD is a genuine step forward from the NFRD, which produced disclosure that was worse in almost every dimension. The trajectory is toward more standardized, comparable, audited sustainability data.

But Wave 1 is showing that the distance between "mandatory reporting" and "usable, comparable data" is larger than the standard-setting process assumed. The standards need revision — EFRAG is already collecting feedback. The assurance standards need to tighten. Companies need more time to build internal data infrastructure.

At Agentosaurus, we're building toward programmatic ESG analysis, and the Wave 1 data has sharpened our view of what the hardest problems are: Scope 3 data quality, cross-company metric comparability in social and governance areas, and distinguishing meaningful disclosure from boilerplate that satisfies the letter of the standard.

We're not solving those problems overnight. Anyone who tells you they have a clean, comparable ESG data layer built from current CSRD reports is oversimplifying. The data is there, it's just not clean — and the cleaning work is technically and methodologically demanding in ways that aren't obvious from the outside.

This is a solvable problem. It's just a harder one than the reporting standards implied it would be.

If you're working on ESG data infrastructure or navigating CSRD compliance, I'd be interested to compare notes — hello@agentosaurus.com.