New ESG setting from 2026: From regulatory risk to planning security

When they learned of the renewed adjustment to the timetable for the practical application of the EUDR at the end of last year, many company managers were certainly relieved. However, the actual bottom line was often overlooked. With the adoption of the first omnibus package to adjust the CSRD and CS3D in autumn 2025, EU ESG regulation is changing: a diffuse, ever-expanding regulatory risk for companies is becoming a clearly defined playing field with defined thresholds, streamlined obligations and a predictable timetable. The raised CSRD thresholds (including a significantly higher number of employees and significantly higher turnover limits) and the reduction in the required data depth mean that a significant proportion of the companies originally affected will no longer be formally required to report. At the same time, the scope of mandatory data points for the remaining companies will decrease by approximately 60 per cent, depending on the counting method.

However, this ‘streamlining’ does not mean the end of ESG. The core architecture of EU sustainability legislation remains in place – including double materiality, governance requirements and links to other regulations such as CSDDD, EUDR and PPWR. This will (finally!) give your companies a new level of planning security in 2026 – both in terms of the group of obligated parties and the type and depth of information required.

ESG management instead of ‘regulation hopping’

In our project practice, we often observe that many companies treat each new regulation as an isolated mandatory project: one project for CSRD, one for EUDR, one for PPWR, one for CSDDD – each with its own system environment, its own governance and its own data islands. This approach has increased rather than reduced regulatory risk and complexity, as each new regulation inevitably creates additional breakpoints, interfaces and interpretation issues.

With ‘Omnibus 1’ and the now visible streamlining of the regulatory framework, a new perspective is opening up for you: away from ‘working through’ individual laws and towards company-wide ESG management. All relevant requirements are understood as variants of the same basic problem: the structured recording, evaluation and control of sustainability impacts along the entire value chain within the company. If you set up ESG as a management system, you will be able to absorb new and changed regulations much more quickly in the future. The necessary governance structures, roles, data domains and processes already exist, and new requirements are understood as configurations of this system, no longer as a separate special world.

Data platform instead of individual solutions: configuration instead of rebuilding

In my blog article on the subject of EUDR, I already showed how synergies can be greatly enhanced when data and processes for different regulations run on a common platform. This is precisely where the greatest opportunities for digital solutions now lie after ‘Omnibus 1’: instead of building isolated specialist tools, it is worth setting up a modular ESG data platform that integrates central domains such as master data, supply chain data, environmental and social indicators, governance information and geodata, and makes them controllable via configuration.

Technically, this means:

• Central data domains and shared data pools: CSRD indicators, EUDR geodata, supply chain risks (LkSG/CSDDD), packaging data (PPWR) and climate data are modelled on a shared database.
• Configurable regulatory logic: Which data points are to be reported for which entity and which year is determined by configurable rules (threshold values, scope, materiality) and not by hard-wired IT logic.
• Reusable processes: Due diligence workflows, supplier queries, risk assessments or audit trails are structured in such a way that they can be used for different regulations and only need to be parameterised.

This architecture is particularly attractive under ‘Omnibus’ conditions: when thresholds rise and the formal scope decreases, the need for consistent ESG data in the value chain remains – only now the focus shifts from reporting requirements to strategic use. Digital platforms that can be adapted to new regulatory requirements through configuration become your tool for transforming regulatory risk into a structured space for innovation and control.

Value of materiality analysis: 60 per cent of ‘freed-up’ data as a control lever

A key misunderstanding in the debate about “Omnibus” is the assumption that the elimination of formal reporting requirements makes the underlying analyses ‘superfluous’. The opposite is more likely to be the case: companies that have carried out a thorough double materiality analysis in recent years, involved stakeholders and validated and mapped ESRS data points now have a wealth of data that goes far beyond the minimum mandatory requirements.

If, depending on the interpretation of the revised ESRS, around 60 per cent of the initially identified data points are no longer subject to mandatory reporting under the Omnibus, this does not mean that these key figures are worthless. On the contrary:

• They provide finely resolved indicators of risks, opportunities and impacts. These are ideal for internal performance management, scenario planning and investment decisions.
• They enable more extensive control along the value chain – for example, in the supplier portfolio, location decisions or product and portfolio development – without the need for additional data collection, as the data is already available.

This is precisely where new opportunities for digital solutions open up for you. Reporting platforms, which were previously used primarily as mere ‘compliance tools’, can be supplemented with functions for planning, simulation and operational control. You can use the data points this frees up (around 60 per cent) in dashboards, early warning indicators, scenario engines or for optimising portfolios, for example, and thus deploy them for corporate management instead of treating them as regulatory ‘collateral damage’.

2026: Starting point for productive ESG digitalisation

The combination of the Omnibus Directive with its clarity and reduced obligations and the continuing high expectations of investors, customers and banks marks 2026 as a decisive turning point: ESG is transforming from a defensive stance (‘How do we avoid fines?’) to an active field of action. Regulation sets the framework, while digital solutions open up entirely new possibilities.

The development of digital solutions should therefore be guided by these three principles:

• Think in terms of ESG management rather than individual regulations: a set of governance structures, processes and KPIs that understands EUDR, CSRD, PPWR, CSDDD & Co. as variants of the same control problem.
• Invest in building data platforms rather than further ‘tool silos’. Make architectural decisions now so that new or changed regulations can be mapped via configuration rather than reimplementation.
• Continue to use previously developed materiality and data models. Even if your company falls below the new thresholds, the insights gained from the materiality analysis (‘What is really material for our company?’) and the development of the ESRS data structure remain a key competitive advantage – both for internal management and for voluntary, target group-oriented reporting.

If you focus on the continuing ESG reporting obligations, you should first consider the double materiality analysis (DMA) as a central element. The revised ESRS standards now open up concrete opportunities for you to make the DMA significantly more efficient in the next cycle:

• The complexity of the requirements has been noticeably reduced.
• The term ‘materiality’ is now more clearly defined.
• A top-down approach supports the selection of material topics.

The requirements for the level of detail in the assessment of impacts, risks and opportunities have been reduced without watering down the core of the risk analysis.

Conclusion

If you take into account the essence of ‘Omnibus 1’ for the goals and framework conditions of your company, you can take the decisive step: away from purely reactive compliance with individual regulations, towards proactive, digitally integrated ESG management. This gives you the necessary compliance security to systematically develop innovation, efficiency and resilience in your company.