CSRD in Ireland: What Auditors Must Know

How Ireland transposed the CSRD and where the problems are

Ireland transposed the CSRD on time. That sentence alone puts it ahead of the Netherlands, Austria, and a dozen other member states. But the transposition introduced scope anomalies that lawyers flagged within weeks of publication, and some remain unresolved. If you’re an auditor working with Irish-incorporated entities, you need to know where the Irish regulations diverge from the directive, what IAASA expects, and how Omnibus I changes your planning for Wave 2 and beyond.

Ireland transposed the CSRD by S.I. No. 336 of 2024, which came into effect on 6 July 2024 (the EU deadline). The regulations amend the Companies Act 2014 and the Transparency Regulations 2007. A subsequent amending instrument (S.I. No. 498 of 2024) addressed some initial concerns, but not all. McCann FitzGerald, Arthur Cox, and other leading Irish law firms identified several issues in the original transposition that remain partially unresolved.

The most significant problem is scope. Under the CSRD, sustainability reporting applies to large companies, listed SMEs (excluding micro-entities), and certain subsidiaries of non-EU parents. The Irish Regulations define “applicable company” by reference to the Companies Act 2014’s existing size categories. But the Companies Act treats any Irish company with transferable securities admitted to trading on a regulated market as a “large company,” regardless of its actual employee count, turnover, or balance sheet. The result is that certain listed companies that would be SMEs under the directive’s size criteria are treated as large companies under Irish law. This means they face Wave 1 or Wave 2 reporting obligations rather than the lighter SME regime the directive intended.

Arthur Cox noted that the subsidiary exemption (allowing in-scope subsidiaries to rely on a parent company’s consolidated sustainability report) is confined in the Irish regulations to situations where the EU parent is also Irish. The directive intended this exemption to apply regardless of which EU member state the parent is incorporated in. The amending regulations partially addressed this, but professional advisors continue to engage with the Department of Enterprise, Trade and Employment on outstanding alignment issues.

For auditors, the practical implication is straightforward: you cannot rely solely on the CSRD text when advising Irish clients on scope. You need to read S.I. 336/2024 and the Companies Act 2014 definitions together. Where the Irish regulations appear broader than the directive, the question is whether the Department will issue clarifying FAQs (which have been promised but not yet published as of March 2026) or whether further amending legislation will follow.

Ireland also separately enacted the Stop-the-Clock legislation in July 2025, giving legal effect to the EU directive that delayed Wave 2 and Wave 3 obligations by two years while Omnibus I was negotiated. This legislation ensures that the original CSRD timelines do not apply to Wave 2 or Wave 3 companies in Ireland.

Who reports and when (after Omnibus I)

The Omnibus I Directive (EU) 2026/470, published on 26 February 2026, narrows the CSRD scope to EU undertakings exceeding both 1,000 employees and €450 million in net turnover. Member states must transpose these amendments by 19 March 2027. Ireland will need to amend the 2024 Regulations accordingly.

Wave 1 entities (large PIEs previously subject to the NFRD) began reporting in 2025 on FY 2024 data. These are primarily large Irish-incorporated companies listed on Euronext Dublin or other EU-regulated markets. IAASA supervises their sustainability reporting and the assurance provided by PIE audit firms. Omnibus I gives member states the option to exempt Wave 1 entities that fall below the revised thresholds for FY 2025 and FY 2026. Whether Ireland exercises this option depends on the transposition timeline, which is unclear given the outstanding issues with the existing regulations.

Wave 2 entities (large companies meeting the revised thresholds) will first report in 2028 on FY 2027 data. For Irish firms, this is the wave that opens CSRD assurance to non-PIE practitioners. The Recognised Accountancy Bodies (CAI, ACCA, CPA Ireland) will regulate assurance providers for these entities, as IAASA’s oversight is limited to PIEs.

Listed SMEs are removed from mandatory scope under Omnibus I, though they may voluntarily report using the VSME standard once the European Commission publishes the delegated act (expected June 2026). Non-EU parent companies with qualifying Irish subsidiaries or branches report from 2029 onward under revised third-country thresholds (€450 million parent net turnover in the EU, €200 million subsidiary/branch net turnover).

One Irish-specific complication: because the Companies Act deems all listed companies as “large,” some entities that would fall outside scope under Omnibus I’s revised thresholds may still be caught by the existing Irish definitions until the Regulations are amended. This creates a transitional period of uncertainty that auditors should flag to affected clients.

Assurance requirements for Irish entities

The Irish Regulations require sustainability reporting to be accompanied by an assurance opinion based on a limited assurance engagement. The assurance provider must be a statutory auditor approved to carry out sustainability assurance under Part 28 of the Companies Act 2014, or, once the relevant provisions are fully operational, a Sustainability Assurance Service Provider (SASP).

Ireland permits the assurance of sustainability reporting to be carried out by a different statutory auditor than the one performing the financial statement audit. This is a member state option under the CSRD, and Ireland exercised it. However, Irish law does not currently permit an Independent Assurance Service Provider (IASP) that is not a statutory auditor to provide the assurance report. The Department of Enterprise held a public consultation on this question in 2024, but no final decision has been published.

IAASA issued guidance on the initial approval of statutory auditors as SASPs, noting that auditors approved before 1 January 2026 could seek approval by demonstrating the requisite knowledge of sustainability reporting and assurance. A time-limited exemption from the experience requirement was in place until 31 December 2025. From 2026 onward, auditors seeking SASP approval must demonstrate both knowledge and relevant experience.

For non-PIE firms, the RABs (CAI, ACCA, CPA Ireland) have the power to approve and register sustainability assurance service providers. The Companies Act gives RABs the right to take disciplinary action against auditors who carry out sustainability assurance, with sanctions including fines up to €100,000 multiplied by the number of statutory auditors in the firm. This is not a theoretical risk. The framework for accountability is built into the legislation from day one.

The assurance report on sustainability reporting may be included as a separate section of the audit opinion on the financial statements, rather than as a standalone report. This is an Irish-specific option that simplifies the deliverable for firms providing both financial audit and sustainability assurance to the same client.

Until the EU adopts harmonised limited assurance standards (now due 1 July 2027 under Omnibus I), Ireland has the power to adopt a national assurance standard. IAASA has not yet exercised this power. In practice, Irish auditors are working with ISSA 5000 and the CEAOB’s September 2024 guidelines as the interim framework, consistent with the approach in other EU member states.

How the Irish directors’ report requirement affects your engagement

One structural difference in Irish CSRD implementation that auditors from other jurisdictions sometimes miss: sustainability information is disclosed in the directors’ report, not a standalone sustainability report or a separate section of the annual report. This has practical consequences.

The directors’ report is a statutory document under the Companies Act 2014. The directors are personally responsible for its contents. When the sustainability statement sits within the directors’ report, the directors’ liability provisions of the Act apply to the sustainability disclosures. This gives CSRD reporting in Ireland a legal weight that goes beyond the directive’s general provisions. It also means the auditor’s existing relationship with the directors’ report (where the financial auditor already assesses consistency between the directors’ report and the financial statements) now extends to the sustainability content.

For dual-mandate engagements (where the same firm provides both financial audit and sustainability assurance), this creates efficiency but also risk. The auditor must ensure that the sustainability disclosures in the directors’ report are consistent with information in the financial statements. Climate-related provisions, asset impairments linked to transition risks, and workforce liabilities should tell a coherent story across both documents. Where they diverge, either the financial statements or the sustainability statement (or both) may need adjustment.

For split-mandate engagements (where a different auditor provides sustainability assurance), coordination between the financial auditor and the sustainability assurance provider becomes essential. The financial auditor retains responsibility for the consistency check on the directors’ report as a whole. But the sustainability assurance provider has deeper knowledge of the ESRS disclosures. A communication protocol between the two auditors should be agreed at the planning stage.

The Irish market: what non-Big 4 firms should know about client demographics

Ireland’s economy is heavily weighted toward multinationals. Many of the largest companies by revenue are subsidiaries of US, UK, or continental European parents. Under the CSRD, these subsidiaries may qualify for the exemption if included in a parent company’s consolidated sustainability report prepared under ESRS or equivalent standards. In practice, this means a significant number of large Irish entities may not need standalone Irish sustainability reporting.

For non-Big 4 Irish firms, the most relevant client segment is Irish-headquartered companies above the Omnibus I thresholds. These tend to be in sectors like construction and food/agri-business, manufacturing, financial services, and technology. The concentration of large indigenous Irish companies is smaller than in Germany or France, which means the total market for CSRD assurance engagements in Ireland is limited. But for firms that serve this segment, the engagements will be complex (multi-site operations, cross-border supply chains, sector-specific ESRS considerations) and recurring.

IAASA’s role and what the regulator found in Wave 1

IAASA published its observations on Wave 1 CSRD reporting in December 2025, covering both corporate reporting examinations and assurance quality inspections from the first year of CSRD reporting in Ireland. The regulator confirmed it will continue its supervisory work for Wave 1 in 2026, despite uncertainties related to Omnibus I.

IAASA’s remit covers two functions. First, it examines the sustainability statements of entities within its existing Transparency Directive scope (essentially, Irish entities listed on EU-regulated markets). Second, it inspects the quality of CSRD assurance work performed by PIE audit firms. For non-PIE entities, both functions fall to the RABs.

The December 2025 observations covered the challenges entities and audit firms faced during the first reporting cycle. The key messages for auditors centre on the need for adequate planning time, the importance of the double materiality assessment as the foundation of the sustainability statement, and the necessity of building assurance capability that’s distinct from financial audit methodology.

IAASA also launched its 2026–2028 Work Programme, which identifies CSRD oversight as a strategic priority. The programme covers continued development of examination methodology for sustainability statements, ongoing inspection of CSRD assurance quality at PIE firms, and collaboration with other EU regulators through the CEAOB framework. For non-PIE practitioners, the signal is clear: the standards IAASA applies to PIE firms will set the benchmark that RABs use when reviewing your work.

The IAASA Insights podcast (Episode 5) provides additional practical observations from the first year, drawing on both examinations and inspections. It’s worth the 30 minutes if you’re preparing for your first CSRD engagement.

Worked example: first CSRD assurance for an Irish large company

Client scenario: Brennan Engineering Ltd, an Irish-incorporated industrial company based in Cork. 1,300 employees, €510 million annual revenue, not listed on any regulated market. The company manufactures precision components for the automotive and aerospace sectors, with supply chain operations extending to Germany and Poland. Your firm (a non-Big 4 Irish practice) has been Brennan’s statutory auditor for six years. Brennan falls within the revised CSRD scope under Omnibus I and will first report for FY 2027 (published 2028).

1. Confirm scope and timeline

Brennan exceeds both Omnibus I thresholds (1,000 employees, €450 million turnover). As a large non-listed Irish company, it falls under Wave 2. First reporting obligation: FY 2027 sustainability statement in the 2028 directors’ report.

2. Evaluate the double materiality assessment

Brennan’s sustainability team (two people, recently appointed) ran a DMA identifying climate change (ESRS E1), pollution (ESRS E2), own workforce (ESRS S1), and workers in the value chain (ESRS S2) as material topics. Fourteen IROs were identified across these topics. Resource use and circular economy (ESRS E5) was assessed as not material, with documented rationale based on the company’s low packaging intensity and metal recycling programmes.

3. Assess data processes and controls

Brennan collects Scope 1 emissions from natural gas consumption records and company vehicle fleet data. Scope 2 comes from electricity invoices. Scope 3 is limited to purchased goods (based on spend data and emission factors) and upstream transport. Workforce data is extracted from the HRIS system. No formal internal controls exist over sustainability data collection. The sustainability team manually consolidates spreadsheets quarterly.

4. Design assurance procedures

For Scope 1: recalculate from gas meter readings and fleet fuel records. For Scope 2: agree to electricity invoices and verify emission factor selection. For workforce: test headcount against payroll, verify health and safety incident data against internal incident reports. For the DMA: review methodology, test a sample of IRO assessments, evaluate the not-material determinations.

5. Prepare the assurance report

Under Irish law, the assurance report may be included as a separate section of the audit opinion or as a standalone report. For Brennan, your firm opts for a standalone limited assurance report, following the ISSA 5000 framework and CEAOB guidelines.

The engagement from planning through reporting took approximately 280 hours, with DMA evaluation consuming roughly 50 hours, process understanding and gap assessment 70 hours, substantive procedures 120 hours, and review and reporting 40 hours. For a non-Big 4 firm billing at Irish mid-tier rates, this represents a meaningful engagement. The key variable is data readiness: companies like Brennan with manual sustainability data processes will require more substantive testing than entities with automated data collection.

A second variable specific to Irish engagements is the directors’ report integration. Because sustainability information sits within a statutory document, the assurance provider must coordinate with the financial auditor (if different) to ensure consistency. For Brennan, where your firm provides both services, this coordination is internal. But time should still be allocated for the cross-check between financial statement disclosures and sustainability statement claims, particularly around climate-related provisions and workforce liabilities.

What to do now if you’re a non-Big 4 Irish firm

1. Check whether any of your current audit clients exceed the revised Omnibus I thresholds (1,000 employees, €450 million net turnover). These clients will need CSRD assurance for FY 2027. Start the conversation now, not in 2028.
2. Contact your RAB (CAI, ACCA, or CPA Ireland) about the SASP approval process. Understand the knowledge and experience requirements, and plan the training needed for your team. The time-limited experience exemption expired at the end of 2025, so from 2026 onward you need both knowledge and demonstrated competence.
3. Build familiarity with ISSA 5000 and the CEAOB September 2024 guidelines. These are your interim standards until EU-level harmonised standards arrive (due 1 July 2027). IAASA’s approach to PIE firms will influence how RABs evaluate non-PIE assurance quality.
4. Run a gap assessment with your largest client who falls within scope. Understand their data processes, their DMA readiness, and where the controls gaps are. A pilot engagement teaches more than any training course.
5. Monitor the Irish transposition of Omnibus I. The existing S.I. 336/2024 regulations contain scope definitions that may not align with the revised directive. Until amending legislation is enacted (required by 19 March 2027), there’s a transitional window where Irish law and the directive may diverge on which entities are in scope.
6. Subscribe to IAASA’s publications and podcast. The Wave 1 observations report and the 2026–2028 Work Programme are essential reading. IAASA is one of the more active EU regulators on CSRD, and their expectations filter through to the RABs.

Common mistakes in Irish CSRD engagements

• Underestimating first-year time requirements: IAASA’s December 2025 Wave 1 observations noted that entities and audit firms underestimated the time required for first-year CSRD reporting and assurance. The DMA alone can take 4–8 weeks of active work, and the data collection process for entities without established sustainability reporting infrastructure is significantly more time-intensive than most practitioners anticipated.
• Relying on the CSRD text instead of the Irish Regulations: The scope anomalies in S.I. 336/2024 (particularly the deemed “large company” treatment for all listed entities) caught several companies off guard. Auditors who relied on the CSRD text without reading the Irish Regulations missed the fact that their clients were in scope earlier or with broader obligations than the directive intended. Always read the national transposition, not just the directive.
• Misapplying the subsidiary exemption: The subsidiary exemption limitations in the Irish Regulations mean that an Irish subsidiary of a non-Irish EU parent may not be able to rely on the parent’s consolidated sustainability report as easily as the directive intended. If your client is part of a multinational group, verify the exemption conditions under Irish law specifically, not under the directive’s general provisions.

Related Ciferi content

Related guides:

Put audit concepts into practice with these free tools:

Frequently asked questions

Further reading and source references

• S.I. No. 336 of 2024, European Union (Corporate Sustainability Reporting) Regulations 2024: the Irish CSRD transposition instrument.
• S.I. No. 498 of 2024: amending instrument addressing initial transposition issues.
• IAASA December 2025 Observations: Wave 1 reporting and assurance quality findings.
• Directive (EU) 2026/470 (Omnibus I): the amending directive narrowing CSRD scope.