10-Year Strategic ESG Compliance Plan (2026–2036)

1. Understanding the New Regulatory Paradigm: Omnibus I

The entry into force of Directive (EU) 2026/470, widely referred to as Omnibus I, marks a turning point in the EU sustainability framework. Rather than adding another layer of rules, the Directive signals a shift from regulatory expansion to rationalisation and simplification. Published in the Official Journal on 26 February 2026, it amends key elements of the CSRD and CSDDD to reduce administrative burdens and refocus sustainability reporting on companies considered most systemically relevant. , this is not just a technical update. It redraws the boundaries of legal responsibility, reporting exposure and reputational risk for the coming decade. It also changes how capital markets may interpret ESG readiness: less prescriptive regulation does not necessarily mean lower scrutiny.

The most significant change is the redefinition of the size thresholds that determine whether a company falls directly within scope. Under the revised rules, CSRD applies to companies with more than 1,000 employees and more than €450 million in net annual turnover, while the CSDDD applies to companies with more than 5,000 employees and more than €1.5 billion net turnover. gic perspective, one of the most consequential simplifications is the removal of the mandatory climate transition plan under the CSDDD. While this reduces the immediate documentation burden, it also shifts climate credibility from a legal obligation to a market signal. In practice, investors, lenders and commercial partners may still expect transition planning as evidence of long-term resilience. Companies that stop producing this information voluntarily could face higher financing costs or weaker market trust. ave (2026–2027): Transition and Standard Redefinition

The period from 2026 to 2027 is a critical transition window. The main risk is not only non-compliance, but strategic inertia. Companies that wait for every detail to settle may lose time in adapting systems, internal controls and supplier engagement processes.

Several milestones define this first phase.

First, the VSME standard is already part of the landscape. The European Commission adopted a recommendation on the voluntary sustainability reporting standard for SMEs on 30 July 2025, making it the main reference point for proportionate ESG information requests to smaller businesses. This matters because many large companies will increasingly need a defensible and standardised basis for collecting ESG data from their supply chains. ommission is expected to adopt a simplified ESRS delegated act within six months of the Directive’s entry into force, which places the expected timeline around mid-September 2026. The objective is to streamline the ESRS and give companies greater legal certainty on what data will remain material under the revised regime. States generally have until 19 March 2027 to transpose the relevant amendments into national law, while harmonised limited assurance standards are expected by 1 July 2027. These dates are essential because they shape the move from internal ESG data gathering to externally reviewable, assurance-ready reporting. priority for 2026

The main operational risk in early 2026 is information overload across supply chains. Procurement teams at large companies may continue sending overly broad questionnaires before internal policies are aligned with the revised framework and VSME logic. The smartest response is not to freeze action altogether, but to standardise requests, reduce duplication, and shift from open-ended questionnaires to targeted, proportionate and auditable data requests.

At the same time, companies that have already invested in legacy ESRS implementation should avoid locking themselves into rigid report templates. The priority should be raw data flexibility: consistent data architecture, traceability and internal controls that can survive future framework adjustments.

3. Second Wave (2028–2031): Full Operation and Digital Integration

This phase marks the shift from formal compliance to digitally enabled transparency. ESG information will increasingly be evaluated not only by auditors and regulators, but also by banks, investors and automated data tools.

A major milestone is the CSDDD transposition deadline of 26 July 2028, with companies expected to comply with the updated due diligence requirements from July 2029. The amended framework caps penalties at 3% of worldwide net turnover, reinforcing the need for robust governance over value chain risk. at by 2029, sustainability due diligence will no longer be a policy exercise. It will become a test of whether companies can produce reliable information on adverse impacts, supplier relationships and prioritised risk areas across their chain of activities. The revised rules explicitly allow prioritisation and reliance on reasonably available information, which is meant to reduce the trickle-down burden on smaller partners, but it does not remove the need for traceable ESG controls. urning point is the rollout of the European Single Access Point (ESAP), designed to provide centralised access to public financial and sustainability information on EU companies and investment products. ESAP is intended to increase visibility for firms and broaden access to finance, which means data quality will matter far beyond compliance. It will influence comparability, investor screening and potentially algorithmic credit analysis. terms, once ESG data becomes easier to access and compare digitally, poor-quality or inconsistent disclosures may carry a direct cost in terms of capital pricing, investor confidence and business opportunities.

4. Third Wave (2032–2036): Maturity, Threshold Reviews and Anti-Greenwashing Enforcement

From 2032 onward, ESG compliance should be treated as a dynamic governance capability, not a fixed reporting project. By this stage, the framework will likely be shaped as much by supervisory practice, market discipline and enforcement trends as by the original legal text.

One strategic variable is the future review of thresholds and scope. Because EU sustainability rules evolve over time, growing companies should plan for possible entry into the reporting perimeter well before they are formally captured. Waiting until the threshold is crossed can lead to operational disruption, weak internal controls and rushed supplier engagement.

At the same time, anti-greenwashing enforcement is likely to become more mature. As supervisory authorities and courts develop precedents, sustainability claims that were once considered acceptable marketing language may become sanctionable if they lack quantitative evidence, traceability or internal substantiation. That means every public ESG claim should be backed by verifiable data and governance controls.

The strategic conclusion is clear: over the long term, ESG maturity will depend less on producing a document and more on building an evidence-based sustainability architecture across finance, operations, communications and procurement.

5. Value Chain Governance and the Concept of the “Protected Company”

One of the most important practical effects of Omnibus I is how it changes the balance of power within value chains.

The revised framework seeks to reduce the trickle-down effect of excessive reporting demands on smaller companies. Official EU communications make clear that the reform is meant to limit disproportionate information requests imposed by larger companies on smaller business partners. Companies with fewer than 1,000 employees are therefore better positioned to resist ESG data requests that go beyond proportionate and standardised expectations. nt leaders, this means the era of maximalist questionnaires is ending. Large companies need more disciplined supplier engagement, based on VSME-compatible requests, relevance, traceability and legal proportionality.

At the same time, businesses still need to protect commercially sensitive information. As sustainability data becomes more visible through standardisation and digital access points, governance systems must balance transparency with confidentiality, ensuring that ESG disclosure strengthens trust without exposing trade secrets or undermining competitive advantage.

6. Strategic Targets for Risk Mitigation and Value Creation

The purpose of a ten-year ESG compliance plan is not simply to avoid penalties. It is to move toward a business model in which brand integrity, financing conditions and strategic resilience are supported by a structurally embedded ESG governance system.

Three priorities stand out.

1. Continuous threshold monitoring

Companies should monitor size thresholds, regulatory updates and sector developments continuously to avoid sudden entry into a more demanding reporting perimeter.

2. Digital infrastructure for ESAP-era reporting

Businesses need data systems that can connect ESG KPIs with internal controls, accounting references and external disclosure formats. In the ESAP era, poorly structured data will become a competitive disadvantage.

3. Supply chain governance aligned with proportionality

Procurement and sustainability teams should align supplier engagement with VSME principles, reduce reporting friction and build legally robust data collection processes that preserve value chain stability.

Final Takeaway

The most important shift under Omnibus I is cultural as much as regulatory.

Companies should stop treating ESG as a sequence of deadlines and start building an ESG operating structure. The firms that will be best positioned between 2026 and 2036 are not necessarily those doing the bare minimum, but those capable of integrating sustainability data into core business processes, financial decision-making, supply chain governance and capital market communication.

That is how compliance stops being a bureaucratic cost and becomes a long-term source of stability, credibility and strategic advantage.