CSRD / DMA for IT & Telecommunications

Here is the article: ```html

What is CSRD / DMA?

The Corporate Sustainability Reporting Directive (CSRD) is a European Union regulation that requires companies to disclose detailed information about their environmental, social, and governance (ESG) impacts. At its core lies the Double Materiality Assessment (DMA) — a methodology that requires companies to evaluate sustainability topics from two perspectives: how ESG issues affect the company's financial performance (financial materiality) and how the company's operations impact people and the environment (impact materiality). Together, CSRD and DMA form the backbone of the EU's push toward transparent, comparable, and reliable sustainability reporting across all major industries.

CSRD / DMA and the IT & Telecommunications Industry

The IT and telecommunications sector is often perceived as "clean" compared to heavy industry, but this perception is misleading. The sector faces significant sustainability challenges that CSRD and DMA reporting will bring into sharp focus. Data centers alone account for approximately 1-1.5% of global electricity consumption, and this figure is rising rapidly with the growth of cloud computing, artificial intelligence workloads, and streaming services. Telecommunications networks — including 5G infrastructure rollouts — add substantially to energy demand and electronic waste generation.

Beyond environmental concerns, the industry sits at the intersection of critical social issues. Data privacy, digital inclusion, cybersecurity, and the labor conditions within global hardware supply chains are all topics that fall under the CSRD reporting framework. A telecommunications provider operating across multiple EU markets, for example, must report on how its network expansion affects local communities, how it manages the lifecycle of millions of devices, and what measures it takes to ensure fair working conditions among its suppliers in Asia and Africa.

The DMA process forces IT and telecom companies to engage with stakeholders — investors, customers, regulators, employees, and affected communities — to determine which sustainability topics are most material. For a cloud services provider, energy consumption and Scope 2 emissions will almost certainly emerge as highly material. For a hardware manufacturer, conflict minerals in supply chains and end-of-life product management will demand attention. For a software company, data ethics, workforce diversity, and governance of artificial intelligence systems may take priority.

Companies that fail to comply face not only regulatory penalties but also reputational damage and reduced access to capital, as investors increasingly use CSRD-aligned data to make funding decisions.

Key Requirements

IT and telecommunications companies subject to CSRD must address the following requirements:

• Conduct a Double Materiality Assessment: Identify and prioritize sustainability topics from both the financial and impact perspectives. This must involve structured stakeholder engagement and be updated regularly. For telecom companies, this typically covers climate change, energy use, resource circularity, data privacy, digital access, and supply chain labor practices.
• Report according to European Sustainability Reporting Standards (ESRS): CSRD mandates the use of ESRS, which define specific disclosure requirements across environmental (E1-E5), social (S1-S4), and governance (G1) topics. IT companies must map their material topics to the relevant ESRS standards and provide quantitative metrics, targets, and progress descriptions.
• Disclose Scope 1, 2, and 3 greenhouse gas emissions: This includes direct emissions from owned facilities, indirect emissions from purchased electricity powering data centers and offices, and value chain emissions from hardware manufacturing, logistics, employee commuting, and product end-of-life processing.
• Provide supply chain transparency: Companies must report on due diligence processes covering human rights, labor standards, and environmental practices throughout their supply chains. For a company sourcing semiconductors, rare earth elements, or assembling hardware in multiple countries, this is a substantial undertaking.
• Integrate sustainability into governance: Boards and management bodies must demonstrate oversight of sustainability matters. Companies need to disclose how ESG risks and opportunities are incorporated into business strategy, risk management, and executive remuneration.
• Obtain third-party assurance: CSRD reports must be independently verified — initially with limited assurance, moving toward reasonable assurance in later years. This means sustainability data must meet audit-grade quality standards.
• Publish reports in a digital, machine-readable format: Reports must be tagged using the European Single Electronic Format (ESEF) with XBRL taxonomy, enabling automated analysis by regulators and investors.
• Disclose transition plans: Companies must outline their climate transition plans, including interim targets aligned with the Paris Agreement. For data center operators, this means concrete roadmaps for renewable energy procurement, cooling efficiency improvements, and hardware refresh cycles.

Implementation Steps for IT & Telecommunications Companies

1. Establish a cross-functional CSRD project team. Bring together representatives from sustainability, finance, legal, IT operations, procurement, and human resources. Appoint a project lead with direct access to senior management. In telecom companies with complex organizational structures, ensure that each business unit (network operations, retail, enterprise services) has a designated liaison.
2. Conduct a gap analysis against ESRS requirements. Map your current sustainability reporting and data collection practices against the full set of ESRS disclosure requirements. Identify where data exists but is not structured for reporting, where data collection processes need to be created from scratch, and where estimation methodologies are needed. Pay particular attention to Scope 3 emissions data, which is typically the largest gap for IT companies.
3. Perform the Double Materiality Assessment. Design and execute a structured DMA process. Identify your full list of potential sustainability topics using ESRS as a starting point. Engage internal and external stakeholders through surveys, interviews, and workshops. Score each topic on both financial materiality and impact materiality dimensions. Document the methodology, thresholds, and rationale for including or excluding topics. For a telecommunications company, ensure you cover sector-specific issues such as electromagnetic field exposure, digital divide, and network resilience.
4. Build or upgrade data collection infrastructure. Implement systems to collect, validate, and aggregate sustainability data across all operations and material value chain partners. This may involve deploying specialized ESG data management software, integrating sustainability metrics into existing ERP and business intelligence platforms, or establishing data-sharing agreements with key suppliers. For companies managing hundreds of data center locations, automated energy and emissions monitoring is essential.
5. Define targets and transition plans. Based on your material topics, set measurable targets with clear timelines. For climate-related targets, align with science-based methodologies. A cloud provider might commit to 100% renewable energy for data centers by a specific year, while a telecom operator might target a specific percentage reduction in network energy consumption per unit of data transmitted. Ensure targets are ambitious but achievable, and backed by concrete action plans.
6. Prepare and validate your first CSRD report. Draft disclosures for each material ESRS topic, including narrative descriptions, quantitative metrics, policies, actions, and targets. Implement internal review processes to ensure data accuracy and consistency. Engage your chosen assurance provider early — ideally during the data collection phase — so they can advise on methodology and identify issues before the final report is due.
7. Embed sustainability reporting into ongoing business processes. CSRD is not a one-time project. Integrate sustainability data collection into quarterly and annual reporting cycles. Update your DMA periodically as business conditions and stakeholder expectations evolve. Train relevant staff on reporting requirements and establish clear data ownership and accountability across the organization.

Frequently Asked Questions

Which IT and telecommunications companies are subject to CSRD?

CSRD applies to all large EU companies and EU-listed companies (except listed micro-enterprises) meeting at least two of three criteria: more than 250 employees, more than EUR 50 million in net turnover, or more than EUR 25 million in total assets. It also applies to non-EU companies generating more than EUR 150 million in EU net turnover with at least one EU subsidiary or branch. This means that major global technology firms, telecommunications operators, managed service providers, and SaaS companies with significant EU operations are all within scope, regardless of where they are headquartered.

How does DMA differ from a traditional materiality assessment?

Traditional materiality assessments, as used under earlier frameworks like GRI, primarily focus on topics that stakeholders consider important. The Double Materiality Assessment required by CSRD goes further by explicitly requiring two distinct analyses: impact materiality (how the company affects the environment and society) and financial materiality (how sustainability issues create risks or opportunities for the company). Both dimensions must be assessed independently, and a topic is considered material if it is significant on either dimension. This dual lens often surfaces topics that a single-perspective assessment would miss — for instance, an IT company might not consider biodiversity financially material, but its data center construction in ecologically sensitive areas could make it material from an impact perspective.

What are the most common material topics for IT and telecom companies?

Based on early DMA results across the sector, the most frequently identified material topics include: climate change and energy consumption (especially data center and network energy), resource use and circular economy (electronic waste, hardware lifecycle management), workforce matters (talent attraction, diversity, working conditions), data privacy and cybersecurity, supply chain labor and human rights practices, and business conduct and governance. The specific ranking varies — a pure-play software company will weight data ethics higher, while a network operator will prioritize energy and infrastructure topics.

When do IT companies need to start reporting under CSRD?

The timeline depends on company size and listing status. Large EU public-interest entities with over 500 employees began reporting in 2025 (for fiscal year 2024 data). Other large companies started in 2026 (for fiscal year 2025 data). Listed SMEs have until 2027, with an option to defer to 2028. Non-EU companies meeting the revenue threshold must report from 2029. Companies should begin their DMA and data collection processes at least 12-18 months before their first reporting deadline to ensure readiness.

Summary

CSRD and the Double Materiality Assessment represent a fundamental shift in how IT and telecommunications companies must approach sustainability reporting — moving from voluntary, narrative-driven disclosures to mandatory, standardized, and audited reporting. The sector's growing energy footprint, complex global supply chains, and central role in digital society make thorough preparation essential. Companies that begin their CSRD implementation now will not only achieve compliance but also gain a clearer understanding of their sustainability risks and opportunities, positioning themselves as trusted partners for investors, customers, and regulators in an increasingly transparency-driven market.

``` Artykuł jest gotowy — ok. 1400 słów, ustrukturyzowany HTML, bez emoji, z konkretnymi przykładami dla branży IT & Telecommunications. Obejmuje wszystkie 6 wymaganych sekcji: opis CSRD/DMA, powiązanie z branżą, wymagania, kroki implementacji, FAQ i podsumowanie.