CSRD, ESRS E1, and generative AI: from compliance checklist to measurable emissions

Executive summary

The EU Corporate Sustainability Reporting Directive (CSRD) expands mandatory sustainability disclosure for a large set of undertakings, implemented through the European Sustainability Reporting Standards (ESRS). For most organisations, climate change (ESRS E1) remains material: greenhouse gas emissions across Scopes 1, 2, and 3 must be reported with increasing rigour, including value-chain data that is often incomplete. At the same time, generative AI is embedded in procurement, engineering, finance, and customer operations — usually via cloud APIs and SaaS — which creates a new class of activity data (tokens, model identifiers, environments) that sustainability and IT teams must align if disclosures are to survive scrutiny and limited assurance.

This paper is not legal advice. It connects regulatory framing (CSRD / ESRS), climate accounting (GHG Protocol boundaries), and the emerging governance context of the EU AI Act, then states what a specialised carbon tool can credibly automate: traceable conversion of usage metadata to indicative CO₂e for discussion in Scope 3 and ESRS E1 workflows — not a replacement for your statutory sustainability statement or your assurance provider.

1. Regulatory framing: CSRD and ESRS

The CSRD replaces and broadens the Non-Financial Reporting Directive (NFRD). In-scope companies publish sustainability information in the management report, with ESRS specifying content and structure. EFRAG supports technical interpretation; the Commission adopts standards via delegated acts. Reporting is phased by company category; recent EU “Omnibus” / stop-the-clock style adjustments have shifted timelines and scope for some waves — teams should verify current obligations against official EU texts and national transposition.

ESRS span environmental, social, and governance topics. Where climate is material, ESRS E1 requires disclosures on mitigation, adaptation, energy, and greenhouse gases, aligned with the GHG Protocol for Scopes 1–3. Information must be relevant, faithful, comparable over time, and supported by processes and controls that auditors can test. Digital tagging (inline XBRL / ESEF-style workflows for sustainability statements) increases machine readability and comparability for supervisors and capital markets.

2. Double materiality and gap analysis

CSRD is built around double materiality: financial materiality (sustainability matters that affect enterprise value) and impact materiality (the undertaking’s impacts on people and the environment). The undertaking identifies material topics before filling every datapoint — but climate is subject to a rebuttable presumption of materiality in many cases, so dismissing it requires explicit analysis and disclosure of the conclusion.

A structured gap analysis compares existing policies, metrics, and data pipelines to ESRS requirements: missing disclosures, weak controls, supplier data gaps, and inconsistent boundaries. Cross-functional ownership (CFO office, sustainability, IT, procurement) is repeatedly cited in practitioner surveys as critical because CSRD reporting is as much a data and governance programme as a narrative exercise.

3. Assurance and data quality

Sustainability statements are subject to limited assurance on sustainability information, with rules evolving (including global assurance standards such as ISSA 5000 on the horizon). That shifts day-to-day work from annual PDFs to evidence: methodology notes, audit trails, reconciliation to financial and operational systems, and clear documentation of assumptions. Third-party software can accelerate collection and standardisation, but responsibility for boundaries and assertions remains with the reporting entity.

4. Scope 3, questionnaires, and AI services

For many companies, Scope 3 dominates emissions. Data often comes from internal estimates, spend-based factors, and supplier questionnaires — the same operational rhythm that drives CDP, EcoVadis, and customer-specific ESG portals. CSRD does not prescribe a single IT vendor; platforms differ by sector and maturity. What matters is traceable activity data and consistent categories (e.g. purchased goods and services vs. use of sold products) so that AI-related cloud spend and API usage are not double-counted or misclassified.

Research and industry commentary note growing use of automation — including AI — to pre-fill questionnaires and keep answers aligned when ESRS or customer templates change. That efficiency is complementary to climate physics: you still need coherent energy and emissions factors and documented uncertainty where grids or vendor regions are unknown.

5. Generative AI and ESRS E1

Large language model (LLM) usage is typically purchased as a service (APIs, enterprise chat, coding agents). For reporting entities, those emissions usually fall in Scope 3 (e.g. upstream purchased services and cloud) rather than Scope 1. The operational primitive that scales is usage metadata returned by providers — prompt tokens, completion tokens, model id — not free-text prompts. That metadata is the bridge between software bills and carbon coefficients documented in your methodology note.

carbon-llm is designed around that bridge: ingest token counts (and optionally routing metadata), apply documented emission factors, and export audit-friendly totals for tenants and environments — so climate teams can explain “how we estimated generative AI footprint this year” without claiming precision that infrastructure-level metering would be required to prove.

6. EU AI Act: a different lane from CSRD climate

The EU Artificial Intelligence Act imposes risk-based obligations on providers and deployers of AI systems: documentation, transparency, human oversight, and conformity routes for high-risk systems, plus specific duties for general-purpose AI models. It addresses safety, fundamental rights, and market surveillance — not corporate GHG inventories. Organisations therefore run parallel workstreams: CSRD/ESRS for sustainability statements; AI governance for product and procurement compliance; GDPR/NIS2/DORA for data and resilience where applicable.

Explainability and logging practices that support AI Act evidence can indirectly strengthen data governance for sustainability — but they do not substitute for GHG accounting under ESRS E1. Conversely, a carbon coefficient per token does not demonstrate conformity with the AI Act. Product and legal teams should keep regimes distinct while reusing metadata where possible.

7. Monetisation and roadmap implications (platform view)

For a carbon accounting product, CSRD increases willingness to pay for: (1) reproducible methodology and versioned coefficients; (2) tenant- and environment-level allocation for multi-tenant SaaS; (3) exports that map to internal controls and external assurance cycles; (4) integrations with gateways and observability stacks that already log tokens. Optional modules such as materiality assessment or generic “CSRD questionnaires” overlap crowded GRC markets; differentiation stays sharper on high-quality LLM activity data and transparent CO₂e modelling than on all-in-one compliance suites.

Disclaimer

This white paper is for general information. CSRD, ESRS, and the AI Act evolve; verify requirements with qualified advisers. carbon-llm provides software and methodology support for indicative emissions from LLM usage metadata; it does not issue legal opinions or assurance opinions.