Protecting SMEs in the Age of Corporate Sustainability Obligations

The wave of EU sustainability legislation sweeping across the corporate landscape has, until recently, left one question relatively unanswered: what happens to smaller businesses caught in the crossfire? With large companies obligated to report on their entire value chains, SMEs risk becoming de facto compliance targets, buried under data requests they were never meant to field.

The simplification measures announced at the beginning of 2025 concerning the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD) not only aim to streamline obligations for companies within scope, but also to protect SMEs from excessive administrative burdens imposed by large companies. Enter the SME Shield. 

What is the SME Shield? 

The SME shield is a concept introduced as part of the “omnibus simplification” package. Its objective is to prevent SMEs from being subject to excessive information requests from larger companies falling within the scope of the CSRD and CSDD.

The “Protected Undertakings” Concept Under the CSRD

The CSRD introduces the notion of “protected undertakings”, defined as companies in the value chain of reporting companies that do not exceed an average of 1,000 employees during the preceding financial year.

This status provides SMEs with a form of protection, allowing them to refuse certain information requests when those requests go beyond what is covered by voluntary sustainability reporting standards. Importantly, when a large company requests additional information, it must clearly inform the SME of which data exceeds the voluntary standards and explicitly indicate the SME’s right to decline providing such information.

The voluntary standards are expected to be published by July 2026, and are being developed by the European Financial Reporting Advisory Group (EFRAG), who are responsible for the mandatory CSRD reporting standards.

These voluntary standards are expected to cover topics such as:

• Energy consumption

• Greenhouse gas (GHG) emissions

• Air, soil, and water pollution

• Water usage

• Resource use

• Workforce information and the number of employees

• Health and safety

• Remuneration

Implications Under the CSDDD

In parallel, the simplification of the CSDDD aims to reduce the exposure of SMEs to extensive information requests related to human rights and environmental due diligence.

Large companies subject to due diligence obligations will not be required to directly request information from value chain partners with fewer than 5,000 employees, provided that the information can be reasonably obtained through other means, such as publicly available information.

In this context, “reasonably available” should be understood as information that can be accessed without disproportionate effort, excessive cost, or without unduly disrupting the SME’s operations. Further clarification will be provided with the expected CSDDD guidance document in summer 2027.

Examples:

1/ A large fashion retailer asks a small independent brand for detailed sustainability data for their CSRD report. However, thanks to the SME shield, the brand can stick to a simple, standardised questionnaire rather than spend weeks and money producing a full ESG report.

2/ A large fashion brand sourcing fabrics from a small, family-run supplier relies on the SME shield to avoid overwhelming them with complex due diligence requests, keeping it to a short set of practical questions they can realistically answer with existing data they already have.

3/ Instead of reaching out to small organisations directly, a company in scope of these legislations can identify risks through desk research, existing reports, or by leveraging the on-the-ground work of multi-stakeholder initiatives (MSIs); it should rely on those sources rather than pushing extensive data requests onto SMEs, effectively carrying out the risk identification on their behalf.

What This Means in Practice

Taken together, these two mechanisms represent a meaningful shift in how the EU's corporate sustainability framework interacts with smaller businesses. It also brings these processes in line with existing industry practices, for example, the OECD due diligence guidance. Rather than passing the compliance burden down the value chain, the new rules create explicit boundaries on what larger companies can ask, and give SMEs a clearer basis for pushing back.

For SMEs currently navigating sustainability-related information requests from large clients, understanding these protections is increasingly important. And with the voluntary standards expected later this year, the picture will become significantly clearer.

Have questions about how the CSRD or CSDDD simplification measures affect your business? Get in touch with the 2B Policy team.