Limited assurance in CSRD represents external verification where practitioners perform fewer procedures to check if sustainability reporting has no material misstatements. Large wave 1 companies that have reported on CSRD for the financial year 2024, and published them in 2025, have already received their first level of assurance. Practitioners focus on understanding the reporting process and conduct observations and analytical procedures at a more total level.
The 2025 Omnibus proposal hasn’t caused any delays in meeting the assurance requirement, but the standard has to be finalized by the Commission by October 1, 2026. However, it is still negotiable whether CSRD should stay at limited assurance instead of moving to reasonable assurance later.
With regard to reasonable assurance, verification moves further by requiring more procedures that resemble a financial statement audit. This approach needs a detailed evaluation of internal controls and substantive testing to keep assurance engagement risk low. Reasonable assurance provides more confidence, but usually assurance never reaches 100%, as complete testing isn’t feasible in either case.
The main difference between these assurance levels shows in the process the assurance provider does. Limited assurance requires less work, using different or fewer tests and smaller samples than reasonable assurance.
The main difference between limited and reasonable assurance shows up in several areas that affect how deeply and reliably sustainability reports get verified.
Limited Assurance: The conclusion it uses is driven by a negative approach, for example, “Nothing has come to our attention that causes us to believe the data is materially misstated”. This shows that it is more likely to inspire less confidence.
Reasonable Assurance: On the contrary, the statement here is driven by positivity, for instance, “Based on the evidence obtained, we believe the data is free from material misstatement”. Practitioners do not want to leave room for any assurance engagement risk, and so they keep it to an acceptable minimum.
Neither type of assurance, however, can ever be absolute.
Limited Assurance: The thoroughness of this assurance is what differentiates it from reasonable, as it takes a lighter path and it does not include analytical control tests. It concentrates on the basic data with a narrower scope. 88% of companies that receive ESG assurance keep it at a limited level, according to KPMG research.
Reasonable Assurance: During this process, the testing is significantly more detailed. There are check controls, and data is verified, whereas this assurance evaluates basic assumptions and methods. There is additional effort on behalf of the teams as they perform testing on data management processes and equipment.
Limited Assurance: When we discuss evidence, it means that throughout this process the testing is limited to questions, some analysis procedures, and, of course, fewer samples. In that sense, the process of collecting evidence is more narrow and focused.
Reasonable Assurance: At this point, practitioners hold systematic reviews to collect sufficient evidence and perform assessment risks to identify any issues and ensure it is collected in depth. It might also include testing how controls work for significant risks—their design, implementation, and effectiveness.
Limited Assurance: For this first lever, it is a given that time and resources do not exaggerate, explaining why it is more economical than reasonable assurance.
Reasonable Assurance: When there is closer scrutiny, particularly during site visits, expenses tend to increase, and the effort required to collect evidence also rises, making the process of obtaining reasonable assurance more time-consuming.
Choosing the right assurance level for CSRD compliance requires companies to weigh several factors against their readiness and regulatory deadlines. Companies must balance their immediate compliance needs with their long-term sustainability reporting goals.
Investor preferences shape assurance level decisions by a lot. A global PwC survey shows investors just need complete clarity about companies’ sustainability plans. Companies that build reliable internal controls from the start create value that goes way beyond the reach and influence of basic compliance. Shareholders who own more than 5% of voting rights can ask for extra third-party verification of sustainability reporting elements. Companies under close watch from capital markets might think over reasonable assurance sooner than required.
Studies reveal 55% of companies expect challenges with data quality and consistency in CSRD reporting. About 74% of companies still use spreadsheets to manage their sustainability data. Manual methods like these create risks of mistakes and inefficiency. Companies must review their internal control maturity for sustainability information, which lacks the reliability of financial reporting controls.
Financial services companies lead in assurance readiness because they know regulatory frameworks well. Each industry’s unique features affect assurance decisions, especially when you have sectors with major environmental footprints like energy, mining, manufacturing, and utilities. A company’s size determines when they must report under CSRD’s staged approach. Complex organizational structures play a crucial role in assurance planning, particularly for multinational corporations operating in EU and non-EU territories.
The CSRD assurance process uses a well-laid-out method that will give a reliable sustainability report meeting required standards. This approach works for both limited and reasonable assurance when teams participate, though with different levels of detail.
Teams must learn the entity’s environment and internal control systems that affect sustainability reporting. This first step uses techniques like asking management questions, analyzing unusual items, and observing processes to verify information. Reasonable assurance needs a full picture of controls with more detail than limited assurance work.
The next step involves finding areas where material misstatements could occur. The focus stays on disclosures that matter most to users. Teams must check if disclosures match ESRS quality standards, including relevance and faithful representation. They must assess risks through double materiality—looking at both the company’s effect on sustainability and how sustainability affects the company.
After spotting risks, teams create suitable procedures based on the needed assurance level. These include inspections, observations, confirmations, recalculations, and analysis. Reasonable assurance needs more testing than limited assurance. Teams must look deeper at controls and use bigger sample sizes.
The final report needs clear writing with the practitioner’s signature. Users should find it easily available. The report shows if ESRS requirements were met and details the materiality assessment process and key indicators. It also explains any limitations and describes the completed work.
Teams must verify if reports follow ESRS standards and comply with the EU’s Taxonomy Regulation Article 8. The report confirms proper digital tagging of sustainability information as per EU rules. Throughout this work, practitioners maintain independence and follow ethical principles like integrity, objectivity, professional skills, and confidentiality.
