CSRD Omnibus and Stop-the-Clock – what changes

A Kraków-based mid-size manufacturer received its first CSRD scoping letter from a German parent company in January 2026. Three weeks later, the European Commission announced the Omnibus package. The manufacturer's compliance team paused. Was the timeline still valid? Did the reporting obligation still apply at the same threshold? The answer – as of spring 2026 – is: partly yes, partly no, and the difference matters financially.

The CSRD Omnibus proposal and the accompanying Stop-the-Clock Directive would, if fully adopted, delay sustainability reporting obligations for wave-two and wave-three companies by two years and raise the threshold for mandatory reporting to 1,000 employees. Poland has transposed the original CSRD through an amendment to the Accounting Act (ustawa o rachunkowości), supervised by the Polish Financial Supervision Authority (KNF) and the National Court Register (KRS) for filing purposes. Until the Omnibus amendments are enacted into Polish law, the original deadlines remain legally binding for in-scope entities.

This guide walks through four areas: the current Polish legal position, the proposed changes and their practical scope, the compliance steps companies should take now, and the common mistakes that create liability. Each section includes a concrete timeline or threshold figure so you can map your company's exposure directly.

What is the current CSRD framework in Poland?

Poland incorporated the Corporate Sustainability Reporting Directive (CSRD) into national law through an amendment to the Accounting Act. The Ministry of Finance oversees the transposition. The Financial Reporting Standards Committee (Komitet Standardów Rachunkowości) is the designated body for issuing Polish guidance on European Sustainability Reporting Standards (ESRS). Reporting is filed with the KRS, making it publicly accessible.

Wave one covered large public-interest entities with more than 500 employees – reporting for financial year 2024, due in 2025. Wave two targets large companies (more than 250 employees or EUR 40m turnover or EUR 20m balance sheet total) – reporting for FY 2025, originally due in 2026. Wave three covers listed small and medium enterprises – reporting for FY 2026, originally due in 2027. Each wave carries a different ESRS disclosure burden and a different audit assurance level.

Non-compliance creates direct financial exposure. Under the Accounting Act, failure to prepare a required sustainability report – or preparation of a materially deficient report – may result in fines of up to PLN 250,000 and personal liability for board members. That is not a theoretical risk: the KNF has signalled increased supervisory attention to ESG disclosures in 2026. Companies that delayed implementation assuming the Omnibus would remove their obligation are in the most vulnerable position.

Wave 1: large public-interest entities, 500+ employees, FY 2024 reporting
Wave 2: large companies, 250+ employees or EUR 40m turnover, FY 2025 reporting
Wave 3: listed SMEs, FY 2026 reporting (subject to proposed delay)
Fines under the Accounting Act: up to PLN 250,000 per violation
Audit assurance: limited assurance from wave two onward

For subsidiaries of foreign groups, the value chain reporting obligation is particularly significant. A Polish entity that is not itself in scope may still receive data requests from an in-scope parent. Refusing or ignoring those requests does not eliminate the legal exposure – it shifts it to a contractual and commercial dimension. Clients in the Mazowieckie region have already seen supply chain questionnaires arrive from German and Dutch parents (winter 2025).

What does the Omnibus package actually propose?

The European Commission's Omnibus package, published in February 2026, contains two instruments relevant to CSRD. The Stop-the-Clock Directive proposes a two-year postponement for wave-two and wave-three companies. A separate Omnibus amending directive proposes substantive changes: raising the employee threshold to 1,000 (from 250), reducing the number of mandatory ESRS data points, and narrowing the value chain due diligence scope. Both instruments are proposals – neither is yet law.

The Stop-the-Clock Directive is the faster-moving instrument. It requires only a qualified majority in the Council and a European Parliament vote. If adopted by summer 2026, member states would have a short transposition window – likely 60 days. Poland would then need to amend the Accounting Act again to push the wave-two deadline from FY 2025 to FY 2027. Until that amendment passes the Sejm (Polish lower house of parliament), the FY 2025 deadline stands as domestic law.

The substantive Omnibus amending directive follows the ordinary legislative procedure. It will take longer – realistic estimates point to late 2026 or early 2027 for political agreement, with transposition extending into 2028. Companies should not treat the threshold change (1,000 employees) as an exemption they can rely on today. Acting on an unenacted proposal forfeits the compliance window and precludes a defence of good-faith effort if enforcement action follows.

One practical implication: companies currently in wave two with between 250 and 999 employees face the highest uncertainty. They may be exempt under the Omnibus – or they may not, if the proposal is amended or delayed in the legislative process. The prudent approach is to continue gap analysis and data collection while monitoring the Polish transposition calendar closely.

How should Polish companies respond step by step?

The correct response is a phased approach that preserves optionality. Phase one – scoping and gap analysis – should be completed within 30 days of reading this guide. Phase two – data architecture and ESRS mapping – runs for 60 to 90 days. Phase three – draft report and limited assurance engagement – runs for the 90 days before the filing deadline. Each phase has a defined output and a defined owner.

Phase one deliverables include: confirmation of whether the entity is in scope under current Polish law (not the proposed Omnibus threshold), identification of material sustainability topics using double materiality assessment, and appointment of a responsible officer with board-level accountability. Double materiality requires assessing both financial materiality (impact on company value) and impact materiality (company's effect on environment and people). Many Polish companies conflate the two – that is the most common gap finding in our practice.

We secured a structured CSRD readiness programme for a manufacturing client in the Silesia region that reduced their gap from 47 open ESRS data points to 11 within 12 weeks (autumn 2025). The key was separating quantitative disclosures (which require data systems) from qualitative disclosures (which require policy documentation). Qualitative disclosures can often be drafted in four to six weeks. Quantitative disclosures – particularly Scope 3 emissions – require supplier data that takes three to six months to collect.

For whistleblower channel design, CSRD requires disclosure of whether a channel exists and how many reports were received. This is a direct interface between CSRD and the Whistleblower Protection Act (ustawa o ochronie sygnalistów). Companies that have not yet implemented a compliant channel face a compounded risk: violation of the Whistleblower Act (fines up to PLN 60,000) and a material gap in their CSRD disclosure simultaneously.

What are the three business scenarios and their compliance costs?

Compliance costs and timelines vary significantly by company type. Three scenarios illustrate the range. Each scenario includes a rough cost estimate and a critical path timeline. These are indicative – actual costs depend on data maturity, existing ERP systems, and whether limited assurance is performed by an existing auditor or a new engagement.

Scenario A – Polish manufacturing company, 300 employees, no prior ESG reporting. This company is in wave two under current law. It has no existing sustainability data, no double materiality assessment, and no ESG policy framework. Estimated compliance cost: PLN 180,000 to PLN 320,000 over 18 months, including external advisory, data system setup, and limited assurance. Critical path: 15 months from project start to filed report. The highest cost driver is Scope 1 and Scope 2 emissions measurement, which requires energy audit data and utility billing integration.

Scenario B – IT services company, 260 employees, Warsaw, existing ISO 27001 and partial ESG data. The ISO 27001 governance documentation provides a foundation for ESRS G1 (governance) disclosures. Estimated compliance cost: PLN 90,000 to PLN 150,000. Critical path: 10 months. The main gap is typically social disclosures (S1 – own workforce), particularly pay gap data and collective bargaining coverage. For a related compliance architecture discussion, see our guide on compliance programme design for foreign subsidiaries in Poland.

Scenario C – German investor's Polish subsidiary, 800 employees, Lower Silesia. This entity is in scope both as a standalone entity and as part of the parent's consolidated CSRD report. The parent's ESRS data requirements drive the timeline. Estimated cost for standalone Polish report: PLN 120,000 to PLN 200,000, but integration with parent reporting systems adds EUR 40,000 to EUR 80,000 in IT costs. Environmental due diligence for the real estate portfolio is a parallel workstream – see our analysis of environmental due diligence for Polish real estate. Critical path: 14 months.

What to prepare before engaging an adviser:

List of all legal entities in the Polish group and their employee counts
Last three years of energy consumption and utility billing data
Existing HR data: headcount by gender, pay gap data, training hours
Board resolution designating a CSRD responsible officer
Current auditor engagement letter (to assess limited assurance scope)

The most expensive mistake is starting the limited assurance engagement without clean underlying data. Auditors charge for data remediation at advisory rates. A company that begins the assurance process with incomplete Scope 2 data can expect the engagement cost to increase by 30 to 50 percent. Starting data collection 12 months before the filing deadline – not three months – is the single most effective cost-control measure.

For companies between 250 and 999 employees, the Omnibus uncertainty creates a specific decision point. Pausing all CSRD work carries the risk that the Stop-the-Clock Directive is not adopted, or is adopted but not transposed into Polish law before the FY 2025 deadline. Continuing full implementation carries an unnecessary cost if the exemption does apply. The balanced approach: complete double materiality assessment and data collection (sunk cost is low, reusable in future years), but defer limited assurance engagement until the Polish legislative position is clear.

What are the most common compliance mistakes – and how to avoid them?

Four mistakes appear consistently across Polish CSRD implementations. Each one creates either a direct legal liability or an irreversible delay that forfeits the compliance window. Understanding them in advance is more valuable than correcting them after the filing deadline has passed.

Mistake 1: Treating the Omnibus as an exemption already in force. Companies that have stopped CSRD work on the basis of the Commission's proposal are exposed to enforcement under current Polish law. The Accounting Act has not been amended. The KNF has not issued any guidance suspending supervision. Personal liability of board members for failure to file attaches to the current legal framework – not the proposed one. An irreversible consequence: a board that fails to file for FY 2025 cannot retroactively claim it relied on a proposal that was never enacted.

Mistake 2: Conflating CSRD scope with SFDR or taxonomy obligations. The Sustainable Finance Disclosure Regulation (SFDR) applies to financial market participants, not manufacturers or service companies. The EU Taxonomy Regulation applies to companies already in scope of CSRD, but only for specific economic activities. Confusing the three frameworks leads to either over-reporting (costly) or under-reporting (legally risky). Each has a separate materiality test and a separate filing mechanism.

We obtained a compliance architecture review for a Pomerania-based logistics group that had incorrectly applied SFDR disclosures to its non-financial parent entity (spring 2026). The correction required three weeks of legal work and prevented a materially misleading sustainability statement from being filed with the KRS.

Mistake 3: Ignoring AML and whistleblower channel intersections. CSRD's governance disclosures (ESRS G1) require reporting on anti-corruption and anti-bribery measures, including whether an AML programme exists and whether a whistleblower channel is operational. A company that has not implemented AML procedures under the Anti-Money Laundering Act (ustawa o przeciwdziałaniu praniu pieniędzy) faces a double exposure: AML enforcement risk and a CSRD disclosure gap simultaneously. The same applies to whistleblower compliance – the two frameworks must be aligned, not treated as separate workstreams.

Mistake 4: Delegating CSRD entirely to the finance team without legal review. ESRS disclosures include legally sensitive statements about litigation, regulatory proceedings, and human rights due diligence. Statements made in a CSRD report filed with the KRS are public documents. Inaccurate statements create liability under the Accounting Act and, in some cases, under criminal law. Legal review of the draft report – particularly ESRS S1, S2, G1, and ESRS 2 governance disclosures – is not optional for a company with litigation exposure.

Frequently asked questions

Q: If the Stop-the-Clock Directive is adopted, when will Polish law actually change?

A: The Directive must first be published in the Official Journal of the European Union, then transposed by Poland within the transposition deadline (likely 60 days). The Polish government must then amend the Accounting Act through the standard legislative process in the Sejm and Senate. Realistically, this takes three to five months after EU publication. Until the Polish amendment enters into force, the original deadlines in the Accounting Act remain binding. Companies should monitor the Ministry of Finance's legislative calendar, not just EU-level announcements.

Q: Does the proposed 1,000-employee threshold apply to Polish subsidiaries of foreign groups?

A: Under the current Omnibus proposal, the 1,000-employee threshold applies to standalone reporting obligations. However, a Polish subsidiary with fewer than 1,000 employees may still be required to provide data to an in-scope parent for consolidated CSRD reporting. The parent's obligation does not disappear because the subsidiary falls below the threshold. The contractual data-sharing obligation between parent and subsidiary is governed by the parent's national law – typically German, Dutch, or French – not Polish law. This is a frequent source of confusion for Polish management teams receiving data requests from foreign parents.

Q: What is the cost of a limited assurance engagement for a Polish company?

A: Limited assurance fees for a mid-size Polish company (250 to 500 employees, first-year reporting) typically range from PLN 60,000 to PLN 150,000, depending on the auditor, the company's data maturity, and the number of ESRS data points subject to assurance. Companies with an existing statutory audit relationship can often negotiate a combined fee that is 15 to 20 percent lower than a standalone assurance engagement. The cost rises sharply if underlying data is incomplete or if the assurance engagement begins fewer than four months before the filing deadline.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to ESG compliance, CSRD implementation, and sustainability reporting. We work with Polish entrepreneurs, foreign investors, and in-house legal teams navigating the evolving EU sustainability framework. To discuss your situation, contact info@kordeckipartners.com.

Your company's specific CSRD position – whether you are in scope under current Polish law, how the Omnibus proposal affects your timeline, and what data collection steps are irreversible if delayed – requires a concrete legal assessment. Acting on general guidance without mapping your entity's exact threshold, employee count, and filing calendar can forfeit the compliance window entirely.

If your company has between 250 and 1,000 employees and is uncertain whether the Omnibus threshold change applies to your FY 2025 reporting obligation, we will conduct a scope assessment, map your ESRS data gaps, and identify the minimum steps required to preserve compliance optionality: info@kordeckipartners.com.