EU Value-Chain Cap: Five Gaps in the Voluntary Standard

Eight to fifteen ESG questionnaires per year. That is the reality for mid-market suppliers in Germany working with larger customers. Every company reporting under the CSRD develops its own templates, its own categories, its own definitions. The result: triple data collection for the same information, in three different formats, to three different deadlines.

The European Commission has recognised this problem. On 6 May 2026, it published the draft of a delegated act that codifies the VSME standard as a mandatory ceiling for value-chain data requests: the so-called Voluntary Standard as value-chain cap. The concept is sound. But the current draft has five structural shortcomings that provoke exactly the avoidance behaviour the regulation is meant to prevent.

As an independent ESG consultant, I submitted a formal response to the European Commission on 14 May 2026 regarding this draft. A parallel response addresses the simultaneously consulted delegated act on ESRS simplification. This article summarises what I identified and what it means for your organisation.

What is the value-chain cap?

The delegated act (reference Ares(2026)4624010) supplements the Accounting Directive 2013/34/EU as amended by the Omnibus I act (Directive 2026/470) with a central protective mechanism: companies subject to the CSRD (Directive 2022/2464) will in future only be permitted to request sustainability data from their suppliers and business partners that is codified in the Voluntary Standard. The standard itself is built on the VSME data model developed by EFRAG.

In practice, this means: if a large company reports under the CSRD and needs sustainability data from its mid-market suppliers, it must confine itself to the VSME data model. No bespoke questionnaire, no divergent definitions, no extended requirements beyond the standard.

That is the concept. The question is whether the current draft can operationally enforce it.

Why the concept is sound and urgently needed

The so-called trickle-down effect is real and measurable. Large corporates reporting under the CSRD need value-chain data they do not hold themselves. They pass these requirements down to their suppliers, in individual formats, with varying deadlines and sometimes contradictory definitions.

Mid-market companies I work with currently receive between eight and fifteen different ESG questionnaires per year. The CSRD-driven share of those is a minority. The larger channels, sector initiatives, banking processes and rating agencies, run alongside it. This illustrates how significant the protection gap still is.

A single, standardised VSME report as a binding limit would have a genuine efficiency effect. For SMEs it means less duplicated data collection; for CSRD-obligated companies it means better data quality. Both sides benefit from a clear, shared data model. Our benchmark pool of 638 European CSRD reports for financial year 2025 shows that only 34 per cent of reports contain values for all three Scope levels. The standard is therefore not an academic problem.

Gap 1: Two loopholes leave the largest channels open

Recital 4 of the draft contains two exceptions that, taken together, can effectively hollow out the cap:

"Information that is customarily exchanged within a sector" may continue to be shared on a voluntary basis. In practice, sectoral peer pressure is the strongest mechanism through which non-standardised questionnaires arise. Industry associations, major customers and rating providers drive this mechanism. The cap does not apply here.

"Obligations under other Union law" are expressly excluded. This covers the CSDDD, the German Supply Chain Due Diligence Act, the EU Taxonomy and the EBA Pillar 3 requirements for banks. Companies subject to reporting obligations will use this legal basis to continue sending bespoke questionnaires.

The combined effect: the cap protects against exactly one channel (CSRD value-chain reporting), whilst the larger channels remain open. That is better than nothing, but it is not what the draft promises.

My recommendation: Recital 4 should clarify that the cap represents the coordination standard that other Union acts and sector practice should use as their starting point. Article 3 should introduce a documentation obligation: any party invoking the "other Union law" exception must cite the specific legal basis and explain why the requirement goes beyond the cap.

Gap 2: Climate data is excluded from the cap, yet is the most requested

Annex II of the draft explicitly excludes the climate-related disclosures of the supplementary module from the cap: C3 (GHG reduction targets) and C4 (climate risks). This is structurally problematic, because precisely these data points are required by the most important customers.

Banks that must meet EBA Pillar 3 requirements need physical risk assessments from their borrowers. Large corporates subject to the CSRD that are preparing transition plans under ESRS E1 need GHG reduction targets from their supply chains. SFDR financial market participants need PAI data that depends on value-chain inputs.

If the cap excludes C3 and C4, these data points will continue to be requested, but via individual questionnaires rather than the standardised VSME format. That is exactly the trickle-down effect the regulation is meant to prevent.

A practical example from my climate risk analysis for a mid-sized German corporate group: the quantified physical risk exposure was up to 31.5 million euros per year, of which 88 per cent were physical risks (primarily hail and heavy rainfall). A small number of sites concentrated more than a third of that exposure. Without structured climate risk disclosures within the cap, banks will continue to request bespoke assessments from value-chain suppliers for such groups.

My recommendation: Include C3 and C4 in Annex II as "required where applicable". An SME with no identifiable climate risks would simply state that the disclosure does not apply. SMEs with material climate exposure, the majority in asset-heavy sectors, would provide a standardised disclosure once, rather than responding repeatedly to multiple ad hoc requests.

Gap 3: Scope 3 remains outside the cap, the most requested data point

Paragraphs 49 to 52 of the Voluntary Standard classify Scope 3 disclosures as a "consideration when reporting sector-specific information", explicitly placing them above the cap. This is operationally the most significant problem.

Scope 3 is precisely the disclosure that CSRD-obligated companies most urgently need from their suppliers, because they cannot calculate it without supplier data. Excluding Scope 3 from the cap guarantees bespoke questionnaires.

The data from our CSRD benchmark is unambiguous:

• Only 34 per cent of the 638 analysed CSRD reports (FY 2025) contain values for all three Scopes
• 27 per cent contain no Scope data at all, despite a formal CSRD obligation
• 21 per cent of reports disclosing a Scope 3 figure report a Scope 3 value smaller than Scope 1 or 2, which is methodologically implausible in almost every sector
• 76 per cent report static Scope values without a prior-year comparison

The combination of weak Scope 3 data quality at reporting level and a lack of standardisation at supplier level means CSRD-obligated corporates will deploy bespoke Scope 3 questionnaires to fill the gaps. A minimum standard within the cap would reduce this friction and improve overall data quality. For more on this, see the article on the most common mistakes in Scope 3 accounting.

My recommendation: Codify a minimum standard for Scope 3 disclosures within the cap, for companies in climate-critical sectors (consistent with the C3 logic in paragraph 54). The minimum standard: the three largest Scope 3 categories using a spend-based methodology. This is achievable even without prior Scope 3 experience.

Gap 4: The ten-employee relief does not fit climate-critical sectors

The relief for micro-enterprises with fewer than ten employees is sensible in principle. In its current design, it is too broad.

A property company with five employees can manage a portfolio with materially relevant energy consumption, embedded CO₂ emissions and physical risk exposure far exceeding what a fifty-person service firm generates. The relief would permit this micro-enterprise to omit total energy consumption, Scope 1 and 2, water withdrawal and waste data.

For banks and large customers working with such portfolios, all quantitative environmental data would be absent. This is also a contradiction from the perspective of the Omnibus reform package: reducing bureaucracy, yes, but not at the expense of climate-critical data points.

My recommendation: Restrict the relief to companies whose primary NACE sector does not fall within the climate-critical sectors (NACE Sections A to H and M). For climate-critical sectors, the environmental disclosures B3, B6, B7 as well as C3 and C4 (where applicable) should remain "required".

Gap 5: FY 2027 puts all parties under excessive pressure

The draft provides for mandatory application from financial year 2027. That gives CSRD-obligated companies approximately twelve months after entry into force to:

• Migrate internal supplier data systems to the VSME data model
• Redesign and communicate supplier questionnaires
• Train procurement and sustainability teams
• Apply the EFRAG Knowledge Hub guidance, which is not yet stable

The risk of an overly tight timeline: reporting companies cannot restructure their processes in time and continue using existing bespoke questionnaires for at least one further reporting cycle. The standard then launches with a credibility deficit.

Interestingly, this is a pattern we also observed with the original CSRD introduction: too much implementation pressure leads to formal compliance without substantive process quality.

My recommendation: Defer mandatory application to FY 2028. Allow voluntary early application from FY 2027. Use the additional year to finalise the EFRAG Knowledge Hub and run a structured pilot with three to five reporting companies per Member State.

What this means for your organisation today

The value-chain cap is coming, in some form. The question is not whether, but how well it functions in its first version. Several other consultation respondents have raised related points, including Selko Insights, Reclaim Finance and B Lab, with recommendations on relief for climate-critical sectors and on strengthening climate data within the cap. Regardless of how the consultation concludes, three strategic recommendations follow for your organisation.

Build a VSME report as your standard response

Building a structured VSME report today provides multiple layers of protection: as a response to current customer requests, as a benchmark for bank conversations, and as groundwork for when the cap comes into force. The VSME Readiness Check shows you where you stand today in just a few minutes.

Do not defer climate data until the cap applies

Even though C3 and C4 currently sit outside the cap in the draft, banks and CSRD-obligated customers will continue to request this data. A structured climate risk analysis following TCFD logic gives you an audit-ready basis, rather than having to respond from scratch to individual requests each time.

Approach Scope 3 pragmatically, not by ignoring it

The spend-based methodology is practical for SMEs. Documenting the three largest Scope 3 categories using a spend-based approach covers more than 70 per cent of CSRD-relevant requests, even if the cap does not (yet) include Scope 3.

Sources and transparency

Primary sources:

• EU Have Your Say: Voluntary Standard consultation (submitted responses)
• EUR-Lex: Accounting Directive 2013/34/EU
• EUR-Lex: CSRD (Directive 2022/2464)
• EUR-Lex: Omnibus I (Directive 2026/470)
• EFRAG: VSME Digital Template and XBRL Taxonomy

Transparency: Fiegenbaum Solutions provides VSME implementation and climate risk consulting for companies directly affected by this regulation. This article is based on the formal response I submitted to the European Commission on 14 May 2026, as well as practitioner experience from more than 300 accompanied projects. The anonymised practical examples (mid-market group with physical climate risk analysis) are verifiable but presented without client reference for reasons of confidentiality.

Not legal advice: This analysis reflects my practitioner perspective and does not substitute individual legal or tax advice on the application of the CSRD, the Voluntary Standard or related EU acts. For company-specific application questions, I recommend consulting a specialist legal adviser.

Frequently asked questions