← All articles
csrdprimary-dataoemscope3eu-regulation

How EU OEMs can prepare for CSRD primary data requirements

CSRD doesn't just require Scope 3 disclosure. It requires you to show how much of that data came from primary sources. Here's what Wave 1 OEMs need to do before their first reporting cycle closes.

Thibaut de Wild ·

The Corporate Sustainability Reporting Directive requires you to report Scope 3 emissions. What most CSRD preparation guides underemphasise is that it also requires you to disclose your methodology and the proportion of your footprint backed by primary supplier data versus secondary estimates. That second requirement is where most Wave 1 filers will be caught short.

A Scope 3 number built on spend-based estimates can be calculated from a procurement export in an afternoon. A Scope 3 number with primary data coverage, supported by supplier-submitted documents, traceable to specific invoices and production records, takes months of supplier engagement to build. Wave 1 OEMs have already missed the preparation window for their first reporting year. But there is still time to build the infrastructure that makes subsequent years defensible.

What CSRD actually requires on methodology

The European Sustainability Reporting Standards (ESRS) require disclosure of:

  • The methodologies used for each significant Scope 3 category
  • The proportion of data collected from primary versus secondary sources
  • Significant estimation uncertainty and how it was managed
  • Whether the data was subject to external assurance

This is not a box-checking exercise. An ESRS-compliant Scope 3 disclosure for a manufacturer with complex supply chains will be scrutinised by auditors who know the difference between a methodology statement and a genuine data governance process. The question isn’t whether you have a number. It’s whether you can defend how you got it.

Categories that matter most for OEMs with stamped steel supply chains

Not all Scope 3 categories are equally material for EU white goods and industrial machinery manufacturers. The categories where primary data creates the most material difference:

  • Category 1 (Purchased goods and services): Typically 40–70% of total Scope 3 for discrete manufacturing. Dominated by steel, components, and sub-assemblies. Primary data from direct Tier 1 stamped steel suppliers is both tractable and high-impact.
  • Category 4 (Upstream transportation): Material but often covered by carrier data. Primary data more accessible than for manufacturing.
  • Category 11 (Use of sold products): For white goods specifically, this often exceeds all upstream categories combined. Energy labelling data is the primary source.

For Wave 1 readiness, Category 1 is where to focus first. It’s the largest category, it’s under your direct contractual relationship with suppliers, and it’s where auditors will look for evidence of genuine primary data collection.

The three things to put in place before your first CSRD reporting cycle

1. A supplier data programme with documented scope

You need to be able to show that you made a systematic effort to collect primary data from material suppliers, not that you sent a questionnaire to a few of them. Documented scope means: a defined list of in-scope suppliers, a clear data collection process, and a record of participation rates. Even if actual primary data coverage is low in year one, a credible programme with documented outreach is more defensible than a high-quality footprint number built on undocumented estimates.

2. Source-traceable data for your top-20 suppliers

Twenty suppliers typically cover 60–80% of Category 1 spend in a mid-market OEM supply chain. Prioritise primary data collection here. For stamped steel: energy invoices + production volume records are sufficient to move from spend-based to activity-based estimates, and that improvement in data quality is material enough to warrant disclosure.

3. A methodology document that holds up to audit

This means: which emission factors did you use and from which database, what year are they from, how were supplier-submitted values validated, and what was your approach to handling non-responding suppliers. If your methodology can’t be written down in four pages, it isn’t ready for external assurance.

Outline

The assurance timeline and what it means for data collection

  • When to involve your external auditor
  • Limited vs. reasonable assurance: what the difference requires in practice
  • How auditors assess primary data claims

Building a supplier data governance process

  • What “traceable to source” means at the document level
  • Versioning and amendment controls
  • Chain of custody for submitted data

Dealing with non-responding suppliers

  • Proxy approaches that are ESRS-consistent
  • How to document gaps without compromising the report
  • The difference between “not available” and “not collected”

The multi-year improvement trajectory

  • Year 1: document the programme
  • Year 2: hit primary data thresholds for material categories
  • Year 3: close the gap on Tier 2

What changes when you move from estimates to primary data

  • The reduction in disclosure uncertainty
  • Impact on investor-facing Scope 3 numbers
  • How buyers increasingly screen suppliers on data quality