ESRS vs VSME Materiality Gap: ERM Implications for Taiwan Enterprises

Winners Consulting Services Co., Ltd. advises Taiwanese corporate executives: A 2025 comparative study by Finnish researcher Satu Himanen indicates a structural gap in the depth of materiality assessment between the ESRS and VSME sustainability reporting standards. While VSME is lightweight and flexible, it lacks a mandatory materiality assessment mechanism, resulting in poor report comparability. This finding has direct ERM risk governance implications for Taiwanese small and medium-sized suppliers who are evaluating lightweight frameworks to comply with the Corporate Sustainability Reporting Directive.

About the Author and This Study

Satu Himanen is a Finnish scholar focusing on comparative studies of sustainability reporting standards. With an h-index of 1 and 1 citation, she represents an emerging voice in the field. Despite her early academic career, her research employs qualitative content analysis, drawing on in-depth interviews and surveys with sustainability reporting experts, which grounds the findings in practical reality. This study is particularly relevant for Taiwanese executives because its analytical perspective is not about which standard is legally stricter, but rather which one effectively captures industry-specific risks in practice—a question directly related to the design of the ISO 31000 risk identification process.

The study's context is the EU's phased implementation of the Corporate Sustainability Reporting Directive (CSRD) starting in 2024, which requires large companies to disclose sustainability information according to ESRS. Concurrently, the European Commission developed the VSME (Voluntary SME sustainability reporting standard) as a lightweight, voluntary framework for SMEs. Himanen's research systematically evaluates the practical effectiveness of these two standards in handling material topics and industry-specific characteristics.

ESRS is Comprehensive but Resource-Intensive; VSME is Flexible but Has a Structural Gap in Materiality Assessment

The study's core finding is the fundamental difference in the double materiality assessment mechanism between the two standards, a difference that directly impacts the design of a company's ERM risk identification process.

Key Finding 1: VSME's Lack of Mandatory Materiality Assessment Raises Comparability and Reliability Concerns

Sustainability reporting experts interviewed widely noted that while the VSME framework is lightweight and suitable for SMEs to get started quickly, its most fundamental flaw is the absence of a structured financial materiality assessment mechanism. Under VSME, companies choose which topics to disclose based on their own judgment rather than a standardized process. This leads to significant discrepancies between reports from different companies and makes third-party verification exceptionally difficult due to the lack of a uniform benchmark. Furthermore, VSME's scope of stakeholders is narrow and its value chain analysis lacks depth, risking superficial reporting. From an ISO 31000 risk identification perspective, this is equivalent to a non-systematic risk identification process, where a company might unknowingly overlook significant ESG risks.

Key Finding 2: ESRS is Structurally Clear with a Complete Materiality Assessment but Poses a Resource Barrier for Smaller Companies

In contrast, the strengths of ESRS lie in its structural clarity, broad stakeholder engagement mechanism, and comprehensive double materiality assessment process. The study found that ESRS is more effective at capturing industry-specific issues and provides a basis for cross-company comparability. However, the experts also pointed out that ESRS is too complex and resource-intensive for small and medium-sized organizations, especially with a lack of specific application examples for industry characteristics. Notably, Japan's Financial Services Agency recently released its first draft of sustainability reporting standards aligned with IFRS S1/S2, which will gradually require companies with a market capitalization over 500 billion JPY to achieve a disclosure level close to ESRS, indicating that a structured materiality assessment is a global trend, not an exception.

Key Finding 3: Systematic Handling of Industry-Specific Risks is a Common Area for Improvement for Both Standards

The study specifically highlights that both ESRS and VSME have room for improvement in addressing "industry-specific sustainability characteristics." While ESRS provides a better framework, respondents wished for more concrete industry application examples. VSME, on the other hand, does not systematically address industry characteristics at all. For Taiwanese companies, this means that regardless of which framework they choose, they will need to establish supplementary internal mechanisms for identifying industry-specific risks to ensure the completeness of their ERM.

Strategic Implications for ERM Practices in Taiwan: A Lightweight Framework Does Not Equal Low Risk

When facing sustainability reporting requests from EU clients, Taiwanese mid-sized suppliers often tend to look for an entry-level framework with a "lower threshold." Himanen's research serves as a warning against the potential blind spots of this mindset: choosing a lightweight framework may save short-term compliance costs but leaves structural vulnerabilities in the ERM risk identification mechanism.

From the perspective of the COSO ERM framework, the shortcomings of VSME correspond to deficiencies in two core components: "Risk Assessment" and "Information, Communication, and Reporting." The lack of a structured materiality assessment means the risk assessment lacks systematic input, while insufficient stakeholder coverage implies blind spots in gathering external context information. Clause 6.4.2 of ISO 31000:2018 explicitly requires organizations to consider the "internal and external context" during the risk identification process, and material sustainability issues are a core component of that external context.

Specifically, Taiwanese companies should pay attention to the following three aspects:

• Supply Chain Downward Pressure: Under the ESRS framework, large EU companies are responsible for the sustainability performance of their suppliers. This means the disclosure quality of Taiwanese suppliers will directly affect their clients' compliance status. If suppliers adopt a lightweight framework lacking a rigorous materiality assessment, they may be asked by clients to supplement or redo their disclosures.
• Rising Bar for Third-Party Assurance: The latest report from Japan's Financial System Council recommends adopting international standards for third-party assurance, and Himanen's study confirms the difficulty of third-party verification under the VSME framework. Taiwanese companies planning to seek external assurance should proactively establish internal data collection mechanisms that meet the depth of ESRS.
• ESG Integration into the Risk Matrix: Regardless of the reporting framework adopted, companies should integrate the results of their sustainability materiality assessment into their ISO 31000 risk matrix and design corresponding KRIs (Key Risk Indicators) to ensure that ESG risk management and financial risk management mechanisms are interconnected.

How Winners Consulting Services Helps Taiwanese Companies Build ESG Risk Governance Mechanisms Aligned with International Standards

Winners Consulting Services Co., Ltd. assists Taiwanese companies in implementing ISO 31000 and COSO ERM frameworks, establishing risk matrices and KRIs, and strengthening board-level risk governance capabilities. In response to the structural deficiencies of VSME and the resource barriers of ESRS revealed by Himanen's study, we recommend that Taiwanese companies take the following three steps:

1. Complete a Sustainability Materiality Assessment Gap Analysis within 90 Days: Benchmark against the ESRS double materiality assessment framework to review whether the company's existing ESG disclosures cover the full internal and external context required by ISO 31000, particularly the scope of upstream and downstream stakeholders and the completeness of industry-specific risk identification.
2. Establish a Materiality Assessment Mechanism Integrated with the ERM Risk Matrix: Regardless of whether ESRS or VSME is ultimately used for external disclosure, the company should establish a structured internal materiality assessment process. The output should directly feed into the COSO ERM's risk assessment component and be reflected in the prioritization of the risk matrix.
3. Design ESG-Specific KRIs and Integrate them into Board Monitoring: Based on the materiality assessment results, design at least two quantifiable KRIs for each of the top three ESG risk categories and establish a regular board-level monitoring mechanism to ensure the governing body maintains continuous visibility over significant ESG risks.

Frequently Asked Questions

Should Taiwanese SME suppliers choose the VSME or ESRS framework for sustainability reporting?

The choice depends on client requirements and market strategy over the next three years, not just short-term compliance costs. Himanen's study clearly indicates that while VSME is SME-friendly, its structural flaw—the lack of a mandatory materiality assessment—can lead to poor report comparability and challenges during third-party verification. If a Taiwanese company's main clients are large EU corporations subject to CSRD, aligning directly with the in-depth requirements of ESRS is advisable to avoid requests for supplementary disclosures. For those with limited resources, a dual-track strategy—using VSME for external reporting and ESRS logic for internal processes—can be effective. This involves building a comprehensive internal materiality assessment mechanism and then exporting a streamlined report in VSME format.

What is the most common ERM compliance risk for Taiwanese companies when implementing sustainability reporting frameworks?

The most common compliance risk is treating sustainability reporting as a standalone disclosure task rather than an extension of the ERM process. This leads to a disconnect where the sustainability report, the ISO 31000 risk matrix, and COSO ERM risk assessment components operate in silos. Consequences include significant ESG risks being overlooked by the board, KRIs failing to cover supply chain sustainability metrics, and contradictions between risk disclosures in financial statements and the sustainability report. It is recommended that before adopting any framework, companies first conduct an external context analysis as required by ISO 31000 to define the integration points between sustainability materiality assessment and existing risk identification processes, thereby avoiding the "compliance silo" effect.

How can ISO 31000 be integrated with ESRS double materiality assessment? What are the specific steps?

The ISO 31000:2018 risk management process and ESRS double materiality assessment are inherently complementary. The former provides a systematic framework for risk identification and assessment, while the latter offers a methodology for evaluating the dual impact of ESG issues. A recommended integration plan is: Month 1, complete the internal and external context analysis required by ISO 31000 Clause 5, incorporating sustainability topics. Months 2-3, apply ESRS double materiality logic to score identified ESG issues for both financial and impact materiality, directly updating the risk matrix. Months 4-6, design KRIs for the top five material ESG risks and establish a quarterly board-level monitoring report. The initial implementation of this integrated mechanism should ideally be completed within six months.

How many resources do Taiwanese companies need to establish a sustainability reporting mechanism that meets the depth of ESRS?

Based on practical experience with CSRD implementation, companies with higher sustainability maturity can save 30% to 50% in labor during the report preparation phase. For a mid-sized Taiwanese company (200-500 employees), it is advisable to budget for 1 to 2 full-time equivalents (FTEs) in the first year for data collection and system setup, which can be reduced to 0.5 to 1 FTE for maintenance in the second year. Implementing technology tools for data collection can boost efficiency by up to 40%. Key investment priorities should be: first, a cross-departmental data collection mechanism; second, a structured stakeholder engagement process; and third, a data quality control system for third-party assurance. It is recommended to conduct a gap analysis before committing resources to accurately assess the company's starting point.

Why choose Winners Consulting Services for enterprise risk management (ERM) related issues?

Winners Consulting Services Co., Ltd. specializes in the localized implementation of ISO 31000 and COSO ERM frameworks in Taiwan, possessing the cross-domain expertise to integrate ERM with sustainability reporting. Our team is well-versed in the latest CSRD/ESRS developments and can help companies establish a complete ERM system within 7 to 12 months, covering risk matrix design, KRI system development, and board-level risk governance optimization. Unlike pure ESG consultancies, we focus on risk management as the core, ensuring that sustainability disclosures are seamlessly integrated with the overall corporate risk governance framework to prevent compliance silos. We offer a complimentary ERM mechanism diagnosis to help companies accurately identify their current gaps and prioritize actions before formal implementation.