Credibility through Assurance: The Role of Certification, Validation and Verification in Sustainability Reporting
Feb 05, 2026SustainabilitySustainability reporting has become a strategic top priority at the latest since CSRD/ESRS — initially for large companies that, as frontrunners, are building new data and governance structures as well as assurance processes (while having to deal with boundary conditions, transitional rules, and “moving targets”). At the same time, this development is cascading into value chains: even if many SMEs are not directly subject to reporting obligations, they are affected by changing customer expectations, requirements from financiers, supply-chain specifications, and tenders (“trickle-down”).
As an accredited conformity assessment body, DEKRA Certification GmbH provides neutral insight into standards, audit methodologies and regulatory frameworks. The following interview brings together two perspectives: the technical assurance view represented by Annette Dési and the practical perspective of internationally operating companies, represented by Stefan Richter.
Annette Dési: Because CSRD/ESRS are not only “obligations”, but an expectations framework that is shaping the market. Even if an SME is not directly subject to CSRD, it very often becomes a data provider: customers request information on emissions, energy, materials, risks, compliance, and supply-chain topics — today via questionnaires, tomorrow increasingly in standardized form. We see exactly this “trickle-down” mechanism across industries.
And: complexity does not disappear just because deadlines are adjusted. The central question remains: how does the business model become viable in the long term — environmentally, socially, and economically? Companies that engage seriously with transformation cannot avoid dealing (to the extent appropriate) with CSRD logic, material topics, and robust evidence.
Stefan Richter: Many are, frankly, disoriented: new terms, new expectations — and the impression that regulatory guardrails are constantly shifting. What many SMEs describe as helpful is predictability: a set of measures that can be implemented step by step. In practice, international management systems and recognized ISO certifications can help create a common language and structure that customers around the world understand. And that is the international dimension: anyone exporting or operating as part of international supply chains needs evidence that is accepted across borders.
Annette Dési: Because reporting without robust processes increases the risk of becoming an “Excel exercise”. ISO 14001 (environment) and ISO 50001 (energy) address exactly those elements that are often relevant for reliable sustainability information: responsibilities, objectives, data collection, monitoring, internal audits, management review, and continual improvement.
For climate/emissions data, the following are particularly important: organizational and operational boundaries, data quality, and evidence. Emissions are not just a number — they depend on methodological decisions (boundaries, activity data, emission factors, plausibility checks). A management system provides the “operating manual” that makes data reproducible, explainable, and auditable.
Annette Dési: This is extremely important because it describes the nature of the assurance engagement:
- Limited assurance
Objective: The practitioner reaches a conclusion along the lines of “nothing has come to our attention that would indicate …” (a negatively worded conclusion).
Approach: Typically more analytical procedures, inquiries, plausibility checks, and selective sampling — less “deep testing” of every data source.
Practical effect: Can serve as an entry point to increase reliability step by step — but it is not an instrument for fully detecting irregularities if internal controls are weak. - Reasonable assurance
Objective: A significantly higher level of assurance, with a more “positively” worded conclusion; more evidence, more assurance procedures, often deeper sampling logic and stronger testing of controls.
Practical effect: Higher reliability, but also significantly more effort — and high requirements for internal control systems, data flows, and documentation.
Regarding the CSRD itself: initially, limited assurance is intended; prospectively, further development toward reasonable assurance is possible.
Both certification and validation/verification work on an evidence- and sampling-based basis — this creates trust, but it does not replace robust internal data and control processes. This is precisely why management systems are often a prerequisite for assurance and validation/verification engagements to be efficient and effective in the first place.
Stefan Richter: For large companies, it means: they are currently building the infrastructure for limited assurance — and at the same time have to plan so that processes can “grow” as requirements increase. For supply chains, it means: the pressure on data quality and evidence moves downward. Many SMEs are realizing: “An Excel figure is no longer enough; we need to be able to explain how it is generated.”
Annette Dési: Certification typically confirms the conformity of a management system (e.g., ISO 14001/50001): is the system established, implemented, and effectively managed?
Validation/verification often relates to specific statements/claims — for example greenhouse gas inventories, climate inventories, mitigation projects, or “net-zero” pathways. Statements such as “climate neutral” or “CO₂ compensated/offset” are currently under scrutiny for good reason and are only credible if boundaries, methods, and data sources are transparent — and if an independent assessment is carried out in accordance with recognized rules.
Annette Dési: As an accredited body, we are subject to stringent requirements in terms of transparency, comparability, traceability, and independence. In practical terms, this includes, among other things:
- documented methodology, a consistent approach, and decisions that are traceable;
- assessment of boundaries, accounting bases, emission factors, and data quality;
- a clear assessment of whether a GHG statement or a claim complies with the selected methodology;
- and: impartiality/independence to avoid conflicts of interest.
At the same time, one point remains (critically and honestly): even under accreditation, a risk-based approach with a sampling logic applies. As risks increase — e.g., manipulation, incomplete datasets, or greenwashing — no external assessment can “see everything” if there are no reliable internal controls, data flows, and approvals. Accredited assessment is strong, but it does not replace the maturity of internal data and control processes.
Stefan Richter: In practice, it is rarely an “either/or” — it is more like a toolkit. Many start with ISO 14001 or ISO 50001 because these standards create internal structure: responsibilities, objectives, data logic, internal audits — this can support companies in internal steering and documentation and make them internationally compatible. At the same time, the demand for verified metrics (e.g., GHG data) is growing because customers and markets want to see not only “we have a system”, but also “we can substantiate figures reliably”. Internationally, the two are therefore often combined: management systems and — where appropriate — validation/verification.
And then there are topics that go beyond the management system: product and raw-material chains where sustainability characteristics must be attributed correctly. Systems like ISCC are an example of rule and assurance mechanisms here (e.g., chain of custody, documentation and transfer of sustainability characteristics across multiple stages) — particularly in the RED context. For many customers, traceable origin and chain evidence are relevant.
Stefan Richter: Mis-transfers are incorrect transfers of sustainability characteristics; double counting is the multiple claiming of such characteristics — both undermine credibility. From the customer perspective, two things ultimately matter: clean data flows and clear responsibilities. If sustainability characteristics are transferred along a chain, this cannot happen “on the side” — it requires the same discipline as financial or quality data.
Typical control and evidence areas that are often reviewed in audits/assessments include, for example:
- unambiguous attribution logic (boundaries, quantity logic, and, where applicable, a mass balance model);
- “one source of truth” for quantities, reclassifications, and evidence;
- regular plausibility checks (inputs/outputs, yields, deviations);
- clean interface definitions — especially with multiple sites/suppliers (often the handover is more critical than the data itself).
In short: ISO management systems provide the framework for processes and controls to function — product-chain-related systems like ISCC provide the specific logic for evidence generation along the chain. The combination can increase international compatibility and consistency of evidence; however, concrete requirements depend on the programme/scheme, scope, and customer expectations.
Stefan Richter: It raises the bar: fewer advertising claims, more evidence. Claims such as “climate neutral” or “CO₂-compensated” are under close scrutiny—methodological rigor, transparency, and verifiable proof are mandatory. For companies, this means that statements are increasingly evaluated in practice based on whether they are precise, comprehensible, and well-documented—and whether they can, where necessary, be supported by independent verification.
Note (source): DIN explains that European and international standards can be interoperable with the VSME approach and can support companies in structuring disclosures consistently and comparably.
DIN provides further information:
https://www.din.de/de/din-und-seine-partner/presse/mitteilungen/nachhaltigkeitsberichterstattung-normen-mapping-kmu-1254398
https://www.din.de/de/din-und-seine-partner/presse/mitteilungen/nachhaltigkeitsberichterstattung-normen-mapping-kmu-1254398
Annette Dési: A very current example is the CRCF Regulation — the EU Carbon Removals and Carbon Farming Certification Framework. With Regulation (EU) 2024/3012, the EU has created an EU-wide framework to assess carbon removals, carbon farming, and CO₂ storage in products against uniform criteria. The concrete design will be further specified step by step through methodologies, delegated acts, and standards.
Why is this so relevant? Because climate action projects — and in particular quality-assured removals of CO₂ (and robust climate action measures) — will become indispensable for reducing global emissions and achieving long-term climate goals. At the same time, the market has so far been very heterogeneous: different quality levels, different terminology, different evidence logics. The CRCF framework aims precisely to strengthen transparency, comparability, and environmental integrity — and thus also improve the basis for credible claims and robust financing.
Annette Dési: Frameworks like these help to “ground” communication: fewer assertions, more evidence. At the same time, expectations rise: when a company communicates about climate action projects or carbon removal topics, the questions will increasingly be: under which framework? with which verification? what transparency? In practice, coordination between specialist functions (e.g., sustainability, legal/compliance, communications) often becomes more important.
Interviewer: Thank you, Annette and Stefan, for your time and the clear insights. It’s evident that credible sustainability reporting increasingly depends on robust processes, transparent methodologies and evidence that can stand up to independent scrutiny.
Overview of depth of assurance (standards-based) — limited vs. reasonable & differentiation from ISO certification and V&V
Key takeaway:
- Assurance (limited/reasonable) describes the level of assurance of an engagement.
- ISO/IEC 17021-1 governs management system certification (audit, sampling-based).
- ISO/IEC 17029 governs validation/verification of claims, including the level of assurance (programme/scheme-dependent).