Who Will Sign? CSRD and the End of Collective Responsibility in Regional Companies

March in the Balkans is traditionally the month of closing annual accounts. But in 2026, March brings a different kind of weight.

The question will no longer be only: “Is the company profitable?” It will be: “Who will sign the ESG report under full regulatory and governance responsibility?”

CSRD (Corporate Sustainability Reporting Directive) introduces a fundamental shift:

responsibility is no longer organizational — it becomes personal.

What Is Actually Changing?

Until now, ESG reports in many regional companies have been a combination of:

narratives
estimates
partial data
ad-hoc tables

They were often the result of good intentions, but not of systemic structure.

CSRD introduces a different logic.

The ESG report becomes subject to assurance based on proof principles similar to financial reporting.

At that moment, the question stops being: “Do we have the data?” It becomes: “Who guarantees its accuracy — and can they prove it?”

The End of Collective Ambiguity

In regional companies, we often hear:

“We are all involved in ESG.”
“It’s a team effort.”
“We’re doing it together.”

In the Balkans, responsibility is often implicit, and processes are informal and trust-based.

CSRD does not recognize team-based ambiguity.

It requires:

Named signatories who guarantee data integrity
Formal controls that are documented and verifiable
A provable audit trail showing who approved a number, when, and on what basis

If these structures do not exist, the regulator will not ask why the system was weak.

They will ask who was responsible for ensuring that the system existed.

Delegation Is Not Protection

There is a dangerous misconception that delegating ESG to lower levels protects the Executive Management.

On the contrary.

In the absence of a clearly defined Proof Architecture:

Middle management becomes operationally blocked because it cannot prove the origin of data
Executive Management and the Board become legally and reputationally exposed because they sign documents without full visibility into their traceability
Owners become regulator-visible in the event of a negative audit opinion or enforcement measures

If no one in the company formally signs off on partial data (energy, emissions, waste, labor rights, supplier inputs), ultimate responsibility naturally escalates to the top.

ESG delegated to operations does not mean leadership is protected.

In fact, it means the opposite.

The Regional Weakness That CSRD Exposes

The biggest challenge in the Balkans is not a lack of knowledge.

The challenge is that systems are:

built for speed, not for provability
flexible, but undocumented
trust-based rather than control-based
often driven by “Excel culture”

Such systems can function for years.

But when an auditor asks:

“Where does this number come from, and who stands behind it with their signature?”

Improvisation is no longer enough.

In the absence of a clear accountability architecture, three levels of risk emerge:
Operational risk – data is inconsistent and incomparable
Reputational risk – a negative audit opinion signals weak governance
Governance risk – report signatories assume regulatory and personal responsibility
CSRD does not sanction bad intent.
It sanctions lack of control.

Accountability Architecture as the Only Shield

The solution is not writing longer ESG narratives.

The solution is designing a system that protects both the organization and the individual.

A Proof Architecture must clearly define:

Layer 1 – Responsibility at the Source
Operational managers formally confirm primary inputs (ERP systems, invoices, HR systems, energy measurements).

Layer 2 – Verification Responsibility
Control mechanisms (the “four-eyes” principle) confirm accuracy and consistency.

Layer 3 – Traceability
A digital trail showing every data modification over time.

Layer 4 – Governance Responsibility
Clear definition of who has the authority to finalize data for reporting.

Layer 5 – Disclosure Responsibility
Formal report sign-off with full awareness of the system behind it.

Without these layers, every signature on an ESG report is an operational risk.

Why This Is an Opportunity for the Balkans

Although it sounds restrictive, CSRD is a moment of professionalization.

Companies that, by 2026, have a clear accountability map:

Reduce dependence on individuals
Eliminate “Excel improvisation”
Increase credibility with EU partners
Protect executive management from unforeseen regulatory consequences
Professionalize governance structures

In a region where reputational shocks are disproportionately strong, a clear accountability architecture becomes a competitive advantage.

The Final Question for the March Board Meeting

When the auditor walks into your office and asks: “Where does this number come from, and who stands behind it with their signature?”
Do you have an answer — or do you have an excuse?

If you cannot prove ESG, you cannot protect either the company or yourself.

Check your exposure level with the CSRD / ESG CHECKLIST – BALKAN EDITION Download the CSRD 2026 BLUEPRINT: ESG Proof Architecture

Other blogs

Posted By Mehmed

CSRD: When ESG becomes a personal risk. How Evidence Architecture Moves ESG from Sustainability to Responsibility

March was traditionally reserved for closing the financial books. But from 2026...

March 2, 2026

4 Min Read

Posted By Mehmed