Your Romanian buyer is asking for ESG compliance evidence because they are subject to CSRD and preparing for CSDDD.
Romania is an EU member state fully subject to CSRD and the CSDDD framework. Romanian buyers in automotive, IT services, manufacturing, and financial services are issuing ESG questionnaires to their suppliers as part of their mandatory CSRD reporting and CSDDD preparation. The ANSPDCP (National Supervisory Authority for Personal Data Processing) enforces GDPR. DNSC (Directoratul Naศional de Securitate Ciberneticฤ) coordinates NIS2 implementation. Romania's growing automotive and IT sector makes it an increasingly important node in European supply chains.
Key regulations in Romania โ CSRD, CSDDD & ESG Supplier Guide
CSRD โ EU Corporate Sustainability Reporting Directive (Romanian transposition)
Romania has transposed CSRD into national law. Romanian companies in scope must report on their supply chain's environmental and social impacts using European Sustainability Reporting Standards (ESRS). The ASF (Financial Supervisory Authority) requires sustainability disclosures from financial institutions. Romanian automotive buyers โ supplying Dacia/Renault, Ford, and other major OEMs โ are increasingly active in supply chain ESG questionnaires.
Romania GDPR & NIS2 Cyber Obligations
Romania implements GDPR with 72-hour breach notification to ANSPDCP (Autoritatea Naศionalฤ de Supraveghere a Prelucrฤrii Datelor cu Caracter Personal). NIS2 implementation requires essential and important entities to notify DNSC (Directoratul Naศional de Securitate Ciberneticฤ) within 24 hours of a significant incident and provide a full report within 72 hours.
What this means for you as a supplier
You are not directly regulated by Romanian law. But your Romanian buyer is preparing for CSRD reporting and CSDDD compliance โ and they need your data to complete their own mandatory reports. Romanian buyers in automotive and IT services are increasingly active in supply chain due diligence, reflecting Romania's growing role as a major EU manufacturing and technology hub.
Key dates
FY 2024
CSRD Phase 1 begins for large Romanian public-interest entities
FY 2025
CSRD Phase 2 begins for large Romanian companies over 250 employees
July 26, 2028
CSDDD transposition deadline for EU member states
July 2029
CSDDD compliance required for Romanian companies over 1,000 employees and โฌ450m turnover
CSRD is already in force โ your data is needed now
CSRD Phase 1 reporting began for large public-interest entities in FY 2024. Phase 2 covers large companies over 250 employees from FY 2025. Your buyer needs your emissions data, social metrics, and governance information to complete their own mandatory CSRD report. This is not a voluntary request โ it is a legal obligation on your buyer that flows through to you as a supplier.
Last reviewed: April 2026. This guide is for general information only and does not constitute legal advice. Regulations change โ verify current requirements with a qualified adviser.
Received an ESG questionnaire from a Romanian buyer?
ESG Stress Free guides suppliers through CSRD and CSDDD compliance requirements for Romanian buyers.