.avif)
Disclaimer: New EUDR developments - December 2025
In November 2025, the European Parliament and Council backed key changes to the EU Deforestation Regulation (EUDR), including a 12‑month enforcement delay and simplified obligations based on company size and supply chain role.
Key changes proposed:
- New enforcement timeline: 30 December 2026 for large/medium operators, 30 June 2027 for small/micro operators
- Simplified DDS: One-time declarations for small and micro primary producers
- Narrowed scope: Most downstream actors and non‑SME traders would no longer need to submit DDSs
- New DDS requirement: Estimated annual quantity of regulated products must be included
These updates are not yet legally binding. A final text will be confirmed through trilogue negotiations and formal publication in the EU’s Official Journal. Until then, the current EUDR regulation and deadlines remain in force.
We continue to monitor developments and will update all guidance as the final law is adopted.
Disclaimer: 2026 Omnibus changes to CSRD and ESRS
In December 2025, the European Parliament approved the Omnibus I package, introducing changes to CSRD scope, timelines and related reporting requirements.
As a result, parts of this article may no longer fully reflect the latest regulatory position. We are currently reviewing and updating our CSRD and ESRS content to align with the new rules.
Key changes include:
- A narrowed CSRD scope, now limited to companies with 1,000+ employees and €450m turnover
- Delays to CSRD reporting timelines, with wave 2 and 3 reports pushed to 2028/2029 in most cases
- Simplification of ESRS datapoints
We continue to monitor regulatory developments closely and will update this article as further guidance and implementation details are confirmed.
We’re excited to announce that Coolset has achieved ISO 27001:2022 certification, a globally recognized standard for information security management. This major milestone underscores our commitment to safeguarding sensitive customer data in the fast-evolving world of carbon management and CSRD reporting.
As companies handle increasingly sensitive data—emissions metrics, regulatory compliance, and financial records—strong security protocols are crucial. ISO 27001 ensures that Coolset meets the highest international standards for risk management, data security, and legal compliance. For our customers, this translates into more than protection - it gives them peace of mind knowing that Coolset's data policy is top-level.
How Coolset protects customer data
Our ISO 27001 certification is the backbone of our commitment to security. At Coolset, we implement a comprehensive suite of security measures, including detailed risk assessments, rigorous access controls, full data encryption, regular security audits, and continuous monitoring, ensuring a thorough protection of sensitive data.
Transparency through the Coolset Trust Center
Alongside with the ISO 27001 certification, we’ve launched trust.coolset.com, a dedicated platform that offers full transparency into our security practices.
Here, visitors can find:
- Compliance certifications: Detailed information about the certifications we hold, demonstrating our adherence to strict security and privacy standards.
- Security controls: A comprehensive breakdown of the technical and organizational safeguards we use to protect customer data.
- Policies: Direct access to our security and privacy policies.
- Data collection practices: A transparent overview of the types of data we collect, why we collect it, and how it’s used within our services.
Our commitment to security and transparency
At Coolset, we value our customers’ privacy and are committed to protecting their sensitive information. With our ISO 27001 certification and the launch of the Trust Center, we are reinforcing our dedication to the highest standards of data protection.
For more details, visit trust.coolset.com.
on mobile screens
to experience this demo.
