Navigating the first wave of EU public country-by-country reporting

The regulatory landscape for multinational groups operating in the European Union has become more complex with the implementation of the EU public country-by-country (CbyC) reporting requirements across all Member States. Whilst for most in-scope multinational enterprises (MNEs) the first round of disclosures under these new rules will be due by the end of 2026, with respect to financial year 2025 (for calendar year taxpayers), others have already published their first disclosures.

Specifically, non-EU groups with significant operations in Romania and MNEs headquartered in Romania were required to publish their first reports by the end of 2024. Similarly, MNEs with a qualifying presence in Croatia are subject to a reporting obligation with respect to financial years starting on or after January 1, 2024, with these reports due by the end of 2025.

With the public CbyC reporting rules now in effect across all EU Member States, aside from the exceptions¹ mentioned, 2025 is the first year for which that compliance is required across the full range of EU countries in which these groups have a qualifying presence. As a result, non-EU MNEs will now need to consider differences in national implementation when preparing their public CbyC reports. In summary, whilst the EU Public CbyC Reporting Directive (the Directive) establishes the overall framework for public CbyC reporting, the inclusion of optional provisions and the fact that it only represents a minimum standard, that Member States can go beyond, have led to significant variation in how the rules have been implemented at national level. Member States have exercised discretion in applying the rules, resulting in differences in key areas such as the scope of entities covered, reporting timelines, mandatory disclosures, language requirements, publication and filing.

To help multinational groups understand the practical implications of these new requirements, KPMG’s EU Tax Centre (ETC) conducted an internal survey in December 2025 across the network of KPMG member firms² in Europe. In this article, we summarize some of the key findings from that survey. Please note that the information provided is not exhaustive and should not be used as the sole basis for decision-making. Instead, this overview is intended to offer practical insights into the public CbyC reporting landscape and to highlight some of the main issues that multinational enterprises should consider as they prepare for their first public CbyC disclosures.

The EU public CbyC reporting rules were legislated as an amendment to the EU Accounting Directive³. They require multinational groups with consolidated net turnover of at least EUR 750 million in two consecutive financial years to publish a report containing income tax information⁴. The obligation applies both to EU-parented groups and to non-EU groups that have medium-sized or large subsidiaries or branches in the EU.

The report must disclose, for the entire group, information on revenues, profit (or loss) before tax, income tax accrued, income tax paid, number of employees, accumulated earnings, stated capital, and tangible assets, together with a brief description of the activities carried out in each jurisdiction.

The information must be broken down for each EU Member State where the group is active and also for each jurisdiction deemed non-cooperative by the EU or that has been on the EU’s “grey” list for a minimum of two years. Information concerning all other jurisdictions may be reported on an aggregated level.

A report must be filed with the relevant commercial register and made freely accessible on the website of one of the group companies, unless a Member State has opted for the ‘website publication exemption⁵. The general deadline to comply with this is twelve months after the balance sheet date, but – since the Directive is a minimum standard, Member States could apply shorter reporting deadlines.

The rules distinguish between MNEs headquartered in an EU Member and non-EU groups, as follows: 

For non-EU multinational groups operating across the EU, these variations present a significant compliance challenge. Rather than a single, harmonized set of requirements, companies must navigate a complex landscape of national rules, each with their own nuances and expectations. This section aims to map out some of the most important differences identified, to support readers that are navigating this landscape.

Group threshold variation

The first step in determining whether a reporting obligation exists under the public CbyC rules is to test the MNE group’s results against the EUR 750 million threshold. This exercise is relatively straightforward for EU jurisdictions that use the euro as their currency. However, the group threshold is not determined uniformly by Member States that use a different currency and that are allowed to convert the amount into local currency based on the relevant exchange rate on December 21, 2021. Member States may round the figure for simplicity.

Jurisdictions where the group threshold for non-EU MNEs are denominated in a different currency than the euro include:

• Denmark: DKK 5.6 billion (approximately EUR 750 million),
• Romania: RON 3.7 billion (approximately EUR 726.3 million), and
• Sweden: SEK 8 billion (approximately EUR 733 million).

For an overview of the specific group thresholds applicable for each EU Member State, please refer to KPMG’s EU Tax Centre Public CbyC implementation tracker.

One interesting point for MNEs to consider regarding the group threshold is how the requirement to test two consecutive years is applied. Typically, for calendar-year taxpayers with no qualifying operations in the two jurisdictions where the rules apply earlier than 2025 – namely, Romania and Croatia, the expectation is that the group threshold assessment would be performed for the first reportable year (2025) and the preceding year (2024)⁶. However, responses to the recent ETC survey indicate that at least one jurisdiction may have implemented the rules differently. In this case, the legislation requires a retrospective assessment of whether the MNE group fell below the threshold (rather than exceeded the threshold) for two consecutive years.

By way of illustration, consider an MNE group that reported global consolidated revenues above EUR 750 million in both 2023 and 2024, but falls below the threshold in 2025. In this scenario, under the rules of the jurisdiction mentioned above, the group would be subject to the reporting obligation for 2025, as it has not remained below the threshold for two consecutive financial years. Whilst this is likely a limited approach to the implementation of the rules, taxpayers should nonetheless review the local legislation of the relevant Member States to assess whether similar provisions apply.

Differences in the thresholds for a qualifying local presence

As a reminder, when determining whether a local presence gives rise to a reporting obligation, the Directive refers to medium-sized or large subsidiaries or branches that meet the relevant revenue thresholds, as defined under the EU Accounting Directive⁷. New thresholds apply under the Accounting Directive from financial years starting on or after January 1, 2024. EU Member States can choose to apply the new thresholds for 2023 as well.

Based on responses to the ETC survey (December 2025), most EU Member States have updated their local rules to reflect the new size thresholds set by the EU Accounting Directive. However, a few countries – including Ireland, Spain, and Malta, have not yet updated their criteria for public CbyC reporting. There is also variation in the thresholds adopted within the permitted ranges. For example, Cyprus and Greece have chosen the lower end of the threshold range, Austria selected figures at the midpoint, whilst the Netherlands, France, and Germany have opted for the higher end.

Additionally, and as is the case with the group threshold, currency differences can also impact the thresholds for local presence. For instance, in Sweden, the thresholds are i) total assets exceeding SEK 40 million (approximately EUR 3.6 million); ii) net turnover exceeding SEK 80 million (approximately EUR 7.1 million) and iii) average number of employees exceeding 50.

For an overview of the thresholds for a qualifying presence in an EU Member State applicable in 2025, please refer to KPMG’s EU Tax Centre Public CbyC implementation tracker. One should nevertheless note that, in some cases, the criteria for a local subsidiary that brings a non-EU MNE into the scope of local public CbyC rules may differ from what is typically expected. For example, Italy does not seem to apply a specific size threshold for subsidiaries and, therefore, any Italian subsidiary – regardless of size, might trigger a public CbyC reporting obligation in Italy.

Based on the responses to the ETC survey, there are several additional practical aspects that are worth noting:

• Previous analyses may need to be updated. Due to the changes to the size thresholds for subsidiaries and branches, analyses performed in 2023 to determine reporting obligations may now be outdated. Therefore, particularly for jurisdictions where the figures for the group’s subsidiaries and/ or branches were close to the thresholds, it may be necessary to update the analysis to reflect the new thresholds as implemented by each Member State.
• Two-year rule for size classification of subsidiaries and branches: The Directive requires qualifying branches to meet the revenue threshold for two consecutive years. In the case of subsidiaries, although the Directive itself does not explicitly require the size criteria to be met for two-consecutive years, the EU Accounting Directive does impose such a requirement. As a result, companies move into or out of a particular size class only if they meet or fail to meet the relevant criteria for two consecutive financial years. Consequently, taxpayers generally need to assess size classifications retrospectively. For example, at first glance a subsidiary may appear not to trigger a reporting obligation because it does not meet the size criteria in 2025. However, if that subsidiary met the criteria in both 2023 and 2024, it may still qualify as a medium-sized undertaking, meaning that the EU public CbyC reporting requirements would apply for 2025 in that jurisdiction.
• The size determination cannot be performed solely by reference to non-public CbyC data. Finally, this analysis cannot be performed solely by reference to non-public CbyC reporting data. Size classifications are generally made based on local statutory accounting standards (local GAAP), whereas non-public CbyC reporting information is typically prepared under the GAAP of the ultimate parent entity. Significant differences often exist between these accounting frameworks. As a result, it is often important to review the local financial statements directly.

Timing: first reportable year and different publication deadlines

The majority of the EU countries have aligned the timeline of their local rules with those prescribed under the Directive and will therefore apply the reporting obligation with respect to financial years starting on or after June 22, 2024. As mentioned above, notable exceptions include: Romania, where the rules apply for financial years starting on or after January 1, 2023, Croatia – starting with financial years commencing on or after January 1, 2024, and Sweden – starting with financial years commencing on or after June 1, 2024.

Short publication deadlines

Whilst the Directive sets a publication timeline of 12 months after the balance sheet date, three countries have opted for shorter publication deadlines. Two of them are particularly short, relative to the Directive deadline:

• Four or five months in Hungary. Hungarian headquartered companies are required to publish their reports within just four or five months after the financial year-end, depending on their specific circumstances. Whilst the Hungarian law includes a circular reference that can imply that the same deadline applies for non-EU MNEs, we understand that the shorter deadline would generally not apply to non-EU MNEs.
• Six months in Spain. Spanish regulations require the public CbyC report to be published within six months after the end of the financial year, aligning with the deadline for publishing financial statements of large Spanish MNEs. There is currently no guidance on how these rules apply to non-EU MNEs, particularly those intending to use multiple reporting exemptions and file in another Member State. However, the current wording suggests that the shorter six-month deadline would also apply in their case.

Slovenia has also deviated from the 12 months deadline, requiring MNEs to publish the report within 11 months.

The use of the multiple reporting exemption

The multiple reporting exemption was meant to give non-EU Member States a less burdensome option to the main rule, which requires each of their subsidiaries and branches to submit the public CbyC report. Unfortunately, despite its intent, the multiple reporting exemption often does not translate into a practical simplification for companies. As mentioned above, the Directive does not establish priority rules when Member States adopt different options allowed under the Directive or where Member States extend the scope of the rules by, for example, requiring local language reports or applying different submission deadlines. Furthermore, unlike the OECD’s BEPS Action 13, the Directive does not include the concept of surrogate filing. Absent specific clarifications, there is a risk that the report published by the ultimate parent undertaking will not be considered to have satisfied the conditions for the exemption of individual subsidiaries and branches in some Member States, unless the report meets all relevant local requirements in terms of content and timing.

Based on the results of the ETC survey, the implementation of the multiple reporting exemption provision varies across EU Member States. Broadly, these approaches can be categorized into three main groups, each with distinct compliance implications for non-EU MNEs:

• Implementation by reference to the Directive: A number of Member States have adopted the exemption by direct reference to the Directive. In these jurisdictions, exemption is granted provided that the report filed in another Member State meets the requirements set out in the Directive, in terms of content, disaggregation requirements or publishing deadlines. This approach streamlines compliance, as no further local conditions or supplementary obligations are generally imposed beyond those mandated at EU level.
• Implementation requiring compliance with national law. Other Member States have taken the opposite approach, granting the exemption only where the report filed in another Member State complies not only with the Directive, but also with the additional requirements set out by their own implementation legislation. As a result, multinational enterprises may be required to tailor their reporting to meet both EU-level and local standards, even though the multiple reporting exemption is claimed.
• Limited or non-implementation of the multiple reporting exemption. A small number of Member States have either not implemented the multiple reporting exemption or have implemented it in such a way that local filing is required irrespective of publication on the UPU’s website and filing with the commercial register of another Member State. Although this category comprises only a few jurisdictions, it is important for MNEs to be aware of these exceptions.

In practice, some Member States impose further procedural requirements when the multiple reporting exemption is utilized. For example, at least one jurisdiction – Austria, requires MNEs to submit formal notifications indicating their intention to rely on the exemption.

The choice to implement the safeguard clause

Under the Directive, Member States were granted the choice to allow in-scope groups to defer the disclosure of commercially sensitive information for a maximum of five years – the so-called ‘safeguard clause’. Information related to jurisdictions that were included on the EU list of non-cooperative jurisdictions (Annex I of the EU Council conclusions on non-cooperative jurisdictions), or that have been listed on the “Grey List” (Annex II or cooperative jurisdictions that are being monitored by the EU) for two consecutive years, can never be omitted.

Several jurisdictions have opted not to introduce the safeguard clause, meaning that MNEs that publish a report in that jurisdiction would not be allowed to omit any information. These jurisdictions include: Belgium, Estonia, Greece, Hungary, and Italy. For more details on the choices done by the EU Member States in this respect, please refer to KPMG’s EU Tax Centre Public CbyC implementation tracker.

There are also differences in how jurisdictions that have opted to implement the safeguard clause have done so, with some countries introducing additional scrutiny or specific limitations. For example, in Austria, the application of the safeguard clause is subject to review by the commercial register. This means that any decision to defer the publication of sensitive information can be examined by the commercial register’s court, which may require the full CbyC report to be published if it determines that the omitted information is not commercially sensitive.

Denmark has adopted a more restrictive approach than the EU Directive, extending the list of jurisdictions for which disaggregated disclosure of the required data points can never be omitted. Specifically, in addition to the countries specified in the Directive for which no omission is allowed, Denmark’s rules also cover jurisdictions listed as EU high-risk third countries⁸. This means that, even if information is considered commercially sensitive, it must still be disclosed if it relates to operations in these jurisdictions.

Germany has also introduced its own specific conditions – the EU Directive allows for a deferral period of up to five years for the publication of commercially sensitive information, whereas Germany has shortened this period to four years.

In general, the decision to defer disclosure of commercially sensitive information related where permitted and in relation to specific jurisdictions should be based on self-assessment and be supported by an explanation for any omissions. To date, and to the best of our knowledge, no jurisdiction has issued specific guidance on the type of information that may be omitted. Germany is a partial exception: the Explanatory Memorandum to the bill implementing public CbyC reporting in German law clarifies that information may be omitted if its disclosure would cause a “significant disadvantage.” The document further emphasizes that there must be an “overwhelming probability” that such a disadvantage will occur for the safeguard clause to apply.

On the other hand, despite the absence of detailed guidance, the wording of the Directive suggests that the safeguard clause is not intended to allow for a blanket exemption from reporting requirements. Rather, it is likely that the intention was for it to apply only to specific data points that are genuinely commercially sensitive. To mitigate audit risks, taxpayers are advised to consult with their statutory auditors regarding any intended omissions and the underlying rationale. As a reminder, under the Directive, statutory auditors are required to issue a statement confirming whether the multinational group has complied with its publication obligations⁹. Although the rules do not require the auditor to review the content of the public CbyC report, it is nevertheless prudent for in-scope groups to discuss the matter with their auditors.

The choice to implement the website publication exemption

Under the Directive, Member States may opt to exempt companies from publishing the report on their websites, if the report is already made publicly available to any third party located in the EU, free of charge, on the website of the commercial registry – the so-called ‘website publication exemption’.

Based on the ETC survey, a large number of EU Member States chose to opt out of the website publication exemption and require a mandatory publication of the public CbyC report on the corporate website, in addition to the general requirement to file the report with the local commercial register. This group includes, amongst others, Bulgaria, Estonia, Finland, France, Hungary, Italy, Malta, the Netherlands, Poland, Portugal, and Sweden. For more details on the options exercised by each EU Member State in this respect, please refer to KPMG’s EU Tax Centre Public CbyC implementation tracker.

An interesting case is Portugal, which does not require the report to be filed with the local commercial register, but only mandates its publication on the company’s website.

The survey also found that, whilst the Directive allows some flexibility, including the option to publish reports on an affiliate’s website, several EU Member States have adopted a stricter stance. For example, countries such as Denmark and Greece require the report to be published specifically on the reporting entity’s own website, and do not permit publication on an affiliate’s site. Questions remain open with regard to cases where the local entity does not have its own website.

Additional mandatory data points

Based on responses to the survey, we understand that two Member States – Hungary and Greece, require the explanation of differences between income taxes paid and accrued to be included in the report, whereas the Directive treats this explanation as an optional disclosure for MNEs.

The case of Estonia

The explanatory memorandum to the bill implementing the public CbyC reporting disclosures in Estonia notes that, due to the limited number of companies falling within the scope of the EU Public CbyC Reporting Directive in Estonia, and taking into account existing EU non-public CbyC reporting requirements (under DAC4), the Estonian legislature opted not to introduce new reporting obligations. Instead, the Estonian tax authorities will make public non-public CbyC reports filed under existing requirements. These reports will be published no later than the 10^th day of the month following the submission of the data to the tax authorities. It is expected that only reports submitted by MNEs to the Estonian tax authorities will be made public, whereas CbyC reports received through the automatic exchange of information under DAC4 will remain private. However, this has not been officially confirmed.

Different disaggregation requirements

Several jurisdictions have broadened the scope of the country-by-country disclosure rules to include all EEA countries, i.e., in addition to EU Member States, information will also be required with respect to operations in Iceland, Liechtenstein and Norway. EU Member States that have opted for this broadening of the scope include Austria, Denmark, Finland, France, Germany, Malta, the Netherlands, Poland, Romania, and Sweden.

Belgium extended the scope of the disaggregated data disclosures (i.e., country-by-country instead of aggregated data) to cover all jurisdictions on the Belgian tax haven list and on the list of the Global Forum on Transparency and Exchange of Information on Tax Matters – in addition to those listed on the EU list of non-cooperative jurisdictions, as required under the Directive.

Local language requirements

Responses to the ETC survey also showed divergent approaches with respect to the language in which the public CbyC report is expected to be published, as follows:

• National language requirements. Certain jurisdictions, such as France, Germany, Poland, Romania, and Slovakia require public CbyC reports to be prepared in their national language. Belgium requires the report to be in the same language as the published accounts, which can be Dutch, French, or German.
• Option to publish in English. Certain jurisdictions give MNEs the option to prepare the public CbyC report in either their official language or in English. This group of countries includes Austria, Cyprus, Czechia, Denmark, Greece and Italy.
• Full flexibility. A few jurisdictions allow the preparation of the public CbyC report in any of the official languages of the EU. This group includes, amongst others, Luxembourg, Malta, the Netherlands, Portugal, and Spain.

A diverse landscape of sanctions for non-compliance

The approach to enforcement also varies widely among EU jurisdictions. We understand that penalties for non-compliance are far from uniform across the EU, and in some cases, can be severe – ranging from substantial financial fines to criminal sanctions and even the possibility of company dissolution.

For example, Austria imposes fines of up to EUR 100,000 for breaches of the reporting rules, whilst Germany can levy penalties as high as EUR 250,000. Italy sets its maximum fine at EUR 50,000, but this amount is doubled if false information is provided. In Portugal, fines can reach up to EUR 30,000.

Other countries have opted for even stricter measures. In Finland, authorities have the power to order the liquidation of a company or remove it from the register in cases of serious non-compliance. Similarly, Hungary may suspend a company’s tax identification number. Penalties of up to 2 percent of the reporting company’s assets, capped at EUR 1,000,000, apply in Slovakia. A similar approach is adopted by Czechia, where non-EU MNEs may face fines amounting up to 3 percent of the value of their assets, or up to 3 percent of the value of consolidated assets for MNEs headquartered in Czechia.

Non-compliance in certain jurisdictions could also trigger the personal liability of the company’s representatives. For example, in Luxembourg, the board members themselves may be personally liable for up to EUR 25,000. Moreover, though in practice it might not be enforced, a few jurisdictions also consider non-compliance with the rules as a criminal offence that might result in imprisonment.

For an overview of the potential penalties applicable for non-compliance with the EU public CbyC reporting rules, please refer to KPMG’s EU Tax Centre Public CbyC implementation tracker.

Case study: non-EU multinational group with significant operations in multiple EU jurisdictions

To illustrate the practical impact of these divergent national approaches, we consider it helpful to consider a case study based on a fact pattern that is common for large non-EU MNEs: a large group headquartered outside the EU operates through subsidiaries in: Denmark, Germany, France, Italy, Hungary, the Netherlands and Spain.

The non-EU group would need to answer a sequence of questions to determine its public CbyC reporting obligations in the EU:

Step 1: Is the group in scope of the rules?

As a first step, the MNE would need to determine whether it is in scope of the rules, by identifying the ultimate parent undertaking – i.e., the top consolidating entity for the group, and testing its consolidated results against the group criteria.

Step 2: In which EU jurisdictions does the group have a reporting requirement?

In a second step, the group would need to identify all EU jurisdictions where they operate through entities large enough to trigger local public CbyC reporting requirements. In the scenario at hand, this involves assessing whether the group’s subsidiaries in the countries listed meet the thresholds or criteria set through domestic implementation of the Directive, in conjunction with the local size criteria set up through domestic implementation of the EU Accounting Directive.

As mentioned above, this assessment must be based on the local financials of each entity, rather than solely relying on the ultimate parent undertaking’s consolidated financial statements or on local reporting packages prepared under the UPU’s GAAP. The non-EU MNE will also need to consider whether the thresholds were met in previous years, as assessing only the 2025 figures may not be sufficient.

For the purposes of this example, let’s assume that – following a review based on domestic thresholds, all subsidiaries qualify as medium-sized, except those in the Netherlands and Italy. As a result, under the general rule, the non-EU MNE would be subject to public CbyC reporting in all relevant jurisdictions except the Netherlands. Note that in Italy, a reporting obligation would still arise based on the current interpretation of the law, as there are no local thresholds in place.

Step 3: What should be reported?

The next step is to understand the minimum requirements in each relevant jurisdiction. Despite the availability of the multiple reporting exemption in principle, depending on the group’s structure and reporting strategy, it may be necessary to prepare multiple versions of the report to satisfy different regulatory requirements or stakeholder expectations.

There might be cases where the non-EU MNE does decide not to publish the report on the ultimate parent undertaking’s website – which is one of the mandatory requirements for the application of the multiple reporting exemption in all surveyed jurisdiction that implemented the exemption. In this case, non-EU MNEs might prefer to prepare and publish the report based on the general rule, which would imply compliance with all local deviations and filings with the local commercial registers in all relevant Member States.

In the current example, if the UK group decides not to apply the multiple reporting exemption, it would have to comply with the following deviations from the Directive:

• Denmark: The local public CbyC report must be prepared and published in either Danish or English. Information with respect to jurisdictions on the EU list of high-risk third countries cannot be omitted. The public CbyC report / statement that the report has been filed with the local commercial register has to be published on the website of the Danish subsidiary, as publication on the website of an affiliate is not allowed. Should the Danish entity not have its own website, the group may wish to seek an opinion from the relevant authorities in Denmark. EEA countries must be reported separately and cannot be aggregated in the “rest of the world” row.
• Germany: The report must be prepared and published in German. Any commercially sensitive information may only be omitted for up to four years. EEA countries must be reported separately and cannot be aggregated in the “rest of the world” row. Germany also requires that the data is based on financial statements prepare under the German GAAP.
• France: The report must be prepared and published in French. EEA countries must be reported separately and cannot be aggregated in the “rest of the world” row. France doesn’t have a website publication exemption so the report filed with the French commercial register must also be published on one of the websites of the group.
• Italy: The report must be prepared and published in either Italian or English. Italy doesn’t have a website publication exemption, and the repot must be published on the website of the Italian entity. No information can be omitted, as Italy did not implement the safeguard clause.
• Hungary: No information can be omitted, as Hungary did not implement the safeguard clause. Hungary doesn’t have a website publication exemption, so the report filed with the Hungarian commercial register must also be published on one of the websites of the group. The report must include an explanation of any discrepancies between income tax paid and income tax accrued. Regarding the deadline, it would be prudent for the group to confirm with the local statutory auditors whether they are comfortable that the shorter local publication deadline does not apply.
• Spain: The local public CbyC report must be prepared and published within six months of the year-end.

Please note that the list of deviations is not exhaustive and taxpayers would need to confirm local implementation nuances with their local advisors in each jurisdiction. As a general comment, all local public CbyC reports will have to include information for the entire group, not only for the local entities.

If, however, the group wants to take advantage of the multiple reporting exemption, we are of the view that CbyC information would need to be filed (at a minimum) with the local commercial registers in two EU jurisdictions – Denmark and France. Additionally, the content of the report will need to be translated into the French language. The group would need to consider whether the report(s) filed should include the additional explanation required by Hungary on any differences between income tax paid and income tax accrued. The impact of the shorter deadline in Spain would also have to be considered. It is currently unclear whether the expectation of Spanish authorities is that the report published in another Member State would need to be filed within the six-month deadline imposed by Spain to meet the reporting requirements there.

Other recommendations

We recommend that, once the relevant data is collected and the draft report is prepared, the information is reconciled with other publicly available data, to ensure consistency and accuracy. Furthermore, an analysis of what the data would suggest to a user of information that is not otherwise familiar with the group and its activities could be beneficial. This could include identifying any anomalies or inconsistencies, and performing comparative analytics across different jurisdictions to spot trends or outliers that may benefit from further explanation. Where appropriate, data can be accompanied by further details regarding the group’s structure, operation and tax position. Prepares may want to consider that the aim of the Directive is to allow a variety of stakeholders to scrutinize the tax strategies of MNEs¹⁰. It should therefore be expected that stakeholders will make use of the data, possibly in conjunction with any other information published by the group (such as financial statements) in an attempt to understand the group’s operations and the approach to its tax affairs. Data may also be used for the purpose of benchmarking against other MNEs, e.g., by data point or by industry. For example, the Fair Tax Foundation has taken stock of the public CbyC reports published in Romania for the reporting year 2023 and published a summary of key findings on their website.

Therefore, adding additional context or explanations is generally recommended. Stakeholder buy-in is crucial at this stage; the narrative may need to be reviewed and approved by senior executives (C-Suite), public/investor relations, legal, and human resources teams to ensure it aligns with the organization’s broader communication and compliance strategies.

Whilst the introduction of public CbyC reporting rules in the EU brings a degree of harmonization to disclosure obligations across the region, the reality for multinational groups is a highly fragmented compliance landscape. Significant differences exist among Member States in key areas such as size thresholds, definitions of qualifying entities, filing procedures, publication deadlines, language requirements, the level of data disaggregation, the application of safeguard clauses, and the severity and nature of penalties for non-compliance.

This patchwork of national rules means that a one-size-fits-all approach is not feasible for non-EU MNEs. Such groups must develop and maintain jurisdiction-specific compliance plans that address the unique requirements of each country in which they operate. With the first filing deadlines approaching, in-scope groups should assess their current level of readiness, identify any gaps in their compliance frameworks, and implement the necessary changes well in advance of reporting deadlines. Coordinated governance, both at the group level and within local subsidiaries, will help ensure consistency, accuracy, and timely compliance, while also mitigating the risk of penalties and reputational damage.