ESG reporting is no longer a voluntary expression of corporate values. It is a legal obligation.
For much of the past two decades, sustainability reporting occupied a distinctive space in corporate life: it was important enough to do well, visible enough to carry reputational consequences if done poorly, and entirely voluntary in the sense that no legal framework compelled it, defined its content, or made it subject to external verification. Companies reported what they chose to report, in the format they chose, against the standards they selected — or constructed for themselves.
That era has ended. Not gradually, and not by consensus, but through a convergence of legislative and regulatory action across the world's major markets that has, within the space of approximately three years, transformed sustainability reporting from a voluntary communications exercise into a mandatory compliance obligation with defined content requirements, external assurance requirements, and enforcement consequences.
In the European Union, the Corporate Sustainability Reporting Directive — CSRD — replaced the Non-Financial Reporting Directive and introduced a framework that requires large companies and listed SMEs to report against the European Sustainability Reporting Standards, covering environmental, social, and governance topics with a level of specificity and a requirement for external assurance that has no precedent in the history of sustainability disclosure. The ISSB's IFRS S1 and S2 standards, adopted in June 2023, have been incorporated or are being incorporated into the reporting frameworks of jurisdictions accounting for more than half of global GDP. In the United States, the SEC's climate disclosure rule — despite ongoing legal challenges — signals a direction that the regulatory trajectory is unlikely to reverse.
The European framework is the most demanding in the world — and its reach extends beyond the EU.
The CSRD applies in phases. Large EU public-interest entities with more than 500 employees were required to report for financial year 2024. Large EU companies meeting two of three thresholds — 250 employees, €40 million turnover, €20 million balance sheet — must report from financial year 2025. Listed SMEs follow from 2026. And — critically for non-EU companies — large third-country companies with significant EU operations or revenue must report from financial year 2028.
The European Sustainability Reporting Standards — ESRS — require companies to report on a double materiality basis: the impact of sustainability matters on the company's financial performance, and the impact of the company's activities on people and the environment. This dual perspective is more demanding than purely financial materiality, and the disclosure requirements it generates — covering climate, biodiversity, water, own workforce, value chain workers, affected communities, and governance — go substantially further than most companies' current reporting practices.
The assurance requirement is a fundamental departure from voluntary reporting norms. CSRD-required sustainability disclosures must be subject to limited assurance initially, with the expectation of progression to reasonable assurance — the same standard applied to financial statements. This requires companies to build the data collection, internal control, and governance infrastructure necessary to support an external audit of their sustainability data — a requirement that most companies significantly underestimate.
The question that compliance functions should be asking their sustainability reporting colleagues is this: does our data infrastructure support external assurance? Not whether the narrative is compelling, not whether the metrics are presented coherently, but whether the underlying data — its sources, its methodologies, its controls — can withstand the scrutiny that an assurance engagement requires. If the answer is uncertain, the gap between current practice and CSRD compliance is larger than the reporting calendar suggests.
Sustainability reporting is now a compliance matter. The compliance function needs to be in the room.
The transformation of ESG reporting from voluntary to mandatory creates a set of questions that the compliance function is uniquely positioned to address — and that are often being addressed, in its absence, by sustainability teams, investor relations functions, or communications departments that have strong expertise in the content of sustainability disclosure but limited experience with the governance, documentation, and control requirements of a mandatory regulatory framework.
The compliance function's contribution to this landscape is not to take over sustainability reporting. It is to ensure that the reporting process is governed with the rigour that mandatory disclosure requires: that data sources are controlled and documented, that the methodology underlying reported metrics is consistent and auditable, that the process for identifying material topics is systematic and defensible, and that the disclosures that reach the public domain have been reviewed against the legal requirements that govern their content.
There is also an integrity dimension that compliance functions recognise immediately and sustainability teams sometimes underweight: the risk of greenwashing — of disclosures that are technically accurate but create impressions that are materially misleading about the organisation's sustainability performance or commitments. Regulatory attention to greenwashing, across the EU, the UK, and the US, is increasing rapidly, and the enforcement record of the past two years has demonstrated that this risk is not theoretical.
This article reflects the compliance advisory perspective of Compliance House and is intended for informational purposes. It does not constitute legal advice. The regulatory landscape described is subject to ongoing development. Organisations seeking guidance on specific obligations should consult qualified legal counsel in the relevant jurisdiction.
Bu Makaleyi İndirin
Çevrimdışı okumak için bir PDF kopyası kaydedin veya faydalı bulabilecek bir meslektaşınızla paylaşın.