Navigating ESG Regulations with Intelligent Data Management
Environmental, Social and Governance (ESG) reporting presents a challenging environment, further complicated by the hundreds of sustainability frameworks that vary significantly between different regions and countries. Ensuring compliance demands that companies apply the same rigorous controls to ESG reporting as they do to financial reporting, necessitating audit-ready ESG data.
In this article, we explore the intricacies of ESG regulations facing organizations doing business in North America, EU and/or the UK. We’ll uncover potential complexities your business may face and discuss the essential capabilities your data management system needs to effectively navigate these hurdles.
A Brief History of ESG Reporting
Environmental, Social and Governance (ESG) reporting isn’t anything new. Under Corporate Social Responsibility (CSR), companies have been reporting on the Social and Governance dimensions of ESG since the 1970s .1 However, there’s now a huge focus on the ‘E’, the environmental dimension, particularly regarding Greenhouse Gas (GHG) emissions. This is due to the Paris Agreement, which was signed by 191 nations in 2015. The Paris Agreement legally binds all nations to counteract climate change. The goal is to limit global warming to 1.5 degrees above pre-industrial levels through 2030. 2 This is to avoid any further harsh climate change, which can have a negative impact on our people, planet and ultimately the economy.
Challenges and Solutions in Sustainability Reporting
Since the signing of the Paris Agreement, most of the worlds’ largest economies (G7 and G20) have made ESG disclosures a regulatory requirement. One of the challenges when it comes to ESG sustainability reporting is that there are over 600 different sustainability reporting frameworks globally.3 To address this, the International Financial Reporting Standard (IFRS), has set the International Sustainability Standards Board (ISSB) whose role is to set a baseline for ESG reporting.
The good news is that the ISSB has now published IFRS ISSB S1 and S2 in June 2023,4 which will become the global ESG reporting standards moving forward. However, companies must continue disclosing according to their current regulators’ ESG disclosure standard, until IFRS ISSB S1 and S2 are adopted locally.
Leading Regions in ESG Regulation
Observing the ESG regulations, it’s evident that the EU leads globally, setting ESG advanced regulations compared to the rest of the world. Similarly, the U.S., accounting for 25% of the global gross domestic product (GDP),5 plays a significant role, influencing North American ESG regulations at both federal and state levels.
Key Areas of ESG Regulation
It's also important to monitor the ESG regulations from a wider perspective and understand how they will impact companies. These ESG regulations will be broken down into three areas:
- ESG disclosures/reporting
- Sustainable finance taxonomies
- ESG supply chain regulations
The Impact of ESG Regulations on Business Entities
North America ESG Regulations Summary
On March 6, 2024, the Securities and Exchange Commission (SEC) adopted its long-awaited climate disclosure rule, requiring publicly listed U.S. companies to report emissions data and wider climate risks in their 10K filings, beginning January 2025. Under Task Force on Climate Related Financial Disclosures (TCFD) guidelines,6 large accelerated filers must report on their climate risks in 2025 and GHG emissions (Scope 1 and 2, if material) from 2026. This will impact close to 10,000 U.S. companies.7
California Climate Laws
In California, SB-253, the Climate Corporate Data Accountability Act requires U.S.-based entities doing business in California with over $1B in revenue to report on their GHG emissions for calendar year 2025, reported in 2026.8 This will impact approximately over 5,300 companies in the U.S.9
SB-261, Greenhouse Gases Climate-Related Financial Risks, requires business entities that conduct business in California with over $500M in revenue to disclose TCFD-aligned qualitative climate-related financial risk information for calendar year 2025, reported in 2026.10 SB-261 will impact over 10,000 companies in the U.S.11
Let’s examine how climate-related financial risks are defined in SB-261. This law covers material risk of harm to immediate and long-term financial outcomes due to physical and transition risks, including but not limited to:
- Corporate operations
- Provision of goods and services
- Supply chains
- Employee health and safety
- Capital and financial investments
- Institutional investments
- Financial standing of loan recipients and borrowers
- Shareholder value
- Consumer demand
- Financial markets and economic health
When we consider the total number of U.S. companies required to provide ESG disclosures by California climate laws, we’re looking at over 26,000 companies.
Public Sector Emissions Disclosures
In the U.S. Public Sector, Executive Order 14057 is another example of the GHG emissions disclosures, with goals such as:12
- Reducing organizational emissions by at least 50% by 2030
- Ensuring data controls are in place for publicly accounting and reporting on progress of emission targets goal every year
- Building an inventory of Scope 3 supply chain emissions
Voluntary Disclosures
There are companies that are have committed to proactively disclose their GHG emissions by signing the U.S. Health and Human Services (HHS) Climate Pledge, which 116 healthcare providers have voluntarily joined.13
OSFI Mandates in Canada
The Office of the Superintendent of Financial Institutions (OSFI) in Canada has also mandated TCFD for their federally regulated financial institutions, beginning in January 2025 and impacting over 400 financial institutions and 1200 pension plans in Canadia.14
North America Supply Chain Regulations Summary
Uyghur Forced Labour Prevention Act (UFLPA)15 is an ESG Supply Chain regulation that impacts, companies doing business in North America. This requires due diligence in their supply chains to ensure no products or product components are produced under forced labor by the Uyghur Turks from the Xinyang region of China.
Canada, on the other hand, has really stepped up its labor laws. Beginning in May 2024, companies doing business in Canada are required to report on their supply chains, outlining the measures that they have taken to ensure that there is no forced labour or child labour in their supply chain
EU Regulations Summary
The EU Corporate Sustainability Reporting Directive (CSRD) is also set to go live by January 2025.16 The CSRD extends its reach to several categories of EU companies and listed companies, including:
All EU large companies that fulfil two or more of the following criteria:
- A workforce of 250 employees or more
- A turnover of €50 million or more
- Total assets worth €25 million or more
Any non-EU subsidiaries with a net turnover of €150 million within the EU.
What Are the Timelines?
(Compiled from official EU websites)
January 2025: Businesses already subject to the NFRD must start reporting for the financial year 2024.
January 2026: Small and medium-sized enterprises (SMEs) listed on a regulated market (excluding micro-enterprises) will need to report for FY 2025, albeit under less stringent reporting requirements.
January 2028: SMEs, small and non-complex credit institutions, and captive insurance undertakings must begin reporting for the financial year 2027. There is a potential voluntary opt-out until 2028. In addition, the reporting standards for SMEs will be lighter .
January 2029: Non-European companies that have branches or subsidiaries in the EU with a net turnover of €150M in the EU will have to start reporting.
EU Taxonomy
Companies need to report on their revenue, capital expenditure (capex) and operating expenditure (opex) aligned to the EU Taxonomy. The EU Taxonomy allows the investors and regulators in the EU to get a bird’s eye view on how sustainable a company is throughout its entire operations. Companies need to be able to able align their chart of accounts to the EU Taxonomy and go through a technical screening criteria for EU Taxonomy eligibility – with further “Do No Significant Harm” checks – before they can claim EU Taxonomy alignment. This causes data management, personnel and processes challenges for organizations.
German Supply Chain Act and EU Corporate Sustainability Due Diligence Directive (CS3D)
Companies established in Germany and subsequently operating in the broader EU, must ensure that there are no human rights violations in their supply chains. Historically, companies might have overlooked labour practices illegal in their home country but allowed in the producing country. Now, CS3D puts the onus on the company to conduct thorough due diligence across the entire supply.17 This due diligence must extend to raw materials, sometimes requiring examination 6-7 layers deep or more in the supply chain, presenting a significant challenge for organizations.
ESG Regulations for the Rest of the World
We’re also seeing countries like Australia, Turkey, Brazil and Malaysia adopt ESG disclosures, beginning with IFRS ISSB S1 and ISSB S2. The list is expanding, with the United Kingdom already a TCFD adopter, indicating that it will adopt IFRS ISSB S1 and S2 by 2025. This means all publicly listed companies in the UK will have to report on FY25 data in FY26.
Intersection of ESG Reporting, Supply Chain Regulations, Sustainable Taxonomies and Data Management
Regulators will expect companies to maintain the same level of controls for ESG reporting as they do for financial reporting. This means that companies must have audit-ready ESG data.
For example, a multinational company operating in the U.S. and the EU will need to adhere to TCFD in the U.S., as well as CSRD and EU Taxonomy in the EU. When we consider the 1,400 Critical Data Elements (CDEs) that appear in CSRD, the complexity and scope of compliance poses a significant challenge. Companies that must comply with CSRD, need to conduct a Double Materiality Assessment (DMA), which will cover two areas:
1) Single Materiality Assessment: Identify the impacts of ESG on the company and conduct a single materiality assessment, covering financial risks, such as those outlined by the Sustainability Accounting Standard Board (SASB).
2) Double Materiality Assessment: Identify the impacts of the company on the people and the planet.
The outcome of materiality assessments will determine which of the 1,400 CDEs apply to a multinational company operating in the U.S. and the EU.
Companies need to be able to evidence with data the process they went through to conduct a materiality assessment. The intersection of ESG disclosures and ESG data management really ramps up from this point on, as companies must collect the data for the ESG disclosures.
Capabilities Needed to Get to Audit-Ready ESG Data
Companies are expected to have audit-ready data for their ESG disclosures. This consists of a set of controls that auditors and regulators will be looking for. Therefore, enterprises must concentrate on the following five critical areas:
- Access and Availability: Organizations must access data that originates from multiple sources, including databases, spreadsheets, logs, Internet of Things sensors, machine data and business applications. Preparing this data for consumption requires ingesting it into a data warehouse, database or data lake.
- Quality and Completeness: To ensure that data is fit for purpose, companies must manage data quality dimensions such as completeness, conformity, consistency, accuracy and integrity. Without proper attention to data quality, it can be difficult to easily process and analyze data, compromising its overall utility and the reliability of its results.
- Common Reference Data Definitions: It’s important to identify the data definitions and business context associated with business terminology, taxonomies and relationships. Companies also need to define data policies, rules, standards, processes and measurements.
- Data Lineage and Transparency: To develop a better understanding of the data, enterprises need to clarify the availability, ownership, security and quality of the data as it flows across the organization. They also must demonstrate where the data originated, trace its journey through the systems in the organization and show how it changed along the way.
- Identification, Classification and Tracking of Sensitive Data: Companies need to embrace best practices for discovering, securing and managing sensitive data at every stage of its lifecycle. Protection can include data masking, encryption and tokenization. Data governance, policy management and monitoring can help secure sensitive data and let organizations know when to delete, archive and retire data.
What to Look for in an ESG Data Management Solution to Get to Audit-Ready ESG Data
To address ESG reporting, companies must deploy data management technology to get to audit-ready ESG data that flows into the carbon accounting and ESG reporting solutions.
When choosing an ESG data management solution to get to audit-ready ESG data, look for one that offers the following capabilities:
Automated ESG Data Collection
Companies need to collect a huge amount of data for ESG disclosures. It’s critical to have an ESG data management platform that can automate these data collection processes, especially when it comes to Scope 3 carbon emissions in the supply chain. Further, when it comes to scaling this process, companies need a robust ESG data management platform that can easily automate collection of data from ESG rating agencies, with the ability to apply data quality and governance.
Data Discovery
The solution should enable data discovery across all internal IT assets, including structured, semi-structured and unstructured data. Choose a technology with broad, complete metadata connectivity. By supporting various data file formats, legacy technologies and stored procedures in database applications, an enterprise data catalog solution helps companies quickly build a data catalog and automate data lineage for ESG disclosures, which adheres to all of the regulatory frameworks listed earlier in this blog.
Data Understanding
Data governance features help businesses define critical data elements, creating a single definition across the business for key terms, such as “greenhouse gases.” Using artificial intelligence (AI) and machine learning, some tools can automatically link each business term to the underlying technical metadata. When the data is used in a field on a report, business users can easily drill down into the source of the data, providing complete traceability of the data. This is critical component in getting to the audit-ready ESG data needed satisfy transparency and traceability requirements of the audit.
Data Trust
Data quality capabilities help build trust in the data, allowing data lineage information to be overlayed on the actual data. Advanced solutions use natural language processing, enabling business users to type in simple data quality rules without any programming experience. Rules are executed against all of the connected sources, delivering an immediate view of data quality. This self-service feature allows business users to address data quality issues at the source, propagating trusted data throughout the company’s systems. This is critical component in getting to audit-ready ESG data, helping to determine whether this ESG data is trustworthy and free from data quality errors and preventing garbage in, garbage out for carbon accounting and ESG disclosures.
Single View of ESG Data
Master data management features help create a single, 360-degree view of the data — for suppliers, products and customers, for example. The technology supports integration of data into data models for reporting, and users can feed the data into an ESG data lake or warehouse. This is particularly important when it comes to mastering carbon data, which can be associated with the product, even down to a product’s components or ingredients as well as the Scope 3 emissions associated with a supplier. This is critical component in getting to audit-ready ESG data ensuring that data is reported from the appropriate golden sources of truth.
Data Democratization
Leading solutions offer a self-service data marketplace that democratizes data, giving the business access to clean, trusted data. Users can then integrate ESG data into all operating model decisions, allowing the business to take strategic ESG actions and prove progress. They can also use the data marketplace to perform attestations for regulatory reporting.
Compatibility With Carbon Accounting and ESG Reporting Solutions
Leading ESG data management platforms offer compatibility with industry-leading carbon accounting and ESG reporting solutions, to rapidly accelerate their ESG compliance. This is where all of the hard work put into ESG data management will come to life, ensuring trusted and audit-ready ESG data will be used in the carbon accounting and ESG reporting functions.
The Informatica® Intelligent Data Management Cloud for ESG Sustainability
The Informatica® Intelligent Data Management Cloud (IDMC) features AI-powered, cloud-native data management and governance that provide the capabilities and scalability needed to discover, cleanse, integrate, catalog, master, govern and protect the immense volume and variety of data involved in every aspect of ESG compliance. Powered by more than 200 intelligent data services in a single platform, it enables you to achieve the insights, agility and business outcomes that lead to success.
Ready to Get Started? Get in Touch Today.
ESG Sustainability is one of the most complex pieces of regulation ever written and compliance requires thorough understanding of its nuances and a comprehensive knowledge of the data involved. If you’re looking to accelerate your ESG sustainability disclosures and compliance with a platform that enables ESG audit-ready data, get in touch by emailing us at ESG@informatica.com .
If your compliance challenges are intricate or your deadline is swiftly approaching, rest assured. As the enterprise benchmark for ESG data management, Informatica stands ready to expedite your journey toward ESG data management excellence.
1. https://www.linkedin.com/pulse/from-charity-responsibility-brief-history-corporate-social-msimanga
2. https://unfccc.int/process-and-meetings/the-paris-agreement
4. https://www.ifrs.org/news-and-events/news/2023/06/issb-issues-ifrs-s1-ifrs-s2/
5. https://ycharts.com/indicators/us_gdp_as_a_percentage_of_world_gdp
7. https://edition.cnn.com/2023/06/09/investing/premarket-stocks-trading/index.html
9. https://www.workiva.com/blog/five-ways-prepare-california-climate-laws-sb-253-and-sb-261
10. https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202320240SB261
11. https://www.workiva.com/blog/five-ways-prepare-california-climate-laws-sb-253-and-sb-261
14. https://www.osfi-bsif.gc.ca/en/about-osfi/osfi-story
15. https://www.cbp.gov/trade/forced-labor/UFLPA
17. https://www.europeanfiles.eu/climate/the-cs3d-a-milestone-for-supply-chain-responsibility