The future of sustainability communications - more regulation

By Matt Peacock, Senior Partner

Sometimes the biggest upheavals catch us by surprise but in hindsight should have been obvious years in advance. Other times, what lies ahead flashes brightly on the horizon, clearly marked and almost impossible to miss for those who know where to look.

There is a generational shift underway within Environmental, Social and Governance (“ESG”) reporting frameworks which will have profound consequences for tens of thousands of companies worldwide. Now, if your eyes are already glazing over at the mention of “ESG” and “reporting frameworks”, please bear with me. I’m not going to give you an overview of arcane developments in statutory reporting that everyone apart from the dogged souls in compliance functions can safely ignore. The changes I’m going to outline will affect almost every aspect of how many companies operate. And, surprisingly, very few people in the corporate world seem to know what’s coming.

Over the next three years, new statutory reporting requirements across the EU will fundamentally transform how companies approach and communicate ESG risks. The new EU regime will capture all companies above a certain earnings threshold including the European subsidiaries of multinationals based outside the EU (so no escape for big UK and US firms). In effect, it will have global reach, and the disclosure obligations involved will encompass each company’s global value chain.

There are two incoming EU regulations. The first, the Corporate Sustainability Reporting Directive (“CSRD”), sets out new laws requiring remarkably detailed disclosure on every aspect of a company’s impact on planet and people. The CSRD came into force on January 5th with datagathering from next year and first reporting in 2025. The Directive imposes a legal obligation on companies to comply with new European Sustainability Reporting Standards (the “ESRS”) in their mandatory statutory filings. The new ESRS are astonishingly granular with 84 separate mandatory disclosure topics encompassing more than 1,100 datapoints, many of which are quantitative.

Earlier drafts of the ESRS were even more prescriptive (they included more than 2,100 separate datapoints) and faced fierce resistance from companies and industry bodies concerned about regulatory overload. What’s emerged in the latest (and probably final) version is still very demanding. Say farewell to light and fluffy CSR reports short on facts and long on vaguely green-tinged waffle, stock images of rainforests and grip-and-grin photos from local charity cheque presentations. The ESRS regime will be data-driven, externally audited, thematically difficult in some aspects for most companies, remarkably difficult in many areas for some companies, highly onerous in practice for everyone involved and a very big problem for anyone who’s unprepared. Underestimate this at your peril. It is a very big deal.

The CSRD has a legislative sibling: the Corporate Sustainability Due Diligence Directive. And it’s even more demanding. The Directive is still in draft form, and key aspects are currently the focus of intense EU institutional policy negotiation and interest group lobbying. But if anything like the current draft ends up transposed into Member State law, life will get a lot tougher for any company with significant environmental and human rights risks across their global value chains (and, again, including UK and US firms with an EU presence).

Unlike the CSRD, the Due Diligence Directive is not simply a set of transparency rules. These new laws are designed to force companies to look hard at how they operate and, potentially, make radical changes to their core business models to prove they are taking action to protect planet and people.  

The onus will fall on the company to demonstrate (with externally audited evidence) that it has detailed plans to mitigate the most serious actual and potential environmental and human rights harms arising within its own operations and global value chain. If the company cannot provide that assurance, it would be compelled in law to terminate the business activity involved. Breaches would lead to punitive sanctions (significantly, there’s no maximum cap on the fines involved), and the Directive will require governments to make it easy for people affected by an environmental or human rights harm to sue the company for damages. Litigation lawyers will be busy for many years to come.

The two EU Directives aren’t the only flashes on the horizon. New climate risk reporting rules have recently taken effect in the UK, with the US SEC likely to impose similar obligations this year. And we can expect far more pressure on companies to increase their biodiversity disclosures – especially on natural resource dependency and waste management and pollution – including under a new global reporting framework backed by some of the world’s largest investors. Finally, last year the body responsible for global accounting standards merged with the main sustainability reporting bodies, and the merged organisation is now hard at work bringing about a convergence between financial reporting and ESG reporting. Net result: far more scrutiny of all sustainability communications in future, with no place to hide for companies that try to ignore or gloss over tricky ESG risk data. There is much to think about, and much to do.