As part of a general policy of improving transparency on environmental, social and corporate governance (“ESG”) matters, the EU has adopted a new law known as the Corporate Sustainability Reporting Directive (“CSRD”). The CSRD will require thousands of companies, both inside and outside the EU, to report on their sustainability credentials. During the process of its adoption, the CSRD attracted far less controversy than its U.S. counterpart, the proposed SEC climate rules. This is surprising given that the CSRD is far more expansive both in terms of the companies it applies to, as well as what they will be required to report on. In this article we explain who will need to comply with the CSRD and what it requires, and we explore the upcoming US climate reporting initiatives. We conclude that the EU rules are largely defining global ESG regulation due to their value chain requirements and application to non-EU companies. In our view, these are likely to have a significantly greater impact on market practice than the much-anticipated SEC climate rules.
By Michael Mencher & Emma Bichet[1]
I. INTRODUCTION
Reporting on ESG matters used to be reserved to companies hoping to attract investment based on their ESG credentials, and a few large European Union (“EU”) listed entities, who had to prepare high-level non-financial disclosures. This is all changing. On January 5, 2023, the EU’s Corporate Sustainability Reporting Directive (“CSRD”)[2] entered into law and is set to revolutionize the ESG reporting landscape, both in the EU and beyond.
The CSRD significantly expands the current non-financial reporting regime in the EU, in terms of the companies that are required to file sustainability reports and what they need to report on. It is getting a lot of attention both inside and outside the EU. This is largely because the CSRD makes reporting mandatory for most large EU companies as well as many United States and other non-EU companies that have an EU branch or subsidiary, regardless of whether they are listed or not. Although non-EU parent companies have the longest phase-in period for direct reporting (which will start to apply from financial year 2028), they will likely experience the effects of the CSRD much earlier, due to the impacts on other companies in their value chain, as well as earlier reporting requirements for EU their subsidiaries (which will start to apply from financial year 2025). As a result, many large companies are considering reporting at the parent level early, instead of producing a separate subsidiary-level report.
Mandatory sustainability reporting under the CSRD covers a wide range of environmental, social, and corporate governance topics. Of particular interest (and concern) to many is the requirement for EU companies to report on their entire value chain and to disclose in most likelihood their Scopes 1, 2 and 3 greenhouse gas (“GHG”) emissions.
In the U.S. there is a parallel, but more limited, move toward an expansion of mandatory ESG reporting obligations. The Securities and Exchange Commission (“SEC”) has adopted a more piecemeal approach than the CSRD, focusing its rulemaking on specific ESG topics, rather than mandating the publication of broad ESG reports. In particular, the SEC has proposed climate change and cybersecurity reporting rules, and is expected to propose human capital and board diversity disclosure rules over the next year.
II. ESG REPORTING IN THE EU
In this section we consider (1) which entities will be required to file sustainability reports under the CSRD and (2) what those reports will need to contain.
A. Who is Covered by the CSRD?
There is a phased introduction of the new ESG reporting requirements brought in by the CSRD. The key milestones are set out in the table below. These are subject to certain exemptions and carve-outs, and we recommend that businesses conduct tailored applicability assessments to understand if they will be covered, and if so, which entities will need to file CSRD-compliant reports.
Entity |
Date |
Large EU entities that are already subject to the current EU non-financial reporting regime (mostly large entities that are listed on the EU regulated markets) |
Financial year starting on or after 1 January 2024 (reporting in 2025) |
Large EU undertakings and groups, including EU subsidiaries of U.S. companies, whether listed or not, that are of a type listed in the Annexes to the EU Accounting Directive (generally limited liability companies), if they satisfy at least two of the following criteria: · A balance sheet total of over €20 million. · A net turnover of over €40 million. · An average of over 250 employees over the financial year. |
Financial year starting on or after 1 January 2025 (reporting in 2026) |
EU-listed small and medium sized enterprises (“SMEs”), except micro-undertakings |
Financial year starting on or after 1 January 2026 (reporting in 2027) with option to opt out for 2 further years |
Non-EU parent companies which satisfy the following two criteria: · Generate a net turnover of more than €150 million in the EU for each of the last two consecutive financial years at the consolidated (group) level; and · Have at least one subsidiary in the EU that is itself in-scope of the CSRD, or a branch that generated a net turnover of over €40 million in the preceding financial year. |
Financial year starting on or after 1 January 2028 (reporting in 2029) |
Even companies that are not covered by the new CSRD reporting requirements are likely to feel the impact of these requirements if they are part of the value chain of an entity that is required to report, since they will begin receiving ESG questionnaires from partners that are gathering the data necessary for their ESG reports.
There are various options available to companies that have several in-scope entities to consolidate their reporting. For example, parent companies can generally opt to report on a group level on behalf of their subsidiaries. If a company has several subsidiaries in the EU, there is also the possibility for the largest EU subsidiary to report on behalf of all of them until 2030. It is similarly possible for non-EU companies to report early on a consolidated (group) basis and this is increasingly becoming an attractive option for non-EU parents who wish to streamline the reporting process, and anticipate in any event receiving ESG data requests from partners in their value chain who are themselves required to report under the CSRD.
B. CSRD Reporting
Under the CSRD, companies meeting the thresholds will now be required to produce a dedicated “Sustainability” section in their Management Report (for EU entities) or a standalone “Sustainability Report” (for non-EU entities), that will be subject to mandatory third-party assurance (audit) and the assurance opinion will need to be published alongside the report itself.
CSRD-compliant disclosures will need to include all “information necessary to understand the undertaking’s impacts on sustainability matters, and information necessary to understand how sustainability matters affect the undertaking’s development, performance and position.”[3] The report should contain information both about the company’s own operations as well as those of its value chain. This is significant, since in practice it will mean that companies will need to request information from their suppliers, business partners as well as their customers to enable them to prepare their sustainability reports. “Material” risks relating to sustainability matters identified in a company’s value chain will need to be disclosed in the company’s report, meaning the ESG practices of value chain partners will ultimately reflect back on the reporting company. We anticipate that this will naturally lead to a higher level of supply chain diligence, as companies subject to the CSRD will be discouraged from partnering with suppliers they deem “risky” from a sustainability perspective.
The sustainability-related information companies are legally required to disclose under the CSRD must be reported in accordance with mandatory European Sustainability Reporting Standards which will be adopted by the EU via secondary legislation (known as “delegated acts”). Different reporting standards will be adopted for EU companies (including the European subsidiaries of non-EU companies), SMEs, non-EU companies and companies operating in sectors that have been identified as “high risk.” It is anticipated that the standards for non-EU companies will be less onerous than those for EU entities.
For EU reporting entities (including the EU subsidiaries of non-EU parents), the draft reporting standards cover the following subject areas:
Climate change |
Includes energy consumption, Scopes 1, 2 and 3 GHG emissions, GHG removal and mitigation initiatives. The reporting entity should disclose its plans, implementing actions, and related financial and investment plans for ensuring its business model and strategy are compatible with (1) the transition to a sustainable economy; (2) the limiting of global warming to 1.5 degrees Celsius and (3) achieving climate neutrality by 2050. |
Pollution |
Includes policies, targets and resource allocation affecting pollution of air, water, soil, living organisms and food resources, among others. Includes details on the pollutants generated or used during the production processes and that leave facilities as emissions, products, or as part of products or services, among others. |
Water and marine resources |
Includes how the company (including its value chain) affects water and marine resources, in terms of positive and negative impacts and any actions taken (including policies, targets, action plan and resources). |
Biodiversity and ecosystems |
Includes how the company affects biodiversity and ecosystems, in terms of positive and negative actual or potential impacts, as well as any actions taken and results of such actions to prevent, mitigate, or remediate adverse impacts and protect/restore biodiversity and ecosystems. |
Resource use and circular economy |
Includes the company’s policies, targets and resources relating to the depletion of non-renewable resources and the regeneration of renewable resources, and any actions taken to prevent, mitigate, or remediate impacts arising from resource use and the circular economy. This includes resource inflows, outflows, waste and resource optimization, and the company’s ability to create partnerships to accelerate the transition to a circular economy. |
Own workforce |
Includes details on how the undertaking affects the company’s own workforce by covering working conditions, access to equal opportunities and other work-related rights. |
Workers in the value chain |
How the company affects workers in its value chain through its own operations and its upstream and downstream value chain (including its products and services, its business relationships, and its supply chain). This includes details on processes for engaging with such workers, channels through which workers can raise concerns, targets related to managing material impacts on such workers, and remediation of material impacts on workers in the value chain. |
Affected communities |
How the undertaking affects local communities through the company’s own operations and its upstream and downstream value chain (including its products and services, its business relationships, and its supply chain), any actions taken, and how the undertaking manages risks and opportunities relating to impacts and dependencies on affected communities. |
Consumers and end users |
Includes policies and targets that address the management of the material impacts its products and services have on consumers and end users – including impacts to a consumer’s privacy or health, processes for consumer and end-user engagement, mechanisms through which consumers and end users can raise concerns, and approaches to mitigating material risks and remediating actual impacts. |
Business conduct |
Includes information on the company’s strategy and approach, processes, procedures, and performance in respect of business conduct, including business ethics, corporate culture, anti-corruption, anti-bribery, etc. |
There are also draft “general requirements” and “general disclosure” standards that provide further guidance on the principles of CSRD reporting, such as how to interpret value chain and how to conduct the materiality assessment.
Certain disclosures (most likely including the company’s Scopes 1, 2 and 3 greenhouse gas emissions) will be mandatory regardless of whether or not any material impacts are identified. For other disclosures, e.g. relating to biodiversity metrics, it will be mandatory for companies to do materiality assessments, but full disclosures may not always be required if no “material” impacts, risks or opportunities are identified.
For the purposes of the materiality assessment under the CSRD, it is necessary to consider impacts, risks, and opportunities both for the business itself as well as for people or the environment (sometimes referred to as “double materiality”).
III. PROPOSED ESG REPORTING REGULATIONS IN THE U.S.
Over the last two decades, ESG practices such as investor policies, green finance, and voluntary sustainability reporting have generally developed at a faster clip in European markets, with adoption in the United States often lagging and on a more limited basis. This pattern is repeating itself when it comes to ESG disclosure regulations. Although the SEC and other U.S. bodies have proposed numerous significant ESG-related disclosure mandates in recent years, these regulations all await final approval and cover a more limited range of topics than the CSRD and other current or proposed EU requirements.
Despite numerous proposed statutes and regulations at the state and Federal level, the SEC’s proposed climate change disclosure rules have received by far the most attention and political controversy. The publication of the proposed rules in March 2022 followed a series of tentative SEC actions over the preceding twelve years, including the publication of interpretative guidance in 2010 regarding the potential triggers for climate-related disclosures under existing rules, as well as series of comment letters in 2021-2022 questioning companies regarding the adequacy of their disclosure of climate-related risks, regulations, and costs under such rules and the 2021 formation of an ESG task force in the Division of Enforcement focused on climate and ESG issues.
Although these rules have attracted enormous attention and political controversy, the overall content of the rules largely aligns with existing international climate disclosure practices. Under the proposal, climate disclosure would be required in the annual reports that publicly listed U.S. companies already file with the SEC. This climate disclosure would primarily consist of disclosure requirements derived from the Task Force on Climate-Related Financial Disclosures (“TCFD”) and GHG Protocol frameworks, which both establish standardized frameworks that are the basis of many international climate disclosure regulations and are the most influential standards for voluntary climate reporting.
Following the TCFD, the proposed SEC rules would require qualitative disclosure on climate-related governance, strategy, risk management, and targets. In particular, the rule would require disclosure related to:
- Acute (e.g. wildfires) and chronic (e.g. sea level rise) physical risks, including acute and risks related to the climate transition, such as regulatory, market, liability, and reputational exposures.;
- Impacts of climate risks on the company’s strategy, business model, and outlook, including an analysis of how climate impacts are integrated into strategic and financial planning and details of any climate transition plans;
- Analytical tools used for assessing climate-related business and financial statement impacts, including detailed qualitative and quantitative disclosure regarding the use of scenario analyses;
- Board and management oversight of climate-related matters, as well as processes and standards for climate risk management; and
- Details of climate-related targets and goals plans adopted by the company, including progress metrics and strategies.
In addition to this narrative disclosure, the SEC proposal also includes quantitative GHG emissions disclosure (in both gross terms and per unit of economic value) requirements that are largely derived from the GHG Protocol. While all issuers would be required to disclose direct (Scope 1) and purchased energy (Scope 2) emissions, value chain (Scope 3) emissions disclosure would be subject to a phase-in period and would only apply if such emissions are material or are included in the company’s emissions targets. Given the difficulty in tracking and measuring value chain emissions over which companies do not have direct control, the proposed rules – unlike the EU’s CSRD – would effectively provide a safe harbor for Scope 3 unless made without a reasonable basis or disclosed in bad faith.
Perhaps the most notable element of the SEC’s proposed climate rules is that they remain a proposal. Although the publication of the final version of the rules was initially expected in October 2022 (with an effective date in December), the final rules are still pending and are now not expected until Fall 2023. This delay is not surprising given the enormous volume (4,000+) of often highly detailed public comments received from issuers, industry groups, activists, and investors, as well as the intense political scrutiny and controversy surrounding the proposal. Given the acute political polarization in the U.S. regarding all things ESG and recent judicial skepticism regarding the validity of various Federal regulations on climate change, the delay also may reflect an attempt to craft final rules less likely to provoke, and less vulnerable to, litigation.
As a result, numerous press reports have indicated that the final rule is likely to eliminate or modify several of the more burdensome features of the proposal, such as the (albeit limited) application of Scope 3 reporting to all industries, attestation requirements for GHG emissions disclosure, and the requirements related to the inclusion of climate-related metrics in companies’ audited financial statements. The latter was one of the more unexpected elements of the proposed rules, particularly as such financial statement disclosure is an innovation relative to the TCFD, GHG Protocol, and current market practice. Responsive disclosure would include impacts of climate risks on line items and risk-mitigation expenditures, both subject to a 1 percent change threshold. Given the novelty of such disclosure and the expected administrative and financial burdens, many commentators see these requirements as particularly likely to be eliminated in the final rules.
In addition to these long-delayed SEC climate rules, numerous other climate and ESG disclosure requirements have been proposed at the Federal and state level. For example, the Department of Defense, General Services Administration, and NASA issued joint proposed rules in November 2022, which would require Scope 1 and 2 emissions disclosure for Federal suppliers with annual Federal contract obligations over $7.5 million, and Scope 3 emissions and additional narrative climate disclosure for suppliers with over $50 million in annual contract obligations.
Although these rules broadly overlap with the disclosure requirements of the SEC’s proposal, they would potentially cover a large number of private Federal contractors who otherwise would not be subject to the SEC rules. Similarly, two statutes currently under consideration in the California state Senate would create, respectively, Scopes 1,2, and 3 reporting obligations for companies with over $1 billion in revenue doing business in California, and TCFD-aligned disclosure requirements for companies with over $500 million in revenue doing business in California. In addition to climate disclosures, in March 2022 the SEC also proposed new cybersecurity disclosure rules, also now expected to be finalized this fall. Under this proposal, issuers would be subject to new event-based and ongoing reporting obligations related to cybersecurity incidents and board and management oversight of cybersecurity matters. In addition, the SEC continues to explore potential rulemaking related to board diversity and more detailed human capital disclosure, such as employee retention and demographics.
IV. ALIGNMENT IN GLOBAL REPORTING OBLIGATIONS
At present, there is no alignment between the CSRD and other voluntary and mandatory reporting frameworks. The reporting standards under the CSRD for EU entities go beyond the TCFD recommendations and also the upcoming SEC climate rules, since they also cover environmental topics other than climate (namely pollution, water and marine resources, biodiversity and ecosystems and resource use and circular economy), as well as social and corporate governance matters.
If the SEC climate rules are adopted, it will be possible that the same company may need to report under both the CSRD and the SEC climate rules, e.g. dual-listed entities, or U.S. public companies with EU subsidiaries meeting the thresholds. Under the CSRD, reporting under the SEC rules would not exempt the company from the obligation to report under the CSRD. However, we anticipate that these companies will aim to align their reporting as much as possible, which in practice will mean reporting to the stricter standards (likely those adopted by the EU under the CSRD).
The CSRD allows the EU to recognize other ESG reporting standards as “equivalent” to the ESRS, meaning that companies reporting to those recognized standards would be deemed in compliance with the EU standards. However, the EU has not recognized any standards as equivalent as yet. Since the SEC has not and is not currently expected to propose equally broad sustainability reporting rules, it is unlikely that the SEC rules will be recognized as equivalent to all CSRD reporting standards (although there is a possibility that some, such as climate change, may be recognized as equivalent). As a result, for U.S. issuers that fall within the scope of the new EU rules, compliance with the CSRD is likely to require the publication of a dedicated report. In addition, the CSRD’s scope extends beyond that of most voluntary reporting standards currently applied by companies in the U.S. and elsewhere, such as the TCFD framework or the 77 industry-specific standards of the International Sustainability Accounting Standards Board (“ISSB”).
While the application of the CSRD is based on domicile and/or economic activity, the SEC’s climate rules only cover companies subject to the SEC’s periodic reporting requirements, i.e. domestic public companies, and certain non-U.S. companies with SEC registered securities. As a result, even the largest U.S. private companies and many international public companies will be exempt from any direct obligations under the SEC’s proposed rules. Nonetheless, given the global appeal of the U.S. capital markets, many non U.S. domiciled corporations list their securities on U.S. exchanges and either qualify as domestic issuers or as so-called “Foreign Private Issuers” and would therefore be subject to the climate rules. Unlike the CSRD, the proposed rules would not allow such non-U.S. issuers to opt to comply with substantively equivalent home country rules. As a result, SEC reporting companies subject to the CSRD or climate disclosure mandates in jurisdictions such as the United Kingdom, Japan, and Australia, would need to provide disclosures fully aligned with the SEC rules, including with respect to matters such as climate-related financial statement metrics and GHG emission organizational boundaries where the SEC proposal deviates from international practices derived from the TCFD or the GHG Protocol. That being said, the SEC solicited public comments on the treatment of Foreign Private Issuers and the final rules could include a more flexible approach to home country rules and international standards such as the ISSB.
V. CONCLUSION
The past half decade has witnessed a rapid growth in both ESG investing and voluntary corporate sustainability reporting. Despite numerous attempts by market actors at producing standardized reporting frameworks and performance metrics, for many investors and corporates the ESG space remains frustratingly chaotic, with the former complaining of greenwashing puffery and lack of comparability, and the latter often at a loss to understand what is expected of them and what really matters. In such an environment, it is small surprise that market regulators worldwide have started proposing ESG disclosure regulations in the attempt to introduce standardization, rigor, and predictability.
What is perhaps more striking, but not necessarily surprising, is the central role that EU regulation is playing. The European market has already shown itself to be a key incubator for many ESG trends and the EU is taking on an increasingly prominent role as a global regulatory power. In addition to being the first-mover on the ESG reporting rules – adopting them well before the SEC, and covering a significantly broader set of reporting categories, the CSRD is also likely to have a much greater influence in shaping global (including U.S.) ESG reporting practices due to its expansive value chain requirements and application to non-EU companies. Whether companies are direct reporting entities under the CSRD through their subsidiaries or parent companies, or are merely in the value chain of companies required to report, the CSRD will play a central role in shaping ESG disclosures over the coming decade regardless of the fate of the SEC rule. Even for companies without any CSRD reporting companies in their wider value chain, the CSRD is likely to be highly influential in setting global investor ESG disclosure.
In addition, the EU’s next big-ticket piece of ESG regulation, the soon-to-be finalized Corporate Sustainability Due Diligence Directive (“CSDDD”) is also expected to greatly increase demands for rigorous ESG data from companies and investors operating in the EU. If adopted as proposed, the CSDDD will impose concrete behavioral obligations on in-scope companies (which again could include U.S. companies with activity in the EU). For example, there would be an obligation to identify and bring to an end (or, if not possible, mitigate) the company’s negative human rights or environmental impacts. Bigger companies would also need to adopt a plan to make sure that their business strategy is compatible with limiting global warming to 1.5 degrees Celsius.
Whether companies are subject to the SEC, EU, or other rules, it is clear that we are entering an era of greater transparency around ESG matters. Although various international rules contain different standards regarding third-party audits and apply varying standards of liability, the consistent trend is that ESG claims and sustainability targets, once treated as marketing puffery, are increasingly moving towards levels of rigor and regulation similar to that of financial reporting.
[1] Special Counsel, Cooley LLP, San Francisco; and Special Counsel, Cooley LLP, Brussels, respectively.
[2] Directive (EU) 2022/2464 of the European Parliament and of the Council of 14 December 2022 amending Regulation (EU) No 537/2014, Directive 2004/109/EC, Directive 2006/43/EC and Directive 2013/34/EU, as regards corporate sustainability reporting, OJ L 322, 16.12.2022, p.15.
[3] Articles 19a (for those reporting at an individual level) and Art. 29a (for those reporting on a consolidated basis), CSRD.