EU’s New ESG Reporting Rules Will Apply to Many US Issuers
New environmental, social and governance (ESG) reporting requirements in the European Union and the US are set to fundamentally change the nonfinancial reporting landscape. The new EU rules will require ESG reporting on a level never seen before, and will capture a whole host of companies that previously were not subject to mandatory nonfinancial reporting requirements, including public and private non-EU companies that meet certain EU-presence thresholds. For US issuers, the new EU rules will result in mandatory reporting on a broader set of ESG topics than those required under current and proposed Securities and Exchange Commission (SEC) rules.
Even if your business is not covered by the new reporting requirements, we anticipate that you will feel the impact of these requirements if your business is part of the value chain of an entity that is required to report. We expect to see companies sending and receiving ESG questionnaires to gather the data necessary for their ESG reports.
In addition to the proposed US climate change reporting rules, preparation for reporting under the new EU rules will be an important topic for fall board meetings and nominating and corporate governance committees.
If you have any questions or would like training for your teams, please contact a member of Cooley’s international ESG team.
What are the new reporting requirements?
In the EU, political agreement has been reached on the new Corporate Sustainability Reporting Directive (CSRD), meaning that the draft will soon enter into law. The CSRD hugely expands the scope and content of current EU nonfinancial reporting obligations to capture a much wider range of entities and require reporting on a broader range of ESG topics in much more detail than before. The information is to be included in a separate section of the management report, subject to mandatory audit, and will feed into a publicly accessible EU website.
Notably, the CSRD applies to EU companies and public and private non-EU companies that meet the thresholds described below. As a result, US and other non-EU companies with EU business may be required to produce ESG reports in compliance with EU rules, even if such companies are not listed on a European exchange. Although non-EU companies have the most extended timeframe for reporting, many EU subsidiaries of non-EU companies will be required to report earlier. Non-EU companies with subsidiaries that are required to report earlier may, as a practical matter, want to consider reporting at the parent level early, instead of producing a separate subsidiary-level report, particularly those companies that already produce robust voluntary ESG disclosure.
In the US, there is a parallel, but more limited, move toward an expansion of mandatory ESG reporting obligations. The SEC has adopted a more piecemeal approach than the CSRD, focusing its rulemaking on specific ESG topics, rather than mandating the publication of broad ESG reports. In particular, the SEC has proposed climate change and cybersecurity reporting rules, and is expected to propose human capital and board diversity disclosure rules over the next year.
The CSRD empowers the European Commission to recognize sustainability reporting standards applied by non-EU countries as equivalent. As the SEC has not and is not currently expected to propose equally broad sustainability reporting rules, it is unlikely that the SEC rules will be recognized as equivalent to all CSRD reporting standards (although some, such as climate change, may be recognized as equivalent). As a result, for US issuers that fall within the scope of the new EU rules, compliance with the CSRD is likely to require the publication of a dedicated report. In addition, the CSRD’s scope extends beyond that of most voluntary reporting standards currently applied by companies in the US and elsewhere, such as the Task Force on Climate-Related Financial Disclosures (TCFD) framework or the 77 industry-specific standards of the Sustainability Accounting Standards Board.
How can businesses prepare?
We’ve provided our take on the practical implications and what you can do to best prepare your business for the new rules.
Staying up to date
Anticipated this fall/winter, the final approval of the CSRD is the start of the process. Boards and legal departments also will want to be attentive to developments related to European Financial Reporting Advisory Group (EFRAG) reporting standards (i.e., the EU standards companies will need to report to in order to comply with the CSRD), national implementation of the CSRD and any relevant third-country rules. This is especially the case for non-EU companies that may be unaware of the CSRD and do not expect to have to comply with reporting regulations outside the countries in which they are domiciled or have registered securities. The application of the CSRD to non-EU private companies may come as a shock to many companies. Non-EU companies should continue to communicate with outside advisers and work on tracking EU revenue and future plans to work out whether they will be captured by the upcoming requirements.
Focusing on board oversight
Board oversight of ESG is a hot topic for companies around the globe, particularly for US issuers due to the proposed SEC climate change reporting rules. While many US public companies have created nominating and corporate governance committee oversight of ESG matters in recent years, the growth of highly technical ESG reporting (and SEC disclosure) has raised questions as to whether oversight should be, at least partially, shifted to audit committees, which historically are more experienced in oversight of public disclosure and financial reporting. Such questions are now even more relevant, considering the amount of data required for reporting under the CSRD and the accompanying audit requirements. Given the number of topics covered by the EU reporting standards, the CSRD also puts into question whether existing board committees will have the competence and bandwidth to oversee ESG reporting matters. As a result, in addition to building out more robust management-level ESG teams, companies covered by the CSRD may want to consider establishing dedicated board committees or integrating ESG-reporting experience into their director recruiting plans.
In light of recent SEC comment letters and proposed rules, many US public companies are highly focused on aligning voluntary ESG reporting with related disclosure in SEC filings. Similar considerations should apply for issuers subject to the CSRD. In addition to integrating CSRD compliance into any existing ESG reporting activities, US issuers will want to be attentive to the risk of contradictions between financial, risk, and strategy disclosure contained in SEC filings and reporting under the CSRD.
Establishing internal controls
In addition to preparing to track and report on the numerous ESG topics covered by the CSRD, boards and management will want to focus on establishing appropriate internal controls for CSRD reporting. With the SEC’s proposed rules, greenwashing controversies in the US, the EU and the UK, and the increasingly quantified and detailed nature of voluntary reporting, putting in place internal ESG controls is already a hot topic for boards. The broad scope of the CSRD (as well as potential penalties for noncompliance), which represents the first significant regulatory mandate for many of the topics covered, further emphasizes the importance of establishing appropriate internal controls processes. This may be especially challenging for private companies, which generally have much less developed internal controls for public reporting. Even for those companies highly experienced in ESG reporting, the CSRD will likely require additional work to establish reporting processes and controls throughout the value chain adapted to a reporting framework that will undoubtedly deviate from the various existing standards.
Expecting ESG questionnaires
Boards and management also should prepare to receive more ESG-related diligence questionnaires from the EU and other covered counterparties in connection with CSRD compliance. This is because reporting boundaries will need to be expanded to cover material sustainability matters that are connected to the company by its direct or indirect business relationships (upstream and downstream), regardless of the company’s level of control over them. This is much broader than traditional financial reporting based on control. For US issuers, as such questionnaires increase in frequency and detail – and play a more central rule in funds’ investment decision-making – it will be important to consider whether responses to such questionnaires raise selective disclosure issues under Regulation FD. Such questionnaires also could increase in the future when the EU’s corporate sustainability due diligence directive (CSDD), which is currently being negotiated, is agreed.
Educating and building out internal teams
Many companies, especially those engaged in voluntary ESG reporting, have built robust internal ESG reporting teams. The CSRD should provide further impetus for such efforts. For many companies, ESG reporting has been primarily “owned” by marketing, sustainability or social impact teams, though many companies have begun “legalizing” their ESG disclosures by involving legal, financial reporting and internal audit functions. The CSRD is likely to further encourage companies to establish robust ESG reporting teams, similar to those they may have for financial reporting.
Preparing for CSRD disclosure also will require educating reporting teams on the new EU reporting frameworks. For US teams, this will include not only the challenge of reporting on certain topics less emphasized in US ESG reporting, but also adapting to a “double materiality” approach that includes an “impact-materiality” standard that deviates significantly from the SEC’s investor focused-concept, which itself informs numerous prominent ESG reporting frameworks and ratings.
Comparison of reporting obligations under the CSRD and the SEC rule
The tables below provide a high-level comparison of the two regimes’ reporting standards, key features of each, and a timeline setting out to whom these reporting regimes will apply and when.
Comparing the content of the reporting standards
For the CSRD, this comparison is based on current draft reporting standards – 13 have been published that apply to entities in all sectors – but there are more to come, as the EFRAG plans to release 40 industry-specific standards and standards for small and medium enterprises (SMEs) in 2023. Reporting standards specifying the information that needs to be included in the sustainability reports of non-EU companies and SMEs will be adopted by June 30, 2024. Where the entity is reporting at a consolidated level and one or more of its subsidiaries is relying on the CSRD’s subsidiary exemption, the parent entity must comply with the European Sustainability Reporting Standards (ESRS) – and perform its assessment of material impacts, risks and opportunities for the entire consolidated group – regardless of its group legal structure pursuant to these standards.
The below comparison is based on the draft ESRS published by the EFRAG. Under the draft CSRD, an initial set of ESRS must be adopted by June 30, 2023. Public consultation on the standards ended on August 8, 2022, and the feedback received will inform the final draft standards to be put before the European Commission in November 2022. All dates included below are preliminary and subject to change as the EU and US rules are finalized. In particular, the dates for the SEC climate rule reflect the March 2022 rule proposal, though these dates are likely to be adjusted in light of the reopening of the comment period in October 2022.
|EU – CSRD||US – SEC|
|Climate change: This is a transition plan for climate change mitigation, associated policies, targets and resource allocation. Among other things, the report must detail energy consumption, Scope 1 through 3 greenhouse gas emissions, GHG removal and mitigation initiatives. A reporting entity must disclose its plans, implementing actions, and related financial and investment plans that will ensure its business model and strategy are compatible with the transition to a sustainable economy and with the limiting of global warming to 1.5 degrees Celsius and achieving climate neutrality by 2050.||The proposed climate rule would require Scope 1 and 2 GHG emissions reporting, as well as Scope 3, if material. Issuers also would be required to disclose climate risks, strategy impacts, and climate governance and risk management. Climate reporting would be contained in annual reports filed with the SEC, as well as registration statements.|
|Pollution: The report must set out policies, targets and resource allocation affecting pollution of air, water, soil, living organisms and food resources, among others. The report must detail the pollutants generated or used during the production processes and that leave facilities as emissions, products, or as part of products or services, among others.||No requirement in current or proposed US SEC rules.|
|Water and marine sources: Report on how the company affects water and marine resources, in terms of positive and negative impacts and any actions taken (including policies, targets, action plan and resources).||No requirement in current or proposed US SEC rules.|
|Resource and circular economy: The report must set out policies, targets and resources relating to the depletion of nonrenewable resources and the regeneration of renewable resources, and any actions taken to prevent, mitigate, or remediate impacts arising from resource use and the circular economy. This report must detail resource inflows, outflows, waste and resource optimization. It must detail the entity’s ability to create partnerships to accelerate the transition to a circular economy, among others.||No requirement in current or proposed US SEC rules.|
|Biodiversity and ecosystems: Report on how the company affects biodiversity and ecosystems, in terms of positive and negative actual or potential impact, as well as any actions taken and results of such actions to prevent, mitigate, or remediate adverse impacts and protect/restore biodiversity and ecosystems.||No requirement in current or proposed US SEC rules.|
|Own workforce: The report must enable readers to understand how the undertaking affects the company’s own workforce by covering working conditions, access to equal opportunities and other work-related rights.||SEC rules currently require discussion of companies’ human capital resources and strategies at a very high level of generality in annual reports – and the SEC may propose more substantive quantitative human capital and employee diversity disclosure in the next year.|
|Workers in the value chain: The report must set out how the company affects workers in its value chain through its own operations and its upstream and downstream value chain (including its products and services, its business relationships and its supply chain). This would have to include disclosure on processes for engaging with such workers, channels through which such workers can raise concerns, targets related to managing material impacts on such workers, and remediation of material impacts on such workers, among others.||No requirement in current or proposed US SEC rules.|
|Affected communities: The report must enable readers to understand how the undertaking affects local communities through the company’s own operations and its upstream and downstream value chain (including its products and services, its business relationships and its supply chain), any actions taken, and how the undertaking manages risks and opportunities relating to impacts and dependencies on affected communities.||No requirement in current or proposed US SEC rules.|
|Consumers and end users: The report must set out policies and targets that address the management of the material impacts its products and services have on consumers and end users – including impacts to a consumer’s privacy or health, processes for consumer and end-user engagement concerning actual and potential impacts, mechanisms through which consumers and end users can raise concerns, and approaches to mitigating material risks and remediating actual impacts.||No requirement in current or proposed US SEC rules.|
|Governance, risk management and internal control: The report must detail the diversity, remuneration and risk management policies, among others. It also must detail management composition, meetings and attendance rate.||In addition to long-standing rules regarding corporate governance (board structure and composition, director and management composition, etc.) required in annual proxy statements and elsewhere, the SEC’s climate change and cybersecurity rules include governance disclosure requirements, such as the organization of board oversight and director expertise related to climate and cyber matters. Potential upcoming rulemakings may include expanded board diversity disclosure requirements.|
|Business conduct: This includes information on the company’s strategy and approach, processes, procedures, and performance in respect of business conduct (including business ethics, corporate culture, anti-corruption, anti-bribery, etc.)||SEC and New York Stock Exchange/Nasdaq exchange rules include requirements regarding the content and disclosure of codes of ethics.|
Key features of the reporting requirements
|EU – CSRD||US – SEC|
|Materiality (i.e., what matters for reporting)||“Double materiality,” which means:
||Investor perspective only|
|Reporting boundaries||Upstream and downstream value chain and the material sustainability matters that are connected to the company through its direct or indirect business relationships – regardless of its level of control over these value chain entities.||Scope 1 and 2 GHG emissions reporting requirements only apply to direct company emissions and indirect emissions from purchased electricity or other forms of energy. Scope 3 reporting requirements, when applicable, apply to upstream and downstream activities in value chains.|
|Due diligence requirements||A description of the reporting entity’s due diligence process with regards to sustainability matters by the entity or group must be provided. The EU is currently separately negotiating new corporate sustainability due diligence rules.||No requirement in current or proposed US SEC rules.|
|Forward-looking disclosures||Reporting entities will be required to report on a forward-looking and retrospective basis.||The proposed climate rule would require disclosure of climate-related targets and goals, if any.|
|Attestation||The CSRD proposals would require “limited assurance” across all topics from first reporting with limited assurance standards that will be adopted by the European Commission before October 1, 2026. Assurances will be required to address, among other things, compliance with the applicable ESRS and the processes carried out to identify the reported information. The EU has expressed ambition to move toward “reasonable assurance” at a future date, perhaps as early as 2028, but it would need to be adopted as delegated legislation by the European Commission. EU member states may choose to require assurances over sustainability reporting to be separate from the mandatory audit of the financial statement.||The SEC’s proposed climate rule would require a third-party attestation report covering Scope 1 and 2 GHG emissions, with “limited assurance” due for large accelerated filers for FY 2024 and “reasonable assurance” for FY 2026 (FY 2025 and FY 2027 for accelerated filers).|
Who needs to comply and from when?
|Date||EU – CSRD||US – SEC|
|FY 2023 (reporting in 2024)||Large accelerated filers for all proposed disclosures, including GHG emissions metrics: Scope 1, Scope 2 and associated intensity metric, but excluding Scope 3|
|FY 2024 (reporting in 2025)||EU undertakings already subject to the current Non-Financial Reporting Directive (i.e., those designated as public-interest entities, such as companies listed on EU regulated markets)||Accelerated filers and non-accelerated filers for all proposed disclosures except Scope 3
Scope 3 reporting for large accelerated filers
|FY 2025 (reporting in 2026)||Large EU undertakings (including subsidiaries of non-EU companies), listed or not, if they satisfy at least two of the following criteria:
EU parent undertakings of a large group (consisting of parent and subsidiary undertakings) that on a consolidated basis satisfy at least two of the criteria set out above.
|Smaller reporting companies (SRCs) for all proposed disclosures except Scope 3
Scope 3 reporting for accelerated filers and non-accelerated filers, though SRCs would be exempted
|FY 2026(reporting in 2027)||Small and medium-size undertakings listed on the EU regulated markets (except “micro-undertakings”)|
|FY 2026 (reporting in 2027), with an option to opt out for two further years||Insurance undertakings and credit institutions|
|FY 2028 (reporting in 2029)||Non-EU undertakings that satisfy both of these criteria: