The End of Voluntary ESG
For over a decade, corporate ESG (Environmental, Social, Governance) commitments were largely voluntary. Companies published sustainability reports, set aspirational targets, and celebrated incremental progress—all without regulatory consequence for underperformance. The era ended in 2024-2025 with an explosion of mandatory ESG regulations that carry real penalties, including fines, market exclusion, and personal liability for executives. For supply chain leaders, this is the most significant regulatory shift in twenty years.
Key Regulations on the Books
EU Corporate Sustainability Reporting Directive (CSRD)
CSRD took effect in stages starting January 2024 for large companies, and January 2025 for listed SMEs. It applies to approximately 50,000 EU companies plus all non-EU companies generating €150M+ in EU revenue. CSRD requires annual sustainability reports under the European Sustainability Reporting Standards (ESRS), covering climate, pollution, water, biodiversity, circular economy, workforce, human rights, and governance. All reports must be audited by an accredited third party. In 2025, the first wave of companies submitted their reports, and the enforcement pattern is already clear: 40% of initial submissions required significant revisions, and 12% of companies faced formal regulatory inquiries for incomplete Scope 3 disclosures.
EU Corporate Sustainability Due Diligence Directive (CSDDD)
CSDDD, effective 2025, requires companies with 1,000+ employees and €450M+ global turnover to identify, prevent, and mitigate human rights and environmental impacts across their entire value chain—including indirect suppliers. This is the broadest supply chain due diligence law ever passed. Companies must adopt transition plans aligned with limiting global warming to 1.5°C, establish grievance mechanisms, and conduct regular due diligence on their chain of activities. Fines of up to 5% of global net turnover for non-compliance.
German Supply Chain Due Diligence Act (LkSG)
Already in effect since 2023, the LkSG applies to companies with 1,000+ employees (expanded from 3,000+ in 2024). It mandates risk analysis, preventive measures, and remedial action for human rights and environmental risks in the supply chain. In its first two years, the German Federal Office for Economic Affairs and Export Control (BAFA) conducted over 600 examinations, issued 6 formal orders, and fined companies up to €1.2M for non-compliance. The act is the model for similar legislation in France, the Netherlands, and Austria.
SEC Climate Disclosure Rules
The SEC adopted climate disclosure rules in March 2024, requiring public companies to report material climate risks, greenhouse gas emissions (Scope 1 and 2), and, for large accelerated filers, Scope 3 emissions if material. The rules have faced legal challenges and the Scope 3 provision remains contested, but the trajectory is clear: US-listed public companies will be required to disclose Scope 3 emissions. Companies with significant supply chain emissions should prepare now.
Scope 3 Emissions: The Supply Chain Challenge
Scope 3 emissions—indirect emissions from the value chain, including purchased goods, transportation, waste, and end-of-life treatment—represent 70-90% of most companies' total carbon footprint. They are also the hardest to measure and reduce. The CSRD, CSDDD, and SEC rules all require Scope 3 disclosure (with variations in scope and timeline), creating a massive data collection challenge for supply chain teams.
In practice, most companies start with spend-based emission factors (estimating emissions from supplier spending data) and gradually transition to supplier-specific primary data. The transition is slow: a 2025 CDP survey found that only 28% of companies reporting Scope 3 emissions used primary data from more than 30% of their suppliers. The rest rely on industry averages—accurate enough for disclosure, but insufficient for actual emissions reduction.
Greenwashing Enforcement
In 2024, the European Commission's "Fitness Check" of consumer law found that 42% of green claims on e-commerce platforms were exaggerated, false, or deceptive. The EU responded with the Empowering Consumers for the Green Transition Directive (2025), which bans vague sustainability claims like "carbon neutral," "eco-friendly," and "green" without evidence. In the US, the FTC updated its Green Guides, and the SEC initiated enforcement actions against companies making misleading sustainability claims. In 2025, over €1.8M in greenwashing fines were issued across EU member states.
Greenwashing enforcement is not about companies that accidentally overstate their environmental progress. It is about companies that use sustainability claims as marketing without doing the work. The data infrastructure for ESG exists now. The regulatory expectations are clear. The companies that get this right treat supply chain ESG not as a PR function but as a core operational capability—with the same rigor, data quality, and accountability applied to financial reporting.
Key ESG Supply Chain Regulations by Region
| Regulation | Region | In Effect | Key Requirement | Penalty for Non-Compliance |
|---|---|---|---|---|
| CSRD | EU | Jan 2024 (large co's) | ESRS-compliant sustainability reporting, including Scope 3 | Fines vary by member state; audits mandatory |
| CSDDD | EU | 2025 | Value chain due diligence, climate transition plans | Up to 5% of global net turnover |
| LkSG | Germany | Jan 2023 | Supply chain risk analysis, preventive action | Up to €8M or 2% of €400M+ revenue |
| SEC Climate Rules | US | 2024-2025 | Climate risk disclosure, Scope 1 & 2 GHG | SEC enforcement, securities fraud liability |
| Empowering Consumers Directive | EU | 2025 | No vague green claims without evidence | Up to 4% of annual revenue |
| UFLPA | US | Jun 2022 | Forced labor prevention across supply chain | Seizure, forfeiture, import ban |
| UK Modern Slavery Act amendment | UK | 2021 (amended) | Supply chain transparency statements | Civil penalties, injunctions |
| California SB 253/261 | US (CA) | 2026-2027 | Scope 1-3 GHG reporting for companies with $1B+ revenue | Up to $500K-$500K per reporting year |
Building a Compliance Program
The scope of ESG regulatory requirements in 2026 means companies need a structured compliance program, not a reactive approach:
- Map your regulatory exposure — Based on company size, revenue geography, and listing status, determine which regulations apply to you. Many companies are subject to 5-10 different ESG reporting frameworks simultaneously.
- Conduct a data gap analysis — What ESG data do you have? What is missing? For most companies, the critical gap is Scope 3 emissions data from suppliers, human rights due diligence evidence for Tier 2+ suppliers, and climate transition plans aligned with 1.5°C pathways.
- Invest in data collection infrastructure — ESG reporting platforms (Sphera, Persefoni, Watershed, Sustain.Life) automate data collection from suppliers, emissions calculation, and reporting. The manual approach (spreadsheets and surveys) will not scale to CSRD or CSDDD requirements.
- Engage suppliers systematically — Send tailored data requests to your strategic suppliers first. Use CDP supply chain program, EcoVadis, or similar assessment platforms to standardize the questionnaire. Set deadlines, follow up, and escalate non-responsive suppliers.
- Integrate ESG into procurement — ESG criteria should be weighted in supplier selection, contract renewal, and performance evaluation. Companies that integrate ESG into procurement processes achieve faster supplier compliance and better risk outcomes.
The Bottom Line
ESG compliance in supply chains has shifted from a voluntary sustainability initiative to a mandatory, audited, and enforced regulatory obligation. The cost of non-compliance—fines, market exclusion, and reputational damage—now exceeds the cost of investing in compliance programs. Companies that start building supply chain ESG data infrastructure, supplier engagement programs, and climate transition plans now will be ahead of the enforcement curve. Those that wait are already behind.