Playbook: adopting Regulation watch (EU/US/Global) in 90 days

In 2024, only 4% of companies subject to the EU's Corporate Sustainability Reporting Directive (CSRD) were fully prepared for compliance, even as 50,000 organizations globally faced mandatory sustainability disclosure requirements (PwC Global CSRD Survey, 2024). Simultaneously, 36 jurisdictions representing over 50% of global GDP have adopted or are actively implementing International Sustainability Standards Board (ISSB) standards, while California's SB 253 will require emissions reporting from over 5,000 companies with revenues exceeding $1 billion by August 2026 (S&P Global, 2025). This regulatory acceleration has created an urgent imperative: organizations must establish robust regulatory intelligence capabilities not as a compliance afterthought, but as a strategic function that anticipates, interprets, and operationalizes sustainability requirements across multiple jurisdictions. This playbook provides a structured 90-day approach to building that capability.

Why It Matters

The sustainability regulatory landscape has undergone a fundamental transformation since 2023. What was once a fragmented collection of voluntary frameworks and regional requirements has crystallized into an interconnected web of mandatory disclosure regimes with significant financial and legal consequences. The EU CSRD alone impacts approximately 12,000 companies previously subject to the Non-Financial Reporting Directive, plus an additional 38,000 entities that meet the new thresholds (European Commission, 2024). For multinational corporations, compliance complexity multiplies exponentially as they navigate overlapping requirements from the European Sustainability Reporting Standards (ESRS), California's climate disclosure laws, Japan's SSBJ standards, and Hong Kong's mandatory climate reporting effective August 2025.

The financial stakes are substantial. Non-compliance penalties under CSRD are determined at the national level across EU member states but can reach material amounts that impact quarterly earnings. California's SB 253 carries penalties up to $500,000 per year for non-compliance. Beyond direct penalties, regulatory failures trigger reputational damage, exclusion from sustainable finance instruments, and increasingly, litigation exposure. The number of climate-related lawsuits globally exceeded 2,600 cases by late 2024, with corporate disclosure adequacy emerging as a primary vector for legal challenge.

Perhaps most critically, regulatory compliance has become a prerequisite for capital access. Institutional investors managing over $130 trillion in assets now require standardized sustainability disclosures aligned with TCFD, ISSB, or equivalent frameworks. Companies without robust regulatory compliance capabilities face higher costs of capital, exclusion from ESG-focused funds, and diminished access to green finance instruments such as sustainability-linked loans and bonds.

Key Concepts

Understanding the regulatory compliance landscape requires fluency in several interconnected frameworks and concepts:

Double Materiality represents the EU's distinctive approach under CSRD, requiring companies to assess both financial materiality (how sustainability issues affect enterprise value) and impact materiality (how the company affects society and environment). This dual perspective significantly expands reporting scope compared to single-materiality frameworks like ISSB, which focuses primarily on investor-relevant information.

Framework Interoperability has emerged as a critical compliance consideration. The ISSB standards (IFRS S1 and S2) integrate TCFD recommendations and SASB industry-specific metrics, creating a pathway for companies to satisfy multiple disclosure regimes simultaneously. However, substantive differences remain—particularly between the EU's double materiality approach and the ISSB's financial materiality focus—requiring careful mapping of requirements.

Scope 3 Emissions continue to represent the most challenging reporting requirement across all major frameworks. CSRD, ISSB, and California's SB 253 all require value chain emissions disclosure, yet data availability remains problematic. The GHG Protocol's Scope 3 categories encompass 15 upstream and downstream emission sources, with purchased goods and services (Category 1) and use of sold products (Category 11) typically representing the largest portions of corporate carbon footprints.

Assurance Requirements are escalating across jurisdictions. CSRD mandates limited assurance from year one, with reasonable assurance requirements anticipated by 2028. California's SB 253 requires limited assurance on Scope 1 and 2 emissions beginning 2027. This trend necessitates audit-quality data management systems and internal controls comparable to financial reporting.

Sector-Specific Compliance KPIs

Sector	Primary KPIs	Typical Range	Assurance Requirement
Financial Services	Financed emissions (tCO2e), Portfolio alignment (°C)	10-500 MtCO2e; 1.5-4.0°C	Limited (2025) → Reasonable (2028)
Manufacturing	Scope 1+2 intensity (tCO2e/revenue), Circularity rate (%)	50-500 tCO2e/$M; 5-40%	Limited (2025-2026)
Energy	Methane intensity (%), Transition CapEx ratio (%)	0.1-2.5%; 10-60%	Limited → Reasonable
Retail	Scope 3 intensity (tCO2e/product), Supplier coverage (%)	0.5-10 tCO2e/unit; 40-90%	Limited (2026-2027)
Technology	Energy consumption (MWh), Renewable ratio (%)	100-10,000 GWh; 30-100%	Limited (2025-2026)

What's Working

Centralized Regulatory Intelligence Functions

Organizations that have successfully navigated the multi-jurisdictional compliance landscape have established dedicated regulatory intelligence functions that sit at the intersection of legal, sustainability, and finance departments. These teams monitor regulatory developments across priority jurisdictions, assess applicability to business operations, and translate requirements into actionable compliance workstreams. According to KPMG's Survey of Sustainability Reporting 2024, 96% of the world's 250 largest companies now report on sustainability, with 79% conducting formal materiality assessments—indicators of maturing governance structures.

Technology-Enabled Data Management

Leading companies have invested in sustainability data management platforms that aggregate information from disparate sources, maintain audit trails, and generate disclosures across multiple frameworks. The 59% of companies citing data availability as their primary CSRD concern (PwC, 2024) underscores the competitive advantage achieved by early technology adopters. Platforms like Persefoni, Watershed, and Sphera enable companies to collect emissions data across operations and value chains, apply appropriate emission factors, and generate framework-compliant outputs.

Cross-Functional Governance Structures

Organizations with successful compliance programs have established clear governance frameworks with board-level oversight, executive accountability, and cross-functional steering committees. PwC's research indicates 73% of companies recognize CEO/CFO involvement as critical to CSRD implementation, with 70% having executive committees actively engaged in sustainability reporting.

What's Not Working

Spreadsheet-Based Compliance

Despite the complexity of disclosure requirements, over 90% of companies still rely primarily on spreadsheets for sustainability data management (PwC CSRD Survey, 2024). This approach creates significant risks: version control problems, formula errors, limited audit trails, and inability to scale as reporting requirements expand. Organizations continuing to rely on manual processes face escalating costs and error rates as requirements intensify.

Siloed Implementation

Many organizations treat regulatory compliance as a discrete legal or sustainability function, disconnected from core business operations. This siloed approach fails to capture the strategic value of sustainability intelligence and creates duplicative data collection efforts. Less than 60% of companies have involved their technology functions in CSRD implementation, limiting the scalability and efficiency of compliance processes.

Reactive Monitoring

Organizations that wait for regulations to become final before initiating compliance preparations consistently find themselves overwhelmed. The two-year "Stop-the-Clock" directive extension for CSRD Wave 2 and 3 companies demonstrates that even regulators recognize preparation timelines were insufficient. Companies must shift from reactive monitoring to proactive scenario planning that anticipates regulatory trajectories.

Low-Confidence Topic Areas

Certain sustainability topics present persistent compliance challenges. Only 35% of companies report high confidence in biodiversity disclosures, 43% in pollution-related reporting, and 44% in value chain worker disclosures (PwC, 2024). These capability gaps require targeted capacity building and potentially external expertise.

Key Players

Established Leaders

SAP has integrated sustainability management modules into its enterprise resource planning platform, enabling companies to embed carbon accounting and regulatory reporting into core business processes. Their solutions support CSRD, ISSB, and GRI reporting frameworks with increasingly automated data collection from operational systems.

Workiva provides cloud-based compliance platforms specifically designed for sustainability reporting, with features supporting ESRS tagging, XBRL digital reporting formats, and collaborative workflow management across stakeholder groups.

Deloitte, PwC, KPMG, and EY have built substantial sustainability assurance and advisory practices, with each firm publishing extensive research on regulatory developments and providing implementation support to thousands of multinational clients.

MSCI delivers ESG ratings, climate data, and regulatory analytics that inform both corporate disclosure strategies and investor decision-making, serving as a critical intermediary in the sustainability information ecosystem.

Emerging Startups

Persefoni has emerged as a leading carbon accounting platform, raising over $100 million in venture funding to support enterprise-grade emissions measurement and disclosure aligned with PCAF, GHG Protocol, and major regulatory frameworks.

Watershed provides carbon measurement and reduction software specifically designed to address Scope 3 complexity, with integrations to major ERP systems and a focus on actionable decarbonization pathways.

Sweep offers a European-headquartered sustainability management platform with particular strength in CSRD compliance, double materiality assessments, and supply chain data collection.

Greenly focuses on making carbon accounting accessible to mid-market companies through automated data integration and simplified lifecycle assessment capabilities.

Key Investors

Breakthrough Energy Ventures, founded by Bill Gates, has invested substantially in climate technology including carbon accounting and sustainability intelligence platforms.

Generation Investment Management, co-founded by Al Gore, focuses on sustainable business models and has backed multiple companies developing regulatory compliance solutions.

TPG Rise Climate, with over $7 billion under management, invests in climate technology solutions including platforms that enable corporate sustainability compliance.

Examples

Unilever: Integrated Regulatory Intelligence

Unilever exemplifies mature regulatory intelligence capabilities, with dedicated teams monitoring sustainability policy developments across 190 countries of operation. The company's Sustainable Living Plan predated many current regulations, positioning compliance as a natural extension of existing governance. Unilever publishes detailed TCFD-aligned disclosures, has achieved third-party assurance on emissions data, and actively participates in regulatory consultation processes. Their approach demonstrates that companies treating regulation as an opportunity rather than obligation achieve competitive advantages in preparation time and stakeholder confidence.

Ørsted: Transformation-Aligned Compliance

Danish energy company Ørsted's transition from fossil fuels to renewable energy has been accompanied by leading sustainability disclosures. The company was among the first energy majors to adopt science-based targets and has used regulatory compliance as a framework for articulating its business transformation. Ørsted's experience illustrates how regulatory requirements can accelerate strategic repositioning when compliance is integrated with corporate strategy rather than treated as a separate workstream.

Microsoft: Technology-Enabled Scope 3 Management

Microsoft has invested heavily in technology infrastructure for sustainability compliance, including supplier engagement platforms, carbon accounting tools, and AI-enabled emissions estimation. The company requires carbon disclosure from suppliers and has established internal carbon pricing mechanisms that translate regulatory requirements into operational incentives. Microsoft's approach demonstrates the value of technology investment in managing the most challenging compliance requirements, particularly Scope 3 emissions across complex global supply chains.

Action Checklist

• Days 1-15: Establish Governance Foundation — Secure executive sponsorship, define cross-functional steering committee membership, and establish regular reporting cadence to board or audit committee. Assign clear ownership for regulatory monitoring across legal, sustainability, finance, and technology functions.

• Days 16-30: Complete Jurisdictional Assessment — Map current and planned operations against regulatory applicability thresholds for CSRD, California SB 253/261, ISSB-aligned requirements, and other relevant frameworks. Document triggering criteria (revenue, employee counts, listing status) and compliance timelines for each applicable regulation.

• Days 31-45: Conduct Gap Analysis — Assess current data availability, systems capabilities, and process maturity against regulatory requirements. Prioritize gaps by compliance timeline urgency and remediation complexity. Particular attention should be given to Scope 3 data, double materiality assessment capabilities, and assurance readiness.

• Days 46-60: Implement Monitoring Infrastructure — Establish systematic regulatory monitoring processes, including subscription to regulatory update services, participation in industry working groups, and direct engagement with regulators through consultation processes. Create internal protocols for assessing applicability of new requirements.

• Days 61-75: Deploy Technology Foundations — Select and begin implementation of sustainability data management platform capable of supporting multi-framework reporting. Prioritize integrations with ERP, procurement, and operational systems that will provide source data for disclosures.

• Days 76-90: Operationalize and Test — Conduct pilot disclosure preparation for highest-priority framework, identify remaining gaps, and establish continuous improvement processes. Develop training programs for functional teams and establish metrics for monitoring compliance program effectiveness.

FAQ

Q: How do we prioritize when facing multiple overlapping regulations?

A: Begin with the regulation carrying earliest compliance deadline and highest penalty exposure. For most multinational companies in 2025-2026, this typically means EU CSRD for entities with European operations, followed by California SB 253 for companies meeting revenue thresholds. Build compliance capabilities that maximize interoperability—for example, climate disclosures prepared under ESRS E1 can substantially inform ISSB S2 reporting with targeted supplementation.

Q: What is the realistic budget for establishing regulatory compliance capabilities?

A: Investment requirements vary substantially by company size and complexity. Mid-sized companies (5,000-10,000 employees) typically require $500,000-$2 million initial investment in systems, process design, and advisory support, with ongoing annual costs of $200,000-$500,000 for monitoring, reporting, and assurance. Large multinationals may invest $5-20 million in comprehensive compliance programs. The cost of non-compliance—including penalties, reputational damage, and capital access restrictions—typically exceeds compliance investment by substantial multiples.

Q: Should we wait for regulatory clarity before investing in compliance infrastructure?

A: Waiting is a high-risk strategy. The core requirements across major frameworks have substantially converged around greenhouse gas emissions disclosure, governance structures, risk management processes, and transition planning. Organizations that defer investment until regulations finalize consistently face compressed implementation timelines, premium advisory costs, and increased error rates. A platform approach that supports multiple frameworks provides optionality as regulatory details evolve.

Q: How do we address Scope 3 data gaps when supplier information is unavailable?

A: Regulators and frameworks explicitly acknowledge Scope 3 data challenges. CSRD allows use of modeled or estimated data with appropriate disclosure of methodologies. California's SB 253 provides safe harbor for good-faith efforts in initial reporting years. Begin with spend-based or average emissions factor approaches while building supplier engagement programs that will yield primary data over time. Document estimation methodologies transparently and develop improvement roadmaps that demonstrate progression toward activity-based calculations.

Q: What assurance requirements should we anticipate?

A: Limited assurance is the current standard across CSRD, California SB 253, and most ISSB-aligned jurisdictions. This requires external verification that nothing has come to the auditor's attention suggesting material misstatement. Reasonable assurance—requiring positive confirmation of accuracy—is anticipated under CSRD by approximately 2028. Organizations should design data management systems and internal controls to reasonable assurance standards now, as retrofitting controls after limited assurance implementation is significantly more expensive than building them initially.

Sources

• PwC. "Global CSRD Survey 2024: The Promise and Reality of CSRD Reporting." April-May 2024. https://www.pwc.com/gx/en/issues/esg/global-csrd-survey.html

• KPMG. "Survey of Sustainability Reporting 2024: The Move to Mandatory Reporting." November 2024. https://kpmg.com/xx/en/our-insights/esg/the-move-to-mandatory-reporting.html

• S&P Global. "Where Does the World Stand on ISSB Adoption?" June 2025. https://www.spglobal.com/sustainable1/en/insights/research-reports/june-2025-where-does-the-world-stand-on-issb-adoption

• European Commission. "Corporate Sustainability Reporting Directive." Finance Division. 2024. https://finance.ec.europa.eu/capital-markets-union-and-financial-markets/company-reporting-and-auditing/company-reporting/corporate-sustainability-reporting_en

• California Air Resources Board. "California Corporate Greenhouse Gas (GHG) Reporting and Climate Related Financial Risk Disclosure Programs." December 2025. https://ww2.arb.ca.gov/our-work/programs/california-corporate-greenhouse-gas-ghg-reporting-and-climate-related-financial

• IFRS Foundation. "Introduction to the ISSB and IFRS Sustainability Disclosure Standards." 2025. https://www.ifrs.org/sustainability/knowledge-hub/introduction-to-issb-and-ifrs-sustainability-disclosure-standards/

• Deloitte. "European Commission Proposes Reduction in Sustainability Reporting and Due Diligence Requirements." Heads Up Publication, March 2025. https://dart.deloitte.com/USDART/home/publications/deloitte/heads-up/2025/eu-commission-omnibus-proposal-sustainability-reporting-reduction-csrd