ESG Enforcement Trends in 2026

ESG compliance is no longer optional - it’s mandatory. By 2026, governments worldwide have implemented strict sustainability reporting laws, shifting from voluntary goals to enforceable regulations. Key highlights include:

• Mandatory ESG Reporting: The EU's revised CSRD now applies to companies with over 1,000 employees and €450 million turnover, exempting smaller firms. California’s SB 253 requires Scope 1 and 2 emissions reporting by August 2026 for companies with $1 billion+ revenue.
• Increased Penalties: Greenwashing fines surged 237% globally (2022–2025), with over $4.8 billion issued for misleading claims. California imposes penalties up to $500,000 annually for non-compliance.
• Scope 3 Pressure: Large corporations require verified supplier data to meet Scope 3 emissions obligations, impacting smaller businesses indirectly.
• Criminal Accountability: The EU Environmental Crime Directive expands criminal liability for ESG violations, while California enforces stringent climate disclosure laws.

Businesses must now provide audit-ready data, align with stricter standards, and prepare for increased enforcement, including criminal investigations. Staying compliant requires integrated systems, third-party verification, and proactive supply chain oversight.

ESG Is Dead. Long Live Sustainable Governance; What Auditors Need to Know.

sbb-itb-e766981

Mandatory ESG Reporting Requirements

In March 2026, the regulatory landscape for sustainability reporting underwent significant changes. The EU Omnibus Simplification Package (Directive (EU) 2026/470) came into effect on March 19, 2026, altering the scope of the Corporate Sustainability Reporting Directive (CSRD). Now, only companies with over 1,000 employees and annual net turnover exceeding €450 million are required to report. This adjustment has exempted about 80% of previously covered companies from mandatory reporting requirements ^[6][7]. As FinancialRegulations.EU noted:

"The Omnibus is not a delay - it is a fundamental reduction in scope... it changes the permanent architecture of EU sustainability reporting" ^[6].

Across the Atlantic, California introduced its own climate disclosure laws, SB 253 and SB 261, which came into effect the same year. SB 253 applies to public and private companies with over $1 billion in global revenue that "do business" in California. This broad definition includes companies organized in California or those with California sales surpassing $735,019 (adjusted for inflation in 2024). The first disclosures for Scope 1 and 2 emissions are due by August 10, 2026 ^[12][15].

For mid-sized companies, the impact of these regulations varies by location. In the EU, firms falling below the new CSRD thresholds are shielded by a "value-chain cap", which limits excessive ESG data demands on smaller suppliers (those with fewer than 1,000 employees) from larger companies ^[6][8][10]. In the U.S., companies under the $1 billion threshold may still feel indirect pressure, as larger businesses subject to SB 253 will require Scope 3 emissions data from their suppliers starting in 2027 ^[15].

Enforcement mechanisms also differ. California imposes a maximum annual penalty of $500,000 for SB 253 violations ^[15], while EU member states can levy fines of up to €10 million or 5% of annual turnover for CSRD non-compliance ^[16]. Both jurisdictions now require limited third-party assurance, signaling a shift from voluntary efforts to audit-ready compliance ^[6][12][15].

EU Regulations: CSRD and CSDDD

The EU has revised its approach to sustainability reporting, emphasizing "regulatory proportionality" ^[8][11]. Under the updated CSRD, only companies meeting both the 1,000-employee and €450 million turnover thresholds are required to report. Listed small and medium-sized enterprises (SMEs), originally slated for inclusion in Wave 3, are now fully exempt ^[6][7].

The Corporate Sustainability Due Diligence Directive (CSDDD) has also been adjusted. Its thresholds have been raised to companies with more than 5,000 employees and €1.5 billion in global turnover. Additionally, its implementation date has been postponed to July 26, 2029, giving organizations more time to prepare ^[6][8]. Penalties for non-compliance are capped at 3% of a company's global turnover ^[7][9][10].

With these changes, companies must streamline their compliance processes. The number of required ESRS data points has been reduced by 70%, from 1,073 to around 320, and "reasonable assurance" has been replaced with "limited assurance" to cut verification costs ^[6][8]. As Jörgen Warborn of the Legal Affairs Committee remarked:

"Parliament has listened to the concerns expressed by job creators across Europe" ^[9].

EU Member States have until March 19, 2027, to integrate the revised CSRD rules into their national laws. Companies still within scope should align their data collection with the updated 320-point framework, expected by September 2026 ^[6]. For smaller suppliers outside the mandatory scope, the value-chain cap enables them to decline excessive data requests, relying instead on voluntary reporting templates like the Voluntary Sustainability Standard for SMEs (VSME) ^[8][10].

U.S. Regulations: California's SB 253 and SB 261

California's climate disclosure laws operate independently of federal oversight. Following the SEC's abandonment of its climate rules in 2025, California became the leading force in U.S. emissions reporting. SB 253 mandates annual disclosures of Scope 1, 2, and 3 greenhouse gas (GHG) emissions for companies with over $1 billion in global revenue, while SB 261 requires biennial climate-related financial risk reports for companies with over $500 million in revenue ^[12].

The broad "doing business" definition means that even companies with minimal physical operations in California may fall under SB 253. For example, a private company with $1.2 billion in global revenue and limited California sales would still be subject to the law ^[15]. Revenue verification relies on specific tax forms, such as Form 100 (corporations) or Form 568 (LLCs) ^[12].

The August 10, 2026 deadline for initial Scope 1 and 2 emissions disclosures has created urgency for affected companies ^[12][13]. For businesses not yet collecting emissions data as of December 2024, the California Air Resources Board (CARB) offers enforcement discretion. These companies can submit a "good faith" statement to CARB to avoid penalties for missing the 2026 deadline ^[12][14]. As Morgan Lewis partners Ari M. Selman and Rick R. Rothman explained:

"The initial regulation excuses from the duty to submit Scope 1 and Scope 2 emissions data by the 2026 deadline entities that were not collecting data or were not planning on collecting data at the time of the December 2024 Enforcement Notice" ^[14].

Enforcement of SB 261 remains paused due to a Ninth Circuit injunction in early 2026 ^[12][13]. Despite this, over 100 companies have voluntarily submitted climate risk reports, reflecting growing investor and customer demand for transparency ^[13].

By 2027, limited third-party assurance will also be required under SB 253 ^[12]. As noted by OneStop ESG:

"California's third-party assurance requirements mark a fundamental shift: ESG data must now be managed with the same rigour as financial data" ^[15].

To comply, companies must establish a GHG inventory following the GHG Protocol Corporate Standard ^[15]. Those not yet collecting emissions data should prepare formal statements for CARB to avoid penalties during the transition ^[12][14].

The differing approaches between the EU and California have created a "two-speed" compliance environment. While the EU has simplified its requirements and raised thresholds, California has maintained broad applicability with strict enforcement. Companies operating in both regions will need to navigate these differences carefully, often requiring separate systems and processes tailored to each framework.

Greenwashing Enforcement and Penalties

Regulators have ramped up their focus on financial services, especially in areas like ESG fund naming and sustainability-linked investments. This increased scrutiny is evident in the penalties issued globally. Between 2022 and 2025, authorities across the EU, U.S., and Canada imposed over $4.8 billion in fines for misleading environmental claims ^[2].

The Network for Greening the Financial System (NGFS) predicts that by 2028, greenwashing-related litigation and penalties could cost the global financial sector between $18 billion and $25 billion annually ^[2]. A notable example occurred in 2025 when Germany's financial regulator, BaFin, fined an asset manager €19 million for misrepresenting products under the Sustainable Finance Disclosure Regulation (SFDR) ^[2]. That same year, the Canadian Competition Bureau secured a record-breaking CAD 40 million penalty against a major petroleum company for deceptive net-zero advertising ^[2].

Consumer trust in brands is also waning. A 2025 survey revealed that 68% of North American consumers reduced purchases from companies they believed were greenwashing ^[2]. As highlighted by the Sustainability Atlas:

"Anti-greenwashing regulation has moved from the periphery of corporate compliance to the center of brand strategy, investor relations, and legal risk management" ^[2].

This growing regulatory focus has already led to significant financial consequences, as outlined below.

Major Greenwashing Penalties

Financial institutions have faced hefty fines for overstating their ESG credentials. In September 2023, the U.S. SEC reached a $25 million settlement with DWS Group over ESG fund misrepresentation ^[2]. This case set an important precedent: companies must ensure their marketing materials, investor presentations, and regulatory filings align with the actual processes used in portfolio construction and ESG screening.

Australia's Federal Court echoed this sentiment in March 2024, penalizing Vanguard Investments Australia Ltd $12.9 million for misleading claims about its "Ethically Conscious Global Aggregate Bond Index Fund." Despite promising to exclude fossil fuel-linked issuers, Vanguard failed to research or screen 46% of the securities in the fund against ESG criteria ^[18]. This case underscored the need for consistency in applying ESG standards across entire portfolios.

Carbon neutrality claims, in particular, are under intense scrutiny. Regulators now demand "competent and reliable scientific evidence" to support such claims and require the use of high-quality carbon offsets that meet strict criteria for additionality and permanence. Companies relying on offsets must adhere to the Integrity Council for the Voluntary Carbon Market (ICVCM) Core Carbon Principles ^[2].

Consumer Protection Laws and ESG

Regulators are also using consumer protection laws to hold companies accountable for misleading environmental claims. These laws now require rigorous proof for any environmental marketing statements. For instance, the EU's Empowering Consumers for the Green Transition (ECGT) Directive, effective September 2026, bans vague terms like "eco-friendly" or "green" unless backed by independent certification ^[19].

In the UK, the Digital Markets, Competition and Consumers Act 2024 (DMCCA) allows the Competition and Markets Authority (CMA) to fine companies up to 10% of their global turnover for deceptive environmental claims ^[19]. The law also holds brands accountable for misleading claims made anywhere in their supply chain, not just those they directly promote ^[19].

This approach was evident in mid-2025 when the Italian Competition Authority fined fashion retailer Shein €1 million for overstating the circularity and recyclability of its "evoluSHEIN by Design" collection ^[19]. As SJSteptoe LLP noted:

"Environmental claims must now be precise, verifiable and supported by credible evidence, and companies must strengthen supply chain due diligence" ^[19].

Canada has also introduced six core principles for environmental claims. These principles require claims to be truthful, thoroughly tested, specific, non-exaggerated, clear, and supported by actionable plans for future-looking statements ^[17]. With global frameworks converging, companies must now align with the strictest regional standards to avoid penalties ^[2].

Supply Chain Due Diligence and Criminal Enforcement

Criminal authorities in Europe and North America are now leveraging traditional white-collar crime tools - like fraud, money laundering, and tax evasion - to address violations tied to environmental, social, and governance (ESG) standards. This approach exposes growth-stage companies to potential criminal liability for the actions of their suppliers, impacting their business valuation ^[1]. The EU Environmental Crime Directive, which EU member states must adopt by May 21, 2026, broadens criminal liability for environmental offenses and enhances investigative powers ^[21]. Belgium has even introduced "ecocide" as a criminal offense, and France has already concluded six environmental-specific deferred prosecution agreements in just the first half of 2025 ^[23]. Meanwhile, Germany is actively investigating greenwashing allegations in the financial sector through criminal channels ^[1]. These developments signal an era of stricter supply chain compliance and increased criminal accountability.

Supply Chain Compliance Requirements

Industries like fashion, retail, and logistics face heightened scrutiny. In 2025, accusations of forced labor resulted in $20 billion in losses and a 62% surge in customs release orders under the UFLPA. U.S. Customs and Border Protection detained $2.1 billion worth of goods that year alone ^[20]. To release detained goods, companies must present convincing evidence proving they were not produced using forced labor. However, traditional audits are falling short - 41% of garment factories in South Asia were found to maintain dual record systems to mislead auditors, according to a 2025 study ^[20].

To address these challenges, companies are turning to advanced solutions like AI-driven risk screening and real-time worker voice technology. For instance, platforms like Altana AI analyzed over 1 billion trade records in 2025, uncovering 340% more potential forced labor indicators compared to manual assessments ^[20]. The Corporate Sustainability Due Diligence Directive (CSDDD) also requires companies to map supply chains down to Tier 3 for high-risk commodities like cotton, cocoa, palm oil, and minerals ^[20]. This includes establishing worker-accessible grievance mechanisms with clear timelines for responses and prioritizing corrective action over cutting ties with non-compliant suppliers ^[20].

Maram T. Salaheldin of Clark Hill PLC emphasized the importance of this shift:

"Businesses will need to set up the tools and due diligence measures necessary to meaningfully identify, assess, and address forced labor and other human rights risks in their supply chains with the same rigor as Foreign Corrupt Practices Act (FCPA) compliance" ^[3].

Such measures not only improve compliance but also reduce the risk of criminal liability.

Criminal Charges for ESG Violations

As compliance expectations grow, prosecutors are increasingly holding companies criminally accountable for supplier misconduct. This is particularly true when companies ignore warning signs or fail to establish adequate internal controls ^[1]. For example, in 2025, Italian authorities seized EUR 46 million from a global transportation company’s subsidiary over allegations of tax fraud and labor exploitation involving tiered intermediaries and cooperatives. This case highlighted the use of low-cost labor while evading social contributions - a practice under increasing scrutiny in sectors like logistics and construction ^[1].

France has taken a bold stance in this area. In January 2024, the French Supreme Court ruled that French courts have jurisdiction over international crimes against humanity committed by companies abroad ^[1]. This decision has empowered prosecutors to pursue cross-border cases involving human rights abuses in corporate supply chains. Environmental and climate-related violations are often brought to light by complaints from NGOs and civil society groups, requiring companies to prepare for simultaneous investigations across multiple jurisdictions ^[1].

The Netherlands, on the other hand, offers a strategic incentive for self-reporting. Companies that disclose violations and cooperate with investigations can receive up to a 50% reduction in fines (25% for self-reporting and 25% for cooperation) ^[22]. This underscores the importance of establishing clear self-disclosure protocols and maintaining thorough documentation to demonstrate transparency to regulators ^[24]. Dan Benguigui, Partner at A&O Shearman, highlighted this trend:

"While much enforcement to date has been regulatory, there is increasing interest in using criminal tools in serious cases" ^[1].

To navigate this evolving landscape, growth-stage companies should include flow-down provisions in supplier contracts to ensure sub-tier suppliers adhere to ESG standards ^[3]. Additionally, marketing, investor relations, and sustainability teams must collaborate with legal and internal audit departments to ensure that all ESG claims are well-documented and verifiable ^[1]. With the revised EU Product Liability Directive requiring mandatory disclosure of internal ESG documentation during litigation, companies must ensure their records are prepared for legal scrutiny ^[21].

Political and Litigation Risks in the U.S.

Businesses in the U.S. now face a fragmented regulatory environment, with Democratic and Republican attorneys general (AGs) pursuing opposing priorities when it comes to environmental, social, and governance (ESG) issues. Democratic AGs emphasize the importance of detailed ESG reporting as a tool for responsible investment, while Republican AGs argue that such disclosures can mislead shareholders or promote unfair practices. This political divide has turned ESG compliance into a complex challenge, requiring companies to navigate varying state-level regulations. Adding to the complexity, the current administration has rolled back several Biden-era environmental policies, leaving enforcement largely in the hands of state governments.

State-Level ESG Compliance Risks

Recent legal battles and settlements highlight the intensity of these state-level conflicts. Republican AGs are increasingly using antitrust and consumer protection laws to challenge what they see as coordinated ESG efforts. For instance, in February 2026, The Vanguard Group agreed to a $29.5 million settlement with 13 Republican AGs. As part of the agreement, Vanguard committed to a "passivity" plan, limiting its influence over ESG strategies. Texas AG Ken Paxton commented:

This will ensure that Vanguard's customers can make their voices known on portfolio companies' business, including whether companies should maximize profitability over ESG or other goals ^[25].

This settlement followed earlier actions, such as the Texas Permanent School Fund pulling $8.5 billion in assets from BlackRock in 2024, citing state laws prohibiting business with firms that "boycott" energy companies ^[28].

Proxy advisory firms have also been targeted. In November 2025, Florida AG James Uthmeier sued Institutional Shareholder Services Inc. (ISS) and Glass Lewis & Co. LLC, accusing them of violating the Florida Antitrust Act by promoting ESG issues without proper financial analysis. Uthmeier stated:

Florida is done allowing two unaccountable foreign-owned private corporations to manipulate shareholder votes behind closed doors ^[26].

In another move, a coalition of 10 state AGs, led by Uthmeier, issued warnings to nearly 80 companies involved in the U.S. Plastics Pact, claiming that collective efforts to reduce plastic use could be illegal "group boycotts" under antitrust laws ^[27]. Reinforcing this stance, FTC Chairman Andrew Ferguson remarked:

There is no ESG exemption from the antitrust laws ^[27].

The debate over Diversity, Equity, and Inclusion (DEI) programs has further deepened the divide. Republican AGs have cautioned Fortune 100 companies that DEI and affirmative action initiatives may amount to illegal race discrimination. On the other hand, Democratic AGs argue that these programs can mitigate litigation risks. A notable case occurred in February 2026, when a Missouri federal court dismissed a DEI-related lawsuit against Starbucks, ruling that the state had not demonstrated concrete harm ^[31]. This outcome highlights that not all AG-led challenges lead to successful enforcement.

These state-level dynamics are paving the way for a rise in greenwashing lawsuits across federal courts.

Increase in Greenwashing Litigation

Federal deregulation has created opportunities for private lawsuits targeting greenwashing claims. By early 2025, more than 150 greenwashing class actions were being tracked, with California and New York leading the charge ^[32]. These lawsuits are expanding into new areas, including "climate change wrongful death" claims and RICO violations tied to increasing insurance costs. In one high-profile case, a coalition of 16 state AGs launched an investigation in September 2025 into companies like Meta, Amazon, Microsoft, and Google. The investigation alleged that their "100% renewable energy" claims were misleading because they relied on unbundled renewable energy certificates (RECs) rather than actual energy consumption ^[26].

For growth-stage companies, conducting thorough jurisdictional risk assessments is critical. These assessments should evaluate the likelihood of facing adverse actions from both Republican and Democratic AG coalitions ^[29]. As Jonathan Lienhard, Partner at Holtzman Vogel, explained:

The mere fact that one or more state attorneys general have staked out a policy position on a particular issue doesn't compel a company to give credence to it absent an assessment that they are likely to take adverse action ^[29].

To mitigate risks, companies should also establish marketing review processes that ensure all environmental claims are backed by transparent and verifiable methodologies. Building bipartisan relationships with state AGs can further help companies navigate scrutiny and reduce the risk of legal challenges.

Key Takeaways for Growth-Stage Companies

Growth-stage companies are now navigating an environment of increased scrutiny, especially in Europe and the U.S. Voluntary ESG reporting has become a thing of the past, with large customers demanding audit-ready Scope 3 data. This shift requires complete traceability and management sign-off to meet expectations.^[1][4][5]

Compliance Strategies and Tools

To stay ahead, companies must integrate their marketing, investor relations, sustainability, legal, finance, and internal audit teams. This ensures that all ESG claims are backed by solid evidence and can stand up to verification.^[1] Public environmental statements need to be supported by verifiable data, and the days of relying on manual spreadsheets are over. Instead, companies should transition to centralized platforms that connect seamlessly with ERP and HRMS systems via API, making it easier to ensure data integrity for third-party audits.^[4]

Some leading firms are already leveraging advanced AI tools to streamline compliance. These tools automate XBRL tagging and calculate carbon footprints robust enough to pass regulatory audits.^[3] For California's SB 253 and SB 261, regulators may show leniency in 2026 if companies demonstrate "good faith efforts" to comply.^[30] To prepare, businesses should audit all public environmental claims and address any gaps in substantiation.^[2] Establishing internal protocols that require legal and sustainability teams to jointly sign off on environmental claims before publication can further safeguard against errors.^[2]

Supply chain governance also demands attention. Companies need to adopt risk-based, dynamic diligence processes that include clear escalation pathways, remediation protocols, and mandatory contractual clauses for third parties. A notable example occurred in 2025 when the Italian subsidiary of a global transportation company faced a €46 million asset seizure linked to alleged tax fraud and labor exploitation through tiered intermediaries.^[1]

Jurisdictional Risk Comparison

Regional risks vary, making tailored compliance strategies essential. Here's a snapshot of key regulations and their implications:

For companies operating in the U.S., the regulatory landscape can feel fragmented. Federal agencies are easing certain disclosure requirements, but states like California maintain aggressive mandates. As Dan Benguigui, Partner at A&O Shearman, noted:

While much enforcement to date has been regulatory, there is increasing interest in using criminal tools in serious cases.^[1]

Working with Expert Advisors

Given the complexity of these regulatory frameworks, working with expert advisors is more important than ever. These specialists help companies navigate the conflicting mandates between federal rollbacks and assertive state-level regulations.^[32] For example, advisors like Phoenix Strategy Group provide fractional CFO services and scalable ESG compliance frameworks, ensuring that marketing and investor relations align with legal and finance teams to produce verifiable statements.^[1]

Third-party verification has become critical, especially for claims related to carbon footprints and net-zero commitments. The demand for ESG assurance is growing rapidly, with PwC reporting a 45% year-over-year increase in engagements in 2025.^[2] Advisors also assist in upgrading carbon offset portfolios to meet ICVCM Core Carbon Principles.^[2] A cautionary tale: DWS Group's $25 million settlement with the SEC in 2023 over ESG fund misrepresentation highlights the increasing penalties for financial institutions.^[2]

For mergers and acquisitions, expert advisors play a key role in identifying risks like labor exploitation or tax fraud within target companies' subcontractors.^[1] They help establish litigation-aware review processes and set up investigation protocols to address complaints from NGOs, whistleblowers, and investors across multiple jurisdictions.^[1][32] With greenwashing-related litigation and regulatory penalties projected to cost the financial sector $18–25 billion annually by 2028, proactive engagement with advisors has become a critical part of risk management.^[2]

Conclusion

The year 2026 marks a turning point as ESG enforcement transitions from voluntary commitments to mandatory, enforceable obligations. Between 2022 and 2025, regulators worldwide imposed over $4.8 billion in penalties for unsupported environmental claims, while greenwashing-related enforcement actions surged by 237% globally during the same timeframe ^[2]. Companies can no longer depend on vague environmental promises or ambitious net-zero goals without proof - they must now back their claims with verifiable data and implement robust, audit-ready systems to stay compliant.

For growth-stage companies, the regulatory environment is anything but straightforward. Europe is ramping up criminal enforcement, while U.S.-based businesses face a dual challenge: strict state mandates like those in California, paired with federal-level resistance to ESG initiatives. The SEC’s 2026 Enforcement Manual makes it clear that simply complying with subpoenas won’t cut it - companies must actively self-monitor and report issues to gain cooperation credit. As Gurbir S. Grewal, former SEC Enforcement Director, highlighted:

"ESG issues are increasingly material to investors. It is therefore crucial that when companies speak about the host of issues that may fall under the rubric of ESG... they do so in a way that's not materially false or misleading." ^[33]

The risks extend far beyond regulatory fines. Companies are now being held accountable for their supply chains, increasing liability for third-party non-compliance. Individual executives are also under greater scrutiny, with enforcement efforts shifting focus from consumer products to financial services. By 2028, greenwashing-related penalties could cost the global financial sector between $18 billion and $25 billion annually ^[2]. These escalating risks highlight the urgent need for businesses to adopt integrated, cross-domain compliance strategies.

FAQs

Does my company fall under the EU CSRD or California SB 253?

Your company must comply with the EU CSRD if it is one of the 50,000+ businesses affected by the European Union's Corporate Sustainability Reporting Directive. Similarly, it falls under California SB 253 if it operates in California and is subject to the state's mandatory climate disclosure requirements. Both regulations highlight major shifts shaping the ESG reporting environment as we approach 2026.

How can we produce audit-ready ESG data without spreadsheets?

Ditching spreadsheets for managing ESG data is a smart move. Advanced data management systems can take over the heavy lifting by automating data collection, validation, and reporting. This not only boosts accuracy but also keeps you compliant with ever-changing regulations while cutting down on manual errors.

Specialized ESG platforms are designed to integrate seamlessly with your existing systems. They simplify workflows, provide real-time reporting, and help maintain consistency across the board. Pairing these tools with standardized metrics and independent verification strengthens your data's reliability. This approach makes audits smoother and helps build trust with stakeholders.

What counts as greenwashing under the new rules?

Greenwashing happens when companies make false or misleading environmental claims or fail to back up their statements with solid, science-based evidence. This can include exaggerating their eco-friendly practices or overstating their environmental achievements. With tighter regulations in places like the US, EU, and UK, the focus on transparency and accountability in environmental reporting has never been more critical.

Related Blog Posts

• Impact of SEC Climate Rules on Supply Chains
• Data Integration Trends in Financial Compliance 2025
• ESG Compliance in M&A: Due Diligence Guide
• Checklist for ESG Compliance in Emerging Tech