Short summary
2026 is the year that carbon disclosure requirements transition from voluntary to mandatory for most large enterprises. CSRD, ISSB S2, and SEC climate rules have different scope and requirements — but they converge on common data standards. This guide maps the requirements and what you need to meet them.
- Which organisations are in scope for CSRD, ISSB S2, and SEC climate rules in 2026
- The specific data, methodology, and assurance requirements of each regime
- Where the three regimes converge and where they diverge
- The practical infrastructure required to meet all three simultaneously
The period 2024–2026 marks the transition of carbon disclosure from voluntary to mandatory for a large proportion of the global enterprise population. Three major disclosure regimes are now in force or entering force — CSRD in the EU, ISSB S2 globally, and the SEC climate rules in the US — and they apply simultaneously to many multinational organisations.
Understanding the scope, requirements, and timeline of each regime is the starting point. Understanding what they share — and where they diverge — is what allows you to build a single compliant data infrastructure rather than three parallel reporting processes.
The 2026 Disclosure Landscape
| Regime | In scope from | Who is covered | Assurance required |
|---|---|---|---|
| CSRD (EU) | FY2024 (large PIEs) | Large EU companies + EU-listed; non-EU companies with EU revenue >€150M from FY2028 | Limited (FY2024–2027); Reasonable (FY2028+) |
| CSRD (EU) | FY2025 (large non-PIE) | ~50,000 companies in scope by 2025 | Limited assurance |
| ISSB S2 | Adopted by jurisdiction | Companies in jurisdictions that have adopted ISSB (UK, Australia, Singapore, Japan, Canada, 20+ others by 2026) | Per jurisdiction |
| SEC climate rules | FY2025 (large accelerated filers) | SEC-registered companies; Scope 1 and 2 disclosure; Scope 3 if material | Limited assurance on Scope 1 and 2 from FY2026 |
CSRD: Scope and Requirements
The Corporate Sustainability Reporting Directive is the most comprehensive carbon disclosure regime currently in force. It requires disclosure under the European Sustainability Reporting Standards (ESRS), which include ESRS E1 (Climate Change) as a mandatory standard for all in-scope entities.
ESRS E1 requires:
- Scope 1, 2, and 3 GHG emissions, calculated using GHG Protocol methodology
- Disclosure of the percentage of Scope 3 calculated from primary data vs. secondary data
- Climate targets aligned with the Paris Agreement (or an explanation of why not)
- Physical and transition risk assessment, with material risks and opportunities identified
- Carbon credits used: quantity, project type, registry, vintage year, and whether they carry Corresponding Adjustments
- Energy consumption and mix by source (renewable vs. non-renewable)
ESRS E1 also requires disclosure of the governance arrangements around climate: who has oversight of climate risk, how climate is integrated into strategy, and how targets are cascaded and monitored. This is governance disclosure — it must be supported by evidence of actual governance, not just a policy statement.
ISSB S2: The Global Baseline
IFRS S2 (Climate-related Disclosures), published by the International Sustainability Standards Board, establishes a global baseline that is being adopted by jurisdictions accounting for the majority of global GDP. It is aligned with TCFD (Task Force on Climate-related Financial Disclosures) and incorporates GHG Protocol methodology.
ISSB S2 requires disclosure of physical and transition risks and opportunities, climate resilience strategy, governance, risk management integration, and metrics including Scope 1, 2, and 3 GHG emissions. It is designed to be applied alongside IFRS financial statements — which means it is subject to the same materiality framework and assurance standards as financial disclosures.
For organisations in ISSB-adopting jurisdictions, S2 is becoming the baseline minimum. CSRD is additive — it requires more than S2, but S2 compliance is a foundation for CSRD compliance.
SEC Climate Rules: US-Listed Companies
The SEC's climate disclosure rules (adopted March 2024, subject to ongoing litigation but progressively in effect) require US-listed companies to disclose:
- Scope 1 and Scope 2 GHG emissions (mandatory for large accelerated filers from FY2025)
- Scope 3 emissions if material or if the company has made Scope 3 commitments
- Climate-related risks and their actual and potential financial impact
- Governance and risk management for climate-related risks
Limited assurance on Scope 1 and 2 is required from FY2026. For multinational companies that are SEC-registered and CSRD-scoped, the combined requirements create the most demanding climate disclosure environment in history.
What Enterprise Teams Actually Need
Across all three regimes, the common infrastructure requirements are:
- GHG inventory system: Scope 1, 2, and 3 calculation with GHG Protocol methodology, current emission factors, and primary-vs-secondary data tracking
- Supplier evidence collection: Structured primary data collection from material suppliers with supporting documentation
- Approval and governance trail: Evidence that material data points have been reviewed and approved by authorised individuals
- Carbon credit ledger: For organisations using credits: documentation of provenance, retirement, and (for ESRS E1) Corresponding Adjustment status
- Physical and transition risk assessment: Documented methodology, scenario assumptions, and material risk identification
- Assurance-ready evidence: The ability to generate, on demand, a structured export of all supporting evidence for any data point in the report
The organisations that will find 2026 manageable are those that have spent 2024 and 2025 building this infrastructure — not those that start collecting data in January 2026 for a report due in April.
HubSecure provides the full stack: GHG inventory, supplier evidence collection, approval workflows, carbon credit ledger, and audit pack generation — integrated into a single governed workspace that produces assurance-ready evidence as work happens.
Climate Execution Platform
HubSecure captures climate evidence at the point of work — every action, approval, and supplier declaration becomes part of a continuous, verifiable audit trail. No annual scramble. No evidence gaps.