Written byHubSecure Climate & Compliance Team

Practical guides on governed climate execution, audit trails, and enterprise compliance workflows.

Reviewed byHubSecure Security & Compliance Review

Reviewed for accuracy, regulatory context, and product positioning.

Last updatedJuly 17, 2026

Checked against current HubSecure product positioning and regulatory landscape.

The period 2024–2026 marks the transition of carbon disclosure from voluntary to mandatory for a large proportion of the global enterprise population. Three major disclosure regimes are now in force or entering force — CSRD in the EU, ISSB S2 globally, and the SEC climate rules in the US — and they apply simultaneously to many multinational organisations.

Understanding the scope, requirements, and timeline of each regime is the starting point. Understanding what they share — and where they diverge — is what allows you to build a single compliant data infrastructure rather than three parallel reporting processes.

The 2026 Disclosure Landscape

RegimeIn scope fromWho is coveredAssurance required
CSRD (EU)FY2024 (large PIEs)Large EU companies + EU-listed; non-EU companies with EU revenue >€150M from FY2028Limited (FY2024–2027); Reasonable (FY2028+)
CSRD (EU)FY2025 (large non-PIE)~50,000 companies in scope by 2025Limited assurance
ISSB S2Adopted by jurisdictionCompanies in jurisdictions that have adopted ISSB (UK, Australia, Singapore, Japan, Canada, 20+ others by 2026)Per jurisdiction
SEC climate rulesFY2025 (large accelerated filers)SEC-registered companies; Scope 1 and 2 disclosure; Scope 3 if materialLimited assurance on Scope 1 and 2 from FY2026

CSRD: Scope and Requirements

The Corporate Sustainability Reporting Directive is the most comprehensive carbon disclosure regime currently in force. It requires disclosure under the European Sustainability Reporting Standards (ESRS), which include ESRS E1 (Climate Change) as a mandatory standard for all in-scope entities.

ESRS E1 requires:

  • Scope 1, 2, and 3 GHG emissions, calculated using GHG Protocol methodology
  • Disclosure of the percentage of Scope 3 calculated from primary data vs. secondary data
  • Climate targets aligned with the Paris Agreement (or an explanation of why not)
  • Physical and transition risk assessment, with material risks and opportunities identified
  • Carbon credits used: quantity, project type, registry, vintage year, and whether they carry Corresponding Adjustments
  • Energy consumption and mix by source (renewable vs. non-renewable)

ESRS E1 also requires disclosure of the governance arrangements around climate: who has oversight of climate risk, how climate is integrated into strategy, and how targets are cascaded and monitored. This is governance disclosure — it must be supported by evidence of actual governance, not just a policy statement.

ISSB S2: The Global Baseline

IFRS S2 (Climate-related Disclosures), published by the International Sustainability Standards Board, establishes a global baseline that is being adopted by jurisdictions accounting for the majority of global GDP. It is aligned with TCFD (Task Force on Climate-related Financial Disclosures) and incorporates GHG Protocol methodology.

ISSB S2 requires disclosure of physical and transition risks and opportunities, climate resilience strategy, governance, risk management integration, and metrics including Scope 1, 2, and 3 GHG emissions. It is designed to be applied alongside IFRS financial statements — which means it is subject to the same materiality framework and assurance standards as financial disclosures.

For organisations in ISSB-adopting jurisdictions, S2 is becoming the baseline minimum. CSRD is additive — it requires more than S2, but S2 compliance is a foundation for CSRD compliance.

SEC Climate Rules: US-Listed Companies

The SEC's climate disclosure rules (adopted March 2024, subject to ongoing litigation but progressively in effect) require US-listed companies to disclose:

  • Scope 1 and Scope 2 GHG emissions (mandatory for large accelerated filers from FY2025)
  • Scope 3 emissions if material or if the company has made Scope 3 commitments
  • Climate-related risks and their actual and potential financial impact
  • Governance and risk management for climate-related risks

Limited assurance on Scope 1 and 2 is required from FY2026. For multinational companies that are SEC-registered and CSRD-scoped, the combined requirements create the most demanding climate disclosure environment in history.

What Enterprise Teams Actually Need

Across all three regimes, the common infrastructure requirements are:

  • GHG inventory system: Scope 1, 2, and 3 calculation with GHG Protocol methodology, current emission factors, and primary-vs-secondary data tracking
  • Supplier evidence collection: Structured primary data collection from material suppliers with supporting documentation
  • Approval and governance trail: Evidence that material data points have been reviewed and approved by authorised individuals
  • Carbon credit ledger: For organisations using credits: documentation of provenance, retirement, and (for ESRS E1) Corresponding Adjustment status
  • Physical and transition risk assessment: Documented methodology, scenario assumptions, and material risk identification
  • Assurance-ready evidence: The ability to generate, on demand, a structured export of all supporting evidence for any data point in the report

The organisations that will find 2026 manageable are those that have spent 2024 and 2025 building this infrastructure — not those that start collecting data in January 2026 for a report due in April.

HubSecure provides the full stack: GHG inventory, supplier evidence collection, approval workflows, carbon credit ledger, and audit pack generation — integrated into a single governed workspace that produces assurance-ready evidence as work happens.

HubSecure

Climate Execution Platform

HubSecure captures climate evidence at the point of work — every action, approval, and supplier declaration becomes part of a continuous, verifiable audit trail. No annual scramble. No evidence gaps.

Book a demo → View modules