On October 7, 2023, California Governor Gavin Newsom signed into law landmark climate disclosure and financial reporting legislation: the Climate Corporate Data Accountability Act, (SB 253) and the Climate-Related Financial Risk Act (SB 261). Referred to as the Climate Accountability Package, these new California laws impose unprecedented reporting requirements on large U.S. public and private companies doing business in California including
- disclosure of Scope 1 and Scope 2 greenhouse gas (GHG) emissions beginning in 2026 and Scope 3 GHG emissions in 2027
- submission of biennial climate-related financial risk reports to the California Air Resources Board (CARB) beginning in 2026
The new laws are broader than the proposed rules issued by the U.S. Securities and Exchange Commission (SEC) in March 2022 that would require domestic and foreign registrants to include extensive climate-related disclosures in their registration statements and periodic reports. The SEC’s proposed rules would require all registrants, regardless of size, to disclose their direct GHG emissions (Scope 1) and indirect GHG emissions from purchased electricity and other forms of energy (Scope 2). In addition, registrants would be required to disclose indirect GHG emissions from the company’s value chain, known as Scope 3 emissions, if material or if the company has set Scope 3 emissions targets or goals. The SEC is expected to issue final rules before the end of the year. However, those rules will apply only to public companies, and it remains to be seen whether Scope 3 emissions disclosures will remain in the SEC’s final rules.
California’s Climate Accountability Package goes further, requiring both public and private U.S. companies doing business in California and generating over $1 billion in gross annual revenue to disclose their Scope 1, Scope 2, and Scope 3 GHG emissions to the state of California on an annual basis as well as to obtain third-party assurance of disclosures. Companies would also be required to evaluate their climate-related financial risk in accordance with the recommendations of the Task Force on Climate-Related Financial Disclosures (TCFD).
California’s new legislation sets the U.S. standard for climate-related disclosures and has the potential to reach every part of a company’s value chain.
California joins other jurisdictions in introducing disclosures regarding GHG emissions, notably the EU. In the EU, the requirements go considerably further, covering a climate transition plan as well as other sustainability topics, such as biodiversity, circular economy, pollution, and workers across the value chain. The EU legislation also requires companies to maintain sustainability processes and policies.
Climate Corporate Data Accountability Act (SB 253)
Who Is Covered?
SB 253 applies to “reporting entities,” which are defined as partnerships, corporations, limited liability companies, or other business entities formed under the laws of California or any other U.S. state or the District of Columbia or under an act of the U.S. Congress with total annual revenues exceeding $1 billion and doing business in California. As defined in existing law, “doing business” in California would include companies actively engaging in any transaction for the purpose of financial or pecuniary gain or profit within California, regardless of whether the company is domiciled in the state. A reporting entity’s revenue for the prior fiscal year will serve as the basis for determining whether the $1 billion annual revenue threshold has been met.
What Is Required?
A reporting entity will be required to disclose its Scope 1, Scope 2, and Scope 3 GHG emissions to California on an annual basis as well as to obtain third-party assurance of its disclosures. Scopes 1, 2, and 3 emissions are to be measured and reported in conformance with the Greenhouse Gas Protocol standards and guidance. As provided by the legislation, this will mandate expansive disclosure of GHG emissions across the company’s value chain:
- Scope 1 emissions means all direct GHG emissions that stem from sources that a reporting entity owns or directly controls, regardless of location, including, but not limited to, fuel combustion activities.
- Scope 2 emissions are indirect GHG emissions from consumed electricity, steam, heating, or cooling purchased or acquired by a reporting entity, regardless of location.
- Scope 3 emissions means indirect upstream and downstream GHG emissions, other than Scope 2 emissions, from sources that the reporting entity does not own or directly control and may include, but are not limited to, purchased goods and services, business travel, employee commutes, and processing and use of sold products.
GHG emissions data will be published on a digital platform featuring individual reporting entity disclosures as well as allowing consumers, investors, and other stakeholders to view aggregated data in a variety of ways, including over multiple years.
SB 253 also:
- requires a reporting entity to obtain an “assurance engagement” performed by a qualified independent third-party assurance provider and creates tiered levels of assurance to be provided in the assurance engagement; Scope 1 and Scope 2 emissions would be at a “limited assurance level” beginning in 2026 and at a “reasonable assurance level” beginning in 2030, and assurance for Scope 3 emissions would be required at a “limited assurance level” beginning in 2030
- authorizes CARB to seek administrative penalties up to $500,000 in a reporting year for violations of the Act; between 2027 and 2030, penalties assessed on Scope 3 emissions reporting may occur only for nonfiling
- establishes an annual fee for reporting entities to be set by CARB
- directs CARB to adopt regulations that would reduce duplication with federal and international reporting requirements, though it remains to be seen how much the agency regulations implementing SB 253 will streamline multiple reporting requirements
When Will Reporting Start?
Reporting entities are required to publicly disclose their Scope 1 and Scope 2 GHG emissions beginning in 2026 and Scope 3 GHG emissions in 2027. Unlike the SEC’s proposed rules on climate-related disclosures, there is no phase-in of the requirements based on the size of the reporting entity. Starting in 2027, Scope 3 emissions must be disclosed no later than 180 days after the reporting entity discloses its Scope 1 and Scope 2 emissions for the prior fiscal year.
Climate-Related Financial Risk Act (SB 261)
Who is Covered?
SB 261 applies to “covered entities,” which are defined as partnerships, corporations, limited liability companies or other business entities formed under the laws of California or any other U.S. state or the District of Columbia or under an act of the U.S. Congress with total annual revenues exceeding $500 million and doing business in California. As with SB 253, a covered entity’s revenue for the prior fiscal year will serve as the basis for determining whether the $500 million annual revenue threshold has been met.
The act does not apply to business entities subject to regulation by the California Department of Insurance or in the business of insurance in any other state. As noted in Section 1(i) of the act, the National Association of Insurance Commissioners, which includes California’s Insurance Commissioner, has adopted a new standard for insurance companies to report their climate-related risks in alignment with the TCFD. Accordingly, California legislators elected not to require the preparation of duplicative reports by California insurance companies.
What Is Required?
SB 261 requires covered entities to prepare and submit climate-related financial risk reports to CARB on a biennial basis (every other year). The report must disclose (i) the covered entity’s climate-related financial risks, in accordance with the recommendations of the TCFD, and (ii) measures adopted by the covered entity to reduce and adapt to climate-related financial risks.
SB 261 also:
- allows a covered entity, if it does not complete a report consistent with all required disclosures, to provide the recommended disclosures to the best of its ability, provide a detailed explanation for any reporting gaps, and describe steps it will take to prepare complete disclosures
- provides a covered entity with the option to prepare climate-related financial risk reports at the parent company level; a subsidiary is not required to prepare a separate climate-related financial risk report if consolidated reports are prepared
- requires a covered entity to make its climate-related financial risk report available to the public on its corporate website
- establishes an annual fee for covered entities to be set by CARB
- authorizes CARB to adopt regulations for imposing administrative penalties up to $50,000 per reporting year for violations
When Will Reporting Start?
The legislation currently requires that all covered entities must prepare a climate-related financial risk report and make it available to the public on its website by no later than January 1, 2026, with CARB adopting implementation regulations by January 1, 2025. As with SB 253, there is no phase-in of the requirements based on the size of the covered entity. It is expected that in the early months of 2024 the California legislature will propose cleanup legislation that will extend these deadlines.
Regardless of when the California reporting commences, any reporting a company does under any other standard must be done with the eye toward compliance in California as California public and private enforcers may enforce against any statement made in any forum if the company is also subject to the California reporting rules.
EU Comparative Perspective on Nonfinancial Reporting
In Europe, a similar trend relating to nonfinancial reporting has developed in the aftermath of the European Green Deal (EU Green Deal), the package of initiatives aimed at setting the EU on the path toward a green transition, with the ultimate goal of achieving climate neutrality by 2050.
The initiatives most recently taken as part of the EU Green Deal include the proposal for a Green Claims Directive (GCD; for a summary of the GCD initiative, please see our Sidley Update An ESG Wave: Environmental Claims Under Scrutiny in the EU) and the proposal for a Corporate Sustainability Due Diligence Directive (CSDDD; for a summary of the CSDDD proposal, please see our Sidley Update European Commission: Sweeping Rules for Corporate Sustainability Due Diligence). Moreover, the EU recently adopted the Corporate Sustainability Reporting Directive (CSRD; for a summary of the CSRD, please see our Sidley Update EU Corporate Sustainability Reporting Directive — What Do UK- and U.S.-Headquartered Companies Need to Know?).
In particular, the CSRD addresses nonfinancial reporting requirements, which were introduced already in 2014 with the Non-Financial Reporting Directive (NFRD). The CSRD amends the key legislation that formed the basis of nonfinancial reporting and ensures that companies report relevant information about their impact on people and the environment and about risks relating to environmental, social, and governance (ESG) issues.
The CSRD has a lower threshold than the California law. It applies to large EU companies, including EU subsidiaries of non-EU parent companies, meeting at least two of the following thresholds: an average of more than 250 employees, a balance sheet total of more than €20 million euros, and a net turnover of €40 million. The CSRD also applies to companies with securities listed on an EU-regulated market, irrespective of whether the issuer is established in the EU or a non-EU country. Additionally, the CSRD applies to non-EU companies having annual EU-generated revenues in excess of €150 million and with either a large or listed EU subsidiary or a significant EU branch.
The CSRD requires covered companies to disclose information necessary to understand the impact of the company’s activity on sustainability matters as well as how sustainability matters affect the company’s development, performance, and position. Specifically, companies must comply with detailed EU-side European Sustainability Reporting Standards (ESRS) that the European Commission will adopt with the support of the European Financial Reporting Advisory Group. A first set of the ESRS was adopted on July 31, 2023 (for a summary of this first set of the ESRS, please see our Sidley Update EU Adopts First Set of European Sustainability Reporting Standards — Critical Considerations for Companies in Scope of CSRD).
The CSRD must be transposed into national law by the member states by July 6, 2024. Subject to the implementing legislation, companies already within the scope of the NFRD will be required to collect data for financial years starting on January 1, 2024, with the first report to be issued in 2025. Other large EU companies not subject to the NFRD and small and medium-size entities will be required to issue their reports in 2026 and 2027, respectively.
Next Steps
The following practical guidance is provided for consideration by public and private companies.
- Evaluate how the new laws affect your future disclosures. Public companies should begin assessing the gaps between climate-related information they currently disclose, inside and outside of SEC filings, and what will be required under SB 253 and SB 261. Private companies should assess the gaps between climate-related disclosures in voluntary reports, such as ESG or sustainability reports, and California’s new requirements. These gaps could be significant for many companies. In addition, many companies that have to date been partially compliant with TCFD in climate-related disclosures may need to rework their approach or disclose more information to satisfy the disclosure requirements that are derived from the TCFD reporting framework.
- Evaluate how the new laws affect your operations. While the California laws pertain primarily to disclosure and preparation of a climate-related financial risks report, they may affect operations, as companies will be compelled to take actions, to the extent they are not doing so already, to have monitoring, accounting, planning, and governance practices in place so that required disclosures can be made and risk reports prepared. Companies should also consider whether sustainability requirements in other jurisdictions, notably the EU, will apply and, if so, the requirements they impose.
- Identify the obligations that will be challenging for your enterprise to meet. Many of the disclosure requirements will create new challenges for public and private companies that have not made these disclosures in the past, including the new assurance requirements applicable to disclosures of Scope 1, Scope 2, and Scope 3 emissions.
- Evaluate whether your enterprise is subject to other climate disclosure obligations. Besides the California laws, and the proposed SEC climate-related disclosure rules, the EU and UK also have started to adopt climate and financial risk disclosures obligations. In the EU, the CSRD and Corporate Due Diligence Directive will require non-EU companies, subject to turnover and employee thresholds, to report on GHG emissions. Enterprises should begin assessing whether they are, or will be, in scope of multiple disclosure obligations and ensure data integrity and alignment among various disclosures.
- Line up assurance firms and advisers as needed. As the new laws require assurance of climate-related information, companies may need to evaluate the capabilities of their current service providers to supply these services and, if necessary, line up providers to fill gaps and needs. Changes in operations and disclosures may necessitate the engagement of new expertise, both inside and outside of the company, related to management, operations, and legal ramifications related to the new disclosures and any new operational initiatives designed to support them. Companies may additionally wish to assess the expected costs of increased engagement with outside advisers.
Attorney Advertising—Sidley Austin LLP is a global law firm. Our addresses and contact information can be found at www.sidley.com/en/locations/offices.
Sidley provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship. Readers should not act upon this information without seeking advice from professional advisers. Sidley and Sidley Austin refer to Sidley Austin LLP and affiliated partnerships as explained at www.sidley.com/disclaimer.
© Sidley Austin LLP