Environmental, Social, and Governance (ESG) compliance is no longer optional - it’s now a legal expectation under frameworks like the EU Corporate Sustainability Due Diligence Directive (CSDDD) and Corporate Sustainability Reporting Directive (CSRD). This checklist breaks down how to integrate ESG into due diligence processes, highlighting risks, aligning with regulations, and ensuring compliance.
Key Takeaways:
- ESG compliance focuses on evaluating risks in environmental impact, social practices, and governance.
- Regulatory frameworks like the CSRD (for companies with 250+ employees or €50M turnover) and CSDDD (for businesses with €450M global turnover) set clear thresholds for compliance.
- Effective ESG due diligence involves assessing climate risks, labour practices, supply chain transparency, and governance.
Steps Overview:
- Define ESG Scope: Focus on material risks relevant to your industry and supply chain.
- Align with Regulations: Identify applicable laws like CSRD, CSDDD, and EU Taxonomy.
- Stakeholder Engagement: Gather input from employees, suppliers, and regulators.
- Environmental Checks: Review emissions data, climate plans, and resource management.
- Social Metrics: Assess labour conditions, diversity, and data privacy.
- Governance Review: Evaluate board accountability, ethics, and anti-corruption measures.
- Supply Chain Due Diligence: Map suppliers, enforce ESG clauses, and monitor compliance.
This checklist simplifies ESG compliance, helping businesses meet legal requirements, reduce risks, and improve decision-making.
7-Step ESG Due Diligence Compliance Process
Pre-Due Diligence Preparation
Define ESG Assessment Scope
Start by setting clear boundaries for your ESG (Environmental, Social, and Governance) assessment. This ensures resources are directed toward material risks - those that significantly affect financial performance or regulatory obligations for your specific target. For example, a manufacturing firm might prioritise carbon emissions and raw material sourcing, while a financial services company would focus on data security and ethical lending practices.
When defining the scope, consider both entity boundaries and supply chain depth. Under the evolving 2026 regulatory framework, including the EU Corporate Sustainability Due Diligence Directive (CSDDD), starting with Tier 1 suppliers is now a standard approach. Expand to deeper supply chain tiers only when specific risks or "plausible information" suggest further investigation is needed.
Sector-specific factors also play a crucial role. For instance, real estate investments might require energy performance certificates and flood risk analyses, whereas manufacturing operations need a closer look at labour rights across production facilities. The key is to match your assessment goals with your ability to collect meaningful data. Overextending into areas where data is unavailable can lead to delays and weaken the process.
Align with Relevant Regulations
Understanding and aligning with applicable regulations is the next step. Begin by identifying which frameworks apply to your target based on its size, turnover, and jurisdiction. For example, the Corporate Sustainability Reporting Directive (CSRD) applies to companies with over 250 employees, €50 million in turnover, or €25 million in assets, covering around 50,000 companies. Meanwhile, the CSDDD applies to businesses with €450 million in global turnover, with phased implementation over several years.
Here’s a quick comparison of key regulations:
| Regulation | Primary Focus | Key Compliance Threshold |
|---|---|---|
| CSRD | Corporate sustainability reporting | 250+ employees, €50M turnover, or €25M assets |
| CSDDD | Supply chain due diligence | €450M turnover; phased rollout |
| EU Taxonomy | Sustainable activity classification | Alignment reporting from January 2024 |
| CBAM | Carbon pricing on imports | Full effect by 2026 |
Standardised frameworks like the European Sustainability Reporting Standards (ESRS) help streamline compliance by offering reporting templates. The EU Taxonomy, on the other hand, classifies sustainable activities across six environmental objectives. For private equity and venture capital firms, using ESG Due Diligence Questionnaires (DDQs) from groups like the Institutional Limited Partners Association (ILPA) or the UN-supported Principles for Responsible Investment (PRI) ensures a thorough review.
Timing is also critical. For instance, the "Women on Boards" directive mandates that large, publicly listed EU companies achieve 40% female representation in non-executive director roles by June 2026. Similarly, the Carbon Border Adjustment Mechanism (CBAM), which impacts carbon-intensive imports like steel and cement, will take full effect in 2026. Companies need to start tracking embedded emissions now to prepare.
Once the regulatory framework is clear, the next step is to engage stakeholders and rank risks according to these standards.
Stakeholder Engagement and Risk Prioritisation
Engaging both internal and external stakeholders is essential for identifying material ESG risks. Internal stakeholders - such as employees, management, and board members - can provide insights into governance structures and operational realities. Meanwhile, external stakeholders - including investors, regulators, suppliers, and customers - highlight expectations and potential areas of scrutiny.
Materiality assessments help convert stakeholder input into actionable priorities. Instead of addressing every possible ESG issue, focus on those with genuine financial, reputational, or regulatory consequences. Tools like heat maps can visually prioritise risks, distinguishing between issues that need immediate attention and those that can be monitored over time. It's worth noting that ESG scores for the same company can vary by up to 50% across different rating agencies, making internal assessments crucial.
Modern due diligence also values the "worker voice." This involves gathering direct feedback from employees and supply chain workers through surveys or interviews, capturing risks that might not show up in quantitative data. For example, these insights can reveal whether corporate policies are functioning effectively in practice.
Establishing governance oversight early is equally important. Define clear roles for the board and C-suite in managing ESG responsibilities. Cross-functional committees - spanning legal, compliance, HR, and operations - help ensure a coordinated approach. From the start, assign unique identifiers to entities like suppliers, factories, or portfolio companies. This enables consistent tracking and demonstrates compliance throughout the due diligence process.
This groundwork sets the stage for the detailed ESG evaluations that follow in subsequent sections.
sbb-itb-d63e044
Environmental Due Diligence Checklist
Climate Risks and Emissions Assessment
Start by requesting greenhouse gas (GHG) emissions data for the past three years, covering Scope 1, 2, and 3 emissions. Confirm the calculation standards used - most often the GHG Protocol - and check whether these figures have been independently verified or assured. This data provides a clear picture of the company's carbon footprint and helps gauge whether its reduction targets are actionable or overly optimistic.
Next, review the company’s emissions-reduction commitments. This includes science-based targets through the Science Based Targets initiative (SBTi), net-zero pledges, or participation in initiatives like "Race to Zero." Examine the climate transition plan for interim targets, funding strategies for decarbonisation, and measures to adapt to climate-related disruptions. A well-rounded plan focuses on cutting emissions directly, using offsets only as a last resort after all other reduction options have been explored.
Analyse physical, transition, and liability risks using scenario analysis and by reviewing regulatory and market changes. Physical risks might include flooding, wildfires, or rising sea levels that could damage infrastructure or disrupt operations. Transition risks involve new emissions laws, carbon tariffs, or shifting consumer preferences that could impact profitability. Liability risks could stem from greenwashing lawsuits or regulatory fines. Scenario analysis can test the business model under different climate futures, such as a rapid 1.5°C transition or a high-warming scenario.
Evaluate governance and accountability structures for climate risk. Determine if a board member or executive committee oversees climate matters and whether executive pay or shareholder dividends are tied to climate goals. Audit lobbying activities and trade association memberships to ensure they align with the Paris Agreement, avoiding reputational risks. Lastly, assess climate-related obligations in supplier contracts to understand the extent of supply chain decarbonisation. These insights are essential for building a complete ESG risk profile.
With climate risks addressed, the focus shifts to resource management and waste practices.
Resource Efficiency and Waste Management
Examine the company's water stewardship practices, including usage data and conservation efforts. Investigate how raw materials are sourced, paying attention to biodiversity impacts and land management practices. For businesses in agriculture or other land-intensive sectors, sustainable procurement policies that reduce deforestation risks are critical.
Look for progress towards circular economy principles. Evidence might include recycling programmes, refurbishment initiatives, and systems for resource recovery that go beyond basic waste disposal. Conduct on-site inspections of factories and distribution centres to assess the actual environmental impact and uncover liabilities that might not be documented. During these visits, check for proper waste segregation, safe storage of hazardous materials, and any signs of spills or contamination.
Verify that all environmental permits and licences are current, covering areas like air emissions, water discharge, waste management, and sewage. Review the company’s history of regulatory violations, remediation efforts, and any unresolved compliance issues. For real estate or infrastructure investments, assess properties against certifications such as BREEAM or LEED ratings. Additionally, examine financial records to ensure environmental liabilities - such as historical contamination or remediation obligations - are accurately reflected. These operational findings provide a more complete picture of environmental performance.
After operational assessments, confirm that compliance measures and permits are fully up to date.
Environmental Regulations Compliance
Begin with a Phase I Environmental Site Assessment (ESA) to identify Recognised Environmental Conditions (RECs) through historical records and site visits. If risks are found, proceed to Phase II testing for soil, groundwater, and air quality. RECs indicate the presence or potential presence of hazardous substances or petroleum products that could affect both valuation and liability. In the United States, thorough due diligence can offer legal protection under the Comprehensive Environmental Response, Compensation, and Liability Act (CERCLA/Superfund), even if contamination exists.
Evaluate compliance with key regulatory frameworks based on the target’s location and industry. For EU-based companies, check alignment with the Corporate Sustainability Reporting Directive (CSRD), the Sustainable Finance Disclosure Regulation (SFDR), and the EU Taxonomy Regulation. In the United States, focus on adherence to the Resource Conservation and Recovery Act (RCRA) for hazardous waste and CERCLA for land contamination. Request at least five years of environmental testing reports, cost estimates for future environmental programmes, and all correspondence with environmental authorities.
| Regulation/Standard | Jurisdiction | Primary Focus |
|---|---|---|
| CSRD / SFDR | EU | Corporate sustainability reporting and financial disclosures |
| CERCLA (Superfund) | USA | Liability for cleanup of contaminated sites |
| RCRA | USA | Management of hazardous and non-hazardous solid waste |
| GHG Protocol | Global | Standardised framework to measure and manage GHG emissions |
| EU Taxonomy | EU | Classification system for environmentally sustainable economic activities |
Investigate possible hidden environmental liabilities. This includes checking for underground storage tanks, historical dumpsites, and hazardous materials like asbestos, lead-based paint, or PCBs. Compare the company’s marketing claims and public commitments against taxonomy regulations to spot potential greenwashing risks, especially as regulatory scrutiny increases. Lastly, ensure any transition plans include science-backed interim targets rather than relying solely on unverified carbon offsets. These compliance checks are a vital part of the overall ESG risk assessment, shaping informed investment decisions.
Social Due Diligence Checklist
Labour Practices and Human Rights
Start by reviewing three years of employee health and safety records, including incident rates, lost-time injury frequencies, and near-miss reports to understand workplace safety trends and risks. Dive into fair wage policies to ensure employees are earning a living wage - not just the legal minimum - and check compliance with regulations on overtime, working hours, and rest periods. Confirm that the company has documented processes supporting freedom of association and collective bargaining.
When it comes to the supply chain, investigate how the company addresses human rights risks. This includes reviewing assessments for modern slavery, forced labour, and child labour, as well as evidence of community consultations. Check if the business conducts due diligence on its partners, joint ventures, and subsidiaries to monitor human rights issues across its entire network. Use external sources like the Business and Human Rights Resource Centre or the World Benchmarking Alliance to validate company-provided data. Additionally, assess whether the organisation has dedicated staff capable of meeting its human rights commitments and examine their track record in resolving past issues through corrective actions or redress mechanisms.
Once these elements are covered, shift focus to workforce diversity for a broader understanding of social metrics.
Diversity, Equity, and Inclusion (DEI)
Leverage the ILPA Diversity Metrics Template to gather demographic data, such as gender and ethnicity, across the workforce. Look into pay equity, inclusive hiring practices, and anti-discrimination policies to identify any unexplained wage gaps. Determine if the company has formal internal mechanisms - like equalities or corporate social responsibility committees - to oversee and implement its DEI obligations.
"The ILPA DDQ and Diversity Metrics Template are intended to standardise the key areas of inquiry posed by investors during their diligence of managers and to provide a framework for ongoing monitoring of progress related to DEI." – Institutional Limited Partners Association (ILPA)
Monitor the company's DEI progress over time using standardised questionnaires rather than relying on a one-off evaluation. Review both public and internal documents - such as annual reports, equality statements, and CSR reports - to ensure that stated DEI commitments align with actual practices. Apply a materiality framework to identify which DEI themes are most relevant to the company’s specific industry and operations.
With social metrics in hand, examine how the company handles data protection to complete the due diligence process.
Data Protection and Privacy
Verify the company’s adherence to the General Data Protection Regulation (GDPR) and other relevant data protection frameworks, as robust data privacy measures are a core part of ESG due diligence. Include targeted questions in the Due Diligence Questionnaire about data privacy policies, cybersecurity incident rates, and how customer complaints are resolved. Go beyond policy reviews to evaluate the effectiveness of cybersecurity measures and the company’s engagement with stakeholders on data usage.
Pay close attention to qualitative ESG report sections for mentions of data privacy or shifts in stakeholder concerns, particularly in industries like healthcare and technology where data privacy risks are higher. Confirm compliance with GDPR and other recognised frameworks such as GRI, SASB, ISSB, or CSRD, and use unique identifiers to track corrective actions on data privacy issues. This approach encourages using tools like AI to analyse qualitative data, such as worker feedback and grievance reports, to spot emerging privacy concerns before they escalate.
Getting started on the Corporate Sustainability Due Diligence Directive
Governance Due Diligence Checklist
A thorough governance review is critical to identifying and mitigating both operational and reputational risks during ESG due diligence.
Corporate Ethics and Transparency
Start by reviewing the company’s Code of Conduct - is it enforced effectively? Look into disclosures around political contributions, lobbying activities, and tax transparency records. Also, check whether ESG reporting aligns with established global frameworks like GRI, SASB, ISSB, or CSRD, and whether it undergoes independent third-party assurance.
"ESG due diligence has evolved from voluntary best practice to legal obligation under CSDDD, CSRD, and related frameworks." – Unmesh Sheth, Founder & CEO, Sopact
Pay special attention to the quality of disclosures. Does the company provide detailed sustainability reports with measurable targets, or are they limited to vague ethical claims? With the EU's Corporate Sustainability Due Diligence Directive (CSDDD) coming into effect - transposition by July 2027 and compliance for the largest companies by July 2028 - governance transparency is no longer optional; it’s a legal requirement.
Strong ethical practices are the backbone of effective board oversight.
Board Leadership and Accountability
Evaluate the independence and expertise of the board. Are there enough independent members? Do board members have relevant ESG expertise? Diversity is another critical factor - consider gender, ethnicity, and specialised skills when assessing board composition. Also, examine whether the board has committees dedicated to areas like audit, compensation, and sustainability oversight.
Look into how the board assesses its ESG performance. Are ESG-linked KPIs integrated into executive compensation plans? It’s important to see if these KPIs go beyond general goals and are tied to concrete financial outcomes. Additionally, review the board’s role in CEO selection, evaluation, and succession planning to understand how leadership accountability is managed. Management should also be assessed on broader metrics, including employee well-being and customer satisfaction.
Effective board leadership must work alongside strong anti-corruption measures.
Anti-Corruption and Compliance Frameworks
Examine the company’s anti-corruption policies and ensure there’s a senior compliance officer in place. Whistleblower systems should be secure, anonymous, and free from retaliation risks. Review the company’s internal controls and regulatory compliance history, including any past violations. Were corrective actions taken, and were they effective?
Be vigilant for red flags in financial records, cash transactions, or corporate structures that might indicate noncompliance. Pay extra attention to high-risk jurisdictions identified in corruption indices, and tailor your review for industries prone to corruption, such as banking, oil and gas, defence, or casinos.
"CSDDD demands evidence that your due diligence is effective at preventing harm - tracked longitudinally, with stakeholder perspectives included." – Unmesh Sheth, Founder & CEO, Sopact
Consider using unique identifiers to track governance compliance over time. This shifts the focus from one-time assessments to ongoing monitoring, enabling better tracking of corrective actions and long-term outcomes.
These governance evaluations are also essential when assessing third-party relationships and supply chain risks.
Supply Chain Due Diligence Checklist
Thorough supply chain assessments are essential for preventing disruptions, especially as over 70% of major business interruptions stem from supply chain risks that static annual reviews often miss. To ensure effective ESG (Environmental, Social, and Governance) compliance, it's important to map out your entire supplier network - including not just Tier 1 suppliers but also Tier 2 and Tier 3 subcontractors, where oversight can be weakest.
Third-Party ESG Risk Assessment
The first step is to divide your supplier base by level of importance and risk exposure. For key partners, carry out detailed annual reviews that cover:
- Environmental risks: These include carbon emissions, hazardous waste management, and adherence to international agreements like the Stockholm and Basel Conventions.
- Social risks: Issues such as forced or child labour, wage inequality, and health and safety conditions.
- Governance risks: These involve financial stability, anti-corruption policies, and tax compliance, including VAT fraud.
A 2021 study revealed that 80% of mid-size and large German companies were not adequately addressing supply chain due diligence before new legislation came into effect.
To evaluate suppliers, use weighted scorecards (scored 1–100) that assess financial health, ESG performance, and operational capabilities. Combine self-assessments from suppliers with independent reviews from third-party sources like EcoVadis, CDP, credit reports, and regulatory databases. For suppliers in high-risk industries - such as electronics or food and beverage - on-site audits are crucial. These audits should address industry-specific risks like conflict minerals or e-waste and include facility inspections and interviews with workers.
Once risks are identified, enforce standards through formal contractual agreements.
Supplier Compliance Requirements
ESG clauses in supplier contracts should require adherence to a code of conduct, restrict subcontracting, and allow for audits. Contracts should also outline clear consequences for non-compliance. Be alert to warning signs like overly complex supply chains, unrealistically low profit margins across multiple tiers, frequent leadership changes, or resistance to sharing information about subcontractors.
"Traditional business due diligence windows will rarely accommodate a robust assessment of a company's supply chain owing to its multi-tiered nature and complexity."
– Tomas Sys, UK M&A ESG Advisory Lead, Ramboll
To ensure ethical labour practices, confirm that suppliers conduct proper document checks to verify work eligibility and prevent instances of modern slavery. When non-compliance is identified, work with suppliers to create corrective action plans with clear deadlines, reserving termination for the most severe violations.
Monitoring and Reporting Mechanisms
Building on existing ESG monitoring practices, continuous tracking of supply chain activities is crucial for addressing risks as they arise. Automated tools integrated into ERP, procurement, and quality systems can streamline this process. Companies with robust monitoring systems report 40% fewer disruptions and 35% fewer product defects.
Set up early warning systems to flag financial instability, operational issues, or external reports of labour violations. Schedule quarterly reviews with key suppliers to evaluate their ESG scorecards and discuss plans for improvement.
Digital supplier portals can also help reduce administrative burdens on suppliers while improving data accuracy. For regulatory compliance, align reports with frameworks like CSRD, BRSR, CDP, and GRI. Organisations with strong due diligence programmes often achieve 25% better ESG ratings and see a 3–5× return on investment through efficiency gains and avoiding penalties.
Post-Assessment Integration
Completing an ESG assessment is just the beginning - the real challenge lies in turning those insights into meaningful, ongoing action. According to research, 59% of global dealmakers are willing to pay more for companies with strong ESG maturity, while 70% of private equity leaders anticipate higher valuations for businesses that successfully decarbonise during their holding period.
Document Findings and Develop Action Plans
Start by validating the scale, likelihood, cost, and benefit of each identified risk. Focus your documentation on ESG issues that directly influence the company’s business case. Establish clear baselines for current performance metrics - such as tonnes of CO₂e for Scope 1, 2, and 3 emissions, or the percentage of women in leadership roles. Use these baselines to develop KPIs tailored to each portfolio company.
The next step is embedding ESG findings into post-acquisition action plans. This ensures ESG considerations are immediately integrated into daily operations. Document these findings thoroughly and incorporate them into key agreements, such as the Sales Purchase Agreement (SPA). To drive accountability, tie executive compensation to the achievement of ESG targets.
"The overarching aim of an ESG Strategy is not only to manage risk and build resilience, but also to improve financial performance and create value." – UK Private Capital
Maintain a detailed audit trail connecting risk scores to their original sources. This is crucial for meeting regulatory requirements like those outlined in the Corporate Sustainability Due Diligence Directive (CSDDD). Implement tracking systems to link initial assessments with corrective actions and their outcomes over time.
ESG Reporting to Investment Committees
Once action plans are in place, formal reporting to investment committees becomes essential. Including ESG considerations in your investment committee criteria highlights its importance as a core part of your investment strategy. Standardise reporting by aligning it with established frameworks such as TCFD, SFDR, GRI, or SASB. This ensures consistency across investment committees and limited partners, helping to avoid discrepancies - especially since ESG scores for the same company can differ by up to 50% between rating providers.
To streamline this process, automate data collection and ingestion. This reduces the time spent cleaning data and allows for faster reporting, moving from weeks to near real-time updates.
Continuous ESG Monitoring and Improvement
Effective ESG strategies don’t stop at implementation - they require ongoing monitoring to ensure sustained improvement. Transition from one-time assessments to continuous tracking that provides a long-term view of ESG performance. Integrate ESG monitoring into existing board reporting systems and corporate KPIs, making it a natural part of business operations rather than a separate task. Assign clear responsibilities at both the firm and portfolio levels, with board-level sponsorship driving the ESG strategy.
"CSDDD demands evidence that your due diligence is effective at preventing harm - tracked longitudinally, with stakeholder perspectives included." – Unmesh Sheth, Founder & CEO, Sopact
Establish a regular cycle for reassessing risks, conducting in-depth reviews, setting KPIs, and monitoring progress. When performance falls short, create corrective action plans and assess whether these efforts lead to measurable improvements in subsequent periods. Companies with strong monitoring systems report 40% fewer disruptions and achieve returns of 3–5× through efficiency gains and penalty avoidance.
Conclusion
ESG compliance in due diligence has evolved from being a voluntary practice to becoming a legal requirement, especially under frameworks like the EU's Corporate Sustainability Due Diligence Directive (CSDDD). For the largest companies, compliance deadlines are set to begin in July 2028. Using a structured checklist not only ensures you meet regulatory demands but also helps uncover risks that often go unnoticed in traditional financial assessments - like carbon liabilities, labour exploitation, and corruption. This shift in compliance practices opens the door to measurable operational benefits.
The numbers speak for themselves: 71% of dealmakers report a growing focus on ESG, 59% are willing to pay premiums for businesses with strong ESG performance, yet 80% of assessment time is wasted reconciling disorganised data. A structured approach eliminates inefficiencies, allowing teams to focus on risks and opportunities that directly impact deal value.
"A thorough ESG due diligence process conducted by an M&A buyer and its representatives can help identify, mitigate, and potentially avoid regulatory and reputational risks as well as inform deal valuation and structure." – LexisNexis
This checklist goes beyond risk management. It provides a way to quantify ESG factors that enhance transaction value, such as resource efficiency and supply chain reliability, while offering the audit-ready documentation that regulators now require. By standardising ESG scoring across your portfolio, it ensures consistent tracking over time and smooth integration into post-acquisition plans. The result? Reduced risks, improved returns, and greater operational efficiency.
Professionals who integrate ESG compliance into their due diligence processes aren’t just safeguarding against potential pitfalls - they’re unlocking the valuation premiums and operational gains that come with sustainable, well-governed companies. This checklist is your guide to achieving those outcomes with precision and ease.
FAQs
Do we fall under CSRD or CSDDD?
Your company is subject to the CSDDD if it operates within the EU or generates a net EU turnover of €450 million or more, provided it also meets the required employee threshold. On the other hand, the CSRD is a different reporting directive that applies to many companies based in the EU. Since these directives have separate criteria, it's crucial to evaluate your organisation against the specific obligations of each.
How deep into the supply chain must due diligence go?
When assessing supply chains, it's essential to look beyond just your immediate suppliers. Digging into deeper tiers helps uncover potential ESG risks like human rights violations or environmental harm. The OECD provides guidance emphasising the need for this deeper investigation to ensure compliance and promote responsible practices.
What evidence should we keep to prove ESG compliance?
To show compliance with ESG standards, keep detailed records like environmental, social, and governance policies, risk assessments, audit reports, and any other relevant data. Having well-organised documentation not only supports transparency but also reinforces accountability during due diligence processes.
