California has long been at the forefront of environmental legislation, and that trend continues with the passing of its latest climate disclosure laws.
On October 7, 2023, Governor Newsom signed into law California Senate Bill 253 (“SB 253”), the Climate Corporate Data Accountability Act, and Senate Bill 261 (“SB 261”), the Climate-Related Financial Risk Act, which together comprise the core of California’s “Climate Accountability Package.” Both laws aim to increase transparency and accountability for companies operating within the state. In this guide, we dive into what these laws entail, their impact on businesses, and how to ensure compliance.
California’s new climate disclosure laws align with global initiatives such as the Task Force on Climate-related Financial Disclosures (TCFD) and the Sustainability Accounting Standards Board (SASB), which aim to standardize reporting and increase transparency around climate risk and impact reporting.
Although many companies already tout their efforts in responding to climate change, it’s challenging to verify accuracy without a standard for comparison. Approximately two-thirds of companies in the S&P 500 voluntarily report their carbon emissions and carbon management plans to CDP, according to the latest statistics. Of the top 25 food and beverage companies, 88% have made commitments in line with the Science Based Target Initiative to reduce their carbon footprints.
All of this has led to increased attention and scrutiny, with regulators turning to disclosure mandates and creating reporting obligations to be able to compare and standardize efforts across the board.
Reporting requirements have already come out in the European Union, the United Kingdom, New Zealand and Brazil, and the United States is quickly following suit.
The passage of the Climate Corporate Data Accountability Act and the Climate-Related Financial Risk Act marks the first time that large corporations—whether publicly-traded or privately-held—are going to be required to make public their impact on the environment, including their Scope 3 supply chain emissions. Below are their key requirements:
The Climate Corporate Data Accountability Act impacts any business with over a billion dollars in revenue that does business in California. The Climate-Related Financial Risk Act impacts any business with over 500 million dollars in revenue that does business in California. So if a company’s impacted by the Climate Corporate Data Accountability Act, they’ll also be impacted by the Climate-Related Financial Risk Act.
The Climate Corporate Data Accountability Act requires the reporting of Scopes 1, 2, and 3 greenhouse gas emissions. Scope 1 involves emissions from sources that a business directly owns or controls. Scope 2 is any emissions from electricity and energy sources that a company purchases, and Scope 3, which is often the hardest to measure and usually the largest proportion of a company’s greenhouse gas footprint, is emissions from the supply chain. Scope 3 emissions are from indirect sources that the business does not own or control.
For the Climate-Related Financial Risk Act, the disclosures involve what are considered material risks to the company’s immediate and long-term financial outcomes as set out by the Task Force on Climate-Related Financial Disclosures. Companies will need to report on such material risks as well as any measures that have been adopted to reduce or adapt to them.
The Climate Corporate Data Accountability Act requires that Scope 1 and 2 emissions are reported starting in 2026, looking back to the impact and emissions from the prior year. Scope 3 emissions have to be reported starting in 2027, and will look back on an entity’s operations in 2026.
Reporting for the Climate-Related Financial Risk Act begins in 2026, and continues every 2 years after that.
As the Climate Corporate Data Accountability Act is currently written, reporting companies will need to provide what is considered “limited assurance” from a third-party assurance provider for their Scopes 1 and 2 emissions beginning in 2026. Limited assurance is expressed in the negative, where an assurance provider can say nothing has come to its attention that leads it to believe a material error exists with the reported disclosure.
The requirement will be scaled to “reasonable assurance” starting in 2030, which is more robust. Reasonable assurance requires the third-party assurance provider to comment in the affirmative, i.e. say there is no material misstatement in the disclosure.
For scope 3 disclosures, assurance requirements won’t come into effect until 2030, and will likely follow a limited assurance standard.
The Climate-Related Financial Risk Act is a bit more general in its requirements. For verification, the law requires simply that the risk disclosure is verified by an independent third-party.
Companies risk fines of up to $500,000 for non-compliance with the Climate Corporate Data Accountability Act.
Companies risk fines of up to $50,000 for non-compliance with the Climate-Related Financial Risk Act.
Now that the Climate Corporate Data Accountability Act has passed, it’s now up to the state agency known as the California Air Resources Board (CARB) to set the regulation specifics on how to implement the law into practice. They will provide more granular insights on the exact reporting timeline: when specifically in 2026 the reporting needs to start, what the third-party assurance provider’s credentials need to look like, what verification process the third-party has to undertake, etc.
As for the Climate-Related Financial Risk Act, CARB needs to give itself the authority to levy the aforementioned fine for non-compliance.
The California climate laws are particularly noteworthy in the United States because they impact a large swath of companies (over 5000 companies will be impacted). In addition, these laws are going into effect at the state level while federal proposals, such as that from the U.S. Securities and Exchange Commision (SEC) are still being debated and finalized. One key difference is that California’s laws affect not just public companies like the SEC’s proposal would, but also private companies.
Another distinction involves Scope 3 emissions. While the Climate Corporate Data Accountability Act clearly requires Scope 3 emission reports, the SEC is still debating whether it will ask for such information from public companies. In fact, when this requirement was included in the SEC’s initial proposal, it resulted in a lot of pushback from certain industries and companies. This has left observers wondering if the SEC will dial back such requests in its final rule.
The California laws are akin to the EU’s Corporate Sustainability Reporting Directive (CSRD), which passed last year. They have a similar framework: they’re tied to the Greenhouse Gas (GHG) Protocol, with similar approaches to communicating both emissions and climate-related risk.
Key differences between the CSRD and the California laws include the revenue standards that would make a company subject to each. Companies operating in the EU are subject to the CSRD, if their revenue is over $40 million and they have more than 250 employees, which is obviously a lower threshold than what is required in California. Another distinction is that while California’s laws focus only on climate reporting, the CSRD also has additional requirements related to a company’s impact on biodiversity, pollution, and society more generally.
There are several things companies can do to prepare for the new California climate reporting requirements. Consider the following:
Climate reporting should not be the responsibility of any one company function. Rather, it should be embedded across the entire organization. Food companies should consider how to establish a cross-functional team that leverages management, operations, legal, finance, and any other key stakeholders, so that the act of reporting is owned across several groups. This team should then consider which internal systems and protocols need to be designed from a data governance and disclosure perspective to meet the requirements of these laws.
In addition, companies should identify appropriate outside advisors to help with the reporting process. For example, when looking for third-party data providers, consider the integrity and sources of scientific evidence they would be leveraging, along with which international frameworks and standards they follow, i.e. the GHG protocol or the TCD, when providing services. Understand how often they review and update their research and data. For food companies, in particular, confirm that the providers focus and specialize in agricultural production, can incorporate data for raw materials as well as processed materials in a supply chain, can integrate supplier-level data at scale, and can incorporate location-specific and crop-specific data, because all of these metrics will impact the ultimate calculations.