California’s New Climate Laws Are Changing How ESG Actually Works
Climate disclosure has matured rapidly over the past decade.
Globally, standards consolidated under the International Sustainability Standards Board have established a clearer baseline for how organisations measure emissions, assess climate risk, and disclose impacts in a decision-useful way. This direction is increasingly aligned with financial reporting expectations and investor scrutiny.
In the United States, however, progress has been uneven.
Disclosure has evolved through voluntary adoption and fragmented requirements. Even with the U.S. Securities and Exchange Commission, scope limitations and legal challenges have slowed the emergence of a consistent, enforceable baseline.
California’s new climate laws are designed to close that gap.
They do not expand ESG. They redefine it as a system that must stand up to verification, audit, and financial scrutiny.
Most organisations are not structurally prepared for this shift.
Climate reporting today is still largely built on fragmented data, manual processes, and estimation-heavy methodologies, particularly for Scope 3. These approaches may support disclosure, but they do not meet the threshold required for assurance.
What California is changing
California’s approach is direct.
If climate data influences decisions, it must be comparable.
If climate risk is material, it must be reflected in financial disclosures.
If organisations make climate claims, they must be able to substantiate them.
This is embedded across three laws:
- SB 253 requires disclosure of Scope 1, Scope 2, and Scope 3 emissions for companies with over USD 1 billion in annual revenue doing business in California, with reporting expected from 2026 and assurance introduced in phases, moving towards reasonable assurance.
- SB 261 applies to companies with over USD 500 million in revenue, requiring disclosure of climate-related financial risks, mitigation strategies, and their implications for operations and financial performance.
- AB 1305 requires transparency and substantiation for claims related to carbon neutrality, net zero, and offsets, increasing exposure to regulatory and reputational risk where claims cannot be supported.
These laws formalise expectations that have existed in principle but not in enforcement.
They bring climate disclosure into a framework that resembles financial reporting, where completeness, accuracy, and auditability are expected rather than assumed.
Why this moves beyond California
Applicability is based on doing business in California, not where a company is headquartered.
This brings a significant number of global organisations into scope, particularly those with large consumer markets, operations, or supply chain exposure in the state.
The second-order impact is more consequential.
Large companies will require emissions data from suppliers at a level of granularity that many suppliers are not yet equipped to provide. This will drive a cascading requirement across value chains, extending expectations well beyond regulated entities.
Over time, this creates a de facto global baseline.
Organisations that align early will be better positioned not only for compliance, but for maintaining access to markets, capital, and customers who increasingly expect verifiable climate data.
Where organisations are least prepared
Most organisations already disclose climate information.
What they have not built is consistency, traceability, and financial integration.
Scope 3 emissions continue to rely heavily on estimates and proxy data rather than supplier-specific inputs. Climate risks are often described qualitatively but are not embedded in financial planning, scenario analysis, or capital allocation decisions. Public climate claims are frequently disconnected from the methodologies and data that underpin them.
Under California’s requirements, these gaps become visible and material.
The issue is no longer whether organisations disclose, but whether they can demonstrate that their disclosures are complete, consistent, and supported by verifiable evidence.
The assurance shift
A defining feature of SB 253 is the introduction of assurance, progressing from limited to reasonable assurance over time.
This fundamentally changes the standard of readiness.
Organisations will need to demonstrate that emissions data is captured consistently across operations and value chains, that methodologies are documented and applied uniformly, and that reported figures can be traced back to source data.
This introduces audit exposure similar to financial reporting. It also introduces direct financial exposure.
Climate disclosures are increasingly being scrutinised alongside financial statements, bringing them into the purview of CFOs, audit committees, and external auditors. Inaccurate or unsupported data is no longer a reporting issue, but a potential financial and governance risk.
Inconsistent data, undocumented assumptions, and manual processes will not withstand scrutiny. The cost of remediation post-disclosure is likely to exceed the cost of building robust systems upfront.
This is not achievable through spreadsheets or fragmented tools.
It requires structured, system-driven data environments designed for auditability from the outset.
This represents a structural shift from disclosure-led reporting to control-led reporting.
How this aligns with global direction
California is not creating a new direction. It is accelerating enforcement of an existing one.
Global standards like IFRS have already established expectations around consistency, comparability, and financial relevance of climate disclosures.
What has varied across jurisdictions is enforcement and accountability.
California addresses that gap at scale, signalling a shift from voluntary alignment to regulated, verifiable reporting. This is likely to influence regulatory approaches in other markets over time.
What this means at an executive level
This is no longer a sustainability function issue.
It sits across finance, risk, operations, and governance.
What organisations should be doing now
Organisations that are progressing effectively are focusing on building capability rather than producing one-off disclosures.
This includes:
- integrating emissions data across operations and supply chains, with clear data ownership and governance
- embedding climate risk into financial planning, scenario analysis, and investment decision-making
- aligning internal processes and controls with assurance requirements, including documentation and audit trails
- reviewing all public climate claims to ensure they are supported by defensible methodologies and verifiable data
This work spans sustainability, finance, risk, and operations.
It is as much a transformation of internal systems and processes as it is a reporting exercise.
What organisations should be doing now
Organisations that are progressing effectively are focusing on building capability rather than producing one-off disclosures.
This includes:
- integrating emissions data across operations and supply chains, with clear data ownership and governance
- embedding climate risk into financial planning, scenario analysis, and investment decision-making
- aligning internal processes and controls with assurance requirements, including documentation and audit trails
- reviewing all public climate claims to ensure they are supported by defensible methodologies and verifiable data
This work spans sustainability, finance, risk, and operations.
It is as much a transformation of internal systems and processes as it is a reporting exercise.
The CCR perspective
The shift underway is operational and systemic, and most existing tools and processes are not designed for it.
Most platforms enable reporting. Very few are designed to withstand assurance.
Organisations are moving from fragmented reporting processes to integrated, assurance-ready data environments that support both compliance and decision-making.
At CCR, this transition is enabled through a combination of advisory expertise and a purpose-built intelligence platform designed for audit-ready climate reporting.
CCR’s approach is built on an assurance-first architecture, where data integrity, traceability, and audit readiness are embedded from the outset rather than retrofitted at the point of disclosure.
This includes:
- establishing end-to-end audit trails that connect reported figures directly to source data across systems and suppliers
- implementing automated data pipelines that reduce manual intervention, improve data quality, and support continuous reporting readiness
- embedding AI-driven validation to identify anomalies, inconsistencies, and gaps before disclosure and assurance processes begin
- designing system architectures aligned with assurance requirements, ensuring methodologies, assumptions, and calculations are consistently applied and documented
With a global presence and experience across regulatory frameworks, CCR supports organisations in moving beyond compliance towards defensible, decision-useful climate data.
This ensures disclosures are not only complete, but also able to withstand regulatory, investor, and audit scrutiny.
What happens next
California has reduced the flexibility that previously existed in how climate disclosures were prepared.
In doing so, it has narrowed the gap between what organisations report and what they can substantiate.
Given the scale and influence of the market, this shift will extend beyond California, shaping expectations across jurisdictions, supply chains, and capital markets.
Organisations that invest early in structured data, integrated systems, and assurance-ready processes will be better positioned to respond efficiently and competitively.
In this environment, ESG is no longer evaluated on disclosure.
It is evaluated on whether that disclosure can be verified, audited, and relied upon in financial decision-making.