ESG Reporting for Private Companies

By: David A. Bell , Dan Dorosin , Ron C. Llewellyn

As we have noted in our previous report, environmental, social and governance (ESG) issues have garnered significant attention from a variety of stakeholders, resulting in increased reporting by many companies. While much of the focus regarding ESG reporting in the U.S. has been on public companies, and indeed there is not yet clear consensus on what “ESG” encompasses, ESG risks and opportunities can affect private companies as well, and there are several reasons why a private company might decide to report ESG data or undertake ESG-related initiatives in a manner similar to a public company. This overview explores some of the key factors that late-stage private companies should consider in deciding whether to initiate an organized ESG program (i.e., one that may with development over time evolve into a program similar to those in place at many public companies) and/or start preparation for ESG reporting. In addition, the overview outlines some steps that such a private company can take to begin its ESG journey.

To be clear, for many private companies, ESG considerations—however the particular company defines ESG—inform the core purpose, values and day-to-day operations of the business, often from the venture’s founding stage, and consideration of ESG in that context is of course beyond the scope of this overview. Rather, the goal here is to assist private companies that have been less focused on these topics as they encounter or consider ESG as their business develops.

Legislation and Regulation

Federal Rulemaking

Currently in the U.S., there are relatively few ESG disclosure requirements; however, under the Biden administration, the Securities and Exchange Commission (SEC) and other agencies have played an active role in proposing rules that would increase the amount of ESG disclosures that companies must provide.

For example, in March 2022, the SEC proposed extensive disclosure rules regarding climate risk (see alert) and in July 2023, the SEC adopted final rules regarding the disclosure of cybersecurity risks (see alert), both important ESG topics. The SEC has also indicated that it intends to propose additional ESG-related disclosure rules regarding human capital management and board diversity. While the SEC’s proposed rules target public companies, including those going public, as discussed below, they may indirectly affect private companies who may be asked or expected to provide similar information to their stakeholders. In addition to the SEC’s proposed regulations, other regulations may have a more direct impact on certain private companies.

Private companies that provide goods or services to the U.S. federal government could be subject to climate risk reporting. In November 2022, the Biden administration proposed the Federal Supplier Climate Risks and Resilience Rule, which would require businesses with significant federal contracts to disclose climate-related data and to set targets to reduce greenhouse gas (GHG) emissions. As we describe further in our alert, if the rule is adopted, subject companies would also have to provide disclosures that are consistent with the Taskforce on Climate-related Financial Disclosures (TCFD) framework, which could present a substantial burden, particularly for smaller private companies that may have limited resources to track and report such data.

California Climate Legislation

Private companies operating in California could also be subject to climate reporting rules. In September 2023, the California legislature adopted two landmark climate bills (see our client alert). Senate Bill 253, the Climate Corporate Data Accountability Act, will require all U.S. companies and other business entities doing business in California with annual revenues in excess of $1 billion to publicly report and verify on an annual basis their Scopes 1 and 2 GHG emissions beginning in 2026 and their Scope 3 GHG emissions beginning in 2027. Senate Bill 261, Greenhouse Gases: Climate-Related Financial Risk, will similarly require all U.S. entities doing business in California with annual revenues exceeding $500 million to prepare a biennial report disclosing their climate-related financial risks in line with the recommendations of the TCFD framework and measures adopted to reduce and adapt to those risks. Both bills could have a significant impact on many large private companies in the U.S.

International Regulations

Private companies with significant business operations in the European Union (EU) may also be subject to extensive ESG reporting under the Corporate Sustainability Reporting Directive (CSRD). The CSRD, which was adopted in November 2022, requires non-EU companies, including private companies, with net turnover (i.e., revenue) generated in the EU exceeding €150 million for two consecutive financial years and either a large EU or EU-listed subsidiary or a branch generating more than €40 million in net turnover in the EU to produce a sustainability report that would cover a range of ESG topics such as climate change, biodiversity, worker conditions and human rights. The specific reporting standards that would apply to non-EU companies are still being developed and such companies would not have to comply until 2029 (with respect to fiscal year 2028).

The EU has also proposed the Corporate Sustainability Due Diligence Directive (CSDDD), which would require certain large EU companies, non-EU companies with significant business in the EU and certain companies generating 50% of their turnover from “high impact” sectors to adopt policies and procedures to mitigate sustainability risks (e.g., climate change, human rights) in their businesses, including those in their value chain. Companies subject to the CSDDD would be required to conduct due diligence not only on their own practices but also on the practices of their suppliers and others in their value chain to satisfy the directive’s requirements. This may cause in-scope companies to reevaluate business relationships or pressure suppliers that are not directly subject to the CSDDD to put ESG measures in place as a condition for further business. The directive is expected to be adopted in 2024.

Private companies that could be subject to any of these proposed regulations, or impacted indirectly, should take stock of their current ESG programs and disclosures and the feasibility of developing plans and the reporting infrastructure for compliance. Companies that are public benefit corporations or Certified B Corps are subject to their own compliance and periodic reporting requirements, which are also beyond the scope of this overview.

The Role of Stakeholders

Support for ESG by a private company’s key stakeholders may also inform whether it determines to voluntarily report ESG information. A company’s stakeholders, including shareholders, investors, customers, communities, regulators and employees, may not be willing to wait for disclosure mandates and may pressure a private company to take actions sooner. In situations like this, failure to address their need for ESG information may adversely impact a private company.

Employees and Consumers

A private company’s employees may express a preference for strong ESG policies. According to a survey by IBM, 68% of the respondents reported that they were more likely to apply for, and 69% more likely to accept, positions from environmentally sustainable companies. Companies that fail to demonstrate a commitment to environmental sustainability and other ESG initiatives may be disadvantaged in the competition to recruit or retain employees. The same survey revealed that 62% of consumers expressed willingness to change their purchasing behavior to help reduce negative impact on the environment.

Commercial Customer Considerations

Similarly, commercial customers may also seek ESG information or a commitment to certain ESG practices from their private company suppliers and vendors to ensure that they are satisfying legal requirements or meeting their own ESG goals. As noted above, regulatory requirements may force any large companies to report on or manage their ESG risks throughout their value chain. In the case of climate risk, such companies may have set goals to reduce the GHG emissions that are generated from assets that they do not own or control but that are in their value chain (referred to as Scope 3 emissions). In order to get this data, these large companies must seek information regarding the GHG emissions of their vendors and suppliers. As a result, a private company supplier may be asked to provide GHG emissions data as a condition for doing business with that customer. Such requests are not just limited to environmental data.

There may be several other ESG issues for which a commercial customer may seek information or action from their suppliers. As an example, customers may ask suppliers to adopt a code of conduct ensuring proper treatment of their employees or provide information regarding their employee demographics. Companies that are unwilling or unable to provide this kind of ESG information or adopt certain ESG-related policies may lose out on business contracts or other opportunities, especially if they lack negotiating leverage.


Some investors also want their portfolio companies to show a commitment to managing ESG risks and opportunities or may require such information for their own reporting or compliance obligations. Many large institutional investors, like BlackRock, State Street and Vanguard, support board diversity and other ESG initiatives and expect their portfolio companies to disclose how their boards of directors manage ESG risks. This is increasingly the case with investors that invest in private companies.

A private company that aspires to become public should consider how a potential change in its shareholder base, which will likely include more institutional investors post-IPO, may lead to increased scrutiny of or demand for public ESG disclosures. As a public company, it will likely have to engage with its institutional investors on ESG matters on a continual basis. Accordingly, as such a company prepares for an IPO or initial listing, it should assess its ESG risks and opportunities and prepare for related disclosures and shareholder engagement.

Even private companies that do not plan to become public may face requests for ESG information from investors. Driven in part by the demands of their own limited partners, some private equity and venture capital funds may require their portfolio companies to have ESG policies in place and to provide reporting on ESG metrics or progress against ESG goals, even in early-stage rounds. Investors deciding whether to invest in a company may want to understand how that company manages its ESG risks and may favor those companies that demonstrate a strong commitment to ESG, particularly if it is the focus of an investment fund. Investment funds may also seek this information to comply with regulations such as the EU’s Sustainable Finance Disclosure Regulation (SFDR), which is intended to prevent greenwashing by mandating that financial market participants make certain disclosures regarding the sustainable nature of their investment products.


ESG is increasingly playing a role in merger and acquisition (M&A) transactions, and companies with stronger ESG practices may be relatively more attractive targets for certain acquirors. ESG information captures important nonfinancial risks that may potentially impact a target company’s attractiveness. As part of their due diligence process, acquirors may factor in these risks when negotiating the terms of a deal. A target company’s ESG profile may also affect post-deal integration. The target company’s ESG practices and initiatives could harm or help the acquiror’s own ESG goals and disclosure. For example, the acquisition of a target’s less-diverse employee base could dilute the acquiror’s overall employee diversity, potentially hampering the achievement of pre-acquisition employee diversity goals and metrics. Similarly, a target company with poor human resources practices (e.g., high turnover, low employee engagement) can negatively impact the acquiror’s own ESG disclosure post-acquisition if such issues aren’t addressed.

Accordingly, companies with strong ESG practices may be attractive to a broader range of potential acquirors and as a result may be able to command higher premiums in M&A transactions. Target companies can expect to receive more requests for ESG information, including with respect to GHG emissions, waste management, labor practices, employment policies and risk management practices, during the due diligence process so that acquirors can assess any ESG risks. A private company that is looking for a merger partner should consider how having a strong ESG program in place could enhance its M&A prospects and take steps to improve its ESG disclosure.

Establishing an ESG Reporting Program

Given the commercial considerations, stakeholder demands and potential regulatory requirements discussed above, a private company that determines to begin or enhance its ESG reporting can take the steps outlined below.

Determine What ESG Information Is Most Important for Your Company

Disclosure topics may be shaped by the aforementioned stakeholder demands, commercial considerations and regulations. There are also various voluntary frameworks and standards that companies can consult to help guide their ESG reporting. They include TCFD, the Sustainability Accounting Standards Board (SASB), the Global Reporting Initiative (GRI), the International Sustainability Standards Boards (ISSB) and the United Nations Sustainable Development Goals (UNSDG). They provide qualitative topics and quantitative metrics that are important to stakeholders and can provide a frame of reference for the ESG information that stakeholders will value.

In addition to looking at standards and frameworks, a company may also look to the disclosures provided by peer companies in their SEC filings or other public disclosures, such as corporate webpages or standalone corporate sustainability/ESG reports, to see the level and type of information that similar companies provide. Public peer companies and competitors are more likely to publicly disclose information than private companies. Armed with these various inputs, a company can conduct a “materiality” assessment to formulate its ESG reporting plan, which should be aligned with its long-term strategy.

Develop an Appropriate Infrastructure for Reporting

Once a company determines the information on which it will report, it should examine the processes, procedures and policies that it will need to gather, analyze, vet, assure and report on such data. As we more fully described in our guide, companies reporting ESG information, particularly where it may be provided in public reporting disclosure or in connection with fundraising activities, should have disclosure controls and procedures in place that are similar to those established for financial reporting. While a private company may not face the same liabilities under federal securities laws as a public company, it may still be subject to liability under federal and state anti-fraud statutes, and it may be required to provide public disclosure in the future. Accordingly, a private company may need to invest time and resources to ensure that adequate disclosure controls are in place sufficient for its particular circumstances and may have to evolve those controls as its circumstances change. This may involve looking at the company’s current disclosures and related systems to gather and verify data and providing for enhancements to capture new or more granular data to meet its ESG disclosure objectives.

For example, a private company may have historically captured information regarding employee turnover on electronic spreadsheets maintained by its human resources department. When the company decides to include this information as part of its ESG reporting program, it may adopt a written policy regarding the procedures for the human resources department to provide this data to the person or persons responsible for ESG reporting. That policy may also provide for the review and verification of the data by another individual or department and certification by a senior officer before the information is shared along with other ESG data in a draft report to be reviewed by the senior management and/or the board prior to public disclosure. In addition, the policy may subject the spreadsheet to technical access and modification controls and tracking. Over time, the company may migrate its employee turnover reporting process to a central, electronic reporting system that also includes its financial data. In that way, manual processes for gathering and entering ESG data may become more automated as the company matures and develops additional resources.

Implementing an ESG program will involve the participation of appropriate personnel and the direction and guidance of senior management. Toward that end, a company may form a cross-functional management committee of senior executives consisting of members of its finance, legal, audit, investor relations and risk management teams. Alternatively, companies with fewer resources or narrower initial ESG goals may assign responsibility for ESG reporting to an individual or small team of employees. More mature and better-resourced private companies with full-fledged, broad scope ESG programs may decide to hire or appoint a chief sustainability officer to oversee their ESG efforts. External consultants or advisors may guide and supplement management’s efforts. Regardless of the management oversight structure, the company’s board of directors, or one of its committees, should provide ultimate oversight of its ESG program, including by ensuring that it aligns with the company’s long-term strategy.

Deciding Where and How to Disclose

Because ESG disclosure is largely voluntary, most companies will have flexibility in deciding where and how to report their ESG information. Larger companies generally choose to provide their most extensive ESG disclosure in corporate sustainability reports (CSRs) or on their corporate websites, reserving more limited disclosure for their SEC filings. For example, as we disclosed in our report, among the Bloomberg Law – Fenwick Silicon Valley 150 (SV 150), the largest public technology and life sciences companies in Silicon Valley measured by revenue, 62% disclosed ESG information in CSRs in 2022. However, a smaller private company may lack the resources to produce its own CSR (in 2022, only 36% of the bottom 50 companies in the SV 150 published a CSR). Initially, such companies should consider voluntarily reporting their most important ESG information on a corporate website or may choose to publish a report just on a particular ESG topic, such as diversity or climate risk, instead of publishing a comprehensive CSR that addresses multiple ESG topics.

As a private company matures and develops greater capacity for data gathering and reporting, it may increase the ESG information that it provides and the number of platforms on which it reports, eventually developing more comprehensive and cohesive reporting. A company can provide more high-level public disclosure on its website, graduating over time to more detailed disclosures in a CSR. For example, for environmental topics, initially such disclosure may include qualitative descriptions of sustainability initiatives (e.g., recycling programs, environmental certifications) on a webpage. As the company tracks and produces more quantitative data, often dictated by a framework or standard (e.g., GHG emissions or energy usage), it may include such information in a standalone CSR that is available on its website. However, a company’s ESG reporting practices may be accelerated if certain regulations discussed above are adopted or if the company seeks to become public.

Many stakeholders rely on publicly disclosed information when assessing a company’s ESG profile. However, in some cases, the ESG information may be requested privately, such as in a commercial context or as part of a third-party rating or assessment process. Some investors and other stakeholders may rely on ESG ratings, which can be based on a company’s responses to the rater’s questionnaire. Whether the information is disclosed publicly or privately, the company should ensure that the information is accurate and consistent across disclosure platforms.


Although ESG is still rapidly evolving and disclosure may be costly and challenging to produce, it still may have support from a broad swath of stakeholders of many privately held companies. Development of an ESG program can be broken up into more readily addressable pieces and be expanded and deepened over time. Many believe that ESG information provides an appropriate means for analyzing a company’s critical nonfinancial risks and opportunities. As a result, despite some recent criticism of ESG, the demand for more ESG information remains strong. Stakeholder demands, commercial considerations and investor preference offer compelling reasons for private companies to weigh the costs and benefits of establishing an ESG reporting program sooner rather than later.

Also published in The Harvard Law School Forum on Corporate Governance

[Note: this article has been updated to reflect the passage of California climate bills, S.B. 253 and S.B. 261]


Don’t have an account yet?