How SMEs are impacted by sustainability regulation globally

Mark Etzel


June 18, 2024

Blog post main image


In jurisdictions across the world, ESG regulation primarily targets large enterprises. Some requirements will be rolled out to small and medium enterprises (SMEs) with a reduced scope and at a future point in time. However, even if SMEs are not the focus themselves, they can be affected indirectly by being part of other companies’ value chains.

While there is still a lot of uncertainty, this article intends to shed light on the impact of different regulations and initiatives. We will focus on carbon emissions which are at the center of many regulations, however, the situation of other ESG measures is similar.

There are roughly three cases to consider. The first one is that SMEs are directly affected by regulation. An example of this is “listed SMEs” falling under the CSRD regulation (for details see further below). The second case is that SMEs voluntarily decide to disclose their ESG performance, for example by setting Science Based Targets. The third case is that SMEs do not have to report emissions themselves but will be asked to provide data, e.g., from a larger enterprise that is buying products from the SME and wants to have transparency on those emissions. 

It is important to note that there is no universal definition of the term SME. Its meaning varies by country and entity and different terms are used.

The table below gives an overview of how different regulations and initiatives affect SMEs:

At least for now, the most common case for SMEs is being indirectly affected as part of another company’s value chain. At the same time, this case is the one least well defined.

It is not yet clear how often SMEs will be asked for data and what data they will be asked to provide. This will depend on several factors:

i) Are the SMEs emissions relevant according to the reporting company’s materiality assessment?

ii) Where is there SME located in the reporting company’s value chain? 

iii) How close is the collaboration and dependency between SME and the reporting company?

iv) How actively will reporting companies be expected to engage suppliers to demonstrate reasonable effort?

v) How much focus will be placed on increasing the share of primary data?

vi) How high will be the (perceived) effort for SMEs to disclose?

In the rest of the article, we will go through major regulations and initiatives highlighting points relating to SME disclosures.

(Mandatory) Regulations

Corporate Sustainability Reporting Directive (CSRD)

According to the Corporate Sustainability Reporting Directive (CSRD), SMEs are not required to report unless they are listed SMEs or consolidated as part of a so-called large group. The criteria for a large group is defined in the Article 3 (7) of the Directive 2013/34/EU [1] and have to make disclosures using the ESRS.

The criteria for listed SMEs are defined in the scope of the ESRS LSME ED [2]. There are three types of companies that fall within the scope of LSMEs. These are:

1) Small and medium-sized undertakings which are public-interest entities (both according to Article 3 of Directive 2013/34/EU).

2) Small and non-complex institutions (according to Regulation (EU) No 575/2013) provided they are also either large undertakings or small and medium-sized undertakings which are public-interest entities.

3) Captive insurance undertakings (according to Directive 2009/138/EC) provided they are also either large undertakings or small and medium-sized undertakings which are public-interest entities.

Listed SMEs will benefit from a number of transitional provisions and simplifications compared to large enterprises. With regards to GHG emissions, however, disclosures are the same and include scope 1, 2 and 3 emissions. In a change from the previous versions, emissions are also subject to materiality assessment, however, the bar has been set high to exclude it. 

SMEs that do not have to report themselves may be asked to provide data as part of buyers calculating their value chain emissions but this is not a regulatory obligation. The standards for listed SMEs will legally cap the information which large companies can request from SMEs in their value chain to safeguard against disproportionate trickle-down effects. Additionally, SMEs only have to provide such information, if it is material to the sustainability matter of the buyer.

It is acknowledged that companies cannot coerce their value chain into reporting, especially SMEs not subject to CSRD, but they (the reporting companies) must demonstrate reasonable effort. It is possible to meet reporting requirements using estimates and proxy data. With the explicit goal of limiting the burden to SMEs in the value chain, there is a transitional provision. For the first 3 years, companies are not required to include information on impacts, risks and opportunities connected with its upstream and/or downstream value chain. 

While non-listed SMEs are not directly affected by CSRD, EFRAG is developing a voluntary standard for non-listed SMEs called VSME (Voluntary SME). Its goal is to enable non-listed SMEs to respond to requests for sustainability information in an efficient and proportionate manner. Until May 2024, EFRAG is holding a public consultation on their Exposure Drafts for listed SMEs (ESRS LSME) and on the VSME. The Exposure Draft for the VSME proposes a “simple reporting tool to assist non-listed SMEs in responding to requests for sustainability information that they receive from business counterparts [...]”. The draft is intended to standardize data requests. It is made up of a mandatory basic module for all users and two additional optional modules: Narrative Policies, Actions and Targets (PAT), and Business Partners (BP). [3]

Part of the recommended disclosures is the total energy consumption in MWh, with a breakdown into fossil fuels and electricity. With regards to emissions, the voluntary SME standard requires the estimated gross GHG emissions (in tCO2eq), including scope 1 and location-based scope 2 emissions in accordance with the GHG protocol. If companies have set targets or a transition plan, they have to disclose them. If companies decide to (voluntarily) report scope 3 emissions, they should use the 15 categories.

For more information on the regulation read this article.

Carbon Border Adjustment Mechanism (CBAM)

The  Carbon Border Adjustment Mechanism (CBAM) is supposed to combat carbon leakage by targeting imports of certain basic materials and products into the EU from third countries, namely iron and steel, aluminum, fertilizers, cement, hydrogen, and electricity. The applicability of the regulation does not depend on the size of the company or its revenue. There is only a de minimis exemption for goods below a total value of 150€. Therefore, SMEs will also be affected by CBAM.

Since October 2023, a new phase has been initiated, requiring every impacted business to report every quarter on the total amount of products brought in, as well as the level of emissions associated with each product. From 2026 onwards, CBAM certificates need to be purchased for these embedded emissions. [4,5]

Companies, including SMEs, can be affected in one of two ways 

1) Companies importing goods into the EU will need to work with their suppliers to gather necessary data.

2) Suppliers providing raw materials or goods to the EU will need to provide emissions data or carbon footprints on products.

For more information on the regulation read this article.

Corporate Sustainability Due Diligence Directive (CSDDD)

The Corporate Sustainability Due Diligence Directive (CSDDD) aims to promote sustainable and responsible business practices along the entire value chain. SMEs are not in scope, but will be affected by being part of another reporting company’s value chain.

After last-moment resistance from some member states, especially Germany, the Council vote was postponed and the future of the directive was uncertain. However, in March, a proposal put forward by Belgium passed the council as well as the Parliament’s Legal Affairs Committee [6]. The CSDDD now expected to pass with a full plenary vote in April being the final hurdle. Roll-out will start three years after the directive comes into force which would be 2027.

The latest proposal has been watered down, most notably the thresholds for affected companies has been tripled to €450m net worldwide turnover and doubled to 1000 employees [7]. This will result in approximately 5500 companies being in scope while SMEs can only be affected indirectly, e.g., through carbon data quested by their buyers.

For such cases, the directive includes a requirement to provide targeted and proportionate support for SME business partners where necessary. Examples given include capacity-building and financial support such as low-interest loans. Companies also have to bear the cost of the independent third-party verification in relation to SMEs.

The term SME is defined as micro, small or medium-sized undertakings in accordance with Directive 2013/34/EU [1] which are not part of a large group. This translates to companies that do not exceed the limits of at least two of the three following criteria:

1) Balance sheet total of €20 million

2) Net turnover of €40 million

3) Headcount of 250

While the focus of the CSDDD is on human rights and environmental due diligence, article 15 requires member states to ensure that companies adopt a transition plan for climate change mitigation compatible with limiting global warming to 1.5°C in line with the Paris Agreement. Where appropriate, such a plan needs to include absolute emission reduction targets for greenhouse gas for scope 1, scope 2 and scope 3 greenhouse gas emissions for each significant category. This means that SMEs will likely be affected by CSDDD due to companies requesting data to improve their scope 3 calculations. The climate related due diligence sets CSDDD apart from the German Lieferkettengesetz which contains no climate-related provision.

Regarding the required scope of due diligence, the directive lists a number of provisions from international human rights and environmental treaties which must be respected. Examples include age restrictions set by the International Labour Organization Minimum Age Convention and bans on ozone depleting substances set by the Montreal Protocol. There are no such specific requirements related to GHG emissions.

SEC Climate-Related Disclosures

The recently adopted rules apply to SEC-registrants. The definition of an SEC registrant primarily hinges on whether a company has securities that are traded publicly or has filed to go public, rather than the company's size. Only so-called Accelerated Filers and Large Accelerated Filers, companies with a public float of above 75 million $ or 700 million $ respectively, have to disclose scope 1 and/or scope 2 GHG emissions, if they are material.

There is a category of so-called Smaller Reporting Companies (SRCs). These companies will have to make a number of climate-related disclosures but are exempt from having to report emissions. A company falls into this group if [8]

1) it has public float of less than $250 million or

2) it has less than $100 million in annual revenues and no public float or public float of less than $700 million

Disclosure of scope 3 emissions which could indirectly affect SMEs, was completely eliminated from the final rules. Companies might still choose to report Scope 3 emissions voluntarily, and in the course of that could reach out to SME suppliers. However, this is outside the scope of the SEC rules [9-11]

For more information on SEC climate-related disclosure, see this article on the regulatory landscape  in the UK, US, and Australia.

Climate Corporate Data Accountability Act (CCDAA)

California’s CCDAA only applies to companies with over $1 billion of annual revenue meaning that SMEs are not in focus. However, it will eventually require a full CCF so we can expect SMEs to be asked to provide data to buyers subject to the law. Starting in 2027, companies must disclose scope 3 emissions and from 2030 on, limited assurance must be given.

Amendments to the CCDAA have scaled back the liability by eliminating penalties for misstatements about scope 3 emissions made with reasonable basis and disclosed in good faith. It is too early to say how exactly this will play out in practice. Nevertheless, it is safe to say that SMEs will increasingly be implicated [12].

For more information on the CCDAA, see this article on the regulatory landscape in the UK, US, and Australia.


The (Australian Sustainability Reporting Standards) are intended to serve as the framework for climate-related financial disclosures. An exposure draft was published in October 2023 and largely follows the International Financial Reporting Standards Sustainability Disclosure Standards, also known as the ISSB Standards. However, the legislation which is supposed to be supported by the framework has not actually been passed yet.

The rules are planned to be rolled out in a three step approach from 2024 until 2027, progressively targeting smaller companies. The term SME is not used. The smallest group of companies affected by the legislation, referred to as “Group 3”, is made up of companies fulfilling the following definition:

Entities required to report under Chapter 2M of the Corporations Act and that fulfill two of the three thresholds:

1) Between 100 and 250 employees

2) Gross assets between $25 billion and $500 billion

3) Revenue between $50 million and $200 million

Those companies will have to start disclosing in the year 2027.

For more information on the ASRS, see this article on the regulatory landscape in the UK, US, and Australia.


The SFDR requires financial market participants, including banks, investment firms, insurance companies, pension funds, and asset managers, to consider and disclose sustainability risks and impacts of their investment decisions. SMEs are not the focus of this regulation, however, there are several ways in which they can be affected [13].

First, if SMEs are themselves financial market participants or financial advisers, they must make entity-level and product-level disclosures in accordance with the SFDR requirements. Arguably more relevant is the second case of SMEs being indirectly affected. The regulation applies to public and private investors, including those investing directly in SMEs. A common example of this are Private Equity companies. Therefore, SMEs seeking financing from entities covered by the SFDR may be requested to provide ESG information. This information may include quantitative so-called Principle Adverse Indicators (PAI) such as GHG emissions which are used to assess the negative impacts of investment decisions on sustainability factors. While financial market participants with fewer than 500 employees can opt out of having to make these quantitative disclosures, institutional investors, incl. banks, Private Equity and Venture Capital investors, do not. This means that SMEs receiving financing by any of those investors will likely need to provide information on the PAIs, incl. carbon emissions. Furthermore, in order to be considered for products with a sustainable focus (article 8) or sustainability objectives (article 9), portfolio companies need to meet the sustainability criteria outlined by the regulation and ESG objectives in accordance with the EU Taxonomy.

Even if SMEs do not need to provide SFDR reporting to their investors, large companies might ask SMEs in their supply chain to share information related to sustainability in response to investor scrutiny. This includes information to improve the scope 3 emission calculation and reduction, as scope 3 is one PAI to report.

For more information on the SFDR see this article on the regulatory landscape in Europe.


Similar in purpose to the European Sustainable Finance Disclosure Regulation (SFDR), the Sustainable Disclosure Regulation (SDR) set out by the UK’s Financial Conduct Authority (FCA) aims to enhance transparency and consistency in disclosures related to ESG factors. Provisions include anti-greenwashing regulations, naming and marketing rules for investment products incl. standardized product labels, and disclosure requirements [14].

SMEs are affected in ways very similar to the SFDR. They are not the focus of the regulation unless they are themselves financial market participants. The effect on SMEs is primarily indirect. Financial institutions might require SMEs seeking investment or funding to provide ESG-related information to assess the sustainability risk. Particularly companies that want to be considered for financial products falling into one of the four labels defined under SDR (Sustainability Focus, Sustainability Improvers, Sustainability Impact, Sustainability Mixed Goals) must meet general and label-specific criteria. Moreover, large companies that are part of investment portfolios, may in turn require their suppliers to adhere to specific sustainability standards which could equally affect SMEs.

Unlike under SFDR, there are no mandatory KPIs. Rather, assets should be selected using a robust, evidence-based standard to measure environmental and/or social sustainability. Carbon intensity thresholds are provided as an example, so it can be expected that GHG emissions will be a commonly used metric.

For more information on the SDR, see this article on the regulatory landscape in the UK, US, and Australia.

(Voluntary) Initiatives


The Science-based-targets Initiative has its own definition of SMEs, which was updated and took effect on January 1st, 2024.

In order to be considered an SME, all of the following must be true:

1) Company has less than 10 000 tCO2e across scope 1 and location-based scope 2 emissions

2) Company does not own or control maritime transport vessels

3) Company does not own or control power generation assets

4) Company is not classified in the Financial Institution (FI) Sector or Oil & Gas (O&G) Sector

5) Company is not a subsidiary of a parent company whose combined businesses fall into the standard validation route

In addition, two or more of the following must be true:

1) less than 250 employees*

2) Turnover of less than €40 million*

3) Total assets of less than €20 million*

4) Are not in a mandatory Forest, Land and Agriculture (FLAG) sector

*Aligned to the European Union’s Corporate Sustainability Reporting Directive (CSRD) SME criteria

SBT offers a streamlined target setting guidance for SMEs [15]. One of the characteristics is that SMEs are not required to set near-term targets for their scope 3 emissions, only commit to measure and reduce them. For large companies, if Scope 3 makes up >40% of emissions, a target encompassing at least two thirds of it must be set. In February 2023, 96% of validated science-based targets included scope 3 [16]. However, many companies reported challenges with tracking and influencing them.

Apart from setting their own targets, SMEs who are suppliers could also be asked to provide information by their buyers, if they set supplier engagement targets [17]. That means the target setting company commits that by a certain year a certain percentage of their suppliers will have SBT’s themselves. In this case, the SME can choose to opt for the SBTi’s streamlined SME target setting route. However, validation of supplier targets through the SBTi is not required. If the SME chooses not to validate through the SBTi, the SBTi encourages the companies setting supplier engagement targets to check themselves for compliance with boundaries, timeframe, and ambition criteria matching those of the SBTi. They also recommend companies to provide explicit feedback to suppliers, so they can course-correct. It is mentioned by the SBTi that target setting companies shall provide resources to coach suppliers on how to set targets, but acknowledges that capacity is a constraint here.


Any non-subsidiary organization with less than 500 employees is considered an SME, and can use the disclosure framework for SMEs if they decide to disclose with the CDP [18]. The framework is intended for SMEs to aid their sustainability reporting processes. It outlines the minimum level of disclosure required from SMEs regarding their emissions as providing the following four items:

1) Reporting year

2) Scope 1 emissions

3) Scope 2 emissions

4) Calculation methodology, incl. excluded emissions 

Another way in which SMEs might become involved, is through companies that report Scope 3 that include SMEs in their supply chain. The CDP offers a program for supplier engagement for those companies involving their suppliers, which includes support for both suppliers (in this case the SME) and the company itself [19]. The CDP also offers a page for suppliers who have been asked to disclose by their buyers [20].


The ISSB Standards include scope 1, 2 and 3 emissions as a mandatory disclosure, however, using the standards themselves is voluntary unless they are adopted by regulators. The standards are not targeted at specific types of companies, hence SMEs might choose to disclose using them. Given the CDP will align with these standards, many SMEs may be asked for data by the companies they supply [21]. 

For more information on the IFRS see this article.










10 | SEC Adopts Rules to Enhance and Standardize Climate-Related Disclosures for Investors


12 Bill Text - SB-253 Climate Corporate Data Accountability Act.









Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.