A stack of colourful index cards.

Image: Getty Images

The initiative will require companies to collect and process personal data in order to report on ESG issues, which presents some challenges but, more importantly, gives organisations an opportunity to embrace digital transformation, writes David van Boven of law firm Allen & Overy.

Efforts to bring about change in the areas of environmental, social and governance (ESG) and digital have traditionally been viewed separately and are therefore commonly approached in isolation. The EU’s Green Deal is paving the way for these strategies to cooperate more closely and trigger a cross-organisational rethink of the use and value of data. 

If done right, investment in data governance will not only assist with ESG compliance, but also has the potential to unlock a competitive advantage by leveraging data within a business.

The EU’s Green Deal, in short, is the European Commission’s ESG strategy that aims to reach net-zero emissions in the bloc by 2050, and includes the Corporate Sustainability Reporting Directive (CSRD), which entered into force in January 2023. The Green Deal coincides with the EU’s digital strategy, which aims to make the EU fit for the digital age while helping to achieve its climate goals. 

Key ESG data legislation

First in a laundry list of laws that will produce new ESG data is the CSRD, which encapsulates a large number of companies and introduces many new, or broader, reporting requirements. The CSRD, for example, requires organisations to report on gender equality and equal pay, inclusion of people with disabilities, and reduction of greenhouse gas targets. This will likely increase the demand for and complexity of data processing and require more coordination and alignment across different functions within organisations and their supply chains. 

The CSRD will most certainly impact the data protection functions, as companies will need to collect and process personal data on their workforce in order to report on ESG matters, such as diversity and inclusion. 

Second is the EU digital strategy’s proposed Data Act, which would enable more efficient and transparent use of privately held ‘Internet of Things’ data for various, including environmental, purposes. The proposed Act introduces new obligations and rights for data holders and users, such as ensuring data quality and interoperability, complying with data protection and security rules, and facilitating data access and portability. It would also create new opportunities and incentives for data sharing and reuse.

The Data Act would also complement the upcoming Data Governance Act – applying from September 2023 – which will establish data altruism mechanisms and set rules for creating data spaces and common data pools. This will enable the reuse of public and private sector data for public interest purposes, such as health, environment or mobility. Both of these, however, pose some challenges and risks for companies that collect, process and provide data from various sources and devices. 

A third important piece of EU legislation is the EU Taxonomy Regulation, which establishes a classification system for economic activities that contribute to six environmental objectives, such as climate change mitigation and adaptation, the circular economy, and biodiversity. It provides criteria and indicators for assessing the environmental performance and sustainability of economic activities, as well as disclosure obligations. Also on its way is a set of so-called European Sustainability Reporting Standards, which cover data and reporting requirements.

Last, the proposed Corporate Sustainability Due Diligence Directive will require large companies to identify adverse human rights impacts and adverse environmental impacts of their own operations and from their supply chain, generating even more ESG data.

A new way of working

The EU’s Green Deal and digital strategy are mutually reinforcing and interdependent, as they both rely on data as a driver for achieving their goals. Proper and responsible use of data and ensuring the accuracy and quality of data can help to address the environmental and social challenges that the EU faces, such as reducing emissions, enhancing biodiversity, improving health, and ensuring social justice. And, for all this, reporting is needed.

The CSRD and proposed EU legislative developments will require a company’s stakeholders and functions to cooperate in a way which they traditionally have not. For example, within the average organisation, the finance department is the reporting function, but only has experience in reporting of a financial nature. Most of the new reporting requirements, however, are non-financial in nature and contain new, open terms, unusual for the finance department.

Companies should not see ESG legislation as a burden, but as a challenge and a business opportunity

New reporting requirements, including environmental outputs, the human rights impacts of operations, and diversity and inclusion of the workforce – not only of the organisation itself, but also of its holdings, investments and in some cases of its suppliers – might appear less complex in the sense of mathematical modelling, but require inputs from a variety of departments in the organisation and are less clearly defined. 

Departments that are not used to reporting will now be required to provide data. All of the above will constitute a real challenge for organisations that fall under the scope of new regulations. New data inputs and structures are therefore required. 

To ensure this new demand for ESG data is well organised and the separate functions ‘speak the same language’, they must become aligned on reporting standards. This will enable more consistent, comparable and reliable data across different reporting functions and facilitate the integration of data into reporting, decision-making and information requests.

Commercial advantages in data governance

Legislation like the CSRD and Data Governance Act offer greater rewards and more value for data innovation, collaboration and impact, as it will create more opportunities for data-driven sustainability performance improvement, stakeholder engagement and value creation. These developments are an opportunity for companies to align their data governance practices with the EU’s values and objectives, and to demonstrate their commitment and contribution to ESG. 

Investment in data governance has commercial benefits for businesses, including:

  • Better data quality, accuracy and consistency for increased efficiency and innovation through the use of machine learning and artificial intelligence. Data governance establishes and enforces data standards, policies and processes, and monitors and fixes data issues. It allows for the invention of new products, such as green mortgages. 
  • Lower data risk, liability and complexity for legal, regulatory, ethical, security and data protection issues. Data governance supports data compliance, accountability and responsibility, and mitigates data breaches, loss, misuse or corruption. A cross-organisational approach to data governance also has the potential to simplify and streamline data architectures, IT systems and processes. 
  • Higher data value, usability and accessibility for new insights, products, services and revenue. Data governance requires identification, cataloguing and defining data assets and their usage rights, and enables data integration, exchange and discovery.
  • Stronger data culture and collaboration for a data-driven mindset, behaviour and performance. Data governance promotes data awareness, education and roles, and encourages data sharing, communication and alignment.

Data governance, as such, should be transferred from the compliance to the commercial domain. This will require strategic data governance practices, such as data ownership, data architecture and data analytics to leverage the potential of ESG data to inform stakeholders.

However, ESG legislation like the CSRD poses challenges and risks for data quality, security and privacy, as it will expose more sustainability data to external scrutiny, audit and enforcement, and potentially increase exposure to personal data breaches or security incidents. 

To mitigate these risks, more robust and effective data governance policies and practices are needed, such as ESG data quality assurance and data protection to ensure the accuracy, completeness and reliability of sustainability data, and to safeguard the rights and interests of individuals. 

Companies should therefore not see ESG legislation as a burden, but as a challenge and a business opportunity. They should prepare themselves for the changes and opportunities that the Green Deal and digital transformation would bring, and adapt their business models and strategies accordingly. They should also leverage the advantages and benefits that these acts would offer, such as accessing more and better data by investing in data governance, enhancing their value proposition and competitive advantage, and contributing to the green transition and the digital transformation.


David van Boven is an associate at international law firm Allen & Overy.


All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker

For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Top 1000 2023

Request a demonstration to The Banker Database

Join our community

The Banker on Twitter