What ASIC Is Actually Looking At in Your AASB S2 Disclosure

ASIC has been unusually clear about what it plans to do with the first wave of AASB S2 sustainability reports. From 2026, it will review filings lodged by Group 1 reporters and publicly report findings, modelling the approach on its long-running financial reporting surveillance program. That's not a soft signal. It's the same machinery that produces the focus-area letters CFOs read every June, now pointed at climate disclosure.

If you filed your first sustainability report in 2025-26, you're already in the queue. If you're a Group 2 reporter with an FY starting 1 July 2026, you have roughly 14 months to learn from what comes back.

This post is a working summary of where ASIC has said it will look, what the modified liability provisions in the Corporations Act actually protect, and the five surveillance hooks we'd expect to see weighted heaviest based on ASIC's published priorities and its enforcement track record on greenwashing.

What ASIC has actually said

The starting point is ASIC's Corporate Plan 2025-26, which lists climate-related financial disclosures as a strategic priority and confirms ASIC will run a proactive review of sustainability reports lodged for the first reporting year. The review is described as broadly modelled on ASIC's existing financial report surveillance, with public reporting of findings.

Regulatory Guide 280, released 31 March 2025, sets out how ASIC interprets the new Chapter 2M Part 2M.5 obligations. RG 280 is the document your auditor and your legal team will be reading first. It's also the document ASIC's surveillance staff will be reading.

Commissioner Kate O'Rourke has used the phrase "consistent, comparable and of high quality" repeatedly in describing what ASIC expects from climate disclosure. That language is not decorative. It maps directly onto how ASIC has historically framed financial-report deficiencies, and it tells you the surveillance team will be looking for inconsistencies between what's said and what the underlying records can support.

ASIC has also flagged it will continue active greenwashing enforcement alongside the new sustainability-reporting surveillance. The same conduct standard applies. A statement made publicly that the underlying evidence cannot back up is a misleading or deceptive statement, whether it sits in a marketing brochure or in paragraph 29(a) of an AASB S2 disclosure.

The modified liability shield, and what it doesn't cover

Section 1707D of the Corporations Act introduces a limited civil liability regime for certain "protected statements" in sustainability reports. The shield was inserted by the Treasury Laws Amendment (Financial Market Infrastructure and Other Measures) Act 2024. It is narrow and time-limited.

What's actually protected:

• Statements about Scope 3 greenhouse gas emissions
• Climate scenario analysis disclosures
• Transition plan disclosures

These statements are protected only when made in a sustainability report or audit report for a financial year commencing between 1 January 2025 and 31 December 2027, and only against private actions. The shield expressly does not block ASIC enforcement, and it doesn't apply to criminal conduct.

For Group 1 entities, the shield is broader in year one: it covers all forward-looking statements in the first sustainability report, on the same private-action basis. After that first report it narrows to the three categories above.

Read the gap carefully. Current-year Scope 1 and Scope 2 emissions data is not protected. Governance descriptions are not protected. Identification of material climate-related risks and opportunities is not protected. Internal carbon pricing assumptions disclosed under paragraph 29(f) are not protected. Anything historical, factual, or governance-related sits outside the shield, and ASIC enforcement sits outside the shield in all cases.

The practical takeaway: the parts of an AASB S2 disclosure that are easiest to get wrong from a data-quality standpoint, the current-year emissions numbers and the governance narrative, are the parts with no statutory cushion. Group 1 reporters who treated the modified liability provisions as broad cover will find out the hard way that they aren't.

Five surveillance hooks we'd expect to see weighted

Based on ASIC's published priorities, RG 280, and the pattern of recent greenwashing decisions, these are the areas where we'd expect the first round of surveillance letters to concentrate.

1. Scope 3 boundary inconsistencies

AASB S2 paragraph 29(a)(iv) requires disclosure of Scope 3 emissions for material categories. RG 280 expects the boundary to be explicitly stated and reconciled to underlying records. The pattern that draws attention is a Scope 3 narrative that describes 15 GHG Protocol categories at a high level, but a calculation that quietly excludes the categories the entity finds inconvenient. If the disclosed boundary doesn't match what the underlying data shows you actually measured, the inconsistency is the finding.

2. Scenario analysis that doesn't connect to financial line items

AASB S2 paragraphs 22 and 24 require resilience analysis under different climate-related scenarios. ASIC has signalled it expects scenario analysis to inform actual decisions, not sit as a separate appendix. The surveillance question is straightforward: did the scenarios influence anything in the financial statements? Asset useful lives, impairment triggers, capex assumptions, going-concern assessments? If the scenarios produce no flow-on into the financial report, the disclosure looks performative. We covered this in more depth in our scenario analysis guide.

3. Transition plan claims with no underlying actions

Paragraph 14(a)(iv) requires disclosure of any transition plan, with paragraph 33 setting out target-related disclosures. The surveillance hook is plans that announce a 2030 emissions reduction target with no near-term actions, no capital allocation, and no governance accountability for delivery. The Climateworks Centre seven-element framework is a useful self-test. A plan with targets but no actions is a forward-looking statement that the underlying record cannot support, which puts it squarely on the same fact pattern as ASIC's greenwashing cases.

4. Materiality assessment that doesn't reconcile to the climate risk register

Paragraph 14(a)(i) requires identification of climate-related risks and opportunities that could reasonably affect cash flows, access to finance, or cost of capital. RG 280 paragraph 280.91 onwards covers materiality. The pattern that surveillance will pick up is a disclosure that describes "physical and transition risks" generically, while the entity's internal risk register tells a different story. If your enterprise risk register lists drought exposure as a top-tier risk for an agribusiness portfolio, but the AASB S2 disclosure doesn't mention it, that's a reconciliation gap. We've written a practical guide to the climate risk register that walks through what auditors and ASIC will look for.

5. Net zero claims without surrendered offset records

This is where ACCC greenwashing enforcement and AASB S2 surveillance converge. The Mercer, Vanguard, and Active Super decisions all turned on the same fact pattern: claims made publicly that the underlying records could not support. A net zero claim without retired offset certificates, without a credible decarbonisation pathway, and without governance evidence is the same fact pattern translated into a sustainability report. We've covered this in detail in our piece on ACCC greenwashing penalties.

What the greenwashing cases tell us about ASIC's approach

The Federal Court imposed an $11.3 million penalty on Mercer in August 2024 and a $12.9 million penalty on Vanguard the following month. Active Super was penalised $10.5 million. Three cases, three different fact patterns, one common theme: claims made publicly, controls inside the business that did not deliver what those claims described.

In Mercer the court was specific. Justice Horan's reasoning highlighted the failure to implement adequate systems to ensure ESG claims were accurate, and to monitor and enforce the application of stated exclusions. That's a controls finding, not a marketing finding. The same lens applied to AASB S2 surveillance produces a question every preparer should be ready to answer: what controls do you have in place to ensure the numbers and statements in your sustainability report are accurate and that the methodology applied matches the methodology described?

ASIC has been blunter than ACCC about wanting to see methodology and underlying records. RG 280 paragraph 280.187 onwards spells out what ASIC expects in terms of evidence retention. The surveillance team will not be satisfied with a clean PDF. They will ask for the working papers.

What the audit trail needs to show

Every disclosed number traceable to a source document. Methodology documented at the level a regulator can replay the calculation. Period locking so post-submission changes are visible and version-controlled. Approval workflow that establishes who signed off on each figure and when.

That is the same control framework an external assurance provider will apply under ASSA 5010, and it's the level of evidence ASIC's surveillance staff will request when they pick up a filing for review. It's also where the data discipline that Carbonly enforces matters. Source documents are tied to extracted figures. Materials are matched through a five-tier process. Periods can be locked to prevent retrospective changes once a report is signed off. The seven-year retention default lines up with the records-keeping expectation in RG 280 and the broader Corporations Act requirements.

This isn't theoretical. In 2024 we worked with a construction company that needed to process 10,000 fuel receipts in a single quarter to reconstruct their fleet emissions. That kind of volume on spreadsheets is where errors creep in and audit trails go cold. The same problem exists at every Group 1 reporter who built their first AASB S2 disclosure on top of a manual data collection process.

For Group 2 reporters: the year-out checklist

Group 2 reporters with FY starting 1 July 2026 have a window most Group 1 reporters didn't have. The Group 1 cohort had to build the plumbing while filing the report. Group 2 has visibility into what surveillance is asking before the first filing.

Six things worth doing in the next twelve months:

1. Reconcile your enterprise risk register against the climate risks and opportunities you intend to disclose. Any gap in either direction is a finding waiting to happen. Our climate materiality assessment guide covers this.

2. Decide your Scope 3 boundary now and document why. The decision is more defensible if it's made before the data collection effort starts.

3. Run your scenario analysis early enough that the outputs can flow into the financial report process. AASB S2 paragraph 22 is not a side document.

4. Build the audit trail before you need it. Source document, extraction, factor application, calculation, approval. If the trail can't be replayed by a regulator without your team in the room, it isn't an audit trail.

5. Treat the modified liability provisions as a narrow shield. Don't write the disclosure as if everything is protected.

6. Have the board briefing before the report is drafted, not after. Directors signing off on a sustainability report want to know what's protected, what isn't, and what the surveillance pattern looks like.

For Group 1 reporters who have already filed, the question is what to fix before the next reporting cycle. The first surveillance letters will tell you what ASIC found. The second-year filing is where reporters can demonstrate they took the feedback seriously, which is the same dynamic that operates in financial reporting surveillance.

ASIC's approach here is not surprising. It's the financial reporting playbook applied to climate disclosure, with greenwashing enforcement running in parallel. Reporters who treat AASB S2 as a financial report obligation, with the same controls and the same evidence standard, will find the surveillance process manageable. Reporters who treat it as a narrative document will find out what the surveillance team actually does.

If you're scoping the data and audit-trail work that surveillance-grade AASB S2 reporting requires, get in touch at hello@carbonly.ai or join the waitlist.