The Board Briefing: Mandatory Climate Reporting in 5 Minutes

ASIC fined Active Super $10.5 million in March 2025 for saying one thing about ESG and doing another. That was under existing consumer protection law — before mandatory climate reporting even kicked in. The enforcement environment for climate disclosures is tightening fast, and directors who haven't got across the detail are carrying personal risk whether they realise it or not.

This is the five-minute version. No jargon. No 40-page consultant deck. Just what you need to know as a director or C-suite executive sitting in a board meeting, right now, in mid-2026.

Your company is probably caught

The Australian Sustainability Reporting Standards (ASRS) require climate-related financial disclosures as part of your annual report. Not a separate sustainability report. Not a voluntary PDF on your website. Inside the annual report, alongside the financials — and subject to the same Corporations Act provisions.

Three groups are phasing in. Group 1 (the ASX heavyweights — 500+ employees, $500M+ revenue, or $1B+ gross assets, meeting two of three) started reporting for financial years from 1 January 2025. Their first reports landed earlier this year. Group 2 kicks in for financial years from 1 July 2026 — that's entities meeting two of three: $200M+ revenue, $500M+ gross assets, or 250+ employees. Group 3 follows from 1 July 2027 at lower thresholds ($50M+ revenue, $25M+ assets, 100+ employees).

There's a catch that keeps surprising people. If your company already reports under the National Greenhouse and Energy Reporting Act (NGER) — meaning your corporate group exceeds 50 kt CO2-e or 200 TJ of energy — you're automatically pulled into Group 2 regardless of your size. We've spoken with businesses that have 180 staff and $120M turnover but are in scope because of energy-intensive operations. The ASRS Group 2 requirements article covers the threshold detail.

What actually goes in the report

AASB S2 (the technical standard behind ASRS) structures climate disclosures around four pillars. Here's the board-level version of each.

Governance. How does your board oversee climate-related risks and opportunities? Not whether you have a sustainability committee listed in the corporate governance statement — whether the board actually engages with climate risk in its decision-making. Assurance providers will want to see board minutes, agenda papers, and evidence that climate considerations feed into capital allocation. If the honest answer is "we've discussed it once," that's a gap you need to close.

Strategy. What are your material climate risks and opportunities, and how do they affect your business model, cash flows, and financial position? This includes scenario analysis — typically a 1.5°C pathway and a higher-warming scenario — mapped to your specific revenue and cost lines. It also includes your climate transition plan, if you have one. Strategy disclosures are where Group 1 entities spent the most money and, candidly, got the least value. Generic global scenarios that don't connect to your actual P&L are what assurance providers flag first.

Risk management. How do you identify, assess, prioritise, and monitor climate risks? And — this is the part that catches people — how does that process connect to your existing enterprise risk framework? Climate risk can't live in a silo that reports to the sustainability team. It needs to be integrated with the same risk register your board already reviews.

Metrics and targets. Scope 1 and Scope 2 greenhouse gas emissions, calculated using the GHG Protocol, with location-based methodology as per AASB S2 paragraph 29(a)(v). Required from year one. Scope 3 emissions (your value chain — suppliers, customers, everything upstream and downstream) are deferred to year two. You also need to disclose any climate-related targets you've set, and your progress against them.

That's the architecture. Four pillars. Governance. Strategy. Risk. Numbers.

Where the personal liability sits

This is the part that should have every director's full attention.

Penalties under the Corporations Act for misleading climate disclosures go up to $15 million or 10% of annual turnover — whichever is larger. Directors can be held personally liable. This isn't theoretical. The same liability framework that applies to your financial statements now applies to your climate disclosures.

But the government built in a transitional protection. From 1 January 2025 through 31 December 2027, a modified liability regime applies. During this window, your Scope 3 emissions, scenario analysis, and transition plan disclosures are "protected statements." Only ASIC can take enforcement action on those, and it's limited to injunctions and declarations — no monetary penalties for those specific elements.

Here's what's not protected. Your Scope 1 and Scope 2 emissions. Your governance disclosures. Any climate statement you make outside the sustainability report — investor presentations, press releases, AGM comments. And nothing protects statements that are genuinely misleading or deceptive. Full stop.

For the first three years, your directors' declaration is also slightly different. Instead of declaring the sustainability report complies with the Corporations Act, you only need to declare that the entity has taken "reasonable steps" to ensure compliance. That's a lower bar. But "reasonable steps" still means something. It means you can show evidence of governance processes, data systems, expert engagement, and board oversight. "We didn't know" won't cut it as a reasonable step.

We're honest about one thing: we don't yet know exactly how ASIC will interpret "reasonable steps" in enforcement. The assurance requirements are clearer — limited assurance on governance, strategy, and Scope 1 and 2 from year one, with reasonable assurance phasing in from 2030. But the director liability interpretation is still being tested in practice.

Three things the board should approve before the next meeting

Not next quarter. Before your next board meeting. Because the window between "we should probably look at this" and "our reporting period has started" is closing fast for Group 2 and Group 3 entities.

First, approve the governance structure. Assign clear accountability for climate disclosures. This doesn't mean hiring a Chief Sustainability Officer tomorrow (though you might need to). It means deciding which board committee owns oversight, who at management level is responsible for preparing the disclosures, and how climate risk integrates with your existing risk framework. The AICD's director guide to mandatory climate reporting is genuinely useful here — about 30 pages, practical, co-authored with Deloitte and MinterEllison.

Second, confirm your data systems can produce auditable emissions numbers. This is where boards consistently underestimate the work. Scope 1 and 2 figures need to be traceable from the number in your report back to the source document — the electricity bill, the gas invoice, the fuel docket. Assurance providers will ask "where did this number come from?" and your team needs an answer that isn't "I think it's in Sarah's spreadsheet somewhere." If you're relying on manual processes across dozens of utility accounts and facilities, you need to decide now whether to invest in carbon accounting systems or accept the cost and risk of doing it by hand. We built Carbonly because we watched that exact problem play out repeatedly — auditors asking for source documents and management scrambling through shared drives.

Third, engage an assurance provider early. External assurance is mandatory from year one. Mid-tier firms (BDO, Grant Thornton, Pitcher Partners) are already booking Group 2 engagements. Don't wait until three months before your reporting deadline. Early engagement means they can review your methodology, flag gaps, and help you avoid the problems Group 1 entities hit — particularly around scenario analysis and governance evidence. Budget $30,000 to $80,000 for limited assurance depending on the size and complexity of your operations.

And one more thing that isn't about compliance. Your climate transition plan — if you have one — now lives inside your annual report. Investors, analysts, proxy advisers, and journalists will read it. It's worth making sure the board has actually discussed it, not just signed off on a draft the sustainability team wrote.

The real risk isn't penalties

Here's my honest take on what's actually at stake for most boards.

Yes, $15M fines and personal liability get attention. But the more likely outcome of poor climate reporting isn't a fine. It's a qualified assurance opinion that gets disclosed in your annual report. It's investor questions at the AGM you can't answer. It's a proxy adviser flagging your governance as inadequate. It's your lender asking why your climate disclosures don't match the information you gave them in your loan covenant negotiations.

The companies that handled Group 1 well didn't treat this as a compliance box-tick. They treated it as a data problem. Get the numbers right, build systems that an auditor can follow, and the disclosure almost writes itself. The companies that struggled were the ones that hired consultants to write a beautiful report on top of bad data.

Start with the data. Everything else follows from there.

Related Reading:

Carbonly.ai automates emissions data extraction from utility bills, invoices, and operational documents for Australian companies facing ASRS and NGER reporting. Our platform provides the auditable data trail that assurance providers require — built specifically for Australian emission factors, regulatory frameworks, and reporting timelines.