You’ve published a sustainability report. It covers your emissions, your supply chain standards, your governance commitments. But here’s the obvious question nobody asks out loud: how does anyone actually know it’s true?
That’s exactly what ESG assurance exists to answer.
Business leaders are increasingly turning to specialist providers to get their sustainability data independently verified. Scott Lane, expert in ESG assurance, is a founder leading in this work, helping organisations work through the assurance process. Nancy Mancilla, co-founder of ISOS Group, and Ian Spaulding, founder and former CEO of ELEVATE, are among others operating in this space. Demand is climbing fast — and the companies moving early are finding themselves well ahead of those waiting for a regulatory deadline to force the issue.
So what is it, exactly?
ESG assurance — sometimes called sustainability assurance — is the process of having an independent third party verify the accuracy and completeness of your ESG disclosures. Think of it like a financial audit, but applied to your environmental, social, and governance data instead of your accounts.
Without it, a sustainability report is essentially self-certified. A company can say what it likes. Assurance changes that dynamic. It brings in an external reviewer — someone outside the business — to examine your data, your processes, your controls, and confirm whether the numbers actually hold up.
KPMG’s research shows that 88% of companies pursuing ESG assurance are currently doing so at a limited level. Two takeaways from that figure: most large companies have started the process, and most are still at the early stage. Not exactly a confidence booster for stakeholders reading those reports.
Limited vs reasonable — the distinction that matters
There are two levels, and they’re not interchangeable.
Limited assurance is the entry point. A provider reviews your reporting processes, asks questions, runs analytical checks, and flags anything that looks obviously wrong. The conclusion is framed negatively: nothing came to our attention suggesting the information is materially misstated. It’s meaningful. But it’s not a deep audit.
Reasonable assurance is a different beast. More detailed testing, higher evidence requirements, broader scope. The conclusion flips to positive: the information is materially accurate. Under the EU’s Corporate Sustainability Reporting Directive (CSRD), companies must start with limited assurance from their first year of reporting, then move towards reasonable assurance — equivalent to financial statements — by 2028.
The CSRD staggers this deliberately, giving businesses a four-year runway to build up from limited to reasonable. Country-by-country adoption of ISSB standards will also shape what’s required in different jurisdictions.
Why now?
Regulators have made a decision: self-reported sustainability data isn’t good enough anymore.
Mandatory ESG assurance came into force in Australia and Tanzania in 2025. It arrives in 2026 in Brazil, Mexico, Taiwan, and Pakistan. That’s not a regional trend — that’s a global baseline forming in real time.
The greenwashing problem sits at the heart of this shift. When companies can throw around “net zero” or “carbon neutral” without independent verification, those claims erode trust across the board. ESG assurance is how the industry earns credibility back. Slowly, but actually.
What gets verified?
This is where a lot of businesses get stuck. ESG assurance isn’t one check on one number. It spans a wide range of disclosures — and the scope tends to grow as reporting matures.
Here’s what typically falls within scope:
Environmental: Scope 1 greenhouse gas emissions (direct from owned operations), Scope 2 (purchased energy), Scope 3 (value chain), energy consumption, water usage and discharge, waste data, biodiversity impacts, and progress against climate targets.
Social: Health and safety performance, workforce diversity metrics, human rights due diligence across the supply chain, employee training investment, and pay equity disclosures.
Governance: Board composition, anti-corruption controls, executive pay linked to ESG targets, whistleblower mechanisms, and tax transparency.
Reporting processes: Data collection methodology, internal controls, evidence trails, and alignment with frameworks like GRI, ISSB, or ESRS under CSRD.
Most organisations start with greenhouse gas emissions and broaden from there. Starting narrow isn’t a weakness — it’s actually the smart way to build the infrastructure that proper ESG assurance requires. Trying to do everything at once is a fast track to a messy engagement.
Who actually does this work?
Assurance can come from accounting firms or specialist sustainability providers. The International Auditing and Assurance Standards Board’s new standard, ISSA 5000, is the first guidance issued specifically for this purpose — principles-based, flexible, and designed to work across any ESG reporting framework. It’s on track to become the global baseline for how these engagements get conducted.
The bottom line
Companies treating ESG assurance as a compliance burden will find it painful. The ones treating it as a foundation for better data and stronger internal controls will find it genuinely useful long after the regulators move on to the next thing.
The frameworks are in place. The deadlines are arriving. The real question isn’t whether your sustainability data will face scrutiny — it’s whether it’ll hold up when it does.
