The EU’s New ESG Disclosure Rules Could Spark Securities Litigation in the US

Key Points

• The EU’s comprehensive new ESG disclosure requirements will force many multinationals with operations in Europe to decide how much information to disclose where, and to take measures to ensure their disclosures are consistent.
• The granular information required by the EU could feed litigation in the U.S. if the disclosures appear false or misleading, or are inconsistent with disclosures in other jurisdictions.
• With a new U.K. disclosure mandate and expected additional SEC disclosure rules, companies could face conflicting demands for ESG information from the EU, U.K. and U.S.

Corporate environmental, social and governance (ESG) initiatives and disclosures continue to be a focus for investors, other stakeholders and securities regulators in both the United States and Europe, but the disclosure rules remain fragmented across jurisdictions and potentially conflict. Although efforts are underway to establish a uniform international standard, jurisdictional differences are expected to persist.

This divergence in disclosure standards could result in unexpected liability for companies whose securities are traded in the U.S., especially as the European Union moves forward with a new set of comprehensive ESG reporting rules that could have extraterritorial application. The United Kingdom, too, recently adopted new ESG disclosure requirements that may not perfectly align with the EU’s.

U.S.-listed companies with a significant presence in the EU will need to consider the interplay between the EU reporting requirements and liability provisions under U.S. securities laws.

ESG Reporting in the US Today

Currently, ESG disclosures in the U.S. are dictated primarily by general principles and materiality. Other than a few specific disclosures required under Securities and Exchange Commission (SEC) rules (e.g., cybersecurity risk governance and incidents, certain environmental legal proceedings, compliance with environmental laws and human capital management matters), companies generally need not make ESG disclosures in their SEC filings unless they are material to the company’s business.

The SEC, however, is looking to adopt more prescriptive and detailed ESG disclosure rules. For example, in March 2022, the agency issued proposed rules that would mandate highly detailed climate-related disclosures. In July 2023, it adopted more prescriptive disclosure rules on cybersecurity incidents and risk management processes. Additional disclosure rules are expected on board diversity and human capital management.

Even without specific disclosure requirements, many U.S. companies voluntarily disclose information about their current efforts and future commitments on ESG matters in response to requests from investors, interest groups, employees and other stakeholders. One study found that, in 2021, 99% of S&P 500 companies disclosed some level of ESG-related information outside of their SEC filings. These voluntary disclosures typically take the form of standalone ESG reports, company websites, responses to questionnaires from the non-profit CDP climate impact organization and/or third-party assurance or verification reports. Some companies have begun including some of these voluntary disclosures in their SEC filings, typically as ESG highlights in their proxy statements or annual reports.

The EU’s New Comprehensive ESG Disclosure Requirements

A new EU law adopted at the end of 2022 (the Corporate Sustainability Reporting Directive, or CSRD) and the standards implementing it released in July 2023 (the European Sustainability Reporting Standards, or ESRS) require comprehensive, detailed disclosures covering a broad spectrum of sustainability topics.

Notably, the CSRD requires disclosures not only about how ESG issues impact a company’s business, but also about the business’s impact on a range of sustainability matters — referred to as “double materiality.” The CSRD also requires third-party audits for all reported sustainability information. Thus, in many respects, the CSRD goes beyond existing U.S. requirements and even beyond the SEC’s proposed ESG disclosure rules.

Initially, the CSRD will apply only to EU-incorporated companies. But for financial years starting on or after January 1, 2028, non-EU companies must report if they have a significant presence in the EU (defined by minimum EU revenue and asset thresholds) and they must report on a global, whole-group basis — i.e., including all non-EU companies in the group.

As a result, many multinationals based outside the EU will need to start reporting under the detailed EU rules in 2029 and consider how to ensure compliance, as well as what EU compliance may mean for the corporation’s obligations in other jurisdictions.

In a further twist, prior to the adoption of the CSRD, the U.K. amended its non-financial reporting requirements for U.K.-incorporated companies, requiring certain U.K. companies to report in line with guidelines established by the Taskforce for Climate-related Financial Disclosures (TCFD) of the international Financial Stability Board. The EU’s reporting standards, the ESRS, are based on TCFD’s standards, but the U.K. and EU regimes could nonetheless diverge.

The EU plans to allow disclosures made under similar rules in other jurisdictions to satisfy the EU requirements, which would reduce the risk of conflicting demands for multinationals. But it is not yet clear whether the U.K. regime or any new SEC rules will be deemed similar enough.

US Disclosure Liability Considerations

Under U.S. securities laws, all public company disclosures must be accurate and complete in all material respects and not materially misleading. Materially misleading or false statements or omissions may subject the company to private securities lawsuits as well as to SEC enforcement actions under various provisions of U.S. securities law. As a result, ESG disclosures, whether in SEC filings or other reports or on a company website, can create significant litigation and enforcement risks if not carefully prepared and reviewed.

The SEC is already scrutinizing voluntary ESG statements. In March 2021, its Division of Enforcement created a Climate and ESG Task Force to analyze voluntary ESG disclosures in SEC filings and identify ESG-related misconduct. Last year, the Task Force brought its first enforcement action, a case against a Brazilian mining company alleging that it made false and misleading claims about the safety of its dams in sustainability reports as well as in SEC filings. In addition, recent staff comment letters on climate-related disclosures in corporate Form 10-K filings have asked companies whether they have considered including the same detailed climate-related disclosures in SEC filings that they have provided elsewhere.

Against this backdrop, companies that are subject to both U.S. securities laws and the CSRD need to pay particular attention to potential U.S. disclosure liability from providing expansive and detailed ESG disclosures under the CSRD requirements. The anticipated issues that such companies would need to consider include the following:

• Higher risk profile under U.S. securities laws. Any public disclosures required under the CSRD would be subject to the anti-fraud provisions of U.S. securities laws and potential scrutiny by U.S. investors looking for statements that could be the basis for a lawsuit. For example, a U.S.-listed company that publishes global, group-wide ESG information only on its website or in an ESG report — primarily to comply with the CSRD and without including the same information in the company’s SEC filings — may nevertheless face a U.S. investor lawsuit or SEC enforcement action based on that information. The risk could be heightened given the CSRD’s requirements for granular disclosures that go beyond current SEC requirements.
• Materiality determinations. The CSRD may mandate disclosures that are not necessarily material or otherwise required for purposes of U.S. securities laws, which only ask whether a reasonable investor would consider the information to be important in making investment decisions. While the SEC staff generally does not second-guess companies’ materiality determinations, it is important to maintain robust disclosure controls and procedures to assess and support materiality determinations for ESG disclosures, as well to monitor any perceived differences between SEC filings and CSRD-based disclosures or other voluntary reports.
• Potentially conflicting disclosure requirements between the CSRD and SEC rules. As the EU continues to refine the CSRD requirements and the SEC adopts additional ESG disclosure requirements, it is unclear whether and to what extent those requirements differ or converge. If the EU does not recognize equivalence and accept U.S. disclosures to satisfy its own requirements, companies will need to consider how best to meet the competing jurisdictional demands. That will entail weighing the risks of providing different levels of detail for subsidiaries in different countries or choosing to report according to one regime for all subsidiaries and affiliates with supplemental information as required.