Sustainability reports are about to be assured. Here's what changes.

ISSB is now mandatory in over 20 jurisdictions. The new global sustainability assurance standard takes effect in December 2026. The reports that used to be reviewed by the comms team are now audit documents. Here's what shifts for the people writing them.

Key takeaways

• IFRS S1 and IFRS S2 (the ISSB standards) are now mandatory or being phased in across more than 20 jurisdictions, including Hong Kong, Australia, Brazil, Chile, Mexico, Pakistan and Qatar.
• The global standard for sustainability assurance, ISSA 5000, takes effect for periods beginning on or after 15 December 2026. National equivalents are already in place in Australia, Canada, Hong Kong, New Zealand, Malaysia, Mexico and others.
• The EU's Omnibus I directive (adopted February 2026) narrowed the CSRD's scope significantly, but the largest companies remain in scope and the obligations have not gone away.
• What is changing in practice is not just whether you report. It is how the report gets reviewed. Sustainability teams that previously prepared documents for stakeholders are now preparing documents for assurance.
• Most sustainability teams have not yet adapted their internal review process to this shift. The gap between what is in the report and what can be evidenced in the working papers is where assurance findings come from.
• General AI tools are particularly poorly suited to this kind of verification work. The verification has to be deterministic, traceable, and aligned to the specific disclosure framework being used.

The first time it really matters

Picture a sustainability director at a large NZX or ASX listed company. Climate-related disclosures are now mandatory under NZ CS 1 or ASRS S2. The big-four assurance team has been engaged. They are six weeks into the engagement and they are asking questions that nobody on the team has been asked before.

Not "how does this read", but: where is the evidence that this Scope 3 boundary is appropriate? What is the basis for the 1.5C scenario assumptions in the strategy section? Can we see the workings on this transition plan capex number? Where does this materiality threshold come from? Why does the executive summary describe a different climate risk profile than the body of the report?

These are not unreasonable questions. They are the questions an assurance engagement is supposed to ask. They are also the questions that nobody asked the year before.

This is the shift. Sustainability reports used to be communication documents. They are now becoming audit documents. The work that gets you ready for one is genuinely different from the work that gets you ready for the other.

What actually changed

A quick state of the world as of April 2026, because the regulatory ground has shifted a lot in twelve months.

ISSB / IFRS S1 and S2. The ISSB's two sustainability disclosure standards are now adopted on a voluntary or mandatory basis in 21 jurisdictions as of 1 January 2026, according to the IFRS Foundation. Mandatory rules are now in effect in Chile, Qatar and Mexico (from January 2026), Hong Kong (from August 2025) and Pakistan (large listed companies from July 2025). Jurisdictions with formal adoption targets cover more than 50% of global GDP. Brazil's PAEs (publicly accountable entities) became subject to mandatory ISSB reporting from January 2026.

EU CSRD post-Omnibus. The EU's Omnibus I Directive (EU 2026/470, entered into force 18 March 2026) raised CSRD thresholds substantially. The directive now applies only to companies with more than 1,000 employees and net turnover above 450 million euros. The simplified ESRS reduces mandatory data points from 1,073 to 320, and sector-specific standards have been removed. First-time application of the new framework is for financial years beginning on or after 1 January 2027. The framework is not gone. It has been recalibrated to focus on the largest reporters, and the underlying obligations remain.

Australia and New Zealand. ASRS S2 in Australia and NZ CS 1 in New Zealand are both in effect, both built on the IFRS S2 base, both with assurance requirements phasing in.

United States. The SEC withdrew its federal climate disclosure rule after litigation, but California's SB 261 and SB 253 moved forward with mandatory climate reporting from January 2026. SB 261 explicitly accepts IFRS S2 as a recognised framework, since it incorporates all of the TCFD recommendations.

ISSA 5000. The IAASB's new International Standard on Sustainability Assurance, ISSA 5000, is effective for assurance engagements on sustainability information for periods beginning on or after 15 December 2026. National equivalents are already in place in Australia (ASSA 5000), Canada (CSSA 5000), Hong Kong (HKSSA 5000), New Zealand (ISSA NZ 5000, issued by the XRB), Mexico, Malaysia, Pakistan, the Philippines and others. The standard supports both reasonable and limited assurance, applies to any disclosure framework, and explicitly supports double materiality.

If you are responsible for preparing a climate disclosure, the practical implication of all of this is straightforward. Your next reporting cycle is probably the first one where the assurance question becomes binding rather than optional. The standard the assurer is working to is now formalised. The framework you are reporting against is now formalised. The traceability requirement is real.

The shift nobody warned you about

Here is the thing that gets missed in all the framework comparison content.

The big shift is not which standard you are reporting against. ISSB versus ESRS versus AASB S2 is the visible question. The invisible but more consequential question is: what does your internal review process actually check?

Sustainability teams typically grew up writing for a different audience. The reader was an investor relations specialist, an NGO, a customer procurement team, sometimes a journalist. The review was about clarity, consistency of message, alignment with the rest of the company's communications.

That is not the same job as preparing a document for assurance.

For an assurance engagement, the question is not "does the report read well". The questions are:

• Can every quantitative claim in the report be traced to a working paper that supports it?
• Can every qualitative claim be evidenced (interview notes, board minutes, supplier confirmations, internal documents)?
• Are the assumptions in scenario analysis disclosed and defensible?
• Is the materiality assessment documented in a way an external party can re-perform?
• Is the Scope 3 boundary explicitly defined and consistently applied?
• Do the metrics tie to the methodology described in the methodology note?
• Does the executive summary actually describe the same climate risk profile as the body?

These are not new questions for accountants. They are very new questions for sustainability teams.

What assurers actually look for

A few of the patterns showing up in early ISSB and ASRS S2 assurance engagements.

Evidence chains for Scope 3. Scope 3 emissions are the hardest part of a climate disclosure to assure, because the data sits with suppliers, customers, employees and value-chain partners. Assurers will trace each material category back to its source. Vague references to "industry average factors" without naming the source and version do not pass.

Scenario analysis basis. When a report says "under a 1.5C aligned scenario, the company faces material transition risk in segment X", the assurer wants to see the underlying scenario, the assumptions used, the methodology that mapped the scenario to the company's operations, and the workings that produced the conclusion. "We commissioned a consultant" is not enough.

Transition plan substantiation. Transition plans that include specific commitments (capex, technology shifts, target dates) need to be substantiated against board-approved budgets and strategy documents. Aspirational language that does not tie to actual capital allocation is a finding waiting to happen.

Materiality assessment evidence. Both financial materiality (impact on the company) and impact materiality (impact of the company) need a documented assessment process if the framework requires double materiality. The list of stakeholders consulted, the methodology used, and the rationale for inclusion or exclusion of each topic all need to be defensible.

Internal consistency. Assurers will compare the executive summary against the detailed sections. They will compare the sustainability report against the financial report. They will compare the climate risk disclosure against the risk management disclosures elsewhere in the document. Inconsistencies that pass internal review because different sections were written by different teams will not pass assurance.

None of these are surprising in retrospect. All of them are easy to miss when the review process you are using was designed for a different document type.

Why your current AI tools will probably make this harder

Many sustainability teams are now experimenting with general AI tools (ChatGPT, Claude, Copilot, Gemini) to draft, summarise and check disclosures. The instinct is reasonable. The disclosure documents are long, the timeline is tight, and the standards are dense.

The problem is that disclosure assurance is, structurally, a verification problem. The assurer is checking whether each claim in the report is supported by evidence. Generic AI tools are not good at verification, for the same reasons covered in our previous post on reference checking in technical reports. They are probabilistic. They hallucinate. They do not maintain a deterministic link between a claim and its source.

A general AI tool can summarise IFRS S2 for you. It can draft fluent passages of climate risk narrative. It cannot reliably tell you whether the specific Scope 3 boundary you have used is consistent with the framework you are reporting against, or whether your scenario analysis disclosure includes all the elements the standard requires.

Worse, it can introduce risk by generating fluent text that reads like it is supported when it is not. The more polished the draft AI produces, the harder it is for the senior reviewer to spot the assertions that lack evidence behind them.

The verification problem in sustainability disclosure is not solved by writing assistance. It is solved by tooling that can compare each disclosure in the document against the requirements of the framework, against the supporting evidence, and against the rest of the document. That is a different kind of tool.

What good looks like

A short version of what a defensible review process for a climate disclosure looks like in 2026.

A pinned version of the framework. Whether you are reporting against IFRS S1 and S2, the simplified ESRS, NZ CS 1, ASRS S2, or California SB 261, the version matters. Frameworks are still evolving. The review needs to be against the version that applies to your reporting period, not the version a model picked up during training.

Requirement-by-requirement coverage. Every disclosure requirement in the framework gets mapped to a section of the report. A check that confirms whether each requirement is addressed, with the source location flagged. The same compliance matrix idea that engineering bid teams use for tender responses, applied to disclosure standards.

Evidence-to-claim traceability. For every quantitative claim in the report, a link to the source data and the calculation methodology. For every qualitative claim, a reference to the interview, document, board paper, or analysis that supports it. This is what assurers will trace.

Cross-document consistency checks. Does the climate risk profile in the executive summary match the climate risk profile in the body? Does the Scope 3 boundary in the metrics section match the Scope 3 boundary in the methodology note? Does the transition plan capex number match the financial report?

Scenario analysis substantiation. Documented assumptions, documented methodology, documented workings, documented scenario source.

A senior reviewer who can challenge the evidence, not just read the prose. This is the role most sustainability teams need to add or upskill. The review by a senior assurance-literate person, before the assurer arrives, catches the things the assurer would otherwise find.

What you can do this quarter

A few practical steps that do not require waiting for any new tool.

Run a dry-run assurance review on last year's report. Take whoever in the firm is most assurance-literate and ask them to review last year's sustainability report as if they were the assurance team. Trace ten claims. You will probably find that several have weaker evidence than you thought.

Map your disclosure requirements explicitly. Build a requirement-by-requirement matrix for your applicable framework. Identify which requirements are addressed in the current report, where they are addressed, and which evidence supports them. The first version is painful. The second version is much faster.

Define your Scope 3 boundary in writing. Document which categories you include, which you exclude, and the basis for each decision. Apply this consistently across the report.

Write down your materiality assessment methodology. Including the stakeholder list, the process used, the criteria applied, and the rationale for each topic decision. This document does not need to be in the public report. It needs to exist in the working papers.

Talk to your assurer early. Not the day before they start. Three months before. Find out what they will be asking for and build the evidence chain to support it.

A closing observation

The sustainability disclosure regime that is emerging across IFRS S1 and S2, the simplified ESRS, ASRS S2, NZ CS 1, California SB 261 and others is not a passing phase. It is the formalisation of an entire reporting category. ISSA 5000 and its national equivalents bring the assurance discipline that has applied to financial reporting for decades into sustainability reporting for the first time.

The teams that adapt their internal review process to match this shift will spend their next assurance engagement answering well-evidenced questions. The teams that do not will spend it gathering evidence for assertions they made in the report without being asked where the evidence was at the time.

Qrtr is being built specifically to help sustainability and assurance teams with this kind of structured, requirement-by-requirement, evidence-to-claim review work, against a pinned version of the relevant framework. If that sounds like something your team needs, you can register your interest for early access.

Frequently asked questions

Are climate disclosures actually mandatory now? In many jurisdictions, yes. ISSB-aligned standards are mandatory or phased in across more than 20 jurisdictions including Hong Kong, Australia, Brazil, Chile, Mexico, Pakistan, Qatar and others. New Zealand has NZ CS 1 in effect. Australia has ASRS S2. The EU's CSRD applies to companies meeting the Omnibus I thresholds (more than 1,000 employees and 450 million euros net turnover). California SB 261 and SB 253 apply to large companies operating in California from January 2026.

What is ISSA 5000? ISSA 5000 is the global standard for sustainability assurance, issued by the International Auditing and Assurance Standards Board (IAASB) in November 2024. It is effective for assurance engagements on sustainability information for periods beginning on or after 15 December 2026. It supports both limited and reasonable assurance and applies to any sustainability reporting framework. National equivalents are in place in Australia, Canada, Hong Kong, New Zealand, Mexico, Malaysia and others.

What is the difference between limited and reasonable assurance for sustainability reports? Limited assurance involves less evidence-gathering and concludes with a "negative" form of conclusion (the practitioner is not aware of any material misstatements). Reasonable assurance involves more comprehensive procedures and concludes with a positive opinion. Most jurisdictions are starting with limited assurance and moving to reasonable assurance over time. The Omnibus I directive in the EU specifically capped CSRD assurance at limited only, removing the previous transition path to reasonable assurance.

What does double materiality mean? Double materiality combines financial materiality (how sustainability matters affect the company's financial performance) with impact materiality (how the company's activities affect society and the environment). A topic is material if it qualifies under either lens. The CSRD requires double materiality. ISSB's IFRS S1 and S2 use financial materiality only. ISSA 5000 supports both approaches depending on the underlying framework.

Can I use ChatGPT or Claude to draft my sustainability disclosure? You can use them as drafting assistants, but you should not use them as a verification or assurance check. General AI tools are probabilistic and prone to producing fluent text that lacks supporting evidence. Disclosure assurance is fundamentally a verification problem, and the tools that solve it are different from the tools that draft it.

What is the most common finding in early ISSB and ASRS assurance engagements? The patterns showing up most often are weak evidence chains for Scope 3 emissions, undocumented assumptions in scenario analysis, transition plans that do not tie to capital allocation, materiality assessments without documented methodology, and inconsistencies between the executive summary and the body of the report.

References

1. IFRS Foundation (2026). Where does the world stand on ISSB adoption? January 2026 update. Available at: https://www.spglobal.com/sustainable1/en/insights/regulatory-tracker/issb-january-2026
2. International Auditing and Assurance Standards Board (2024). International Standard on Sustainability Assurance (ISSA) 5000, General Requirements for Sustainability Assurance Engagements. Effective 15 December 2026. Available at: https://www.iaasb.org/focus-areas/understanding-international-standard-sustainability-assurance-5000
3. Council of the European Union (2026). Council signs off simplification of sustainability reporting and due diligence requirements to boost EU competitiveness. Adopted 24 February 2026. Directive (EU) 2026/470. Available at: https://www.consilium.europa.eu/en/press/press-releases/2026/02/24/council-signs-off-simplification-of-sustainability-reporting-and-due-diligence-requirements-to-boost-eu-competitiveness/
4. PwC (2026). Omnibus directive finalised: implications for CSRD and CSDDD scope. Available at: https://viewpoint.pwc.com/gx/en/pwc/in-briefs/ib_int202527.html
5. ISS Corporate (2025). 2025 Sustainability Reporting: Global Trends in Framework Adoption. Available at: https://www.iss-corporate.com/resources/blog/2025-sustainability-reporting-global-trends-in-framework-adoption/
6. KPMG (2025). Two years in: adoption of the ISSB Standards. Available at: https://assets.kpmg.com/content/dam/kpmg/ae/pdf-2025/06/two-years-in-adoption-of-the-issb-standards-en.pdf