New CA Laws Mandate Climate Risk Disclosures

Jennifer Post


December 1, 2023

Governor Newsom talking at a podium that says

In early October, California ­Governor Gavin Newsom signed sweeping emissions disclosure laws requiring any company doing business in ­California and making at least $500 million in annual revenue to disclose direct and indirect upstream and downstream greenhouse gas emissions and their coinciding financial impacts. Under the Climate Accountability Package, companies must comply with the laws or face up to $500,000 in fines per reporting year, imposed by the California Air Resources Board. 

The Climate-Related Financial Risk Act (CRFRA or SB 261) requires U.S. entities doing business in California with a total annual revenue of at least $500 million to biennially disclose climate-related ­financial risks, as well as their mitigation strategies, to the Task Force on Climate-Related Financial Disclosures. Organizations must submit the first round of disclosures by January 1, 2026, or risk fines of up to $50,000 per reporting year. 

The other law in the package, the Corporate Climate Disclosures Accountability Act (CCDAA or SB 253), requires over 5,000 organizations doing business in California and making $1 billion or more in yearly revenue to annually disclose emissions calculations for direct and indirect upstream and downstream emissions. The law goes into effect in 2026, for 2025 data. 

Part of the state’s ongoing effort to be at the forefront of climate change legislation, the climate package is the first of its kind in the United States to include both public and private companies and to require organizations to publish the disclosures on their websites.

“It makes no sense for a corporation to be hiding their climate risks—like exposure to increased drought, wildfires and extreme weather—from their shareholders or their consumers,” said Senator Henry Stern, the writer of SB 261. 

While top companies likely already either meet or exceed the requirements, the time has come for any that have been waiting to get started on climate risk assessment, management and disclosure. “They are going to have to start getting on board,” said William Theisen, North American CEO of international climate consultancy EcoAct. “But this is a real opportunity for them to really understand where emissions are hitting within their supply chains and where their direct emissions are, as well as start reporting on their climate risk. [The law] is also going to help push them forward and to take account and become more resilient.”

Emissions Disclosure Requirements Under CCDAA

The CCDAA is the core of the Climate Accountability Package, requiring organizations to disclose Scope 1, 2 and 3 emissions. The scopes follow categorizations from the GHG Protocol, which establishes comprehensive global standards, guidance, tools and training for business and government entities to measure and manage climate-­warming emissions. 

Scope 1. Scope 1 encompasses all direct greenhouse gas emissions stemming from sources the organization directly controls in any location, including but not limited to fuel combustion activities such as operating machinery or vehicles. 

For calculation and reporting purposes, this scope includes anything relating to the operation of company facilities and ­vehicles, such as fuel burned on-site or during employee transportation in company vehicles. While companies do not need to start collecting this data until 2025, they can begin preparing now by compiling reports and documents that show the organization’s direct output. 

Scope 2. Scope 2 involves indirect greenhouse gas emissions from consumed electricity, heating or cooling purchased or acquired by the reporting organization. Scope 2 differs from Scope 1 in that it deals with local utilities like gas and electric companies. For companies that have not kept track of indirect emissions, the EPA suggested determining the amount of electricity purchased, determining emission factors and then calculating emissions from there. Organizations need this data starting in 2025 for reporting in 2026.

Scope 3. Going into effect in 2027, Scope 3 is a catch-all category that deals with indirect upstream and downstream emissions not included in Scope 2. These emissions come from sources that the reporting entity does not own or directly control and may include purchased goods and services, business travel, employee commutes, and processing and use of its sold products. 

Scope 2 deals with emissions at the point of generation and not the near- or long-term impact, but Scope 3 is not as strict. The GHG Protocol explains 15 categories of Scope 3 emissions, including everything from waste generated in operations to downstream leased assets. 

Calculating and reporting these emissions now may also prepare businesses to comply with other climate laws on the horizon. The Securities and Exchange Commission (SEC) proposed a rule requiring registrants to “disclose certain climate-related information, including information about its climate-related risks that are reasonably likely to have material impacts on its business or consolidated financial statements, and greenhouse gas emissions metrics that could help investors assess those risks.”

In the SEC proposal, Scopes 1 and 2 are mandatory but there is some flexibility around Scope 3, which only needs to be disclosed if the emissions are material or if the registrant has set a greenhouse gas emissions target or goal including Scope 3 emissions. 

The Burden of Disclosure 

CCDAA is vague on some elements and does not outline how companies calculate the various emissions as required, which is a concern expressed by the California Chamber of Commerce. In a statement, chamber president and CEO Jennifer Barrera expressed concerns about how the major change in climate policy will introduce considerable obligations for affected businesses. Devoting resources to calculating emissions poses a potential burden to organizations, especially for those that do not already engage in similar efforts. 

With other climate-related laws and regulations on the horizon, and to potentially avoid duplicative reporting in the future, CRFRA is also somewhat broad and defines “financial risk” as “material risk of harm to immediate or long-term financial outcomes due to physical and transition risks including, but not limited to, provision of goods and services, supply chains, employee health and safety, capital and financial investments.”

Although specific details may be unclear, Theisen recommended conducting a gap analysis now as a first step, which will not only help companies determine where they are not compliant but also prepare them for future disclosure obligations. Once gaps are found, companies should create a compliance roadmap outlining manageable actions they can take to achieve compliance. Start with the elements of the first two scopes since those will be enforced first, then move on to Scope 3 evaluations.

Consequences of Noncompliance

CCDAA authorizes the California Air Resources Board to fine companies up to $500,000 per reporting year for violations. In establishing an exact sum, the board can consider factors like the violator’s past and present compliance, whether it took good-faith measures to comply and when it made those efforts. 

Additionally, reporting entities are not subject to penalty for misstatements regarding Scope 3 emissions disclosures if it made them with a reasonable basis and disclosed in good faith. For Scope 3, the only penalties allowed between 2027 and 2030 are for not filing.

Aside from the potential monetary penalties, companies that do not comply could also face reputation damage. According to Theisen, if one company goes public with their emissions disclosures, other companies will likely want to follow suit to avoid suffering by comparison in the marketplace and losing business to their competition. 

Jennifer Post is an editor at Risk Management.