Free Word download • Edit online • Save & share with Drive • Export to PDF
An Environmental, Social, and Corporate Governance (ESG) Policy is a formal, board-approved document that codifies an organization's commitments across three interconnected pillars: environmental stewardship (greenhouse gas targets, energy use, waste management), social responsibility (labor standards, DEI commitments, human rights due diligence), and governance integrity (board oversight structures, anti-corruption obligations, reporting accountability). Unlike a general values statement, a properly drafted ESG policy creates binding internal obligations tied to measurable KPIs, defined reporting frameworks such as GRI or TCFD, and explicit accountability mechanisms that can be audited by investors, regulators, and lenders. It functions simultaneously as an internal governance instrument and an external disclosure framework — anchoring annual sustainability reports and investor presentations to a single authoritative source of truth.
Without a formal ESG policy, companies face compounding exposure on several fronts at once. Regulators in the EU (CSRD), US (SEC climate rules, California SB 253), and UK (TCFD mandatory disclosures) are moving from voluntary to mandatory ESG reporting — and enforcement for material omissions or greenwashing is accelerating. Institutional investors and pension funds increasingly screen out companies that cannot produce a board-approved ESG policy during due diligence, blocking access to capital on unfavorable terms or altogether. ESG-linked loan covenants explicitly reference a company's policy document — missing stated KPIs can trigger margin ratchets or technical defaults. Beyond regulatory and financing risk, supply chain partners and large enterprise procurement teams routinely require documented ESG frameworks before awarding contracts. A well-structured template gets your policy to board-approval standard in days rather than months, giving you an auditable foundation that satisfies investors, lenders, and regulators while anchoring every future sustainability disclosure to a credible, enforceable commitment.
| If your situation is… | Use this template |
|---|---|
| Public company subject to mandatory climate-related disclosures | ESG Disclosure Policy (Public Company) |
| Private company seeking ESG-linked debt or green financing | ESG Framework for Private Companies |
| Board adopting a standalone corporate governance charter | Corporate Governance Policy |
| Company codifying anti-corruption and ethical conduct standards | Code of Ethics and Business Conduct |
| Supplier or vendor ESG compliance requirement | Supplier Code of Conduct |
| Company producing a standalone annual sustainability report | ESG / Sustainability Report Template |
| Investment fund formalizing responsible investment policy | Responsible Investment Policy |
Why it matters: Regulators in the US, EU, and UK are actively prosecuting greenwashing claims — vague language like 'we care about the planet' without measurable targets creates legal and reputational exposure.
Fix: Attach specific emission reduction percentages, a baseline year, and a target year to every environmental claim in the policy.
Why it matters: Diffuse governance accountability means no one is actually responsible — investors and rating agencies penalize this in ESG scores and it creates D&O liability when targets are missed.
Fix: Name the specific board committee (e.g., Audit and Risk Committee, standalone ESG Committee) and a C-suite officer with explicit ESG accountability.
Why it matters: Scope 3 emissions and supply chain labor violations are increasingly the focus of regulatory enforcement — a policy that only covers headquarters leaves the company's largest risk exposures unaddressed.
Fix: Explicitly extend policy scope to all subsidiaries, controlled entities, and Tier 1 suppliers, with a timeline to extend to Tier 2.
Why it matters: Committing to GRI or CSRD disclosures without confirming data collection systems are in place leads to incomplete first reports, material restatements, and loss of creditor or investor confidence.
Fix: Conduct a data readiness gap analysis before finalizing the reporting framework commitment, and phase in disclosure obligations over a stated 2–3 year transition period.
Why it matters: ESG regulation is evolving rapidly — a policy with only an annual review cycle can become materially non-compliant months before the scheduled review.
Fix: Add an off-cycle review trigger clause that activates when a material regulatory change, ESG incident, or new investor requirement occurs.
Why it matters: Without a safe reporting mechanism, ESG violations surface externally through media or regulators rather than internally — dramatically increasing reputational and legal damage.
Fix: Include a named reporting channel (hotline, email address, or third-party platform), a non-retaliation commitment, and a defined escalation process in the enforcement clause.
In plain language: States the policy's objectives, identifies which entities and personnel it applies to, and defines key terms used throughout the document.
This ESG Policy ('Policy') applies to [COMPANY NAME] and all its subsidiaries, directors, officers, employees, contractors, and agents. The Policy establishes [COMPANY NAME]'s commitments with respect to environmental stewardship, social responsibility, and corporate governance.
Common mistake: Limiting scope to headquarters only and excluding subsidiaries or contractors — this creates enforcement gaps and exposes the company to supply chain liability claims.
In plain language: Documents specific, measurable environmental targets — emission reductions, energy use, waste management, and water consumption — with a defined baseline year and timeline.
[COMPANY NAME] commits to reducing Scope 1 and Scope 2 GHG emissions by [X]% from a [BASELINE YEAR] baseline by [TARGET YEAR], and to achieving net-zero across Scope 1, 2, and 3 emissions by [YEAR].
Common mistake: Stating vague aspirations like 'we are committed to the environment' without quantified targets and a baseline — regulators and investors treat unquantified commitments as potential greenwashing.
In plain language: Covers labor standards, health and safety, DEI targets, community investment, supply chain labor rights, and human rights due diligence.
[COMPANY NAME] commits to maintaining a workplace free from discrimination and harassment, achieving [X]% gender representation at the senior leadership level by [YEAR], and conducting human rights due diligence across its Tier 1 supplier base annually.
Common mistake: Copying DEI language from a template without setting measurable targets. A policy that mandates 'fostering diversity' with no KPIs cannot be enforced or reported against.
In plain language: Defines the board and executive structure responsible for ESG oversight, including committee mandates, reporting lines, and accountability mechanisms.
The Board of Directors, through its [ESG / Audit / Risk] Committee, is responsible for overseeing [COMPANY NAME]'s ESG strategy and performance. The Chief [Sustainability / ESG] Officer reports to the [CEO / Board Committee] and is accountable for policy implementation.
Common mistake: Assigning ESG governance to a general 'leadership team' without naming a specific committee or officer. Diffuse accountability means no accountability — and signals weak governance to investors.
In plain language: Prohibits bribery, fraud, facilitation payments, and conflicts of interest, and requires compliance with applicable anti-corruption laws in every jurisdiction of operation.
[COMPANY NAME] prohibits all forms of bribery, kickbacks, and facilitation payments in connection with its business activities, consistent with the U.S. Foreign Corrupt Practices Act, the UK Bribery Act 2010, and applicable local anti-corruption laws.
Common mistake: Referencing only one jurisdiction's anti-corruption law in a company that operates internationally — gaps in jurisdictional coverage leave the company exposed to enforcement in markets not named.
In plain language: Commits to producing regular ESG disclosures at a defined frequency, aligned to a recognized framework (GRI, SASB, TCFD, or CSRD), and specifies the assurance level required.
[COMPANY NAME] will publish an annual ESG Report aligned to the [GRI Standards / SASB Standards / TCFD Recommendations] no later than [MONTH] each year. ESG data will be subject to [limited / reasonable] third-party assurance by a qualified independent auditor.
Common mistake: Committing to a reporting framework in the policy without confirming the company has the data infrastructure to actually collect the required metrics — this leads to incomplete or restated disclosures.
In plain language: Describes how the company identifies, prioritizes, and engages with material stakeholders — investors, employees, communities, regulators, and customers — on ESG matters.
[COMPANY NAME] conducts a formal materiality assessment with input from key stakeholders at least every [2] years to identify ESG topics of greatest significance. Engagement channels include [ANNUAL SURVEY / INVESTOR ROADSHOW / COMMUNITY CONSULTATION PROCESS].
Common mistake: Treating stakeholder engagement as a one-time exercise during policy drafting rather than an ongoing structured process — which misses emerging risks and undermines the materiality assessment.
In plain language: States the consequences of policy violations, the process for reporting non-compliance, and the company's remediation obligations when targets are missed.
Violations of this Policy may result in disciplinary action up to and including termination of employment or contract. Employees may report concerns through [REPORTING CHANNEL] without fear of retaliation. Where ESG targets are missed, management must present a remediation plan to the [BOARD COMMITTEE] within [60] days.
Common mistake: Omitting a whistleblower or reporting channel specific to ESG — employees and contractors who witness violations need a clear, safe mechanism to raise concerns, and many jurisdictions now require one.
In plain language: Specifies how often the policy is reviewed, who has authority to amend it, and what triggers an unscheduled review — such as material regulatory change or a significant ESG incident.
This Policy shall be reviewed by the [Board / ESG Committee] at least annually and updated to reflect material changes in regulation, business operations, or stakeholder expectations. Any amendments require approval by the [BOARD OF DIRECTORS].
Common mistake: Setting an annual review with no trigger for off-cycle updates — a major regulatory change (e.g., new CSRD requirements) can make the policy non-compliant before the scheduled review date.
Before drafting, determine which ESG reporting frameworks (GRI, SASB, TCFD, CSRD) and regulations apply based on your company's size, jurisdiction, and exchange listing. This determines which disclosures are mandatory versus voluntary.
💡 EU-listed companies and large private companies in the EU must align to CSRD from 2025–2027 depending on size — confirm your threshold date before committing to a framework in the policy text.
Define which ESG topics are material to your business by surveying key stakeholders and mapping topics against financial impact and stakeholder concern. Document this process so it supports the policy's scope and target-setting.
💡 A double materiality lens — financial materiality plus impact materiality — is required under CSRD and increasingly expected by institutional investors outside the EU.
Enter specific, measurable targets for GHG emissions, energy consumption, water use, and waste — referenced against a clearly stated baseline year. Vague aspirations are treated as greenwashing by regulators.
💡 Align emission targets to Science Based Targets initiative (SBTi) methodology to maximize credibility with institutional investors and lenders.
Populate the social section with DEI representation targets, health and safety metrics, community investment budgets, and supply chain audit commitments. Each commitment should have a target value and a deadline year.
💡 Link DEI targets to executive compensation or performance reviews — policies without accountability mechanisms are rarely implemented consistently.
Name the specific board committee responsible for ESG oversight, the executive officer accountable for implementation, and the reporting frequency to the board. Avoid assigning accountability to unnamed 'senior management.'
💡 Companies that tie ESG performance to executive pay see materially faster progress — include a placeholder reference to compensation linkage even if the incentive plan is not yet finalized.
Choose one primary reporting framework and commit to a publication timeline. Specify whether ESG data will receive limited or reasonable third-party assurance — the standard is rising toward reasonable assurance under CSRD.
💡 Starting with limited assurance in Year 1 is acceptable — but document a roadmap to reasonable assurance within 2–3 years to satisfy sophisticated investors.
Include a specific reporting channel for ESG-related concerns, state the non-retaliation commitment, and define the escalation path and consequences for confirmed violations.
💡 The EU Whistleblower Protection Directive requires formal reporting channels for companies with 50+ employees in EU member states — confirm your compliance obligation before finalizing this clause.
Submit the final policy to the full board or designated ESG committee for approval. Record the resolution, obtain signatures from authorized directors, and publish the policy on the company's investor relations or sustainability page.
💡 Date the policy consistently across the header, signature block, and board resolution — mismatched dates raise questions during regulatory audits and investor due diligence.
An ESG policy is a formal company document that codifies commitments across three pillars — environmental stewardship, social responsibility, and corporate governance. It translates broad sustainability goals into specific, measurable obligations with defined accountability structures, reporting frameworks, and enforcement mechanisms. Unlike a general mission statement, a well-drafted ESG policy creates binding internal obligations that can be reported against and audited.
Any company subject to ESG reporting regulations, institutional investor scrutiny, or ESG-linked financing covenants needs a formal policy. In the EU, the CSRD requires large companies and listed SMEs to publish detailed sustainability reports from 2025 onward. In the US, SEC climate disclosure rules affect public companies. Beyond legal mandates, procurement teams at large corporations increasingly require ESG policies from suppliers before awarding contracts.
An internally adopted ESG policy is binding on the company and its personnel to the extent the company's governance documents and employment contracts incorporate it. Externally, published ESG commitments can create legal exposure under securities law (material misstatements), consumer protection law (greenwashing), and contractual representations in financing agreements. Board approval and formal adoption significantly strengthen enforceability and signal good faith to regulators.
An ESG policy is the governing document that establishes a company's commitments, targets, governance structures, and accountability mechanisms. An ESG report is the periodic disclosure — typically annual — that measures actual performance against those commitments. The policy comes first; the report demonstrates whether the policy is working. Many companies publish both as linked documents on their investor relations pages.
The right framework depends on your jurisdiction, audience, and industry. GRI (Global Reporting Initiative) is the most widely used globally and suits multi-stakeholder reporting. SASB standards are industry-specific and investor-focused. TCFD is the standard for climate-related financial risk disclosure. EU companies must align to CSRD and the European Sustainability Reporting Standards (ESRS). Many companies use a primary framework and cross-reference others — confirm what your key investors and regulators require before committing in the policy text.
Greenwashing is making misleading or unsubstantiated environmental claims — either through false statements or omission of material information. Regulators in the US (FTC Green Guides), EU (Green Claims Directive), and UK (CMA Green Claims Code) are actively enforcing against it. A well-drafted ESG policy reduces greenwashing risk by tying every public commitment to a quantified target, a baseline year, and a third-party assurance process that independently validates reported data.
Board approval and signature is strongly recommended and in some jurisdictions effectively required. Under the EU CSRD, sustainability reporting must be approved by the board and is subject to director liability for material misstatements. Even where not mandated, board sign-off signals governance maturity to investors, lenders, and rating agencies. The policy should reference the board resolution approving it and be dated consistently with that resolution.
At minimum, annually — aligned to the company's ESG reporting cycle so commitments and disclosures remain synchronized. In practice, the policy should also be updated off-cycle when a material regulatory change occurs (such as new CSRD requirements), when the company's business activities change materially, or following a significant ESG incident. Include an explicit off-cycle review trigger clause in the policy itself.
ESG-linked loans and green bonds typically include ESG key performance indicators as covenant conditions — the loan agreement references the company's ESG policy as the governing document for those KPIs. Missing ESG targets can trigger margin ratchets (interest rate increases) or technical covenant breaches. A formally adopted, board-approved ESG policy with auditable targets is a prerequisite for accessing most ESG-linked debt markets as of 2024.
A Code of Ethics governs individual employee conduct — prohibiting conflicts of interest, fraud, and unethical behavior. An ESG policy operates at the organizational level, setting company-wide environmental, social, and governance commitments reported to external stakeholders. Most companies need both: the Code governs internal behavior; the ESG policy governs external impact and accountability.
A Corporate Governance Policy addresses board structure, director duties, voting rights, and shareholder relations. An ESG policy is broader, incorporating governance as only one of three pillars alongside environmental and social commitments. A standalone governance policy is typically more detailed on board mechanics; an ESG policy integrates governance into a wider sustainability framework.
An ESG policy is the prospective governing document — it establishes what the company commits to achieving. A sustainability report is the retrospective disclosure — it measures actual performance against those commitments over the prior period. The policy is adopted once and updated periodically; the report is produced annually. Publishing a report without an underlying policy creates a governance credibility gap.
A Supplier Code of Conduct extends specific ESG and ethical requirements to third-party vendors and supply chain partners. An ESG policy governs the company itself. Most robust ESG frameworks reference a Supplier Code of Conduct as the mechanism for managing Scope 3 supply chain risks — the two documents work together rather than as alternatives.
ESG policies in financial services must address investment screening criteria, climate risk in loan portfolios, and alignment with SFDR (Sustainable Finance Disclosure Regulation) fund classification requirements in the EU.
Manufacturing ESG policies center on Scope 1 and Scope 2 emission reductions, supply chain labor standards, waste and effluent management, and product lifecycle assessments.
Tech companies focus on data center energy consumption and renewable energy sourcing, workforce DEI representation targets, and responsible AI governance as a social pillar commitment.
Real estate ESG policies address building energy efficiency ratings, embodied carbon in construction materials, tenant engagement programs, and alignment with GRESB (Global Real Estate Sustainability Benchmark) standards.
Healthcare ESG policies incorporate pharmaceutical waste and medical supply chain sustainability, equitable access to care commitments, and governance structures addressing patient data privacy alongside standard GHG targets.
Retailers focus ESG policies on supply chain labor rights and traceability, packaging reduction and recyclability targets, and scope 3 emissions which typically represent over 80% of total footprint.
SEC climate disclosure rules finalized in 2024 require large accelerated filers to disclose Scope 1 and 2 emissions and material climate risks in annual reports — though implementation has faced legal challenges. The FTC's Green Guides govern environmental marketing claims and are under revision. California's SB 253 and SB 261 impose separate GHG and climate financial risk disclosure requirements on large companies doing business in California, regardless of state of incorporation.
Canada's Office of the Superintendent of Financial Institutions (OSFI) requires federally regulated financial institutions to align climate disclosures to TCFD. The Canadian Securities Administrators (CSA) have proposed mandatory climate-related disclosure rules for reporting issuers. Federally incorporated companies should also note that Bill S-211 (Fighting Against Forced Labour and Child Labour in Supply Chains Act) requires annual supply chain due diligence reports — a direct intersection with the social pillar of any ESG policy.
UK-listed companies and large private companies are subject to mandatory TCFD-aligned climate disclosure under the Companies Act and FCA Listing Rules. The UK Modern Slavery Act requires an annual transparency statement for companies with annual turnover above £36 million. The FCA's SDR (Sustainability Disclosure Requirements) regime introduces anti-greenwashing rules and product labeling requirements for financial services firms. Companies must ensure ESG policy language is consistent with SDR obligations.
The EU's Corporate Sustainability Reporting Directive (CSRD) requires large companies and listed SMEs to report under the European Sustainability Reporting Standards (ESRS) — with phased implementation from 2025 for large public-interest entities. The SFDR applies to financial market participants, requiring ESG disclosures at entity and product level. Double materiality is mandatory under CSRD, and reported data must be subject to limited assurance from 2025, rising to reasonable assurance by 2028. The EU Green Claims Directive, once finalized, will impose strict substantiation requirements on all environmental marketing claims.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Private SMEs establishing a first ESG policy for lender or procurement requirements | Free | 1–3 days |
| Template + legal review | Mid-market companies seeking ESG-linked financing or responding to institutional investor requests | $800–$2,500 (sustainability consultant or legal review) | 1–2 weeks |
| Custom drafted | Public companies, CSRD-regulated entities, or businesses with complex multi-jurisdiction ESG obligations | $5,000–$25,000+ | 4–10 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Start free · No credit card required
