On October 7, 2023, California adopted a new set of far-reaching climate laws in the form of SB 253, the Climate Corporate Data Accountability Act (CCDAA), and SB 261, the Climate-Related Financial Risk Act (CRFRA) (collectively, the “California Climate Accountability Regime”).[1] Because of the sheer size of the California market—the world’s fifth largest economy—the new legislation effectively will re-shape the Environmental, Social and Governance (“ESG”) and climate transparency debate far beyond the state’s borders.
Under the CCDAA, companies operating within California with annual revenues exceeding $1 billion must begin publicly reporting their greenhouse gas (“GHG”) emissions, including indirect emissions impacts resulting from their activity, starting in 2026. Under the CRFRA, companies operating in California with annual revenues exceeding $500 million must publish biennial climate-related financial risk reports disclosing both climate-related financial risk and measures taken to reduce and adapt to such risk by January 1, 2026. Covered companies under both bills must pay an annual fee, the amount of which is to be determined.
California has now outpaced the U.S. Securities and Exchange Commission, which back in March 2022 proposed a climate rule that would require public company registrants to disclose certain climate-related information in their annual reports and registration statements.[2] And California sweeps in a potentially broader swath of companies because the California Climate Accountability Regime applies to both public and private companies that exceed certain revenue thresholds.[3] In light of the size of the California market, these new state rules may effectively set a new national standard.
CCDAA
The CCDAA requires public and private companies “doing business” in California, with total annual revenues exceeding $1 billion in the prior fiscal year, to publicly report their direct and indirect GHG emissions. The bill does not define “doing business,” but it seems likely it will be interpreted broadly by stakeholders. For example, the California Tax Code defines “doing business” as “actively engaging in any transaction for the purpose of financial or pecuniary gain or profit” [4] and regulators seem primed to apply an equally capacious definition here.
The CCDAA categorizes GHG emissions by scope, requiring companies to publicly disclose Scope 1 and 2 emissions starting in 2026, and Scope 3 emissions starting in 2027. Scope 1 emissions are those that stem from sources that the company owns or directly controls, regardless of location, including, but not limited to, fuel combustion activities. Scope 2 emissions are indirect GHG emissions from consumed electricity, steam, heating, or cooling purchased or acquired by a company, regardless of location. Scope 3 emissions are indirect upstream and downstream GHG emissions, other than Scope 2 emissions, from sources that the company does not own or directly control and may include, but are not limited to, purchased goods and services, business travel, employee commutes, and processing and use of sold products. Scope 3 emissions essentially include everything up and down a company’s value chain—a broad category where there is variance of opinion and practice in the nuance.
Measuring and reporting of GHG emissions must conform with the Greenhouse Gas Protocol (“GHG Protocol”) standards, informed by guidance developed by the World Resources Institute and the World Business Council for Sustainable Development.[5] Covered companies must also obtain independent, third-party assurance of their public disclosure. Scope 1 and 2 emissions must be verified with “limited assurance” beginning in 2026, and with “reasonable assurance” beginning in 2030. Assurance for Scope 3 emissions will be verified with limited assurance[6] starting in 2030. On or before January 1, 2025, the California State Air Resources Board will develop and adopt regulations overseeing the CCDAA’s disclosure requirements.
Failure to comply with the law’s requirements may result in an administrative penalty of up to $500,000 per reporting year.
CRFRA
The CRFRA requires public and private companies “doing business” in California with annual revenues exceeding $500 million to prepare a biennial climate-related financial risk report. The report must disclose the company’s (1) climate-related financial risk, and (2) measures adopted to reduce and adapt to climate-related financial risk. “Climate-related financial risk” is defined in the bill as material risk of harm to immediate and long-term financial outcomes due to physical and transition risks. This includes risk to corporate operations, provision of goods and services, supply chains, employee health and safety, capital and financial investments, institutional investments, financial standing of loan recipients and borrowers, shareholder value, consumer demand, and financial markets and economic health.[7]
On or before January 1, 2026, covered companies must publish their report to the company’s website. Failure to include the required disclosures in the report may lead to an administrative penalty of up to $50,000.
Compliance: Interplay with the SEC Proposed Climate Rule and EU Corporate Sustainability Reporting Directive (“CSRD”)
While the California bills are similar to the SEC proposed rule on climate-related disclosures, there are material distinctions.
First, the California Climate Accountability Regime applies to both public and private companies, while the SEC’s proposed rule applies only to public companies reporting to the SEC.[8]
Second, the CCDAA requires disclosures for Scope 1, 2, and 3 GHG emissions, whereas the SEC proposed rule—perhaps recognizing the difficulty in quantifying Scope 3 emissions—only mandates Scope 3 disclosure from upstream and downstream activities if (1) the GHG emissions are “material” or (2) if the registrant has set a GHG emissions target or goal that includes Scope 3 emissions.[9] The California law essentially compels covered companies to request GHG emissions data from non-covered companies (i.e., non-California companies or those with less than $1 billion in revenue) in their supply chain, making the reach of the CCDAA considerably more expansive than first meets the eye.
Companies required to comply with the EU-adopted CSRD will not find that the California Climate Accountability Regime imposes material new burdens. The CSRD likewise applies to any companies doing business in Europe above a certain revenue threshold (public or private, even if non-EU) and dictates comparable disclosure requirements.[10]
***
The reach of California’s new legislation cannot be understated. If a company seeks to do any business in California, it must collect and report its national or even international climate data. And the new standards are immune to changes at the federal level: regardless of what the SEC ultimately does with respect to its climate disclosure rulemaking or who is elected president in 2024, California’s disclosure standards will be unaffected. Companies therefore would be well-advised to review these new standards and lay the groundwork for compliance with their obligations in this new framework.
Click here to download this article.
[1] Richard Vanderford, New California Climate Law Pulls In Private Companies, The Wall St. J. (Sept. 26, 2023 3:47 PM ET), https://www.wsj.com/articles/new-california-climate-law-pulls-in-private-companies-76acfea8.
[2] The notice and comment period closed as of November 2022. The rule is expected to be finalized this fall. Securities and Exchange Commission, Climate Change Disclosure (3235-AM87), Fall 2022, https://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202304&RIN=3235-AM87; Press Release, SEC Proposes Rules to Enhance and Standardize Climate-Related Disclosures for Investors (Mar. 21, 2022), https://www.sec.gov/news/press-release/2022-46#:~:text=The%20proposed%20rule%20changes%20would,impact%20on%20its%20business%20and.
As with other targeted disclosure mandating, such as cyber security incident reporting, companies face the challenge of complying with both federal and state requirements. Many companies will also be required to comply with international standards and requirements in multiple states in which they do business. These reporting regimes are sometimes overlapping, but require the issuer to calibrate their disclosures to satisfy requirements prescribed by multiple regulatory authorities. Once the SEC finalizes its regulations, impacted companies will have to contend with complying with both regimes. A robust preemption analysis, however, cannot be performed until we see the text of the SEC regulations.
[3] Vanderford, supra note 1.
[4] Cal. Code Regs. Tit. 18, § 23101.
[5] Greenhouse Gas Protocol, https://ghgprotocol.org/ (last visited Oct. 4, 2023).
[6] In a limited assurance engagement, the service provider concludes whether it is aware of any material modifications that should be made to Scope 1 and 2 disclosures in order for them to be fairly stated or complies with the relevant criteria. In contrast, in a reasonable assurance engagement, the service provider gives the same level of assurance provided in an audit of a company’s consolidated financial statements. Soyoung Ho, SEC Getting Lots of Questions on Assurance Part of Climate Proposal, Senior Official Says, Thomson Reuters (April 29, 2022), https://tax.thomsonreuters.com/news/sec-getting-lots-of-questions-on-assurance-part-of-climate-proposal-senior-official-says/#:~:text=Limited%20assurance%20provides%20a%20lower,information%2C%20the%20market%20regulator%20said.
[7] Task Force on Climate-Related Financial Disclosures, https://www.fsb-tcfd.org/publications/ (last visited Oct. 4, 2023). The report itself must conform to the recommended framework and disclosures contained in the Final Report of Recommendations of the Task Force on Climate-related Financial Disclosures or pursuant to an equivalent reporting requirement.
[8] Press Release, supra note 2.
[9] Id.
[10] This includes recommendations of the Task Force on Climate-Related Financial Disclosures and parts of the GHG Protocol. See Directive 2022/2464, of the European Parliament and of the Council of 14 December 2022 on amending Regulation (EU) No. 537/2014, Directive 2004/109/EC, Directive 2006/43/EC and Directive 2013/34/EU, as regards corporate sustainability reporting, 2022 O.J. (L 322) 15, 29.
