Key Takeaways:

• SB 253 and SB 261 outline what companies must report on greenhouse gas emissions, climate-related financial risk, and risk mitigation efforts.
• Although this law was passed in California, it applies to many companies based outside of the state, impacting over 40,000 organizations.
• While reporting requirements begin in 2026, that doesn’t leave much time for many to begin the process of gathering data and creating a strategy, forcing organizations to act now before it is too late.
• Understanding key frameworks referenced in the bill can help organizations better prepare and understand what information will be required on reports.
• Organizations who are not impacted by these bills should monitor local regulations and strategize for how to prepare should similar laws be adopted in their locale.

Introduction to SB 253 and SB 261

California’s recent passage of SB 253 (Climate Corporate Data Accountability Act) and SB 261 (Climate-Related Financial Risk Disclosure Act) marks an unprecedented step for sustainable supply chain risk management (sSCRM) in the United States, with global implications. While there are variances in scope, these regulations drive parity in supply chain transparency akin to Europe’s Corporate Sustainability Reporting Directive (CSRD) and Corporate Sustainability Due Diligence Directive (CS3D).

While businesses outside of California may initially appear unaffected, it isn’t that simple. Given the size of California’s economy as the fifth largest GDP in the world and the interconnectivity of supply chains, these new regulations’ impact will be far reaching. Over 5,000 US-based companies and 40,000 of their suppliers will be affected — yours may very well be among them, even if you are outside of California.  

Given reporting requirements begin in 2026, it’s important to begin tackling this new supply chain risk management (SCRM) data requirement now. Doing so will allow for ample time to incorporate the necessary change management and supplier messaging to ensure effective programming strategy, appropriate tooling, and complete data capture. You will also want to review 2025 budget implications if managing this new data and reporting requirement necessitates investments in headcount or additional SCRM tools.

For a company looking to integrate sustainability factors into their SCRM in response to these regulations, or as a means to enhance a best-practice SCRM program, we recommend covering these four phases:

• Set the Stage
• Execute the Plan
• Address the Risk
• Support the Supply Chain  

In this installment, we’ll address the first phase: Set the Stage.

Set the Stage

First, it is important to understand SB 253 and SB 261 eligibility and requirements. In short:

• SB 253: Requires companies with over $1 billion in revenue doing business in California to report Scope 1, 2, and 3 greenhouse gas (GHG) emissions starting in 2026.
• SB 261: Applies to companies with over $500 million in revenue, requiring them to disclose climate-related financial risks and their risk mitigation efforts.  

Being classified as "doing business in California" means that the company, even if not physically headquartered in California, is subject to the law’s requirements to report greenhouse gas (GHG) emissions and climate risks. Companies with a global footprint but significant California operations (based on sales, property, or payroll) must disclose their emissions across Scope 1, Scope 2, and Scope 3. This broad definition ensures that any large company with considerable economic presence in California is captured under the reporting requirements, supporting the state’s climate transparency goals.

The phrase "doing business in California" typically follows the same meaning as outlined by the California tax code.  A company is "doing business" in California if it meets any of the following criteria:  

• The company has sales in California that exceed $690,144 (for 2023, adjusted annually for inflation)
• The company owns or rents property in California with a total value that exceeds $69,015 (for 2023)
• Even if a company does not meet the specific financial thresholds, it can still be considered "doing business" in California if it is actively engaging in business activities in the state, like maintaining an office, having employees, or otherwise engaging in business operations within the state.
• Companies that are headquartered outside of California, whether elsewhere in the U.S. or internationally, are still considered to be "doing business in California" if they meet any of the thresholds listed above.  

Know Your Reporting Frameworks

Once you have determined if SB 253 and SB 261 apply to your business — whether you are required to report directly as an eligible company or likely to be required to report as a supplier to an eligible company — it is important to understand and prepare for data requirements. California's SB 253 and SB 261 reference several key frameworks and standards to guide corporate disclosures that provide insight into data needs as well.

Here's a breakdown of the relevant frameworks and related processes for compliance across these two acts:

SB 253 (Climate Corporate Data Accountability Act)

SB 253, which applies to businesses with over $1 billion in revenue doing business in California, mandates eligible companies to report their greenhouse gas (GHG) emissions, and it specifies the use of the following frameworks for these disclosures:

• GHG Protocol: The most widely used international accounting tool for understanding, quantifying, and managing GHG emissions. It defines Scopes 1-3 as the following:  
  
  • Scope 1: Direct emissions from owned or controlled sources. ‍
  • Scope 2: Indirect emissions from the generation of purchased energy. ‍
  • Scope 3: All other indirect emissions that occur in the value chain, such as emissions from suppliers and transportation.

• International Sustainability Standards Board (ISSB): A body established by the International Financial Reporting Standards (IFRS) Foundation to develop comprehensive global standards for sustainability-related disclosures. Although not explicitly required, ISSB standards are likely to influence the detailed reporting structure. ‍
• Third-Party Assurance: Under SB 253, companies must obtain third-party assurance or verification of their emissions data, particularly for Scope 1 and Scope 2, based on standards like the International Standard on Assurance Engagements (ISAE 3410) or ISO 14064-3 for GHG verifications.

SB 261 (Climate-Related Financial Risk Disclosure Act)

SB 261, which applies to businesses with over $500 million in revenue doing business in California, requires eligible companies to disclose their climate-related financial risks and strategies to mitigate those risks. It emphasizes alignment with widely recognized climate risk disclosure frameworks, including:

• Task Force on Climate-Related Financial Disclosures (TCFD):
  
  • The primary reporting framework for disclosing climate-related financial risks under SB 261, under the umbrella of ISSB.
  • TCFD provides guidance on governance, strategy, risk management, and metrics and targets that companies should use to report how climate change affects their financial performance and risk management strategies.
  • Companies are expected to evaluate physical risks (e.g., climate impacts on supply chains) and transition risks (e.g., risks from policy changes or market shifts toward low-carbon technologies).

• SEC’s Proposed Climate Disclosure Rules (potential alignment):
  
  • SB 261 aligns with the direction of the Securities and Exchange Commission (SEC), which has proposed rules requiring publicly traded companies to disclose climate-related risks and impacts, consistent with TCFD.

Conclusion

While your organization may not be affected by California’s bills immediately, risk management professionals should always monitor changing regulatory landscapes around the world. Though some may not feel the impact today, these new regulations are likely to affect more U.S. businesses over time. Additionally, don’t be surprised to see other states begin to require reporting on the sustainability of their supply chain.  

In our next blog, we’ll deliver information on how to map supply chain GHG emissions and conduct climate-related risk assessments.  

Avetta offers a suite of supply chain risk management solutions, including tools to help you holistically understand your emissions footprint and identify high risk suppliers to include in an ESG & Sustainability assessment. Learn more about how Avetta can support your sustainability reporting efforts and ensure the resilience of your supply chain.