ESG Reporting in the U.S.: State-Level Mandates and the Expanding Role of Information Governance
- Max Rapaport
- May 8
- 4 min read

Although recent developments at the federal level—such as the SEC’s recent decision to scale back proposed rules on climate risk and greenhouse gas (GHG) disclosures—suggest a more reserved, or some would say, anti-ESG federal approach, the U.S. ESG compliance landscape is far from idle.
Similar to the current lack of movement on a comprehensive privacy law, states are filling the void. And, not surprisingly, much of the momentum has been led by California’s enactment of sweeping ESG laws. For organizations operating in the U.S., this shift introduces not only new reporting obligations, but also new demands for structure, oversight, and data governance.
In October 2023, California introduced two landmark laws: the Climate Corporate Data Accountability Act (SB 253) and the Climate-Related Financial Risk Disclosure Act (SB 261). SB 253 requires companies with more than $1 billion in annual revenue doing business in California to disclose Scope 1, Scope 2, and Scope 3 GHG emissions beginning in 2026, with independent assurance required by 2030. SB 261 mandates that companies with over $500 million in revenue submit biennial reports describing their climate-related financial risks, following the TCFD (Task Force on Climate-related Financial Disclosures) framework. These requirements apply to any qualifying company doing business in California, regardless of corporate headquarters—making them among the most expansive ESG mandates in the U.S. to date.
This evolution from voluntary disclosure to legal obligation places new pressure on organizations to verify, retain, and organize ESG-related data with far greater rigor. As a result, Information Governance (IG) professionals are becoming indispensable partners in ESG compliance efforts. Their expertise in managing records lifecycles, enforcing retention schedules, and building audit-ready data structures directly supports the kind of transparency and defensibility these laws require.
One of the most urgent responsibilities for IG teams is aligning ESG data with legally sound retention schedules. California’s statutes create specific categories of data—such as emissions estimates, supply chain disclosures, and financial risk models—that must be preserved and made available for audit. Mapping these data types to retention rules and applying those rules consistently across departments and platforms is essential. Critical to success in this area is the successful rollout and deployment of tools that can help organizations understand and map their records to retention laws, automate retention, implement version control, and apply governance policies systematically. This approach helps ensure that ESG records are neither destroyed prematurely nor kept indefinitely without justification.
Another foundational task is centralizing ESG data for consistency and retrievability. ESG information is often distributed across multiple platforms: emissions calculators, procurement systems, HR tools, utility data feeds, and financial applications. Without a central repository governed by IG principles, conflicting or duplicated data can compromise reporting integrity. ESG platforms that embed governance capabilities can consolidate this information while also enforcing metadata standards, access controls, and lifecycle policies. IG professionals are essential to this process, ensuring that centralization efforts follow internal policies and external regulatory requirements.
Because ESG regulations now differ significantly among jurisdictions, monitoring compliance obligations at the state level has become a governance challenge of its own. California’s requirements differ in scope, format, and enforcement timeline from those being proposed in states like New York or Illinois. IG professionals are uniquely positioned to work alongside legal and compliance teams to track these obligations, update internal policy frameworks accordingly, and coordinate jurisdiction-specific retention and reporting strategies. This coordination is especially important in organizations that operate across multiple states or sectors.
Ensuring data quality is equally critical to ESG reporting. Inconsistent values, outdated data, and untracked modifications can undermine the defensibility of ESG disclosures—especially as third-party assurance becomes mandatory. IG professionals help organizations put quality controls in place, such as version tracking, edit logs, and structured review cycles. ESG platforms with governance capabilities often include audit trails and validation checks, making it easier for organizations to demonstrate that reported figures are complete, current, and linked to verifiable source records.
Finally, one of the most overlooked aspects of ESG readiness is the need to identify and eliminate ROT (redundant, obsolete, and trivial) data. ESG reporting efforts are often slowed by the presence of unneeded content buried in shared drives, legacy systems, and unstructured repositories. ROT data not only obscures relevant information but also increases legal risk and storage costs. Governance programs provide the policies and tools necessary to defensibly dispose of ROT while maintaining access to the information that matters. ESG-specific platforms help facilitate this process by prioritizing the most current and compliant datasets for reporting purposes.
Taken together, these governance practices form the backbone of a sustainable ESG reporting framework—one that is resilient, repeatable, and ready for audit. As ESG reporting moves into a new phase of legal and operational maturity, ESG reporting platforms are no longer just data aggregators—they are governance enablers. When implemented thoughtfully and aligned with IG strategy, they can automate compliance, enforce accountability, and significantly reduce the time and risk associated with ESG disclosures.
Ultimately, California’s legislative push is a clear signal of where the U.S. is headed on ESG regulation. And while federal standards may evolve more slowly, organizations that invest now in IG-led ESG reporting processes—and in the right tools to support them—will be better positioned to adapt, comply, and lead.