Esg Due Diligence Checklist
An investor-focused ESG due diligence checklist covering governance, climate, workforce, supply chain, claims, data quality, regulation and red flags.
ESG (environmental, social and governance) due diligence is no longer a soft reputation exercise. For investors and acquirers, it can reveal regulatory risk, weak controls, climate exposure, supply-chain problems, greenwashing risk and hidden costs. This checklist explains what to review before signing.
What ESG due diligence is trying to prove
ESG due diligence asks whether a company understands and manages material environmental, social and governance risks. It should not be a marketing review. It should test evidence, accountability and control quality.
A good process answers three questions: what are the material ESG risks, what evidence supports management's claims, and what could create value erosion after investment or acquisition?
1. Governance and accountability
Start with ownership. Who is responsible for ESG, climate, compliance, health and safety, workforce issues and supplier oversight? Is responsibility board-level, executive-level, operational, or scattered across departments?
Look for meeting minutes, policy approvals, risk registers, internal controls and evidence that issues are escalated. A company with polished ESG language but no owner, no review cycle and no board visibility is a risk.
2. Climate and carbon data
Review the company's carbon footprint, boundary, base year, emissions factors and Scope 3 approach. If the company has made climate claims, check whether the data supports them.
Important questions include: are Scope 1 and 2 emissions measured? Are material Scope 3 categories estimated? Are energy and fuel records available? Is the methodology consistent with the GHG (greenhouse gas) Protocol? Are reduction targets based on real operational changes?
3. Regulatory exposure
Check whether the company is exposed to CSRD (Corporate Sustainability Reporting Directive), UK sustainability disclosure, product regulation, modern slavery rules, environmental permits, packaging regulation, waste obligations, carbon pricing or sector-specific requirements.
The legal answer matters, but so does commercial exposure. A company may not be directly regulated yet still face customer data requests or contractual ESG requirements.
4. Supply chain and human rights
Supply-chain diligence should cover supplier concentration, high-risk geographies, labour standards, audit history, grievance mechanisms and whether the company has supplier codes or contract clauses.
Do not accept a supplier code as proof of control. Ask whether suppliers have signed it, whether audits happen, and what happens when problems are found.
5. Environmental claims and greenwashing risk
Review website claims, sales decks, product labels, carbon neutral statements, offset claims, recycled-content claims and sustainability reports. Claims should be specific, substantiated and not misleading.
In the UK, the Competition and Markets Authority's Green Claims Code is a useful reference. For regulated financial firms, the FCA (Financial Conduct Authority) anti-greenwashing rule is also relevant.
6. Workforce and safety
Review health and safety records, staff turnover, complaints, pay practices, diversity data, training, whistleblowing channels and workforce policies. Social risk is often where hidden operational issues appear first.
7. Data quality
Data quality can make or break ESG diligence. Look for source documents, owners, timestamps, version control and evidence that numbers have been checked. If the data exists only in a slide deck, treat it cautiously.
8. Financial exposure and hidden costs
ESG issues can become financial issues quickly. A weak carbon data process can create tender risk. Poor health and safety records can create insurance and litigation risk. Weak supplier controls can disrupt production. Environmental permits can limit expansion. Climate risk can affect assets, logistics, maintenance and capital expenditure.
For investors, the diligence question is not "does this company sound sustainable?" It is "could this issue change value, cash flow, capex, compliance cost, customer retention or exit risk?" That is why ESG diligence should sit alongside financial, legal, tax and operational diligence rather than in a separate marketing exercise.
Evidence scoring matrix
| Score | Evidence quality | Typical investor response |
|---|---|---|
| Low | Unsupported claims, outdated policies, no owner and inconsistent data. | Raise red flags, request remediation plan and consider warranty or price implications. |
| Medium | Some evidence exists, but controls, dates, boundaries or ownership are unclear. | Ask for clarification, assign owners and set post-deal improvement actions. |
| High | Clear owners, source documents, recent metrics, board oversight and repeatable controls. | Treat as stronger evidence, while still checking material gaps. |
Red flags
- No named owner for ESG data.
- Climate claims without a carbon footprint.
- Supplier policies with no evidence of implementation.
- Old or inconsistent health and safety records.
- Carbon neutral claims based only on unspecified offsets.
- Major customer ESG requests handled manually each time.
- Unclear regulatory ownership.
What a strong ESG data room contains
A strong data room includes policies, carbon calculations, energy data, supplier documents, workforce metrics, board papers, audit reports, permits, incident logs, claims evidence and a one-page index showing owner, date and status for each item.
For a deeper operational guide, read ESG data room checklist: what evidence should you keep?.
How to turn findings into deal terms
The value of ESG due diligence is not the length of the checklist. It is whether findings change the investment decision, price, warranties, post-deal plan or monitoring requirements. A weak carbon footprint may become a 100-day improvement action. A serious permit issue may become a condition precedent. A misleading customer claim may require a warranty, remediation plan or communications review.
That is why each finding should be written with a consequence attached. "No Scope 3 data" is a weak finding by itself. "No Scope 3 data despite major customer tender requirements, creating renewal risk" is more useful. The second version explains why the issue matters commercially.
Related guides
Use this checklist with the ESG data room checklist, greenwashing guide, Scope 3 for SMEs guide, CSRD explained and Corporate Sustainability Due Diligence Directive (CSDDD) explained. Together, those pages cover evidence quality, claims risk, carbon data, supply-chain due diligence and regulatory exposure.
What to do with findings
Not every ESG issue should stop a deal or investment. The decision depends on materiality, severity, remediation cost and whether management understands the issue. A missing policy may be easy to fix. A repeated safety incident, unsupported climate claim or unresolved permit breach may be more serious.
Convert findings into actions: immediate blockers, price or warranty issues, 100-day plan items and longer-term improvement projects. That makes ESG diligence useful rather than decorative.
Questions after the first answer
Good due diligence rarely ends with the first answer. If a company says it has a climate target, the follow-up is whether the target covers Scope 3 emissions, whether it has been validated, whether capital spending supports it and whether progress is on track. If a fund says it excludes fossil fuels, the follow-up is whether that applies to all fossil fuel exposure, reserves, utilities, services and index derivatives.
The same logic applies across ESG topics. A modern slavery policy matters less than supplier risk mapping and remediation evidence. A diversity target matters less if hiring, promotion and retention data point in the other direction. A board committee matters less if minutes show no substantive challenge. Investors should therefore treat ESG due diligence as an evidence chain. The first answer identifies the claim. The second and third questions test whether the claim changes risk, governance or long-term resilience.
Useful source links
Bottom line
ESG due diligence should test evidence, not slogans. The strongest targets have clear owners, reliable data, controlled policies, honest claims and a data room that proves how ESG risks are managed.
ESG due diligence FAQ
What is the first diligence request to make?
Ask for the ESG data room index, risk register, carbon footprint methodology and claims evidence. Those documents quickly show whether the company has a controlled process.
Is ESG diligence only for large acquisitions?
No. It is also useful for growth investment, lending, procurement, partnerships and supplier onboarding where climate, labour, governance or claims risk could affect value.
What is a major warning sign?
A major warning sign is a public ESG claim with no owner, no methodology and no supporting evidence. That can create legal, reputational and commercial risk.
Information only
This guide is for general information only. It is not legal advice, regulatory advice, accounting advice, investment advice, financial advice, tax advice or a recommendation to proceed with or reject any transaction. Investors, acquirers and companies should check current source documents and take professional advice before relying on ESG due diligence findings.