FLUKE
Kimball Electronics
Tolomatic
Industrial Scientific
AHEAD
roboception
FLUKE
Kimball Electronics
Tolomatic
Industrial Scientific
AHEAD
roboception
By Harshavardhan S | Wed Jan 14 2026 | 2 min read

Table of Contents

If environmental and social ESRS test data, ESRS G1 tests credibility.

Under the Corporate Sustainability Reporting Directive (CSRD), governance disclosures are not about ethics statements or codes on a website. They are about whether a company can prove it governs sustainability risks in practice, across its organisation and value chain.

This page explains ESRS G1 in full:

  • what governance and business conduct disclosures are required,
  • how materiality applies (and where it does not),
  • what evidence auditors expect,
  • and why weak G1 disclosures undermine every other ESRS topic.

How ESRS G1 Fits Into CSRD

Unlike environmental and social standards, ESRS G1 is largely cross-cutting.

It connects directly to:

  • double materiality governance,
  • risk management,
  • internal controls,
  • supplier oversight,
  • whistleblowing and remediation.

In practice, G1 failures invalidate E and S disclosures, because they raise a single question regulators care about:

> Can this company actually control what it claims to manage?

What ESRS G1 Covers (In Scope)

ESRS G1 focuses on business conduct and governance mechanisms, including:

  • corporate ethics and integrity,
  • anti-corruption and anti-bribery,
  • conflicts of interest,
  • whistleblowing mechanisms,
  • investigations and remediation,
  • supplier governance and enforcement,
  • oversight responsibilities and escalation.

This is not theoretical governance. It is operational governance.

ESRS G1 and Materiality: A Critical Distinction

Many companies misunderstand materiality under G1.

Key reality:

  • Some governance disclosures apply regardless of materiality outcome
  • Others are triggered when governance risks are material

You cannot exclude governance topics simply because impacts or risks seem “low.” If governance mechanisms exist, they must be disclosed.

Auditors treat unjustified G1 exclusions as red flags.

Policies Are Not Enough

Under ESRS G1, companies must disclose:

  • policies and
  • how those policies are implemented, monitored, and enforced.

Common failure patterns:

  • codes of conduct with no enforcement logic,
  • whistleblowing systems with no evidence of use,
  • supplier policies without monitoring or consequences,
  • governance structures with unclear accountability.

If you cannot show how a policy works in practice, it does not meet ESRS expectations.

Anti-Corruption and Business Integrity

What Is Required

Companies must disclose:

  • anti-corruption and anti-bribery policies,
  • training and awareness measures,
  • monitoring and controls,
  • incidents, investigations, and outcomes (where applicable).

Key Reality

Zero incidents does not automatically mean zero risk.

Auditors assess:

  • whether controls exist,
  • whether reporting channels are credible,
  • whether investigations are independent,
  • whether remediation actually occurs.

Silence is not evidence.

Whistleblowing and Grievance Mechanisms

What G1 Expects

Companies must disclose:

  • availability of whistleblowing channels,
  • accessibility to employees and relevant third parties,
  • protection against retaliation,
  • handling and resolution processes.

Key Reality

A whistleblowing policy that has never been tested is a risk indicator.

Auditors look for:

  • documented procedures,
  • usage metrics (where appropriate),
  • escalation pathways,
  • governance oversight.

Supplier Governance and Business Conduct

G1 extends beyond internal governance.

Companies must explain:

  • how suppliers are governed,
  • how codes of conduct are enforced,
  • how non-compliance is identified,
  • what corrective actions are taken.

This is where supplier data and campaign workflows become governance evidence, not operational extras.

If suppliers are out of control, governance is weak by definition.

Governance Roles, Responsibilities, and Oversight

Under ESRS G1, companies must clearly disclose:

  • who is responsible for sustainability governance,
  • how responsibilities are assigned across management and boards,
  • how issues are escalated and resolved.

Vague statements like “management is responsible” do not pass.

Auditors expect named roles, decision pathways, and accountability.

Documentation and Evidence Expectations

For G1, auditors will test:

  • existence of formal policies,
  • implementation procedures,
  • monitoring and control mechanisms,
  • records of training and communication,
  • investigation and remediation documentation,
  • governance approvals and oversight.

Governance disclosures must be traceable, repeatable, and defensible.

Common ESRS G1 Failure Patterns

Across CSRD readiness reviews, the same issues recur:

  • policies without enforcement,
  • supplier codes without monitoring,
  • whistleblowing channels without governance,
  • governance described narratively but not operationally,
  • no linkage between governance and risk management.

Any one of these can undermine CSRD assurance.

Why ESRS G1 Determines Audit Outcomes

Auditors use G1 to assess:

  • whether sustainability data can be trusted,
  • whether risks are actually controlled,
  • whether disclosures reflect reality.

Strong E and S data with weak G1 governance still fail assurance scrutiny.

Governance is the multiplier.

ESRS G1 Is Not Optional “Good Practice”

ESRS G1 disclosures are not aspirational.

They are:

  • legally required under CSRD,
  • subject to assurance,
  • enforceable by regulators.

Companies that treat governance as a narrative exercise expose themselves to regulatory risk even if environmental and social metrics look strong.

Final Reality Check

If your organisation cannot clearly show:

  • how business conduct policies are enforced,
  • how issues are reported and resolved,
  • how suppliers are governed,
  • who is accountable for decisions,

then ESRS G1 compliance is not defensible.

Under CSRD, governance weakness is not hidden — it is disclosed.

Topics

ESG

Speak to Our Compliance Experts

Questions about compliance, partnerships, or support? We're here to help.

Share

ESRS Governance & Business Conduct (G1) Explained: Policies, Controls, and Proof

ESRS G1 is the governance standard under CSRD that requires companies to disclose how they govern business conduct, ethics, integrity, and sustainability-related risks in practice. It covers policies, controls, oversight mechanisms, enforcement actions, and accountability structures, not just written codes.
Some ESRS G1 disclosures apply regardless of materiality outcomes, while others are triggered when governance-related risks are material. Companies cannot exclude governance disclosures simply because risks appear low. Auditors closely scrutinise unjustified exclusions under G1.
ESRS G1 covers corporate ethics, anti-corruption and anti-bribery controls, conflicts of interest, whistleblowing and grievance mechanisms, investigations and remediation, supplier governance, and oversight responsibilities at management and board level.
No. ESRS G1 requires companies to disclose not only policies but also how those policies are implemented, monitored, enforced, and reviewed. Policies without evidence of execution, monitoring, and remediation do not meet CSRD assurance expectations.
Companies must disclose the existence and accessibility of whistleblowing channels, protections against retaliation, investigation processes, and governance oversight. Auditors expect evidence that mechanisms are credible, operational, and properly governed.
ESRS G1 requires companies to explain how business conduct expectations are extended to suppliers, how supplier codes of conduct are enforced, how non-compliance is identified, and what corrective actions are taken. Weak supplier governance undermines overall CSRD credibility.
Auditors test the existence of governance frameworks, internal controls, training records, investigation and remediation documentation, escalation procedures, and board or management oversight. Narrative statements without evidence do not pass assurance review.
Common failures include unenforced codes of conduct, inactive whistleblowing systems, unclear accountability, lack of supplier monitoring, and governance described at a high level without operational detail. These issues often lead to assurance findings.
Governance determines whether environmental and social data can be trusted. Weak governance raises doubts about the reliability of all sustainability disclosures, making ESRS G1 a key factor in overall CSRD audit outcomes.
Yes. ESRS G1 disclosures are legally required under the Corporate Sustainability Reporting Directive and are subject to statutory assurance. Governance weaknesses are disclosed, not hidden, under CSRD.