The EU’s Non-Financial Reporting Directive (NFRD), in force since 2013, has been something of a slow-burn regulatory force. For much of its early existence, companies affected by it—large public-interest entities mainly—treated the obligation as a disclosure exercise that could be satisfied by assembling environmental, social, and governance (ESG) information in a fairly general way. There was, at least until recently, limited scrutiny of the granularity of supply-chain data, and risk disclosures often stopped short of digging deeply into Tier 2 or Tier 3 dependencies. But 2022 marked a turning point. The latest compliance round under the NFRD, driven in no small part by the broader momentum around the Corporate Sustainability Reporting Directive (CSRD) and the European Sustainability Reporting Standards (ESRS) drafts, raised the bar significantly.
Energy companies, especially those still relying on coal-fired generation assets, found themselves at the center of this shift. The expectation wasn’t merely that they acknowledge human rights as a general concern, or that they gesture vaguely toward responsible sourcing. Instead, regulators and stakeholders began pressing for concrete, traceable supply-chain risk disclosures. For coal-fired generation, this meant mapping human-rights risks not only at the mine-mouth level, but across intermediary logistics chains, trading hubs, and even financing arrangements that might link back to problematic jurisdictions or labor practices.
One of the challenges here—if challenge is the right word—is that energy firms had to wrestle with data sources that were often fragmented or inconsistent. Few, if any, global coal traders publish detailed human-rights audits voluntarily. Data on forced or child labor in mining regions exists, but often in the form of NGO reports or academic studies that vary in methodology and coverage. This left firms piecing together multiple strands of information, overlaying them with their own procurement records and attempting to create a picture that was coherent enough to satisfy regulators, but also honest about the limits of what could be known.
For many compliance teams, this process revealed uncomfortable gaps. A company might be able to certify that its direct coal suppliers were audited for labor standards, but find that transshipment hubs or intermediary traders offered little transparency. Others discovered that while mines in certain countries had passed local inspections, they were still linked indirectly to networks flagged for rights abuses through their labor recruitment chains. And here is where the 2022 compliance round stood apart: it wasn’t sufficient anymore to stop at a surface-level due diligence. The expectation was, and remains, that firms demonstrate both a process and a willingness to probe further down the chain—even if the answers were, at times, incomplete.
There’s a practical side to this that’s easy to overlook. Preparing non-financial statements in line with these heightened expectations has, for many firms, required a real shift in internal systems. For EU energy companies grappling with these demands, one of the more immediate steps has been to align their reporting frameworks with the ESRS 2 draft. While still in draft form, ESRS 2 provides a structure that can help firms think through the materiality of various risks, the boundaries of reporting entities, and the metrics that might plausibly be applied.
It’s worth pausing on what this alignment actually looks like in practice. First, companies have had to review their existing data collection processes to ensure that supply-chain risks, particularly in relation to human rights, are flagged early and systematically. This might sound obvious, but in reality, supply chain management and ESG reporting have not always been tightly coupled functions within firms. Bridging that gap often means establishing new channels of communication between procurement, compliance, and sustainability teams—no small cultural shift for organisations accustomed to operating in silos.
Second, and perhaps more tactically, firms have been working through checklists or frameworks that help translate the broad principles of the NFRD and ESRS drafts into operational terms. A typical checklist for energy firms reporting on coal-fired supply chains in this context might include steps such as: mapping all Tier 1 and key Tier 2 suppliers of coal and related services; conducting risk screenings using open-source data or NGO reports on mining regions; documenting and disclosing any mitigation actions taken where risks are identified; and providing narrative context on the challenges and limitations of such disclosures.
Some firms have gone a step further, integrating third-party audit data where available, or engaging specialist consultants to conduct bespoke risk assessments on particular supply routes. But there’s an understandable tension here: the more detail firms provide, the more questions they may raise about gaps or weak spots. And yet, the current regulatory mood seems to favour transparency about imperfection over the appearance of a flawless, but shallow, compliance story.
What’s also becoming clear is that the iterative nature of these reporting rounds is, in itself, a driver of deeper change. Companies that might have approached NFRD compliance as a box-ticking exercise a few years ago are now seeing that the demands will only increase—particularly as the CSRD and ESRS frameworks move from draft to formal adoption. There’s a sense, perhaps still nascent but growing, that supply-chain transparency isn’t simply a regulatory burden but a competitive necessity in a world where stakeholders—from investors to consumers—are becoming more attuned to the realities behind corporate ESG claims.