Who needs to report under SB 261?
SB 261 applies to US companies with more than $500 million in annual revenue that do business in California. Certain entities, such as insurance companies regulated by state insurance commissioners, are exempt.
CARB has clarified that only US entities are covered. A parent company may prepare a single consolidated climate risk report for its subsidiaries, though detailed draft regulations on consolidation have not yet been released.
When are reports due?
The first report must be published on a company’s website by January 1, 2026. CARB will open a public docket on December 1, 2025, where organizations must submit the link to their report. The docket will remain open until July 1, 2026. Reports must then be updated on a biennial basis.
Which framework should companies use?
Reporting entities must align their disclosures with a recognized framework. The law permits the TCFD framework, the IFRS S2 Climate-related Disclosures standard, or another government-backed framework consistent with TCFD.
Every report must state the chosen framework, identify which disclosures have been included or omitted, explain omissions, and describe any plans for future inclusion. This approach reflects CARB’s emphasis on a good faith effort in the first reporting cycle.
What are the minimum disclosure requirements?
The Draft Checklist is structured around the four TCFD pillars:
- Governance: how boards and management oversee climate related financial risks
- Strategy: how climate related risks and opportunities shape operations, financial planning, and long-term business outlook
- Risk management: processes to identify and assess climate risks and integrate them into enterprise risk management
- Metrics and targets: measures adopted to monitor progress, which may include GHG emissions reporting if available
CARB stated that disclosures should focus on what is material, practical, and decision-useful for investors and other stakeholders.
Do companies need to include scenario analysis?
Not for the first report. While scenario-based climate risk assessments are a feature of the TCFD framework, CARB is taking a phased approach. It encourages qualitative discussion of resilience to climate related risks and transition threats, but does not mandate quantitative analysis at this stage. Scenario analysis may become required in future cycles.
Are emissions data required?
Emissions data is not mandatory for the first report under SB 261. Covered entities may include greenhouse gas emissions or other GHG emissions reporting if available and material, but the disclosure requirements focus primarily on climate risk. This reflects a recognition that many organizations are still building systems to collect consistent emissions data across supply chains and operations.
What data period should companies use?
The law does not specify whether reports must use calendar year or fiscal year data. Instead, companies are instructed to rely on their most recent and best available data. If information is incomplete, they should explain the gaps and outline plans to address them.
How should companies prepare in 2025?
Preparation in the lead-up to the first report is critical. Companies should:
- confirm their in-scope status as a business entity or parent organization
- select a disclosure framework and draft a compliance statement
- map key climate related risks, including both physical and transition risks, and document board-level oversight
- build a resilience narrative that addresses future climate risk scenarios
- catalogue existing metrics and emissions data, and identify data gaps
- plan logistics for publication and submission to the public docket
How can ESG software help?
Many organizations operating in California and beyond will struggle with the complexity of climate risk disclosure. ESG and sustainability software platforms can help companies comply with California SB 261 by:
- centralizing data on climate related financial disclosures, financial risks, and mitigation strategies across global operations and supply chains
- enabling streamlined climate risk assessments that capture both physical and transition threats
- managing greenhouse gas inventories and supporting consistent GHG emissions reporting
- automating the production of climate risk reports aligned with frameworks such as the TCFD or IFRS S2
- tracking progress against targets, ensuring that reporting entities can provide stakeholders with credible climate information year after year
Using ESG technology allows larger companies to not only comply with California’s climate disclosure laws but also to strengthen governance, integrate climate related risks into enterprise risk management, and prepare for future regulations that may introduce stricter disclosure requirements or verification standards.
What is the legal status of the guidance?
CARB’s Draft Checklist is non-binding. In any conflict, the statute and future regulations will prevail. Companies should monitor updates closely as the rulemaking process continues.
Why does this matter?
California’s climate disclosure laws represent some of the most ambitious in the US. By requiring climate risk disclosure from thousands of reporting entities, California aims to enhance transparency, assess systemic financial risks, and ensure businesses adapt to climate change.
For companies, preparing for SB 261 is about more than compliance. It is an opportunity to demonstrate leadership, provide stakeholders with credible climate information, and future-proof operations against both physical and transition threats. The first report is due soon, and companies that begin now will be best positioned to comply confidently and turn disclosure into a strategic advantage.
