UK ESG Compliance: What Requirements Apply to Your Business in 2026?

ESG compliance is not the interesting part of sustainability. We say that as people who have spent over a decade arguing that sustainability is one of the most commercially important questions a business can engage with. The reporting obligations, the disclosure frameworks, the regulatory thresholds: none of this is where the value is. But getting it wrong, or failing to approach it strategically, adds cost and undermines credibility.

The UK's ESG compliance landscape has expanded significantly in the past few years, and it continues to move. What makes it genuinely hard to navigate is not that any individual requirement is complicated. Most are reasonably straightforward once you understand what applies to you. The problem is that there are many of them, they are triggered at different points as a company grows, and the gap between hitting a threshold and having to report can be uncomfortably short.

We built the Perigon ESG Compliance Checker because we kept seeing the same problem: high-growth companies hitting compliance obligations in quick succession, without a clear picture of what was coming or how the pieces connected. This article covers what the main UK ESG reporting requirements are, which businesses they apply to.

Our tool does what AI and web searches consistently fail at: providing a tailored list of what is actually required now and in future. AI regularly cites regulations that are not yet confirmed, misapplies size thresholds, muddies the waters with voluntary frameworks, and even overstates non-compliance consequences. For a high-growth company trying to take a proportionate approach, that noise is at best a distraction, at worst creates added burdens that take years to shed. The thresholds and obligations below reflect our current best understanding of UK requirements as they stand.

What Does ESG Reporting Compliance Mean for UK Businesses?

ESG reporting compliance in the UK is not a single framework or a single regulator. It is a collection of separate reporting and disclosure obligations, some environmental, some social, some governance-related, each introduced at different times, administered by different bodies, and triggered by different criteria. The result is that two companies of similar size and sector can have meaningfully different compliance profiles depending on their precise headcount, turnover, balance sheet, ownership model, and whether they supply to government or operate in regulated financial services.

The main categories covered by our compliance checker are: social reporting obligations (gender pay gap, modern slavery); energy and carbon reporting (SECR, ESOS); climate risk disclosure (TCFD-aligned reporting under company law and FCA rules); FCA sustainability disclosure requirements for asset managers; and supply chain obligations, primarily Carbon Reduction Plans for government suppliers. Financial services firms also face additional regulatory expectations from the FCA and PRA that sit outside the standard reporting frameworks; these are covered in the personalised reports the tool generates for relevant firms.

The compliance requirements are also, by and large, relatively new. Several have been introduced or significantly expanded in the past few years, and obligations continue to flow downstream from larger businesses down to mid-market and earlier stage companies. Understanding where the thresholds currently sit is useful. Being able to pre-empt what is coming is even more so.

Which UK ESG Reporting Requirements Apply, and When Do They Kick In?

The most useful way to think about UK ESG reporting requirements is as a sequence that a growing company moves through, rather than as a static checklist. Most businesses encounter them in roughly this order:

Gender Pay Gap Reporting (250+ employees)

Required for any UK employer with 250 or more employees. The 250-employee threshold is assessed on 5 April in any given year, not at year-end, which catches some businesses off guard. Reports must be published annually on the government website.

Modern Slavery Act Statement (£36m+ turnover)

Required for any organisation with annual turnover of £36 million or more operating in the UK, regardless of employee count. The statement must describe the steps taken to ensure modern slavery and human trafficking are not occurring in the business or its supply chains. The turnover threshold means some leaner, faster-growing businesses hit this before they hit the gender pay gap obligation.

Streamlined Energy and Carbon Reporting (250+ employees /£36m+ turnover /£18m+ balance sheet)

SECR requires large UK companies and LLPs to disclose their energy use, carbon footprint, and greenhouse gas emissions in their annual Companies House filings. It applies to companies meeting at least two of three criteria: 250 or more employees, £36 million or more turnover, or £18 million or more on the balance sheet.

The timing issue here is worth understanding clearly. As soon as a company completes a financial year in which it meets two of those criteria, that same annual report must include SECR-compliant carbon data. There is no grace period. For companies that have not already been measuring their emissions, the gap between realising they are in scope and the reporting deadline can be very short. Getting measurement processes in place before you hit the threshold creates considerably less commercial headwinds than scrambling to retrofit them after.

Energy Savings Opportunity Scheme Phase 4 (250+ employees /£44m+ turnover /£38m+ balance sheet)

ESOS requires large undertakings (broadly, those that meet two of three criteria: 250 or more employees, £44m or more turnover and £38m or more balance sheet) to conduct mandatory energy audits covering buildings, industrial processes, and transport. The ESOS Phase 4 qualification date is 31 December 2026, with a compliance deadline of 5 December 2027. From 2026, ESOS data is publicly published by the Environment Agency, which transforms energy performance from a private compliance matter into a public reputational one.

TCFD-Aligned Climate Disclosure (500+ employees and £500m+ turnover or listed entities)

Task Force on Climate-Related Financial Disclosures (TCFD) reporting shows up in two ways. For growing private companies, it arrives through the Companies Act: large and very large companies (broadly, those exceeding 500 employees and £500 million turnover) are required to include climate-related financial disclosures in their annual reports. For listed companies, the FCA's Listing Rules make TCFD-aligned disclosure mandatory from the point of listing, regardless of size.

This is a meaningful step up in reporting complexity from SECR. TCFD requires disclosure across four areas: governance, strategy, risk management, and metrics and targets. The UK Sustainability Reporting Standards (UK SRS), currently in development and based on the ISSB's S1 and S2 frameworks, are expected to eventually replace and significantly expand on TCFD as the definitive UK climate disclosure standard. Voluntary use is anticipated from 2026, with mandatory application for listed entities expected to follow in 2027.

Carbon Reduction Plans (businesses supplying government contracts above £5m per annum)

Any company supplying UK government contracts worth more than £5 million per annum must publish a Carbon Reduction Plan as a condition of contract eligibility. This requires disclosure of current Scope 1 and 2 emissions and a commitment to achieve net zero by 2050, with interim targets. For businesses with significant public sector revenue, this can arrive earlier in their growth trajectory than other reporting obligations.

What ESG Reporting Requirements Apply to Financial Services Firms?

Financial services firms face a more demanding and sector-specific compliance landscape than most other businesses. The obligations that sit within our compliance checker cover FCA Sustainability Disclosure Requirements for asset managers and owners, including entity-level TCFD-aligned disclosures and, for firms managing or distributing products with sustainability characteristics, product-level labelling requirements under the SDR regime.

Beyond these reporting obligations, there is a wider set of regulatory expectations relevant to financial services firms. The FCA's anti-greenwashing rule applies to all FCA-authorised firms and requires that any sustainability claims made about products or services are fair, clear, and not misleading. The PRA's supervisory statement SS5/25 (which replaces SS3/19 from 3 June 2026) sets expectations for banks and insurers understand and embed climate-related financial risk into their governance, risk management frameworks, and business strategy. Neither of these is a standard reporting obligation, but both carry significant regulatory consequences if handled poorly. Where these are relevant to a firm's profile, they are covered in the personalised report the tool generates.

FCA-Regulated Asset Managers and Asset Owners

For FCA-regulated asset managers and asset owners, the assets-under-management thresholds that trigger SDR entity and product-level obligations vary, and the regime continues to evolve. The obligations are considerably more extensive than for other firms of equivalent size, and the compliance checker maps the specific requirements that apply based on a firm's AUM and product range.

PRA-Regulated Firms (Banks and Insurers)

For banks and insurers, PRA supervisory engagement on climate risk is enforced through the supervisory review process rather than public disclosure mandates. Non-compliance does not generate a fine in the straightforward sense, but it does generate sustained supervisory scrutiny, potential Pillar 2 capital implications, and, where failures involve breaches of underlying regulatory obligations or the Senior Managers and Certification Regime, the possibility of personal as well as firm-level consequences.

A Note for Private Equity Firms and Investors

Sustainability managers at private equity firms frequently tell us that one of their more frustrating problems is getting a clear picture of which regulations apply to which portfolio companies, and when. Each portfolio company has a different size, sector, and regulatory profile, and the GP-level FCA obligations sit alongside, rather than simplifying, the picture for individual holdings. The Perigon ESG Compliance Checker works at company level, which means it can be run quickly for each portfolio company to generate an individual compliance map. This is useful both for portfolio monitoring, for pre-acquisition due diligence, and for sale preparation.

What Are the Consequences of Non-Compliance with UK ESG Reporting Requirements?

This varies considerably by regime, and it is worth being clear about the difference between the theoretical and the practical. Court orders and financial fines exist in several of these frameworks but are, in practice, rare enforcement tools. The more common and more immediately relevant consequences tend to be reputational and commercial.

For SECR, failure to report or material inaccuracy in reporting is a breach of the Companies Act, with potential personal liability for directors. For ESOS, the Environment Agency can issue civil penalty notices, and with ESOS data now publicly published, non-compliance is visible to competitors, customers, and investors. For Modern Slavery, the Home Office can publicly name non-compliant businesses, with growing procurement consequences in both public and private sector supply chains.

For FCA-regulated firms, supervisory action can include public censure and financial penalties. For PRA-regulated firms, supervisory engagement can result in capital implications and, where the Senior Managers Regime is engaged, personal liability.

The reputational consequences are particularly important for any company approaching a change-of-ownership event, whether a fundraising round, a trade sale, or an IPO. You want to avoid ESG compliance gaps surfacing for the first time in due diligence.

Why You Cannot Rely on AI or Search to Map Your ESG Compliance Position

It is tempting to ask an AI assistant or run a quick search to find out which ESG regulations apply to your business. We have done both extensively as part of building and validating our compliance tool, and the results are not reliable enough to act on.

AI systems regularly cite incoming or proposed regulations as if they are already in force. They misapply size and sector thresholds, stating that a requirement applies to a company when it does not, or vice versa. They tend to overstate the consequences of non-compliance in ways that are not helpful when you are trying to take a proportionate approach. And they treat all businesses as if they are the same, rather than working from the specific profile of the company in question.

For a high-growth business with limited bandwidth for compliance administration, that kind of imprecision carries real cost: either in unnecessary work against obligations that do not apply, or in missed obligations that do. Our tool is built on a continuously updated database of UK ESG requirements, validated against the actual regulatory texts, and tested against a range of company profiles. We would still recommend double-checking any significant obligations that come up, but the outputs are materially more reliable than a general AI query.

Why the Order in Which You Encounter ESG Reporting Requirements Matters

Most growing businesses encounter ESG reporting requirements in an unhelpful order. The earlier, lower-threshold obligations (gender pay gap, modern slavery, SECR) tend to arrive before a company has built any kind of strategic framework for thinking about its relationship with the world. So they get handled tactically: a report is produced, a statement is filed, a box is ticked. This is understandable, but expensive in the long run.

The requirements, such as TCFD or UK SRS, that encourage more strategic, big-picture thinking (like climate scenario analysis or understanding what aspects of sustainability are material) tend to arrive later. By that point, significant effort has often gone into building piecemeal compliance processes that were never designed to connect with each other or feed into management decision-making. Retrofitting a coherent framework onto disconnected compliance activity is considerably more costly than building the strategic framework first.

What we find is that companies which do the work early, genuinely understanding how they interact with the world around them and what is material to their business model versus what is a trending topic they cannot actually move the needle on, end up with a compliance approach that is less effort and more value-additive. The same data and governance processes serve multiple obligations simultaneously. The materiality assessment that grounds the strategy also grounds their disclosures. The emissions measurement that feeds SECR also feeds ESOS, the Carbon Reduction Plan and TCFD.

Companies have to do less in order to do more. Without a clear sense of how they fit into the world and where they can genuinely make a difference, businesses will always be at the whim of incoming stakeholder requests, and will also lack the basis for deciding how much focus to put on different pieces of compliance.

There will always be a burning platform of more things to measure, report, disclose, and communicate. The way to manage that is not to respond to each new obligation in isolation. It is to have a clear enough picture of what matters, commercially and in terms of the company's role in the world, that the compliance activity falls into place around the strategy rather than substituting for it.

How to Get a Clear Picture of Your ESG Reporting Obligations

The starting point is understanding which obligations actually apply to you, which is less straightforward than it sounds given the number of overlapping regimes and the different triggers involved. Perigon's ESG Compliance Checker does this in a short survey: you input some simple company details and the tool maps your profile against our current database of UK ESG reporting requirements. The output is a personalised report covering your current obligations, what is on the horizon, and guidance on how to approach compliance in a way that builds toward a coherent strategy rather than accumulating disconnected reporting exercises.

It takes two minutes. It is not a substitute for professional advice on specific regulatory questions, but it gives you something most businesses lack at the point when it would be most useful: a clear, up-to-date picture of where you stand and what is coming.

ESG compliance is not the interesting part. Getting it right is what creates the conditions to do the interesting part properly.

‍

‍