ESG Reporting: The Devil is in the Details - Interview with attorney-at-law Mateusz Romowicz. - MarinePoland.com
ESG Reporting: The Devil is in the Details - Interview with attorney-at-law Mateusz Romowicz.
Date of publication: 23.07.2024
Discussing the Challenges of ESG Reporting with attorney-at-law from Legal Marine, Mateusz Romowicz.

Let's start with what ESG reporting is?

The genesis of ESG reporting in current assumptions is the commitment made by the European Commission in the communication of 11 December 2019, 'European Green Deal.' This communication concerned the provisions of Directive 2013/34/EU of the European Parliament and of the Council on non-financial reporting from an environmental perspective.

As a result, Directive (EU) 2022/2464 of the European Parliament and of the Council introduced far-reaching changes to Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 on the annual financial statements, consolidated financial statements, and related reports of certain types of undertakings.

Analyzing the regulations of this directive, known as the CSRD, one must come to a concerning conclusion that the scope of non-financial information subject to reporting far exceeds environmental impact-related information of the company. Here, we are dealing with the disclosure of information that constitutes trade secrets, business model, and business strategy while lacking adequate protection. Poland, like other EU member states, will now have 18 months to implement the aforementioned regulations into its legal framework, which may give rise to other problems.

Let's also remember that this form of reporting is not limited to European Union countries; for example, this obligation already exists in the United Kingdom. In April 2022, the UK introduced two pieces of legislation in this regard: The Companies (Strategic Report) (Climate-related Financial Disclosure) Regulations 2022 and The Limited Liability Partnerships (Climate-related Financial Disclosure) Regulations 2022.

Additionally, ESG reporting is already mandatory to some extent in New Zealand and Malaysia. Work on ESG reporting requirements is also underway in the USA, Canada, and China.

Why might the 18-month implementation period for the directive prove problematic?

The directive establishes a legal framework for individual member states, which are obligated to implement it according to national and EU regulations, but as practice teaches us, there may also be certain differences. This can lead to a situation where ESG reporting in each member state will have its specific variations, which in turn can lead to many complications and additional costs for maritime industry entrepreneurs, whose businesses typically span multiple EU countries, not to mention the excessive "business bureaucratization.’’

From the perspective of some standardization of ESG reporting, it seems that a better approach would be a direct EU regulation. In the current model, it may turn out that the entrepreneur will be forced to adapt their ESG reporting standards to each EU country where they have business partners or branches. Such a situation will undoubtedly generate additional costs, business risks, and certainly considerable chaos in the initial phase.

As a reminder, the directive's provisions provide for a three-step schedule for the application of new obligations by entities.

The largest entities, which already report non-financial information based on accounting law, will present information first (for the financial year 2024). These are large entities of public interest with more than 500 employees. The following year, the remaining large entities will present their first reports. Small and medium-sized listed companies will submit reports for the first time for the financial year 2026. 

Some time ago you published an article in which you rather critically assessed the introduction of ESG reporting. Why such a negative approach to this topic?

In my opinion, this is another stage of unnecessary business bureaucratization, which, considering the narrative accompanying it, seems rather alarmingly illogical. The main catalyst for introducing yet another broad reporting obligation for entrepreneurs in the form of ESG is ecology. My concern is that the recently very fashionable term 'ecology' is becoming too often a tool for introducing increasingly burdensome and irrational regulations from the perspective of the chosen goals. I remind you that entrepreneurs are already subject to various reporting requirements, they determine their carbon footprint, extensive obligations have been imposed on them in terms of fiscal reporting, which are increasingly burdensome, and the legislative monster in the form of personal data protection has also not made running businesses in Poland and EU countries easier.

Unfortunately, in this madness, no one has thought about safeguarding the interests of the entrepreneurs themselves, who will be forced to disclose many data concerning their business models, which in my opinion are not very much related to ecology and may be used in very diverse and not necessarily beneficial ways for the entrepreneurs, for example, in terms of unfair business intelligence.

What do you see as the biggest risks when it comes to ESG reporting?

I think the main risk lies in the uncertainty surrounding how this reporting will actually unfold. While we already have a fairly concrete idea considering the CSRD directive, as usual, the devil is in the details. Each country is implementing this directive over the next few months according to its legislative standards, with certain differences.

On the other hand, what I fear is a situation where ESG reporting becomes a factor in identifying companies worth acquiring by states or corporations. However abstract it may sound to some, we need to be frank about it. Data transmitted in the scope of ESG, coupled with moderate Polish cybersecurity, can quickly fall into unauthorized hands and be used for various purposes.

Another issue that puzzles me is how the obligation of ESG reporting will be implemented cross-border. If a Polish entrepreneur collaborates with business partners in, for example, Italy, Spain, and Denmark, will they have to demonstrate ESG reporting in each of those countries or only in Poland? Presumably, if they open a branch or facility according to tax law in a given country, they will likely have to meet such a requirement. However, what about the situation where a Polish entrepreneur participates in a foreign tender? I raise these questions because I fear that many EU countries may use ESG reporting as a pretext to limit the circle of bidders in tenders, protecting their local content.

Furthermore, it's worth emphasizing once again the issue of the lack of regulation and therefore protection regarding Big Data.

Could you please elaborate on the issue of Big Data in the context of ESG reporting?

Big Data typically refers to non-personal data generated and collected automatically in massive quantities without direct human intervention. In a simplified sense, one way to acquire them may involve the use of computer software (algorithms) or sensors processing data provided using appropriate equipment. Currently, due to the development of artificial intelligence (AI), it is precisely Big Data that form the basis for AI learning, which can create numerous risks considering that algorithms learn how we function both privately and in business. Big Data has become a useful business element, and sometimes even the foundation of operations in many countries. The problem lies in the lack of regulations in these spaces.

Considering the above, it is important to consider how best to protect this data from being exploited by competitors. In the case of ESG reporting, I don't even see a basic scope of protection for the Big Data acquired in the reporting process. If we add to this the very weak standards in the area of Polish cybersecurity, we must consider what scope of information should actually be disclosed because it will certainly not be adequately secured in Poland.

Let's remember that our current reality and certainly the future will be based on Big Data used by artificial intelligence (AI) for various purposes such as diagnosis, treatment, home design, and providing the best offers for consumers, etc. Currently, corporations are competing to acquire data, which then serves as knowledge for AI, which can be very differently utilized by algorithms. Big Data is somewhat reminiscent of the situation with firearms. Firearms themselves are just things that we can use in various ways, e.g., for sports, collecting, self-defense, etc., but because they are so dangerous and can be used for criminal purposes, owning and using them is very strictly regulated in many countries.

Interestingly, Big Data, which carries much greater risks than firearms and certainly has much greater impact, is a legally unregulated sphere altogether, and Big Data is already being used for many nefarious purposes. A great example of this is the story of Cambridge Analytica, which, using Big Data, conducted an unprecedented propaganda campaign during, among other things, the US elections won by Donald Trump and the Brexit referendum. The actions of this company showed how frighteningly effective skillful use of Big Data and social media can be in influencing public opinion during presidential elections and in such an important referendum for the UK. I probably don't need to emphasize how much simpler it will be to potentially influence a particular business or its acquisition, or even its destruction, using Big Data and a few additional instruments.

That's not a very optimistic outlook, Mr. Romowicz. What are your recommendations?

The vision may not be optimistic, but these are real threats that should finally be articulated because we have all become accustomed to increasing reporting obligations and various restrictions, during which we disclose a lot of sensitive data that unfortunately is not adequately secured either practically or legally.

On the other hand, ESG reporting may turn out to be quite harmless, albeit burdensome, much like data protection regulations, which were introduced amid much concern and turmoil.

I believe that EU legislators should place much greater emphasis on regulating Big Data and AI than creating further obligations for already burdened entrepreneurs. In my opinion, the current approach involves too much asymmetry. Let's remember that entrepreneurs in the Union are already grappling with many problems arising from the Covid-19 pandemic, the war in Ukraine, the energy crisis, etc.

On the other hand, the very trendy issue of ecology cannot be a pretext for disclosing trade secrets without adequately securing this data.

Thank you for the conversation.

The conversation was conducted by Anna Filipek

Most recent