From the Trenches
CSRD Hub Newsletter # 9
October 2024
 

​S4: Consumers and end users

 

If you take only one thing away: Consumers and end users are defined specifically under ESRS, but B2B companies are not off the hook. 

​

First things first: Who is a “consumer” or “end user?”

 

The ESRS glossary provides a definition to start. 

​

• Consumers: Individuals who acquire, consume or use goods and services for personal use, either for themselves or for others, and not for resale, commercial or trade, business, craft or professional purposes.

​

• End users: Individuals who ultimately use or are intended to ultimately use a particular product or service.

​

Our Perspective: For many B2C companies, the link to consumers and end users is clear. However, all companies have an impact, dependency, or other indirect effect on consumers or end users, even if only indirectly through their B2B customers. 

​

B2B companies should also take note in their materiality assessments as well as in their reporting where IROs related to consumers and end users may be material. Why?

​

​1. Indirect Responsibility for Consumer Impact: Even if a company does not directly sell to consumers, its products or services may still end up in the hands of consumers via their business customers. For example, a component manufacturer may produce parts for electronics sold to consumers by other companies. In such cases, the manufacturer must ensure that their components meet safety, privacy, or environmental standards, as failures at this level can still result in reputational or legal consequences for the entire value chain.

 

2. Reputational and Regulatory Risks: B2B companies are increasingly being held accountable not just for the quality of their products but also for how those products are used downstream. For instance, in sectors like technology or healthcare, data privacy concerns are critical. A B2B software company providing solutions to other businesses might not interact directly with consumers, but if its software is implicated in a consumer data breach, the reputational and financial damage could affect all parties in the value chain.

 

3. Pressure from Business Customers: Many large B2B customers are themselves subject to consumer-facing sustainability regulations, such as the CSRD or consumer protection laws. As a result, they often require their suppliers to meet high standards of sustainability and social responsibility, including those that relate to end-user impacts. Companies that fail to meet these requirements risk losing important business relationships, as their customers strive to maintain their own compliance with ESG frameworks.​

 

4. Materiality and Product Lifecycle: Under double materiality, companies are required to assess both the financial risks and societal impacts of their operations, including how their products are used across their entire lifecycle. This applies even in B2B contexts, where the social and environmental impacts may manifest downstream when products reach the end user. For example, if a B2B chemical manufacturer produces substances used in consumer goods, the company must evaluate potential health and safety risks for consumers of those goods.

​

What is required?

​​

So, we’d recommend every company – whether B2C, B2B2C, B2B or some other combination thereof – look closely at the topics under S4. 

​

Under ESRS S4, companies must evaluate their impacts, risks, and opportunities related to consumers and end users through three main sub-topics: 

​

• information-related impacts: How companies handle consumer data and privacy, ensure freedom of expression, and ensure that consumers have access to accurate and reliable information about products and services.

​

• personal safety: How companies protect consumers from physical and psychological harm related to a company’s products or services and safeguard vulnerable populations, such as children, from exposure to harmful content.

​

• social inclusion: How companies ensure non-discrimination in access to products, services, and marketing, as well as efforts to make offerings affordable and inclusive and engage in responsible marketing practices.

​

As with all topical standards, addressing IROs and how they are managed and tracked is critical. A few things to keep in mind:

​

• Negative and Positive Impacts: Companies must identify and disclose both material negative and positive impacts on consumers and end users. Negative impacts could include privacy violations, unsafe products, or misleading advertising. For example, a company collecting user data without sufficient security measures could expose consumers to data breaches. Positive impacts, like providing healthier or safer products, or products that promote social well-being, could also be highlighted. For instance, a tech company offering privacy-centric features contributes positively to data protection. ESRS S4 also requires that companies disclose whether impacts are systemic (i.e., widespread across many consumers) or tied to specific incidents (i.e., one-off cases).

​

• Risks and Opportunities: Risks could include legal liabilities from breaches of privacy regulations, reputational damage due to unsafe products, or negative consumer feedback. These risks can translate into financial impacts, such as fines, decreased consumer trust, or sales losses. For example, a breach in customer data might result in both regulatory fines and long-term loss of trust from users, negatively affecting future sales. On the other hand, opportunities emerge when companies actively address these issues. Constructive relationships with consumers—such as transparency in data handling or innovative product features designed to protect consumer well-being—can lead to greater customer loyalty, brand enhancement, and new market opportunities. A food company adopting transparency in sourcing can leverage growing consumer demand for ethically produced goods.

​

• Policies: ESRS S4 requires that companies outline their policies for managing consumer impacts, risks, and opportunities.. This includes clear protocols for ensuring product safety, privacy, and ethical marketing practices. For instance, a healthcare company might have policies for rigorous safety checks to ensure that medications meet strict health standards, or an online retailer might implement policies that ensure responsible advertising, especially for vulnerable groups like children. Policies aligned with international frameworks, such as the UN Guiding Principles on Business and Human Rights, are essential, especially when addressing issues like product safety, consumer privacy, or marketing.

​

• Engagement Processes: Companies should also demonstrate how they engage consumers and end users in their decision-making processes. This involves gathering consumer feedback, understanding consumer needs, and engaging in active dialogue, particularly with vulnerable or marginalized groups. For example, a tech company could regularly survey its users on privacy concerns and adjust policies based on that feedback.​

​

• Remediation Processes: Where negative impacts are identified, companies must explain how they remedy these impacts, including the provision of grievance mechanisms for consumers. If issues such as defective products or data breaches occur, companies need to provide clear pathways for consumers to file complaints and ensure that these grievances are tracked and resolved. Companies should also outline how they monitor and improve the effectiveness of these mechanisms.

 

Companies tackling the topic

​

Schibsted​

As a media company, the S4 topic is critical to Schibsted. Under the S4 section (pages 76-90), Schibsted provides a detailed and well-structured disclosure of all parts of S4, with clear policies, actions, and targets tied to each material matter. 

 

Overall, this is a great example of a report structured directly around ESRS in all areas, but in particular S4.

​

Metsa Group

Metsa Group has aligned its S4 disclosure (pages 70-71) closely to the S4 topics, disclosure requirements, and datapoints. Notable is their table of specific materials IROs tied to the S4 topic. They have also done a nice job of detailing policies, actions, and targets via a clear structure that is repeated across all sections. Actions are outlined directly for each material S4 topic, and the links to the associated IROs are clear.

 

Metsa’s approach drawing on specific IROs within each section is the best example of this approach that we’ve seen so far.​

​

Jordanes​

Jordanes, a Scandinavian multi-brand consumer company, has a nicely structured report with early alignment directly to ESRS content. The S4 section (55-58) includes easy-to-read and detailed information on material IROs tied to S4-specific topics.

 

If you are looking for a well-structured report tied to ESRS disclosures, this is a great one.

​

Keep up with the latest

 

We know that there is no shortage of content released each week related to ESRS, so we are focused on curating a few that we think add new perspectives and insights. We hope you find them helpful, too!

​

• Assurance guidance. The Committee of European Auditing Oversight Bodies (CEAOB) has adopted final guidelines to support auditors and assurance providers with limited assurance engagements on sustainability reports. The guidelines do not constitute a standard and should be used in conjunction with any national rules on sustainability-related assurance. The Commission is required by the CSRD to adopt a standard for limited assurance on sustainability information by October 2026. We describe some key parts of the draft recommendations in the CSRD Hub.

​

• More CSRD FAQs. While not that digestible at a glance, the European Commission’s FAQs for CSRD implementation focus on many specifics of the Directive in addition to specific aspects and definitions under ESRS. While these FAQs are not legally binding, they serve as a practical resource to help navigate the complexities of the CSRD on topics such as reporting entities.

 

Become smarter in CSRD with SmartCSRD:

 

All CSRD Hub members now have access to SmartCSRD, a chatbot designed to answer your CSRD-related questions. Users are asking insightful questions and getting valuable support for their CSRD projects. Check out some of the brilliant queries being explored!

​

Q: Can you describe Relationship with policy objectives?

Q: what is meant with disclosure of general approach in relation to engagement with people in its own workforce?

Q How is this relevant for agriculture, especially when it happens in area of high biodiversity concentration?

​

​

​