California's landmark climate disclosure laws, SB 253 and SB 261, are reshaping how companies approach emissions reporting and climate risk assessment. This practical guide breaks down the requirements, timelines, and strategies for compliance.
March 24, 2026
12 min read
17 views
California has positioned itself at the forefront of climate transparency with two groundbreaking laws that are reshaping how companies think about emissions reporting and climate risk. SB 253, known as the Climate Corporate Data Accountability Act, and SB 261, the Greenhouse Gases: Climate-Related Financial Risk Act, together create the most comprehensive state-level climate disclosure framework in the United States, and arguably the most impactful climate regulation to emerge from any U.S. jurisdiction.
For companies doing business in California, regardless of where they are headquartered, these laws introduce mandatory emissions reporting and climate risk assessment requirements that go significantly beyond anything currently required at the federal level. The implications extend far beyond compliance: they are fundamentally changing how boards, investors, and stakeholders evaluate corporate climate performance.
SB 253 applies to U.S. reporting entities that do business in California and have total annual revenues exceeding one billion dollars. The "doing business in California" threshold is intentionally broad. If your organization has employees, offices, clients, or significant revenue from California operations, you are likely in scope, even if your headquarters are in another state or country entirely. This means that thousands of companies across the United States and internationally find themselves subject to California's reporting requirements.
What makes SB 253 particularly consequential is its requirement to disclose greenhouse gas emissions across all three scopes. Scope 1 covers direct emissions from sources the company owns or controls, such as on-site fuel combustion, company fleet vehicles, and industrial processes. Scope 2 addresses indirect emissions from purchased electricity, steam, heating, and cooling. These first two scopes are well-understood territory for most large companies, many of whom already track this data for voluntary reporting purposes.
The real challenge lies in Scope 3, the full spectrum of indirect emissions across the value chain. This encompasses everything from supply chain emissions and business travel to employee commuting, leased assets, and even the end-of-life treatment of products sold. For most companies, Scope 3 represents between 70 and 90 percent of their total carbon footprint, yet it relies on data from hundreds or thousands of third parties over whom the reporting company has limited visibility and even less control.
The reporting requirements follow a phased approach that recognizes the difficulty of building comprehensive emissions measurement capabilities from scratch. Scope 1 and Scope 2 emissions reporting begins in 2026 for fiscal year 2025 data, giving companies that have been tracking these categories a head start. Scope 3 reporting follows in 2027 for fiscal year 2026 data, providing an additional year to build the supplier engagement programs and estimation methodologies that Scope 3 disclosure demands.
All disclosures must be filed with the California Air Resources Board and, critically, verified by an independent third-party assurance provider. This assurance requirement transforms the law from a simple disclosure exercise into a comprehensive data quality challenge that touches every corner of an organization's operations.
While SB 253 focuses on emissions data, SB 261 takes a fundamentally different approach by requiring companies to articulate how climate change poses financial risks to their business. The law applies to U.S. entities doing business in California with total annual revenues exceeding 500 million dollars, a lower threshold that captures an even broader range of companies, including many mid-market organizations that fall below the SB 253 threshold.
The reporting framework is aligned with the recommendations of the Task Force on Climate-related Financial Disclosures, which has become the global standard for climate risk reporting. Companies must address four interconnected pillars: governance, strategy, risk management, and metrics and targets. This is not merely a data collection exercise, it requires organizations to demonstrate that climate considerations are genuinely integrated into their strategic decision-making processes.
Perhaps the most demanding aspect of SB 261 is the implicit requirement for climate scenario analysis. Companies must evaluate their resilience under different climate pathways, typically including a 1.5-degree Celsius scenario aligned with the Paris Agreement, a higher-warming scenario representing a less ambitious transition, and physical risk scenarios covering both acute events like extreme weather and chronic shifts like sea-level rise and water stress. This kind of forward-looking analysis requires specialized expertise and often reveals uncomfortable truths about long-term business model viability.
The mandatory third-party assurance component of SB 253 is what truly separates California's approach from the voluntary reporting frameworks that have dominated corporate sustainability for the past two decades. Under voluntary regimes, companies could choose what to report, how to calculate it, and whether to seek external verification. Under SB 253, the assurance requirement means that every figure in your emissions disclosure must withstand independent professional scrutiny.
This has profound implications for how companies organize their sustainability data. The question is no longer whether you can produce a number for each emissions category, it is whether you can demonstrate to an independent assurance provider exactly how that number was derived, what data sources were used, what assumptions were applied, and why the methodology is appropriate. Companies accustomed to the relatively forgiving standards of voluntary sustainability reporting often underestimate the rigor that third-party assurance demands.
From our experience working with organizations preparing for mandatory assurance, the most common gap is not the absence of emissions data but the absence of the internal controls, documentation, and governance structures that make that data auditable. Many companies can produce a carbon footprint number; far fewer can defend it under independent examination.
The single largest obstacle for most companies preparing for SB 253 compliance is Scope 3 data collection. Unlike Scope 1 and 2 emissions, which derive from sources the company directly controls or purchases, Scope 3 requires engaging an entire ecosystem of suppliers, customers, logistics providers, and other value chain partners.
Most organizations begin with spend-based estimation as a pragmatic starting point. This approach uses economic input-output models to estimate emissions based on procurement spending by category. While imprecise, it provides a baseline that identifies the highest-impact categories and helps prioritize where to invest in better data collection. Over time, companies should transition toward primary data from key suppliers through structured engagement programs, supplemented by industry benchmarks and databases where primary data remains unavailable.
The transition from estimated to measured Scope 3 data is not a one-time project, it is an ongoing capability-building exercise that takes years to mature. Companies that start now will have a meaningful advantage over those that wait for regulatory deadlines to force their hand.
Companies subject to California's climate disclosure laws are rarely operating in a regulatory vacuum. Many are simultaneously navigating the European CSRD, potential SEC climate rules at the federal level, and voluntary frameworks like GRI and CDP. The risk of building siloed compliance programs, one for California, another for Europe, yet another for investors, is real and costly.
The most effective approach is to build a unified data infrastructure that can serve multiple reporting obligations from a single source of truth. This means designing your emissions data collection and management systems with the most demanding requirements in mind, then mapping outputs to the specific disclosure formats required by each framework. The upfront investment in a well-architected data platform pays for itself many times over compared to maintaining parallel reporting systems.
The practical path to compliance begins with determining whether your organization falls within scope. Revenue thresholds and the breadth of the "doing business in California" criteria mean that many companies are in scope without realizing it. When in doubt, the prudent approach is to assume you are covered and begin preparation accordingly.
A baseline assessment should follow, mapping current data collection capabilities against the full requirements of both SB 253 and SB 261. This gap analysis invariably reveals deficiencies in data systems, internal controls, governance structures, and assurance readiness that take significant time and resources to address. The earlier these gaps are identified, the more options organizations have for closing them in a measured and cost-effective manner.
Engaging an assurance provider well before your first reporting deadline is not just advisable, it may be essential. Qualified assurance providers with deep sustainability expertise are capacity-constrained, and the surge in demand as reporting deadlines approach will only intensify the competition for their services. A pre-assurance readiness review can identify and remediate issues long before they become obstacles to timely compliance.
As a licensed AA1000 assurance provider with deep expertise in sustainability reporting and climate disclosure, VirentAssure helps organizations navigate the full spectrum of California's climate disclosure requirements. Our team brings hands-on experience with emissions data management, assurance readiness assessments, Scope 3 strategy development, and TCFD-aligned risk reporting.
We work with clients not just to achieve compliance, but to build the kind of credible, transparent sustainability programs that earn the trust of regulators, investors, and stakeholders. The organizations that start this journey now, rather than waiting for deadlines to arrive, will find themselves in the strongest position when the first reporting cycles begin. Contact us today to discuss your readiness and develop a practical roadmap for California climate disclosure compliance.
