Disclosure LibraryPractitioner guidance for every reporting disclosure
GRI 2: General Disclosures · Universal Standard
Disclosure GRI 2-27

Compliance with laws and regulations

Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.

Dr Ross Kurinko, GRI Certified Trainer
Reviewed by Dr Ross Kurinko · GRI Certified Trainer LRA educational guidance · Not issued or endorsed by GRI
Disclosure focus

This disclosure asks an organisation to explain how it deals with compliance across its activities, rather than just saying it has policies in place. In practice, it is about whether the organisation has systems to identify, monitor and respond to legal and regulatory requirements, and whether it can show where any non-compliance has occurred and how it was handled.

The practical focus is on coverage and consistency across the organisation’s operations, not only at flagship sites or headquarters. A useful response should make clear the scope of the reporting boundary, the main areas of law and regulation that matter to the business, and any significant issues, patterns or follow-up actions that show how compliance is managed in reality.

* This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.

Before you start

A quick mental checklist before you prepare this disclosure — tick each as you settle it.

Preparation
Key datapoints to prepare
DatapointWhat to captureEvidence hintOwner
Total serious breachesCount every serious breach of law or regulation identified in the reporting period, using the organisation’s own threshold for what counts as serious.Compliance incident log; legal case tracker; regulatory correspondence; period-end summary from legal/compliance.Legal and Compliance
Breaches with finesFrom the serious-breach count, identify how many cases led to a financial penalty being imposed in the reporting period.Penalty notices; finance/legal case files; compliance register with sanction outcome; period-end reconciliation.Legal and Compliance
Total serious breachesCount every serious breach of law or regulation identified in the reporting period, using the organisation’s own threshold for what counts as serious.Compliance incident log; legal case tracker; regulatory correspondence; period-end summary from legal/compliance.Legal and Compliance
Breaches with other sanctionsFrom the serious-breach count, identify how many cases led to a non-financial sanction in the reporting period.Regulator letters; enforcement notices; compliance case files; legal review of sanction type.Legal and Compliance
Paid fines countCount the number of fines actually paid during the reporting period, regardless of when the underlying breach happened.Accounts payable records; bank payment evidence; legal settlement schedule; fine payment register.Finance
Paid fines valueCapture the total money paid for fines during the reporting period, based on actual payments made in that period.General ledger; bank statements; accounts payable run; payment confirmations linked to each fine.Finance
Current-year fine splitSplit the fines paid in the reporting period into those tied to breaches that happened in the current reporting period, and capture both the count and the money paid for that subset.Case chronology in legal register; fine payment schedule; mapping of payment to breach date; finance reconciliation.Legal and Compliance
Current-year paid fines countCount only the fines paid in the reporting period that relate to breaches occurring in the current reporting period.Legal case register with breach date; payment evidence; current-period subset report.Legal and Compliance
Current-year paid fines valueCapture the money paid in the reporting period for fines linked to breaches that happened in the current reporting period.Finance ledger; bank proof of payment; legal register showing breach period and payment amount.Finance
Prior-year fine splitSplit the fines paid in the reporting period into those tied to breaches that happened in earlier reporting periods, and capture both the count and the money paid for that subset.Historical case register; payment evidence; ageing schedule of fines by breach period; finance/legal reconciliation.Legal and Compliance
Breach descriptionsProvide a plain-language description of each serious breach, covering what happened, where relevant the law or rule involved, and the outcome or sanction.Legal case file; regulator notice; internal investigation summary; incident narrative approved by compliance.Legal and Compliance
Seriousness methodExplain the internal method used to decide which breaches are treated as serious, including the criteria, review process and who applies it.Compliance policy; escalation matrix; decision memo; governance approval of the seriousness threshold.Legal and Compliance
Show GRI 2-27 sub-elements (LRA working checklist)
  • Set out the method used to decide which breaches count as significant.
  • Set out the significant breaches themselves.
  • Split the significant legal and regulatory breaches in the period by those that led to fines.
  • Split the significant legal and regulatory breaches in the period by those that led to non-cash penalties.
  • For fines paid in the period, separate those linked to earlier-period breaches and give both the count and the amount.
  • For fines paid in the period, separate those linked to breaches arising in the current period and give both the count and the amount.
  • State the amount of fines paid during the period.
  • State the number of fines paid during the period.
  • State the total number of significant legal and regulatory breaches in the period.

LRA working checklist - paraphrased; see official source

How to prepare
  1. Set the reporting boundary first: confirm which entities, sites, and activities are in scope for the period, so you only capture breaches linked to that defined perimeter.
  2. Agree the counting rules before you start compiling data: decide what your team will treat as a material breach, and keep that test consistent across all sources and locations.
  3. Pull together the underlying records: gather case logs, legal notices, penalty letters, sanction records, and payment evidence so you can identify each relevant breach and whether it led to a financial penalty or another sanction.
  4. Build the disclosure outputs from those records: prepare the overall count, the split between cases with fines and cases with other sanctions, and the fine totals and amounts paid, including the split between amounts tied to the current period and those linked to earlier periods.
  5. Write a short explanation of the cases themselves and your method: summarise the significant breaches, and explain the basis you used to judge which cases were treated as significant.
  6. Check the final draft against the source records and the official guidance: make sure exclusions, reclassifications, and period-to-period changes are explained, and that the figures and narrative match the evidence trail.
Want to do this on a real report? Practise GRI social disclosures live with Dr. Kurinko — GRI Standards Certified Training. Explore →
Request the compliance incidents and penalties log

Translate the disclosure into an internal business question — then adapt it to your organisation's own language.

What significant legal or regulatory breaches were identified in the period, what penalties were paid, and how were those cases classified?

Use your organisation’s own incident, breach, case, penalty and sanction terms first, then map them to the reporting categories before sending anything back. Keep the request in the language your legal, compliance or company secretariat team already uses, and check the source records before sign-off.

Weak request

Please provide the GRI 2-27 compliance with laws and regulations data, including the number of significant instances, fines, non-monetary sanctions, and how significance was determined.

Why it fails: This uses framework language rather than the team’s own records and labels, so the owner has to translate the ask before they can answer it. It also does not clearly separate the case log, the payment record, and the explanation of significance, which makes the return harder to verify.
Better request

Please send the legal/compliance case log for [period] for [scope], showing each significant breach or enforcement case, any cash penalty paid during the period, any non-cash sanction, the amount paid, whether the case started this year or earlier, and a short note on why it was treated as significant. Use your own internal labels and add a mapping note if needed. Please check the source records before sign-off.

Formal email template
Subject: Request for compliance incident and penalty data for [reporting period]

Dear [name/team],

Please could you share the compliance incident and penalty information for [reporting period] for the [group / entity / site] scope.

For each significant case in scope, please provide:
- the case reference and short description
- the internal category you used
- whether any cash penalty was paid during the period
- whether any non-cash sanction was applied
- the amount paid, if any
- whether the case first arose in the current period or an earlier period
- a short note explaining why the case was treated as significant
- the source record or document supporting the entry

Please also confirm the total count of significant cases in scope and the split between cases with cash penalties and cases with non-cash sanctions.

If you use different internal terms, please keep those terms in your response and add a short mapping note so we can translate them for reporting. Please check the source records before sign-off.

Many thanks,
[preparer name]
Short Teams / Slack version
Hi [name/team] — could you send the compliance incident / penalty log for [period] for [scope]?

Please include the case list, any cash penalties paid, any non-cash sanctions, the amount paid, and a short note on why each case was treated as significant. If you use different internal labels, keep them and add a quick mapping note. Please check the source records before sign-off. Thanks.
Industry examples
Manufacturing

Context. A plant compliance team tracks environmental permit breaches, safety notices, and regulator penalties in a local register.

Adapted request. Please share the plant compliance register for [period] covering [site(s)], including each significant breach or enforcement case, any penalty paid during the period, any non-cash sanction, the amount paid, whether the case began this year or earlier, and the reason it was treated as significant. Keep your site team’s own labels and add a short mapping note.

Example response. The team returns a table with 4 significant cases: 2 with cash penalties paid during the period and 1 non-cash sanction; one case had both a penalty and a sanction. They include case IDs, dates, amounts, currency, and a short significance note for each case.

Financial services

Context. A compliance function maintains a regulatory matters log covering conduct, reporting, and licence-related issues across entities.

Adapted request. Please provide the regulatory matters log for [period] for [entity scope], showing each significant matter, any fine paid during the period, any non-cash sanction, the amount paid, whether the matter arose in the current period or a prior one, and the internal reason it was treated as significant. Use your normal matter categories and add a mapping note.

Example response. The team returns 3 significant matters: 1 current-period matter with a fine paid, 1 prior-period matter with a fine paid, and 1 matter with a non-cash sanction only. They attach the regulator correspondence and a short classification note for each entry.

The full request pack — response form, data table, evidence metadata and sign-off — is in the Download Centre.

Draft your disclosure

LRA training templates — adapt them to your organisation, and check the official source before sign-off.

Method note

Explain how the organisation decides which breaches are material enough to include, and state the basis used to count cases, fines and amounts paid.

Context note

Clarify what the figures represent in practice: the scale of notable legal or regulatory breaches, how many led to penalties, and how much was paid in fines during the period.

Fluctuation statement

If the numbers moved materially, note whether this was driven by new issues arising in the year, settlements of older cases, changes in how cases were classified, or a different mix of penalties.

Content index entry

GRI 2-27 Compliance with laws and regulations — [location / page] / [notes]

Assurance readiness
For each claim, check the evidence
ClaimRiskEvidence to check
The information reported for this disclosure reconciles to the underlying source records.What is reported cannot be traced back to the systems or documents it was drawn from, or does not tie out to them.calculation_workbook reconciling the reported value to source_system_export
The information reported for this disclosure is current as at the reporting date.The disclosure reflects a different period, a cut-off before the reporting date, or stale data carried over from a prior period.approval_record showing the data cut-off date and the period covered
The scope behind the information reported for this disclosure is applied consistently.Parts of the organisation are silently in or out of scope, or the scope differs from the prior period without that change being explained.methodology defining the scope and a site_register of what it covers
Everything in scope is included in the information reported for this disclosure — nothing material is left out.Parts of the population that should be reported are omitted, understating or overstating the disclosure.site_register of the full population vs the calculation_workbook of what was actually included
Evidence pack to prepare
  • The governing policy or written commitment behind this disclosure
  • A methodology / definition note setting out how the disclosure was scoped and prepared
  • Source-system exports the figures or facts were drawn from
  • The internal approval / sign-off record for the disclosure before publication
  • Minutes or records evidencing the relevant engagement or consultation
Common reporting gaps
  • The information is presented without a date or as-at point.
  • The scope or boundary of the statement is left undefined.
  • Key terms are used inconsistently across the report.
  • Material changes since the previous period are not disclosed.
  • Assertions are made without supporting detail or a source record.
  • Boilerplate is used that does not actually answer what is asked.
Examples
Illustrative examples

Synthetic, written by LRA — not from a company report, not text from any standard.

Manufacturing · synthetic · written by LRA
Synthetic breakdown of significant non-compliance and paid fines (cases / fines)
CategoryFines incurredNon-monetary sanctionsPaid fines from current periodPaid fines from prior periodsTotal
Significant instances32005
Paid fines00437

Synthetic example only: during the year, we recorded 5 material breaches of law or regulation, of which 3 led to fines and 2 to non-cash penalties. We paid 7 fines in total, worth £420,000; 4 of those fines related to matters arising this year (£260,000) and 3 related to earlier years (£160,000).

We treat an issue as material when it is significant in scale, seriousness, or likely impact, using our internal review of legal notices, regulator correspondence, and management escalation. The summary below separates the cases by outcome and shows which paid fines came from the current year versus earlier periods.
Transport · synthetic · written by LRA
Synthetic breakdown of significant non-compliance and paid fines (cases / fines)
CategoryFines incurredNon-monetary sanctionsPaid fines from current periodPaid fines from prior periodsTotal
Significant instances13004
Paid fines00022

Synthetic example only: we identified 4 material breaches in the period, with 1 resulting in a fine and 3 in non-cash sanctions. We settled 2 fines during the year, totalling £95,000; both were linked to issues that arose in previous years, and none related to the current year.

Our judgement of materiality is based on whether the matter was formally escalated, involved a regulator or court, and could reasonably affect our licence, operations, or reputation. The figures below split the breaches by outcome and show the fines paid by when the underlying issue first occurred.
Draft output & visualisation ideas

How to turn the collected data into a draft disclosure. The charts below are drawn from the illustrative figures above — swap in your own data.

Manufacturing — Synthetic breakdown of significant non-compliance and paid fines
Synthetic breakdown of significant non-compliance and paid fines (cases / fines)0510Fines incurred: 3Non-monetary sanctions: 25Significant instancesPaid fines from current period: 4Paid fines from prior periods: 37Paid finesFines incurredNon-monetary sanc…Paid fines from c…Paid fines from p…
Transport — Synthetic breakdown of significant non-compliance and paid fines
Synthetic breakdown of significant non-compliance and paid fines (cases / fines)02.55Fines incurred: 1Non-monetary sanctions: 34Significant instancesPaid fines from prior periods: 22Paid finesFines incurredNon-monetary sanc…Paid fines from c…Paid fines from p…

Other views you could build

  • Overall non-compliance cases — table: A simple count of all notable breaches identified in the period, with a separate column for those that led to financial penalties and those that led to other sanctions.
  • Penalty type split — stacked bar: How the total set of notable breaches divides between cases that resulted in fines and cases that resulted in non-cash sanctions.
  • Paid fines by timing of the breach — stacked bar: The number of fines settled during the period and their value, split between breaches that happened this period and those carried over from earlier periods.
  • Value of fines settled — bar: The monetary amount of fines paid in the period, with separate bars for current-period breaches and earlier-period breaches.
  • Case profile of significant breaches — table: Short descriptions of each notable breach, including the nature of the issue and the outcome where a penalty or sanction was applied.
From a number to a disclosure

What separates a figure from a disclosure.

Basic

We recorded 3 significant breaches of law in the year.

Better

We recorded 3 significant breaches of law in the year, including 2 cases that led to fines and 1 case that led to a non-cash sanction.

Best

We recorded 3 significant breaches of law in the year across our operations, with 2 cases leading to fines and 1 to a non-cash sanction; of the 2 fines paid, 1 related to this year and 1 to an earlier year, and the later-year increase was mainly due to a one-off licensing issue.

From company reports
Real published reports Compare side by side →Get it free

Real reports where this topic is disclosed. The confidence label shows how closely each match maps to GRI 2-27 — these are report practice, not exact disclosure examples.

CompanySector · CountryYearMatchPageReportAssurance
Interconexión Eléctrica S.A. E.S.P. Electric Utilities / IPP / Energy Traders · Colombia 2024 Partial p. 142 →p. 146 →p. 97 → ISA Integrated Management Report 2024 → ey
Evidence in Interconexión Eléctrica S.A. E.S.P.’s report

What the report shows

Interconexión Eléctrica S.A. E.S.P.'s 2024 Integrated Management Report provides specific data on fines and penalties, noting monetary penalties exceeding USD 10,000 amounting to 2,887 (p.14) and mentions significant fines for non-compliance with service regulations (p.146). The report also details the breakdown and movements of the company’s debt by currency, source, and rates (p.124), and states there were no significant changes in relevant areas (p.131). However, no clear information was found regarding other narrative items related to the disclosure, indicating gaps in coverage for some expected details.

Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict.

Datapoint coverage

DatapointStatusPage
Total serious breachesA reported value was found on this page. covered p. 146
Breaches with finesA reported value was found on this page. covered p. 124
Total serious breachesNo quotable evidence was found in this report. not found
Breaches with other sanctionsNo quotable evidence was found in this report. not found
Paid fines countNo quotable evidence was found in this report. not found
Paid fines valueA reported value was found on this page (%). covered p. 14
Current-year fine splitNo quotable evidence was found in this report. not found
Current-year paid fines countNo quotable evidence was found in this report. not found
Current-year paid fines valueNo quotable evidence was found in this report. not found
Prior-year fine splitNo quotable evidence was found in this report. not found
Breach descriptionsA reported value was found on this page. covered p. 131
Seriousness methodA reported value was found on this page. covered p. 144

Source trail

  • p. 146significant fines for non-compliance with regulations relating to the supply of services Additional information pp 267 Development
  • p. 131significant changes. x There were no significant changes x Integrated Management Report 2024 RETURN TO TABLE OF CONTENTS
  • p. 55non-compliance with the goals established in the Paris Agreement (not to exceed 1.5°C), as a result of the inability
  • p. 147Significant impacts of activities, products, and services on biodiversity x See: Management of impacts on biodiversity 90 - 94 Annex
  • p. 124breakdown and main movements of ISA’s debt during 2024. The debt breakdown by currency, by source, and by ra- tes is as follows
  • p. 14fines or penalties 0 No variation -31% -12% -43% Protected areas Monetary penalties or fines (in excess of USD 10,000) 2,887 2 Electric
  • p. 131describe any significant changes. x There were no significant changes x Integrated Management Report 2024 RETURN
  • p. 144Describe how stakeholder engagement has influenced the actions taken (3-3-d) and how it has informed whether these have
  • p. 142period for non-compliance with laws and regulations, broken down by: x x i. fines for non-compliance
  • p. 142period for non-compliance with laws and regulations, broken down by: x x i. fines for non
  • p. 142period for non-compliance with laws and regulations, broken down by: x x i. fines for non-compliance with laws
  • p. 132period, as an average for the entire reporting period or using other methodologies. x c. Describe significant fluctuations in the number
  • p. 136total number and nature of critical concerns reported to the highest governance body during the reporting period. x The Ethics
Advantech Co., Ltd. Technology Hardware and Equipment · Taiwan 2024 Partial p. 38 →p. 97 →p. 114 → 2024 ESG Report → PwC
Evidence in Advantech Co., Ltd.’s report

What the report shows

Advantech Co., Ltd.'s 2024 ESG Report includes coverage of compliance with laws and regulations, noting incidents related to corruption and bribery on page 37 and referencing environmental law violations and fines on page 128. The report also mentions governance aspects tied to legal compliance on page 231. However, there is no clear evidence of reported fines for environmental violations in 2024, as page 260 states no fines were imposed, indicating some inconsistency or lack of clarity in the reporting of such incidents.

Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict.

Datapoint coverage

DatapointStatusPage
Total serious breachesA reported value was found on this page. covered p. 37
Breaches with finesA reported value was found on this page. covered p. 128
Total serious breachesNo quotable evidence was found in this report. not found
Breaches with other sanctionsNo quotable evidence was found in this report. not found
Paid fines countA reported value was found on this page. covered p. 231
Paid fines valueNo quotable evidence was found in this report. not found
Current-year fine splitNo quotable evidence was found in this report. not found
Current-year paid fines countNo quotable evidence was found in this report. not found
Current-year paid fines valueNo quotable evidence was found in this report. not found
Prior-year fine splitNo quotable evidence was found in this report. not found
Breach descriptionsNo quotable evidence was found in this report. not found
Seriousness methodNo quotable evidence was found in this report. not found

Source trail

  • p. 37laws and regulations (including incidents of fines and non- monetary sanctions) in 2024 ◆Corruption and bribery
  • p. 260laws and regulations In 2024, there was no fine imposed for violating environmental laws and regulations. 128 The amount of fines
  • p. 260fines imposed for violating environmental laws and regulations In 2024, there was no fine imposed for violating environmental laws and regulations
  • p. 125regulations, and electricity price markets. ◆The progress of achieving renewable energy targets in 2024 has been incorporated into the performance
  • p. 236laws and regulations 4.4.1 Environmental Responsibility 128 Total waste disposed of by external contractors (metric tons) 4.4.2 Energy Resource Use and Waste
  • p. 233raising concerns 2.4 ESGArchitecture governance 7 2-26 2.1.2. Corporate Governance 37 2-27 Compliance with laws and regulations 2.1.2.
  • p. 37laws and regulations in 2024: *Definition of material breach of laws and regulations: Any breach of laws and regulations as per the material
  • p. 128fines were incurred due to violations of environmental laws and regulations in 2024. The Company has compiled the environmental violations
  • p. 231laws Quantitative index Reporting currency Chapter 2 Integrity Management: Compliance with Laws, Anti-corruption, and Anti-competition Page number: 37 Governance
  • p. 37laws and regulations as per the material information listed by the Financial Supervisory Commission (Taiwan, ROC). Material breach of laws
Sands China Ltd. Hotels, Restaurants, Leisure, Tourism Services · Macao 2025 Partial p. 46 →p. 47 →p. 45 → 2025 ESG Report → EY
Evidence in Sands China Ltd.’s report

What the report shows

Sands China Ltd.’s 2025 ESG Report provides specific data on significant instances of noncompliance with laws and regulations, reporting two such instances on page 47, with no fines paid (p.47). The report also details greenhouse gas emissions by category, including purchased goods and services and capital goods, with figures provided on page 31 (p.31). However, there is no clear information on monetary losses related to fines and settlements beyond money laundering, which is reported as zero on page 54, and several other expected narrative items are not found or unclear in the report.

Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict.

Datapoint coverage

DatapointStatusPage
Total serious breachesA reported value was found on this page. covered p. 47
Breaches with finesA reported value was found on this page. covered p. 31
Total serious breachesNo quotable evidence was found in this report. not found
Breaches with other sanctionsNo quotable evidence was found in this report. not found
Paid fines countNo quotable evidence was found in this report. not found
Paid fines valueA reported value was found on this page. covered p. 54
Current-year fine splitNo quotable evidence was found in this report. not found
Current-year paid fines countNo quotable evidence was found in this report. not found
Current-year paid fines valueNo quotable evidence was found in this report. not found
Prior-year fine splitNo quotable evidence was found in this report. not found
Breach descriptionsNo quotable evidence was found in this report. not found
Seriousness methodNo quotable evidence was found in this report. not found

Source trail

  • p. 47Significant instances of noncompliance with laws and regulations 2 Significant instances of noncompliance with laws and regulations
  • p. 47Total 45% 17,535 94% Compliance 2025 Significant instances of noncompliance with laws and regulations 2 Significant
  • p. 47laws and regulations 2 Significant instances of noncompliance with laws and regulations resulting in fines paid 0 Fines
  • p. 52significant waste-related impacts 2025 ESG Report, pp. 66–67 306-2 Management of significant waste
  • p. 37significant impact on biodiversity 04 0 0 Supply Chain Biodiversity Assessment 2024 2025 Wood and paper products procured
  • p. 53significant risk for incidents of forced or compulsory labor 2025 ESG Report, p. 28 Due to confidentiality constraints
  • p. 47Total 39,457 99% Anti-Corruption Training Number completed % completed Directors and above 1,336 97% Managers 5,224 99% Supervisors/specialists
  • p. 31Breakdown (MT CO2e)3 2025 Category 1: Purchased goods and services 968,308 Category 2: Capital goods 687,257 Category
  • p. 54fines and settlements associated with money laundering $0 SV-CA-510a.2 The nature and context of all monetary losses
  • p. 49determined by third-party audit, areas assessed include: laws and regulations, child labor, forced labor, harassment, wages and benefits
Check your understanding
During year-end close, a preparer finds two serious breaches that were settled in the period: one led to a cash penalty and the other to a non-cash enforcement action. The legal team also notes a third minor breach that was not treated as significant.Which items should be counted and split out in the disclosure, and which should be left out?
Model answer. Include only the breaches judged to be significant. In the count, separate the cases that led to cash penalties from those that led to non-cash sanctions. The minor breach is not included if it was not assessed as significant.
Why this matters. Only matters assessed as significant belong in this disclosure, and they need to be split by the type of outcome they led to.
A fine of 120,000 was paid during the reporting period for a permit breach that happened this year. Another payment of 80,000 was made in the same period for a case that arose last year and was only settled now.How should the paid fines be grouped for reporting?
Model answer. Report both the number and the amount of fines paid in the period, then separate them by whether the underlying breach happened in the current period or in an earlier one. In this example, the 120,000 relates to the current period and the 80,000 to a prior period, so each sits in its own bucket.
Why this matters. Payments made this year need to be split by when the underlying breach happened, not just by when the cash left the business.
The compliance team has a register showing three significant cases: one ended with a cash penalty, one with a licence restriction, and one is still open but already considered significant. The draft report currently lists only the two closed cases.Should the open case be described as well, and what level of detail is needed?
Model answer. Yes. The narrative should cover the significant cases themselves, not only the ones that have finished. The description should be enough to explain what happened in each significant case, including the open one if it is still significant at the reporting date.
Why this matters. The narrative is about the significant cases identified for the period, including those still unresolved if they remain significant.
A group prepares its report using a central compliance dashboard, but each business unit applies different thresholds for what counts as significant. The group wants to state only that it uses a “materiality review” without explaining the process.What should the preparer do about the method used to decide significance?
Model answer. Explain the basis used to decide which breaches were treated as significant, in enough detail for a reader to understand the approach. If different parts of the group use different thresholds, the report should reflect that the assessment was not done on a single uniform basis unless it truly was.
Why this matters. Readers need a plain explanation of how significance was judged, not just a label for the review process.
Analyse this disclosure across real reports

See how companies actually report GRI 2-27 — drawn from their own published reports, with the exact pages, and an LRA AI-assistant that works through it with you. Available to LRA Community members and to students throughout their platform access.

Related framework references

How this disclosure maps across the major reporting frameworks.

GRIPrimary
GRI 2-27
within GRI 2: General Disclosures
Open official source →
Related & explore
Questions this page answers
For GRI 2-27, what data points do I need to gather before I start drafting the disclosure?

The page says to prepare the serious-breach and fine datapoints, including counts, values, split by current and prior year, plus breach descriptions and the seriousness method. It is set up as a practical checklist, so you can use it to confirm the dataset is complete before drafting. ↑ section

How do I use the step-by-step 'how to prepare' section for GRI 2-27 in practice?

Use it as a working sequence for collecting the data, checking the scope, and turning the inputs into a draft. The page is designed to help you move from raw records to a disclosure-ready summary rather than just read the topic in theory. ↑ section

What should I include in the scope and methodology for GRI 2-27 serious breaches and fines?

The page points you to a seriousness method and to the current-year and prior-year split, so the scope and method need to explain how breaches were classified and how the periods were separated. Keep the explanation tied to the datapoints on the page and the evidence you can show. ↑ section

Who should own the GRI 2-27 data collection if the information sits across HR, legal, finance and compliance?

The page is aimed at sustainability/ESG managers, HR or data owners, and assurance reviewers, so ownership should sit with whoever can evidence the breach and fine records and coordinate the inputs. In practice, assign clear owners for the breach log, fine values, and the seriousness assessment so the pack is complete. ↑ section

How do I build an evidence pack for GRI 2-27 that is ready for assurance?

The page includes an evidence pack with five items and four assurance claims to verify, so the aim is to keep the source records, calculations and supporting explanations together. Use the pack to show how the counts and values were derived and how the seriousness method was applied. ↑ section

What are the four assurance claims on the GRI 2-27 page and how do I use them?

The page says there are four claims to verify, each with a claim, risk and evidence prompt. Use them as an assurance checklist to test whether the disclosure is complete, consistent and backed by documents before it goes into the report. ↑ section

What common mistakes does the GRI 2-27 page warn about when reporting serious breaches and fines?

The page lists common reporting gaps and mistakes, so it is useful for a final quality check before sign-off. Use it to catch missing datapoints, inconsistent splits, weak descriptions or unsupported calculations. ↑ section

How do I turn the GRI 2-27 data into a draft disclosure and narrative?

The page includes draft-output guidance with visualisation ideas, narrative starters and a content-index line. That means you can use the prepared numbers and breach descriptions to produce a first draft, then refine the wording for clarity and consistency. ↑ section

Can I use the synthetic example disclosure on the GRI 2-27 page as a template for my own numbers?

Yes, as an illustration only. The page says the example is synthetic and includes a quantitative table, so it can help you see how the disclosure may look, but you still need to replace it with your own internally consistent data. ↑ section

Where can I download the GRI 2-27 workbook and printable card, and what are they for?

The Download Centre includes a Prep & Assurance workbook in .xlsx format and a printable Library Card in .pdf format. Use the workbook to organise the data and evidence, and the card as a quick reference while preparing the disclosure. ↑ section

More questions this page can help with
  • GRI 2-27 serious breaches and fines: what datapoints should be in my source file?
  • How do I split current-year and prior-year fines for GRI 2-27?
  • What evidence should I keep for GRI 2-27 breach descriptions and fine values?
  • How do I write a first draft for GRI 2-27 using the workbook?
  • What are the most common GRI 2-27 reporting gaps to check before submission?
  • How should I document the seriousness method for GRI 2-27?
  • What does the GRI 2-27 example disclosure show about formatting the data table?
  • How do I assign ownership across teams for GRI 2-27 reporting?
  • What should an assurance reviewer look for in a GRI 2-27 evidence pack?
  • Where can I find real company reports that disclose GRI 2-27 topics?
  • How do I use the GRI 2-27 content-index line in a report draft?
  • What is the best way to check that my GRI 2-27 counts and values are internally consistent?
Dr Ross Kurinko
✓ LRA AI Assistant · human-in-the-loop
Ask Study Studio AI assistant about this disclosure

Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.

Try
Sources, status and disclaimer

This LRA assistance tool is designed for educational and internal data-collection purposes. It is not an official interpretation of the GRI Standards, IFRS Sustainability Disclosure Standards or EU CSRD/ESRS requirements. When applying these frameworks in professional practice, users should consult and double-check the official standards, guidance and applicable regulatory sources.