Incidents of non-compliance concerning the health and safety impacts of products and services
Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.
↗ Share
This disclosure asks an organisation to report any confirmed cases where its products or services did not meet health and safety requirements, and to say what happened as a result. In practice, it is about incidents of non-compliance that have a real health and safety impact, rather than general quality issues or near misses. The focus is on what was identified, how many cases there were, and the nature of the impact.
The practical question is whether the organisation is looking across all relevant products, services, markets and operating areas, not just a few flagship sites or best-performing business units. It should be clear whether the reporting covers the full organisation or only part of it, and whether the incidents relate to products, services, or both. The aim is to show where health and safety compliance has failed and how widespread those failures are.
* This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.
A quick mental checklist before you prepare this disclosure — tick each as you settle it.
| Datapoint | What to capture | Evidence hint | Owner |
|---|---|---|---|
| Prior-period breaches | A short note on any compliance breaches that happened in earlier reporting periods but are being reported now, including what happened and why it is being brought into this period’s disclosure. | Case log, investigation file, legal/compliance review, and the reporting-period cut-off check that shows the event belongs to an earlier period. | Legal / Compliance |
| Compliance incidents | A concise description of each instance where a rule, permit, licence, code, or similar requirement was not met, with enough detail to distinguish separate events. | Incident register, compliance tracker, regulator correspondence, internal investigation notes, and any breach notifications. | Legal / Compliance |
| Product safety breaches | The total count of non-compliance events during the reporting period that relate to product or service health-and-safety rules or voluntary commitments, counted as incidents rather than customers, complaints, or products. | Product safety incident log, quality assurance records, recall or corrective-action files, regulatory notices, and the period-end count used for reporting. | Product Safety / Quality Assurance |
| No breaches statement | A brief confirmation that no non-compliance with relevant rules or voluntary commitments has been identified for the period, where that is the case. | Signed compliance review, legal sign-off, and the period-end assessment showing no recorded breaches. | Legal / Compliance |
Show GRI 416-2 sub-elements (LRA working checklist)
- State briefly whether you found no breaches of laws or voluntary commitments, where that applies.
- Record the number of non-compliance cases.
- If relevant, separate out any non-compliance cases linked to earlier reporting periods.
- Give the total count of non-compliance cases during the period that concern product or service health and safety impacts.
LRA working checklist - paraphrased; see official source
- Set the reporting boundary first: decide which business units, products, services and time period you are covering, so you can separate issues arising in the current year from any matters linked to earlier periods.
- Agree what will count as a reportable case. Use one internal definition for a breach or failure to follow relevant rules or voluntary commitments on product and service health and safety, and make sure the team applies it consistently.
- Gather the source records that support the count. Pull together incident logs, compliance reviews, investigation files, legal or regulatory correspondence, and any other evidence needed to show whether a case occurred and when it happened.
- Prepare the disclosure content in the format you will publish. Include the total number of cases in the reporting period, note any cases tied to earlier periods if they exist, and add a short statement if no such issue was identified.
- Record any exclusions, restatements or scope changes. If you leave anything out, or if your counting method or boundary has changed since the last cycle, explain that clearly so readers can understand the figures.
- Check the draft against the official source before sign-off. Confirm the wording, count and any narrative match the underlying evidence and that nothing required by the source has been missed.
Translate the disclosure into an internal business question — then adapt it to your organisation's own language.
Use your organisation’s own terms first, then map them to this disclosure. For example, if your teams talk about recalls, safety notices, product complaints, enforcement letters, or code breaches, use those labels in the request and only translate them into the reporting disclosure wording at the end.
Please provide the GRI 416-2 the evidence needed for GRI 416:GRI 416-2, including any prior-period incidents and a statement if none were identified.
Please send the product safety / quality / regulatory case log for [reporting period], including recalls, notices, breaches, enforcement letters, and any similar issues linked to product or service safety. Include cases first found this period that relate to an earlier period, and confirm if no cases were recorded. Use your team’s own labels and attach the supporting case evidence.
Formal email template
Subject: Request for product safety non-compliance data for [reporting period] Dear [name/team], We are preparing the sustainability reporting pack for [reporting period] and need your help with the product safety / quality / regulatory matters that were logged in your area. Please send a list of any cases in scope where there was a breach, notice, enforcement action, recall, or other recorded issue linked to the safety impact of our products or services. Please include any cases that were first identified in this period but relate to an earlier period, as well as any periods with no cases recorded. For each case, please provide the details in the response table below and attach or link the supporting evidence (for example, case notes, correspondence, tracker extracts, or closure records). Please use your team’s own terminology in the first instance, then we will map it to the reporting disclosure wording during review. If you are unsure whether a case is in scope, include it and note the reason. Please return by [date]. We will check the official source before sign-off. Many thanks, [preparer name] [role] [contact details]
Short Teams / Slack version
Hi [name/team] — could you send over the product safety / quality / regulatory cases for [reporting period]? Please include any recalls, notices, breaches, enforcement letters, or similar issues linked to product/service safety, plus anything first found this period that relates to an earlier one. If there were none, please confirm that too. Use your own case labels, and we’ll map them later. Thanks — [name]
Consumer goods / retail
Context. The business tracks product recalls, safety complaints, and regulator correspondence in a quality incident tracker.
Adapted request. Please extract all product safety cases from the quality incident tracker for [reporting period], including recalls, safety notices, complaint escalations, and any regulator letters. Flag any case that was identified this period but relates to an earlier one, and confirm if the tracker shows no cases in scope.
Example response. The tracker shows 3 cases in scope: 2 recalls and 1 regulator notice. One recall was opened in 2025 but related to a 2024 batch issue. No other cases were identified.
Healthcare / medical devices
Context. The organisation records field safety notices, vigilance reports, and authority communications in a regulatory affairs log.
Adapted request. Please provide the regulatory affairs log entries for [reporting period] covering field safety notices, vigilance reports, authority communications, and any other product safety non-compliance cases. Include any items linked to an earlier period and note if there were none.
Example response. The log contains 1 vigilance report and 2 authority communications in scope. One communication relates to an issue first detected in the prior year. No additional cases were found in the period.
The full request pack — response form, data table, evidence metadata and sign-off — is in the Download Centre.
LRA training templates — adapt them to your organisation, and check the official source before sign-off.
State how the organisation counted each case, what it treated as a compliance breach, and whether it included matters first discovered now but linked to an earlier period.
Explain what the reported number means in practice, including whether it indicates any identified breaches or a clean position for the period, and what parts of the business or product range were involved if relevant.
If the figure moved materially, note whether that was driven by more or fewer cases, delayed discovery of earlier issues, changes in reporting scope, or a genuine shift in performance.
GRI 416-2 Incidents of non-compliance concerning the health and safety impacts of products and services — [location / page] / [notes]
Professional preparation tools and forms for GRI 416-2. Each download includes a concise “How to use” guide.
| Claim | Risk | Evidence to check |
|---|---|---|
| I checked whether any older-period compliance issue needed to be brought into the coverage figure, so the reported number reflects the right timing basis. | The assurer may find that prior-period matters were left out, double-counted, or moved into the wrong period, which would distort the figure. | Issue logs, legal/compliance registers, case files, period-end cut-off review, and the working paper showing how each matter was dated and included or excluded. |
| I used a consistent method to decide what counted as a compliance incident, so the disclosed figure was built on the same rule set across the reporting period. | The assurer may question inconsistent classification, where similar events were treated differently or non-qualifying items were counted. | Internal counting guidance, classification checklist, sample incident files, reviewer sign-off, and any reconciliations between source records and the published total. |
| I compiled the total from the incident records for the period and checked that each included case related to the relevant product or service safety matters before publication. | The assurer may probe whether the total is complete, whether any cases were missed, and whether the included items actually fit the stated subject matter. | Source incident register, supporting correspondence, investigation notes, regulatory notices, tally sheet, and a trace from each counted case to the final number. |
| I confirmed the statement of no identified issues only after reviewing the underlying records and checking that there were no reportable cases in the disclosed operations. | The assurer may challenge an unsupported zero claim, incomplete search coverage, or evidence that a relevant case existed but was not captured. | Search and review evidence, management confirmation, legal/compliance review notes, exception logs, and the final clearance or approval record. |
- The governing policy or written commitment behind this disclosure
- A methodology / definition note setting out how the disclosure was scoped and prepared
- Source-system exports the figures or facts were drawn from
- The internal approval / sign-off record for the disclosure before publication
- Minutes or records evidencing the relevant engagement or consultation
- Figures are stated without the supporting narrative, or narrative without figures.
- Scope is inconsistent between the text and the numbers.
- The reporting boundary is left undefined.
- Material changes since the previous period are not disclosed.
- Estimates and measured values are not distinguished.
- Source records for the figures are not identified.
- Wrong owner
The request goes to the wrong team, so the count is built from the wrong operational records instead of the people who track product and service safety issues.
- Framework language only
The data call uses reporting-framework terms that the business does not use, and the source team cannot map them cleanly to its own incident logs.
- Scope not fixed
No one agrees which products, services, sites, or business lines are in scope, so the dataset mixes records that should have been left out.
- Wrong time basis
The pull is made using the wrong date basis, so events from outside the chosen reporting window are included or current-period items are missed.
- Counting basis mixed up
One extract counts cases one way while another counts them differently, and the final total combines unlike measures that should stay separate.
- Source labels lost
Original case IDs, system tags, or file names are stripped away, making it impossible to trace each figure back to the underlying record.
- Separate populations merged
Incidents tied to past periods are merged with current-period incidents, even though they need to be kept apart for the disclosure build.
- Evidence trail missing
The pack has numbers but no supporting metadata or sign-off record, so no one can show where the data came from or who checked it.
- Counting matters that started before the year but were still open
Decide whether to include cases first identified earlier but still active in the current year, and explain that choice consistently with your cut-off date and evidence trail.
- Treating a case as one event or several
Where one issue leads to multiple notices, sites, products, or jurisdictions, set a clear counting rule, apply it the same way, and disclose how you avoided double counting.
- Using local rules versus a single group-wide view
If countries or business lines use different safety or product-control rules, state the basis used to judge a breach and explain any harmonised approach you applied across the group.
- Deciding what sits inside the reporting boundary after a deal
When acquisitions, disposals, or closures change the perimeter, explain whether you counted only the period the business was in scope and how you treated incidents tied to the transferred activity.
- Including borderline products, services, or customer groups
Set out how you handled items or users near the edge of your scope, such as trial products, legacy ranges, third-party channels, or vulnerable users, and explain why they were in or out.
- Choosing between a confirmed breach and a suspected issue
State whether you counted only matters confirmed by an authority or internal review, or also credible allegations and near misses, and describe the evidence threshold used.
- Using estimates where records are incomplete
If the count relies on estimates, reconciliations, or sampling because records are partial, say so and explain the method, assumptions, and any known margin of uncertainty.
- Rounding and small-number suppression
Explain your rounding rule and any suppression or grouping used to protect privacy or avoid identifying individuals, while keeping the total count internally consistent.
- Handling cases that span more than one reporting line
Where the same incident could be linked to product quality, customer harm, legal action, or another internal register, define the master source and explain how you linked or excluded duplicates.
Synthetic, written by LRA — not from a company report, not text from any standard.
Synthetic illustration only. During the year, we recorded 2 product-safety compliance breaches linked to our goods and related service information, giving an incidence rate of 0.8 incidents per 100 product lines reviewed.
- Both matters were identified and closed within the reporting period; none related to earlier periods.
- We did not identify any other breach of relevant laws or voluntary commitments covering the safety effects of our products and services.
Synthetic illustration only. We identified 1 case of non-compliance affecting the safety of products handled through our platform, which equates to an incidence of 0.5 incidents per 100,000 orders processed.
- That case arose from the current year, and we found no open or newly reported matters carried over from prior years.
- Aside from that single case, we have not identified any further departures from applicable rules or voluntary codes on product and service safety.
How to turn the collected data into a draft disclosure. Suggested visuals and a GRI content-index line generated from this disclosure's datapoints.
Suggested visuals
- Non-compliance count in the reporting year — table: A simple count of all product- and service-safety compliance breaches identified during the period, with a note on whether any relate to earlier periods.
- Current-year cases versus earlier-period cases — stacked bar: A split between issues first identified in the reporting period and issues that were linked to prior periods but surfaced now.
- Statement of no issues identified — donut: A clear visual showing either zero identified breaches or the share of cases that were not identified, if the reporter is presenting a no-issues position.
- Trend in compliance incidents over time — line: How the number of identified breaches changes across reporting periods, helping readers see whether the position is improving, stable, or worsening.
- Compliance incidents by business area or product group — bar: Which parts of the business, product lines, or service categories account for the identified breaches, if the underlying data has that breakdown.
What separates a figure from a disclosure.
We recorded 2 product-safety compliance incidents this year.
We recorded 2 product-safety compliance incidents this year, and both were linked to issues first identified in the prior year.
We recorded 2 product-safety compliance incidents this year, both tied to matters first raised before the reporting period, and the increase from last year’s 1 was due to a wider review that uncovered one additional case.
Real reports where this topic is disclosed. The confidence label shows how closely each match maps to GRI 416-2 — these are report practice, not exact disclosure examples.
| Company | Sector · Country | Year | Match | Page | Report | Assurance | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zydus Lifesciences Limited | Pharmaceuticals / Biotech / Life Sciences · India | 2025 | Partial | p. 150 →p. 135 →p. 16 → | ESG Report FY24-25 → | — | ||||||||||||||||
Evidence in Zydus Lifesciences Limited’s reportWhat the report shows Zydus Lifesciences Limited’s ESG Report FY24-25 includes a numeric value indicating zero incidents of non-compliance concerning product and service information and labelling on page 135. The report also references materiality issues and risk management aspects on page 148, suggesting some discussion of relevant sustainability topics. However, there is no clear or quotable narrative specifically addressing broader compliance or governance details beyond these points, and some narrative items are not found or remain unclear.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
||||||||||||||||||||||
| Owens Corning | Building Products · United States | 2024 | Partial | p. 374 →p. 40 →p. 176 → | 2024 Sustainability Report → | EY | ||||||||||||||||
Evidence in Owens Corning’s reportWhat the report shows Owens Corning's 2024 Sustainability Report provides a covered datapoint on employee retention after parental leave, reporting a 98% return-to-work rate by gender (p.300). The report also includes information on incidents of non-compliance with regulations or voluntary codes, noting no material incidents (p.184), and references compliance with independence, impartiality, and competency standards by SCS Global Services (p.384). However, there is no quotable evidence found for some narrative items, indicating gaps or unclear coverage in certain areas of the disclosure.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
||||||||||||||||||||||
| Thai Beverage Public Company Limited | Food and Beverage Processing · Thailand | 2024 | Partial | p. 186 →p. 23 →p. 93 → | Sustainability Report 2024 → | LRQA | ||||||||||||||||
Evidence in Thai Beverage Public Company Limited’s reportWhat the report shows Thai Beverage Public Company Limited’s Sustainability Report 2024 includes coverage of incidents of child labor, referencing specific pages (155, 159) and a policy statement online, indicating attention to forced or compulsory labor issues (p.189). The report also provides data on non-compliance with health and safety regulations related to products and services (p.93). However, there is no clear or quotable evidence found elsewhere in the report specifically addressing other aspects of forced labor or detailed supply chain management practices related to this disclosure.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
||||||||||||||||||||||
A product safety review finds two customer complaints from the current year and one regulator letter about an issue that happened last year but was only closed this year. The draft note currently lists all three together.How should you separate what belongs in the current-year count from what should be described as a prior-period matter?
A business has no findings from regulators, but it did breach a voluntary safety code it had signed up to for one product line. The team is unsure whether that should be left out because it was not a law breach.Should the incident be included in the disclosure, and how should it be treated in the count?
A company had no findings at all during the year, but the draft report still contains a table with a zero count and a note saying no issues were found. The preparer wonders whether the narrative alone is enough.What should be stated when no such incidents were identified?
A manufacturer recorded one incident in the year, but the incident file is incomplete: it has an internal email and a complaint log, yet no regulator notice or signed legal review. The team wants to publish the number anyway.What should you check before finalising the disclosure?
See how companies actually report GRI 416-2 — drawn from their own published reports, with the exact pages, and an LRA AI-assistant that works through it with you. Available to LRA Community members and to students throughout their platform access.
How this disclosure maps across the major reporting frameworks.
For GRI 416-2, what data points should I gather before I start drafting the disclosure?
The page says to prepare four datapoints: prior-period breaches, compliance incidents, product safety breaches, and a no breaches statement. Use those as the starting checklist before you draft anything. ↑ section
How do I use the step-by-step 'how to prepare' section for GRI 416-2 in practice?
Use it as a working sequence to move from scoping and data collection through to a draft disclosure. The page is designed to help you prepare the disclosure, not just describe it. ↑ section
What should I include in the evidence pack for GRI 416-2 so it is assurance-ready?
The page includes an evidence pack with five items to support assurance readiness. Build your file around those items so the claim, the risk, and the supporting evidence are easy to trace. ↑ section
What are the four assurance claims I need to verify for GRI 416-2?
The page says there are four assurance claims to check, each with a claim, risk, and evidence view. Use that structure to test whether the disclosure is supported before it goes into a report. ↑ section
What are the common reporting gaps or mistakes on the GRI 416-2 page that I should avoid?
The page lists common reporting gaps and mistakes to help you spot weak points before sign-off. Use that section as a pre-submission check against your draft and evidence pack. ↑ section
How should I use the Prep & Assurance workbook for GRI 416-2?
The workbook is one of the downloads and is intended to help you prepare and evidence the disclosure. Use it to organise the datapoints, ownership, and assurance checks before drafting. ↑ section
What is the printable Library Card PDF for GRI 416-2 useful for?
The printable Library Card is a quick reference download alongside the workbook. It is useful when you want a compact version of the page content for review or team discussion. ↑ section
How do I turn the GRI 416-2 page content into a draft disclosure?
The page has a draft-output section with visualisation ideas, narrative starters, and a GRI content-index line. Use those prompts to turn your prepared data into a first draft rather than starting from a blank page. ↑ section
What kind of synthetic example does the GRI 416-2 page show, and how should I use it?
The page includes synthetic illustrative example disclosures, including a quantitative table. Treat them as examples of presentation and internal consistency, not as real reporting data. ↑ section
Can I reuse the same data for ESRS S4 (Consumers and End-users) and GRI 416-2?
The page notes ESRS S4 as the closest correspondence, so the same underlying data may be reusable across both. Do not assume the requirements are identical; use the page as a practical bridge, not a rulebook. ↑ section
Who should own the GRI 416-2 disclosure process in my organisation?
The page is aimed at sustainability/ESG managers, HR or data owners, and assurance reviewers, so ownership should sit with the person or team that can gather the data and evidence. Use the page’s preparation and assurance sections to agree responsibilities early. ↑ section
- GRI 416-2 customer health and safety data collection checklist
- GRI 416-2 prior-period breaches and compliance incidents what to collect
- GRI 416-2 product safety breaches evidence pack items
- GRI 416-2 no breaches statement how to draft
- GRI 416-2 assurance claims claim risk evidence
- GRI 416-2 common reporting mistakes and gaps
- GRI 416-2 workbook download how to use
- GRI 416-2 library card PDF what is it
- GRI 416-2 draft disclosure narrative starters
- GRI 416-2 content index line example
- GRI 416-2 synthetic example disclosure table
- GRI 416-2 ESRS S4 data reuse
Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.
Sources, status and disclaimer
This LRA assistance tool is designed for educational and internal data-collection purposes. It is not an official interpretation of the GRI Standards, IFRS Sustainability Disclosure Standards or EU CSRD/ESRS requirements. When applying these frameworks in professional practice, users should consult and double-check the official standards, guidance and applicable regulatory sources.