Incidents of non-compliance concerning marketing communications
Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.
↗ Share
This disclosure asks an organisation to report any confirmed cases where its marketing communications did not comply with the rules or standards that apply to them. In practice, it is about whether there were breaches in how products, services or the organisation itself were promoted, and whether those breaches were identified and recorded during the reporting period.
The practical focus is on the full scope of marketing activity, not just a few visible campaigns or flagship sites. An organisation should consider where marketing is created, approved and used across its operations, and report incidents wherever they occurred, so readers can see whether non-compliance was isolated or part of a wider pattern.
* This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.
A quick mental checklist before you prepare this disclosure — tick each as you settle it.
| Datapoint | What to capture | Evidence hint | Owner |
|---|---|---|---|
| Prior-period breaches | A short note on any breaches or failures that happened in earlier reporting periods but are being reported now, where relevant. | Case log, compliance review notes, legal correspondence, or incident register showing the event date and why it is being included now. | Compliance / Legal |
| Breach occurrence | A brief description of each breach or failure identified in the period, with enough detail to show what happened and that it is a non-compliance matter. | Incident register, investigation file, regulator correspondence, internal audit findings, or legal review confirming the breach and its classification. | Compliance / Legal |
| Marketing breaches count | The total count of breaches linked to marketing messages and campaigns, including paid promotion and sponsorship activity, for the reporting period. | Marketing compliance log, campaign review records, legal sign-off tracker, incident register, and any regulator or self-regulatory correspondence used to tally the count. | Marketing / Compliance |
| No breaches statement | A short statement confirming that no breaches were identified, where that is the case. | Compliance review conclusion, incident register showing no cases, and sign-off from the responsible control owner. | Compliance / Legal |
Show GRI 417-3 sub-elements (LRA working checklist)
- State briefly that no breaches of laws or voluntary commitments have been found, where that applies.
- Record how many breaches or failures to comply occurred.
- If relevant, separate out any breaches linked to events that happened before the reporting period.
- Give the total count of breaches of rules or voluntary commitments in marketing-related communications, including adverts, promotions and sponsorships.
LRA working checklist - paraphrased; see official source
- Set the reporting boundary first: decide which business units, markets, channels and time period you will check, and make sure the same scope is used for both the count and any supporting narrative.
- Define what you will treat as a reportable breach: use one clear internal rule for incidents tied to marketing communications, including advertising, promotions and sponsorship activity, so the team applies the same test every time.
- Gather the source evidence for each case: keep the underlying records that show what happened, when it happened, where it was identified, and whether it was a breach of law or a voluntary code.
- Compile the output in the form needed for the disclosure: record the total number of incidents, and also prepare a short statement if no breaches were found, so the final submission matches the facts you have checked.
- Separate current-period cases from older matters: if an issue relates to an earlier reporting period, flag it clearly and keep it distinct from incidents arising in the current year.
- Document any exclusions, restatements or changes in approach, then compare the draft against the official source to confirm you have not missed any required item and that the wording still reflects the underlying evidence.
Translate the disclosure into an internal business question — then adapt it to your organisation's own language.
Use your organisation’s own labels first (for example, campaign review, brand approvals, promotions, sponsorships, complaints, breaches, or regulatory matters), then map them to the disclosure. Keep the request in business language your team already uses, and check the source material before sign-off.
Please provide the incidents of non-compliance concerning marketing communications for the reporting period.
Please pull the marketing compliance cases for [reporting period] from your tracker or case log, covering advertising, promotions, sponsorships, and similar activity. Include any matters first identified this period that relate to earlier activity, and confirm if there were no issues. Use your team’s own labels, include the case ID and source record, and send the count plus a short summary by [date].
Formal email template
Subject: Request for marketing compliance incident data for [reporting period]\n\nHi [name/team],\n\nI’m preparing the sustainability reporting pack and need your help with the marketing compliance incident data for [reporting period].\n\nPlease send a summary of any issues recorded in your tracker or case log that relate to advertising, promotions, sponsorships, or similar activity, including any matters first identified this period but linked to earlier activity. If there were no issues, please confirm that in writing.\n\nFor each item, please include:\n- case or reference ID\n- date the issue was identified\n- whether it relates to earlier activity\n- short description of the issue\n- internal category used\n- status / outcome\n- source record or evidence link\n- total count of incidents for the period\n\nPlease adapt this to your team’s own terms and send back the completed table by [date]. Check the source material before sign-off.\n\nThanks,\n[preparer name]
Short Teams / Slack version
Hi [name] — could you send the marketing compliance incident log for [reporting period]? Please include any advertising / promotion / sponsorship issues, plus anything found this period that relates to earlier activity. If there were none, please confirm that in writing. Use your team’s own labels and send the source link or case ID by [date]. Thanks.
General operations
Context. Adapt the request to the reporting boundary and internal owner.
Adapted request. Please pull the marketing compliance cases for [reporting period] from your tracker or case log, covering advertising, promotions, sponsorships, and similar activity. Include any matters first identified this period that relate to earlier activity, and confirm if there were no issues. Use your team’s own labels, include the case ID and source record, and send the count plus a short summary by [date].
Example response. The response should state the period, boundary, source system, evidence owner and any judgement applied.
The full request pack — response form, data table, evidence metadata and sign-off — is in the Download Centre.
LRA training templates — adapt them to your organisation, and check the official source before sign-off.
State how you counted each relevant case, including what you treated as a reportable incident and whether you included matters first identified now or linked to an earlier period.
Explain what the figures mean for the business by saying whether there were any relevant breaches, how many were recorded, and whether any were connected to past periods.
If the number changed materially, note the main operational or control-related reasons for the movement and say whether any cases were carried over from an earlier period.
GRI 417-3 Incidents of non-compliance concerning marketing communications — [location / page] / [notes]
Professional preparation tools and forms for GRI 417-3. Each download includes a concise “How to use” guide.
| Claim | Risk | Evidence to check |
|---|---|---|
| We have checked whether any older compliance issue should still be counted in the coverage figure, and we only included it where it genuinely belongs in the period we are reporting. | The assurer will probe whether a prior-period matter was wrongly left out, double-counted, or brought into the wrong reporting year. | Case logs, legal or compliance review notes, period-end cut-off papers, and the working file showing how each matter was assigned to the reporting year. |
| We built the incident count from a defined population of relevant cases, using one consistent method to decide what was in scope and what was excluded. | The assurer will test whether the count is complete, whether the scope was applied consistently, and whether exclusions were justified. | Scope memo, incident register, inclusion/exclusion criteria, source-system extracts, and reconciliation between the register and the published figure. |
| The total we disclosed was taken from the underlying records after we had checked for duplicates, missing entries, and obvious coding errors. | The assurer will look for overstatement, understatement, duplicate counting, or weak data handling before publication. | Raw incident listings, duplicate-check evidence, data-cleaning logs, version history, and sign-off records for the final number. |
| We kept support for each reported case, including the original record, the reason it was treated as relevant, and the review trail behind the final tally. | The assurer will ask whether there is enough evidence to support each item counted and whether the audit trail is complete. | Source documents, investigation files, correspondence, decision notes, and a trace from each reported case back to the underlying evidence. |
| Before publishing, we ran a final check that the statement matched the working papers and that the wording did not overstate what the evidence showed. | The assurer will probe whether the published wording is consistent with the evidence and whether the final review caught errors or unsupported claims. | Draft-to-final comparison, approval emails, management review notes, and the final disclosure pack with the supporting schedule. |
- The governing policy or written commitment behind this disclosure
- A methodology / definition note setting out how the disclosure was scoped and prepared
- Source-system exports the figures or facts were drawn from
- The internal approval / sign-off record for the disclosure before publication
- Minutes or records evidencing the relevant engagement or consultation
- Figures are stated without the supporting narrative, or narrative without figures.
- Scope is inconsistent between the text and the numbers.
- The reporting boundary is left undefined.
- Material changes since the previous period are not disclosed.
- Estimates and measured values are not distinguished.
- Source records for the figures are not identified.
- Wrong owner
The request goes to the wrong team, so the count is built from the people who run campaigns rather than the group that tracks complaints, legal cases, or code breaches.
- Framework language used
The data ask is sent in disclosure wording instead of the organisation’s own terms, and the recipient cannot tell whether to look at ad checks, promo approvals, sponsorship reviews, or another internal record set.
- Scope not fixed
No one agrees which business units, brands, channels, or markets are in scope, so some incidents are included twice while others are left out.
- Wrong time basis
The pull is made using the wrong date rule, so events from an earlier period are mixed into the current year or current-period cases are missed because they were logged later.
- Counting basis mixed up
One source counts complaints, another counts separate incidents, and the final figure blends them together even though they are not the same population.
- Source labels lost
The original case IDs, register names, and file labels are stripped away during consolidation, making it impossible to trace each figure back to the underlying record.
- Populations merged
Marketing, advertising, promotion, and sponsorship issues are rolled into one bucket without checking whether the internal records keep them as separate groups.
- Evidence trail missing
The extract is saved without the supporting note, date stamp, owner, or approval record, so nobody can show where the number came from or who checked it.
- No sign-off path
The draft count is passed on without a named reviewer and final approval step, so the team cannot prove that the data was checked before the disclosure text was written.
- Set the group boundary after acquisitions and disposals
Decide whether to count only incidents linked to businesses in scope at period end or also those from parts of the group bought or sold during the year, and explain the cut-off you used.
- Handle older incidents that surface this year
If a breach happened before the reporting window but is identified, confirmed, or settled now, state whether you include it in the count and describe the timing rule you applied.
- Align local rule breaches with group reporting
Where countries use different advertising, promotion, or sponsorship rules, agree a common way to decide what counts as a reportable breach and disclose any local exceptions or mapping rules.
- Decide how to treat borderline marketing activity
Make a clear call on items near the edge of the scope, such as branded sponsorships, influencer activity, or sales promotions, and explain the business rule used to include or exclude them.
- Choose the counting unit for repeated breaches
If one campaign leads to several findings, decide whether to count each finding, each campaign, or each case file as one incident, and describe that counting basis consistently.
- Separate confirmed breaches from allegations
State whether you only count matters that have been substantiated or also include open complaints, regulator queries, or internal investigations, and explain the evidence threshold.
- Use a consistent year-end basis for totals
If incidents are logged on different dates across legal, compliance, and marketing teams, pick one timing basis for the total and disclose how late updates, reversals, or reclassifications are handled.
- Round and aggregate without exposing sensitive detail
When the number is small or could identify a case, aggregate the data or round it in a consistent way, and explain any privacy-driven suppression or grouping used.
- Decide whether a no-issues statement is still supportable
If no breaches were found, confirm that the statement covers the full group and the full period, and note any areas reviewed but not counted so the basis is clear.
Synthetic, written by LRA — not from a company report, not text from any standard.
Synthetic example for illustration only. During the year, we recorded 2 marketing-related breaches of external rules and our own promotional code, giving an incidence rate of 2 incidents per 100 campaigns. One case was first raised in the current year; the other related to a prior period and was identified after year-end review. We did not identify any other such breaches in the period.
Synthetic example for illustration only. We found no breaches of the rules or voluntary commitments that govern our advertising, sales promotion, or sponsorship activity, so the total number of incidents for the year was 0 and the incidence rate was 0 per 1,000 patient-facing communications. Because there were no cases, there were also no matters carried over from an earlier period. In plain terms, we have not identified any non-compliance in this area.
How to turn the collected data into a draft disclosure. Suggested visuals and a GRI content-index line generated from this disclosure's datapoints.
Suggested visuals
- Non-compliance incidents by type — table: A simple listing of each reported issue category, with the count of cases and whether any relate to earlier reporting periods.
- Overall incidence trend — line: How the number of non-compliance cases changes over time, if the reporter has data for more than one period.
- Current-period vs earlier-period cases — stacked bar: A split between issues first identified in the current year and those linked to prior periods, where applicable.
- Total cases and no-issue statement — donut: The share of reported cases versus a zero-case position, if the organisation is able to state that no relevant breaches were found.
- Non-compliance count by reporting period — bar: The total number of relevant incidents in the period, with a separate bar for any linked to earlier periods if present.
What separates a figure from a disclosure.
We recorded 2 marketing-related compliance breaches.
We recorded 2 marketing-related compliance breaches, both counted in the current reporting year and covering advertising, promotions and sponsorships.
We recorded 2 marketing-related compliance breaches in the current reporting year across advertising, promotions and sponsorships, with none carried over from earlier periods; the total stayed at 2 because we identified no additional cases after review.
Real reports where this topic is disclosed. The confidence label shows how closely each match maps to GRI 417-3 — these are report practice, not exact disclosure examples.
| Company | Sector · Country | Year | Match | Page | Report | Assurance | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zydus Lifesciences Limited | Pharmaceuticals / Biotech / Life Sciences · India | 2025 | Partial | p. 154 →p. 135 →p. 134 → | ESG Report FY24-25 → | — | ||||||||||||||||
Evidence in Zydus Lifesciences Limited’s reportWhat the report shows Zydus Lifesciences Limited’s ESG Report FY24-25 includes a numeric disclosure of zero incidents of non-compliance concerning product and service information and labelling on page 135. The report also references materiality issues and risk management aspects on page 148, indicating some narrative coverage of relevant topics. However, there is no clear or quotable evidence found elsewhere in the report specifically addressing other aspects of the disclosure, leaving some elements unclear or missing.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
||||||||||||||||||||||
| Firstsource Solutions Limited | Professional Services · India | 2025 | Exact | p. 235 →p. 236 →p. 226 → | ESG Report FY 2024-25 → | BSI | ||||||||||||||||
Evidence in Firstsource Solutions Limited’s reportWhat the report shows Firstsource Solutions Limited’s ESG Report FY 2024-25 provides coverage on forced or compulsory labor risks, referencing GRI 409-1 and noting operations and suppliers at significant risk on page 231. The report also includes detailed occupational health and safety data, such as lost time injury frequency rates and total recordable work-related injuries on page 120. However, there is no clear evidence found regarding some narrative disclosures, and certain aspects related to forced labor incidents or specific mitigation measures remain unclear.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
||||||||||||||||||||||
| Owens Corning | Building Products · United States | 2024 | Partial | p. 374 →p. 184 →p. 42 → | 2024 Sustainability Report → | EY | ||||||||||||||||
Evidence in Owens Corning’s reportWhat the report shows Owens Corning’s 2024 Sustainability Report provides a 98% return to work rate for employees who took parental leave, reported by gender on page 300. The report also notes no incidents of non-compliance with regulations or voluntary codes on page 184, and includes a statement on independence, impartiality, and competence by SCS Global Services on page 384. However, while there is some supporting context on employee health screening on page 76, no specific headline values are given, and details on incidents of corruption or ethical breaches are referenced but not fully detailed in the provided excerpts.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
||||||||||||||||||||||
During the year, the business settled one complaint about a promotional email that breached a trade body code. The issue was raised and closed in the same reporting year, and there were no other cases.Do you count this as one incident in the year, and do you describe it as a breach linked to marketing activity?
A regulator finalised a case this year about an advert published last year. The matter was about a past campaign, but the decision and any finding arrived during the current reporting period.Should this be included even though the campaign happened before the reporting year?
The company reviewed all advertising, sponsorship and sales-promotion activity and found no breaches of laws or voluntary industry codes. Internal checks and legal review support that conclusion.What should be reported when no non-compliance has been identified?
Two separate complaints were upheld this year: one about a social media advert and one about a sponsored event banner. A third complaint was dismissed and did not lead to any finding.How many incidents belong in the disclosure, and do you include the dismissed complaint?
See how companies actually report GRI 417-3 — drawn from their own published reports, with the exact pages, and an LRA AI-assistant that works through it with you. Available to LRA Community members and to students throughout their platform access.
How this disclosure maps across the major reporting frameworks.
What data do I need to prepare for GRI 417-3 Marketing and Labeling before I start drafting the disclosure?
The page says to prepare four datapoints: prior-period breaches, whether a breach occurred, the count of marketing breaches, and a no-breaches statement. Use those as the starting point for your data request and draft structure. ↑ section
How should I scope GRI 417-3 Marketing and Labeling so I know which breaches to include?
Use the page’s step-by-step preparation section to define the reporting scope before collecting data. The page is set up to help you decide what sits in scope, then gather the matching breach information and evidence. ↑ section
Who should own the GRI 417-3 Marketing and Labeling data collection in practice?
The page is designed for sustainability/ESG managers, HR or data owners, and assurance reviewers, so ownership should sit with the team that can confirm the breach data and supporting evidence. The workbook can help you assign tasks and track what each owner needs to provide. ↑ section
What evidence should I keep for GRI 417-3 Marketing and Labeling to make the disclosure assurance-ready?
The page includes an evidence pack with five items for assurance readiness, plus five assurance claims to verify. Use those to build a file that links each claim to the risk and the supporting evidence. ↑ section
What are the five assurance claims on the GRI 417-3 Marketing and Labeling page and how do I use them?
The page says there are five claims to verify, each with a linked risk and evidence point. In practice, use them as a checklist to test whether the draft disclosure is supported and whether anything is missing from the evidence pack. ↑ section
What are the common reporting gaps or mistakes for GRI 417-3 Marketing and Labeling?
The page lists common reporting gaps and mistakes so you can check for missing breach data, weak evidence, or an incomplete no-breaches statement. It is useful as a pre-submission review before the draft goes to assurance. ↑ section
How do I use the Prep & Assurance workbook for GRI 417-3 Marketing and Labeling?
The workbook is one of the page downloads and is meant to support preparation and assurance readiness. Use it to organise the datapoints, evidence, and ownership before turning the information into a draft. ↑ section
What should I take from the printable Library Card PDF for GRI 417-3 Marketing and Labeling?
The printable Library Card is a quick reference version of the page content. It is useful when you want the disclosure checklist, evidence prompts, and draft-building points in a format you can share or annotate offline. ↑ section
How do I turn the GRI 417-3 Marketing and Labeling data into a draft disclosure?
The page includes draft-output support with visualisation ideas, narrative starters, and a GRI content-index line. Use those to convert the prepared datapoints and evidence into a short, structured draft. ↑ section
Can I reuse the same data for ESRS S4 (Consumers and End-users) and GRI 417-3 Marketing and Labeling?
The page says ESRS S4 (Consumers and End-users) is the closest correspondence, so the same underlying data may be reusable across both. Treat that as a cross-framework starting point, then check the specific reporting needs separately. ↑ section
- GRI 417-3 Marketing and Labeling workbook download: what is it for and how do I use it?
- GRI 417-3 Marketing and Labeling evidence pack: what should be in it for assurance?
- GRI 417-3 Marketing and Labeling prior-period breaches: how should I collect and present them?
- GRI 417-3 Marketing and Labeling breach occurrence: what counts as the key data point to capture?
- GRI 417-3 Marketing and Labeling no breaches statement: when do I use it in the draft?
- GRI 417-3 Marketing and Labeling marketing breaches count: how do I calculate and check it?
- GRI 417-3 Marketing and Labeling how to prepare the disclosure step by step
- GRI 417-3 Marketing and Labeling common mistakes to avoid before assurance
- GRI 417-3 Marketing and Labeling draft narrative starters and content index line
- GRI 417-3 Marketing and Labeling from company reports examples: how can I use them as a benchmark?
- GRI 417-3 Marketing and Labeling plain-language explainer: what does the page help me understand?
- GRI 417-3 Marketing and Labeling ESRS S4 consumers and end-users data reuse question
Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.
Sources, status and disclaimer
This LRA assistance tool is designed for educational and internal data-collection purposes. It is not an official interpretation of the GRI Standards, IFRS Sustainability Disclosure Standards or EU CSRD/ESRS requirements. When applying these frameworks in professional practice, users should consult and double-check the official standards, guidance and applicable regulatory sources.