This disclosure asks an organisation to explain how it deals with compliance across its activities, rather than just saying it has policies in place. In practice, it is about whether the organisation has systems to identify, monitor and respond to legal and regulatory requirements, and whether it can show where any non-compliance has occurred and how it was handled.
The practical focus is on coverage and consistency across the organisation’s operations, not only at flagship sites or headquarters. A useful response should make clear the scope of the reporting boundary, the main areas of law and regulation that matter to the business, and any significant issues, patterns or follow-up actions that show how compliance is managed in reality.
This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.
A quick mental checklist before you prepare this disclosure — tick each as you settle it.
Key datapoints to prepare
How to prepare it
Request the compliance incidents and penalties log
Translate the disclosure into an internal business question — then adapt it to your organisation's own language.
Use your organisation’s own incident, breach, case, penalty and sanction terms first, then map them to the reporting categories before sending anything back. Keep the request in the language your legal, compliance or company secretariat team already uses, and check the source records before sign-off.
Please provide the GRI 2-27 compliance with laws and regulations data, including the number of significant instances, fines, non-monetary sanctions, and how significance was determined.
Why it fails: This uses framework language rather than the team’s own records and labels, so the owner has to translate the ask before they can answer it. It also does not clearly separate the case log, the payment record, and the explanation of significance, which makes the return harder to verify.
Please send the legal/compliance case log for [period] for [scope], showing each significant breach or enforcement case, any cash penalty paid during the period, any non-cash sanction, the amount paid, whether the case started this year or earlier, and a short note on why it was treated as significant. Use your own internal labels and add a mapping note if needed. Please check the source records before sign-off.
Notes that turn data into a disclosure
LRA training templates — adapt them to your organisation, and check the official source before sign-off.
Explain how the organisation decides which breaches are material enough to include, and state the basis used to count cases, fines and amounts paid.
Clarify what the figures represent in practice: the scale of notable legal or regulatory breaches, how many led to penalties, and how much was paid in fines during the period.
If the numbers moved materially, note whether this was driven by new issues arising in the year, settlements of older cases, changes in how cases were classified, or a different mix of penalties.
Preparation tools & forms
Professional preparation tools for GRI 2-27 — free with an LRA Community membership. Register once (it's free) and every download unlocks, together with the Disclosure Library, templates and the LRA AI-assistant.
For each claim, check the evidence
Evidence pack to prepare
Common reporting gaps
Mistakes to avoid when collecting the data
Where judgement is often needed
Illustrative examples
Synthetic, written by LRA — not from a company report, not text from any standard.
Synthetic example only: during the year, we recorded 5 material breaches of law or regulation, of which 3 led to fines and 2 to non-cash penalties. We paid 7 fines in total, worth £420,000; 4 of those fines related to matters arising this year (£260,000) and 3 related to earlier years (£160,000).
We treat an issue as material when it is significant in scale, seriousness, or likely impact, using our internal review of legal notices, regulator correspondence, and management escalation. The summary below separates the cases by outcome and shows which paid fines came from the current year versus earlier periods.
Synthetic example only: we identified 4 material breaches in the period, with 1 resulting in a fine and 3 in non-cash sanctions. We settled 2 fines during the year, totalling £95,000; both were linked to issues that arose in previous years, and none related to the current year.
Our judgement of materiality is based on whether the matter was formally escalated, involved a regulator or court, and could reasonably affect our licence, operations, or reputation. The figures below split the breaches by outcome and show the fines paid by when the underlying issue first occurred.
How companies report GRI 2-27
Real reports where this topic is disclosed. These are report practice, not exact disclosure templates to copy.

Scenarios to work through
During year-end close, a preparer finds two serious breaches that were settled in the period: one led to a cash penalty and the other to a non-cash enforcement action. The legal team also notes a third minor breach that was not treated as significant.
A fine of 120,000 was paid during the reporting period for a permit breach that happened this year. Another payment of 80,000 was made in the same period for a case that arose last year and was only settled now.
The compliance team has a register showing three significant cases: one ended with a cash penalty, one with a licence restriction, and one is still open but already considered significant. The draft report currently lists only the two closed cases.
A group prepares its report using a central compliance dashboard, but each business unit applies different thresholds for what counts as significant. The group wants to state only that it uses a “materiality review” without explaining the process.
Related framework references
How this disclosure maps across the major reporting frameworks.
Questions this page answers
The page says to prepare the serious-breach and fine datapoints, including counts, values, split by current and prior year, plus breach descriptions and the seriousness method. It is set up as a practical checklist, so you can use it to confirm the dataset is complete before drafting.
Use it as a working sequence for collecting the data, checking the scope, and turning the inputs into a draft. The page is designed to help you move from raw records to a disclosure-ready summary rather than just read the topic in theory.
The page points you to a seriousness method and to the current-year and prior-year split, so the scope and method need to explain how breaches were classified and how the periods were separated. Keep the explanation tied to the datapoints on the page and the evidence you can show.
The page is aimed at sustainability/ESG managers, HR or data owners, and assurance reviewers, so ownership should sit with whoever can evidence the breach and fine records and coordinate the inputs. In practice, assign clear owners for the breach log, fine values, and the seriousness assessment so the pack is complete.
The page includes an evidence pack with five items and four assurance claims to verify, so the aim is to keep the source records, calculations and supporting explanations together. Use the pack to show how the counts and values were derived and how the seriousness method was applied.
The page says there are four claims to verify, each with a claim, risk and evidence prompt. Use them as an assurance checklist to test whether the disclosure is complete, consistent and backed by documents before it goes into the report.
The page lists common reporting gaps and mistakes, so it is useful for a final quality check before sign-off. Use it to catch missing datapoints, inconsistent splits, weak descriptions or unsupported calculations.
The page includes draft-output guidance with visualisation ideas, narrative starters and a content-index line. That means you can use the prepared numbers and breach descriptions to produce a first draft, then refine the wording for clarity and consistency.
Yes, as an illustration only. The page says the example is synthetic and includes a quantitative table, so it can help you see how the disclosure may look, but you still need to replace it with your own internally consistent data.
The Download Centre includes a Prep & Assurance workbook in .xlsx format and a printable Library Card in .pdf format. Use the workbook to organise the data and evidence, and the card as a quick reference while preparing the disclosure.
Get your GRI 2-27 tools — free
Your preparation tools are free for LRA Community members and students. Register once (it's free) and your download starts right away — plus the Disclosure Library, templates and the LRA AI-assistant.
You're in — your download is starting
Your file is downloading now. Your Community Cabinet — with the Disclosure Library, templates and the LRA AI-assistant — is ready too.
Open your Cabinet →