Disclosure LibraryPractitioner guidance for every reporting disclosure
Home Disclosure Library ESRS ESRS G1 G1-2
ESRS G1: Business Conduct · 2026-5010-final
Disclosure Requirement G1-2

Actions (Business Conduct)

Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official EFRAG source.

Dr Ross Kurinko, Sustainability Reporting Trainer
Reviewed by Dr Ross Kurinko · Sustainability Reporting Trainer LRA educational guidance · Not issued or endorsed by EFRAG
To prepare this disclosure
Disclosure focus

This disclosure asks an organisation to explain the main actions it is taking to prevent, detect, address and improve business conduct issues. In practice, that means describing the measures in place, how they are implemented, and what parts of the organisation they cover, rather than only listing policies or commitments.

The practical focus is on whether those actions are embedded across the business and value chain, or limited to a few flagship sites or functions. Report the scope, the type of action, and where it applies, so a reader can see how consistently the organisation is managing business conduct in day-to-day operations.

This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official EFRAG source.

Before you start

A quick mental checklist before you prepare this disclosure — tick each as you settle it.

Preparation

Key datapoints to prepare

Datapoint What to capture Evidence hint Owner
Actions taken A plain summary of the steps the organisation has put in place in response to the issue, written as completed actions rather than plans. Action log, project tracker, management updates, or board papers showing the measures approved and implemented. Sustainability / responsible business team
Prevention measures The specific controls, policies, or changes introduced to stop the issue happening again, described as preventative steps already in use. Policy updates, control design documents, risk register entries, or process change records. Risk / compliance team
Monitoring actions The checks, reviews, or tracking activities used to watch for the issue and spot recurrence, including how often they run. Monitoring schedules, dashboard outputs, review minutes, or assurance reports. Internal audit / risk team
ESG criteria used Whether environmental, social, and governance factors were part of the selection approach, captured as a simple yes/no based on the actual process used. Investment policy, selection memo, screening checklist, or committee paper showing the factors applied. Investment / procurement team
Selection method A short description of how the organisation chose the relevant items, including the decision rule or screening approach used in practice. Methodology note, selection criteria document, scoring model, or approval paper. Investment / procurement team
Training provided Whether training was actually delivered for the relevant topic, recorded as yes/no for the reporting period. Training register, attendance records, LMS completion report, or trainer sign-off. Learning and development
Training coverage The share of the intended audience that completed the training, calculated from the correct population and period. Training completion report, headcount list for the target group, and the calculation file used for the percentage. Learning and development
Training hours The amount of training time delivered, stated in a way that makes clear whether it is total hours, average hours, or another measure used internally. Course timetable, LMS records, attendance sheets, or training summary report. Learning and development
Supplier engagement The programmes or activities used to work with suppliers on the topic, described in practical terms rather than as a policy statement. Supplier programme plan, outreach records, workshop materials, or supplier communications. Procurement / supplier management
Suppliers in scope Which suppliers were included in the engagement or review, with the basis for inclusion and the relevant count or grouping. Supplier list, segmentation file, contract register, or programme scope note. Procurement / supplier management
Engagement results The outcomes from supplier engagement, including what changed, what was agreed, or what follow-up was triggered. Meeting notes, action trackers, supplier responses, or programme evaluation summary. Procurement / supplier management
Defined procedures The formal steps the organisation has set out for handling the matter, including who does what and when. Procedure document, workflow map, control manual, or policy annex. Operations / compliance team
Tracking systems The systems or tools used to record, follow, and review the matter, including the main source of record. System screenshots, system description, data dictionary, or process map showing the tracking tool. IT / data owner
Investigation process How suspected issues are reviewed, escalated, and closed out, including the steps used to investigate each case. Case management procedure, investigation workflow, escalation matrix, or investigation log. Compliance / investigations team
Training coverage The percentage of the intended audience that received the required training for this topic, using the correct target group and reporting period. Training completion report, target-role list, and calculation workbook. Learning and development
Target roles The job roles or functions that the training is meant for, stated as the actual audience rather than a generic staff group. Training plan, role matrix, policy requirement, or LMS audience settings. Learning and development
Breaches found The instances where the rule or procedure was not followed, including the number or description of the breaches identified. Incident log, compliance register, investigation records, or audit findings. Compliance / internal audit
Corrective actions The steps taken after a breach or issue was found, including remediation, follow-up, and any process change. Corrective action tracker, incident closure notes, management response, or remediation plan. Compliance / operations team
Disciplinary outcomes Any formal people-management measures applied after a breach, described in a way that reflects the actual outcome taken. HR case records, disciplinary log, investigation outcome letter, or employee relations file. HR / employee relations
+ Show G1-2 sub-elements (LRA working checklist)

How to prepare it

1Set the reporting boundary first. Decide which parts of the business, which activities, and which people or suppliers are in scope for this disclosure, so every later entry is drawn from the same population.
2Agree the definitions before you start counting or writing. Confirm what your team will treat as an implemented action, a prevention measure, a monitoring activity, a selection basis, training, an engagement programme, a procedure, an investigation, a breach, a follow-up action, and a disciplinary response.
3Gather the source records that support each item. Pull together the internal notes, registers, training logs, supplier records, monitoring outputs, investigation files, and any other working papers that show what was done and by whom.
4Prepare the figures and narrative in the format needed for each datapoint. Record the yes/no fields, the percentage fields, and the descriptive text fields separately, and make sure the numbers and wording match the same reporting period and scope.
5Explain any exclusions, changes, or gaps in a clear audit trail. If a group, activity, supplier set, or role was left out, or if the method changed from the prior period, note what changed and why so the reported picture can be understood.
6Check the draft against the official source before sign-off. Confirm that every required item is covered, the wording still reflects the underlying requirement, and the final submission is consistent with the current ESRS source text.
Request the data

Request the business conduct actions log and supporting evidence

Translate the disclosure into an internal business question — then adapt it to your organisation's own language.

What actions, controls and follow-up activity has the organisation put in place to prevent, monitor and address business conduct issues, and what supporting records show how these were applied in practice?

Use the organisation’s own names for policies, controls, training, monitoring, investigations and disciplinary steps first, then map them to the disclosure. Keep the request in business language that the owner already uses internally, and check the source material before sign-off.

Weak request

Please provide the ESRS G1-2 actions, prevention measures, monitoring actions, ESG criteria used, training coverage, engagement programmes, procedures, monitoring systems, investigation processes, breaches identified, actions taken and disciplinary measures.

Why it fails: This is too close to framework wording and bundles many labels without telling the owner what internal records to pull. It does not ask for the organisation’s own terms, source systems, boundary or evidence trail, so the response is likely to be incomplete or hard to map.

Better request

Please send the conduct actions log and the supporting records for [period] from your team’s normal systems. Include the steps already in place to prevent issues, the checks or reviews used to spot problems, any training or supplier engagement activity, and any case outcomes or follow-up actions. Use your own internal labels first, then we will map them to the reporting categories.

Formal email template
Subject: Request for business conduct actions evidence for [reporting period]\n\nHello [name/team],\n\nWe are preparing the sustainability reporting pack and need your help with the business conduct actions section for [reporting period].\n\nPlease send the information and supporting records for the areas you own, using your normal internal terms where possible and then mapping them to the reporting categories. We are looking for:\n- the actions already put in place\n- the steps used to prevent issues\n- the monitoring or review activity carried out\n- any training, engagement, investigation or follow-up activity linked to conduct matters\n- any breach findings and the actions or disciplinary steps taken\n\nPlease include the context fields below in your response: [period], [boundary], [source system], [internal category names], [action type], [population covered], [measurement basis], [evidence status], [owner and approver], [supporting artefacts].\n\nIf you have multiple records, a simple table is fine. Please attach the underlying evidence where available. If anything is unclear, we can work through the mapping together.\n\nPlease reply by [date]. This is a training template only; adapt it to your organisation and check the source material before sign-off.\n\nMany thanks,\n[preparer name]
Short Teams / Slack version
Hi [name/team] — could you share the business conduct actions evidence for [period]?\n\nPlease use your usual internal terms and include: actions in place, prevention steps, monitoring/review activity, training or engagement, investigation follow-up, and any breach outcomes or disciplinary steps.\n\nA table plus supporting files is fine. Please add [boundary], [source system], [owner], [status] and [evidence links]. We’ll map it to the reporting categories afterwards. Thanks.
Industry examples
Manufacturing

Context. A group with a central ethics team and plant-level compliance leads wants evidence on conduct controls across factories and procurement.

Adapted request. Please share the conduct controls pack for [period], including the ethics actions already rolled out, site-level prevention checks, monitoring routines, investigation workflow, training for managers and buyers, and any breach follow-up. Use your site and function names, then we will map them to the reporting categories.

Example response. Returned table shows 12 actions in place across 8 sites, 6 prevention measures, 4 monitoring routines, 3 investigation cases, 92% training coverage for targeted roles, and 2 disciplinary outcomes with linked case references and policy extracts.

Financial services

Context. A regulated business needs evidence from compliance, risk and HR on conduct training, monitoring and case handling.

Adapted request. Please provide the conduct programme evidence for [period], including the controls in place, monitoring and review activity, staff training for targeted roles, any engagement with third parties, and the outcomes of any investigations or disciplinary cases. Please use your internal control names and case categories.

Example response. Returned pack includes a control register, quarterly monitoring dashboard, training tracker for 1,240 targeted staff, supplier engagement notes for 18 counterparties, and a case log showing 5 breaches identified, 5 actions taken and 2 disciplinary outcomes, each with evidence references.

Draft your disclosure

Notes that turn data into a disclosure

LRA training templates — adapt them to your organisation, and check the official source before sign-off.

Method note

State how the organisation defined the relevant scope, what it counted as an action, training, engagement, procedure, monitoring step, or investigation step, and how it determined the basis for any percentages or selections reported.

Context note

Explain what the figures show about how the organisation manages the issue in practice, including the extent of implementation, the reach of training, the scale of supplier engagement, and whether the control framework is in place.

Fluctuation statement

If any figures changed materially, note whether that was driven by a wider rollout of controls, a change in the number of people or suppliers covered, a revised selection approach, or a shift in the amount of activity recorded.

Content index entry
G1-2 Actions (Business Conduct) — [location / page] / [notes]
Download Centre

Preparation tools & forms

Professional preparation tools for G1-2 — free with an LRA Community membership. Register once (it's free) and every download unlocks, together with the Disclosure Library, templates and the LRA AI-assistant.

Free · Community members
Go deeper · G1-2
Learn to prepare this disclosure end-to-end

This guide covers one Disclosure Requirement. The ESRS / CSRD Reporting course walks the full European workflow — double materiality, datapoints, evidence and assurance — with exercises on your own data.

Available as Guided Flex, Live Cohort, 1:1 Expert Mentorship or Corporate Programme.

Assurance readiness

For each claim, check the evidence

ClaimRiskEvidence to check
We linked the supplier-related actions in this section to the supplier-code material already explained elsewhere in the report, so readers can trace the connection without duplication.The cross-reference may be incomplete, point to the wrong place, or imply coverage that is not actually supported by the other disclosure.The final report cross-reference map; the linked supplier-code disclosure; drafting notes showing why the link was made; reviewer sign-off confirming the referenced material matches the claim.
We set out the steps we took after any breach or suspected breach of our anti-bribery or anti-corruption rules, using incident records and follow-up actions rather than general policy language.The narrative may describe policy intent but not actual response actions, or it may overstate how consistently incidents were handled.Case files for breaches or allegations; investigation logs; remediation plans; disciplinary or corrective-action records; approval notes showing the published wording matches the underlying evidence.
We described the anti-bribery and anti-corruption learning given to the roles we judged most exposed, including senior oversight groups and operational managers, and we based the wording on attendance and training records.The report may overstate who was trained, omit the highest-risk roles, or rely on a training plan rather than completed delivery.Training matrix by role; attendance logs; course content; completion reports; role-risk assessment used to decide the audience; sign-off that the published description matches the records.
We summarised the main business-conduct actions we have started or plan to start, and we included when each step is due, where it applies, and what result we expect from it.The disclosure may be too vague on timing, coverage, or expected effect, or it may mix completed work with future plans without making that clear.Action plan or roadmap; milestone tracker; scope notes; expected-outcome statements; management review papers showing the published summary reflects the underlying plan.
We explained how we worked with suppliers to lift their sustainability performance, and we supported that wording with supplier engagement records rather than broad statements about partnership.The report may claim improvement work without evidence of actual supplier engagement, or it may describe commercial contact that did not address sustainability performance.Supplier meeting notes; improvement plans; correspondence; scorecards or follow-up trackers; internal approvals confirming the published wording is limited to evidenced engagement.
We described the controls and follow-up steps we use when corruption or bribery concerns arise, covering prevention, spotting issues, investigation, and response, and we checked that the wording matches our actual process.The disclosure may omit one stage of the process, describe a process that is not operating in practice, or overstate the maturity of controls.Policy and procedure documents; incident-handling workflow; investigation templates; escalation logs; audit or testing results; management confirmation that the published description reflects current practice.

Evidence pack to prepare

Common reporting gaps

A percentage is stated without the underlying counts (numerator and denominator).The denominator — what the figure is a share of — is not explained.Partial scope is reported as if it were complete coverage.One-off activities are counted as if they were ongoing programmes.Boundary or period changes that move the figure are not flagged.Exclusions from the reported scope are not listed or explained.
Common gaps

Mistakes to avoid when collecting the data

Wrong owner
The team asks a policy, training, or investigations lead for figures that sit with the business unit actually running the action, so the answer comes from the wrong place.
Framework language instead of local terms
People ask for data using disclosure labels rather than the organisation’s own names for controls, programmes, and case handling, which leads to mismatched responses.
Scope not pinned down
The collector does not state which entities, functions, or locations are in scope, so different teams send data for different parts of the business.
+ Show 6 more

Where judgement is often needed

Acquisitions and disposals during the year
Decide whether to include only the business units you controlled at the reporting date or to also bring in sold or newly bought operations for part-year activity, and explain the cut-off used.
Different local meanings for the same conduct topic
Where country teams use different internal labels or legal definitions for the same behaviour, map them to one group-wide description and say how you reconciled the local wording.
Teams close to the boundary of scope
Set out whether shared-service staff, temporary workers, contractors, or other near-boundary roles are counted in the action narrative, and state the rule used to include or exclude them.
+ Show 7 more
Examples

Illustrative examples

Synthetic, written by LRA — not from a company report, not text from any standard.

Illustrative (synthetic) example — Consumer goods manufacturing

We are using this synthetic example to show how our group could describe its approach to business conduct oversight. - We have put in place a supplier code, a gifts-and-hospitality rule, and a third-party due-diligence check; we also run periodic reviews to spot issues early and track whether the controls are working. - For supplier screening, we do use environmental, social and governance factors, applying a risk-based scoring method that gives extra weight to higher-spend and higher-risk categories; we also provide anti-bribery and conduct training to 1,260 of 1,500 relevant staff (84%), totalling 2,520 hours. - Our supplier outreach covered 180 of 240 active suppliers (75%); the programme led to 34 corrective plans, 12 supplier exits, and no confirmed cases of repeat non-compliance at year end. - We have defined escalation steps, a case-tracking system, and a formal review route for allegations, with monthly monitoring by compliance and internal audit.

Synthetic illustration only; figures and processes are invented for training purposes and are internally consistent.

Illustrative (synthetic) example — Commercial property services

This is a synthetic example showing how our group could explain its business conduct controls in plain language. - We introduced a tenant-and-vendor integrity policy, a conflicts register, and spot checks on higher-risk relationships; these are supported by routine monitoring so we can see whether the controls are being followed. - We do use environmental, social and governance factors when choosing service partners, using a weighted review that favours suppliers with stronger labour, safety, and ethics records; we trained 420 of 500 relevant colleagues (84%), for 1,050 hours in total. - Our engagement work reached 96 of 120 suppliers (80%) and produced 19 remediation plans, 7 contract renewals with conditions, and 4 supplier removals after unresolved issues. - We have set out reporting steps, a monitoring platform, and an investigation workflow for concerns, with quarterly oversight by compliance and risk teams.

Synthetic illustration only; figures and processes are invented for training purposes and are internally consistent.

Company reportsReal published reports
Compare side by side →Get it free

How companies report G1-2 in practice

Real reports where this topic is disclosed. These are report practice, not exact disclosure templates to copy.

EssilorLuxottica Société anonyme
Healthcare Providers, Services and Technology · France · 2024
Open report →
EssilorLuxottica's 2024 Sustainability Report provides covered evidence of implementing anti-bribery and corruption programmes, including training on business conduct and anti-bribery measures, with a target of 85% completion (pp. 137, 140, 142, 143). The report also references a SpeakUp reporting system related to ethics and anti-corruption (p.140). However, disclosures on measures for preventing trafficking in human beings are unclear, with only related context found without a clear statement (p.30), and several other narrative items and percentage values relevant to the disclosure are not found in the report.
EDP, S.A.
Electric Utilities / IPP / Energy Traders · Portugal · 2025
Open report →
EDP, S.A.'s 2025 Integrated Annual Report provides some relevant information on business conduct and related party transactions aimed at preventing conflicts of interest, notably on page 245. The report also references anti-corruption and anti-bribery measures, including certification under ISO 37001 and a Compliance Specific Program, with mentions on pages 187, 193, and 585. However, clear and detailed disclosures specifically addressing prevention and detection of corruption and bribery are unclear or missing, with only partial context found on pages 547, 548, and 128, and no quotable evidence for key narrative or percentage datapoints elsewhere in the report.
Terna S.p.A.
Electric Utilities / IPP / Energy Traders · Italy · 2025
Open report →
Terna S.p.A.'s 2025 Annual Report provides partial supporting context on risk mitigation measures related to business conduct and supplier relationship management, mentioning prevention efforts involving employees and contractors (p.339). The report references the adoption of a comprehensive system for corporate culture and business conduct policies (p.352) and notes the company’s ISO 37001 certification for anti-corruption management since 2017 (p.364). However, no clear headline values, detailed narratives, or percentage data specifically addressing the disclosure were found, leaving the overall methodological and quantitative aspects unclear.
✓ LRA AI Assistant · Human-in-the-loop
Dr Ross Kurinko
Ask Study Studio AI assistant about this disclosure
Get practical answers for your reporting context. Your first two answers are free — join LRA Community for free to continue without a limit.
TryHow do I prepare G1-2?What data do I need to collect?Where can I see a real-report example?What mistakes should I avoid?
2 free answers
Check your understanding

Scenarios to work through

A preparer is drafting the year-end note on business conduct actions. The company has rolled out a new anti-bribery process, a supplier engagement programme, and a whistleblowing review workflow, but the draft only says 'we improved controls' without naming what was done.

QHow should the preparer decide what to include so the note is useful and complete?
Reveal model answer →

A company used a mix of ethics, sustainability and supplier-risk factors to choose which staff and suppliers received extra conduct training. The draft report says the selection was based on 'relevant criteria' but does not explain how the group was chosen.

QWhat should the preparer check before finalising the training disclosure?
Reveal model answer →

A procurement team ran a supplier conduct programme for 180 suppliers. The draft says 180 suppliers were contacted, but it does not say what changed as a result, and the only training figure available is that 144 staff attended a session out of 160 in scope.

QHow should the preparer handle the outcome and coverage details?
Reveal model answer →

A compliance team has a hotline, a case-tracking tool and a disciplinary process for conduct breaches. During the year, 12 breaches were confirmed, 9 led to retraining, and 3 led to formal sanctions, but the draft only mentions the hotline and omits the follow-up steps.

QWhat decision should the preparer make about the way the response process is described?
Reveal model answer →
Framework references

Related framework references

How this disclosure maps across the major reporting frameworks.

ESRS
G1-2
within ESRS G1: Business Conduct
Open official source →
Primary
Related & explore
Go deeper · G1-2
Learn to prepare this disclosure end-to-end

This guide covers one Disclosure Requirement. The ESRS / CSRD Reporting course walks the full European workflow — double materiality, datapoints, evidence and assurance — with exercises on your own data.

Available as Guided Flex, Live Cohort, 1:1 Expert Mentorship or Corporate Programme.

FAQ

Questions this page answers

What should I gather first to prepare disclosure G1-2 on business conduct for this page?+
Which data points does the G1-2 page say I need for the disclosure?+
How do I decide the scope for G1-2 business conduct data on this page?+
Who should own the G1-2 data collection and sign-off process?+
What evidence pack do I need to make G1-2 assurance-ready?+
What are the common mistakes on the G1-2 page that I should avoid?+
How do I use the Prep & Assurance workbook for G1-2?+
What is the printable Library Card for G1-2 used for?+
Can I use the synthetic example disclosure on the G1-2 page as a template?+
How does the G1-2 page help me turn raw data into a draft disclosure?+
More questions this page can help with
How this library is built 312 published reports indexed 63171 pages with page-level citations 272 practitioner guides