Disclosure LibraryPractitioner guidance for every reporting disclosure
Home Disclosure Library GRI GRI 417 GRI 417-3
GRI 417: Marketing and Labeling · 2016
Disclosure GRI 417-3

Incidents of non-compliance concerning marketing communications

Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.

Dr Ross Kurinko, GRI Certified Trainer
Reviewed by Dr Ross Kurinko · GRI Certified Trainer LRA educational guidance · Not issued or endorsed by GRI
To prepare this disclosure
Disclosure focus

This disclosure asks an organisation to report any confirmed cases where its marketing communications did not comply with the rules or standards that apply to them. In practice, it is about whether there were breaches in how products, services or the organisation itself were promoted, and whether those breaches were identified and recorded during the reporting period.

The practical focus is on the full scope of marketing activity, not just a few visible campaigns or flagship sites. An organisation should consider where marketing is created, approved and used across its operations, and report incidents wherever they occurred, so readers can see whether non-compliance was isolated or part of a wider pattern.

This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.

Before you start

A quick mental checklist before you prepare this disclosure — tick each as you settle it.

Preparation

Key datapoints to prepare

Datapoint What to capture Evidence hint Owner
Prior-period breaches A short note on any breaches or failures that happened in earlier reporting periods but are being reported now, where relevant. Case log, compliance review notes, legal correspondence, or incident register showing the event date and why it is being included now. Compliance / Legal
Breach occurrence A brief description of each breach or failure identified in the period, with enough detail to show what happened and that it is a non-compliance matter. Incident register, investigation file, regulator correspondence, internal audit findings, or legal review confirming the breach and its classification. Compliance / Legal
Marketing breaches count The total count of breaches linked to marketing messages and campaigns, including paid promotion and sponsorship activity, for the reporting period. Marketing compliance log, campaign review records, legal sign-off tracker, incident register, and any regulator or self-regulatory correspondence used to tally the count. Marketing / Compliance
No breaches statement A short statement confirming that no breaches were identified, where that is the case. Compliance review conclusion, incident register showing no cases, and sign-off from the responsible control owner. Compliance / Legal
+ Show GRI 417-3 sub-elements (LRA working checklist)

How to prepare it

1Set the reporting boundary first: decide which business units, markets, channels and time period you will check, and make sure the same scope is used for both the count and any supporting narrative.
2Define what you will treat as a reportable breach: use one clear internal rule for incidents tied to marketing communications, including advertising, promotions and sponsorship activity, so the team applies the same test every time.
3Gather the source evidence for each case: keep the underlying records that show what happened, when it happened, where it was identified, and whether it was a breach of law or a voluntary code.
4Compile the output in the form needed for the disclosure: record the total number of incidents, and also prepare a short statement if no breaches were found, so the final submission matches the facts you have checked.
5Separate current-period cases from older matters: if an issue relates to an earlier reporting period, flag it clearly and keep it distinct from incidents arising in the current year.
6Document any exclusions, restatements or changes in approach, then compare the draft against the official source to confirm you have not missed any required item and that the wording still reflects the underlying evidence.
Request the data

Request the marketing compliance incident log

Translate the disclosure into an internal business question — then adapt it to your organisation's own language.

How many marketing, promotion, or sponsorship issues were identified in the period, and were any linked to earlier periods or to a no-issue position?

Use your organisation’s own labels first (for example, campaign review, brand approvals, promotions, sponsorships, complaints, breaches, or regulatory matters), then map them to the disclosure. Keep the request in business language your team already uses, and check the source material before sign-off.

Weak request

Please provide the incidents of non-compliance concerning marketing communications for the reporting period.

Why it fails: This uses framework wording that many operational teams will not use day to day, so it is easy to misunderstand, under-scope, or answer with the wrong register. It also does not say what to include, how to count items, or whether older activity identified now should be flagged.

Better request

Please pull the marketing compliance cases for [reporting period] from your tracker or case log, covering advertising, promotions, sponsorships, and similar activity. Include any matters first identified this period that relate to earlier activity, and confirm if there were no issues. Use your team’s own labels, include the case ID and source record, and send the count plus a short summary by [date].

Formal email template
Subject: Request for marketing compliance incident data for [reporting period]\n\nHi [name/team],\n\nI’m preparing the sustainability reporting pack and need your help with the marketing compliance incident data for [reporting period].\n\nPlease send a summary of any issues recorded in your tracker or case log that relate to advertising, promotions, sponsorships, or similar activity, including any matters first identified this period but linked to earlier activity. If there were no issues, please confirm that in writing.\n\nFor each item, please include:\n- case or reference ID\n- date the issue was identified\n- whether it relates to earlier activity\n- short description of the issue\n- internal category used\n- status / outcome\n- source record or evidence link\n- total count of incidents for the period\n\nPlease adapt this to your team’s own terms and send back the completed table by [date]. Check the source material before sign-off.\n\nThanks,\n[preparer name]
Short Teams / Slack version
Hi [name] — could you send the marketing compliance incident log for [reporting period]? Please include any advertising / promotion / sponsorship issues, plus anything found this period that relates to earlier activity. If there were none, please confirm that in writing. Use your team’s own labels and send the source link or case ID by [date]. Thanks.
Industry examples
General operations

Context. Adapt the request to the reporting boundary and internal owner.

Adapted request. Please pull the marketing compliance cases for [reporting period] from your tracker or case log, covering advertising, promotions, sponsorships, and similar activity. Include any matters first identified this period that relate to earlier activity, and confirm if there were no issues. Use your team’s own labels, include the case ID and source record, and send the count plus a short summary by [date].

Example response. The response should state the period, boundary, source system, evidence owner and any judgement applied.

Draft your disclosure

Notes that turn data into a disclosure

LRA training templates — adapt them to your organisation, and check the official source before sign-off.

Method note

State how you counted each relevant case, including what you treated as a reportable incident and whether you included matters first identified now or linked to an earlier period.

Context note

Explain what the figures mean for the business by saying whether there were any relevant breaches, how many were recorded, and whether any were connected to past periods.

Fluctuation statement

If the number changed materially, note the main operational or control-related reasons for the movement and say whether any cases were carried over from an earlier period.

Content index entry
GRI 417-3 Incidents of non-compliance concerning marketing communications — [location / page] / [notes]
Download Centre

Preparation tools & forms

Professional preparation tools for GRI 417-3 — free with an LRA Community membership. Register once (it's free) and every download unlocks, together with the Disclosure Library, templates and the LRA AI-assistant.

Free · Community members
Assurance readiness

For each claim, check the evidence

ClaimRiskEvidence to check
We have checked whether any older compliance issue should still be counted in the coverage figure, and we only included it where it genuinely belongs in the period we are reporting.The assurer will probe whether a prior-period matter was wrongly left out, double-counted, or brought into the wrong reporting year.Case logs, legal or compliance review notes, period-end cut-off papers, and the working file showing how each matter was assigned to the reporting year.
We built the incident count from a defined population of relevant cases, using one consistent method to decide what was in scope and what was excluded.The assurer will test whether the count is complete, whether the scope was applied consistently, and whether exclusions were justified.Scope memo, incident register, inclusion/exclusion criteria, source-system extracts, and reconciliation between the register and the published figure.
The total we disclosed was taken from the underlying records after we had checked for duplicates, missing entries, and obvious coding errors.The assurer will look for overstatement, understatement, duplicate counting, or weak data handling before publication.Raw incident listings, duplicate-check evidence, data-cleaning logs, version history, and sign-off records for the final number.
We kept support for each reported case, including the original record, the reason it was treated as relevant, and the review trail behind the final tally.The assurer will ask whether there is enough evidence to support each item counted and whether the audit trail is complete.Source documents, investigation files, correspondence, decision notes, and a trace from each reported case back to the underlying evidence.
Before publishing, we ran a final check that the statement matched the working papers and that the wording did not overstate what the evidence showed.The assurer will probe whether the published wording is consistent with the evidence and whether the final review caught errors or unsupported claims.Draft-to-final comparison, approval emails, management review notes, and the final disclosure pack with the supporting schedule.

Evidence pack to prepare

Common reporting gaps

Figures are stated without the supporting narrative, or narrative without figures.Scope is inconsistent between the text and the numbers.The reporting boundary is left undefined.Material changes since the previous period are not disclosed.Estimates and measured values are not distinguished.Source records for the figures are not identified.
Common gaps

Mistakes to avoid when collecting the data

Wrong owner
The request goes to the wrong team, so the count is built from the people who run campaigns rather than the group that tracks complaints, legal cases, or code breaches.
Framework language used
The data ask is sent in disclosure wording instead of the organisation’s own terms, and the recipient cannot tell whether to look at ad checks, promo approvals, sponsorship reviews, or another internal record set.
Scope not fixed
No one agrees which business units, brands, channels, or markets are in scope, so some incidents are included twice while others are left out.
Wrong time basis
The pull is made using the wrong date rule, so events from an earlier period are mixed into the current year or current-period cases are missed because they were logged later.
Counting basis mixed up
One source counts complaints, another counts separate incidents, and the final figure blends them together even though they are not the same population.
Source labels lost
The original case IDs, register names, and file labels are stripped away during consolidation, making it impossible to trace each figure back to the underlying record.
Populations merged
Marketing, advertising, promotion, and sponsorship issues are rolled into one bucket without checking whether the internal records keep them as separate groups.
Evidence trail missing
The extract is saved without the supporting note, date stamp, owner, or approval record, so nobody can show where the number came from or who checked it.
No sign-off path
The draft count is passed on without a named reviewer and final approval step, so the team cannot prove that the data was checked before the disclosure text was written.

Where judgement is often needed

Set the group boundary after acquisitions and disposals
Decide whether to count only incidents linked to businesses in scope at period end or also those from parts of the group bought or sold during the year, and explain the cut-off you used.
Handle older incidents that surface this year
If a breach happened before the reporting window but is identified, confirmed, or settled now, state whether you include it in the count and describe the timing rule you applied.
Align local rule breaches with group reporting
Where countries use different advertising, promotion, or sponsorship rules, agree a common way to decide what counts as a reportable breach and disclose any local exceptions or mapping rules.
Decide how to treat borderline marketing activity
Make a clear call on items near the edge of the scope, such as branded sponsorships, influencer activity, or sales promotions, and explain the business rule used to include or exclude them.
Choose the counting unit for repeated breaches
If one campaign leads to several findings, decide whether to count each finding, each campaign, or each case file as one incident, and describe that counting basis consistently.
Separate confirmed breaches from allegations
State whether you only count matters that have been substantiated or also include open complaints, regulator queries, or internal investigations, and explain the evidence threshold.
Use a consistent year-end basis for totals
If incidents are logged on different dates across legal, compliance, and marketing teams, pick one timing basis for the total and disclose how late updates, reversals, or reclassifications are handled.
Round and aggregate without exposing sensitive detail
When the number is small or could identify a case, aggregate the data or round it in a consistent way, and explain any privacy-driven suppression or grouping used.
Decide whether a no-issues statement is still supportable
If no breaches were found, confirm that the statement covers the full group and the full period, and note any areas reviewed but not counted so the basis is clear.
Examples

Illustrative examples

Synthetic, written by LRA — not from a company report, not text from any standard.

Illustrative (synthetic) example — Consumer goods

*Synthetic example for illustration only.* During the year, we recorded **2** marketing-related breaches of external rules and our own promotional code, giving an incidence rate of **2 incidents per 100 campaigns**. One case was first raised in the current year; the other related to a prior period and was identified after year-end review. We did not identify any other such breaches in the period.

This example shows how to report a small number of marketing-communications compliance issues, including one that belongs to an earlier period but was found later. The incidence rate is expressed as a simple normalised measure so readers can compare across years or business units.

Illustrative (synthetic) example — Healthcare services

*Synthetic example for illustration only.* We found **no** breaches of the rules or voluntary commitments that govern our advertising, sales promotion, or sponsorship activity, so the total number of incidents for the year was **0** and the incidence rate was **0 per 1,000 patient-facing communications**. Because there were no cases, there were also no matters carried over from an earlier period. In plain terms, we have not identified any non-compliance in this area.

This example shows the zero-reporting route: state the absence of incidents, give a zero incidence measure, and make clear that nothing from a prior period was identified either. It is useful where the organisation has reviewed the area and found no issues.

Company reports

How companies report GRI 417-3

Real reports where this topic is disclosed. These are report practice, not exact disclosure templates to copy.

Zydus Lifesciences Limited
Pharmaceuticals / Biotech / Life Sciences · India · 2025
Open report →
Zydus Lifesciences Limited’s ESG Report FY24-25 includes a numeric disclosure of zero incidents of non-compliance concerning product and service information and labelling on page 135. The report also references materiality issues and risk management aspects on page 148, indicating some narrative coverage of relevant topics. However, there is no clear or quotable evidence found elsewhere in the report specifically addressing other aspects of the disclosure, leaving some elements unclear or missing.
Firstsource Solutions Limited
Professional Services · India · 2025
Open report →
Firstsource Solutions Limited’s ESG Report FY 2024-25 provides coverage on forced or compulsory labor risks, referencing GRI 409-1 and noting operations and suppliers at significant risk on page 231. The report also includes detailed occupational health and safety data, such as lost time injury frequency rates and total recordable work-related injuries on page 120. However, there is no clear evidence found regarding some narrative disclosures, and certain aspects related to forced labor incidents or specific mitigation measures remain unclear.
Owens Corning
Building Products · United States · 2024
Open report →
Owens Corning’s 2024 Sustainability Report provides a 98% return to work rate for employees who took parental leave, reported by gender on page 300. The report also notes no incidents of non-compliance with regulations or voluntary codes on page 184, and includes a statement on independence, impartiality, and competence by SCS Global Services on page 384. However, while there is some supporting context on employee health screening on page 76, no specific headline values are given, and details on incidents of corruption or ethical breaches are referenced but not fully detailed in the provided excerpts.
✓ LRA AI Assistant · Human-in-the-loop
Dr Ross Kurinko
Ask Study Studio AI assistant about this disclosure
Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.
TryHow do I prepare GRI 417-3?What data do I need to collect?Where can I see a real-report example?What mistakes should I avoid?
1 free answer
Check your understanding

Scenarios to work through

During the year, the business settled one complaint about a promotional email that breached a trade body code. The issue was raised and closed in the same reporting year, and there were no other cases.

QDo you count this as one incident in the year, and do you describe it as a breach linked to marketing activity?
Reveal model answer →

A regulator finalised a case this year about an advert published last year. The matter was about a past campaign, but the decision and any finding arrived during the current reporting period.

QShould this be included even though the campaign happened before the reporting year?
Reveal model answer →

The company reviewed all advertising, sponsorship and sales-promotion activity and found no breaches of laws or voluntary industry codes. Internal checks and legal review support that conclusion.

QWhat should be reported when no non-compliance has been identified?
Reveal model answer →

Two separate complaints were upheld this year: one about a social media advert and one about a sponsored event banner. A third complaint was dismissed and did not lead to any finding.

QHow many incidents belong in the disclosure, and do you include the dismissed complaint?
Reveal model answer →
Framework references

Related framework references

How this disclosure maps across the major reporting frameworks.

GRI
GRI 417-3
within GRI 417: Marketing and Labeling
Open official source →
Primary
Related & explore
FAQ

Questions this page answers

What data do I need to prepare for GRI 417-3 Marketing and Labeling before I start drafting the disclosure?+
How should I scope GRI 417-3 Marketing and Labeling so I know which breaches to include?+
Who should own the GRI 417-3 Marketing and Labeling data collection in practice?+
What evidence should I keep for GRI 417-3 Marketing and Labeling to make the disclosure assurance-ready?+
What are the five assurance claims on the GRI 417-3 Marketing and Labeling page and how do I use them?+
What are the common reporting gaps or mistakes for GRI 417-3 Marketing and Labeling?+
How do I use the Prep & Assurance workbook for GRI 417-3 Marketing and Labeling?+
What should I take from the printable Library Card PDF for GRI 417-3 Marketing and Labeling?+
How do I turn the GRI 417-3 Marketing and Labeling data into a draft disclosure?+
Can I reuse the same data for ESRS S4 (Consumers and End-users) and GRI 417-3 Marketing and Labeling?+
More questions this page can help with
GRI 417-3 Marketing and Labeling workbook download: what is it for and how do I use it?GRI 417-3 Marketing and Labeling evidence pack: what should be in it for assurance?GRI 417-3 Marketing and Labeling prior-period breaches: how should I collect and present them?GRI 417-3 Marketing and Labeling breach occurrence: what counts as the key data point to capture?GRI 417-3 Marketing and Labeling no breaches statement: when do I use it in the draft?GRI 417-3 Marketing and Labeling marketing breaches count: how do I calculate and check it?GRI 417-3 Marketing and Labeling how to prepare the disclosure step by stepGRI 417-3 Marketing and Labeling common mistakes to avoid before assuranceGRI 417-3 Marketing and Labeling draft narrative starters and content index lineGRI 417-3 Marketing and Labeling from company reports examples: how can I use them as a benchmark?GRI 417-3 Marketing and Labeling plain-language explainer: what does the page help me understand?GRI 417-3 Marketing and Labeling ESRS S4 consumers and end-users data reuse question