Disclosure LibraryPractitioner guidance for every reporting disclosure
Home Disclosure Library GRI GRI 416 GRI 416-2
GRI 416: Customer Health and Safety · 2016
Disclosure GRI 416-2

Incidents of non-compliance concerning the health and safety impacts of products and services

Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.

Dr Ross Kurinko, GRI Certified Trainer
Reviewed by Dr Ross Kurinko · GRI Certified Trainer LRA educational guidance · Not issued or endorsed by GRI
To prepare this disclosure
Disclosure focus

This disclosure asks an organisation to report any confirmed cases where its products or services did not meet health and safety requirements, and to say what happened as a result. In practice, it is about incidents of non-compliance that have a real health and safety impact, rather than general quality issues or near misses. The focus is on what was identified, how many cases there were, and the nature of the impact.

The practical question is whether the organisation is looking across all relevant products, services, markets and operating areas, not just a few flagship sites or best-performing business units. It should be clear whether the reporting covers the full organisation or only part of it, and whether the incidents relate to products, services, or both. The aim is to show where health and safety compliance has failed and how widespread those failures are.

This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.

Before you start

A quick mental checklist before you prepare this disclosure — tick each as you settle it.

Preparation

Key datapoints to prepare

Datapoint What to capture Evidence hint Owner
Prior-period breaches A short note on any compliance breaches that happened in earlier reporting periods but are being reported now, including what happened and why it is being brought into this period’s disclosure. Case log, investigation file, legal/compliance review, and the reporting-period cut-off check that shows the event belongs to an earlier period. Legal / Compliance
Compliance incidents A concise description of each instance where a rule, permit, licence, code, or similar requirement was not met, with enough detail to distinguish separate events. Incident register, compliance tracker, regulator correspondence, internal investigation notes, and any breach notifications. Legal / Compliance
Product safety breaches The total count of non-compliance events during the reporting period that relate to product or service health-and-safety rules or voluntary commitments, counted as incidents rather than customers, complaints, or products. Product safety incident log, quality assurance records, recall or corrective-action files, regulatory notices, and the period-end count used for reporting. Product Safety / Quality Assurance
No breaches statement A brief confirmation that no non-compliance with relevant rules or voluntary commitments has been identified for the period, where that is the case. Signed compliance review, legal sign-off, and the period-end assessment showing no recorded breaches. Legal / Compliance
+ Show GRI 416-2 sub-elements (LRA working checklist)

How to prepare it

1Set the reporting boundary first: decide which business units, products, services and time period you are covering, so you can separate issues arising in the current year from any matters linked to earlier periods.
2Agree what will count as a reportable case. Use one internal definition for a breach or failure to follow relevant rules or voluntary commitments on product and service health and safety, and make sure the team applies it consistently.
3Gather the source records that support the count. Pull together incident logs, compliance reviews, investigation files, legal or regulatory correspondence, and any other evidence needed to show whether a case occurred and when it happened.
4Prepare the disclosure content in the format you will publish. Include the total number of cases in the reporting period, note any cases tied to earlier periods if they exist, and add a short statement if no such issue was identified.
5Record any exclusions, restatements or scope changes. If you leave anything out, or if your counting method or boundary has changed since the last cycle, explain that clearly so readers can understand the figures.
6Check the draft against the official source before sign-off. Confirm the wording, count and any narrative match the underlying evidence and that nothing required by the source has been missed.
Request the data

Request the product safety non-compliance log

Translate the disclosure into an internal business question — then adapt it to your organisation's own language.

Did we have any recorded breaches, notices, or other non-compliance events linked to the safety impact of our products or services in the reporting period, and are any of them tied to earlier periods?

Use your organisation’s own terms first, then map them to this disclosure. For example, if your teams talk about recalls, safety notices, product complaints, enforcement letters, or code breaches, use those labels in the request and only translate them into the reporting disclosure wording at the end.

Weak request

Please provide the GRI 416-2 the evidence needed for GRI 416:GRI 416-2, including any prior-period incidents and a statement if none were identified.

Why it fails: This uses framework language that many operational teams do not use day to day, so it can be hard to search the right register or understand what to include. It also does not tell the owner which internal systems, labels, or evidence types to pull from.

Better request

Please send the product safety / quality / regulatory case log for [reporting period], including recalls, notices, breaches, enforcement letters, and any similar issues linked to product or service safety. Include cases first found this period that relate to an earlier period, and confirm if no cases were recorded. Use your team’s own labels and attach the supporting case evidence.

Formal email template
Subject: Request for product safety non-compliance data for [reporting period]

Dear [name/team],

We are preparing the sustainability reporting pack for [reporting period] and need your help with the product safety / quality / regulatory matters that were logged in your area.

Please send a list of any cases in scope where there was a breach, notice, enforcement action, recall, or other recorded issue linked to the safety impact of our products or services. Please include any cases that were first identified in this period but relate to an earlier period, as well as any periods with no cases recorded.

For each case, please provide the details in the response table below and attach or link the supporting evidence (for example, case notes, correspondence, tracker extracts, or closure records).

Please use your team’s own terminology in the first instance, then we will map it to the reporting disclosure wording during review. If you are unsure whether a case is in scope, include it and note the reason.

Please return by [date]. We will check the official source before sign-off.

Many thanks,
[preparer name]
[role]
[contact details]
Short Teams / Slack version
Hi [name/team] — could you send over the product safety / quality / regulatory cases for [reporting period]? Please include any recalls, notices, breaches, enforcement letters, or similar issues linked to product/service safety, plus anything first found this period that relates to an earlier one. If there were none, please confirm that too. Use your own case labels, and we’ll map them later. Thanks — [name]
Industry examples
Consumer goods / retail

Context. The business tracks product recalls, safety complaints, and regulator correspondence in a quality incident tracker.

Adapted request. Please extract all product safety cases from the quality incident tracker for [reporting period], including recalls, safety notices, complaint escalations, and any regulator letters. Flag any case that was identified this period but relates to an earlier one, and confirm if the tracker shows no cases in scope.

Example response. The tracker shows 3 cases in scope: 2 recalls and 1 regulator notice. One recall was opened in 2025 but related to a 2024 batch issue. No other cases were identified.

Healthcare / medical devices

Context. The organisation records field safety notices, vigilance reports, and authority communications in a regulatory affairs log.

Adapted request. Please provide the regulatory affairs log entries for [reporting period] covering field safety notices, vigilance reports, authority communications, and any other product safety non-compliance cases. Include any items linked to an earlier period and note if there were none.

Example response. The log contains 1 vigilance report and 2 authority communications in scope. One communication relates to an issue first detected in the prior year. No additional cases were found in the period.

Draft your disclosure

Notes that turn data into a disclosure

LRA training templates — adapt them to your organisation, and check the official source before sign-off.

Method note

State how the organisation counted each case, what it treated as a compliance breach, and whether it included matters first discovered now but linked to an earlier period.

Context note

Explain what the reported number means in practice, including whether it indicates any identified breaches or a clean position for the period, and what parts of the business or product range were involved if relevant.

Fluctuation statement

If the figure moved materially, note whether that was driven by more or fewer cases, delayed discovery of earlier issues, changes in reporting scope, or a genuine shift in performance.

Content index entry
GRI 416-2 Incidents of non-compliance concerning the health and safety impacts of products and services — [location / page] / [notes]
Download Centre

Preparation tools & forms

Professional preparation tools for GRI 416-2 — free with an LRA Community membership. Register once (it's free) and every download unlocks, together with the Disclosure Library, templates and the LRA AI-assistant.

Free · Community members
Assurance readiness

For each claim, check the evidence

ClaimRiskEvidence to check
I checked whether any older-period compliance issue needed to be brought into the coverage figure, so the reported number reflects the right timing basis.The assurer may find that prior-period matters were left out, double-counted, or moved into the wrong period, which would distort the figure.Issue logs, legal/compliance registers, case files, period-end cut-off review, and the working paper showing how each matter was dated and included or excluded.
I used a consistent method to decide what counted as a compliance incident, so the disclosed figure was built on the same rule set across the reporting period.The assurer may question inconsistent classification, where similar events were treated differently or non-qualifying items were counted.Internal counting guidance, classification checklist, sample incident files, reviewer sign-off, and any reconciliations between source records and the published total.
I compiled the total from the incident records for the period and checked that each included case related to the relevant product or service safety matters before publication.The assurer may probe whether the total is complete, whether any cases were missed, and whether the included items actually fit the stated subject matter.Source incident register, supporting correspondence, investigation notes, regulatory notices, tally sheet, and a trace from each counted case to the final number.
I confirmed the statement of no identified issues only after reviewing the underlying records and checking that there were no reportable cases in the disclosed operations.The assurer may challenge an unsupported zero claim, incomplete search coverage, or evidence that a relevant case existed but was not captured.Search and review evidence, management confirmation, legal/compliance review notes, exception logs, and the final clearance or approval record.

Evidence pack to prepare

Common reporting gaps

Figures are stated without the supporting narrative, or narrative without figures.Scope is inconsistent between the text and the numbers.The reporting boundary is left undefined.Material changes since the previous period are not disclosed.Estimates and measured values are not distinguished.Source records for the figures are not identified.
Common gaps

Mistakes to avoid when collecting the data

Wrong owner
The request goes to the wrong team, so the count is built from the wrong operational records instead of the people who track product and service safety issues.
Framework language only
The data call uses reporting-framework terms that the business does not use, and the source team cannot map them cleanly to its own incident logs.
Scope not fixed
No one agrees which products, services, sites, or business lines are in scope, so the dataset mixes records that should have been left out.
Wrong time basis
The pull is made using the wrong date basis, so events from outside the chosen reporting window are included or current-period items are missed.
Counting basis mixed up
One extract counts cases one way while another counts them differently, and the final total combines unlike measures that should stay separate.
Source labels lost
Original case IDs, system tags, or file names are stripped away, making it impossible to trace each figure back to the underlying record.
Separate populations merged
Incidents tied to past periods are merged with current-period incidents, even though they need to be kept apart for the disclosure build.
Evidence trail missing
The pack has numbers but no supporting metadata or sign-off record, so no one can show where the data came from or who checked it.

Where judgement is often needed

Counting matters that started before the year but were still open
Decide whether to include cases first identified earlier but still active in the current year, and explain that choice consistently with your cut-off date and evidence trail.
Treating a case as one event or several
Where one issue leads to multiple notices, sites, products, or jurisdictions, set a clear counting rule, apply it the same way, and disclose how you avoided double counting.
Using local rules versus a single group-wide view
If countries or business lines use different safety or product-control rules, state the basis used to judge a breach and explain any harmonised approach you applied across the group.
Deciding what sits inside the reporting boundary after a deal
When acquisitions, disposals, or closures change the perimeter, explain whether you counted only the period the business was in scope and how you treated incidents tied to the transferred activity.
Including borderline products, services, or customer groups
Set out how you handled items or users near the edge of your scope, such as trial products, legacy ranges, third-party channels, or vulnerable users, and explain why they were in or out.
Choosing between a confirmed breach and a suspected issue
State whether you counted only matters confirmed by an authority or internal review, or also credible allegations and near misses, and describe the evidence threshold used.
Using estimates where records are incomplete
If the count relies on estimates, reconciliations, or sampling because records are partial, say so and explain the method, assumptions, and any known margin of uncertainty.
Rounding and small-number suppression
Explain your rounding rule and any suppression or grouping used to protect privacy or avoid identifying individuals, while keeping the total count internally consistent.
Handling cases that span more than one reporting line
Where the same incident could be linked to product quality, customer harm, legal action, or another internal register, define the master source and explain how you linked or excluded duplicates.
Examples

Illustrative examples

Synthetic, written by LRA — not from a company report, not text from any standard.

Illustrative (synthetic) example — consumer goods manufacturing

*Synthetic illustration only.* During the year, we recorded **2** product-safety compliance breaches linked to our goods and related service information, giving an incidence rate of **0.8 incidents per 100 product lines reviewed**. - Both matters were identified and closed within the reporting period; **none** related to earlier periods. - We did **not** identify any other breach of relevant laws or voluntary commitments covering the safety effects of our products and services.

This example shows how a reporter can state the count, express a simple incidence measure, and clarify whether any matters came from earlier periods. It also includes a clear no-breach statement for the period.

Illustrative (synthetic) example — online retail and logistics

*Synthetic illustration only.* We identified **1** case of non-compliance affecting the safety of products handled through our platform, which equates to an incidence of **0.5 incidents per 100,000 orders processed**. - That case arose from the current year, and we found **no** open or newly reported matters carried over from prior years. - Aside from that single case, we have **not** identified any further departures from applicable rules or voluntary codes on product and service safety.

This example uses a different sector and a different incidence basis, while still covering the total number of cases, the rate, and the absence of prior-period matters. It also includes a concise statement that no additional non-compliance was found.

Company reports

How companies report GRI 416-2

Real reports where this topic is disclosed. These are report practice, not exact disclosure templates to copy.

Zydus Lifesciences Limited
Pharmaceuticals / Biotech / Life Sciences · India · 2025
Open report →
Zydus Lifesciences Limited’s ESG Report FY24-25 includes a numeric value indicating zero incidents of non-compliance concerning product and service information and labelling on page 135. The report also references materiality issues and risk management aspects on page 148, suggesting some discussion of relevant sustainability topics. However, there is no clear or quotable narrative specifically addressing broader compliance or governance details beyond these points, and some narrative items are not found or remain unclear.
Owens Corning
Building Products · United States · 2024
Open report →
Owens Corning's 2024 Sustainability Report provides a covered datapoint on employee retention after parental leave, reporting a 98% return-to-work rate by gender (p.300). The report also includes information on incidents of non-compliance with regulations or voluntary codes, noting no material incidents (p.184), and references compliance with independence, impartiality, and competency standards by SCS Global Services (p.384). However, there is no quotable evidence found for some narrative items, indicating gaps or unclear coverage in certain areas of the disclosure.
Thai Beverage Public Company Limited
Food and Beverage Processing · Thailand · 2024
Open report →
Thai Beverage Public Company Limited’s Sustainability Report 2024 includes coverage of incidents of child labor, referencing specific pages (155, 159) and a policy statement online, indicating attention to forced or compulsory labor issues (p.189). The report also provides data on non-compliance with health and safety regulations related to products and services (p.93). However, there is no clear or quotable evidence found elsewhere in the report specifically addressing other aspects of forced labor or detailed supply chain management practices related to this disclosure.
✓ LRA AI Assistant · Human-in-the-loop
Dr Ross Kurinko
Ask Study Studio AI assistant about this disclosure
Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.
TryHow do I prepare GRI 416-2?What data do I need to collect?Where can I see a real-report example?What mistakes should I avoid?
1 free answer
Check your understanding

Scenarios to work through

A product safety review finds two customer complaints from the current year and one regulator letter about an issue that happened last year but was only closed this year. The draft note currently lists all three together.

QHow should you separate what belongs in the current-year count from what should be described as a prior-period matter?
Reveal model answer →

A business has no findings from regulators, but it did breach a voluntary safety code it had signed up to for one product line. The team is unsure whether that should be left out because it was not a law breach.

QShould the incident be included in the disclosure, and how should it be treated in the count?
Reveal model answer →

A company had no findings at all during the year, but the draft report still contains a table with a zero count and a note saying no issues were found. The preparer wonders whether the narrative alone is enough.

QWhat should be stated when no such incidents were identified?
Reveal model answer →

A manufacturer recorded one incident in the year, but the incident file is incomplete: it has an internal email and a complaint log, yet no regulator notice or signed legal review. The team wants to publish the number anyway.

QWhat should you check before finalising the disclosure?
Reveal model answer →
Framework references

Related framework references

How this disclosure maps across the major reporting frameworks.

GRI
GRI 416-2
within GRI 416: Customer Health and Safety
Open official source →
Primary
Related & explore
FAQ

Questions this page answers

For GRI 416-2, what data points should I gather before I start drafting the disclosure?+
How do I use the step-by-step 'how to prepare' section for GRI 416-2 in practice?+
What should I include in the evidence pack for GRI 416-2 so it is assurance-ready?+
What are the four assurance claims I need to verify for GRI 416-2?+
What are the common reporting gaps or mistakes on the GRI 416-2 page that I should avoid?+
How should I use the Prep & Assurance workbook for GRI 416-2?+
What is the printable Library Card PDF for GRI 416-2 useful for?+
How do I turn the GRI 416-2 page content into a draft disclosure?+
What kind of synthetic example does the GRI 416-2 page show, and how should I use it?+
Can I reuse the same data for ESRS S4 (Consumers and End-users) and GRI 416-2?+
Who should own the GRI 416-2 disclosure process in my organisation?+
More questions this page can help with