Supply Chain Reporting Requirements for Suppliers

Last updated: May 30, 2026. Supply chain reporting requirements are no longer limited to large companies publishing annual sustainability reports. Suppliers are increasingly asked to provide emissions data, clean-energy information, due-diligence evidence, labour and human-rights policies, product or packaging data, CDP or EcoVadis responses, and supporting documentation for customer sustainability programs.

Short answer: most suppliers should not start by writing a broad ESG report. They should first read the actual customer request, identify whether it is asking for company-level emissions, product or service-level data, Scope 3 supplier information, due-diligence evidence, a portal response, assurance, a consultant letter, or a procurement checklist. The right response may be a focused data pack, emissions calculation, questionnaire response, supplier-request checklist, or customer-ready methodology note.

Why suppliers are receiving more sustainability requests

Large companies need better supplier data for several reasons. Some are preparing mandatory sustainability reports. Some are responding to investor, lender, or customer pressure. Some are trying to calculate Scope 3 emissions. Others have procurement policies, climate targets, human-rights due-diligence processes, product compliance duties, or customer-specific supplier programs.

For suppliers, this can feel unfairly indirect. The supplier may not be directly covered by a regulation, but a customer still asks for data because the customer's reporting, procurement, or risk process depends on information from the value chain.

The practical challenge is that supplier requests do not all mean the same thing. A customer might ask for a simple policy upload, a CDP response, a company GHG inventory, service-level emissions, renewable electricity evidence, a packaging declaration, or proof that the supplier has a grievance mechanism. A supplier that treats all of these as the same ESG exercise can waste time and still miss the actual requirement.

Start with the wording of the request

Before collecting data, suppliers should identify what kind of request they have received. Useful questions include:

Who is requesting the information: customer, platform, auditor, bank, investor, government agency, or certification body?
Is the request mandatory under a contract or procurement condition, or voluntary?
Is the customer asking for company-level data, site-level data, product-level data, service-level data, or value-chain information?
Does the request mention Scope 1, Scope 2, Scope 3, CDP, EcoVadis, RBA, ESRS, VSME, CSRD, CSDDD, assurance, verification, or a consultant letter?
Is there a portal, template, questionnaire, deadline, scoring method, or evidence checklist?
Does the request ask for final totals only, or also methodology and supporting documents?

This first read determines the workplan. It is the difference between a narrow two-week customer response and a much larger reporting project.

Greenhouse gas emissions and Scope 3 data

The most common supply chain reporting request is emissions data. Large buyers often need supplier information to calculate their Scope 3 emissions, especially purchased goods and services, capital goods, transportation, waste, business travel, employee commuting, leased assets, or product-use emissions.

Suppliers may be asked for:

Scope 1 and Scope 2 emissions;
relevant Scope 3 categories;
energy use and renewable electricity information;
emission factors and calculation methodology;
organizational boundary, reporting period, and location data;
product or service-level emissions;
supplier-specific emission factors for a buyer's Scope 3 calculation; or
evidence such as utility bills, fuel records, travel data, procurement data, and assumptions.

If the request is emissions-heavy, suppliers should build the response from a clear GHG emissions calculation, not from a rough sustainability narrative. For background on the accounting logic, see Keslio's guides to the GHG Protocol and Scope 1, Scope 2, and Scope 3 emissions.

CSRD value-chain requests and the voluntary SME standard

The EU Corporate Sustainability Reporting Directive (CSRD) has pushed many companies to examine value-chain sustainability information. Under the 2026 Omnibus I changes, the EU also introduced a value-chain cap intended to reduce excessive trickle-down reporting burden on smaller value-chain companies.

The European Commission's May 2026 explanation says the value-chain cap limits what CSRD-reporting companies can require from value-chain companies with 1,000 employees or fewer for CSRD reporting purposes. The cap is linked to the voluntary reporting standard for smaller companies. The same guidance also makes an important distinction: the voluntary standard does not impose an obligation on value-chain companies to report, and customers may still request additional information for non-CSRD purposes or clearly mark information that exceeds the cap.

For suppliers, this means two things. First, do not assume every CSRD-linked request requires a full ESRS report. Second, do not ignore the request just because the supplier is not directly in CSRD scope. A proportionate supplier data pack may still be useful, especially where a major customer needs emissions, workforce, governance, or due-diligence information.

CDP, EcoVadis, and customer portals

Many supply chain requests now arrive through portals rather than direct emails. CDP's 2026 disclosure cycle is one example: CDP says its corporate questionnaire aligns with frameworks such as ISSB, ESRS, and TNFD, and its supply-chain requesters use disclosure data to understand environmental performance. Some buyers also use EcoVadis, RBA-Online, proprietary questionnaires, or supplier management systems.

For suppliers, portal responses create a different kind of work. The supplier needs to answer specific questions, upload evidence, avoid inconsistent claims, and keep a record that can be refreshed next year. A portal response is not always the same as a public sustainability report. It may require shorter answers, more evidence, and careful matching to the platform's scoring or validation logic.

Due diligence and human-rights evidence

Supply chain reporting is not only about carbon. Human-rights and environmental due-diligence rules can create customer requests for policies, supplier codes, risk assessments, grievance channels, remediation processes, audit results, training records, and evidence of how issues are handled.

The EU Corporate Sustainability Due Diligence Directive entered into force in July 2024 and targets large companies, but its practical effects can reach suppliers because in-scope companies need to identify and address adverse human-rights and environmental impacts in their operations, subsidiaries, and business-partner relationships. Suppliers may therefore be asked for information even when they are not directly covered by the law.

Suppliers should respond carefully. A policy statement is useful only if it matches the company's actual practices. If the request asks for grievance processes, modern slavery controls, health and safety evidence, or responsible sourcing practices, the response should be grounded in documents the company can stand behind.

Product, packaging, and extended producer responsibility data

Some supplier requests are about products rather than corporate sustainability. A customer may ask for packaging composition, recycled content, hazardous substances, product energy performance, waste handling, take-back arrangements, recyclability, or extended producer responsibility information.

These requests often involve operations, procurement, logistics, product, and legal teams rather than only sustainability. Suppliers should avoid answering from memory. The response should be based on product specifications, bills of material, packaging data, supplier declarations, certificates, and jurisdiction-specific rules.

Buyer-specific sustainability requirements

Some enterprise customers have very specific supplier sustainability programs. For example, Microsoft supplier requests may involve total-company emissions, service-level accounting, methodology documentation, consultant letters, or independent assurance routes. Other customers may ask for CDP, clean-energy evidence, reduction plans, third-party review, product-level emissions, or portal submissions.

This is why the buyer name matters. A Salesforce, Google, Amazon, Cisco, HP, Dell, or Microsoft request may use different language and expect different deliverables. Suppliers should not copy a response prepared for one customer into another portal without checking the wording.

Keslio's supplier request support is built around this exact problem: review the request, identify the response path, prepare the data checklist, and produce the evidence-backed response the buyer actually asked for.

What suppliers should prepare first

A supplier does not need to build everything at once. The highest-leverage starting file is a practical response pack that can support multiple customer requests. It should include:

the original request, deadline, buyer contact, portal link, and response format;
company name, entities, locations, reporting period, and organizational boundary;
Scope 1 and Scope 2 data sources, including electricity, fuel, and refrigerants where relevant;
a first Scope 3 category screen and any customer-specific Scope 3 requirements;
energy, renewable electricity, travel, logistics, waste, and procurement records where relevant;
policies and evidence for labour, health and safety, human rights, ethics, grievance channels, and responsible sourcing;
product, packaging, or service-level data if requested;
methodology notes, assumptions, exclusions, and evidence files; and
a clear owner for annual refreshes.

Common mistakes suppliers should avoid

Assuming the request is a broad ESG report when it is really a focused data request.
Starting calculations before checking whether the buyer wants company-level, product-level, or service-level data.
Reporting emissions totals without methodology, boundaries, factors, or source evidence.
Ignoring Scope 3 because the supplier does not control the activity.
Copying answers between different customer portals without checking the wording.
Uploading policies that do not reflect actual practice.
Confusing consultant support with independent assurance or verification.
Waiting until the deadline before involving finance, operations, HR, procurement, or legal owners.

How Keslio can help

Keslio helps suppliers turn customer sustainability requests into practical response projects. Support can include request review, response-path confirmation, data checklists, GHG emissions calculations, Scope 3 screening, service-level accounting, methodology notes, evidence packs, questionnaire responses, and annual refreshes.

If the request is Microsoft-specific, Keslio also offers Microsoft supplier GHG reporting support. If the request is broader or the buyer is not yet clear, start with supplier request support.

Need help responding to a supplier reporting request?

If a customer has sent your team a sustainability, GHG, CDP, EcoVadis, due-diligence, or supplier questionnaire request, Keslio can review the wording, identify the likely response path, and help prepare a customer-ready response without turning it into a broad ESG project.