ESG reporting is getting harder for manufacturers, not easier, as CSRD in Europe, Australia's ASRS and the EU's deforestation rules all reach further into the value chain at once. The reason is structural. Manufacturers are being asked to account for tiers of suppliers most of them have never spoken to directly, and on far more than carbon: human rights, biodiversity, and material risk now sit alongside emissions in what regulators expect to see.
Here is the part that gets lost in most coverage of this topic: these regimes do not all ask for the same thing. CSRD's Scope 3 accounting, the due diligence duties under the Corporate Sustainability Due Diligence Directive (CSDDD), and the EU's deforestation rules (EUDR) each reach a different depth into the same value chain, and each was just rewritten by Europe's Omnibus simplification package. A manufacturer that treats "value chain compliance" as one problem, rather than three overlapping ones with different edges, will end up either over-collecting data nobody asked for or missing an obligation that quietly still applies.
Why manufacturing carries a heavier load
Every sector under CSRD, and under ISSB-aligned regimes like Australia's ASRS, has to grapple with Scope 3: the emissions generated by other entities in a company's own value chain, both upstream from suppliers and downstream from customers, rather than from its own operations. But the shape of that problem changes depending on what a company makes and how it makes it.
A software company's value chain is short. A retailer's is longer, but largely visible through direct supplier contracts. A manufacturer's value chain often runs four or five tiers deep: raw material extraction, primary processing, component fabrication, sub-assembly, and finally the manufacturer's own line. Scope 3 typically accounts for 70 to 90% of a manufacturer's total carbon footprint, and for a business sourcing steel, aluminium, resins, or rare earth components, most of that footprint sits two or three tiers away from any contract it holds.
Emissions are only part of the picture. The same tiers that generate the bulk of a manufacturer's carbon footprint also carry the sector's sharpest exposure to modern slavery, land and biodiversity impacts, and the human rights and environmental due diligence obligations written into CSDDD and EUDR. Carbon is the easiest of these to quantify. It is not the only thing regulators, or customers further up the chain, are asking about.
That is the structural reason manufacturing gets hit harder. The reporting obligation is the same size on paper. The value chain behind it is not.
Not every rule asks for the same depth
This is the distinction manufacturers keep missing, and it is worth being precise about, because Europe's Omnibus package changed all three answers within the same twelve months.
CSDDD, as originally adopted in 2024, required companies to assess adverse impacts across their entire "chain of activities": direct and indirect business partners alike, in principle running as deep as the raw material. The Omnibus I Directive (2026/470), in force since 18 March 2026, narrowed that considerably. Due diligence duties now centre on direct, Tier 1 business partners, with indirect partners only pulled into scope where a company has plausible information pointing to a risk there. Scope also shrank hard: CSDDD now applies to EU companies with more than 5,000 employees and over EUR 1.5 billion in worldwide turnover (and non-EU companies with over EUR 1.5 billion in EU turnover), down from roughly 13,000 companies in scope to around 6,000. Member States must transpose the changes by 26 July 2028, with a single application date of 26 July 2029 for everyone in scope.
CSRD's Scope 3 disclosure runs on a different logic entirely. The Omnibus changes narrowed who has to report under CSRD, raising the bar to EU entities with more than 1,000 employees and over EUR 450 million in net turnover, with first-time application for financial years beginning on or after 1 January 2027. But for the companies that remain in scope, Scope 3 accounting under ESRS E1 still expects a full value chain view over time, not just Tier 1: it is measuring emissions, not managing due diligence risk, so the multi-tier ambition has not gone away, even as fewer companies are required to produce it.
Then there is EUDR, which does not follow either logic. It applies to seven commodities, cattle, cocoa, coffee, palm oil, rubber, soy and wood, plus derived products, and it requires deforestation-free proof traced to a geolocated plot of land, regardless of how many tiers deep that plot sits. After a further delay agreed in late 2025, large and medium operators must comply from 30 December 2026, with small and micro operators following on 30 June 2027. But EUDR also narrowed its own paperwork burden: only the company first placing a covered product on the EU market has to file the actual due diligence statement. A manufacturer further down the chain, say a tyre or componentry maker buying in natural rubber, still has to hold the records and satisfy itself that the input is compliant. It just is not the one submitting the form.
So a manufacturer sourcing natural rubber for seals or tyres may face full geolocation traceability under EUDR regardless of company size, a Tier 1-only due diligence duty under CSDDD if it clears the 5,000-employee, EUR 1.5 billion threshold, and a multi-tier Scope 3 estimate under CSRD only if it clears a different, much lower turnover bar. Three regulations, three different value chain depths, three different thresholds. Treating them as one compliance project is exactly how manufacturers end up either under-prepared for the one that actually bites, or over-collecting Tier 3 data nobody asked for.
What CSRD, ASRS and the wider ISSB rollout actually require
Under ESRS E1, in-scope companies must disclose total gross Scope 3 emissions broken down by category, the methodology and emission factor databases used, and the split between primary data (supplier-specific figures) and secondary data (spend-based estimates). Getting that split right matters. Many companies still rely on spend-based estimates, such as money spent on steel, rather than activity-based data drawn from actual usage. The European Commission's simplified ESRS, expected to be finalised by delegated act within six months of the Omnibus I Directive's entry into force, is set to cut mandatory data points by roughly 61%, from around 1,100 to about 430, and to remove sector-specific standards altogether. That is real relief on volume. It does not remove the expectation that a manufacturer with material Scope 3 exposure can explain where its numbers come from.
CSRD does not stop at climate, either. Standards such as ESRS S2 (workers in the value chain) require companies to identify and manage labour conditions and human rights impacts across those same tiers, independent of the CSDDD due diligence duty discussed above.
Australia's equivalent, ASRS, is built on AASB S2, the local implementation of the International Sustainability Standards Board's global climate disclosure standard, IFRS S2, with some Australian-specific additions layered on top. Group 1 entities have been reporting since financial years beginning on or after 1 January 2025, Group 2 follows from 1 July 2026, and Group 3 from 1 July 2027. Unlike IFRS S2, AASB S2 mandates two specific climate scenarios in every disclosure, one aligned to 1.5°C and one that materially exceeds 2°C, rather than leaving scenario choice to the reporter. Scope 3 disclosure becomes mandatory from each entity's second reporting year, with a relief period in year one allowing a qualitative explanation where quantitative data is not yet ready.
The first wave has already tested that relief period. By early May 2026, 259 Group 1 sustainability reports for the year ended 31 December 2025 had been lodged with ASIC. A review of 22 of the earliest ASX-listed reporters found that nearly all applied the Scope 3 transitional relief in year one, as the standard allows, though 12 of the 22 went further and voluntarily disclosed some Scope 3 categories anyway. That gap, between what the relief period permits and what the more prepared reporters chose to disclose regardless, is a reasonable early signal of where the market and, eventually, assurance providers and ASIC, are likely to set the bar once relief runs out in year two. Manufacturers watching Group 1 to learn what "good" looks like should read that as a warning against treating the relief period as a reason to wait.
Where manufacturers actually get stuck
Two pressure points show up again and again in manufacturing compliance projects, and they compound each other.
Multi-tier value chain visibility. A Tier 1 supplier relationship is manageable. Most procurement teams already have contracts, contacts, and audit rights there. Tier 2 and Tier 3 are a different story. A manufacturer buying fabricated components from a Tier 1 supplier often has no direct line to the mine, mill, or smelter that produced the raw material three tiers back, and no contractual mechanism to request their emissions, labour, or sourcing data. That gap matters differently depending on which rule is asking: it is largely irrelevant to a post-Omnibus CSDDD duty that now stops at Tier 1, mildly relevant to a CSRD Scope 3 estimate that can still lean on secondary data, and directly disqualifying under EUDR, where a rubber or timber input without a traceable plot of origin cannot be placed on the EU market at all, no matter how many tiers away the gap sits.
Concentrated risk in raw materials and primary processing. Categories 1 (purchased goods and services) and 2 (capital goods) of the GHG Protocol's 15-category framework dominate a typical manufacturer's Scope 3 footprint, because raw material extraction and primary processing are among the most carbon-intensive steps in any product's life. Steel, cement, and aluminium in particular carry embedded emissions far higher than anything generated on a manufacturer's own factory floor. The same tiers carry the sector's highest exposure to conflict minerals, deforestation-linked commodities, and poor labour conditions further down the supply base. That is precisely the data manufacturers are least likely to hold directly, and precisely where EUDR's risk-tiered inspection regime, checking roughly 1% of shipments from low-risk countries, 3% from standard-risk countries, and 9% from high-risk countries, is designed to apply the most scrutiny.
Put those two problems together and the pattern is clear: the impacts that matter most, whether carbon, biodiversity, or human rights, are furthest from view, and which of them a manufacturer is legally required to chase down depends on reading three regulations side by side rather than one.
Solutions manufacturers are actually using
The manufacturers making real progress are not trying to solve this with spreadsheets and annual supplier surveys. Three approaches are doing the heavy lifting.
Supplier engagement platforms that push structured, repeatable data requests down through Tier 2 and Tier 3, rather than relying on one-off email chains, are replacing ad hoc surveys as the default. The more effective version of this goes further still: supplier portals built on a "provide once" model, where a supplier answers a request a single time and every customer drawing on that portal reuses the same verified data, rather than each one running its own survey. That single shift removes much of the duplicated reporting burden that makes Tier 2 and Tier 3 suppliers reluctant to engage in the first place, and it is becoming more valuable precisely because CSRD, CSDDD and EUDR now ask for overlapping but non-identical data from the same supplier base.
Digital value chain mapping tools that let a manufacturer visualise its supplier network by tier, flag which nodes carry the highest emissions, human rights, or biodiversity risk, and track disclosure status against each one are becoming standard rather than optional. The better implementations tag each node against which specific obligation it drives, a CSRD emissions estimate, a CSDDD Tier 1 duty, an EUDR geolocation requirement, rather than treating "compliance risk" as one undifferentiated score. And a shift toward primary, activity-based data for the highest-risk categories, backed by secondary estimates everywhere else, is emerging as the practical middle ground between accuracy and cost.
None of this removes the underlying difficulty. It does turn an open-ended problem into a managed one, with a clear view of which suppliers are covered, which are not, which obligation actually requires that coverage, and where the material risk sits.
What to do next
Manufacturers with a CSRD, ASRS or EUDR deadline on the horizon should start by mapping the full value chain itself, not just the supplier list, and then testing that map against each regulation's actual reach rather than assuming they line up. A Tier 1-only CSDDD duty, a multi-tier CSRD estimate, and a plot-level EUDR trace are three different exercises that happen to touch the same suppliers. Knowing which tiers matter for which obligation turns an overwhelming compliance exercise into a prioritised one.
Socialsuite's value chain mapping tools are built for exactly this: giving manufacturers a clear, tiered view of their value chain so they know where to focus first.
References