ARTICLE • 5 min

Scope 3 Emissions: Why Supplier Data Is the Biggest Gap in Your Climate Disclosure

July 6, 2026

Scope 3 emissions account for around 99% of Nike's total carbon footprint, 97% of JBS's, and 75% of Google's. Three very different companies in three very different industries, but the same structural reality. The indirect greenhouse gas emissions generated across a company's value chain typically represent between 70% and 90% of its total footprint, and for most organisations the majority of that sits in the supply chain.

Until recently, that number was largely voluntary, methodologically flexible, and rarely scrutinised. It is not any of those things now. A growing set of mandatory frameworks require Scope 3 disclosure, each on its own timeline, and whichever one you report under, the hard part is the same. The data lives inside your suppliers, and most procurement teams have never systematically collected it.

Scope 3 Is a GHG Protocol Concept. Frameworks Just Made It Mandatory.

It is worth being precise about what Scope 3 actually is, because the frameworks are often used as shorthand for it and that causes confusion. Scope 3 is not a CSRD term, or an IFRS term, or an Australian term. It comes from the Greenhouse Gas Protocol Corporate Standard, which defines three scopes of emissions: Scope 1 (direct), Scope 2 (purchased energy), and Scope 3 (the fifteen categories of indirect emissions across the value chain, upstream and downstream). It is an accounting method, not a regulation.

What has changed is that regulators and standard-setters have adopted that method and made disclosure of it compulsory. The frameworks below all point at the same underlying GHG Protocol number. They differ on who is in scope, when the obligation bites, and how much assurance sits behind it, but they do not each invent their own Scope 3. This is why the supplier data problem is not a "CSRD problem" or an "IFRS problem". It is a Scope 3 problem, and it lands on anyone captured by any of these regimes.

Why Supplier Data Is the Hardest Part

The difficulty is structural, and it does not care which framework you report under. The emissions you have to disclose are generated inside other organisations. The GHG Protocol splits Scope 3 into fifteen categories, and for most companies just two of them dominate the footprint: Category 1 (purchased goods and services) and Category 4 (upstream transport and distribution). Both sit with suppliers who may have no reporting obligation of their own, no internal system to calculate emissions accurately, and no particular incentive to answer a data request quickly.

Everything downstream of that flows from the same root cause. Whether your standard calls for a primary versus secondary data split, a data quality tier, or simply a complete inventory, you cannot produce any of it without reaching into the supply chain.

The GHG Protocol Itself Is Raising the Bar

Because every framework references the GHG Protocol, changes to the Protocol flow through to all of them at once. The Protocol published a Phase 1 progress update in March 2026, its first major revision since 2011, which sharpens expectations considerably. The proposed changes point toward a coverage floor for Scope 3 (so that exclusions must be justified with data), mandatory data quality tiers that would publicly label spend-based proxies as the lowest tier, and a requirement to disclose whether Scope 3 data is verified, partly verified, or not verified.

These are draft rather than final rules, but the direction is unambiguous. Companies relying on spend-based estimates as their primary methodology need to start building a path toward supplier-specific data now, regardless of which disclosure framework they answer to.

The Three Gaps Most Organisations Are Sitting With

Based on how supplier ESG programs currently operate, most organisations face three compounding gaps.

Gap 1: Low supplier response rates. Questionnaires sent without pre-population or intelligent targeting typically come back from well under half the supplier base, and the responses that do arrive often lack the emissions-specific figures a GHG Protocol calculation needs. A supplier confirming they have an environmental policy is not the same as providing auditable Scope 1 and 2 data.

Gap 2: No baseline for the non-responders. A complete Scope 3 inventory has to account for suppliers who never reply, which means spend-based estimates for the tail. Under ESRS E1 that estimate has to be disclosed as secondary data. Without an automated way to generate it, it ends up built by hand in spreadsheets.

Gap 3: The methodology trail is missing. Limited assurance is already a feature of CSRD, arrives for AASB S2 reporters in their early years, and is scheduled for California SB 253 from 2027. Assurance providers need to see how each figure was derived, the emission factors used, and the data sources behind them. Most procurement functions do not currently maintain that documentation.

The Timing Trap

Most frameworks give Scope 3 a delayed or phased start. AASB S2 requires it from your second reporting year. SB 253 brings it in from 2027, a year after Scope 1 and 2. CSRD phases across waves, with later cohorts from 2028. IFRS S2 offers first-year transition relief. That relief is sensible, but it creates a predictable trap.

Supplier data collection is not a task you can start and finish inside a single reporting year. Response cycles, data quality checks, and follow-up with non-responders run over months, not weeks. Counting backwards from the year Scope 3 becomes mandatory, the work needs to begin well before the disclosure deadline. By the time the obligation bites, the supplier engagement program that supports it should already have completed at least one full cycle.

A Nuance Worth Getting Right: You Cannot Simply Demand Supplier Data

It is worth being precise about something the market often overstates. These regimes require you to disclose material Scope 3 emissions. They do not hand you a legal right to compel granular emissions data from every supplier. They are built on proportionality and materiality, and they accept reasonable and supportable estimates where primary data is not available.

AASB S2 is explicit on this point, and the boundaries are being drawn more tightly elsewhere too. The EU's Omnibus I changes limit what in-scope companies can ask of smaller business partners, and Australia's May 2026 Federal Budget opened a consultation specifically on supplier information requests. California's SB 253 permits spend-based methods rather than requiring supplier-specific data for every line. The practical implication is consistent across all of them: a credible first Scope 3 disclosure rests on a mix of supplier-provided figures for your highest-impact categories and defensible estimates for the rest. Chasing every supplier for a perfect number is neither required nor realistic. Design the program to be proportionate, not maximal.

What Good Looks Like in Practice

The organisations making real progress on supplier Scope 3 data are doing three things, and none of them is "send a longer questionnaire."

First, they screen before they ask. An automated risk and emissions profile for every supplier, built from external data, produces a prioritised engagement list instead of a blanket send to the whole base. Effort goes where the material emissions actually sit.

Second, they connect supplier data to the rest of the disclosure. Emissions figures, energy use, and certifications collected from suppliers feed the Scope 3 inventory directly, rather than living in a procurement folder that the sustainability team has to reconcile at reporting time.

Third, they treat data quality as a metric that improves each cycle. Every category where a spend-based estimate is replaced by a supplier-specific figure is measurable progress, and it is exactly the trajectory assurance is moving toward.

Socialsuite's Supplier Risk Assessment module is built for this identify-and-evidence work. It screens every supplier across more than 30 external datasets before you send a single questionnaire, collects emissions and other ESG data through integrated surveys, and tracks response rates and data completeness across the whole supplier base. Because it connects to Socialsuite's climate risk and compliance modules, supplier data feeds the same disclosure workflow rather than sitting in a silo.

What to Do Before Your Scope 3 Year

  1. Confirm which framework or frameworks apply to you, and when Scope 3 first bites. Count back at least one full supplier engagement cycle from that date. The earlier date is when the work needs to start, not the disclosure deadline.
  2. Map your Scope 3 by spend and category. You do not need primary data from every supplier. You need defensible coverage of the categories that dominate your inventory, usually purchased goods and services first.
  3. Screen your supplier base before you reach out. Build an external risk and emissions baseline so engagement is prioritised and questionnaires arrive pre-populated rather than blank.
  4. Establish and document your primary-versus-estimate split. The baseline is itself a disclosure requirement under some frameworks, and it shapes your improvement plan under all of them.
  5. Build the methodology trail as you go. Every emission factor, assumption, and data source needs a record that will survive an assurance review.

The frameworks differ on dates and detail, but they converge on the same expectation: know your value-chain emissions, and be able to show how you arrived at the number. The organisations that use their relief year to build a supplier data program, rather than to postpone one, will reach their Scope 3 year with something an auditor can stand behind. Those that do not will be disclosing, in effect, exactly how much they do not yet know.

Dr. Tim Siegenbeek van Heukelom
Chief Impact Officer
Article Contents
See all Articles

Recent articles

Ready to maximize your organization’s impact?

Whether it’s a public company, a private company, or a charity, Socialsuite has the right solution for you.