Ask any supplier whether they have an environmental policy and the answer is almost always yes. Ask whether they track their greenhouse gas emissions and the yes rate has increased significantly over the past three years as the question has become routine. Ask for the actual emissions figure, broken down by Scope and verified by a third party, and the response rate drops sharply.
This is the supplier data problem in miniature. Self-reported information, collected through questionnaires and self-assessment surveys, has a structural limitation: it reflects what suppliers are willing to disclose, not necessarily what is actually happening in their operations. When the stakes are commercial, the incentive to present favourably is obvious.
This is not a reason to abandon supplier questionnaires. They are a valuable and necessary part of any robust program. But they cannot be the only source of data, and programs built exclusively on self-reported information have predictable weaknesses that are becoming increasingly visible as regulatory scrutiny of supply chain due diligence intensifies. The four limitations below explain where self-reported data falls short, and the sections after them set out what a more robust approach adds.
The Four Limitations of Self-Reported Supplier Data
1. Optimism Bias and Strategic Disclosure
Suppliers in commercial relationships have strong incentives to present their ESG performance in the most favourable light. This is not necessarily dishonesty; it may reflect a genuine belief that their practices are adequate, or an incomplete understanding of what the question is really asking. But the effect on data quality is the same: self-reported scores consistently overstate actual performance compared to independently verified data.
EcoVadis, which has assessed over three million suppliers, has published research showing systematic gaps between self-assessment scores and verified scores after independent review. The gap is widest in areas with the highest compliance risk, precisely where you most need accurate data.
2. Questionnaire Non-Completion
Programs that rely on supplier questionnaires as the primary data source leave significant portions of the supply base unassessed. Where completion rates are below 50%, which is common for unsupported outreach campaigns to large supplier lists, the program has structural gaps. Worse, the suppliers most likely not to respond are often those with the most to hide, or those with the least capacity to engage, both of which represent elevated rather than reduced risk.
3. Point-in-Time Accuracy
A questionnaire completed in January does not tell you what happened in August. Adverse events, ownership changes, regulatory sanctions, labour violations, and environmental incidents can occur at any point in the year. A program that reviews supplier data annually through questionnaires alone will routinely miss material developments between cycles.
4. Greenwashing and Unverifiable Claims
As ESG questionnaires have become routine, so has the practice of providing answers that satisfy the form without reflecting genuine performance. A supplier who states they have net-zero targets but cannot provide any data on their baseline emissions, methodology, or progress toward those targets is providing a claim rather than evidence. Under CSRD and CSDDD, compliance programs need to be able to distinguish between the two.
What Third-Party Data Screening Adds
The alternative to sole reliance on self-reported data is augmentation with independent, third-party intelligence. This is not about replacing supplier engagement but about building a data foundation that does not depend on the supplier's own reporting.
Third-party data sources relevant to supplier ESG screening include:
- Country risk indices covering modern slavery prevalence, democratic governance, rule of law, political stability, and corruption
- Adverse media monitoring for environmental violations, labour incidents, human rights controversies, and regulatory sanctions
- ESG certification and policy databases that indicate whether a supplier holds relevant certifications such as ISO 14001, ISO 45001, or B Corp
- Regulatory and sanctions databases covering enforcement actions, debarment lists, and modern slavery convictions
- Geopolitical and climate physical risk data layered at the country and regional level
How to Build a More Robust Data Architecture
A supplier ESG data program that combines external intelligence with structured supplier engagement operates differently from one built on questionnaires alone:
- Screen first. Use automated third-party data to build a baseline risk profile for every supplier before any engagement. This identifies high-priority suppliers for deeper assessment without requiring supplier action.
- Target engagement based on what you already know. When you contact a supplier, frame the questionnaire around the specific risk signals in their profile. This makes engagement more relevant and demonstrates that you have done your research.
- Focus evidence requests on high-signal areas. For Tier 1 high-risk suppliers, request documentation rather than simply accepting self-assessment responses on material topics.
- Monitor continuously between assessment cycles. Adverse media monitoring and sanctions list screening for high-risk suppliers should run continuously, not just at annual review time.
- Document the methodology. Under CSRD and CSDDD, the process by which you assess and address supplier risk is itself a disclosure. A program that relies exclusively on supplier self-declaration is harder to defend to an assurance provider than one that uses a combination of independent screening and targeted engagement.
The shift from questionnaire-centric programs to intelligence-augmented programs is where supplier ESG due diligence is heading. Regulatory expectations and investor scrutiny are both moving in the same direction: toward programs that can demonstrate how their data was obtained and why it should be believed.