ESRS G1 Business Conduct: A Plain-English Guide to Every Disclosure Requirement

Most CSRD conversations start with climate (E1) or workforce (S1). Governance gets treated as an afterthought - a box to tick once the environmental data is in. That is a mistake. ESRS G1 Business Conduct is the only topical governance standard in the entire ESRS set, and it covers territory that touches almost every large company: anti-corruption systems, whistleblower channels, supplier payment practices, and political lobbying. Miss it, and your sustainability statement has a visible gap.
This guide covers what G1 requires, why the materiality gate works differently here, what evidence each disclosure needs, the often-overlooked payment-practices angle, and what the July 2026 simplification changes - and does not change - for your current reporting.
What ESRS G1 is and why it sits apart from ESRS 2
ESRS G1 is the sole topical governance standard in the ESRS framework, sitting alongside five environmental standards (E1-E5) and four social standards (S1-S4). Its objective is to enable users of the sustainability statement to understand a company's strategy, approach, processes, and performance on business conduct matters.
It is worth being precise about what G1 covers versus what ESRS 2 covers. ESRS 2 (General Disclosures) sets the cross-cutting governance requirements - board composition, management oversight of sustainability, the role of the administrative, management and supervisory bodies - that apply to every reporter regardless of materiality. G1 is different: it is topical, meaning it adds business-conduct-specific content on top of ESRS 2's baseline. Under the amended ESRS, the original standard's duplication of ESRS 2 governance language has been removed. General governance disclosures belong in ESRS 2 only; G1 carries the business-conduct-specific layer.
ESRS G1 focuses on three broad areas: business ethics and corporate culture (including anti-corruption, anti-bribery, whistleblower protection, and animal welfare); management of relationships with suppliers, including payment practices with particular attention to late payments to SMEs; and activities related to political influence and lobbying.
The materiality gate - and why G1 is harder to screen out than you think
Like all topical ESRS, G1 is gated by the double materiality assessment (DMA). You only disclose under G1 if business conduct is material - either because your practices impact people or society (impact materiality) or because governance failures create financial risk for the company (financial materiality).
In practice, most large companies will find G1 material. The sub-topics are broad. A company with a code of conduct, a supplier base, any political engagement, or SME suppliers in its payment terms will almost certainly find at least one sub-topic material. The standard also applies sub-topic by sub-topic: if only corruption prevention is material, you report on that sub-topic and can omit the rest.
Even if your DMA concludes G1 is not material in full, you must document that conclusion clearly. For topics other than climate change, ESRS 1 permits a brief explanation of the materiality assessment outcome rather than a detailed forward-looking analysis — but the reasoning must still be on record and available to auditors.
One common first-year mistake: a CFO concludes G1 "doesn't really apply" because the company has never had a corruption case. But G1-1 covers corporate culture and whistleblower protection; G1-2 covers supplier relationships; G1-6 covers payment practices to SMEs. A company with a 2019 code of conduct, no formal whistleblower channel, and average payment to small suppliers running past 60 days has significant G1 exposure - regardless of its corruption track record.
G1-1: Business conduct policies and corporate culture
What it asks: Describe your policies on business conduct matters and how you foster corporate culture.
This is the qualitative foundation of G1. The disclosure must explain how the company establishes, develops, promotes, and evaluates its corporate culture. It is not enough to attach a code of conduct PDF.
Specifically, the disclosure must cover:
- Mechanisms for identifying, reporting, and investigating concerns about unlawful behaviour or breaches of the code of conduct - and whether these accommodate both internal and external stakeholders.
- Anti-corruption and anti-bribery policies aligned with the UN Convention against Corruption. If no such policies exist, the company must say so and provide a timetable for implementation.
- Whistleblower protection: the establishment of internal reporting channels, training provided to workers and to staff who receive reports, and protections against retaliation. Companies subject to national laws transposing the EU Whistleblower Protection Directive (Directive (EU) 2019/1937) can satisfy this requirement by stating their compliance with those legal requirements.
What you need to collect: The current code of conduct (with version date), the whistleblower channel setup documentation, training records for staff who receive reports, and evidence of how corporate culture is discussed at board or management level.
G1-2: Management of relationships with suppliers
What it asks: Disclose how you manage supplier relationships and their impact on the supply chain.
The goal is to explain the procurement process, highlight fair treatment of suppliers, and describe steps taken to manage sustainability risks. Key elements include:
- The company's strategy for supplier relationships in the context of supply chain risks and sustainability.
- Whether and how social and environmental criteria are factored into supplier selection.
- Policies and practices to prevent late payments, particularly to SMEs.
- How vulnerable suppliers - those exposed to significant economic, environmental, or social risks - are supported.
What you need to collect: Supplier selection criteria documentation, procurement policy, any supplier code of conduct, and evidence of how sustainability criteria are applied in practice.
G1-3: Prevention and detection of corruption and bribery
What it asks: Describe your system to prevent, detect, investigate, and respond to allegations or incidents of corruption and bribery, including related training.
This is one of G1's most operationally demanding requirements. The disclosure must include:
- A description of procedures to prevent, detect, and address allegations or incidents of corruption and bribery.
- Whether investigators or investigating committees are separate from the management chain involved in the matter - independence is explicitly required.
- The process for reporting outcomes to the administrative, management, and supervisory bodies.
Training gets its own sub-requirements. The disclosure must cover the nature, scope, and depth of anti-corruption and anti-bribery training programmes; the percentage of "functions-at-risk" covered by training programmes; and the extent to which training is given to members of the board and management bodies.
"Functions-at-risk" is a defined term: those functions deemed to be at risk of corruption and bribery. If a company has not formally identified its functions-at-risk, the training coverage percentage cannot be calculated - a gap that auditors will flag.
What you need to collect: Anti-corruption procedure documentation, training completion records disaggregated by function, the list of formally identified functions-at-risk, and evidence of board-level training.
G1-4: Confirmed incidents of corruption or bribery
What it asks: Report on incidents of corruption or bribery during the reporting period.
The mandatory element is narrow but hard: the number of convictions and the total amount of fines for violation of anti-corruption and anti-bribery laws during the reporting period, plus any actions taken to address breaches in procedures and standards.
Additional voluntary disclosures - the total number and nature of confirmed incidents, employees dismissed or disciplined, contracts terminated due to violations - are encouraged but not mandatory. Value-chain incidents are included only where the company or its employees are directly involved.
This disclosure feeds directly into SFDR principal adverse impact indicator #15 ("Cases of insufficient action taken to address breaches of standards of anti-corruption and anti-bribery"), which means institutional investors will be looking for it.
What you need to collect: Legal and compliance records of any convictions or fines in the reporting period; documented remediation actions taken.
G1-5: Political influence and lobbying activities
What it asks: Disclose your activities and commitments related to exerting political influence, including lobbying.
The disclosure covers the total monetary value of direct and indirect financial and in-kind political contributions, aggregated by country or geographical area where relevant, and by type of recipient or beneficiary. In-kind contributions - use of facilities, advertising, equipment, board memberships, consultancy work for elected officials - are explicitly in scope.
One frequently missed point: indirect political contributions through intermediary organisations such as lobbyists, charities, think tanks, or trade associations linked to political parties also fall within G1-5's scope. Even if a company does not lobby directly, association fees that fund lobbying activities are captured.
If the company assesses political influence as not material, the DMA rationale must be documented. For companies that do engage politically, the disclosure should also address alignment between public sustainability statements and lobbying positions.
What you need to collect: Records of all direct political donations, trade association membership fees (with an assessment of whether those associations engage in political advocacy), and any in-kind support provided to political entities.
G1-6: Payment practices - the disclosure most companies underestimate
Payment practices is the sub-topic that surprises companies most. It sits in G1 because late payment to SME suppliers is a material impact on those businesses - a governance and ethics issue, not just a finance one.
G1-6 requires disclosure of the undertaking's standard payment terms in number of days by main category of suppliers, the percentage of payments aligned with those standard terms, and the number of legal proceedings currently outstanding for late payments.
The CSRD is the first EU-level reporting requirement to include payment practices disclosures, and it has the potential to generate consistent, comparable data on payment behaviour across Member States - an issue that has remained largely underreported despite its significance for SME liquidity.
A critical nuance: the standard contractual payment terms may differ significantly from actual payment behaviour. AR 16 of the original standard explicitly requires the company to address this gap if it exists. If your standard terms say 30 days but your accounts payable system shows a different average, that gap needs explaining.
Under the revised ESRS (see below), the average invoice payment time metric has been removed. The focus shifts to standard contractual terms, the percentage of payments made on time, and entity-specific disclosures on late payments to SMEs where that sub-topic is material.
What you need to collect: Accounts payable aging reports covering all SME supplier transactions, standard contractual payment terms by supplier category, percentage of payments made past the contractual due date, and any outstanding legal proceedings for late payment.
Run your AP aging report now, before year-end. The gap between your standard payment terms and actual payment behaviour is often larger than finance teams expect — and it is testable data that auditors will verify against source systems.
The G1 materiality decision tool
Use this interactive tool to assess which G1 sub-topics are likely material for your company and what data you need to prioritise.
What the July 2026 simplification changes for G1
On 3 July 2026, the European Commission adopted the revised ESRS as a delegated act - the formal output of the Omnibus simplification process. The revised standards apply mandatorily for financial years beginning on or after 1 January 2027, with optional early adoption for FY2026 once the act is published in the Official Journal. Until then, the original G1-1 to G1-6 structure remains the legally applicable framework for FY2024-FY2026 reports.
Under the revised ESRS, G1 has been restructured into a Policies-Actions-Targets (PAT) architecture with approximately 61% fewer mandatory datapoints compared to the 2023 version.
Here is what changes in practice:
| Area | Original G1 (FY2024–FY2026) | Revised G1 (FY2027+) |
|---|---|---|
| Overall architecture | Six standalone disclosure requirements (G1-1 to G1-6) | PAT architecture: G1-1 (Policies), G1-2 (Actions), G1-3 (Targets) + metrics in G1-4, G1-5, G1-6 |
| Corporate culture | Addressed by dedicated datapoints under G1-1 | No longer addressed by its own datapoints; covered within policies |
| Corruption & bribery prevention | Separate G1-3 disclosure requirement | Consolidated under G1-2 (Actions); only convictions and penalties must be reported |
| ESRS 2 overlap | Repeated governance, strategy, and due diligence content from ESRS 2 | Duplications removed; general governance stays in ESRS 2 only |
| Payment practices (G1-6) | Average invoice payment time (days) required | Average payment time removed; focus on standard terms, % paid on time, and entity-specific SME late payment metric if material |
| Mandatory datapoints | Full original set (~61% more datapoints) | ~61% reduction in mandatory datapoints |
The key practical implication: if you are reporting on FY2024 or FY2025, the original G1-1 to G1-6 structure applies in full. If you are preparing for FY2026, you may choose to apply the revised standards once the delegated act is published in the Official Journal - but watch for any amendments the Commission makes to EFRAG's technical advice before that happens.
For FY2027 reporters, the simplified framework will be the mandatory baseline. Companies that have already built robust G1 data collection processes will find the transition manageable; the core sub-topics remain the same, and the data underlying the removed datapoints is still good practice to hold internally.
A practical G1 readiness checklist
Before your next reporting cycle, work through these eight actions:
Assess each of the six sub-topics (corporate culture, supplier relationships, corruption prevention, confirmed incidents, political influence, payment practices) separately. Document the rationale for any sub-topic assessed as not material.
Check the version date of your code of conduct. Confirm your whistleblower channel accommodates both internal and external reporters. Verify that staff who receive reports have been trained and designated.
Formally identify which functions are at risk of corruption and bribery. Without this list, the G1-3 training coverage percentage cannot be calculated — a gap auditors will flag.
Collect training completion data disaggregated by function. Calculate the percentage of functions-at-risk covered. Confirm whether board and management body members received training.
Calculate the percentage of payments made past the contractual due date. Compare standard contractual terms against actual payment behaviour. Flag any gap for management explanation.
List all direct political donations and in-kind contributions. Review trade association memberships and assess whether those associations engage in political advocacy — those fees are in scope for G1-5.
Under the amended ESRS, general governance disclosures belong in ESRS 2 only. If your draft has identical governance text in both sections, consolidate with cross-references.
G1-4 (convictions and fines) and G1-6 (payment practices) produce testable quantitative data. Auditors will verify these against source systems. Align on evidence standards before year-end close.
Stay current as G1 evolves
The revised ESRS delegated act was adopted on 3 July 2026 and now moves to Parliamentary and Council scrutiny before publication in the Official Journal. The exact timing of that publication - and therefore the earliest date for voluntary FY2026 adoption - is still to be confirmed. The G1 sub-topic structure is settled; some application guidance details may still shift.
For a broader view of how G1 fits into the full ESRS framework, see our ESRS standards hub. For the double materiality assessment process that gates G1 disclosure, see our step-by-step DMA guide. For the full timeline of CSRD reporting deadlines, see the CSRD deadlines page.
Related reading

Should You Early-Adopt the Revised ESRS for FY2026? A Decision Guide
The Commission adopted the simplified ESRS on 3 July 2026. FY2026 reporters can opt in now - but should they? A practical decision guide covering the legal mechanics, the case for and against, and a clear checklist.

CSRD National Transposition Explained: Where Member States Stand and What You Should Do Now
EU directives only bind companies once transposed into national law. Here's how CSRD transposition works, where member states stand on Stop the Clock and Omnibus I, and what your compliance team should do right now.

ESRS E1-1: How to Build a Credible Climate Transition Plan Under CSRD
ESRS E1-1 is the strategic heart of CSRD climate disclosure. Learn what a compliant transition plan must contain - targets, decarbonisation levers, capex alignment, board approval - and how the simplified ESRS changes the picture for FY2027.