Risk Advisory · ESG & Sustainability Assurance
Business Responsibility & Sustainability Reporting (BRSR)
Business Responsibility and Sustainability Reporting (BRSR) is no longer a voluntary sustainability narrative — it is a mandatory SEBI disclosure, backed by prescribed formats, quantitative KPIs, and for an expanding set of companies, third-party assurance.
Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986
Business Responsibility and Sustainability Reporting (BRSR) is no longer a voluntary sustainability narrative — it is a mandatory SEBI disclosure, backed by prescribed formats, quantitative KPIs, and for an expanding set of companies, third-party assurance. At PNPC Global, we prepare and assure BRSR and BRSR Core reports the way we approach statutory audit: with primary evidence, documented workpapers, and a defensible position on every disclosed number. For listed companies navigating Section A general disclosures, Section B management processes, Section C principle-wise performance, and the value-chain BRSR Core extension, we bring both ESG subject-matter expertise and the assurance discipline that only a practising CA firm can offer.
What it costs
No hidden charges. The exact figure is set in your engagement letter.
Business Responsibility and Sustainability Reporting (BRSR) is a standardised ESG (Environmental, Social, Governance) disclosure format prescribed by the Securities and Exchange Board of India (SEBI) under Regulation 34(2)(f) of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015. Introduced via SEBI circular dated 5 May 2021, BRSR replaced the earlier Business Responsibility Report (BRR) format and became mandatory, on a comply-or-explain basis initially, for the top 1,000 listed companies by market capitalisation from financial year 2022-23 onwards. The report is structured in three sections: Section A covers general entity disclosures (products, operations, employees, CSR, and stakeholder engagement); Section B covers management and process disclosures (policies, governance oversight, and grievance redressal aligned to each of the nine NGRBC principles); and Section C requires principle-wise quantitative and qualitative performance disclosures against the nine principles of the National Guidelines on Responsible Business Conduct (NGRBC), 2018, issued by the Ministry of Corporate Affairs. The nine principles span ethical and transparent business conduct, product life-cycle sustainability, employee wellbeing, stakeholder responsiveness, human rights, environmental protection, public and regulatory policy advocacy, inclusive growth, and consumer value — collectively forming India's homegrown ESG disclosure architecture, distinct from but broadly aligned with international frameworks such as GRI Standards and the IFRS Sustainability Disclosure Standards (ISSB).
A significant evolution arrived via SEBI's circular dated 12 July 2023, which introduced BRSR Core — a subset of high-priority, quantifiable ESG KPIs (spanning attributes such as greenhouse gas emissions, water and energy footprint, employee wellbeing metrics, workforce representation, and openness of business) drawn from the wider BRSR disclosures, made subject to mandatory reasonable assurance. SEBI phased the assurance mandate in by market-capitalisation tier: it began with the top 150 listed entities by market cap for FY 2023-24, and SEBI's glide path extends coverage progressively to the top 1,000 listed entities by FY 2026-27, with the applicable assurance threshold widening each year. BRSR Core assurance must be obtained from an independent practitioner — a peer-reviewed Chartered Accountant firm or another accredited assurance provider working under recognised assurance standards — and the assurance report is required to be filed with the stock exchanges along with the Annual Report. In addition, SEBI's value-chain reporting requirement (introduced from FY 2024-25 on a comply-or-explain basis, applicable to significant value-chain partners of the top-tier reporting companies within SEBI's notified cohort for that year) extends select BRSR Core disclosures upstream and downstream to an entity's material suppliers and customers. Notably, SEBI's framework requires only limited assurance (the lighter of the two assurance levels) for value-chain ESG disclosures, distinct from the reasonable assurance mandated for the reporting company's own BRSR Core KPIs — a distinction that still materially raises the data-collection and assurance-coordination complexity for companies with complex supply chains.
BRSR is filed as part of the company's Annual Report and is submitted to stock exchanges alongside financial results, making it a document that sits squarely within the CA firm's traditional domain of statutory and assurance reporting rather than being a standalone marketing or communications exercise. Unlike a voluntary sustainability report published for stakeholder relations, BRSR disclosures carry regulatory consequences: incomplete, inconsistent, or unsubstantiated disclosures can attract SEBI scrutiny, expose the company to greenwashing allegations if claims cannot be evidenced, and — where assurance is mandatory — can result in a qualified or adverse assurance opinion that is itself a public disclosure event. Preparing BRSR credibly, therefore, requires the same rigour as preparing financial statements for statutory audit: source data traceable to underlying registers and systems (HR records, environmental monitoring logs, energy and water meter readings, procurement and CSR records), documented calculation methodologies (particularly for GHG emissions under the GHG Protocol's Scope 1, Scope 2, and increasingly Scope 3 categories), and management representations that an independent assurance provider can test.
For companies not yet within SEBI's mandatory BRSR cohort, voluntary adoption is increasingly common — driven by investor ESG screening, lender ESG-linked loan covenants, RFQ requirements from large corporate customers who need supply-chain ESG data for their own BRSR Core value-chain disclosures, and preparation for an eventual IPO where BRSR readiness has become part of standard listing due diligence. PNPC advises companies at every stage of this journey: first-time BRSR preparers building disclosure processes from a blank slate, established filers moving into the BRSR Core assurance mandate for the first time, and value-chain partners responding to ESG data requests from anchor customers who are themselves BRSR Core reporters.
When BRSR / BRSR Core engagement is required or advisable
Listed company falling within SEBI's top 1,000 by market capitalisation — BRSR filing as part of the Annual Report is mandatory under Regulation 34(2)(f) of SEBI LODR
Listed company falling within SEBI's phased BRSR Core assurance cohort (beginning with the top 150 by market cap for FY 2023-24, widening progressively toward the top 1,000 by FY 2026-27 per SEBI's notified glide path) — independent reasonable assurance on the BRSR Core KPIs is mandatory and the assurance report must be filed with stock exchanges
Company preparing for an IPO on the main board — BRSR/ESG disclosure readiness is now routinely examined in pre-IPO governance and disclosure diligence even before the entity formally enters SEBI's market-cap-based mandate
Significant value-chain partner (supplier or customer) that has received an ESG data request from an anchor listed company reporting BRSR Core value-chain disclosures — even though not directly regulated, the practical need to respond with credible, assurable data is real
Company with ESG-linked loan covenants, a sustainability-linked bond, or an investor (PE/VC/institutional) requiring periodic ESG KPI reporting as a condition of the facility or investment
Board or Audit Committee that wants BRSR treated with statutory-audit-grade rigour — documented source data, defensible calculation methodology, and independent assurance — rather than as a communications document assembled from unverified inputs
Group with multiple manufacturing or operational sites where GHG emissions, water, waste, and energy data must be consolidated from disparate site-level records into a single, assurable enterprise figure
Company that received a qualified or adverse assurance opinion, or a SEBI observation, on a prior BRSR filing and needs to rebuild its underlying data and process architecture before the next reporting cycle
When a different or lighter-touch engagement fits better
Unlisted private company with no near-term IPO plan, no ESG-linked financing, and no anchor-customer ESG data request — a full BRSR-format report is not currently mandated and a lighter internal ESG readiness assessment may be more proportionate
You need only a one-off carbon footprint estimate for internal awareness or a marketing claim, not a regulatory filing — a scoped GHG inventory exercise (without the full BRSR structure or assurance) may suffice, though PNPC would flag the greenwashing risk of publicising an unverified claim
You need the company's core financial statement audit or tax audit — that remains a separate statutory engagement (Companies Act audit, Income-tax audit) governed by its own standards, timelines, and reporting; BRSR assurance under SEBI's framework is a distinct scope
You need a standalone internal controls or governance review unrelated to ESG metrics — that is better scoped as an IFC Review or GRC Assurance engagement
You are looking for CSR fund utilisation certification alone under Section 135 of the Companies Act — that is a narrower, separate compliance requirement, though CSR data does feed into BRSR Section A disclosures and the two are often coordinated
Your entity is a small or medium listed company well outside SEBI's current or foreseeable market-cap threshold and has no stakeholder pressure for ESG disclosure — voluntary BRSR is optional, and resources may be better prioritised elsewhere for now, though PNPC recommends monitoring SEBI's glide path each year as the threshold is designed to widen
BRSR / BRSR Core vs adjacent ESG and assurance frameworks
| Feature | BRSR (Full) | BRSR Core | GRI Standards | IFC Review | CSR Report (Sec 135) |
|---|---|---|---|---|---|
| Regulator / issuing body | SEBI (LODR Reg. 34(2)(f)) | SEBI (Circular dated 12 July 2023) | Global Reporting Initiative — voluntary global standard | Companies Act 2013 / ICAI Guidance Note | Ministry of Corporate Affairs, Companies Act Sec 135 |
| Mandatory in India for | Top 1,000 listed companies by market cap (FY 2022-23 onwards) | Phased cohort: began with top 150 by market cap (FY 2023-24), glide path to top 1,000 by FY 2026-27 per SEBI's notified schedule | Not mandatory in India — adopted voluntarily, often alongside BRSR | Companies where auditor must opine on ICFR under Sec 143(3)(i) | Companies meeting Sec 135 net worth / turnover / profit thresholds |
| Scope | 9 NGRBC principles — governance, environment, social, ethics, all Sections A/B/C | Defined subset of high-priority quantifiable KPIs across 9 ESG attributes drawn from BRSR | Broad sustainability topics per material topic selection | Controls over financial reporting only | CSR project spend, impact, and fund utilisation only |
| Assurance requirement | Not separately mandated for the full BRSR beyond BRSR Core scope | Mandatory reasonable assurance for the notified cohort — filed with stock exchanges | Voluntary — many large reporters obtain limited or reasonable assurance | Mandatory — reported in the statutory auditor's report | CSR Committee and Board oversight; independent assurance not separately mandated |
| Value-chain (supply chain) disclosure | Not required for full BRSR beyond the entity itself | Applicable to significant value-chain partners of top reporters from FY 2024-25 (comply-or-explain basis; limited assurance only, lighter than the reasonable assurance required for the entity's own Core KPIs) | Optional, based on materiality assessment and boundary-setting | Not applicable | Not applicable |
| Filed with | Stock exchanges, as part of the Annual Report | Stock exchanges, alongside the BRSR/Annual Report | Company website / voluntary sustainability report — no regulatory filing | MCA (via auditor's report attached to financial statements) | MCA (Form CSR-2) and Board's Report |
| Typical preparer/assurer | Internal ESG/Sustainability team with CA firm support; principle-wise data owners across functions | Same underlying data, assured independently by a practitioner under recognised assurance standards | Internal sustainability team, often assured by a Big-4 or specialist ESG assurance provider | Statutory auditor, as part of the financial statement audit | CSR Committee, company secretarial function, statutory auditor certification where required |
| Best suited to | Every SEBI-mandated listed company within the market-cap threshold | Listed companies within SEBI's phased assurance cohort, and their significant value-chain partners | Multinational or investor-facing companies wanting global comparability alongside BRSR | Companies where the auditor must report on ICFR | Every company meeting the Sec 135 CSR applicability thresholds |
BRSR and BRSR Core are not alternatives to each other — BRSR Core is a mandatorily-assured subset within the full BRSR filing, not a separate report. Companies frequently run BRSR alongside a voluntary GRI-aligned sustainability report for investor and international stakeholder audiences; the two use different taxonomies and reconciliation between them requires care. PNPC scopes the applicable framework combination based on your listing status, market-cap tier, and investor base.
| # | Stage & What PNPC Does | What Generic Providers Skip | Timeline |
|---|---|---|---|
| 1 | Applicability & Materiality Assessment | We first confirm where you sit on SEBI's market-cap threshold and BRSR Core assurance glide path — this determines whether reasonable assurance is mandatory this cycle or a future one. We then run a materiality assessment against the nine NGRBC principles specific to your sector, rather than applying a generic checklist that treats every principle as equally material to every business. | Week 1–2 |
| 2 | Data Architecture & Source Mapping | Every disclosure in Section C must trace to a source: HR system for workforce data, energy/water meters and utility bills for consumption data, procurement records for supplier data, CSR registers for community spend, grievance logs for redressal metrics. We map each required KPI to its actual system of record before drafting begins — the single biggest predictor of a clean assurance outcome. | Week 2–4 |
| 3 | GHG Inventory — Scope 1, Scope 2, and Scope 3 where applicable | Scope 1 (direct emissions from owned/controlled sources) and Scope 2 (indirect emissions from purchased electricity) are core BRSR Core KPIs and must follow a documented GHG Protocol-consistent methodology with defined emission factors and organisational/operational boundaries. Scope 3 (value chain) is increasingly requested by investors and anchor customers even where not yet separately mandated. Generic providers often present a single unexplained emissions number with no boundary or methodology note — this is the first thing an assurance provider will query. | Week 3–6 |
| 4 | Section A — General Disclosures Drafting | Entity details, products/services, operations across locations, employee and worker headcount (by gender, category, and differently-abled status), turnover and net worth, CSR applicability and spend, and transparency/complaints data. We cross-check these against the company's own MGT-7, CSR-2, and financial statement filings for internal consistency — a mismatch here is a common, avoidable assurance finding. | Week 4–6 |
| 5 | Section B — Management & Process Disclosures | For each of the nine principles: does a Board-approved policy exist, is there a designated official responsible for implementation, is the policy reviewed periodically, and does a grievance redressal mechanism exist and actually receive and resolve complaints. We test whether governance structures described in Section B are real and operating — not simply restated from a template policy library. | Week 5–7 |
| 6 | Section C — Principle-wise Performance Disclosures | Quantitative and qualitative KPIs across all nine principles: ethical conduct and anti-corruption, product life-cycle and sustainable sourcing, employee wellbeing and safety (including POSH complaints), stakeholder engagement, human rights due diligence, environmental performance (energy, water, waste, biodiversity, emissions), public policy advocacy positions, inclusive growth (including value created for marginalised groups), and consumer responsibility (data privacy, product recall, and information disclosures). | Week 6–9 |
| 7 | BRSR Core KPI Consolidation (where assurance-mandated) | The BRSR Core subset is extracted and consolidated into the specific format SEBI prescribes for assurance, with the underlying calculation workings retained as an assurance-ready evidence file — not recreated at the last minute when the assurance provider asks for support. | Week 7–9 |
| 8 | Value-Chain Data Collection (where applicable) | For companies within the value-chain reporting requirement, we design the data request template sent to significant value-chain partners, track responses, and apply reasonableness checks before consolidation — this is typically the most time-consuming step given partners' varying ESG data maturity. | Week 8–12 (parallel track) |
| 9 | Internal Review & Management Sign-off | A complete draft is circulated to the ESG working group, CFO, and Company Secretary for factual verification before it goes anywhere near an assurance provider or the Board — catching internal inconsistencies here is far cheaper than catching them during assurance fieldwork. | Week 9–10 |
| 10 | Independent Assurance Engagement (BRSR Core cohort) | For the mandatorily-assured cohort, PNPC's assurance team — maintaining independence from the reporting/advisory team where PNPC has also assisted with preparation, or engaged purely as assurance provider where another firm prepared the report — performs reasonable assurance procedures on the BRSR Core KPIs under the applicable assurance standard and issues the assurance report for filing. | Week 10–13 |
| 11 | Board / Risk Management Committee / Audit Committee Presentation | Findings, KPI trends year-on-year, and any assurance observations are presented to the Board or relevant committee before the report is finalised — this is also the forum where forward-looking ESG targets and remediation commitments are typically approved. | Week 12–13 |
| 12 | Finalisation & Filing with Stock Exchanges | The finalised BRSR (with BRSR Core assurance report annexed, where applicable) is filed with the stock exchanges as part of the Annual Report, aligned to the company's Annual Report and AGM timeline. | Aligned to Annual Report filing deadline |
| 13 | Post-Filing — Year-Round Data Governance | BRSR is not a once-a-year sprint that should start from zero each cycle. We help set up monthly or quarterly internal ESG data capture (energy meters, HR headcount changes, safety incidents, CSR spend) so the next cycle's report is a consolidation exercise, not a reconstruction exercise. | Year-round |
Realistic end-to-end timeline for a first-time BRSR preparer: 10–13 weeks from applicability assessment to filing, run in parallel with the broader Annual Report preparation cycle. Companies already within the BRSR Core assurance mandate should begin data collection at the start of the financial year, not after year-end, since several KPIs (energy, water, emissions) require twelve months of consistent data capture rather than a point-in-time estimate.
Certificate of Incorporation, CIN, and listed entity details (stock exchange(s), ISIN)
MGT-7 (Annual Return) and audited financial statements for the reporting year — for cross-verification of turnover, net worth, and paid-up capital disclosed in Section A
Details of products/services by turnover contribution, and of business locations (national and international, plants and offices)
Holding, subsidiary, and associate company details, and details of any joint ventures relevant to consolidated ESG scope
Employee and worker headcount, disaggregated by gender, employment category (permanent/other), and differently-abled status, as at year-end and (where required) as an average for the year
Turnover rate data — permanent employees and workers, by gender
Median remuneration/wages data disaggregated by gender and employee category — for equal remuneration disclosures
Training data — hours or number of employees/workers trained on health & safety and on skill upgradation
Health, safety, and welfare benefit coverage data — statutory dues (PF, gratuity, ESI, maternity benefits), and any measures beyond statutory minimums
Safety incident data — LTIFR (Lost Time Injury Frequency Rate), number of fatalities, and complaints on working conditions, if any
POSH (Prevention of Sexual Harassment) complaint data — complaints received, resolved, and pending, with Internal Committee constitution details
Energy consumption data — from renewable and non-renewable sources, by source type, sourced from utility bills, meter readings, and fuel purchase records
GHG emissions data — Scope 1 (direct) and Scope 2 (indirect from purchased energy) at minimum, with underlying activity data (fuel quantities, electricity units) and the emission factors applied
Water consumption and discharge data, by source, with details of any water stress area operations
Waste generated and managed data — by category (hazardous, non-hazardous, plastic, e-waste, biomedical) and disposal method (recycled, reused, landfilled, incinerated)
Details of environmental clearances, consents to operate, and any environmental non-compliance or show-cause notices received during the reporting period
Biodiversity impact data, where operations are near ecologically sensitive areas, and details of any Environmental Impact Assessments conducted
Board-approved policies mapped to each of the nine NGRBC principles (ethics/anti-corruption, product responsibility, employee wellbeing, stakeholder engagement, human rights, environment, public policy, inclusive growth, consumer responsibility)
Code of Conduct, Whistleblower/Vigil Mechanism policy (Section 177(9) Companies Act and SEBI LODR Regulation 22), and details of complaints received and resolved under each
Details of Board and committee composition, including independent directors and any ESG-specific committee or Risk Management Committee oversight of sustainability matters
Human rights due diligence documentation, including any assessment of suppliers or business partners on human rights parameters
Form CSR-2 and CSR Committee reports — CSR obligation calculation, amount spent, and project-wise details under Section 135 of the Companies Act
Details of community development or social impact initiatives beyond mandatory CSR, and any social impact assessments conducted
Value created for marginalised or vulnerable groups — SC/ST/OBC and women-owned supplier data, where tracked
Details of any input material sourced from small producers, marginal farmers, or MSMEs, where relevant to Principle 8 disclosures
List of significant value-chain partners (suppliers and customers) by revenue/purchase threshold as defined by SEBI's value-chain reporting criteria
Completed ESG data-request responses from significant value-chain partners covering the applicable BRSR Core KPI subset
Supplier assessment or audit records on ESG parameters, if the company conducts supplier ESG due diligence
Contracts or purchase agreements evidencing the basis on which a partner is classified as "significant" for value-chain reporting purposes
Underlying calculation workings and evidence file for every BRSR Core KPI — not just the final reported figure
Management representation letter covering the completeness and accuracy of ESG data provided to the assurance team
Access arrangements for site visits or virtual verification of environmental data sources (meters, monitoring stations) where the assurance provider's risk assessment calls for it
Prior-year BRSR filing and any prior assurance report, for year-on-year consistency review
| Phase | Triggered By | PNPC CA Guidance | Risk If Ignored |
|---|---|---|---|
| First-Time Applicability | Company enters SEBI's top 1,000 market-cap threshold, or IPO listing on the main board | Applicability assessment, gap analysis against current ESG data maturity, and a realistic first-cycle timeline built around the Annual Report filing deadline. We identify which of the nine principles carry the highest data-collection burden for your specific sector. | Late realisation of applicability compresses the first BRSR cycle into a rushed exercise with weak source-data traceability — the exact profile that produces adverse or qualified assurance findings once BRSR Core assurance later becomes mandatory. |
| Building the Data Architecture | First BRSR cycle, or a prior cycle with weak evidence trails | Mapping each disclosed KPI to a named system of record and a named data owner. Setting up monthly/quarterly internal capture for metrics that cannot be reconstructed retrospectively — particularly energy, water, and safety incident data. | Reconstructing a full year of energy or emissions data from memory or estimates at year-end produces numbers an assurance provider cannot substantiate, and risks a qualified assurance opinion or a restated disclosure the following year. |
| Entering the BRSR Core Assurance Cohort | Market-cap threshold crosses into SEBI's notified assurance glide-path tier | Pre-assurance readiness review — testing the BRSR Core KPI evidence file against what an independent assurance provider will actually request, well before the formal assurance engagement begins. Independence structuring where PNPC has also assisted with preparation. | Discovering evidence gaps during the assurance fieldwork itself compresses the assurance timeline, risks a qualified opinion, and the qualified opinion itself becomes a public disclosure filed with stock exchanges. |
| Annual Filing Cycle | Financial year end and Annual Report preparation | BRSR drafting run in parallel with, and cross-checked against, the statutory financial statements, MGT-7, and CSR-2 filings for internal consistency. Assurance engagement scheduled to complete before the Annual Report finalisation deadline, not after. | Numeric inconsistencies between BRSR Section A and the audited financial statements or MGT-7 are a common and easily avoidable red flag that undermines confidence in the entire report. |
| Value-Chain Reporting Expansion | Entry into SEBI's value-chain (significant partner) disclosure requirement, or an anchor customer's ESG data request | Design of the value-chain data-request process, partner engagement and follow-up management, and reasonableness review of partner-submitted data before consolidation — the most operationally difficult part of BRSR Core's expanding scope. | Non-response or unreliable data from significant value-chain partners leaves gaps that must be disclosed as such, which can itself draw investor and regulatory attention if the gaps are material or the underlying process for identifying "significant" partners is weak. |
| ESG Target-Setting & Year-on-Year Trend | Board or investor request for forward-looking ESG commitments | Advisory on setting credible, achievable targets (energy intensity reduction, emissions intensity, workforce diversity ratios) that the company can substantiate in future BRSR cycles — rather than aspirational figures that create a future compliance and reputational gap if missed. | Publicly stated ESG targets that are not tracked or achieved become a greenwashing exposure and a recurring, worsening disclosure problem in each subsequent BRSR cycle. |
| Adverse or Qualified Assurance Finding | Assurance provider issues a qualified/adverse opinion or identifies a material data gap | Root-cause review of the specific KPI(s) at issue, remediation of the underlying data process (not just the number for this year), and a structured plan to resolve the finding before the next assurance cycle — presented to the Audit Committee with a clear remediation owner and timeline. | An unresolved qualification recurring in consecutive years signals a persistent control weakness to the market and can draw closer scrutiny from SEBI, institutional investors, and proxy advisory firms. |
| Pre-Transaction / Institutional Fundraise | PE/VC round, strategic investment, or M&A process where ESG diligence is part of the transaction | BRSR (or BRSR-readiness, if not yet mandated) is packaged as part of the data room, alongside a clear narrative on ESG governance maturity — turning a compliance document into a diligence asset rather than a gap investors discover themselves. | Investors uncovering ESG data gaps or unsubstantiated claims during their own diligence, rather than through a proactively prepared and assured report, can affect valuation, deal terms, or timelines. |
What is BRSR — in plain terms?
BRSR (Business Responsibility and Sustainability Report) is a mandatory, standardised ESG disclosure that SEBI requires certain listed companies to file as part of their Annual Report. It replaced the older, narrative-style Business Responsibility Report (BRR) with a structured format that asks for specific quantitative data — emissions, energy and water use, workforce diversity, safety incidents, CSR spend — alongside qualitative disclosures on governance and policy, organised around nine principles of responsible business conduct.
Which companies must file BRSR?
BRSR became mandatory under SEBI LODR Regulation 34(2)(f) for the top 1,000 listed companies by market capitalisation, applicable from financial year 2022-23 onwards. The exact cohort is determined annually based on market capitalisation as of the end of the immediately preceding financial year, as notified by SEBI/stock exchanges. Companies outside this threshold may adopt BRSR voluntarily.
What is BRSR Core, and how is it different from full BRSR?
BRSR Core is not a separate report — it is a defined subset of high-priority, quantifiable KPIs drawn from the full BRSR disclosures, spanning nine ESG attributes (such as GHG emissions, energy and water intensity, employee wellbeing, and workforce representation). SEBI introduced BRSR Core via its circular dated 12 July 2023 and made these specific KPIs subject to mandatory independent reasonable assurance — a requirement that does not currently extend to the entirety of the full BRSR report.
Which companies must obtain BRSR Core assurance, and by when?
SEBI phased BRSR Core assurance in by market-capitalisation tier. It began with the top 150 listed entities by market cap for FY 2023-24. SEBI's notified glide path widens the mandated cohort progressively in subsequent years, extending toward the top 1,000 listed entities by market cap by FY 2026-27. Companies should check their specific applicability each year against SEBI's current circulars and the relevant market-cap cohort, since the glide path and specific yearly thresholds are set by SEBI and can be refined.
What are the nine NGRBC principles that Section C is built around?
The National Guidelines on Responsible Business Conduct (NGRBC), 2018, issued by the Ministry of Corporate Affairs, set out nine principles: (1) ethical, transparent, and accountable business conduct; (2) safe and sustainable goods and services across the life cycle; (3) employee wellbeing; (4) responsiveness to all stakeholders; (5) respect and promotion of human rights; (6) protection and restoration of the environment; (7) responsible engagement in public and regulatory policy advocacy; (8) inclusive growth and equitable development; and (9) engaging with and providing value to consumers responsibly. Section C of BRSR requires quantitative and qualitative disclosures against each.
What does 'reasonable assurance' mean, and how is it different from 'limited assurance'?
Reasonable assurance is a higher level of assurance than limited assurance — it requires the assurance provider to perform more extensive procedures (similar in rigour to a financial statement audit) to reduce assurance risk to an acceptably low level, and results in a positively worded conclusion (e.g., 'in our opinion, the KPIs are fairly stated'). Limited assurance involves fewer procedures and results in a negatively worded conclusion (e.g., 'nothing has come to our attention that causes us to believe the KPIs are materially misstated'). SEBI's BRSR Core mandate requires reasonable assurance for the applicable cohort — the more rigorous of the two levels.
What is value-chain reporting under BRSR Core, and does it apply to us?
SEBI extended select BRSR Core disclosures to a reporting company's significant value-chain partners — material suppliers and customers — on a comply-or-explain basis starting from FY 2024-25 for the applicable top-tier reporting companies within SEBI's notified cohort for that year. Unlike the reasonable assurance required for the reporting company's own BRSR Core KPIs, SEBI requires only limited assurance for value-chain ESG disclosures. If your company is itself a significant supplier or customer to a large listed BRSR Core reporter, you may receive an ESG data request even though you are not directly within SEBI's own reporting mandate.
How is GHG emissions data calculated for BRSR — what is Scope 1 versus Scope 2?
Scope 1 covers direct GHG emissions from sources owned or controlled by the company — fuel combustion in owned vehicles, boilers, or generators, and process emissions. Scope 2 covers indirect emissions from purchased electricity, steam, heating, or cooling consumed by the company. Both are calculated using the GHG Protocol methodology: activity data (litres of fuel, units of electricity) multiplied by an appropriate, documented emission factor, with a clearly defined organisational and operational boundary. BRSR Core requires Scope 1 and Scope 2 disclosure at minimum; Scope 3 (value-chain emissions) is increasingly requested by investors even where not yet a mandatory Core KPI for every company.
What happens if a company misses the BRSR filing deadline or files inaccurate data?
BRSR is filed as part of the Annual Report submitted to stock exchanges, so a missed filing is treated as a disclosure lapse under SEBI LODR, which can attract SEBI/stock exchange penal action applicable to LODR non-compliance generally. Materially inaccurate or unsubstantiated ESG claims within a filed BRSR expose the company to greenwashing scrutiny from SEBI, investors, and proxy advisory firms, and — for the BRSR Core cohort — can surface as a qualified or adverse assurance opinion, which is itself a matter of public record once filed.
Can PNPC both prepare our BRSR and provide the assurance?
Independence is a core assurance principle. Where PNPC has materially assisted with BRSR/BRSR Core preparation, we structure the engagement so that assurance is performed by an independent team within the firm, subject to appropriate safeguards, or we recommend a separate assurance provider entirely where independence cannot be adequately maintained — the same discipline we apply to statutory audit independence under the Companies Act.
How long does a first-time BRSR preparation take?
For a first-time preparer, realistically 10–13 weeks from the applicability and materiality assessment through to filing — run in parallel with the broader Annual Report preparation cycle. Where BRSR Core assurance is also mandatory for the first time, add the assurance fieldwork and report-drafting time, and build in extra runway since data gaps discovered during the first assurance cycle often require remediation before the report can be finalised.
Does BRSR replace our CSR reporting obligation under Section 135?
No. CSR reporting under Section 135 of the Companies Act (via Form CSR-2 and the Board's Report) is a separate, distinct compliance requirement with its own applicability thresholds, spending obligations, and filing mechanism to the Ministry of Corporate Affairs. BRSR Section A does require disclosure of CSR-related data (obligation and spend), so the two exercises are closely linked and should be coordinated, but BRSR does not substitute for the Section 135 filing.
We are not yet in SEBI's top 1,000 by market cap — should we still prepare a BRSR-style report?
It depends on your specific pressures. If you have no near-term IPO plan, no ESG-linked financing, and no anchor customer requesting ESG data, a full BRSR-format exercise may not be the best use of resources right now. If any of those apply — or if you expect to cross the market-cap threshold within the next 2–3 years — building BRSR-aligned data capacity incrementally is significantly cheaper than a compressed first-cycle sprint once the mandate applies.
What is 'greenwashing' risk in the context of BRSR, and how does PNPC help manage it?
Greenwashing is the practice of making environmental or social claims that are exaggerated, unsubstantiated, or misleading relative to the underlying evidence. In a BRSR context, this risk arises when a company discloses a favourable metric, a target, or a qualitative claim (e.g., 'committed to net-zero by [year]') without the underlying data, methodology, or governance to substantiate it. SEBI, institutional investors, and proxy advisory firms have all sharpened scrutiny of ESG claims, and an unsubstantiated claim discovered later is reputationally more damaging than a conservative, well-evidenced disclosure.
How does BRSR relate to the IFRS Sustainability Disclosure Standards (ISSB) or GRI Standards?
BRSR is India's own SEBI-mandated regulatory disclosure framework, built on the NGRBC's nine principles — it is not the same taxonomy as GRI Standards (a global voluntary framework) or the IFRS Sustainability Disclosure Standards issued by the ISSB (which are being adopted or referenced by a growing number of jurisdictions). Companies with international investors or cross-listings sometimes prepare a GRI-aligned or ISSB-aligned voluntary sustainability report alongside their mandatory BRSR filing, but the two are not interchangeable — the data points, materiality approach, and reporting boundary can differ.
What is the Risk Management Committee's role in BRSR oversight?
For the top 1,000 listed companies (mandated to constitute a Risk Management Committee under SEBI LODR Regulation 21), the RMC's mandate explicitly includes reviewing sustainability-related risks, including ESG-related risks. In practice, many companies route BRSR governance oversight — policy approval, target-setting, and review of assurance findings — through the RMC or a dedicated ESG/Sustainability Committee, before matters reach the full Board.
What data do we need for the employee/worker gender diversity disclosures?
BRSR requires headcount data disaggregated by gender across employee and worker categories (permanent and other-than-permanent), typically as at the end of the reporting period, alongside related metrics such as gender-wise turnover rate and gender pay parity (median remuneration ratio). This data must be sourced from the HR/payroll system, not estimated, and should be reconcilable to statutory filings such as PF/ESI records where headcount also appears.
Do POSH complaint numbers have to be disclosed in BRSR?
Yes. Section C, under the employee wellbeing principle, requires disclosure of complaints filed under the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 (POSH Act) — including complaints received, resolved, and pending as at the end of the reporting period — along with confirmation of the Internal Committee's constitution as required by the POSH Act.
What is 'openness of business' as a BRSR Core KPI?
Openness of business is one of the nine BRSR Core ESG attributes, generally covering disclosures such as the concentration of purchases and sales with trading houses, dealers, and related parties, and the extent of the company's engagement with small and marginal producers or local suppliers — intended to give stakeholders visibility into supply-chain concentration and transparency of business relationships.
How does PNPC handle multi-site or multi-subsidiary consolidation for environmental data?
Environmental KPIs (energy, water, waste, emissions) must typically be consolidated across all operational sites and, where applicable, subsidiaries within the reporting boundary. We first confirm the reporting boundary (standalone entity, or consolidated group, consistent with how the company defines its BRSR reporting scope), then build a site-level data template that rolls up into the enterprise figure, with each site's contribution separately retained as assurance-ready workpapers rather than only presenting a single blended total.
What is a 'comply-or-explain' basis, and does it still apply to BRSR?
'Comply-or-explain' means a company must either comply with a disclosure requirement or explain why it has not, rather than compliance being strictly enforced with penalties. SEBI initially introduced full BRSR reporting on this basis for a transitional period for the top 1,000 companies before it became fully mandatory. Certain newer elements of the BRSR framework — such as aspects of value-chain reporting — have similarly been phased in on a comply-or-explain basis before moving toward a fully mandatory requirement; companies should check the current status of each specific disclosure element for the applicable reporting year, since SEBI has progressively tightened several of these requirements over successive cycles.
Can BRSR data be used to support an ESG-linked loan or sustainability-linked bond?
Yes, in principle — many ESG-linked financing instruments reference specific sustainability KPIs (energy intensity, emissions intensity, diversity ratios) as performance targets, and a company's own BRSR/BRSR Core disclosures are a natural, already-assured (where applicable) data source for lender or bond-investor reporting. Using consistent, independently assured figures across both the BRSR filing and the financing covenant reporting avoids the risk of reporting different numbers for the same metric to different audiences.
What is the difference between BRSR assurance and a statutory financial audit?
A statutory financial audit under the Companies Act results in an opinion on whether financial statements give a true and fair view, governed by the Standards on Auditing. BRSR Core assurance is a separate, distinct assurance engagement focused specifically on the designated non-financial ESG KPIs, performed under the assurance standards applicable to non-financial/sustainability information, and results in its own assurance report filed alongside the BRSR. The two engagements, while both bringing audit-grade rigour, are scoped, standard-governed, and reported entirely separately.
What are the consequences of a qualified BRSR Core assurance opinion?
A qualified opinion means the assurance provider found that one or more KPIs could not be assured without exception — due to a scope limitation, a data gap, or a material misstatement identified during the engagement. Because the assurance report is filed with stock exchanges alongside the BRSR, a qualification becomes a matter of public record, and can draw attention from investors, proxy advisory firms, and potentially SEBI, particularly if the qualification recurs across multiple reporting cycles without remediation.
How does PNPC's UAE office relate to ESG reporting for group companies with a UAE arm?
Where an Indian listed company's BRSR reporting boundary includes a UAE subsidiary or operational site, that site's environmental and workforce data must be captured and consolidated on the same basis as Indian sites. Our Dubai office coordinates local data collection — energy and water consumption records, WPS payroll and workforce data, and any UAE-specific ESG or Corporate Tax filings — directly with the India-based BRSR preparation team, so the group-level BRSR is consolidated coherently rather than assembled from a disconnected overseas data request.
Is BRSR applicable to unlisted subsidiaries of a listed parent?
The BRSR filing obligation itself sits with the listed entity. However, where the listed entity's BRSR reporting boundary is defined on a consolidated basis (covering subsidiaries), data from unlisted subsidiaries must still be captured and rolled into the parent's disclosure for the KPIs where a consolidated boundary applies — meaning the unlisted subsidiary effectively participates in the data-collection process even though it does not file its own separate BRSR.
What internal team or function should own BRSR preparation within our company?
There is no single statutorily prescribed owner, but effective practice generally places overall coordination with a designated ESG/Sustainability function or a senior finance/company secretarial owner, with named data contributors from HR, EHS (Environment, Health & Safety), procurement, CSR, and legal/compliance — each responsible for their principle-specific data. The CFO or Company Secretary typically signs off on the final report before Board presentation, given its status as a regulatory filing.
How does PNPC price a BRSR preparation and assurance engagement?
PNPC scopes BRSR preparation and BRSR Core assurance as separate, clearly defined engagements with a fixed, agreed fee confirmed in writing before work begins. Fee drivers include the number of operational sites/subsidiaries in the reporting boundary, whether this is a first-time or repeat cycle, whether value-chain data collection is in scope, and whether reasonable assurance is required this cycle. We do not price BRSR as an undifferentiated add-on to statutory audit — it is scoped on its own merits.
What is the earliest point in the year we should start BRSR data collection?
Ideally, at the start of the financial year — not after year-end. Several BRSR Core KPIs (energy consumption, water use, safety incidents, emissions) are naturally cumulative across twelve months, and retrospectively reconstructing a full year of consistent, source-traceable data at year-end is materially harder and less reliable than capturing it in real time through monthly or quarterly internal tracking.
Can BRSR disclosures be restated if an error is found after filing?
If a material error is identified after filing, the company should assess it through its usual disclosure-correction and materiality lens (similar in principle to correcting other regulatory filings), which may involve restating the figure in the next cycle with an explanatory note, or in more significant cases, engaging with the stock exchange on the appropriate corrective disclosure. The specific mechanism depends on the nature and materiality of the error — this is a scenario best discussed directly with your CA and company secretarial advisor rather than assumed.
Does BRSR cover Scope 3 (value-chain) emissions as a mandatory disclosure?
Scope 3 emissions (indirect emissions occurring in a company's value chain, both upstream and downstream) are not uniformly a mandatory BRSR Core KPI for every reporting company today, but disclosure expectations in this area are moving quickly — driven by investor pressure, international frameworks like the ISSB standards, and SEBI's own value-chain reporting extension. Companies with a mature BRSR programme increasingly disclose Scope 3 voluntarily, at least for the most material categories (e.g., purchased goods and services, or downstream product use), even where not yet a strict mandatory requirement.
How does PNPC ensure BRSR data governance survives staff turnover?
We document the full data architecture — source systems, calculation methodologies, emission factors used, and named responsibilities — as a standing internal reference document (not just embedded in an individual's working files), specifically so that a change in the ESG team, HR head, or EHS manager does not mean the next reporting cycle starts from scratch trying to reconstruct 'how we calculated this last year.'
Why should we engage PNPC rather than a boutique ESG consultancy for BRSR?
A boutique ESG consultancy may bring strong sustainability-domain knowledge but typically cannot also provide independent assurance, statutory audit, tax, CSR-2 filing coordination, and the broader compliance calendar your listed entity already relies on a CA firm for. PNPC brings CA-firm assurance discipline — evidence-based, source-traceable, standards-governed — to BRSR preparation, and can either provide independent BRSR Core assurance directly (with appropriate independence safeguards) or coordinate cleanly with a separate assurance provider, all while keeping your BRSR data internally consistent with your audited financials, MGT-7, and CSR-2 filings.
| Feature | Boutique ESG Consultancy | Generic CA / CS Firm | PNPC Global |
|---|---|---|---|
| Applicability & Glide-Path Tracking | May not track SEBI's evolving market-cap assurance cohort proactively | Often unaware of BRSR Core's phased assurance mandate specifically | Applicability and BRSR Core glide-path tracked as part of the annual engagement — flagged before it becomes urgent |
| Data Architecture & Source Traceability | Strong on sustainability narrative, sometimes weaker on source-document traceability | Rarely builds a dedicated ESG data architecture | Every KPI mapped to a named system of record and data owner — assurance-ready from day one |
| Independent Assurance Capability | Not typically an assurance provider — usually the preparer only | May not have BRSR Core assurance expertise or capacity | Assurance-capable in-house, with independence safeguards or clean handoff to a separate provider where required |
| Cross-Filing Consistency | May not check BRSR figures against MGT-7, CSR-2, or audited financials | May check some cross-references but often lacks dedicated ESG expertise | BRSR figures reconciled against MGT-7, CSR-2, and financial statements as a standard step |
| Value-Chain Data Collection | Variable — depends on the individual consultancy's process maturity | Rarely offered as part of standard CA/CS services | Structured value-chain data-request design, tracking, and reasonableness review, in-house |
| Board / RMC Governance Integration | May deliver a report without embedding it into governance oversight | Understands Board process but not always ESG-specific governance nuance | BRSR findings and assurance observations formally presented to the Board/RMC as part of the engagement |
| India-UAE Group Coordination | Typically India-only or UAE-only, rarely both under one team | India only, in most cases | Chennai/Bangalore/Hyderabad and Dubai offices coordinate group-level BRSR data directly |
| Year-Round Data Governance | Often a once-a-year engagement with no interim data capture support | Not typically offered | Monthly/quarterly internal data-capture templates set up so each cycle builds on the last, not from zero |
| When something goes wrong | Support depends on individual consultancy's bandwidth and continuity | Generally available — depends on firm size and ESG specialisation | Direct access to your engagement CA — the same team across preparation, assurance coordination, and Board presentation |
| Business model | Project-based, ESG-narrative-oriented | Volume-oriented, ESG often a bolt-on service | Long-term relationship — BRSR treated with the same rigour as statutory audit, year after year |
What the PNPC package includes
- 01
Applicability assessment against SEBI's market-cap threshold and BRSR Core assurance glide path, reviewed annually
- 02
Materiality assessment against the nine NGRBC principles, tailored to your sector
- 03
Data architecture mapping — every KPI traced to a named source system and data owner
- 04
GHG inventory support — Scope 1 and Scope 2 (and Scope 3 where relevant), with documented, consistent methodology and emission factors
- 05
Section A, B, and C drafting — cross-checked against your MGT-7, CSR-2, and audited financial statements for internal consistency
- 06
BRSR Core KPI consolidation into an assurance-ready evidence file
- 07
Value-chain data-request design and partner-response tracking, where value-chain reporting applies
- 08
Independent BRSR Core assurance under recognised assurance standards, with appropriate independence safeguards
- 09
Board / Risk Management Committee presentation of findings, KPI trends, and any assurance observations
- 10
Year-round internal data-capture template setup, so each reporting cycle builds on verified prior-year data
- 11
India-UAE group coordination for consolidated BRSR reporting boundaries via our Chennai/Bangalore/Hyderabad and Dubai offices
- 12
Direct contact with your engagement CA — by phone and WhatsApp — not a support queue
Speak directly with a PNPC Chartered Accountant about your BRSR and BRSR Core obligations. Not an ESG narrative-writer. Not a generic compliance vendor. A practising CA firm that treats every disclosed sustainability number with the same evidentiary discipline as a statutory audit figure — because increasingly, that is exactly what SEBI, your investors, and your assurance provider expect it to be.