The ESG landscape is evolving fast, and the consequences of missing the mark are growing with it. Since February 2025, we have witnessed one of the boldest regulatory shifts in recent memory, a sharp political backlash on both sides of the Atlantic. Amid this noise and de-regulation, something surprising is going on. Companies are still being taken to court for greenwashing and misrepresenting their ESG commitments. For corporate, financial services, and legal compliance teams, regulations may be changing, but the real-world consequences of poor ESG practice are not.

The regulatory ground has shifted, but the stakes haven’t

For years, the trajectory of ESG regulation pointed in one direction: more mandatory disclosure, stricter standards, and greater accountability. That consensus is changing.

In February 2025, the European Commission adopted its so-called Omnibus I package — a sweeping set of simplifications to its landmark sustainability frameworks. The Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD) were both substantially narrowed.

Across the Atlantic, the picture is more fragmented. In March 2025, the Trump administration essentially withdrew the Securities and Exchange (SEC)’s proposed climate disclosure rule, which would have required all US public companies to report material climate risks and GHG emissions. The current administration often frames mandatory ESG requirements as regulatory overreach. Some states, however, are pushing in the opposite direction: a New York court ordered climate regulations to be issued in 2026, and California’s suite of climate disclosure laws remains in force for large businesses.

The result is a regulatory patchwork that creates genuine complexity for any organisation operating across borders. When looking beyond these regulatory shifts, an even more complex picture emerges.

Greenwashing litigation is accelerating. Supply chain scrutiny is deepening. And institutional investors, despite significant public retreat from ESG coalitions, are still factoring sustainability risk into capital allocation decisions. Japan’s $1.7 trillion Government Pension Investment Fund increased its ESG-linked equity holdings in 2025. Institutional investors, controlling 50% of listed equity in the US, UK, and Ireland, are demanding sustainability-related disclosures.

The message for corporate and financial services teams is clear: while the reporting expectations have decreased, companies are still exposed. The commercial and legal consequences of ESG failures are, if anything, expanding.

The greenwashing threat is now a legal risk

For legal and compliance professionals, the most important development of the past two years is the emergence of greenwashing as a credible, high-stakes legal liability: one that is evolving faster than most organisations’ exposure management frameworks.

In the UK, the Advertising Standard Authority (ASA) has deployed an AI tool that proactively scans more than 500,000 adverts a month to identify misleading green claims. Meanwhile, the Competition and Markets Authority (CMA) has acquired significant new enforcement powers under the Digital Markets, Competition and Consumers Act, allowing it to impose fines of up to 10% of global annual turnover for consumer law breaches, including greenwashing.

In the EU, litigation against banks and corporates for alleged misrepresentation of climate commitments is active in multiple jurisdictions, including the Milieudefensie v. ING Bank case expected to be argued in the Dutch courts in 2026.

In M&A, the risks are particularly significant. When a company being acquired has made sustainability claims it cannot back up, those claims can become a source of serious legal disputes after the deal closes. Buyers who don’t scrutinise a target’s ESG credentials as carefully as its financials can find themselves inheriting the problem, facing lawsuits, regulatory action, or pressure from investors to fix commitments the acquired company was never equipped to meet. A sustainability claim that hasn’t been properly verified can quickly turn an asset into a liability.

The challenge for due diligence teams is that this kind of exposure is rarely visible in company-reported data. It lives in news articles, social media, employee forums, court filings, and regulatory correspondence. These sources are dispersed across both the open web and proprietary data, allowing hidden connections to remain invisible.

Why ESG data is still fundamentally broken

Despite years of regulatory pressure and investment in disclosure infrastructure, the underlying quality problem with ESG data has not been solved, and in several respects has worsened.

The Omnibus simplifications mean that the majority of companies in the EU supply chain will now produce no mandatory sustainability disclosures at all. For financial institutions with complex counterparty networks, and for corporates managing global supplier relationships, this creates a significant data vacuum at precisely the moment when supply chain ESG risk is receiving its highest ever level of regulatory and public scrutiny.

The problem is compounded by the nature of ESG risk itself. Environmental liability, labour abuses, governance failures, and human rights issues in supply chains are not the kind of risks that appear neatly in structured databases or annual reports. They are thematic, contextual, and often self-declared, meaning they are prone to selective presentation and outright misrepresentation.

In private markets, the challenge is even more pronounced. When ESG metrics are disclosed at all, they are rarely transparent, standardised, or independently verified. Private equity deal teams conducting ESG due diligence on a target are often working from a combination of management-provided data, limited third-party certifications, and whatever public information they can surface through manual research. That is not a strong enough foundation, especially when ESG problems discovered after a deal closes can create legal and reputational exposure that persists long after the firm has moved on.

The AI advantage: What it can (and cannot) do

AI-driven ESG tools have proliferated rapidly, and the claims made on their behalf have not always kept pace with their actual capabilities. Many tools still rely primarily on structured data inputs — corporate disclosures, third-party ratings, regulatory filings — and are therefore only as reliable as the data they draw on. If that underlying data is self-reported, inconsistent, or incomplete, the analysis will be too.

The more substantive question for corporate and financial services teams in 2026 is not whether AI can process ESG data faster than a human analyst (it clearly can), but whether it can surface the kind of unstructured, contextual, and externally-facing information that reveals genuine risk — and do so in a way that is explainable and auditable.

This matters for two reasons. First, as AI-generated outputs are increasingly used to support material decisions, the question of where the information came from and how it was assessed becomes a legal and regulatory question, not just an operational one. Fears about AI hallucinations during due diligence have become a recognised risk factor in complex M&A, with the potential to trigger fines and affect deal valuations. Second, the lack of transparency that has long damaged trust in ESG ratings is not solved by applying opaque AI to opaque data. It requires tools whose methodology can be examined, understood, and defended.

What effective ESG due diligence looks like in 2026

Xapien was built on a different premise from conventional ESG data tools. Rather than aggregating company-reported inputs or relying on third-party ratings, it searches the entire indexed internet — corporate records, shareholder data, media coverage, regulatory announcements, litigation records, and more — and returns a structured, sourced, and explainable assessment of ESG risk as the external world sees it.

This outside-in approach delivers its greatest advantage not by replacing thorough due diligence, but by resequencing it. Running Xapien early means costly, time-intensive investigation is only triggered when it’s warranted.

For legal and compliance teams, it means that greenwashing exposure, supply chain controversies, and governance failures are identified before they become litigation risks. Every risk surfaced in a Xapien report is clearly summarised and sourced, so the assessment can be reviewed, challenged, and presented to regulators or counterparties with confidence.

For financial services institutions, Xapien provides an independent check on self-reported data. A company may report a headline ESG metric that appears satisfactory, but a Xapien report may reveal that a junior employee has written a blog about systemic failures in the same reporting area. Neither piece of information alone is conclusive, but together they provide a richer and more honest picture than structured data alone.

For M&A and private equity deal teams, Xapien compresses what would otherwise be days of analyst time into minutes. It moves comprehensive screening to the front of the due diligence process — enabling teams to make better-informed onward decisions before committing to more time-intensive and costly investigation.

“I cannot overstate how much easier due diligence is with Xapien. Enhanced due diligence on a prospect used to take the better part of a day. You can sometimes go down a rabbit hole of searches and reviewing news stories to try to determine whether they are proven, hearsay or media speculation. Xapien enables us to get all of that data in 12 minutes or less. Now, I can leave Xapien running in the background while attending to other compliance needs.”

Alex Nash, Money Laundering Reporting Officer, Griffin

The regulatory horizon: What corporate teams need to watch

While the near-term direction of ESG regulation has shifted towards simplification, a number of developments over the next 12–18 months will have direct implications for corporate compliance programmes.

UK ESG ratings regulation: The UK government has laid the Financial Services and Markets Act 2000 (Regulated Activities) (ESG Ratings) Order 2025 before Parliament, subjecting ESG ratings providers to formal FCA oversight for the first time. The FCA is expected to publish final rules in Q4 2026, with operative provisions effective from June 2028. This will affect how institutional investors can rely on and evidence third-party ESG assessments.

SFDR reform: The European Commission has put forth a proposal to amend the Sustainable Finance Disclosure Regulation, introducing new product labelling categories: transition finance, ESG basic, and sustainable — and streamlined disclosure requirements. The European Parliament and Council are expected to finalise a text in 2026. These changes mean fund managers and asset owners will need to reassess product classifications and disclosure obligations.

CSRD assurance standards: In February 2026, the Dutch Authority for the Financial Markets published four guidelines on the independent auditing of sustainability reports under CSRD. This followed the first year in which audit firms were required to verify those reports under the directive. As these standards develop, the bar for what counts as credible sustainability reporting will rise — making independently sourced, externally verifiable ESG assessments increasingly valuable.

ESG litigation pipeline: With the Green Claims Directive advancing through the EU legislative process, and UK regulators deploying automated tools to identify non-compliant marketing claims, ESG-related enforcement and litigation is set to increase. Corporates, financial institutions, and their advisers need robust processes — and a clear paper trail — to prepare in case they find themselves in front of a regulator or a judge.

Conclusion

The ESG landscape in 2026 is marked by tensions. Regulatory requirements have been simplified in some jurisdictions, while enforcement of existing standards has intensified. Political resistance to ESG mandates has grown louder, while the legal and commercial consequences of ESG failures have grown more significant.

For enterprise compliance, legal, and financial services teams, this environment rewards precisely the kind of comprehensive, explainable due diligence that has always been the gold standard. For too long, quality has been sacrificed to speed or cost pressure. With Xapien, compliance teams don’t need to choose. Organisations can use the platform to navigate this evolving ESG environment with confidence.

Those that will navigate the ongoing changes most effectively are teams that treat ESG risk with the same seriousness they apply to financial or legal risk. Organisations will be best protected by treating ESG due diligence not as a box to be checked, but as a material factor that requires genuine investigation, documented evidence, and tools capable of finding what companies would prefer to keep hidden.


Discover how Xapien helps enterprise, financial services, and legal teams conduct faster, more thorough ESG due diligence. Book a personalised demo.

Sources & further reading

California climate disclosure laws — SB 253 and SB 261 status update, Nixon Peabody

EU ESG wrap-up: concluding 2025 and stepping into 2026, Stibbe

Financial Services Regulatory ESG updater, Norton Rose Fulbright

Institutional Investor Engagement and Stewardship, OECD

NY Supreme Court Rules the State Must Issue Climate Regulations, EarthJustice

Omnibus I documentation, European Commission

Sustainability and ESG in 2026: UK and EU regulatory priorities and timelines, A&O Shearman

The ASA, AI and Greenwashing – what do businesses need to know? Travers Smith

The CMA’s new consumer protection enforcement powers, Macfarlanes