ESG Compliance in 2026: the technology challenges nobody tells CFOs about

When I started designing the technology architecture of Carbon Sense, Atlas's ESG platform, I expected to solve technical problems. Stack, database, APIs, digital reporting formats. What I didn't expect was that the main problem wouldn't be technological.

The main problem is that most companies systematically underestimate the distance between where they think they are and where they actually are.

This article is written by someone building an ESG system from the inside, while regulations change, while standards are being rewritten, while the market fills up with solutions that promise simplicity in a domain that is anything but simple. I'm writing it for CFOs and managers who need to make concrete decisions about ESG compliance in 2026, without necessarily having a technical background but with the clear responsibility of getting it right.

The Omnibus paradox: fewer direct obligations, more real pressure

On March 18, 2026 (six days from the publication of this article) the Omnibus I Directive (EU 2026/470) comes into force, having radically redesigned the CSRD perimeter. Dimensional thresholds have been raised dramatically: today mandatory reporting only applies to companies with over 1,000 employees and over 450 million euros in revenue. Compared to the original plan, approximately 90% of companies initially involved have exited the scope of direct obligations.

In many companies this news was met with relief. A relief that risks being dangerous.

The reason is simple: ESG pressure doesn't come only from direct regulation. It comes from banks, from clients, from the supply chain. Since January 11, 2026, EBA guidelines on climate and ESG risks have been operational for all major European credit institutions. This means banks are now required to integrate ESG risks into credit assessment models, adjust financial terms based on the company's sustainability profile, and set quantitative targets for reducing financed emissions.

The data confirms this precisely: SMEs with high ESG scores enjoy a credit disbursement rate 11% above average. Companies with very low ESG scores see a 6% reduction in access to financing. Companies with high ESG adequacy have default rates 34% below average. These aren't future projections. They are CRIF 2025 data on 2024.

On the supply chain front, the logic is analogous. Large companies subject to CSRD are required to map ESG risks across their value chain. Suppliers who cannot respond to data requests automatically become a problem. Suspended contract renewals, blocked qualification procedures, replacement with alternative suppliers already certified. According to the CDP Supply Chain Report 2024, based on data from over 23,000 companies, failing to address climate risks in the supply chain costs nearly three times more than the actions needed to mitigate them. Scope 3 emissions are on average 26 times higher than direct operational emissions, yet only one in four companies integrates supply chain climate risks into its risk management processes.

Omnibus I also introduced the concept of the "protected company": every company with fewer than 1,000 employees in the value chain of a CSRD company has the legal right to refuse ESG data requests that exceed the VSME voluntary principles. But there's a critical window: the definitive VSME will be published by the Commission by July 19, 2026. Until then, procurement managers of large companies tend to intensify their ESG questionnaires precisely in the months when protection is not yet fully operational.

The message is this: fewer formal obligations does not mean less real pressure. It means market pressure, which is harder to ignore than a directive.

The problem no platform solves alone: data

When discussing ESG compliance, the conversation often ends up on software platforms. Which one to choose, how much it costs, which frameworks it supports. It's a conversation that puts the cart before the horse.

The real problem isn't the platform. It's the quality of the data you put into it.

An NQA study analyzed over 50 ISO 14064-1 certified companies across 28 industrial sectors, comparing actual verified emissions with those calculated using spend-based emission factors. The results are illuminating: in 77% of cases, standard factors overestimate actual emissions, with an average variance of -63%. In 23% of cases they underestimate them, with an average variance of +623%.

But the most dramatic case concerns Scope 3 emissions. The Manufacturing Technology Centre, a case documented by Normative, official UN Race to Zero partner, had calculated its Scope 3 emissions at 1,722 tCO2e using generic factors. The actual measurement revealed 8,780 tCO2e. A discrepancy of 410%.

This is not an isolated case. According to the Deloitte 2024 Sustainability Action Report, 57% of companies identify data quality as the top challenge in ESG reporting, and 88% place it among the top three. CDP data confirms that only 41% of reporting companies have disclosed Scope 3 emissions, and just 39% have engaged their suppliers on climate issues. A paper published in PLOS Climate (Nguyen et al., 2023) analyzed Scope 3 data divergence across major ESG providers over 6,700 company-year observations, finding a median absolute percentage error of 72.2% on aggregate Scope 3 emissions. High-materiality categories are systematically under-reported compared to low-materiality ones. The problem isn't the precision of any single emission factor: it's coverage. The Scope 3 categories not considered, the suppliers not mapped, the internal processes not monitored. An ESG system working on incomplete data produces a report that doesn't represent business reality and won't withstand an external audit.

When we design Carbon Sense, the fundamental distinction driving every architectural choice is between primary data and estimates. Primary data means real measurements, energy consumption from bills and meters, process data, verified transport data. Estimates are calculations based on standard emission factors applied to generic spend or activity data. Both have a place in an ESG system, but they must be treated differently, tracked differently, and presented differently in a certifiable report.

A CFO evaluating an ESG platform should ask one question: does the system distinguish between primary data and estimates, and how does it manage this distinction in the audit trail? If the answer is vague, the system isn't certifiable. And if the report isn't certifiable, it's worth nothing to banks or supply chain clients.

Interoperability: the problem that emerges after signing the contract

Another problem that systematically emerges during implementation is integration with existing systems. ERP, accounting systems, HR, energy management systems. Every company has a constellation of software managing data potentially useful for ESG reporting, and almost none of these systems were designed to communicate with an ESG platform.

According to industry analysis, ESG solution costs have grown significantly over the past three years, driven partly by integration complexity. Only 27% of companies believe they have the necessary technological infrastructure for structured ESG compliance. 83% are unsure about their data readiness.

In practice, this means implementing an ESG system often requires preliminary data mapping and cleaning work that isn't included in the software license and wasn't budgeted for initially. It's a hidden cost that emerges after contract signing, when the project is already underway.

The right questions to ask during evaluation are: what import formats are supported? Is there a documented API for integration with major ERPs? Who is responsible for data mapping between the existing system and the ESG platform? How long does onboarding typically take for a mid-sized manufacturing company?

Another dimension of interoperability that is often underestimated is between standards. ESRS, GRI, IFRS-S and CDP coexist in the market. A company reporting under ESRS should be able to partially satisfy GRI requirements without duplicating work. Platforms that support this cross-standard interoperability significantly reduce total compliance costs over time.

iXBRL: why Excel won't be enough anymore

From January 2028, sustainability reports from CSRD-subject companies must be transmitted in XHTML format with Inline XBRL tags, through the European Single Access Point (ESAP). It's the same standard already in use for financial statements under ESEF.

This radically changes the meaning of "digital reporting." A well-formatted PDF is not a digital document in the regulatory sense. An iXBRL report is a structured document where every data point is tagged with a unique identifier from the ESRS taxonomy, machine-readable, comparable across companies, automatically verifiable.

The technological implications are concrete. The iXBRL tagging process requires dedicated tools and specific expertise. It's not something that can be done retroactively on an existing PDF: it must be integrated into the data collection and aggregation process from the start. Companies evaluating an ESG platform today should verify whether the system natively supports iXBRL export according to the ESRS taxonomy, not as a future feature but as a present, tested capability.

When we design Carbon Sense, iXBRL support isn't an addition on the roadmap. It's a fundamental architectural requirement, because it changes data structure, tracking granularity, and output format down to the database level.

The role of AI: promises and reality

Only 25% of companies currently use artificial intelligence for ESG reporting, but 89% expect it to have a material impact in the coming years. The gap between expectation and current adoption is wide, and not without reason.

AI applied to ESG has concrete, well-defined use cases: automatic document analysis for extracting relevant data, materiality assessment on large volumes of information, continuous performance monitoring against targets, anomaly detection on energy consumption data, and automatic data structuring for iXBRL tagging.

But AI doesn't solve the data problem. If input data is incomplete, poorly structured, or based on undocumented estimates, AI produces unreliable outputs faster. Garbage in, garbage out applies even with the most sophisticated models.

The priority, at the stage where most Italian SMEs find themselves today, isn't AI. It's data governance: defining which data to collect, at what frequency, from which sources, with what level of verifiability. On this foundation you build a reliable ESG system. AI comes later, when the data is clean and structured.

What to look for in an ESG platform: concrete technical criteria

The global ESG software market reached $4.78 billion in 2026. EFRAG has catalogued over 320 tools and platforms designed to support SME ESG reporting. The choice is wide, the confusion is high.

Here are the concrete technical criteria a CFO should use to evaluate a platform, regardless of how convincing the sales deck is.

The first criterion is the distinction between primary data and estimates, with data origin tracking and separate management in the audit trail. A system that doesn't make this distinction doesn't produce certifiable reports.

The second is support for relevant frameworks for your industry. ESRS and VSME for Italian SMEs, GRI for those operating in international markets, TCFD for those interfacing with institutional investors. Verify not only which frameworks are supported, but how cross-standard interoperability is managed.

The third is Scope 3 emissions management. It's the hardest data to collect and the one with the greatest impact on real carbon footprint. A platform that doesn't support structured supply chain mapping for relevant Scope 3 categories is an incomplete platform.

The fourth is report certifiability. Major international certification standards (ISO 14064-1, ISO 14001, GHG Protocol) require a verifiable audit trail, source traceability, and documentation of calculation methodologies. Verify whether the platform has already been used in projects certified by recognized third-party bodies.

The fifth is iXBRL support. Not as a future feature: as a present, tested function based on EFRAG's official ESRS taxonomy.

Compliance as investment, not cost

70% of Italian SMEs report difficulties in measuring and monitoring their sustainability performance. 73% consider regulatory complexity a significant brake. 60% rate the lack of internal competencies as a serious obstacle.

These numbers describe a real gap. But they also describe an opportunity for companies that decide to address the issue now, before market pressure becomes unsustainable.

SMEs with high ESG adequacy increased by 17% in a single year. 76% of financing to large companies already involves companies with high ESG profiles. Sustainability is transforming from a compliance obligation into an identity and competitive asset.

Those who build the right data infrastructure today, who choose platforms designed for certifiable primary data rather than aggregated estimates, who develop the internal competencies needed to manage an ESG system autonomously, these companies will arrive at 2028 in a completely different position from those who wait.

The question is not whether to invest in ESG compliance. The question is when, and with what approach.