3 March – 3 April 2026

Introduction

ESG is changing the landscape for financial institutions as stakeholders, including investors, increasingly expect them to make their operations more sustainable.

Financial services regulators also view ESG as a priority, embedding the principles of climate-related financial risks into their supervisory frameworks and dealing with greenwashing issues.

There is limited uniformity in regulation as financial services regulators are at different stages in developing their ESG regulatory framework, particularly in relation to disclosures and taxonomy, which is a challenge for many institutions operating across borders. It is therefore critical to monitor the latest regulator updates.

To help you, we have tracked ESG regulatory developments from 3 March 2026 – 3 April 2026, from the UK, France, EU, the Netherlands, the US, Australia as well as other key international regulators.

This month’s highlights

Who’s Auditing the Algorithm? The Compliance Challenge of AI in ESG

In 2026, the increasing use of AI for ESG data management and analysis introduces new governance risks that compliance teams must address.  These include ensuring the accuracy and auditability of AI-calculated metrics such as carbon footprints and supplier risk scores, monitoring for algorithmic bias in social-pillar assessments, and demonstrating that the organisation’s AI infrastructure aligns with its own ESG commitments.

Compliance teams can take several practical steps to reduce the risks associated with AI in the ESG context.

The starting point is visibility: organisations should build and maintain a comprehensive inventory of all AI systems in use across the business, covering operations, marketing, HR, risk, and customer service. Without knowing where AI is deployed, it is impossible to assess or manage the associated risks. Each system should have clear ownership, and AI governance should be integrated into the broader enterprise risk management framework rather than treated in isolation.

Validation and human oversight are equally critical. AI outputs in ESG – such as carbon footprint calculations or supplier risk scores—must be rigorously checked against expert judgement, particularly given that many models operate as a “black box” where the reasoning behind outputs is opaque. Compliance teams should interrogate the data on which models are trained and the methodologies they apply.

Organisations should also assess and disclose the environmental footprint of their own AI infrastructure, including energy consumption and carbon emissions, as companies often fail to do so. This is an area of growing investor expectation.

On the vendor side, contracts with AI providers should include robust provisions on liability, audit rights, impact assessments, and early-notification obligations. Third-party AI failures can carry significant regulatory and reputational consequences for the end user.

Internally, compliance teams must guard against “AI washing”—publishing governance policies that exist on paper but are not actively embedded across the organisation. Policies should be accessible, acknowledged by staff, and supported by training on AI ethics and responsible use.

From a regulatory perspective, teams need to track and classify AI systems under the applicable risk frameworks, including the EU AI Act and emerging US federal guidance, and reassess classifications whenever models are retrained or expanded.

Where possible, organisations should favour purpose-built sustainability AI tools over generic alternatives, as specialist tools are designed to handle regulatory frameworks and produce traceable, audit-ready outputs.

Finally, effective AI risk management requires cross-functional collaboration. Compliance needs a stronger grasp of technology, and IT needs a deeper understanding of regulatory risk. The organisations best positioned for success are those that embed governance early and involve legal, compliance, IT, and product teams from the outset.

United Kingdom

23 March 2026 – New FCA webpage on non-financial misconduct

The Financial Conduct Authority (FCA) published a new webpage to help firms get ready for the new rule and guidance to tackle non-financial misconduct (NFM), explaining what firms should do before the changes come into effect on 1 September 2026.

The webpage states that NFM includes behaviour that is not of a clearly financial nature such as bullying, harassment and violence and reminds firms that NFM is covered by the FCA’s requirements under the following:

  1. Code of Conduct (COCON) rules – A new rule, COCON 1.1.7FR, will extend the scope of the conduct rules in non-banking firms to cover bullying, harassment or violence against colleagues, where it relates to an individual’s role. The new rule will apply where there is a sufficient work-related link.
  2. Fit and Proper test (FIT) – FIT already allows firms to consider any relevant misconduct, wherever it occurs, when assessing fitness and propriety. The new COCON rule focuses on certain work-related misconduct, while new FIT guidance (see below) clarifies how firms can take a broader range of NFM into account when assessing fitness and propriety.
  3. New guidance – The FCA has published new Handbook guidance (PS25/23) to help firms apply COCON and FIT.

The new rule and guidance will come into effect on 1 September 2026. Before then, firms should review whether they need to update their approach to: (i) staff policies; (ii) conduct breach reporting; (iii) fit and proper assessments; and (iv) regulatory references. Firms should also ensure that staff and managers understand how the changes apply to them.

The FCA also expressly states that firms do not need to: (i) carry out retrospective analysis to check whether they correctly determined past conduct rule breaches; (ii) revise past fitness and propriety assessments; (iii) monitor employees’ private lives or social media accounts; (iv) investigate allegations about employees’ private lives if they are trivial, implausible or irrelevant; or (v) do anything contrary to privacy, employment or other relevant law.

For further information on the incoming changes in this area, and what key actions firms should be taking as we move towards 1 September 2026, please see our recent NFM webinar and briefing.

European Union

17 March 2026 – Commission seeks feedback on possible revisions to the EU taxonomy

The European Commission (Commission) announced that it was seeking feedback on possible revisions to the criteria of the EU taxonomy in order to make the framework simpler and easier to use. As such the objectives being pursued under the review are the same as those for the Omnibus package, namely, to simplify the rules and reduce burden.

The draft revisions include streamlined criteria and clarifications on how to demonstrate compliance. The changes cover most activities under the Climate and Environment Delegated Acts, including forestry and environmental protection, manufacturing, energy, transport and construction, as well as for all the generic ‘do no significant harm’ appendices.

The deadline for comments was 14 April 2026.

The feedback will help shape the forthcoming revision of the criteria by the Commission, which is planned for adoption by the summer.

20 March 2026 – BaFin changes its administrative practice: The end of uncertainty for ESG Collaborative Engagements?

The German regulator, the Federal Financial Supervisory Authority (BaFin) has announced immediate changes to its administrative practice for attributing and disclosing voting rights. Although this change might lead to greater certainty for ESG collaborative engagement firms will still need to consider the implications for their ESG collaboration among institutional investors and review their internal policies and procedures.  

By way of background, institutional investors often come to an agreement with each other in order to more effectively represent their positions on ESG topics vis-à-vis the companies in which they invest. However BaFin noted previously that such agreements can be classified as “acting in concert” and have unintended consequences.

On March 20, 2026, BaFin issued a supervisory notice announcing immediate changes to its administrative practice for attributing and disclosing voting rights under the German Securities Trading Act (WpHG) in light of the Court of Justice of the European Union’s judgment of February 12, 2026 (Case C‑864/24).

In Case C‑864/24, the Court of Justice of the European Union held that the wording of Section 34(2) of the WpHG concerning “acting in concert” (AiC) is incompatible with European Union law insofar as it exceeds the scope of the Transparency Directive. According to the Court, a national provision that departs from the Transparency Directive by imposing a stricter attribution regime is permissible only where such a rule is directly connected with takeover bids, mergers, or other transactions affecting the ownership structure or control of companies.

Effective immediately and until the German legislator amends Section 34(1) and (2) WpHG to align with EU law, BaFin will:

  • Narrow the AiC attribution concept under Section 34(2) WpHG to the standard reflected in the Transparency Directive. Going forward, an AiC attribution under Section 34(2) WpHG will be recognized only where there is an agreement that binds the parties to pursue, on a long‑term basis, a common policy regarding the issuer’s management.
  • Discontinue applying Section 34(1) sentence 1 nos. 3 and 5 WpHG as bases for voting-rights attribution for transparency purposes, because the Transparency Directive contains no corresponding attribution grounds.

It should be noted that the respective administrative practice set out in BaFin’s Issuer Guidelines and in BaFin’s FAQs on the transparency obligations pursuant to Sections 33 et seq. of the WpHG no longer applies.

At the same time, BaFin will continue to apply and interpret Section 30 of the German Securities Acquisition and Takeover Act (WpÜG) unchanged in proceedings under the WpÜG in conjunction with the provisions of the WpÜG Offer Regulation and, where applicable, the German Stock Exchange Act.

France

There have been no reported updates this month.

The Netherlands

AFM publishes second ESG update

The Dutch Authority for the Financial Markets (AFM) published its second ESG update. In 2024 and 2025, the AFM surveyed market compliance with sustainability requirements across two themes: product oversight and governance (POG) and the suitability assessment. This latest update provides additional clarification and highlights good practices observed in the market for each of these themes.

Notably, the update provides the following expectations from the AFM:

  • Market participants know and check the quality and reliability of products’ sustainability – related information, also for the purpose of the suitability assessment.
  • Market participants have set up the customer journey (website, app, customer contact) according to the distribution strategy.
  • Market participants monitor the distribution of grey products to the negative target market and evaluate the effectiveness of their strategy to prevent this.

Australia

24 March 2026 – Australia and the EU finalise free trade agreement

Concluded, but not yet in force, the Australia-EU FTA aims to strengthen trade and investment between Australia and the EU, and carries with it significant ESG commitments.

The FTA imposes binding obligations to implement the International Labour Organization’s Fundamental Conventions, covering freedom of association, collective bargaining, working conditions, and workplace discrimination. It also advances gender equality and women’s economic empowerment through enforceable commitments under the Convention on the Elimination of All Forms of Discrimination Against Women.

26 March 2026- The Australian government passes the Doubling Penalties for ACCC Enforcement Bill 2026

The Treasury Laws Amendment (Doubling Penalties for ACCC Enforcement) Act 2026 (the Act) is now in force. The Act amends the Competition and Consumer Act 2010, including the Australian Consumer Law, to increase the maximum penalties for certain breaches of competition and consumer law. The Act doubles key monetary penalty thresholds, including raising the base maximum penalty for corporations from $50 million to $100 million per contravention.

Although catalysed by rising fuel costs, the doubling of penalties applies economy‑wide, including to:

  • Anti-competitive conduct encompassing concerted practices, misuse of market power, exclusive dealing, cartel conduct, and resale price maintenance.
  • Merger regime related conduct including neglecting to notify the ACCC of an acquisition that is required to be notified, gun jumping and failing to comply with the conditions of merger clearance.
  • Consumer law contraventions including unconscionable conduct, making false or misleading representations, breaches of product safety standards, etc.
  • Sector-specific provisions including breaches of civil penalty provisions in gas market instruments and engaging in particular prohibited conduct in the electricity industry.

In light of heightened ACCC scrutiny over fuel markets, businesses operating in these sectors ought to urgently review and update their compliance programs. However, given the economy‑wide application of these amendments, the implications will extend well beyond fuel markets and have broader consequences for business compliance systems going forward.

United States- SEC and CFTC

There have been no reported updates this month.

International regulators – FSB, IOSCO, Basel Committee, NGFS, SASB, IFRS, ISSB

There have been no reported updates this month.