ESRS 1 · CSRD · Technology

Double Materiality Assessment
for Technology

Technology companies face a concentrated materiality profile around energy use, data ethics, workforce conditions, and hardware supply chains.

ESRS 1 · CSRDv2026.0432 topics

Double materiality, scored.
Not just a checkbox exercise.

Session
0x4D99
Framework
CSRD / ESRS
Threshold
Fin ≥ 9 · Imp ≥ 3
01// engagement— ESRS 2 IRO-1
02// industry_presets— quick scope selection
03// topic_selection— 32 ESRS topics
Environment
Social
Governance
awaiting inputStage 1/3 · 0 in scope · Ctrl+E export
Materiality Summary
material_topics
not_material
out_of_scope
in_scope_total
scored
E / S / G Pillar Breakdown
E_material
S_material
G_material
pillar_balance
Material Topics
no_material_topics
Not Material
awaiting_results
Threshold Sensitivity
awaiting_results
Risk Intelligence
awaiting_results
ONE EMAIL · UNLOCKS EVERYTHING · FREE FOREVER

Enter your email to unlock the full DMA analysis.

One email. One time. Unlocks the double materiality scatter matrix, borderline topic analysis, risk intelligence findings, full threshold sensitivity chart, and the working paper download — everything at once, forever, on this device.

No payment. No upsell. No "premium tier" pop-ups. Ever.

One audit insight a week. Unsubscribe any time. GDPR-compliant (MailerLite, EU servers).
Your email unlocks every section below automatically.
ADVANCED ANALYSIS

Deeper DMA analysis, styled the same.

01// scatter_matrix— ESRS 1 para 44
Complete topic scoring to generate the scatter matrix.
02// borderline_topics— professional judgment required
Complete scoring to identify borderline topics.
03// risk_intelligence— automated ESRS warnings
Complete scoring to run risk intelligence.
04// full_sensitivity— threshold 1-25
Complete scoring to generate the full sensitivity chart.
🔒
4 advanced sections · scatter matrix · borderline · risk intelligence · sensitivity
Enter your email above to unlock all of this. It's free — no payment, ever.
Scroll up to unlock ↑
EXPORT (EMAIL TO UNLOCK)

Email unlocks the free download.

No payment required. Enter your email above to unlock the full working paper download.

Format
HTML → PDF
Standard
ESRS 1 / ISSA 5000
Price
FREE
or CtrlE

Double materiality assessment for Technology

Technology companies entering the CSRD reporting population face a materiality profile that depends heavily on whether they are software-only or have hardware in the value chain. A pure SaaS provider's environmental footprint centres on data centre energy consumption and the embodied carbon of cloud infrastructure. A hardware manufacturer or electronics retailer inherits the full mining-to-disposal chain with its conflict minerals, hazardous waste, and factory labour conditions. The double materiality assessment under ESRS 1.20-33 must reflect this distinction, not apply a generic "tech sector" template.

E1 Climate change is material for nearly all technology companies. Data centres consumed an estimated 460 TWh of electricity globally in 2024 (per the IEA's Electricity 2024 report), and that figure is climbing with AI workloads. Even companies that outsource to hyperscale cloud providers bear Scope 3 category 1 exposure for purchased cloud services. On financial materiality, energy price volatility and carbon pricing mechanisms (EU ETS for data centres in scope) create direct cost exposure. E5 Resource use and circular economy applies to companies producing hardware, managing electronic waste, or consuming significant quantities of rare earth minerals. The EU's proposed Ecodesign for Sustainable Products Regulation will impose circular economy obligations on electronics manufacturers. S1 Own workforce is material across the sector, but the specific sub-topics differ from manufacturing. Technology companies face materiality on working time (crunch culture), diversity and inclusion metrics, and adequate wages for contractor workforces. S4 Consumers and end-users is where technology diverges most from other sectors. Algorithmic bias, data privacy (GDPR enforcement actions totalled over EUR 2.1 billion in fines between 2018 and 2024), digital addiction in minors, and content moderation failures all fall under S4's impact materiality scope. G1 Business conduct covers anti-competitive practices, lobbying transparency, and tax practices, all areas of active regulatory scrutiny for large technology firms.

Assurance providers reviewing technology company assessments flag two recurring issues. First, entities exclude E2 Pollution and E3 Water without adequate justification. Data centres in water-stressed locations use significant volumes for cooling (Google reported 5.6 billion gallons of water use in 2022 across its facilities). Dismissing E3 without site-by-site analysis is a gap. Second, entities treat S4 as immaterial because they are not consumer-facing, ignoring that business customers' employees and their data subjects qualify as end-users under ESRS S4. A B2B SaaS company processing personal data for its clients has S4 exposure through those data subjects.

Technology companies should segment their assessment by business line. For each line, map the value chain and identify the relevant ESRS topics. Software businesses focus on E1 (energy), S1 (workforce), S4 (data ethics, privacy), and G1. Hardware businesses add E2 (hazardous substances in manufacturing), E5 (e-waste, conflict minerals), and S2 (factory labour conditions in the supply chain). Use energy consumption data from cloud provider sustainability reports, Scope 3 estimates from spend-based models, and privacy incident logs as quantitative inputs. For S4, document the volume of personal data processed, the number of data subjects affected, and any regulatory actions or complaints received.

Frequently asked questions: Technology

Are SaaS-only companies likely to find fewer ESRS topics material than hardware companies?
Yes. A pure SaaS company typically finds E1, S1, S4, and G1 material, with limited exposure on E2 through E5. A hardware company or one with a physical supply chain will likely add E2, E5, and S2. But SaaS companies must still assess all topics and document why they concluded certain topics are not material, per ESRS 1.28.
How should technology companies assess S4 for data privacy impacts?
Score severity using the criteria in ESRS 1.45-48. Scale is the number of data subjects affected. Scope is the geographic and jurisdictional reach. Irremediable character considers whether a data breach causes harm that cannot be fully remedied (identity theft, for example, has lasting consequences). Financial materiality includes GDPR fine exposure (up to 4% of global turnover), litigation costs, and customer churn following incidents.
Is E4 Biodiversity relevant for technology companies?
Rarely at the entity level, unless the company operates large campuses in ecologically sensitive areas or sources minerals linked to habitat destruction (cobalt mining in the DRC, lithium extraction in South America). Most technology companies will conclude E4 is not material, but the assessment must consider the upstream mining value chain if hardware is involved.
Should AI-focused companies treat algorithmic bias as a materiality topic?
Algorithmic bias falls under S4 Consumers and end-users. If the company's AI products make decisions affecting individuals (credit scoring, hiring tools, content recommendation), the potential for discriminatory outcomes creates impact materiality. Financial materiality arises from regulatory action under the EU AI Act, which entered application in August 2025 for high-risk AI systems. Score it under S4 using the severity criteria.

Related industry assessments

General Assessment

All industry assessments

Manufacturing Retail Banking & Finance Healthcare Real Estate Not-for-Profit Insurance Energy & Utilities Agriculture Construction Logistics Professional Services
Scope 3 Emissions Estimator ISA 570 Going Concern Checklist Materiality Calculator

Further reading

Get practical audit insights, weekly.

No exam theory. Just what makes audits run faster.

290+ guides published20 free toolsBuilt by practicing auditors

No spam. We’re auditors, not marketers.