7 ESG Data Requests South African SMEs Are Now Receiving from Their JSE Customers

Your largest customer sends an email. Attached is a 12-page supplier sustainability questionnaire. It asks for your greenhouse gas emissions data, your environmental management policy, your health and safety incident rates, your B-BBEE certificate, and evidence of third-party ethics audits. You have two weeks to respond.

This is not a hypothetical. It is happening to South African SMEs across manufacturing, mining supply chain, retail, and professional services right now. The obligation is not directed at you by a regulator. It is directed at your customer by the JSE, investors, and incoming ISSB-aligned disclosure standards. But the data they need to fulfil it sits inside your operations.

Anglo American runs a Responsible Sourcing programme with mandatory supplier self-assessment questionnaires. Exxaro embeds green and inclusive procurement requirements into vendor contracts through its supply chain sustainability strategy. Woolworths extends environmental, labour, and social standards contractually to every tier of its supply chain. Shoprite applies its Supplier Code of Conduct to all trade and non-trade suppliers and sub-contractors.

The pattern is consistent. South African SMEs are entering ESG reporting through the back door of supply chain procurement. The companies that have a data system ready will respond in days and retain the contract. The ones that scramble with inconsistent spreadsheets risk being quietly moved down the preferred supplier list.

This article covers the seven ESG data categories your customers are already requesting, what each one means in practice, and where to start building a system that makes every future questionnaire manageable.

Why Supply Chain ESG Pressure Is Intensifying Right Now

The obligation cascade follows a clear logic. JSE-listed companies are now operating under King V (effective January 2026), which introduces explicit double materiality and a mandatory Disclosure Framework. To report on Scope 3 emissions, covering upstream supplier activity, they need primary data from their suppliers. To demonstrate supply chain due diligence under TCFD-aligned guidelines, they need documented evidence from the companies they buy from.

Research by Sage, ICC, and PwC covering South African SMEs found that 71% of South African SMEs consider sustainability important to their business, but only around 8 to 9% currently invest in formal sustainability reporting. That gap is where the commercial risk lives. Your customers are closing it, starting with their supplier base.

Industry expects mandatory ISSB reporting requirements for JSE-listed companies within 12 to 24 months. The CIPC launched its mandatory sustainability reporting consultation in January 2025. The FSCA has signed a cooperation agreement with the IFC and IFRS Foundation to accelerate ISSB adoption. When that obligation is formalised, the granularity and frequency of ESG data requests flowing down to suppliers will increase significantly.

Missing documentation does not just create reputational exposure for your customer. It creates procurement risk for you.

The 7 ESG Data Categories You Will Be Asked to Provide

1. Scope 1 and Scope 2 Greenhouse Gas Emissions

Scope 1 covers direct emissions from combustion and on-site processes, including vehicles, generators, and any thermal processes in your operations. Scope 2 covers purchased electricity. If your business runs on Eskom's grid, your Scope 2 figure is calculable from 12 months of utility bills using South Africa's published grid emission factor.

This is the data point JSE-listed companies most urgently need. Mining companies like Anglo American and Sibanye-Stillwater are pursuing science-based decarbonisation targets and must account for their full value chain emissions. Retailers like Woolworths need emissions data from suppliers to report on the carbon intensity of their product ranges.

The commercial consequence of not having this data is straightforward. Companies that cannot provide primary emissions figures force their buyers to use generic sector averages, which are typically higher than actual figures. That makes you appear as a higher-emissions supplier compared to a competitor who has measured and documented their own footprint. In a procurement decision where two suppliers offer similar pricing and quality, the one with verified data carries lower compliance risk for the buyer.

Start with Scope 1 and 2. They are the most commonly requested and the most achievable with data you already have access to.

2. Energy Consumption and Efficiency Data

Energy data sits beneath the emissions numbers and is increasingly requested as a standalone category. Buyers want to understand your total energy consumption, your energy sources (grid versus renewable), your energy intensity relative to output, and any efficiency improvements you have implemented.

This matters for two reasons. First, it helps JSE-listed companies assess the carbon risk embedded in their supply chains, particularly as South Africa's carbon tax Phase 2 escalates costs across the economy. The effective tax rate for fuel combustion increased by 130% in 2026 as Phase 2 began, with annual allowance reductions of 2.5% thereafter. Energy-intensive suppliers represent a growing cost and liability exposure for buyers.

Second, energy data is the starting point for identifying operational savings within your own business. Tracking energy consumption by facility or equipment reveals where waste is occurring and where efficiency investments pay back fastest. Buyers responding to Exxaro's supplier framework and similar programmes are specifically looking for evidence of active efficiency management, not just static consumption figures.

12 months of utility bills and fuel purchase records is the minimum foundation. Disaggregating by site or process category is the next step.

3. Environmental Management, Water, and Waste

Beyond emissions and energy, JSE-listed customers are asking for evidence of documented environmental management systems. This typically means an environmental policy covering waste disposal, hazardous substance handling, water use, and pollution prevention. ISO 14001 certification is the gold standard, but even a current, board-approved environmental policy document satisfies most supplier questionnaire requirements at the initial stage.

Water data is specifically requested by retailers and mining supply chain buyers, particularly for suppliers in water-stressed regions. Woolworths and Shoprite both include water management expectations in their supplier codes. Anglo American's Responsible Sourcing programme assesses environmental performance, including water risk, as part of its self-assessment questionnaire.

Waste volumes, recycling rates, and the handling of hazardous materials are also standard categories. The practical challenge for most SMEs is not that their practices are deficient. It is that nothing is documented consistently. A policy document that lives in a folder on the CEO's desktop and has not been reviewed in two years will fail a supplier audit just as definitively as having no policy at all.

4. Health, Safety, and Labour Data

Labour and safety data is often the category South African SMEs are best positioned to provide, because the underlying records already exist for legal compliance under OHSA-related regulations.

Occupational health and safety incident rates, compliance records, and near-miss reporting appear in virtually every supplier code of conduct from JSE-listed companies. Employment equity statistics, human rights policies, grievance mechanisms, and codes of conduct are expected from suppliers to companies operating under King V's responsible corporate citizenship principles.

Mining companies require particularly rigorous H&S data. Anglo American's Responsible Sourcing programme recognises third-party social and ethical audits, including SMETA (Sedex Members Ethical Trade Audit) and SA8000 certification, which cover labour standards as a core component. Retailers like Woolworths require alignment with the ETI Base Code and ILO declarations on labour practices.

The data gap is usually not the records themselves. It is the ability to extract and present them consistently across different questionnaire formats from different customers, often asking for the same underlying information in different structures.

5. B-BBEE Status Documentation

B-BBEE compliance is a requirement most South African SMEs already manage, but its intersection with ESG procurement is intensifying in ways that many have not yet registered.

Industry analysis from CIPS Southern Africa in 2025 specifically notes that carbon is becoming a standard line item in contracts, alongside a growing trend of buyers seeking suppliers that are both B-BBEE compliant and sustainability-ready. This creates a dual qualification framework: suppliers that cannot demonstrate both B-BBEE credentials and basic ESG documentation face compounding risk of exclusion from procurement programmes.

Exxaro's supply chain sustainability strategy explicitly integrates socio-economic development and B-BBEE compliance with green procurement objectives, prioritising black-owned SMMEs that meet environmental standards. This convergence reflects a broader South African dynamic where ESG and B-BBEE are being aligned rather than treated as parallel obligations.

For most SMEs, B-BBEE documentation is the part of the supplier questionnaire they can already complete without new data collection. The risk is treating it as the only documentation that matters and neglecting the environmental and climate data categories that are gaining equal weight in procurement decisions.

6. Governance, Ethics, and Data Protection

Governance documentation is now a baseline expectation in supplier questionnaires, not an advanced requirement. This means a documented anti-bribery and corruption policy, a conflict-of-interest procedure, a whistle-blowing mechanism, and a sanctions framework for ethical violations.

POPIA compliance documentation is increasingly appearing as a mandatory tender requirement, particularly for SMEs providing professional services or handling customer data on behalf of a JSE-listed company. Shoprite's Supplier Code of Conduct specifically references data protection and privacy compliance as a required standard.

For professional services SMEs supplying financial institutions, governance documentation carries particular weight. Banks including Standard Bank and Absa are integrating climate and ESG requirements into supplier standards, and their internal ESG frameworks reference governance and ethics expectations as part of responsible procurement. As the Prudential Authority's G3/2025 guidance drives bank-level ESG integration into credit assessments, supply chain governance requirements will follow the same escalation path.

The practical implication: your anti-corruption policy and data-handling procedures need to exist as documents that can be produced on request, not merely as practices that happen to be in place.

7. Third-Party Audit Credentials and Platform Participation

The seventh category is evidence that an independent party has verified your ESG claims. Third-party audits and certifications serve a specific function in supply chains: they shift the verification burden away from the buyer and provide a standardised, comparable assessment that can be presented to investors, auditors, and regulators.

Anglo American's Responsible Sourcing programme specifically recognises SMETA audits (Sedex Members Ethical Trade Audit), SA8000 certification, and ETI Base Code compliance. Woolworths references Sedex membership in its ethical sourcing requirements. EcoVadis, an international supplier sustainability ratings platform, is increasingly referenced by South African corporates with global supply chains, as a single EcoVadis assessment can be shared across multiple customers and aligned with multiple international standards.

CDP data shows that public disclosures by South African companies increased from 50 in 2018 to 84 in 2023, with 45% of JSE Top 100 companies disclosing publicly in 2023. As these companies mature their ESG reporting, they will expect proportionate evidence from their supplier base.

For most SMEs, full third-party certification is not immediately required. Registering on Sedex or completing a basic supplier self-assessment creates a documented starting point that satisfies many customer questionnaire requirements and positions you for more formal certification as your programme matures.

The Old Way vs. The New Reality

The Old Way: A supplier questionnaire arrives on a Friday afternoon. Finance chases Operations for energy bills. Operations cannot locate the current environmental policy. HR finds the health and safety log but it spans three years across four different spreadsheet formats. The carbon tax liability question is left blank. Someone reassembles everything the following Tuesday. The response is submitted four days late, contains six gaps marked 'not currently tracked,' and the company is removed from the preferred supplier list at the next procurement review.

The New Reality: ESG data is maintained continuously in a single system. Utility data is connected and updated monthly. Policy documents are current, version-controlled, and accessible to the relevant people. When a questionnaire arrives, eight of ten questions can be answered immediately from structured data that already exists. The response is submitted within 48 hours, complete, and consistent across all sections. The company is flagged as a low-compliance-risk supplier and retained at the top of the preferred supplier list.

The companies winning supplier contracts in South Africa in 2026 are not necessarily the most sustainable. They are the ones who can demonstrate what they do, consistently and quickly.

What This Changes for South African SME Suppliers

If you are a CFO or Supply Chain Manager in South Africa, this means:

• The ESG data requests arriving today are a preview of what your customers will require once mandatory ISSB-aligned reporting is formalised, which industry expects within 12 to 24 months. The granularity will increase, not decrease.

• Carbon tax Phase 2 is live. The effective tax increase of 130% for fuel combustion in 2026 alone makes emissions documentation a financial management necessity, not only a compliance exercise.

• EU CBAM (fully operational from 1 January 2026) covers iron, steel, aluminium, cement, fertilisers, and hydrogen. If your operations contribute to an EU-facing buyer's carbon footprint, they will request documented emissions data. South Africa's steel and aluminium exports to the EU are valued at approximately EUR 1.2 billion annually and are directly exposed.

• Green finance products from South African banks require baseline ESG data as a lending condition. As the Prudential Authority's G3/2025 guidance drives ESG integration into bank credit assessments, SMEs without ESG data will face higher borrowing costs and reduced access to green finance.

In the next 12 to 24 months, expect:

• Increasing specificity on Scope 3 data, moving from policy evidence to verified emissions figures with third-party assurance

• King V double materiality requirements pushing JSE-listed companies to map their full value chain impact more rigorously

• Carbon tax allowance reductions continuing annually through Phase 2, making carbon data infrastructure a financial management tool

• Procurement specifications from Vision 2030 and other regional megaprojects requiring ESG documentation as a baseline for contract award.

What you should do now:

• Start with the data you already have: utility bills, H&S records, and B-BBEE documentation are the foundation of an ESG data system. Centralise them.

• Identify which of the seven categories above you cannot currently respond to in a structured way, and close those gaps one at a time.

• Waiting for a formal regulatory mandate before acting means arriving at the next supplier questionnaire in the same position as the last one.

Putting It All Together: A Starting Roadmap

Most SMEs cannot build all seven data categories at once. Prioritise by commercial exposure.

If your largest customers are in mining or retail, start with GHG emissions (Scope 1 and 2), energy consumption, and labour/H&S documentation. These appear in virtually every mining and retail supplier questionnaire in South Africa. If your business has direct carbon tax liability or supplies into CBAM-exposed export chains, emissions documentation is your most urgent gap.

Assign one person responsibility for each data category. That person does not need to be a sustainability specialist. They need to know where the data lives and how to extract it in a consistent format. Documenting that process is half the work.

Expect the first complete supplier questionnaire response to take significant time. Expect the second to take a fraction of that, because the data architecture already exists. The businesses that build this infrastructure now will respond to every future request as a routine exercise rather than a quarterly crisis.

The Bottom Line

South African SMEs are not waiting for ESG regulation to reach them directly. Their customers, most of them JSE-listed and operating under King V, TCFD-aligned disclosure standards, and growing investor ESG scrutiny, are already asking for this data. The seven categories covered in this article represent the practical scope of what you will be asked to provide.

The risk is not philosophical. It is commercial. Missing documentation leads to disqualification from preferred supplier programmes, lost contracts, and barriers to green finance at a time when carbon tax Phase 2 is raising the cost of inaction for every South African business with emissions exposure.

The companies that build a systematic, repeatable approach to ESG data management now will find that every future questionnaire is an opportunity to differentiate rather than a scramble to survive.