← Back to all briefings
Governance 7 min read Published Updated Credibility 40/100

Governance Briefing — January 1, 2025

Detailed IFRS S2 implementation guide for HKEX issuers combining board governance, transition strategy, universal opt-out compliance, and evidence expectations for 2025 reporting.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: HKEX’s April 2024 rule amendments hardwire IFRS S2 into Appendix C2 of the ESG Code for financial years beginning on or after 1 January 2025. Every Main Board issuer must deliver decision-useful disclosures covering governance, strategy, risk management, and metrics, supported by rigorous evidence controls. Boards must prove climate oversight competencies, approve transition finance roadmaps, and verify that universal opt-out regimes cover stakeholder information used to populate climate datasets. Management must deliver a living control environment capable of supplying assurance-ready evidence to the Financial Reporting Council and international investors.

Mandatory governance disclosures

IFRS S2 paragraphs 4-13 require issuers to describe the governance processes, controls, and procedures used to monitor and manage climate-related risks and opportunities. HKEX expects issuers to detail board committee mandates, allocation of climate responsibilities across directors, and reporting lines into audit or risk committees. Boards must identify the frequency of climate agenda items, the specific metrics they review, and how climate considerations influence strategic decisions, capital allocation, and remuneration. To meet these expectations, issuers should maintain detailed board calendars, climate oversight charters, and evidence of director competence assessments. Training logs should show ongoing education on transition risk, physical risk, and decarbonisation finance so boards can demonstrate informed supervision.

Management disclosures must cover the internal roles accountable for climate execution, including how performance objectives cascade through the organisation. HKEX emphasises that issuers should explain how climate responsibilities integrate with enterprise risk management, internal audit, and disclosure controls. A robust narrative describes data ownership, escalation triggers, and cross-functional committees that review climate performance. Companies should document how universal opt-out preferences collected through privacy channels are surfaced to climate data owners, ensuring that data subject rights are respected while mandatory reporting obligations remain intact. When personal data informs greenhouse gas calculations or scenario analysis, managers must identify lawful bases, minimisation techniques, and compensating controls if opt-outs reduce data coverage.

Integrating strategy and transition plans

IFRS S2 requires issuers to explain the climate-related risks and opportunities that could reasonably affect business models, strategy, and financial planning. HKEX expects transition plans to include interim targets, capital expenditure envelopes, financed or facilitated emissions trajectories for financial institutions, and governance checkpoints. Boards should approve transition plan blueprints that align with Hong Kong’s Climate Action Plan 2050 and, where relevant, China’s dual carbon goals. Strategy disclosures should articulate how products, services, and supply chains are adapting, including changes to procurement policies, R&D investment, and customer engagement.

Governance teams must connect transition strategies to universal opt-out management. For example, when issuers rely on customer energy usage data to design low-carbon products, they must provide a single opt-out pathway that respects the customer’s choice across marketing, analytics, and sustainability systems. Documenting this orchestration demonstrates responsible data stewardship and anticipates questions from investors concerned about data ethics. Evidence packs should include customer notice templates, privacy impact assessments, and decision logs for any exemptions granted when regulatory obligations mandate data retention.

Scenario analysis expectations

HKEX’s conclusions highlight the need for issuers to conduct climate scenario analysis on a comply-or-explain basis at first, with the clear expectation of full adoption. Boards must review assumptions, challenge management on model design, and document how scenarios influence strategy and risk management. Organisations should run at least two temperature pathways, including a 1.5 °C-aligned transition scenario and a delayed-transition or high-physical-risk case. The methodology must describe data sources, modelling tools, geographic granularity, and how results influence capital planning, asset impairment testing, and supply-chain resilience.

Universal opt-out controls intersect with scenario analysis when personal data feeds location-based risk assessments, building energy models, or customer segmentation. Governance teams should maintain a register of data inputs with privacy classifications, document aggregation and anonymisation steps, and capture approvals from data protection officers. When opt-outs require data substitution, management should record the statistical techniques used to maintain model integrity, such as applying regional averages, Monte Carlo simulations, or sector benchmarks. Evidence folders should store scenario scripts, code repositories, validation memos, and board challenge minutes, demonstrating that management can reproduce results under assurance scrutiny.

Risk management integration

IFRS S2 aligns climate risk disclosures with the enterprise risk management framework. Issuers must describe processes for identifying, assessing, and managing climate risks, including thresholds for materiality, integration with overall risk appetite, and monitoring mechanisms. HKEX expects companies to embed climate risk into risk registers, define key risk indicators, and assign owners with escalation duties. Climate risks should link to operational resilience plans, supply-chain continuity strategies, and insurance coverage reviews.

To respect universal opt-out preferences, risk owners must ensure that personal data used in risk indicators—such as employee health and safety metrics, contractor data, or customer demand signals—is processed under appropriate legal bases. Opt-out registers should trigger alerts when data removal affects risk metrics, prompting risk committees to approve alternative data sources or revised thresholds. Audit-ready evidence includes risk workshop notes, heatmaps, control testing results, and communications with subsidiaries explaining how opt-outs were managed.

Metrics, targets, and financed emissions

HKEX mandates disclosure of absolute and intensity-based greenhouse gas emissions, including Scope 1, Scope 2 (market- and location-based), and material Scope 3 categories. Financial institutions must disclose financed emissions and financed exposure metrics aligned with the Partnership for Carbon Accounting Financials (PCAF) or comparable methodologies. Targets should include baselines, interim checkpoints, and governance oversight mechanisms. Boards need to evidence how they review performance, approve remediation plans, and align incentive structures with climate outcomes.

Data governance is central to metrics credibility. Companies should map emissions data sources, data owners, control activities, and assurance procedures. Internal audit should test data lineage from source systems to disclosure tables, verifying that opt-out requests were respected. For example, when collecting employee commute data, issuers should use privacy-preserving surveys that feed into a central system where opt-outs automatically redact individual responses and replace them with statistical estimates. Management should maintain reconciliation files that demonstrate how redacted data was substituted and quantify any impact on emission totals or intensity metrics. Assurance providers will expect to see detailed calculation workbooks, change logs, and evidence of management review and approval.

Universal opt-out operating model

The universal opt-out requirement is not unique to climate reporting, but its integration is critical to demonstrate ethical data use. Issuers should implement an enterprise preference centre that receives opt-out signals from web forms, service portals, call centres, and regulatory submissions. The centre should synchronise with identity access management systems and sustainability data warehouses, ensuring that opt-out flags propagate before the next reporting cycle. Governance teams must document data flows, API connections, and exception handling procedures. When opting out would contravene legal obligations—such as mandatory emissions reporting—organisations should provide clear notices explaining the legal basis, record the justification, and offer alternative privacy protections such as aggregation or pseudonymisation.

Evidence requirements include opt-out policy documents, process maps, data protection impact assessments, and logs demonstrating timely response. Issuers should also track metrics such as opt-out volume by stakeholder group, average processing time, and number of exceptions escalated to legal or the data protection officer. These metrics should be reviewed by the climate disclosure steering committee and the board’s risk committee to validate that stakeholder rights are protected without compromising disclosure quality.

Evidence readiness and assurance

HKEX and the Financial Reporting Council have signalled that climate disclosures will be subject to increasing assurance expectations. Issuers should adopt evidence management practices comparable to financial reporting. This includes a controlled document repository with role-based access, retention schedules aligned with Listing Rules, and metadata tagging for quick retrieval. Each disclosure element should have a supporting evidence pack, such as board minutes, policy documents, data extracts, validation reports, and opt-out logs. Companies should schedule quarterly evidence audits to confirm completeness and rectify gaps before year-end.

Internal audit and external assurance teams will expect clear management sign-off. Issuers should implement disclosure committees that review climate content alongside financial filings, documenting sign-offs, challenge logs, and remediation steps. The committee should verify that universal opt-out commitments were honoured, that scenario analysis assumptions match board-approved parameters, and that metrics reconcile to source systems. Maintaining this governance trail reduces the risk of enforcement actions and builds investor confidence in the issuer’s climate competence.

Immediate priorities for 2024

  • Conduct a governance and controls diagnostic. Benchmark current climate oversight, disclosure committees, and evidence repositories against IFRS S2 requirements, and assign remediation owners with timelines.
  • Build integrated data pipelines. Map all climate data sources, embed universal opt-out flags, and implement automated validations and reconciliations to support assurance-grade reporting.
  • Refresh transition and scenario plans. Update transition roadmaps, capital plans, and scenario models with board-approved assumptions, ensuring evidence of challenge and documentation.
  • Engage value chain partners. Issue updated supplier and portfolio company questionnaires that explain data use, universal opt-out options, and evidence expectations, and schedule joint training sessions.
  • Prepare assurance playbooks. Define internal and external assurance scopes, collect supporting documentation, and conduct dry runs to test retrieval speed and opt-out compliance.

Zeph Tech partners with HKEX issuers to embed IFRS S2 governance, orchestrate universal opt-out compliance across climate data, and deliver assurance-ready evidence for regulators and investors.

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Governance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Hong Kong
  • Climate governance
  • IFRS S2
  • ESG reporting
Back to curated briefings