BRSR Assurance Readiness: A Practical Guide for Listed Companies
The Business Responsibility and Sustainability Report (BRSR) was introduced by the Securities and Exchange Board of India (SEBI) in 2021, replacing the earlier Business Responsibility Report (BRR).
The era of voluntary disclosure has passed; stakeholders now expect verified sustainability data that meets investor standards.
As companies begin preparing this year’s BRSR, it is important to understand what assurance and assessment involve, why they matter, and how organisations can prepare effectively.
From FY 2022–23, SEBI required the top 1,000 listed companies by market capitalisation to disclose ESG (Environmental, Social, and Governance) performance in the BRSR across nine principles aligned with the National Guidelines on Responsible Business Conduct (NGRBC).
The central question is no longer whether sustainability disclosures should be verified, but who should verify them and against which standards. This is where BRSR assurance assumes importance. The discussion below covers regulatory applicability, the distinction between assurance and assessment, eligible assurance providers, relevant standards, and the steps companies should take to become assurance- ready.
Regulatory Applicability of BRSR Assurance or Assessment
SEBI has introduced assurance requirements in a phased manner, progressively expanding the scope of mandatory third-party verification.
In 2023, SEBI introduced reasonable assurance on BRSR Core for the top 150 listed entities.
What is BRSR Core?
BRSR Core is a set of key performance indicators (KPIs) across nine ESG attributes under the BRSR. These include metrics such as GHG emissions, energy intensity, water withdrawal, waste management, employee welfare, pay equity, workforce safety, fairness in dealing with customers and suppliers, concentration of purchases and sales with related parties, trading houses and dealers, job creation in smaller towns, and sourcing from MSMEs.
In 2024, SEBI extended the requirement for assessment or assurance to the top 250 listed entities. “Assessment” refers to a third-party review conducted in accordance with standards developed by the Industry Standards Forum (ISF) in consultation with SEBI. The ISF comprises representatives from three industry associations: ASSOCHAM, CII, and FICCI.
| Financial Year | Requirement Introduced | Applicability of BRSR Core to top listed entities (by Market capitalization) |
| FY 2023-24 | Reasonable Assurance on BRSR Core | Top 150 listed entities |
| FY 2024-25 | Assessment or Assurance on BRSR Core | Top 250 listed entities |
| FY 2025–26 | Assurance or Assessment on BRSR Core | Top 500 listed entities |
| FY 2026–27 | Assurance or Assessment on BRSR Core | Top 1,000 listed entities |
Companies outside the top 1,000 should treat the current period as a readiness window—an opportunity to build the internal capabilities that may soon become mandatory.
What is BRSR Assurance?
BRSR assurance is an independent third-party verification of the ESG data and disclosures contained in a BRSR filing. It enhances confidence among investors, regulators, and other stakeholders that the reported sustainability metrics are accurate, complete, and internally consistent.
The ICSI Guidance Note on Third-Party Assurance (BRSR Core) distinguishes between two closely related terms:
| “Assurance” is the process of validation and/ or verification of information and data contained in a report, by an independent qualified professional, which provide credibility and reliability for the users of such report. |
| “Assessment” is the process of evaluation and verification of information contained in a report, by an independent qualified professional, against established criteria. |
The Industry Standards Forum (ISF), which developed the assessment standards in consultation with SEBI, includes representatives from ASSOCHAM, CII, and FICCI.
Levels of Assurance
For FY 2025–26, SEBI mandates assurance or assessment on BRSR Core for the top 500 listed companies. In addition, companies may opt for limited assurance on the remaining KPIs reported under the BRSR.
| “Reasonable assurance” means the highest level, but not absolute level of assurance and wider in scope as compared to Limited Assurance. |
| “Limited assurance” means an assurance engagement in which the assurance provider collects less evidence than for a reasonable assurance engagement but sufficient for an expression of the conclusion. |
Who can provide assurance?
SEBI permits assurance engagements to be carried out by Chartered Accountants (CAs) or other professionals with relevant expertise in sustainability assurance or assessment.
Independence is critical: the assurance provider must have no conflict of interest with the company, and the engagement must be formally documented and kept separate from any consulting or advisory role.
Applicable Standards
Assurance providers may use any of the following globally accepted standards for sustainability and other non-financial reporting:
- ISAE 3000 — International Standard on Assurance Engagements (general non-financial assurance)
- ISSA 5000 — International Standard on Sustainability Assurance
- SSAE 3000 — Standard on Sustainability Assurance Engagements issued by ICAI
- SAE 3410 — ICAI Standard on Assurance Engagements on Greenhouse Gas Statements
The assurance report must clearly state the standard applied by the provider.
Understanding Assurance Readiness
Business Responsibility and Sustainability Reporting (BRSR) has evolved far beyond a routine compliance exercise.
Assurance readiness refers to a state in which a company’s ESG data, processes, and controls are sufficiently robust for an independent assurance provider to form a credible opinion on its disclosures—without relying on undocumented assumptions or encountering data gaps or inconsistent methodologies.
Companies that have been preparing BRSR disclosures since FY 2022–23 often discover that filing and assurance are distinct disciplines. While filing focuses on reporting, assurance requires every figure in the disclosure template to be traceable, verifiable, internally consistent, and supported by documented controls.
What strong readiness looks like
A company that is genuinely assurance-ready can answer the following questions clearly and with supporting documentation:
- Where does the figure disclosed for each KPI originate?
- Who reviewed and approved each figure prior to its disclosure?
- What assumptions and emission factors were applied, and are they documented?
- If an error were identified, is there a documented correction protocol?
Companies that can answer these questions with documented evidence are likely to find assurance engagements less disruptive and more likely to conclude with an unmodified opinion. Those that cannot may face qualified opinions or management observations relating to undocumented assumptions and data limitations.
Key Pillars of Assurance Readiness
- Assurance engagement management
Companies should designate a capable BRSR team that can respond promptly to practitioner queries, maintain a well-organised data room with evidence mapped to each disclosure line, and resolve in advance any questions relating to the scope of the assurance exercise and the criteria used for evaluation.
- Data governance
Data governance is often the most common point of failure. Scope 1 and Scope 2 emissions, water withdrawal, energy consumption, and safety statistics are frequently maintained in separate spreadsheets without version control, clear ownership, or an audit trail linking the final disclosed figure to source documents such as meter readings, invoices, or statutory registers. An assurance provider cannot form a credible opinion where the data trail cannot be reconstructed.
- Disclosure quality
Disclosures must be both accurate and complete. Companies should identify and correct calculation errors, unit-conversion mistakes, inappropriate or undocumented emission factors, and omissions relating to reporting periods, operational sites, or business lines.
- Internal controls
Internal controls form the procedural backbone that assurance providers test most rigorously. Key considerations include whether the company maintains a documented ESG data-collection process and a formal review and approval mechanism before filing. These controls should be reviewed and validated by the internal audit function.
- Board and Audit Committee Oversight
Assurance readiness is not solely the responsibility of the sustainability team or the Company Secretary. Boards and audit committees are increasingly expected to oversee ESG reporting with the same rigour applied to financial reporting. Companies that embed BRSR oversight into the audit committee charter and involve internal auditors in ESG data-control reviews typically perform better in external assurance engagements.
Conclusion
BRSR assurance readiness is no longer a peripheral compliance matter; it is becoming a core element of credible corporate reporting. As regulatory expectations continue to expand, listed companies must move beyond disclosure and focus on the strength of the systems, controls, and governance that support every reported metric.
Organisations that act early will be better positioned not only to meet assurance requirements efficiently, but also to strengthen stakeholder trust, improve internal accountability, and demonstrate the maturity of their ESG reporting framework. In that sense, assurance readiness is not simply about preparing for external review— it is about building reporting discipline that stands up to scrutiny.
