Your Irish buyer is asking for ESG compliance evidence because they are subject to CSRD and are the EU home of many global technology and pharmaceutical companies.
Ireland is an EU member state fully subject to CSRD and the CSDDD framework, and the EU headquarters of many major US technology and pharmaceutical companies. Irish buyers in technology, pharmaceuticals, financial services, and food processing are among the most active issuers of ESG questionnaires in Europe. The Data Protection Commission (DPC) is one of the EU's most significant GDPR enforcement authorities, as the lead supervisor for Google, Meta, Apple, Microsoft, and many others. NCSC Ireland coordinates NIS2 implementation.
Key regulations in Ireland โ CSRD, CSDDD & ESG Supplier Guide
CSRD โ EU Corporate Sustainability Reporting Directive (Irish transposition)
Ireland has transposed CSRD into national law. Irish companies in scope must report on their supply chain's environmental and social impacts using European Sustainability Reporting Standards (ESRS). The Central Bank of Ireland requires sustainability disclosures from financial institutions. Irish buyers โ including Apple, Google, Meta, Pfizer, and Johnson & Johnson's EU operations โ are among the most demanding ESG questionnaire issuers, reflecting their global sustainability commitments.
Ireland GDPR & NIS2 Cyber Obligations
Ireland implements GDPR with 72-hour breach notification to the DPC (Data Protection Commission) โ the EU lead supervisor for Google, Meta, Apple, Microsoft, and many other major tech companies. Ireland's Data Protection Act 2018 implements GDPR. NIS2 implementation requires essential and important entities to notify NCSC Ireland within 24 hours of a significant incident and provide a full report within 72 hours.
What this means for you as a supplier
You are not directly regulated by Irish law. But your Irish buyer โ likely a major technology or pharmaceutical company โ is subject to global sustainability commitments and CSRD reporting requirements. They need your data to complete their own mandatory reports and demonstrate supply chain due diligence. Irish buyers typically expect detailed, verified supply chain data aligned with global frameworks like GHG Protocol, CDP, and TCFD.
Key dates
2018
Ireland's Data Protection Act 2018 implements GDPR
FY 2024
CSRD Phase 1 begins for large Irish public-interest entities
FY 2025
CSRD Phase 2 begins for large Irish companies over 250 employees
July 26, 2028
CSDDD transposition deadline for EU member states
July 2029
CSDDD compliance required for Irish companies over 1,000 employees and โฌ450m turnover
CSRD is already in force โ your data is needed now
CSRD Phase 1 reporting began for large public-interest entities in FY 2024. Phase 2 covers large companies over 250 employees from FY 2025. Your buyer needs your emissions data, social metrics, and governance information to complete their own mandatory CSRD report. This is not a voluntary request โ it is a legal obligation on your buyer that flows through to you as a supplier.
Last reviewed: April 2026. This guide is for general information only and does not constitute legal advice. Regulations change โ verify current requirements with a qualified adviser.
Received an ESG questionnaire from an Irish buyer?
ESG Stress Free guides suppliers through CSRD and CSDDD compliance requirements for Irish buyers.