Your Saudi Arabian customer has sent you an ESG questionnaire. Here is what their obligations require of them โ and what they need from you.
Saudi Arabia's ESG regulatory framework is maturing rapidly under Vision 2030. The Saudi Exchange (Tadawul) has issued mandatory ESG Disclosure Guidelines for listed companies. The Capital Market Authority (CMA) is advancing IFRS S1 and S2 adoption aligned with global ISSB standards. Saudi companies that supply or partner with international buyers โ particularly from the EU, UK, Germany, and USA โ are also subject to ESG questionnaires driven by those countries' own mandatory reporting laws. If you supply goods or services to a Saudi buyer, or if your Saudi buyer supplies international markets, ESG compliance evidence is now a procurement requirement.
Key regulations in Saudi Arabia โ ESG & Vision 2030 Supplier Guide
Tadawul ESG Disclosure Guidelines โ Saudi Exchange
The Saudi Exchange (Tadawul) has issued ESG Disclosure Guidelines requiring listed companies to report on environmental, social, and governance metrics. Listed companies must assess and disclose supply chain ESG risks as part of their annual reporting. The guidelines align with GRI Standards and the UN Sustainable Development Goals, and are progressively moving towards ISSB alignment as Saudi Arabia adopts IFRS S1 and S2.
IFRS S1 & S2 Adoption โ Capital Market Authority
Saudi Arabia's Capital Market Authority is implementing IFRS S1 (General Sustainability-related Disclosures) and IFRS S2 (Climate-related Disclosures) for listed companies. This aligns Saudi Arabia's disclosure framework with the global ISSB standard, making Saudi company ESG reports directly comparable with those of companies in the EU, UK, Australia, and Japan โ all of which are adopting ISSB-aligned frameworks. Supply chain disclosure is a core component of IFRS S2.
Vision 2030 โ National Transformation Programme
Vision 2030 is Saudi Arabia's national programme to diversify the economy away from oil dependency. ESG performance is central to Vision 2030's international credibility with global investors, multilateral institutions, and international partners. Saudi companies โ particularly those in PIF portfolio sectors including manufacturing, logistics, technology, and infrastructure โ are under increasing pressure to demonstrate ESG credentials to their international buyers and partners.
EU CSRD & CSDDD / German LkSG โ Reach into Saudi Suppliers
Saudi companies that supply European buyers โ particularly German buyers subject to the Lieferkettensorgfaltspflichtengesetz (LkSG) โ are already receiving mandatory ESG questionnaires. German buyers are legally required to assess their Saudi suppliers for human rights and environmental risks. EU CSRD requires large EU companies to disclose supply chain sustainability data. These obligations apply regardless of where the supplier is located.
Saudi PDPL & National Cybersecurity Authority (NCA) โ Cyber & Data Breach Obligations
Saudi Arabia's Personal Data Protection Law (PDPL), issued by Royal Decree M/19 and enforced by the Saudi Data and AI Authority (SDAIA), requires data controllers to notify SDAIA within 72 hours of discovering a personal data breach that may cause harm to data subjects. Affected individuals must be notified promptly. The law applies to any entity processing personal data of Saudi residents, regardless of where the entity is based. Penalties reach SAR 5 million (approx. USD 1.33 million) for violations, with criminal liability for intentional misuse of personal data. The National Cybersecurity Authority (NCA) mandates the Essential Cybersecurity Controls (ECC-1:2018) for government entities and critical national infrastructure operators, with mandatory incident reporting to the NCA. The NCA's Operational Technology Cybersecurity Controls (OTCC) apply to industrial, energy, and utility sector operators. The Cloud Cybersecurity Controls (CCC) govern cloud service providers operating in Saudi Arabia. Saudi Vision 2030 digital transformation is accelerating cybersecurity regulatory expansion across the private sector. Suppliers processing Saudi customer data or operating in regulated sectors must align incident response procedures to the 72-hour PDPL notification window and applicable NCA reporting requirements.
What this means for you as a supplier
You may not be directly regulated by all of these frameworks. But your Saudi buyer is โ and so are the European, UK, and US buyers in your supply chain. Tadawul-listed companies must disclose supply chain ESG risks annually. German buyers must assess Saudi suppliers under LkSG. EU buyers must assess Saudi suppliers under CSRD and CSDDD. A non-response or a weak response increases your buyer's regulatory risk and makes you a liability in their supply chain. Your compliance evidence is part of their answer to regulators, investors, and international partners.
Key dates
Active now
Tadawul ESG Disclosure Guidelines โ listed companies must assess and disclose supply chain ESG risks annually
Active now
German LkSG โ German buyers must assess Saudi suppliers for human rights and environmental risks
Active now
EU CSRD โ large EU companies must disclose supply chain sustainability data including Saudi suppliers
2026โ2027
IFRS S1 & S2 phased implementation โ Saudi listed companies move to ISSB-aligned climate and sustainability disclosure
July 2029
EU CSDDD Phase 1 โ large EU companies must conduct active supply chain due diligence; Saudi suppliers will receive structured questionnaires
2030
Vision 2030 target โ ESG regulatory requirements expected to be substantially expanded across the Saudi economy by this date
Where ESG questionnaires to Saudi suppliers come from
ESG questionnaires to Saudi suppliers come from two directions. Domestically, Tadawul-listed Saudi companies are required to assess their supply chains as part of their annual ESG disclosure. Internationally, European buyers โ particularly German companies subject to LkSG and EU companies subject to CSRD โ are legally required to assess their Saudi suppliers for human rights, environmental, and governance risks. Both are already active and both are expanding.
Vision 2030 is accelerating the domestic pressure. As Saudi companies build international partnerships and attract foreign investment, their ESG credentials are scrutinised by international investors, rating agencies, and procurement teams. The supply chain pressure flows in both directions: Saudi buyers asking their suppliers, and Saudi companies being asked by their international buyers.
What your Saudi buyer's questionnaire will ask
Saudi ESG questionnaires draw on Tadawul guidelines (GRI-aligned), Vision 2030 sustainability priorities, and โ for companies with international buyers โ LkSG, CSRD, and ISSB requirements. The following areas are consistently covered.
Environmental performance
Greenhouse gas emissions (Scope 1, 2, and increasingly Scope 3), energy consumption, water usage, and waste management. Saudi Arabia's Net Zero 2060 commitment and Vision 2030 sustainability targets make climate data a priority area.
Labour rights and Saudisation
Compliance with Saudi Labour Law, Nitaqat (Saudisation) requirements, fair wages, working hours, and health and safety standards. International buyers will additionally ask about ILO core conventions and living wage standards.
Human rights due diligence
A written policy covering forced labour, child labour, and non-discrimination. Evidence that you assess your own supply chain for human rights risks. German LkSG buyers require documented human rights due diligence from their Saudi suppliers โ this is a legal requirement on the German buyer, not a voluntary request.
Governance and anti-corruption
Anti-bribery and anti-corruption policies aligned with Saudi Arabia's National Anti-Corruption Commission (Nazaha) requirements. Board oversight of ESG matters, and whistleblowing mechanisms. International buyers will reference their own jurisdiction's anti-corruption laws.
Climate risk and IFRS S2 alignment
As Saudi Arabia implements IFRS S2, buyers will increasingly ask structured questions about physical and transition climate risks to your operations and supply chain. Companies that prepare now will be ahead of the mandatory deadline.
Your own supply chain due diligence
Evidence that you assess your own suppliers for ESG risks. This is the Tier 2 question โ your buyer must show their regulators that they have checked whether their suppliers manage their own supply chains responsibly.
Vision 2030 and the ESG supply chain opportunity
Vision 2030 is creating new domestic industries โ in manufacturing, tourism, entertainment, technology, and infrastructure โ that are designed to integrate into global supply chains. Those supply chains are governed by mandatory ESG reporting obligations in the EU, UK, USA, and China. Saudi companies that can demonstrate strong ESG credentials are better positioned to win and retain international contracts, attract foreign investment, and participate in the global economy that Vision 2030 is targeting.
For SME suppliers in Saudi Arabia, this means the ESG questionnaire from your buyer is not a one-off request โ it is the beginning of an ongoing compliance relationship that will become more structured as both Saudi domestic requirements and international buyer obligations expand. Building your evidence base now is significantly easier than retrofitting compliance after mandatory deadlines have passed.
What happens if your response is inadequate
- โYour Tadawul-listed buyer flags you as a higher-risk supplier in their annual ESG disclosure โ creating a documented compliance gap in their public record
- โGerman buyers subject to LkSG are legally required to implement measures to address identified supply chain risks โ which may mean requesting remediation from you, or sourcing from a compliant supplier
- โEU buyers subject to CSRD and CSDDD may be required to source from suppliers who can demonstrate compliance โ a non-response puts your contract at risk
- โInternational investors and financial institutions applying ESG screens to Saudi companies and their supply chains will flag weak ESG credentials โ affecting access to capital and partnership opportunities
- โAs IFRS S1 and S2 become mandatory for Saudi listed companies, supply chain disclosure requirements will increase โ suppliers who are not prepared will face growing pressure from multiple buyers simultaneously
Saudi Arabia ESG framework overview
| Framework | Body | Status |
|---|---|---|
| Tadawul ESG Disclosure Guidelines | Saudi Exchange | Active โ annual reporting required |
| IFRS S1 & S2 adoption | Capital Market Authority | Roadmap in progress โ 2026/27 expected |
| German LkSG (via German buyers) | BAFA (Germany) | Active โ Saudi suppliers receiving questionnaires now |
| EU CSRD (via EU buyers) | EU member state regulators | Active โ supply chain disclosure required |
| EU CSDDD (via EU buyers) | EU member state regulators | compliance from July 2029 |
| Vision 2030 sustainability targets | National level | Active โ expanding through 2030 |
Last reviewed: April 2026. This guide is for general information only and does not constitute legal advice. Regulations change โ verify current requirements with a qualified adviser.
Received an ESG questionnaire from your buyer?
ESG Stress Free helps Saudi Arabian suppliers respond to international buyer ESG and Vision 2030 sustainability requirements.