Upcoming webinar: Accelerate Net Zero progress & streamline SBTi reporting with AI
Register today →
All posts

California SB-261 compliance: Who must disclose climate-related financial risks and when

Written by
Published on
September 19, 2025
In this article
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Download the Verdantix report, Smart Smart Innovators: ESG & Sustainability Reporting and Data Management Software
  TL;DR:  

If your company has over $500 million in annual revenues and is doing business in California, you are likely in scope for SB-261, the Climate-Related Financial Risk Act. Beginning in 2026, in-scope companies must publish biennial climate-related financial risk reports that align with the TCFD framework. Reports must describe both physical and transition risks and the measures taken to address them. Oversight is provided by the California Air Resources Board (CARB), with penalties up to $50,000 per year for non-compliance. Preparing early by conducting scenario analysis, mapping governance, and aligning with global standards will help companies comply smoothly and demonstrate climate resilience.

California has cemented its role as a climate policy leader by passing two landmark laws in 2023: SB-253, or the Climate Corporate Data Accountability Act (CCDAA), which requires companies to disclose their greenhouse gas emissions, and SB-261, the Climate-Related Financial Risk Act (CRFRA).

While SB-253 tackles the emissions side of the ledger, SB-261 focuses on the other half of the equation: how climate change impacts a company’s financial health. Together, these make up California’s Climate Accountability Package, and the first reporting year is quickly approaching.

Starting January 1, 2026, thousands of companies doing business in California with revenues over $500 million will need to publish climate-related financial risk reports every two years. These disclosures must align with the Task Force on Climate-related Financial Disclosures (TCFD) framework and describe not only the risks a company faces but also the measures it is taking to manage them and move toward net-zero emissions.

For sustainability leaders and executives, the implications are significant. Unlike SB-253, which has a narrower $1 billion revenue threshold, reporting requirements for SB-261 capture an even broader swath of the economy. More than 10,000 large companies are expected to be subject to the law.

If your organization is among them, the time to prepare is now. Here’s everything you need to know.

SB-261 applicability

                                                                                                                
CriteriaThresholdNotes
Revenue>$500M total annual revenuesGlobal revenue, not just California
Doing business in CASales, payroll, property, or operationsBroadly defined by Franchise Tax Board
FrequencyBiennial reportFirst report due Jan 1, 2026

What SB-261 requires

SB-261 mandates that in-scope companies prepare and publish initial reporting for 2025, then a subsequent biennial report disclosing:

  • The climate-related financial risks that could materially impact immediate and long-term financial outcomes.
  • The measures adopted to mitigate or adapt to those risks.

The law defines climate-related financial risks broadly. These disclosure requirements include:

  • Physical risks such as extreme weather events, sea level rise, and chronic shifts in climate that could disrupt operations, supply chains, or employee safety.
  • Transition risks such as regulatory changes, carbon pricing, market shifts, reputational concerns, and technological disruption associated with moving to a low-carbon economy.

Companies must also explain how climate risks may impact their operations, supply chains, investments, financial stability, shareholder value, and even broader market stability. If a report includes information about GHG emissions or voluntary climate mitigation measures, that information must be verified by an independent third-party assurance provider.

Unlike SB-253, SB-261 is not strictly about emissions reporting. It is about demonstrating that climate considerations are integrated into corporate strategy, governance, and risk management.

💡 Understand all of your ESG reporting obligations for 2025 with this this enterprise roundup.

Who is in scope under SB-261?

SB-261 applies to any U.S.-formed corporation, partnership, limited liability company, public or private company, parent company or other business entity that:

  1. Has more than $500 million in total annual revenues, and
  2. Is doing business in California

The revenue threshold

Unlike SB-253’s $1 billion bar, SB-261 applies to companies with half that revenue level. That lower threshold means the law covers a much wider universe of enterprises, including mid-sized companies that may not have extensive sustainability reporting infrastructures in place.

Additionally, this revenue can span globally and does not have to account for purely California sales.

Doing business in California

As with SB-253, “doing business in California” is defined broadly by the state’s Franchise Tax Board. You may qualify if you:

  • Engage in transactions for financial gain within the state
  • Employ staff or contractors in California
  • Own or lease property in the state
  • Meet set thresholds for California-based sales, payroll, or property

The key takeaway: you do not need to be headquartered in California to be subject to SB-261. Any substantial presence or economic activity in the state may bring you into scope.

SB-261 reporting timeline

                                                                                      
DateMilestoneWhat to publish
Jan 1, 2026First SB-261 reportClimate-related financial risks + mitigation/adaptation measures (TCFD-aligned)
Every 2 yearsBiennial updateUpdated risks, governance, strategy, metrics/targets; progress on actions

California SB-261 reporting timelines and reporting deadlines

The first SB-261 reports are due January 1, 2026, covering climate-related risks and strategies in place by the prior fiscal year. Reports must be updated at least every two years thereafter.

Governor Gavin Newsom initially flagged concerns that CARB might not have the resources to implement SB-261 on such a tight timeline. His administration, including Senators Scott Wiener and Henry Stern, proposed amendments to delay deadlines, but in September 2024, the legislature passed SB-219, which kept the original reporting schedule intact.

As of September 2025, there have been no further delays, meaning companies must still deliver their first reports of all covered entities by 2026.

Assurance under SB-261: Limited vs. reasonable assurance

Unlike SB-253, where independent third-party assurance is mandatory for greenhouse gas emissions disclosures, SB-261 takes a lighter approach. Companies are only required to obtain third-party assurance if their climate-related financial risk report includes information on greenhouse gas emissions or mitigation measures that were prepared on a reasonable basis.

To understand what that means, it helps to clarify the two types of assurance:

Limited assurance

  • Provides a moderate level of confidence that the information is free from material misstatement
  • The assurance provider performs a more limited review (primarily inquiries and analytical procedures) rather than full testing
  • Under SB-261, if your report references emissions inventories or voluntary mitigation strategies, limited assurance may be sufficient in the early years

Reasonable assurance

  • Provides a higher level of confidence, closer to an audit
  • Involves more extensive testing of data, controls, and methodologies
  • Although SB-261 does not explicitly mandate reasonable assurance today, companies aligning with IFRS S2, CSRD, or SEC rules may already be moving toward this standard

Why it matters

Even if SB-261 does not always require assurance, preparing for it offers strategic benefits. Assurance strengthens credibility with investors, protects against regulatory risk, and demonstrates good-faith compliance. For companies already preparing SB-253 disclosures, aligning assurance practices across both of California’s climate disclosure laws will create efficiency and consistency.

Oversight and enforcement of California SB-261

The California Air Resources Board (CARB) has been implementing regulations and creating the rulemaking process, and will continue to oversee implementation. Under SB-261, CARB must:

  • Designate a nonprofit climate reporting organization to review submitted reports
  • Publish a biennial summary highlighting trends, identifying inadequate reports, and assessing overall corporate climate preparedness

Penalties for non-compliance

Companies that fail to file, or that submit inadequate reports, may face administrative penalties of up to $50,000 per year. While this is less severe than SB-253’s $500,000 cap, it still represents a meaningful financial and reputational risk.

Importantly, SB-261 includes a safe harbor: if a company voluntarily reports climate risks under another recognized reporting framework (such as ISSB, TCFD, or SEC rules once finalized), and the disclosures are consistent with SB-261 requirements, that company will be deemed compliant.

💡 See if you’re in scope for California’s other landmark climate bill, SB-253.

Where CA SB-261 and CA SB-253 differ

At first glance, SB-253 and SB-261 may seem like two sides of the same coin. But they differ in important ways:

  • Revenue threshold: $1 billion for SB-253 vs. $500 million for SB-261.
  • Focus: SB-253 requires disclosure of emissions data for Scope 1, Scope 2, and Scope 3 emissions; SB-261 requires disclosure of climate-related financial risks and management strategies.
  • Frequency: SB-253 requires annual reports; SB-261 requires biennial reports.
  • Assurance: SB-253 mandates third-party assurance for emissions; SB-261 only requires assurance if GHG or mitigation data are included.
  • Penalties: SB-253 fines can reach $500,000 annually; SB-261 caps at $50,000 annually.

For enterprises, this means SB-253 is about quantifying emissions footprints, while SB-261 is about demonstrating climate resilience and readiness. Both are demanding, but in different ways.

Infographic comparing California SB-253 and SB-261: SB-253 requires annual greenhouse gas emissions reporting for companies over $1B, while SB-261 requires biennial climate risk disclosures for companies over $500M.
Infographic comparing California's landmark climate bills, SB-253 and SB-261

The role of governance and stakeholders

Because SB-261 disclosures are modeled on the TCFD framework of ESG reporting, governance is central.

Companies must show that their boards and executives are actively overseeing climate risk and that management is responsible for implementing mitigation strategies.

Stakeholders, investors, employees, regulators, and customers will be watching these disclosures closely. Transparent reporting builds credibility and investor confidence. Poor or vague reporting could raise red flags and increase scrutiny from regulators and advocacy groups.

The risks of waiting to prepare SB-262 reports

Some companies may consider delaying preparation in hopes of regulatory changes or legal challenges. But as with SB-253, the broader global momentum toward mandatory climate disclosure makes waiting risky.

Failure to comply with SB-261 could expose your company to:

  • Administrative penalties of up to $50,000 annually.
  • Reputational harm if your peers are publishing robust reports while your company lags.
  • Investor skepticism and higher cost of capital if your risk management approach is unclear.
  • Operational risk, since preparing these disclosures often uncovers vulnerabilities that companies can address proactively.

Practical steps to prepare for CA SB-261 compliance now:

For sustainability teams and executives, the path forward includes several key actions:

Assess scope and applicability

Confirm whether your company crosses the $500 million revenue threshold and qualifies as doing business in California. For complex structures, this may require coordination across legal, finance, and tax teams.

Align with the TCFD framework

Familiarize your teams with the TCFD pillars: governance, strategy, risk management, and metrics/targets. SB-261 requires disclosures in line with these categories, so mapping existing practices against TCFD is a strong starting point.

Conduct scenario analysis

Climate scenario analysis is central to understanding both physical and transition risks. Companies should evaluate multiple scenarios (e.g., 1.5°C vs. 2.7°C warming pathways) to identify vulnerabilities and inform strategy.

Integrate across business functions

Climate risk cannot be siloed within sustainability teams. Finance, risk management, supply chain, and operations functions all need to be engaged. Establish cross-functional governance and reporting lines now.

Build documentation for assurance

Even if you don’t plan to include emissions data in your first SB-261 report, documenting assumptions, methodologies, and governance processes will prepare you for future assurance requirements.

Invest in technology

Spreadsheets and manual risk assessments will not scale. Dedicated platforms can centralize climate risk data, link to emissions inventories, and provide audit trails. Look for solutions that integrate SB-261 with other frameworks like ISSB and CSRD.

Turning compliance into opportunity

It’s tempting to view SB-261 as another compliance burden. But reframed strategically, it can be an opportunity to strengthen competitiveness.

Well-executed climate risk disclosures can:

  • Build trust with investors, lenders, and insurers.
  • Demonstrate proactive governance to regulators and stakeholders.
  • Reveal vulnerabilities in supply chains or operations, allowing companies to adapt early.
  • Position your company as a leader in sustainability and risk management.

By starting early and treating SB-261 as part of a broader ESG strategy, companies can turn reporting into resilience.

Is your company in scope for SB-261? Pulsora can help you prepare

If your organization generates more than $500 million in annual revenues and has operations, sales, or employees in California, you are almost certainly in scope for SB-261. The first reports are due January 1, 2026.

California’s SB-261 is only the beginning. With SB-253, CSRD in the EU, and ISSB standards setting the global baseline, disclosure requirements are proliferating across jurisdictions. Meeting them all with spreadsheets and siloed teams isn’t realistic.

Ensure preparedness for California's upcoming climate compliance with our readiness checklist.

Pulsora gives you a single, audit-ready platform for sustainability reporting — helping you map climate disclosure rules, whether your obligations are in California or beyond.

Ready to consider a solution to help with California compliance? See our roundup of the best California climate software.

Pulsora helps you streamline compliance and turn reporting into resilience. Click here to learn more about our platform and how we can help.

FAQs about California SB-261

  Who does SB-261 apply to?  

SB-261 applies to U.S.-formed companies with more than $500 million in total annual revenues that are doing business in California. This includes companies headquartered outside the state if they meet the revenue threshold and conduct sales, payroll, property, or operations in California.

  What does SB-261 require companies to report?  

Companies must publish a climate-related financial risk report every two years. The report must describe physical risks (e.g., extreme weather, sea level rise) and transition risks (e.g., regulatory changes, carbon pricing, reputational risks) and explain the measures taken to mitigate or adapt to them.

  When do SB-261 reporting requirements begin?  

The first reports are due on January 1, 2026. After that, companies must update and submit a climate risk report at least every two years.

  Which frameworks does SB-261 follow?  

Reports must align with the Task Force on Climate-related Financial Disclosures (TCFD) framework. Companies that already disclose under ISSB standards, CSRD, or SEC rules may qualify for safe harbor compliance if their reports meet SB-261 requirements.

  Who enforces SB-261 and what are the penalties?  

The California Air Resources Board (CARB) oversees compliance. Non-compliant companies may face administrative penalties of up to $50,000 per year. CARB will also publish biennial summaries highlighting reporting gaps and industry trends.

  How should companies start preparing now?  

Enterprises should confirm their scope, align governance with TCFD pillars, conduct climate scenario analysis, involve finance and risk management teams, and invest in tools that centralize climate risk data. Preparing documentation and cross-functional governance structures early will reduce compliance risk and costs.

Discover the all-in-one platform for enterprise sustainability management

Request a Demo
The all-in-one platform for enterprise sustainability management.
Platform
OverviewCarbon accountingPulsoraAITour
Solutions
For private capital firmsFor sustainability teamsFor CSRD
Company
AboutBlogCareersContactPress
© 2025 Pulsora™ All Rights Reserved
Terms
Privacy Policy