SB 261 is California’s landmark climate risk disclosure law. Starting in 2026, companies with over $500M in annual revenue doing business in California must publish a biennial report on their climate-related financial risks — using the Task Force on Climate-related Financial Disclosures (TCFD) framework or an approved equivalent.
This post breaks down:
What SB 261 requires
Who it applies to
What counts as climate-related financial risk
Reporting format and timelines
How this connects with SEC, CSRD, and ISSB regulations
What steps risk teams should take now
What Is SB 261?
Senate Bill 261 — passed in 2023 — requires large companies operating in California to publicly disclose climate-related financial risks and explain how they’re addressing them.
Unlike emissions-focused regulations (like SB 253), SB 261 focuses on the economic impact of climate change on the company itself — including both physical risks (like wildfires and floods) and transition risks (like policy changes, stranded assets, and customer shifts).
Which Companies Must Comply?
Requirement
Threshold
Entity Type
Public or private corporations, LLCs, partnerships
Revenue
Over $500 million USD (global annual revenue)
Geography
Must “do business” in California
Exemptions
Insurance companies regulated by the CA Department of Insurance
This applies to both U.S. and non-U.S. companies if they meet the revenue and presence thresholds.
What Is a Climate-Related Financial Risk Report?
Companies must prepare a public-facing, biennial report covering:
Identification of climate-related financial risks
Actions and strategies to mitigate or adapt to those risks
The definition of “climate-related financial risk” is broad. It includes material risks to operations, supply chains, employees, customers, capital investments, and market valuation — caused by climate impacts or the transition to a low-carbon economy.
Reporting Standards: TCFD, IFRS S2, or Equivalent
SB 261 aligns with globally recognized standards:
Primary framework: Task Force on Climate-related Financial Disclosures (TCFD)
Also accepted: IFRS Sustainability Disclosure Standards (IFRS S2)
Equivalents allowed: SEC climate disclosure rules (once finalized), other government mandates
The report must include TCFD’s four pillars:
TCFD Pillar
What It Covers
Governance
Who’s responsible for managing climate risks?
Strategy
What are the actual and potential impacts of climate change?
Risk Management
How are climate risks identified and managed?
Metrics & Targets
How are risks measured and progress tracked?
Disclosure Timeline and Publication Requirements
Requirement
Date
First report due
January 1, 2026
Update frequency
Every 2 years
Publication method
Company’s website (public access required)
Consolidated reporting
Allowed at parent level if subsidiaries meet threshold
Companies must submit their report to a state-designated climate reporting organization, which will produce an independent biennial review of public disclosures.
Penalties and Enforcement
Violation
Penalty
No report published
Up to $50,000 annually
Inadequate/incomplete disclosure
Same threshold, based on severity
Factors considered
Effort, timing, and compliance history
Companies must also pay an annual administrative fee to fund state oversight. Fee amounts will be published by CARB and adjusted annually for inflation.
How to Prepare: A Practical Path for Risk and Compliance Teams
1. Identify your exposure
Use climate scenario tools to map physical and transition risks
Focus on geographies, asset classes, energy dependencies, and critical suppliers
2. Align governance
Assign board-level oversight
Define internal responsibility and budget for climate risk
3. Choose your reporting framework
Use TCFD now, but prepare for convergence with ISSB or SEC standards
Document assumptions and gaps
4. Map risk to financial outcomes
Consider how risks impact cash flow, margins, asset values, insurance, and access to capital
5. Build reporting infrastructure
Centralize climate data collection
Tag risks by business unit and geography
Version-control your reports for public publication
6. Get ready for transparency
SB 261 disclosures are public — they will be read by investors, customers, and regulators
Treat them as part of your reputation and risk narrative
Sprih’s Support for SB 261 Disclosures
Sprih works with large enterprises to:
Align existing ESG and risk processes with SB 261’s requirements
Structure TCFD- or ISSB-based reports with investor-grade clarity
Create crosswalks between SB 253, SB 261, and CSRD/SEC formats
Map risks across business lines, suppliers, and financial statements
Maintain a defensible audit trail and publishing-ready reports
Our platform is already supporting global companies preparing for dual compliance across jurisdictions.
FAQs
What’s the difference between SB 253 and SB 261?
SB 253 requires companies to report their greenhouse gas emissions (Scope 1, 2, and 3). SB 261 requires them to disclose how climate change—both physical and transitional risks—could impact their financial performance and what they’re doing about it.
Can one report meet SB 261 and CSRD/SEC requirements?
Yes. If your report is structured using the TCFD or ISSB frameworks, you can often meet multiple regulations with one disclosure. However, details and terminology may differ, so mapping and cross-referencing are important. Sprih supports these multi-standard approaches.
Are private companies included in SB 261?
Yes. Both public and private companies are subject to SB 261 if they have more than $500 million in annual revenue and do business in California. Insurance companies regulated by the state are exempt.
Is external assurance required under SB 261?
No. There is currently no requirement for third-party assurance under SB 261. However, reports will be reviewed by a designated climate reporting organization, which will publish public evaluations of disclosure quality and completeness.
