Most ESG due diligence is a checklist run once at the gate. Sopact reads every questionnaire, policy, and audit on arrival and flags the risk before close.
Sopact is the risk-intelligence layer for ESG due diligence. It reads every questionnaire, policy, certificate, and audit report a target or supplier submits — the moment it lands — and surfaces the ESG liability before the deal closes and before the regulator asks. It is built for the investors, procurement teams, and funds who own the risk after the signature.
By Unmesh Sheth · Founder & CEO, Sopact · Updated May 22, 2026
Most ESG due diligence is a gate: a questionnaire run once, before a deal or a contract. The ESG risk it screens for does not stop at the close. Here is the same risk, run both ways.
A checklist is a point in time. It clears the deal on the answer the target chose to give — and goes quiet the day the contract is signed.
Continuous diligence is a layer, not a gate. It reads every document on arrival — so an ESG red flag surfaces while the deal can still account for it.
It is the same ESG risk on both tracks. The checklist names it at the post-close surprise; continuous diligence names it on arrival. The months between those two dates are the months the liability sat on your books, undisclosed.
ESG due diligence is the process of examining the environmental, social, and governance risks of a company, a supplier, or a fund before committing to it — an investment, a contract, an allocation. The weak version is a checklist run once at the gate: a questionnaire sent, answers filed, a box ticked. The strong version reads every document on arrival — the questionnaire, the policy, the certificate, the audit, the news report — scores it against your framework, and keeps the diligence live after the deal closes.
Also called ESG DD, or an ESG DDQ exercise. It is broader than environmental due diligence — the Phase I site assessment — because it covers social and governance risk as well, and a real ESG risk does not end at the signature.
An ESG risk is almost never invisible. By the time a deal closes, it has been written down — in a questionnaire, a policy, an audit, a news report. ESG diligence reads two of those places reliably. The other four are collected and filed.
The numeric answers on the ESG questionnaire, tallied into a score. The part diligence never struggled with — and the easiest part to answer favourably.
Emissions figures, headcount, a certification yes-or-no. Counted accurately. They tell you a number — not whether the number holds up.
The actual text of the code of conduct, the environmental policy, the anti-bribery policy. Attached to the DDQ, opened by no one.
ISO 14001, SA8000, B Corp, Fair Trade. A logo on a slide — the certificate’s real scope and expiry date rarely checked.
The factory audit, the site inspection, the corrective-action log. Where the real finding sits — filed as a PDF and never opened.
The labor complaint, the spill, the controversy — and the free-text answers the target would not put in a number. Public, honest, and outside every score.
The four unread sources are where the ESG liability actually sits. A diligence that scores only the questionnaire is reading the answer the target chose to give — not the risk it chose to leave out.
Every ESG due diligence checklist covers the same three domains. The scope below is the standard, across investment, supplier, and corporate diligence. What decides whether the diligence works is not which boxes are on the list — it is whether anyone read the document behind each one.
These eighteen lines are the standard ESG due diligence scope. But a checklist is a list of questions, not a verdict. The diligence is only as strong as the reading behind each box — and on most deals, that reading never happens.
For years, ESG due diligence was a procurement formality. A questionnaire went out before a deal or a contract, answers came back, a score was tallied, a box was ticked. It was built for a world where ESG was a preference — something a buyer could weigh, score, and move past.
That world is closing. Regulation has made ESG diligence mandatory and ongoing: the EU’s Corporate Sustainability Due Diligence Directive obliges companies to identify and address ESG harms across their value chains — not once, but continuously. An LP now asks an investor to defend an ESG claim with evidence, not a rating. A one-time questionnaire cannot answer a standing obligation.
Meanwhile the documents never stopped arriving — the audits, the policy updates, the news, the corrective-action logs — and the checklist had no way to read them. So the value moved. It is no longer in the questionnaire or the score. It is in the layer that reads every document on arrival and keeps the diligence current. The checklist era cleared the deal. ESG due diligence now has to survive the years after it.
This is not an argument that questionnaires and checklists are useless — they set the scope, and that scope is sound. It is an argument that scoping the risk and reading it are two different jobs — and the second one has to keep running after the deal closes, not stop at the gate.
Sopact is a risk-intelligence layer that reads what ESG diligence already collects. It does not replace your data room, your procurement system, or the questionnaire you already send. It reads the material those systems gather and never interpret — the DDQ answers, the attached policies, the certificates, the audit reports, the public coverage — against the ESG framework you defined, the moment each document arrives.
Three things happen on every document, in order. None of them waits for the deal to close.
Every questionnaire answer, policy, certificate, audit report, and news item is read the day it lands — in any language, tied to one record per supplier or target. Nothing is filed unread.
Each document is scored on the E, S, and G risks you defined — a weak control, an expired certificate, a contradiction between the policy and the audit — with the source sentence kept behind every flag.
A standing ESG risk view shows what is exposed, across every supplier and every target. The red flag surfaces while the deal can still account for it — and stays visible long after the signature.
A diligence document read at the post-close review is evidence of a liability. The same document read on arrival is a chance to price it, condition it, or walk away. The only variable is when it gets read.
The ESG DDQ — the due diligence questionnaire — is the standard instrument, and it is not the problem. The problem is what happens to it after it comes back.
You send a 200-question ESG DDQ. The target fills it in and returns it with a stack of attachments. The numeric answers tally to a score; the free-text answers and the attached policies are filed in the data room. The score clears the gate, the deal closes, and the 180 pages of attachments are never opened.
The same DDQ arrives, and every part of it is read — the numbers, the free text, and every attached policy, certificate, and report — against the framework you defined. A weak answer, an expired certificate, a policy that contradicts the audit is flagged. Every flag keeps the source sentence behind it.
Ask of any ESG DDQ process: when an attachment contradicts a questionnaire answer, does anything catch it? If the answer is “only if a reviewer happened to open the PDF,” the DDQ is collecting answers, not reading risk.
AI is now on the label of almost every diligence tool. Two paragraphs on what it genuinely changes, then the test.
What AI genuinely changes is the cost of reading diligence documents — policies, audit reports, free-text answers, news coverage — against a defined set of ESG risks. Work that took an analyst weeks of manual review now runs in minutes, and re-runs every time a new document arrives. That is the single change that makes continuous ESG diligence possible at all.
What AI does not change is where the reading has to sit. There is a real difference between asking a general AI to summarize a data room and a layer reading each document against your framework on arrival. Run the same target through a chat window twice and the risk rating drifts — a medium one day, a low the next — because nothing holds the definitions still.
You paste the data room into a chat window and ask where the ESG risk is. It answers — once. There is no fixed definition of what counts as a red flag, no link between this deal and the last, and no source sentence behind the rating. Ask again next month and the answer has moved.
The ESG framework is defined once and held. Every document is read against that same definition, tied to one record per supplier or target, with the source sentence kept behind every flag. Run the same deal in March and in June and the method is identical — what changed is the target, not the ruler.
Ask any AI diligence tool: run the same target twice, a month apart — does the ESG rating hold, and can you see the sentence behind it? A locked answer is a finding you can put in the report. A drifting one is a guess with a logo.
Investors screening a deal, procurement screening a supplier, a corporate team meeting a new diligence obligation — different documents, different deadlines, the same job: see the ESG risk before it becomes a liability on your books.
A target’s ESG risk priced into the deal — or a fund manager screened before an allocation. The liability transfers at close; the diligence has to find it before.
Diligence reading cut from analyst-weeks to days.
An ESG liability priced into the deal, not absorbed after it.
A red flag surfaced before close — not in a portfolio-company headline.
Hundreds of suppliers, each with a questionnaire, a stack of policies, and a certificate. The labor or environmental risk sits in an audit report no one opened.
Every supplier’s documents read on arrival, not in an annual scramble.
Audit-ready evidence on file — no duplicate diligence across providers.
A supplier’s violation caught from its own audit, before it reaches your chain.
A continuous, legal duty to identify and address ESG harms across the value chain. A one-time questionnaire cannot evidence a standing obligation.
The diligence file stays current between reporting cycles.
One layer reads what the chain submits — no second review team to staff.
A defensible, cited diligence record when a regulator or auditor asks.
An investor, a procurement team, and a corporate compliance lead run the same loop: a document arrives, an ESG risk is in it, someone has to read it before the deadline. They differ on the file and the regulator — not on where the liability hides, and not on what it costs to miss it.
ESG due diligence is not an improvised exercise. International frameworks define how it should be scoped, conducted, and evidenced — and regulation is turning that guidance into a legal duty.
The OECD Due Diligence Guidance for Responsible Business Conduct is the global reference for how due diligence should be done — risk-based, ongoing, and embedded across the value chain.
The Principles for Responsible Investment set the expectation that ESG factors are integrated into investment analysis and diligence — not bolted on as a screen after the decision.
The Corporate Sustainability Due Diligence Directive makes ESG diligence mandatory and ongoing — companies must identify, prevent, and account for adverse impacts across their chains.
Sopact cites these frameworks to share their vocabulary and their standard of care, not to certify against them. Investment-side teams will also recognise the ILPA ESG DDQ and the ESG Data Convergence Initiative as the questionnaires this layer reads. Compliance is a conversation for your counsel; a defensible, cited diligence record is one this page can help with.
An ESG due diligence platform is not a questionnaire with a dashboard. It is the set of jobs that turn the documents a target or supplier submits into a risk you can price and defend. Sopact runs six, in one place.
Send the ESG DDQ through Sopact, or read a data room and a procurement system you already run. One record per supplier or target from the first document.
Every document read on arrival, in any language — the questionnaire, the policy, the certificate, the audit, the news report. Nothing is filed unread.
Each document scored against the E, S, and G risks you defined, with the source sentence kept behind every flag.
The numeric answers, the free text, and the attachments on one record — the score and the evidence behind it, per supplier or target.
The same framework applied to every supplier and every deal, every cycle — so a rating is comparable, not improvised.
The ESG due diligence report and a standing red-flag view, generated from the live record — every finding traceable to its source document.
Bring a real diligence batch — a target’s questionnaire and attachments, or a set of supplier files. We will run it through Sopact and show you the ESG risk read on arrival.
Most ESG due diligence software searches start with the wrong question. “Which platform should we buy” returns a shortlist of questionnaire tools and rating providers that all demo well. The useful question is narrower: walk one deal, or one supplier, from the first document to the signed contract, and find the seam where the risk goes unread.
If the questionnaire score clears the gate but the attached policies are never opened, the gap is reading. If every deal is rated by a different analyst with a different definition, the gap is a locked framework. If the diligence goes silent the day the deal closes, the gap is that nothing is continuous. And if a finding cannot be traced to the document it came from, the gap is evidence — the part a regulator or an LP will ask for.
That diagnosis decides whether you need a better questionnaire or a different layer over the whole process. A team that skips it buys a faster way to send the DDQ — and the audit report that held the real risk is still sitting in the data room, unopened.
Take one diligence file from a closed deal that, in hindsight, carried an ESG issue. Ask of any tool you are evaluating: would this have surfaced that document before close? If the answer is “only if an analyst had opened it,” it collects diligence — it does not read risk.
ESG due diligence is the process of examining the environmental, social, and governance risks of a company, supplier, or fund before committing to it. The weak version is a checklist run once at the gate: a questionnaire sent, answers scored, a box ticked. The strong version reads every document on arrival — the questionnaire, the policies, the certificates, the audits, the news — scores it against a defined framework, and keeps the diligence live after the deal closes.
An ESG due diligence checklist is the standard scope of what to examine, organised across three domains. Environmental covers emissions, energy and waste, pollution history, climate risk, permits, and land use. Social covers labor practices, health and safety, human rights, diversity, community impact, and supply-chain standards. Governance covers board structure, anti-bribery controls, data privacy, business ethics, executive pay, and disclosure integrity. The checklist sets the questions — the diligence is only as strong as the reading behind each line.
An ESG DDQ — the ESG due diligence questionnaire — is the standard instrument for collecting ESG information from a target or supplier. It mixes numeric questions, yes-or-no fields, free-text answers, and requests for attached policies and certificates. The DDQ is sound at collecting answers; the common failure is that only the numeric answers are scored, while the free text and the attachments are filed and never read. Reading the whole DDQ on arrival is what turns it from a form into diligence.
ESG due diligence software is the system used to run the diligence — send questionnaires, store responses, and track status. An ESG due diligence platform, done well, goes further: it reads every document a target or supplier submits on arrival, scores it against a defined ESG framework, keeps the source sentence behind every flag, and maintains a standing record per supplier or target. Sopact is built for the reading and the record — the parts a questionnaire tool leaves to an analyst.
Environmental due diligence — often the Phase I environmental site assessment — examines a specific property or site for contamination and environmental liability. ESG due diligence is broader: it covers social risk (labor, human rights, health and safety) and governance risk (anti-bribery, board, data privacy) as well as environmental risk, and it assesses a company, supplier, or fund rather than a site. Environmental due diligence is one input into ESG due diligence, not a substitute for it.
In private equity and investment, ESG due diligence examines a target company — or a fund manager, in fund-of-funds diligence — for ESG risks and liabilities that affect value, price, and exposure. It looks for issues a financial model would miss: a labor dispute, an environmental breach, a governance weakness, a greenwashed claim. The aim is to identify and quantify the ESG liability before close, so it can be priced into the deal or addressed in the terms — not discovered in a portfolio-company headline afterward.
For suppliers and supply chains, ESG due diligence screens third parties for environmental and social risk before and during a contract. Each supplier submits a questionnaire, policies, certificates, and often an audit report. The volume is the problem: hundreds of suppliers, thousands of documents, and the real finding usually sits in an audit no one opened. Reading every supplier document on arrival — and re-reading each new audit and report — keeps the diligence current and the evidence audit-ready, instead of a once-a-year scramble.
An ESG due diligence report sets out the ESG risks found in a target or supplier, the evidence behind each one, and a view on materiality and next steps. A strong report shares two qualities: every finding is traceable to the source document it came from, and the same framework was applied as on every other deal, so the report is comparable. A report assembled from a questionnaire score alone is a summary of the answers given — not a diligence finding.
The EU Corporate Sustainability Due Diligence Directive (CSDDD) makes ESG due diligence a legal obligation — companies must identify, prevent, and account for adverse environmental and human-rights impacts across their value chains, on an ongoing basis. The Corporate Sustainability Reporting Directive (CSRD) requires disclosure of that diligence. Together they turn ESG diligence from a one-time, optional checklist into a continuous, evidenced duty — which a point-in-time questionnaire cannot satisfy.
AI changes the cost of the most expensive step in ESG due diligence: reading documents — policies, audit reports, free-text answers, news coverage — against a defined set of ESG risks. Work that took an analyst weeks now runs in minutes and re-runs on every new document. The distinction that matters is when and how the AI runs. A general AI summarising a data room drifts between runs; a layer reading each document against a locked framework, on arrival, produces a finding you can defend.
Yes. In real estate, ESG due diligence examines a property or portfolio for environmental risk (contamination, energy performance, climate exposure, flood risk), social factors (tenant health and safety, community impact), and governance (ownership, permits, compliance). It overlaps with environmental due diligence but is broader. The same principle holds: the risk sits in inspection reports, permits, and assessments — documents that have to be read, not just collected.
The ESG due diligence process generally follows five steps: scope the ESG risks that matter for this deal or supplier; collect information, usually through a questionnaire and a document request; assess the responses and the supporting documents against a framework; report the findings with evidence; and monitor the risks after the deal. The framework is the part that makes the process repeatable — a defined set of E, S, and G risk criteria applied the same way to every target.
An ESG rating or score is a single grade, usually produced by a third party from public data, that lets you compare companies quickly. ESG due diligence is your own examination of a specific target or supplier, against the risks that matter for this deal. A rating is an input; it is not diligence. It cannot read the target’s audit report, it cannot be traced to a source, and it was not built to defend a finding to a regulator or an LP. Due diligence done well produces evidence; a rating produces a letter.
Procurement teams stay audit-ready by reading supplier diligence documents on arrival rather than collecting them for an annual review. When every questionnaire, policy, certificate, and audit is read and scored as it lands — tied to one record per supplier, with the source kept behind every flag — the evidence is already organised when an auditor, a customer, or a regulator asks. The duplicate-diligence problem, re-screening the same supplier for several providers, also eases, because the read record is reusable.
Start from where the current process breaks, not from a feature list. Walk one deal or one supplier from the first document to the signed contract and find the seam where the risk goes unread. If the questionnaire score clears but the attachments are never opened, the gap is reading. If every deal is rated differently, the gap is a locked framework. If diligence stops at close, the gap is continuity. If a finding cannot be traced to a document, the gap is evidence. The diagnosis decides what you actually need.
Framework and standard names referenced on this page are the property of their respective organizations. Information is based on publicly available documentation as of May 2026 and may have changed since. To suggest a correction, email unmesh@sopact.com.
ESG due diligence is risk intelligence applied to the deal. The pillar covers the reading layer beneath it — what Sopact is.
After the deal closes — reading every portfolio company’s reports for the drift before it becomes a write-down.
For mission-driven investors — turning diligence evidence into a defensible answer on outcomes.
Bring one deal’s real material — a target’s ESG questionnaire and its attachments, or a batch of supplier files, in whatever languages they arrived. We will run it through Sopact and show you the ESG risk read on arrival: the red flags, the contradictions between the policy and the audit, every finding traceable to the document it came from. A parallel pilot you can run alongside the diligence process you have today.
30 minutes · your real diligence files · no migration commitment
