play icon for videos

ESG Due Diligence: Read the File, Not the Checkbox

Read every ESG questionnaire, policy, and audit on arrival

US
By Unmesh Sheth
·
11
min read
<!DOCTYPE html><html><head><meta charset='utf-8'><style>*{margin:0;padding:0;box-sizing:border-box}html,body{background:transparent}body{font-family:Inter,Arial,sans-serif;color:#1A1915}#wrap{padding:2px}.kick{font-size:11px;letter-spacing:.12em;text-transform:uppercase;color:#76716A;font-weight:600;margin-bottom:12px}.tabs{display:flex;gap:5px;margin-bottom:14px;white-space:nowrap}.tab{border:1px solid #D8D2C4;background:#FAF9F5;border-radius:999px;padding:6px 10px;font-size:11.5px;font-weight:600;cursor:pointer;color:#3D3A33;flex:0 0 auto}.tab.on{background:#1A1915;color:#FAF9F5;border-color:#1A1915}.card{background:#FAF9F5;border:1px solid #E3DFD3;border-radius:14px;padding:22px}.st{font-size:11px;color:#C96442;font-weight:700;letter-spacing:.08em;text-transform:uppercase;margin-bottom:8px}.t{font-family:Georgia,'Times New Roman',serif;font-size:24px;line-height:1.2;margin-bottom:10px;font-weight:500}.d{font-size:14px;line-height:1.55;color:#3D3A33;min-height:44px}.bar{display:flex;gap:5px;margin-top:16px}.seg{height:5px;flex:1;border-radius:3px;background:#E3DFD3;cursor:pointer}.seg.on{background:#C96442}</style></head><body><div id='wrap'><div class='kick'>ESG lifecycle · one entity record</div><div class='tabs' id='tabs'></div><div class='card'><div class='st' id='st'></div><div class='t' id='t'></div><div class='d' id='d'></div><div class='bar' id='bar'></div></div></div><script>var S=[{n:'DDQ',t:'Intake DDQ sets the anchor',d:'One entity ID is issued at the first DDQ; sector, region, and baseline scores are stored at intake.'},{n:'Documents',t:'Documents read end to end',d:'AI reads every uploaded sustainability report against the rubric, each score cited to the source passage.'},{n:'Voice',t:'Worker voice at scale',d:'Worker-voice surveys are scored at submit; cross-supplier risk patterns surface in minutes.'},{n:'Actions',t:'Corrective actions tracked',d:'CAPs link to the same entity record as the original finding, then re-survey verifies they worked.'},{n:'Proof',t:'CSDDD evidence by default',d:'The chain from commitment to verified outcome is assembled on one record, audit-ready by design.'}];var i=0;function ph(){var w=document.getElementById('wrap');parent.postMessage({ucxWidgetHeight:w.offsetHeight+4},'*');}function r(){var tb=document.getElementById('tabs');tb.innerHTML='';S.forEach(function(s,j){var b=document.createElement('div');b.className='tab'+(j==i?' on':'');b.textContent=(j+1)+' · '+s.n;b.onclick=function(){i=j;r()};tb.appendChild(b)});document.getElementById('st').textContent='Stage '+(i+1)+' of 5';document.getElementById('t').textContent=S[i].t;document.getElementById('d').textContent=S[i].d;var bar=document.getElementById('bar');bar.innerHTML='';S.forEach(function(s,j){var g=document.createElement('div');g.className='seg'+(j<=i?' on':'');g.onclick=function(){i=j;r()};bar.appendChild(g)});ph();}r();window.addEventListener('load',ph);setInterval(function(){i=(i+1)%S.length;r()},5000);</script></body></html>

What is ESG due diligence?

ESG due diligence is the process of examining the environmental, social, and governance risks of a company, supplier, or fund before committing to it — an investment, a contract, an allocation — and continuing to examine them after the deal closes. The weak version is a checklist run once at the gate: a questionnaire sent, the numeric answers scored, a box ticked. The strong version reads every document on arrival — the questionnaire, the policy, the certificate, the audit report, the news item — scores it against a defined framework, keeps the source sentence behind every flag, and stays live after the signature. It is also called ESG DD, or an ESG DDQ exercise.

Owned by: private equity, venture, and LP diligence teams · procurement and third-party risk · corporate sustainability and compliance under CSDDD and CSRD · impact and ESG funds · real-estate and infrastructure investors. It is broader than environmental due diligence — the Phase I site assessment — because it covers social and governance risk as well, and a real ESG risk does not end at the signature.

The era of the ESG due diligence checklist is over

Not because the checklist stopped working — because sending the questionnaire and buying the rating became table stakes. The ESG ratings and screening providers — MSCI ESG, Sustainalytics, EcoVadis, Refinitiv — earned their positions honestly: they gave a fragmented market a common vocabulary, a comparable letter grade, and a way to screen a universe of names in an afternoon. The DDQ standard-setters did the same for process: the ILPA ESG DDQ and the ESG Data Convergence Initiative turned a hundred bespoke questionnaires into one shared instrument. If your problem was collection — a universe to screen, a questionnaire to standardize — that generation solved it.

But the strengths hardened into weaknesses. A rating is a letter, produced from public data by a third party; it cannot read the target's own audit report, it cannot be traced to a source, and it was never built to defend a finding to a regulator. A DDQ collects the answer the target chose to give — and the 180 pages of policy and certificate it arrives with are filed in the data room and opened by no one. Both go quiet the day the contract is signed. As one diligence lead put it, the tooling could tally "outputs and dollars," but "the biggest pain point is that we can't tell a cohesive story across all of it. Each thing works fine in a silo."

Then the ground moved. The EU's Corporate Sustainability Due Diligence Directive turned ESG diligence from an optional screen into a standing legal duty — identify, prevent, and account for adverse impacts across the value chain, on an ongoing basis — and the CSRD requires you to disclose that you did. An LP now asks an investor to defend an ESG claim with evidence, not a rating. A point-in-time questionnaire cannot answer a standing obligation. So the value moved — off the score and onto the layer that reads every document on arrival and keeps the diligence current.

None of this requires ripping out your data room, your procurement system, or the questionnaire you already send. The sentence we hear on almost every call now: "We're not gonna leave the system we have, but we're open to an AND." Keep the systems that collect; add the layer that reads what they gather. (For ongoing ESG risk beyond the deal gate, see ESG risk management; for the reading layer as a category, the risk intelligence pillar.)

The stake, stated honestly: boards, LPs, and regulators have already changed the question from "what is the score" to "show me the evidence, and show me it is current." If you are signing a multi-year ESG-rating subscription today, ask which question it will be able to answer when the auditor arrives.

What is ESG intelligence?

ESG intelligence is reliable answers from your diligence documents — in minutes, not months. Everything a target or supplier submits is treated as data: the DDQ answers, the code of conduct, the ISO or SA8000 certificate, the factory audit, the corrective-action log, the news report, the worker-voice survey. All of it lands on one persistent entity record — one ID per supplier or target — aligned to the E, S, and G framework you defined, so the same supplier looks like the same supplier across three deals and five years.

The part that changes daily work is the Assistant. Document reading, score comparison, and free-text analysis are unified into one chat-based function: ask a question, get a defensible answer with citations to the underlying documents. No prompt engineering, no dashboard hunting, no waiting for the one analyst who knows where the audit PDF was filed. A diligence process is never one person — the deal team, procurement, compliance, the investment committee, the LP all need different views of the same evidence — and a chat interface empowers each of them directly instead of routing everything through one reviewer.

When the analysis is done, it does not die in the chat: create shareable reports tailored to each audience — the IC memo, the procurement risk register, the CSDDD evidence file — from the same underlying answer, each finding traceable to the source document. This is the distinction that separates real ESG intelligence from an open chat window on a data room: run the same target in March and in June and the method is identical — what changed is the target, not the ruler. A locked answer is a finding you can put in the report; a drifting one is a guess with a logo. (For AI-native monitoring after the deal closes, see portfolio intelligence.)

The ESG due diligence process, stage by stage

The honest way to evaluate ESG due diligence software is against the process, not the feature list. The ESG due diligence process follows the same arc across investment, supplier, and corporate diligence — scope, collect, read, score, act, report — and it is a loop, not a line: monitoring routinely sends a supplier back into reassessment when a new audit lands. Below is the full cycle — six stages, each with what the software should do, the exact prompt to use, and what to expect back. Every prompt is copy-paste; the placeholders in brackets are yours to fill.

Stage 1 — Intake and DDQ: scope the framework, issue one entity ID

Scoping is where clean-at-source pays or fails. The E, S, and G risks that are material for this sector and this deal are defined once — not rediscovered by each analyst — and every target or supplier gets a persistent entity ID at the first DDQ, so sector, region, and baseline all attach to one record. The DDQ itself can be drafted from the framework and the standards you already use.

Build an ESG due diligence questionnaire for [SECTOR / SUPPLIER TYPE], scoped to the E, S, and G risks that are material here and aligned to the ILPA ESG DDQ where relevant. Include structured fields, policy and certificate upload requests, and free-text questions, each mapped to a named risk. Assign a persistent entity ID and flag any question that duplicates information we already hold on a returning supplier.

Expected output. A ready-to-send ESG DDQ with every field mapped to a named risk, upload slots for the supporting documents, and a persistent entity ID assigned at first contact.

Tips for reliable output. Lock the framework before the first DDQ goes out. The entity ID assigned here is what lets a supplier's audit in year three sit on the same record as its questionnaire in year one.

Stage 2 — Read on arrival: every document, in any language, the day it lands

This is the stage the checklist cannot do. Every questionnaire answer, policy, certificate, audit report, and news item is read the day it arrives — in any language — against the framework you defined, with the source sentence kept behind every finding. Nothing is filed unread. The free text the target would not put in a number, and the audit report where the real finding sits, get read like everything else.

Read every document this target submitted: [DOCUMENT SET — DDQ answers, policies, certificates, audit reports, public coverage]. For each, extract the ESG-relevant findings against our framework with the exact source sentence, note the original language, and flag any certificate that is expired or narrower in scope than the claim it supports. Do not summarize away the free text.

Expected output. A per-document findings list with the source sentence and language behind each, and a flag on every expired or out-of-scope certificate — read the day the file lands, not at the post-close review.

Tips for reliable output. A diligence document read on arrival is a chance to price the risk; the same document read at the post-close review is evidence of a liability. The only variable is when it gets read.

Stage 3 — Score against your framework: cited, locked, contradiction-flagged

Each document is scored on the E, S, and G risks you defined — a weak control, an expired certificate, a policy that contradicts the audit — with the source kept behind every score and the same method applied to every target. This is what makes a rating comparable rather than improvised, and defensible rather than a letter.

Score this target against our ESG framework: [FRAMEWORK]. Return a per-risk score with the source quote behind each, flag any contradiction between a stated policy and an audit finding, and mark where the evidence is thin. Use the exact same method and definitions as the last deal so the score is comparable, not re-invented.

Expected output. A comparable, per-risk score with a citation behind every number and a flagged list of policy-versus-audit contradictions — the finding a reviewer verifies rather than assembles.

Tips for reliable output. Version the framework and every change to it. Comparability across deals and cycles is the entire value; a definition that drifts turns your diligence back into a guess.

Stage 4 — Flag and route: the red flag before the close, not after

A standing ESG risk view shows what is exposed across every supplier and every target at once. Each red flag surfaces while the deal can still account for it — priced into the terms, conditioned, or walked away from — and is routed to a named owner with a deadline, not left in a folder until an NGO report finds it first.

Across [DEAL / SUPPLIER BATCH], list every ESG red flag ranked by severity, each tied to its entity record and source document. For each flag, name the risk, the evidence, and whether it can be priced, conditioned, or is a walk-away. Route each flag to an owner with a deadline, and mark which ones must clear before close.

Expected output. A ranked red-flag register, each flag tied to its source and an owner, with the must-clear-before-close items marked — the exposure named on arrival instead of in a portfolio-company headline.

Tips for reliable output. Route every flag to a named owner with a date. A red flag nobody owns is a finding that sat on your books, undisclosed, between the arrival date and the surprise.

Stage 5 — Corrective actions and monitoring: diligence that stays live

Closure is not the end of the record. Corrective-action plans link to the same entity record as the original finding, and each new audit, policy update, and report is re-read as it arrives — so the diligence does not go quiet the day the contract is signed. A re-survey or the next audit verifies whether the fix actually worked, on the same ID.

Track the corrective actions agreed for [SUPPLIER / TARGET]: link each to its original finding. When the next audit or report arrives, re-read it and report whether each action actually closed the risk, with the source sentence — treat this as verification, not a status update. Flag any finding that has recurred.

Expected output. A corrective-action ledger tied to source findings, with each action marked closed or open on the evidence of the next document — and recurrences flagged, not quietly reset.

Tips for reliable output. Capture the re-audit date and channel at the time the action is agreed. The continuous horizon is what turns a one-time screen into a diligence file the CSDDD can stand on.

Stage 6 — Report and evidence: audit-ready by default

Reports are questions, not formats. From the same accumulating entity record, the ESG due diligence report, the IC memo, the procurement risk register, and the CSDDD or CSRD evidence chain are each one query — with the supporting audit two clicks away — instead of a manual re-read of the data room every reporting cycle.

Produce an ESG due diligence report for [TARGET / SUPPLIER]: the E, S, and G risks found, the evidence behind each, a view on materiality and next steps, and the corrective actions still outstanding. Cite the source document for every finding. Format one version for the investment committee and one for the audit file.

Expected output. An ESG DD report generated as a query, every finding citing its source document — plus the evidence chain a regulator, an LP, or an auditor can follow without a second review team. If your outcome framework needs an external anchor, align it to IRIS+ so metrics are comparable beyond your own walls.

Tips for reliable output. Generate the report from the live record, not a snapshot. A report assembled from a questionnaire score alone is a summary of the answers given — not a diligence finding.

The ESG due diligence checklist — E, S, and G

Every ESG due diligence checklist covers the same three domains. The scope below is the standard, across investment, supplier, and corporate diligence — and it is sound. What decides whether the diligence works is not which boxes are on the list; it is whether anyone read the document behind each one.

Environmental (the E checklist). Carbon footprint and Scope 1–3 emissions · energy, water, and waste management · pollution, spills, and remediation history · climate-risk exposure and resilience · environmental permits and compliance record · biodiversity and land use.

Social (the S checklist). Labor practices and working conditions · health and safety record · human rights and modern-slavery risk · diversity, equity, and inclusion · community impact and relations · supply-chain labor standards.

Governance (the G checklist). Board structure and independence · anti-bribery and corruption controls · data privacy and cybersecurity · business ethics and whistleblower policy · executive pay and accountability · ESG oversight and disclosure integrity.

These eighteen lines are the standard ESG due diligence scope — real estate and infrastructure diligence adds site contamination, energy performance, and flood risk to the E column, but the shape holds. A checklist is a list of questions, not a verdict. The diligence is only as strong as the reading behind each box — and on most deals, that reading never happens. Use the checklist to set the scope; then read behind it.

The ESG DDQ, and what reading it actually means

The ESG DDQ — the due diligence questionnaire — is the standard instrument, and it is not the problem. The ILPA ESG DDQ and the ESG Data Convergence Initiative gave the market a shared, sensible set of questions. The problem is what happens after it comes back: the numeric answers tally to a score, and the free text plus the 180 pages of attached policies and certificates are filed in the data room and never opened.

Read on arrival, the same DDQ behaves differently. Every part of it is read — the numbers, the free text, and every attached policy, certificate, and report — against the framework you defined. A weak answer, an expired certificate, a policy that contradicts the audit is flagged, and every flag keeps the source sentence behind it. The one question to ask of any ESG DDQ process: when an attachment contradicts a questionnaire answer, does anything catch it? If the answer is "only if a reviewer happened to open the PDF," the DDQ is collecting answers, not reading risk.

ESG supply chain and supplier due diligence

For suppliers and supply chains, ESG due diligence screens third parties for environmental and social risk before and during a contract — and the volume is the problem. Hundreds of suppliers, each with a questionnaire, a stack of policies, a certificate, and often a factory or social-compliance audit; the real finding usually sits in the audit report no one opened. This is exactly where the CSDDD bites: the obligation runs across the value chain, not just the tier-one supplier you contract with directly.

Reading every supplier document on arrival — and re-reading each new audit as it lands, on the same supplier ID — keeps the diligence current and the evidence audit-ready, instead of an annual scramble. It also eases the duplicate-diligence problem, where the same supplier is re-screened for several buyers and providers: a read, cited record is reusable. Worker-voice surveys can be scored at submission alongside the documents, so a labor-risk pattern across suppliers surfaces in minutes rather than after an incident. For ICT and other technical supplier networks, the same layer reads the certifications and the security-and-labor audits against one framework, so "audit-ready supplier ESG evidence" is a query, not a project.

ESG due diligence in private equity and for investors

In private equity and investment, ESG due diligence examines a target company — or a fund manager, in fund-of-funds diligence — for the ESG risks and liabilities that affect value, price, and exposure. It looks for what a financial model would miss: a labor dispute, an environmental breach, a governance weakness, a greenwashed claim. The aim is to identify and quantify the ESG liability before close, so it can be priced into the deal or written into the terms — not discovered in a portfolio-company headline afterward, when the liability has already transferred to you.

Investment-side teams will recognize the ILPA ESG DDQ and the ESG Data Convergence Initiative as the questionnaires this layer reads, and impact investors will want diligence evidence that carries through to an outcome answer after the deal — the bridge to impact measurement. For the standard of care itself, the diligence rests on the OECD and UN PRI frameworks below, which the CSDDD is now turning into a legal duty. The distinction that matters for an IC: a rating tells you where a name sits in a peer distribution; diligence tells you what is actually in this target's own documents, cited, and defensible in front of an LP.

What an ESG due diligence platform has to actually do

An ESG due diligence platform is not a questionnaire with a dashboard, and it is not an ESG rating feed. It is the set of jobs that turn the documents a target or supplier submits into a risk you can price and defend. There are six: collect (send the DDQ, or read a data room and procurement system you already run, one entity record from the first document); read (every document on arrival, any language, nothing filed unread); score (against the E, S, and G risks you defined, source sentence behind every flag); connect (numbers, free text, and attachments on one record); compare (the same framework applied to every supplier and every deal, so a rating is comparable); and report (the ESG DD report and a standing red-flag view, every finding cited).

ESG due diligence software, narrowly, is the system that sends questionnaires and stores responses. An ESG due diligence platform, done well, does the six jobs above — the reading and the record, the parts a questionnaire tool leaves to an analyst. Sopact runs alongside your data room and procurement system rather than replacing them; for the generic, non-ESG due-diligence tooling comparison, see due diligence software.

What goes in an ESG due diligence report

An ESG due diligence report sets out the ESG risks found in a target or supplier, the evidence behind each one, and a view on materiality and next steps. A strong report shares two qualities that a rating summary never has: every finding is traceable to the source document it came from, and the same framework was applied as on every other deal, so the report is comparable across the portfolio. A report assembled from a questionnaire score alone is a summary of the answers the target chose to give — not a diligence finding. The report, the IC memo, and the CSDDD evidence file are three formats of the same cited record, not three separate write-ups.

How to choose ESG due diligence software

Most ESG due diligence software searches start with the wrong question. "Which platform should we buy" returns a shortlist of questionnaire tools and rating providers that all demo well. The useful question is narrower: walk one deal, or one supplier, from the first document to the signed contract, and find the seam where the risk goes unread. If the questionnaire score clears the gate but the attached policies are never opened, the gap is reading. If every deal is rated by a different analyst with a different definition, the gap is a locked framework. If the diligence goes silent the day the deal closes, the gap is that nothing is continuous. And if a finding cannot be traced to the document it came from, the gap is evidence — the part a regulator or an LP will ask for.

The evaluation itself is work you can delegate to AI. These prompts mirror what buyers are already asking answer engines — use them as they are:

Build an evaluation matrix for ESG due diligence software with technical and program criteria weighted 50/50. Technical: security and field-level access control, integrations with our data room and procurement system, configuration model, data export and exit rights. Program: reads every document on arrival with citations, one entity ID per supplier or target, locked-framework scoring that holds across runs, continuous monitoring after close, CSDDD and CSRD evidence generation. Score vendors [VENDOR LIST] on each, with evidence required, not vendor claims.
Take one diligence file from a closed deal that, in hindsight, carried an ESG issue. For each tool we are evaluating, assess whether it would have surfaced that document before close — and be specific about what the tool reads, when, and against what definition. Rank the tools by whether they read risk or only collect it.

That diagnosis decides whether you need a better questionnaire or a different layer over the whole process. A team that skips it buys a faster way to send the DDQ — and the audit report that held the real risk is still sitting in the data room, unopened.

ESG due diligence has a defined standard of care

ESG due diligence is not an improvised exercise. International frameworks define how it should be scoped, conducted, and evidenced — and regulation is turning that guidance into a legal duty. The OECD Due Diligence Guidance for Responsible Business Conduct is the global reference: risk-based, ongoing, embedded across the value chain. The UN Principles for Responsible Investment set the expectation that ESG factors are integrated into investment analysis and diligence, not bolted on as a screen after the decision. And the EU's Corporate Sustainability Due Diligence Directive makes ESG diligence mandatory and continuous — companies must identify, prevent, and account for adverse impacts across their chains. Sopact cites these frameworks to share their vocabulary and their standard of care, not to certify against them; compliance is a conversation for your counsel, and a defensible, cited diligence record is one this layer can help with.

Learn the how-to: ESG intelligence in the Academy

The stages above are the argument; the Academy articles are the practice — each a hands-on companion for one part of reading documents against a framework, written to run on your own diligence files.

What ESG due diligence intelligence is not

Honest boundaries, because the fastest way to a failed rollout is buying the wrong category.

Not an ESG rating provider. Sopact does not sell a letter grade on a universe of public companies. It reads the target's or supplier's own documents against your framework. A rating is an input you can read in; it is not diligence.

Not your data room or procurement system. The data room stores the files and the procurement system runs the contract; Sopact reads what those systems gather and never interpret, on one shared record, rather than replacing them.

Not a compliance certification. Sopact provides AES-256 encryption, TLS 1.3, field-level role-based access, SSO/MFA, and full audit logging, with AI under enterprise terms and no training-data retention — but it does not certify you against the CSDDD, CSRD, or any standard. It produces the cited, current evidence your counsel and auditor rely on. And if your use case is purely a data warehouse, Sopact is not the ideal system for that.

What are the best ESG and impact reporting platforms for corporate sustainability teams?

Corporate sustainability teams use ESG reporting platforms to collect, standardize, and disclose environmental, social, and governance data across operations, supply chains, and business units. These platforms help organizations move from manual reporting to structured, audit-ready ESG disclosure and analytics.

Enterprise ESG reporting platforms

These platforms are widely used for regulatory ESG reporting, carbon accounting, and compliance-grade disclosure:

  • Workiva — connected reporting platform for ESG, financial, and compliance disclosures
  • IBM Envizi — ESG data management and emissions tracking across enterprise operations
  • Persefoni — carbon accounting and climate disclosure platform for enterprises
  • Watershed — carbon measurement and climate program management for large organizations
  • Diligent ESG — ESG governance, risk, and board-level reporting

Mid-market and operational ESG tools

These platforms support structured ESG data collection and reporting for growing organizations:

  • Novisto — ESG data management and reporting with audit-ready workflows
  • Position Green — ESG performance tracking and reporting aligned with frameworks like CSRD
  • Sweep — ESG data collection and carbon tracking with collaborative workflows
  • Normative — carbon accounting and emissions reporting automation

ESG data analysis and sustainability intelligence platforms

These tools focus on transforming ESG data into insights and decision intelligence:

Stakeholder intelligence and outcome-driven ESG platforms

Most ESG tools focus on reporting and compliance. A newer category focuses on connecting ESG data with qualitative insights, program outcomes, and decision intelligence across teams and stakeholders:

  • Sopact — AI-powered ESG and impact intelligence platform that connects structured ESG metrics with qualitative data (surveys, stakeholder feedback, due diligence notes) to deliver unified, audit-ready insight across sustainability programs

Key takeaway

Most ESG platforms are designed for data collection, carbon accounting, and compliance reporting, while emerging AI-native systems like Sopact extend this by connecting ESG data + qualitative stakeholder intelligence + outcome analysis into a single decision layer for sustainability teams.

ESG due diligence, answered

What is ESG due diligence?

ESG due diligence is the process of examining the environmental, social, and governance risks of a company, supplier, or fund before committing to it. The weak version is a checklist run once at the gate; the strong version reads every document on arrival — the questionnaire, the policies, the certificates, the audits, the news — scores it against a defined framework, and keeps the diligence live after the deal closes. It is also called ESG DD or an ESG DDQ exercise.

What is an ESG due diligence checklist?

An ESG due diligence checklist is the standard scope of what to examine, organized across three domains. Environmental covers emissions, energy and waste, pollution history, climate risk, permits, and land use. Social covers labor practices, health and safety, human rights, diversity, community impact, and supply-chain standards. Governance covers board structure, anti-bribery controls, data privacy, business ethics, executive pay, and disclosure integrity. The checklist sets the questions; the diligence is only as strong as the reading behind each line.

What is an ESG DDQ (ESG due diligence questionnaire)?

An ESG DDQ is the standard instrument for collecting ESG information from a target or supplier — numeric questions, yes/no fields, free text, and requests for attached policies and certificates. Standards like the ILPA ESG DDQ and the ESG Data Convergence Initiative made the questions consistent. The common failure is that only the numeric answers are scored while the free text and attachments are filed and never read. Reading the whole DDQ on arrival is what turns it from a form into diligence.

What is ESG due diligence software, and what is an ESG due diligence platform?

ESG due diligence software is the system used to send questionnaires, store responses, and track status. An ESG due diligence platform, done well, goes further: it reads every document a target or supplier submits on arrival, scores it against a defined ESG framework, keeps the source sentence behind every flag, and maintains a standing entity record per supplier or target. Sopact is built for the reading and the record — the parts a questionnaire tool leaves to an analyst.

How is ESG due diligence different from environmental due diligence?

Environmental due diligence — often the Phase I environmental site assessment — examines a specific property or site for contamination and environmental liability. ESG due diligence is broader: it covers social risk (labor, human rights, health and safety) and governance risk (anti-bribery, board, data privacy) as well as environmental risk, and it assesses a company, supplier, or fund rather than a site. Environmental due diligence is one input into ESG due diligence, not a substitute for it.

What does ESG due diligence cover in private equity and for investors?

In private equity and investment, ESG due diligence examines a target company — or a fund manager, in fund-of-funds diligence — for the ESG risks and liabilities that affect value, price, and exposure. It looks for issues a financial model would miss: a labor dispute, an environmental breach, a governance weakness, a greenwashed claim. The aim is to identify and quantify the ESG liability before close, so it can be priced into the deal or addressed in the terms — not discovered in a portfolio-company headline afterward.

How does ESG due diligence work for suppliers and supply chains?

For suppliers and supply chains, ESG due diligence screens third parties for environmental and social risk before and during a contract. Each supplier submits a questionnaire, policies, certificates, and often an audit report. The volume is the problem: hundreds of suppliers, thousands of documents, and the real finding usually sits in an audit no one opened. Reading every supplier document on arrival — and re-reading each new audit on the same supplier ID — keeps the diligence current and the evidence audit-ready under the CSDDD, instead of a once-a-year scramble.

What is in an ESG due diligence report?

An ESG due diligence report sets out the ESG risks found in a target or supplier, the evidence behind each one, and a view on materiality and next steps. A strong report shares two qualities: every finding is traceable to the source document it came from, and the same framework was applied as on every other deal, so the report is comparable. A report assembled from a questionnaire score alone is a summary of the answers given — not a diligence finding.

How do the CSDDD and CSRD change ESG due diligence?

The EU Corporate Sustainability Due Diligence Directive (CSDDD) makes ESG due diligence a legal obligation — companies must identify, prevent, and account for adverse environmental and human-rights impacts across their value chains, on an ongoing basis. The Corporate Sustainability Reporting Directive (CSRD) requires disclosure of that diligence. Together they turn ESG diligence from a one-time, optional checklist into a continuous, evidenced duty — which a point-in-time questionnaire or rating cannot satisfy.

How does AI help with ESG due diligence, and is it reliable?

AI changes the cost of the most expensive step: reading documents — policies, audit reports, free-text answers, news — against a defined set of ESG risks. Work that took an analyst weeks now runs in minutes and re-runs on every new document. The distinction that matters is when and how it runs. A general AI summarizing a data room drifts between runs — a medium one day, a low the next. A layer reading each document against a locked framework, on arrival, tied to one entity record with the source sentence behind every flag, produces a finding you can defend. Run the same target twice, a month apart: a reliable tool returns the same rating and shows you the sentence behind it.

Does ESG due diligence apply to real estate?

Yes. In real estate, ESG due diligence examines a property or portfolio for environmental risk (contamination, energy performance, climate exposure, flood risk), social factors (tenant health and safety, community impact), and governance (ownership, permits, compliance). It overlaps with environmental due diligence but is broader. The same principle holds: the risk sits in inspection reports, permits, and assessments — documents that have to be read, not just collected.

How is ESG due diligence different from an ESG rating or score?

An ESG rating or score is a single grade, usually produced by a third party from public data, that lets you compare companies quickly. ESG due diligence is your own examination of a specific target or supplier, against the risks that matter for this deal. A rating is an input; it is not diligence. It cannot read the target's audit report, it cannot be traced to a source, and it was not built to defend a finding to a regulator or an LP. Due diligence done well produces evidence; a rating produces a letter.

How do we choose an ESG due diligence tool?

Start from where the current process breaks, not from a feature list. Walk one deal or one supplier from the first document to the signed contract and find the seam where the risk goes unread. If the questionnaire score clears but the attachments are never opened, the gap is reading. If every deal is rated differently, the gap is a locked framework. If diligence stops at close, the gap is continuity. If a finding cannot be traced to a document, the gap is evidence. The diagnosis decides what you actually need.

Bring a real diligence batch. See the risk in your own data room.

Two months, one contained use case — one deal's real material, or a batch of supplier files, in whatever languages they arrived. You bring a target's ESG questionnaire and its attachments; the pilot shows you the ESG risk read on arrival: the red flags, the contradictions between the policy and the audit, every finding traceable to the document it came from. A parallel pilot you can run alongside the diligence process you have today — if the answers are not defensible in front of your IC or your auditor, do not continue. Scope a 2-month pilot →