SASB for IT & Telecommunications

What is SASB?

The Sustainability Accounting Standards Board (SASB) is an independent nonprofit organization that develops industry-specific standards for disclosing financially material sustainability information to investors. Founded in 2011 and now operating under the IFRS Foundation alongside the ISSB, SASB provides a structured framework that connects business performance to environmental, social, and governance (ESG) factors. Unlike broad ESG frameworks, SASB standards are tailored to 77 distinct industries, ensuring that the metrics companies report are directly relevant to their sector's unique risks and opportunities.

SASB and the IT & Telecommunications Industry

The IT and Telecommunications sector sits at the intersection of rapid technological change, massive energy consumption, and critical data infrastructure. SASB recognizes this by maintaining dedicated standards for industries including Software & IT Services, Semiconductors, Hardware, and Telecommunication Services. These standards matter because investors and regulators increasingly demand transparency on how companies in this space manage risks that directly affect long-term financial performance.

Consider the energy footprint of a hyperscale data center operator running thousands of servers around the clock. According to industry estimates, data centers globally consume approximately 200 terawatt-hours of electricity annually. SASB requires companies to disclose this consumption alongside the percentage sourced from renewables, allowing investors to assess exposure to energy price volatility and carbon regulation risk. Similarly, a telecommunications provider managing subscriber data for tens of millions of users faces material risk from data breaches and regulatory penalties under frameworks like GDPR. SASB's standards require disclosure of data security incidents and management approach, translating a compliance concern into a quantifiable business risk metric.

Hardware manufacturers face a different set of material issues. The sourcing of conflict minerals such as tantalum, tin, tungsten, and gold from high-risk regions represents both a reputational and supply chain risk. A company like a printed circuit board manufacturer that cannot demonstrate responsible sourcing practices may face customer attrition, import restrictions, or investor divestment. SASB's supply chain standards address precisely this exposure. Across the IT and Telecommunications spectrum, SASB bridges the gap between operational sustainability practices and the financial disclosures that capital markets rely on.

Key Requirements

SASB standards for the IT and Telecommunications sector encompass a specific set of disclosure topics with associated metrics. The following represent the core requirements companies in this industry must address:

• Energy Management: Total energy consumed in data centers and network infrastructure, percentage of energy from grid electricity versus renewables, and power usage effectiveness (PUE) ratios. Companies must report absolute consumption figures alongside intensity metrics tied to revenue or computational output.
• Data Privacy and Freedom of Expression: Description of policies and practices relating to behavioral advertising, user privacy, and government requests for user data. This includes the number of government requests for user information received, the percentage complied with, and the existence of a transparency report.
• Data Security: Description of the approach to identifying and addressing data security risks, including third-party audits, penetration testing cadence, and employee training programs. Material data breaches must be disclosed including the number of users affected and the associated financial impact.
• Recruiting and Managing a Global and Skilled Workforce: Percentage of employees that are foreign nationals, disclosure of H-1B or equivalent visa usage, and employee engagement scores. For companies competing for scarce engineering talent, workforce metrics signal operational resilience.
• Intellectual Property Protection and Competitive Behavior: Total amount of legal and settlement costs associated with anti-competitive behavior, intellectual property infringement, or patent disputes. This metric surfaces latent legal liabilities that may not otherwise appear on the balance sheet.
• Managing Systemic Risks from Technology Disruptions: Number and duration of system outages or service interruptions, description of efforts to maintain system integrity and minimize downtime, and business continuity planning disclosures. For cloud providers and telecom operators, uptime is a core revenue driver.
• Product Lifecycle Management (Hardware): Percentage of products containing IEC 62474 declarable substances, weight of end-of-life products recovered, and percentage recycled. Hardware manufacturers must demonstrate they are addressing e-waste at scale.
• Supply Chain Management: Percentage of suppliers audited to a labor, environmental, or ethics standard, and the percentage found in compliance. This is particularly material for hardware companies with complex multi-tier supplier networks in Southeast Asia.

Implementation Steps for IT & Telecommunications Companies

Implementing SASB standards requires a structured approach that connects sustainability operations to financial reporting processes. The following steps provide a practical roadmap for IT and Telecommunications organizations at any stage of their reporting journey.

1. Identify the applicable SASB standard for your specific sub-industry. The SASB framework distinguishes between Telecommunication Services, Software & IT Services, Hardware, Semiconductors, and Internet Media & Services. A company offering cloud-based software operates under different metrics than a hardware OEM. Download the relevant standard from the IFRS Foundation website and map it against your current business model, including any recent acquisitions or pivots that may bring additional standards into scope.
2. Conduct a materiality assessment aligned with SASB topics. Convene a working group including finance, legal, operations, IT security, and sustainability leads. Review each SASB disclosure topic and score it for financial materiality to your business. For example, a pure software-as-a-service company may find energy management less material than data security, while a telecommunications infrastructure operator will likely rank both as high priority. Document your reasoning, as investors and auditors will scrutinize materiality determinations.
3. Audit existing data collection processes. Map each required SASB metric to the internal system or team responsible for generating that data. Energy consumption data may live in facilities management, data security incidents in the CISO's office, and workforce metrics in HR information systems. Identify gaps where data is not currently tracked or is tracked inconsistently across geographies. Common gaps include PUE measurements at co-located facilities managed by third-party data center operators.
4. Establish data governance and internal controls. Assign ownership for each metric to a named role and define collection frequency, calculation methodology, and review approval chains. For energy data, this means standardizing unit conversion factors and agreeing on which facilities are in scope. For data security incidents, establish a threshold definition for what constitutes a reportable incident under SASB versus internal tracking thresholds. Document methodologies in writing so disclosures are reproducible and defensible under external assurance review.
5. Integrate SASB disclosures into existing reporting workflows. SASB data should be incorporated into your annual report, ESG report, or dedicated SASB index rather than treated as a standalone document. Align the reporting calendar with your financial close process so SASB metrics are finalized concurrently with financial statements. Many companies publish a SASB index as an appendix to their sustainability report, with cross-references to relevant sections of their 10-K or equivalent filing.
6. Engage external assurance providers. Third-party limited or reasonable assurance over SASB metrics significantly increases credibility with institutional investors. Select an assurance provider with demonstrated experience in technology sector ESG metrics. Begin with limited assurance on high-priority metrics such as energy consumption and data security disclosures, then expand scope over subsequent reporting cycles as internal processes mature.
7. Communicate with investors and respond to ESG rating agencies. Proactively share your SASB disclosures with investor relations contacts and respond to data requests from agencies such as MSCI, Sustainalytics, and CDP. SASB-aligned disclosures directly improve scores on many ESG rating methodologies, which in turn influences inclusion in ESG-focused index funds and the cost of capital for equity and debt issuances.

Frequently Asked Questions

Is SASB reporting mandatory for IT and Telecommunications companies?

As of 2026, SASB reporting remains voluntary in most jurisdictions, though this is changing rapidly. The SEC's climate disclosure rules in the United States reference SASB as an acceptable framework. The EU's Corporate Sustainability Reporting Directive (CSRD) requires large companies to report under ESRS standards, which are compatible with and partially aligned to SASB metrics. Many institutional investors, including major asset managers representing trillions in assets under management, formally request SASB-aligned disclosures through shareholder engagement and proxy voting policies. While technically voluntary in many markets, the practical pressure from capital markets makes adoption effectively obligatory for publicly traded IT and Telecommunications companies seeking broad institutional ownership.

How does SASB differ from GRI and TCFD, and do we need all three?

GRI (Global Reporting Initiative) focuses on a company's impact on the world across a broad stakeholder audience, while SASB focuses on financially material sustainability information relevant to investors. TCFD (Task Force on Climate-related Financial Disclosures) specifically addresses climate risk across governance, strategy, risk management, and metrics categories. These frameworks are complementary rather than competing. Many IT and Telecommunications companies use all three: GRI for stakeholder-facing sustainability reporting, SASB for investor-grade financial materiality disclosures, and TCFD for climate risk governance narratives. The good news is that data collected for one framework often satisfies requirements of another, so integration reduces duplication of effort over time.

What are the biggest data challenges specific to the IT and Telecommunications sector?

The most frequently cited challenge is energy data completeness, particularly for companies that co-locate servers in third-party data centers or rely on hyperscale cloud providers. Contractual arrangements with colocation providers do not always include PUE data sharing, requiring companies to negotiate data access as part of procurement. Data security incident tracking presents another challenge, as the definition of a reportable incident under SASB differs from internal security thresholds and varies by regulatory jurisdiction. Supply chain data is equally complex for hardware companies, where tier-2 and tier-3 supplier audit data is often unavailable or unreliable. Starting with owned and operated facilities and first-tier suppliers, then expanding scope year over year, is a practical approach to closing these gaps.

How long does it typically take to implement SASB reporting for the first time?

For a mid-sized IT or Telecommunications company with existing ESG reporting infrastructure, a first SASB disclosure can typically be produced within six to nine months of initiating the process. This timeline assumes that energy and workforce data systems are already functional and that the primary work involves gap analysis, metric standardization, and drafting disclosure language. Companies without existing ESG data infrastructure or those operating across many jurisdictions with fragmented data systems should plan for twelve to eighteen months to reach a state where disclosures are complete, internally reviewed, and ready for external assurance. Beginning with a targeted pilot covering the three or four most material SASB topics allows companies to build capability incrementally while delivering value to investors sooner.

Summary

SASB standards provide IT and Telecommunications companies with a rigorous, investor-focused framework for disclosing the sustainability factors that most directly affect long-term financial performance, from data center energy consumption and cybersecurity resilience to workforce composition and supply chain integrity. As capital markets increasingly price ESG risk into valuations and cost of capital, companies that implement SASB disclosures gain a competitive advantage in attracting institutional investment and navigating regulatory scrutiny. Begin by identifying your applicable SASB standard, conducting a structured materiality assessment, and building the data governance processes that will make your disclosures credible, consistent, and audit-ready for years to come.