· Joanna Maraszek-Darul · 9 min read

VSME for IT & Telecommunications

VSME

Learn how VSME affects IT & Telecommunications companies. Requirements, implementation steps, and FAQ. Check Plan Be Eco.

VSME for IT & Telecommunications

What is VSME?

The Voluntary Sustainability Reporting Standard for non-listed Small and Medium-sized Enterprises, commonly known as VSME, is a framework developed by the European Financial Reporting Advisory Group (EFRAG) to help smaller businesses structure and communicate their sustainability performance. Unlike the Corporate Sustainability Reporting Directive (CSRD), which applies mandatory reporting obligations to large listed companies, VSME provides a proportionate, accessible reporting pathway for SMEs that want or need to disclose environmental, social, and governance (ESG) data to partners, investors, and clients. The standard is designed to reduce reporting complexity while aligning with the broader European Green Deal objectives and the data demands flowing down from larger companies already subject to CSRD.

VSME and the IT & Telecommunications Industry

The IT and telecommunications sector occupies a unique position in the VSME landscape. On one hand, technology companies are increasingly embedded in the supply chains of large enterprises that must comply with CSRD and, by extension, require ESG data from their smaller vendors and subcontractors. A software development firm providing a SaaS platform to a major bank, or a managed service provider supporting a manufacturing conglomerate, will almost certainly receive formal requests for sustainability disclosures as their clients fulfill their own CSRD obligations. This creates a de facto mandatory situation for many IT and telecom SMEs even though VSME remains technically voluntary.

On the other hand, the IT and telecommunications industry carries a substantial environmental footprint that the VSME framework directly addresses. Data centers consume between 1% and 2% of global electricity, and network infrastructure accounts for an additional and growing share of energy demand. A regional internet service provider running its own infrastructure, a cloud-managed services company operating co-location servers, or a software company with significant cloud compute usage will all have material greenhouse gas emissions to report under the VSME environmental module. Similarly, the sector's reliance on hardware — from smartphones and routers to server racks and network switches — raises questions about resource use, supply chain transparency, and end-of-life equipment handling that the social and governance modules of VSME directly capture.

Concrete examples of VSME relevance in this sector include a telecom operator reporting on the energy mix powering its base stations, a cybersecurity firm documenting its employee health and safety policies, a software SME disclosing its Scope 1 and Scope 2 carbon emissions, and a hardware reseller mapping the environmental certifications of the manufacturers it works with. In each case, VSME provides the structure and vocabulary to turn existing internal data into a credible, standardised disclosure.

Key Requirements

The VSME standard is structured into two modules: a basic module (Module B) applicable to all SMEs, and a comprehensive module (Module C) for those with greater capacity or more demanding stakeholder requirements. The following requirements are particularly relevant to IT and telecommunications companies:

  • Energy consumption and sources: Companies must disclose total energy consumed, distinguishing between energy from renewable and non-renewable sources. For IT firms, this covers electricity used by offices, server rooms, and leased data center space, as well as fuel consumed by company vehicles used for field engineering teams.
  • Greenhouse gas emissions (Scope 1 and Scope 2): Direct emissions from owned or controlled sources (Scope 1) and indirect emissions from purchased electricity, heat, or cooling (Scope 2) must be quantified and reported. A telecommunications company powering thousands of remote base stations must account for the electricity consumed at each site, even where metering is indirect.
  • Water and waste: While less prominent in software-focused businesses, data center operators and device repair or refurbishment companies face requirements to disclose water withdrawn and consumed, as well as total waste generated and the proportion directed to recycling or hazardous disposal streams.
  • Workforce metrics: The standard requires disclosure of the total number of employees by gender and employment type, employee turnover rates, and the share of employees covered by collective bargaining agreements. IT companies, which typically employ a high proportion of full-time specialists alongside a freelance or contractor workforce, must be careful to accurately classify and count their workforce segments.
  • Health, safety, and well-being: Reporting on work-related incidents, including the number of recordable accidents and fatalities, is required. For field technicians installing network infrastructure or maintaining physical hardware, this is operationally significant and may require integration with existing occupational health management systems.
  • Business conduct: Companies must address anti-corruption and anti-bribery policies, the existence of a code of conduct, and any confirmed incidents of corruption or bribery. Given that IT and telecom firms frequently operate across jurisdictions and engage with public-sector procurement, this section carries real reputational weight.
  • Value chain information (Module C): Companies opting for the comprehensive module must provide information about their significant suppliers and subcontractors, including whether those parties have been assessed on sustainability criteria. For a telecom hardware reseller, this means engaging with the environmental and labour practices of device manufacturers, many of whom operate in regions with higher ESG risk profiles.
  • Data privacy and cybersecurity (contextual): While VSME does not have a dedicated cybersecurity disclosure requirement, the governance section creates an implicit expectation that companies operating in sensitive data environments will document material risks and their management. IT and telecom businesses handling personal data or critical infrastructure should treat this as an opportunity to disclose their security governance frameworks.

Implementation Steps for IT & Telecommunications Companies

  1. Determine your module and reporting boundary. Assess whether Module B (basic) or Module C (comprehensive) is appropriate given your company size, the complexity of your stakeholder demands, and your capacity for data collection. Define your reporting boundary clearly — for example, whether shared data center facilities count as Scope 1 or Scope 2 emissions depends on whether you own or merely rent the infrastructure.
  2. Conduct a materiality screening. Not every VSME disclosure point will be equally significant for every IT or telecom business. A pure-play software company with a remote workforce and no physical infrastructure has a very different materiality profile from a telecoms operator running thousands of kilometres of fibre and dozens of exchange buildings. Document which topics are material and why, as this underpins the credibility of your entire disclosure.
  3. Audit your existing data sources. Map what sustainability-relevant data your organisation already collects. Energy invoices, travel expense reports, payroll systems, procurement databases, and health and safety incident logs all contain information that feeds directly into VSME disclosures. Identifying these sources avoids redundant data collection and reveals gaps that need to be addressed before reporting can begin.
  4. Assign internal ownership and responsibilities. VSME reporting cuts across finance, HR, IT operations, legal, and procurement. Appoint a sustainability coordinator or working group with clear accountability for each data domain. In smaller IT companies, this often means a part-time role for an existing finance or operations manager rather than a dedicated hire.
  5. Calculate your greenhouse gas footprint. Use a recognised calculation methodology such as the GHG Protocol to quantify Scope 1 and Scope 2 emissions. Gather electricity consumption data from all sites, apply the relevant emission factors for your electricity grid or grids, and document your methodology. If your company uses significant cloud computing resources, investigate whether your cloud provider offers consumption-based carbon reporting tools, which can streamline this step considerably.
  6. Engage your supply chain where required. If you have opted for Module C or if client contracts require it, begin outreach to your key suppliers to request their own sustainability data. Start with the suppliers that represent the largest share of your spending or carry the highest ESG risk — for a telecom company, this typically means hardware manufacturers and network equipment vendors.
  7. Prepare and review your disclosure document. Compile your data against the VSME disclosure requirements, write the narrative sections, and have the document reviewed internally by senior leadership and, where resources permit, by an external sustainability adviser. Ensure the language is precise and avoids unsubstantiated claims that could expose the company to greenwashing risk.
  8. Publish and distribute your report. Make your VSME disclosure available to the stakeholders who need it — typically your clients, lenders, and investors. Consider publishing it on your company website to support commercial credibility and to meet the informal expectations of procurement teams at large enterprises that are themselves navigating CSRD compliance.

Frequently Asked Questions

Is VSME mandatory for IT and telecom companies?
VSME is technically a voluntary standard — there is no European regulation that compels SMEs to adopt it. However, for IT and telecom companies that supply goods or services to large enterprises subject to CSRD, VSME reporting is increasingly expected as a contractual or commercial requirement. Clients obligated to report on their own supply chain sustainability will request ESG data from their vendors, and VSME provides the most efficient and credible framework for supplying that data in a standardised format.

How does VSME differ from CSRD for smaller IT companies?
CSRD is a mandatory directive applying primarily to large public-interest entities and large non-listed companies above defined size thresholds. VSME is a voluntary standard designed specifically for SMEs that fall outside CSRD's direct scope. VSME has fewer disclosure points, simpler quantitative requirements, and no obligation for third-party assurance, making it proportionate for companies with limited sustainability reporting resources. That said, VSME is aligned with CSRD's underlying European Sustainability Reporting Standards (ESRS), so companies that grow to CSRD scope will find the transition significantly smoother if they have already implemented VSME.

What is the biggest reporting challenge for telecom operators specifically?
For telecom operators, the primary challenge is energy data collection across geographically dispersed infrastructure. Base stations, exchange nodes, and remote equipment cabinets often lack granular energy metering, and energy costs may be bundled into site lease agreements rather than reported as separate line items. Establishing reliable energy consumption data at the asset level typically requires investment in smart metering or estimation methodologies based on equipment specifications and utilisation rates, both of which need to be documented carefully to withstand stakeholder scrutiny.

Can a small software company with ten employees benefit from VSME reporting?
Yes. Even for micro-enterprises, VSME reporting delivers commercial and operational benefits. It creates a structured record of sustainability performance that can be referenced in tender responses, client due diligence questionnaires, and impact investor conversations. The process of compiling the report also prompts small companies to identify energy inefficiencies, workforce risks, and governance gaps they might otherwise overlook. The basic module is designed to be completed with modest internal effort, making it accessible even without dedicated sustainability staff.

Summary

VSME represents a significant and practical opportunity for IT and telecommunications companies of all sizes to document their sustainability performance in a format that meets the growing expectations of clients, investors, and regulators. With supply chain transparency demands accelerating as CSRD takes hold across European industry, companies in this sector that build their VSME disclosure capability now will be better positioned commercially and better prepared operationally than those who defer action. Beginning with a materiality assessment, establishing clean data collection processes, and publishing a credible first report are steps your organisation can take today to turn a regulatory trend into a competitive advantage.

Check which regulations apply to your company

Take a quick quiz and get a free personalized regulatory analysis.

Regulatory Quiz Try for free
← Back to blog