For most Indian companies, ESG reporting has been an internal exercise - emissions, workforce practices, governance policies at the entity level. SEBI’s BRSR framework has changed that. It now reaches into your vendor chain. Listed companies are expected to report on how key vendors behave on environmental, social, and governance matters - and regulators are asking for evidence, not just policies.
What BRSR Actually Is - and Why It Is Different from What Came Before
SEBI introduced BRSR as a replacement for the older BRR (Business Responsibility Report) format. BRR was largely narrative. BRSR is quantitative. It asks for numbers.
BRSR applies to the top 1,000 listed companies by market capitalisation. For FY 2022–23, it became mandatory for these companies. SEBI has since introduced BRSR Core - a smaller set of key indicators that require third-party assurance. That assurance requirement is what changes everything for vendor relationships.
When your sustainability disclosures require third-party assurance, vague statements about vendor practices are no longer enough. You need to show the data behind those statements. That data has to come from your vendors - because you cannot verify what you have not measured.
BRSR has nine principles. Several explicitly extend to value chain partners - your vendors and suppliers. If key vendors are not following these principles, your BRSR report has a gap - and with assurance requirements, that gap can no longer be glossed over.
What SEBI’s BRSR Framework Specifically Asks About Vendors
The BRSR format requires companies to disclose whether their policies on various ESG matters extend to their value chain. For companies filing BRSR Core, there is an additional requirement: reporting on supply chain sustainability, including what percentage of value chain partners have been assessed against ESG criteria.
Illustrative mapping. Read the actual BRSR format on the SEBI website for full disclosure requirements.
Why Most Companies Are Not Ready for This
The honest situation for most Indian listed companies right now: they have ESG policies for their own operations, but little structured data from vendors.
Vendor onboarding is still mostly a paperwork exercise. Standard onboarding asks for GST, PAN, bank details, and maybe a quality certificate. ESG questions are rarely part of the form - which means there is no baseline data to begin with.
Nobody owns the vendor ESG question inside the company. Procurement owns the relationship. Sustainability owns the BRSR report. The two teams rarely talk about specific vendors. Vendors get evaluated on price and delivery while the sustainability report is written by a different team that has never spoken to those vendors.
Vendors are not used to being asked. A mid-size textile vendor in Surat or an auto-component manufacturer in Pune may never have been asked to share environmental or labour data. When the request comes as part of a large company’s BRSR exercise, responses are often incomplete or generic.
BRSR Core requires third-party assurance on key indicators. An assurance provider will not sign off on a supply chain disclosure based on self-declarations from vendors who were sent a one-page form in March. They need a structured, consistent data collection process - ideally one that runs throughout the year, not just at reporting time.
The Signals You Already Track Are ESG Signals
A large part of what BRSR asks about governance can be answered using data that already exists in standard vendor monitoring.
Consider what governance means in practice for a vendor: legal compliance, proper registration, open court cases, timely payment to their own workers, promoter involvement in distressed companies.
A vendor with active, consistent GST registration and filing history is demonstrating basic legal compliance. A cancelled or suspended GST registration is a governance failure.
A vendor whose promoters are directors of companies that have been struck off or are under NCLT proceedings is a governance risk. This is public data - directly relevant to your BRSR vendor assessment.
DRT and NCLT cases against a vendor signal serious financial and governance stress. Labour court cases are directly relevant to the P3 and P5 sections of BRSR.
A vendor with rapidly declining net worth, excessive borrowings, or consistent losses is under financial stress. Financial stress often drives labour practice violations - wages get delayed, safety costs get cut.
You do not need a completely separate ESG programme to start answering the governance portion of BRSR for your vendor chain. You need to connect the data you are already collecting - or should be collecting - to the BRSR question.
Which Vendors Need to Be Covered - and in What Order
BRSR does not require every vendor to be assessed. It requires assessment of key value chain partners - those who account for a significant portion of purchases or sales. In practice, this usually means your top vendors by spend.
Top 20 vendors by annual spend. These are almost certainly your key value chain partners. Cover these 20 well rather than covering 200 vendors superficially.
Single-source vendors. If you have a vendor with no immediate alternative, concentration creates business continuity risk. ESG issues at this vendor - regulatory shutdown, labour dispute, court case - directly affect you.
Vendors in high-risk categories. Textile, construction, chemicals, food processing, and logistics vendors tend to carry higher labour and environmental risk. Even if spend is moderate, these sectors warrant earlier attention.
Export-facing vendors. If your end product goes to European buyers, EU CSRD and EUDR frameworks add additional requirements on top of BRSR. Vendors in your export chain need to be assessed against both Indian and international standards.
What Data You Actually Need to Collect from Vendors
Governance Data - Public Sources + Vendor Confirmation
Governance Data - Public Sources + Vendor Confirmation
Verify GST registration status on the GST portal using the vendor’s GSTIN - do not rely on self-declaration alone.
Run MCA company and director searches for good standing and promoter associations.
Check DRT and NCLT records for the vendor company name and key promoters.
Obtain signed anti-corruption policy confirmation from vendors, not verbal assurance.
Labour and Social Data - Structured Vendor Form
Labour and Social Data - Structured Vendor Form
Worker counts - permanent and contract - as baseline for workforce disclosures.
Minimum wage compliance confirmation for applicable state minimum wages.
Safety incidents in the last 12 months - reportable accidents, near-misses, and fatalities.
Signed confirmation of no child labour and no forced labour; third-party audits for higher-risk vendors.
Environmental Data - For BRSR Core
Environmental Data - For BRSR Core
Annual energy consumption (electricity and fuel) for Scope 3 calculations.
Waste generated and disposal method - hazardous vs. non-hazardous.
What This Looks Like in Practice
A listed FMCG company is preparing its BRSR Core filing for FY 2024–25. During assurance, the provider asks how vendor ESG data was collected.
Company A sent a one-page email to all vendors in February asking them to confirm ESG practices. 80% replied. The assurance provider did not accept this - no structured process, no verification, no consistent methodology.
Company B ran structured quarterly assessments throughout the year. GST and MCA governance signals were verified automatically. Top 25 vendors received labour, environment, and ethics forms with follow-up on incomplete responses. By filing time, they had verified data on 90% of spend-weighted vendors with audit trails.
The difference was process, not effort. Company B built a repeatable system. Company A tried to solve a year-round problem in four weeks at year end.
BRSR Core and What Third-Party Assurance Actually Requires
SEBI’s 2023 circular introduced BRSR Core - a subset of high-priority indicators that require reasonable assurance from an independent third party. The top 150 listed companies were required to provide this assurance from FY 2023–24. The requirement extends to the top 250 from FY 2024–25, and the top 500 from FY 2025–26.
BRSR Core includes indicators on supply chain sustainability. Companies must disclose the percentage of value chain partners assessed against sustainability parameters, and the results of those assessments. Assurance providers will ask to see the underlying data collection methodology - not just reported percentages.
If your company falls within the top 500 listed companies by market cap, the FY 2025–26 filing will require assured vendor disclosures. If you have not started collecting vendor data in a structured way, the window to prepare is already short.
Vendor ESG Monitoring Built Into Your Existing Risk Workflow
Privue monitors governance signals - GST status, court cases, MCA director data, financial health
- automatically across your vendor base. These signals map directly to the governance portion of your BRSR vendor assessment, giving your sustainability team verified data points that can withstand assurance scrutiny.
What You Should Do Next - in the Right Order
Check whether your company falls within the top 500 listed companies by SEBI’s market cap ranking. If yes, your FY 2025–26 BRSR Core filing will require vendor assurance. Prepare now, not in Q4 of next year.
List your top 20–30 vendors by spend. Confirm who owns each relationship and ensure ESG data collection is part of their remit.
Run a governance check on each vendor using public sources - GST portal, MCA search, DRT records. This gives you the governance baseline before sending questionnaires.
Design a structured vendor ESG form covering labour, safety, environment, and ethics. Send it to key vendors with a clear deadline and follow up on non-responses. Keep responses on record for assurance.
Make this a quarterly process, not an annual one. Governance signals change - GST can be suspended, court cases filed, safety incidents happen. Continuous monitoring satisfies assurance providers better than a year-end snapshot.