If you're the sustainability or compliance lead at a Hong Kong–listed company, the past year has probably felt like being chased by one regulation after another. But among all the new rules, the one most easily underestimated — yet most consequential — is the consultation the AFRC launched in late 2025 on mandatory sustainability assurance. Its message is unmistakable: Hong Kong no longer just wants you to disclose — it wants you to disclose data that can be independently assured. A well-written report is no longer enough to clear the bar; whether your numbers can withstand third-party verification is the dividing line ahead. This article follows the government's actual moves to unpack what you really need to do to stand on the right side of that threshold.
HKFRS S1 & S2 Assurance: Hong Kong ESG Compliance Explained
One consultation paper that changed the rules
On 29 December 2025, Hong Kong's Accounting and Financial Reporting Council (AFRC) launched a public consultation on a proposed regulatory framework for sustainability assurance. Its central proposal is unambiguous: all entities subject to mandatory reporting under the HKFRS Sustainability Disclosure Standards would be required to obtain independent assurance.
This is far more than a routine industry consultation. The AFRC itself frames it as a critical milestone in the HKSAR Government's Roadmap on Sustainability Disclosures published in December 2024. A month later, the direction was reinforced at the highest level: the Green and Sustainable Finance Cross-Agency Steering Group set its 2026–2028 priorities on 29 January 2026, placing the strengthening of the sustainability disclosure ecosystem — including sustainability assurance — at the top of its agenda.
For every compliance leader at a Hong Kong–listed company, the signal is clear: Hong Kong's ESG regime is shifting from "disclose" to "disclose data that can be independently assured." How well a report reads is becoming secondary. Whether the underlying data can withstand third-party scrutiny is the real test ahead.
This article doesn't pile up timelines. Instead, it follows the government's actual moves to answer three questions: What is Hong Kong actually requiring? What does it take to be compliant? And why is "writing a polished report yourself" no longer enough?
The three things the government has actually advanced this past year
To read a trend, watch the actions, not the slogans. Between late 2025 and the first half of 2026, Hong Kong made three concrete moves, all pointing in the same direction.
First, turning "assurance" from an ecosystem aspiration into a regulatory framework. Assurance was always mentioned in the Roadmap, but only as a blueprint. The real, hard move is the AFRC's consultation on the regulatory framework itself — which addresses who supervises assurance, which entities are in scope, and at what level of assurance. The technical standard is already in place: mandatory assurance would be governed by the Hong Kong Standard on Sustainability Assurance 5000 (HKSSA 5000). With the standard set and the supervisory framework now under consultation, the institutional foundation for mandatory assurance is nearly complete.
Worth noting: this isn't starting from zero. 67% of Hang Seng Composite LargeCap Index constituents already published voluntary sustainability assurance reports in 2025. As the AFRC puts it, the proposals are designed to formalise the voluntary assurance practices already adopted by many major listed companies, bringing consistency, credibility, and comparability to disclosures — essential for building market trust. In other words, the market is already moving; the regulation is catching up and codifying it.
Second, making the "content ruler" for disclosure finer and harder. On 22 January 2026, the HKMA released Phase 2A of the Hong Kong Taxonomy for Sustainable Finance, expanding the framework to six sectors, increasing economic activities from 12 to 25, introducing transition elements, and adding climate change adaptation as a new environmental objective. The finer the taxonomy, the more there is a defensible basis for judging "what counts as green" versus "what counts as transition" — and the less room companies have to get by on vague language.
Third, locking the direction onto "transition" and "technology."The Steering Group's three-year priorities explicitly place "supporting high-quality transition plan disclosures" and "effective use of technology" alongside assurance. The message: regulators don't want a static snapshot of emissions — they want a dynamic data system that is verifiable, traceable, and technology-supported.
Put these three together, and the government's intent is plain: Hong Kong is moving the centre of gravity of regulation from "what you say" to "whether what you say can be verified."
Translating the requirements into what listed companies must actually do
Policy text is abstract. For a compliance leader, it has to be broken into concrete, non-negotiable actions. Following the three moves above, compliance really hinges on three points — each harder than "writing a report."
- Action 1: Make emissions data — Scope 3 in particular — robust enough to be assured
This is an obligation already in force, not a future one. From 2025, all issuers must disclose Scope 1 and Scope 2 emissions; for the financial year beginning in 2026, LargeCap issuers must disclose Scope 3. Scope 3 spans the entire value chain — suppliers, logistics, product use — where data is most fragmented and hardest to verify, and precisely where future assurance is most likely to fail. Calculating it is step one; calculating it so it can be verified by a third party is the real hurdle.
- Action 2: Build the data — its boundaries, definitions, and methodology — to an "assurable" standard from the outset
HKSSA 5000 has already set the ruler for assurance. It introduces a global baseline for high-quality sustainability assurance, aimed at strengthening public confidence in both the assurance process and the reported information, and improving its credibility and comparability. Assurance does not check the prose of a report; it checks how a full year's data was collected, calculated, and evidenced — none of which can be retrofitted after the fact. It can only be done right at the moment the data is created.
- Action 3: Align with international frameworks — don't build something only you can read
HKEX has made clear that an ESG report prepared in line with ISSB standards will be regarded as complying with Part D of the ESG Code. HKSSA 5000 is aligned with the international standard ISSA 5000, and Hong Kong's disclosure standards are fully aligned with the ISSB — the whole system is converging on international standards. Building to those standards now means doing it once; building a bespoke system means reworking it by the time full ISSB adoption arrives in 2028.
The conclusion is direct: the hard part of Hong Kong compliance lies overwhelmingly not in "expression," but in building the credibility of the data. And credibility is about to shift from a bonus to a threshold for entry.
Why "writing a good report yourself" is no longer enough
This is the core of the matter.
In the past, any company willing to invest could produce an ESG report that was detailed, well-designed, and seemingly flawless — entirely on its own. The arrival of an assurance regime changes the very definition of "compliant." Once the AFRC proposes that all entities subject to mandatory HKSDS reporting must obtain independent assurance, "having data independently verified against a uniform standard" is no longer a company's optional move — it becomes the regulatory regime itself.
And the proposed rollout is already specific. A staged introduction of limited assurance is proposed: Phase 1 covers Scope 1 and 2 GHG emissions from the third financial year of mandatory HKSDS reporting; Phase 2 covers all remaining mandatory disclosures from the fifth financial year. Meanwhile, the underlying assurance logic is broad enough to leave companies little room to sidestep it: ISSA 5000 is framework-neutral — whether a company applies ISSB, the EU's ESRS, SEC requirements, or a self-defined or combined set of standards, the standard applies, across environmental, social, and governance subject matter. Whatever framework your report rests on, assurance is a gate you cannot avoid.
So the pragmatic judgement is this: the window before mandatory assurance is closing. The companies still inside that window can build their data systems properly and at their own pace. Those who wait until the framework is finalised will relive the "last-minute scramble" that accompanied climate disclosure. 2025 was already treated as the baseline year for the new climate rules, with regulators repeatedly urging companies to conduct gap analysis early and avoid a crush of work near the reporting deadline. Assurance demands even more lead time than disclosure — because it scrutinises the quality of historical data, and history cannot be redone. (For reference, the AFRC's consultation closed for comments on 30 March 2026, so the framework is moving from proposal toward finalisation now.)
Where DQS fits on this compliance pathway
Map the reasoning above onto capabilities, and DQS sits precisely at the two tightest links in this policy chain — not as a bolt-on "add-on service."
Between Action 1 and Action 2 — between "calculating emissions" and "making those emissions stand up to assurance" — what's needed is greenhouse gas verification. Scope 1, 2, and 3 data must be independently verified against recognised methodologies (such as the ISO 14064 series). This directly addresses the sharpest, most imminent pain point: LargeCap issuers' mandatory Scope 3 disclosure for 2026.
At the level of Action 2 and Action 3 — "building to an assurable standard and aligning with international frameworks" — what's needed is independent third-party assurance consistent with the logic of ISSA 5000 / HKSSA 5000, together with the underlying management-system certification. As a German management-systems certification body, DQS's core methodology is exactly this: making a body of data and processes auditable, traceable, and comparable — which is precisely what Hong Kong's assurance framework asks of companies.
Put plainly: DQS isn't here to help you write a prettier report — you can write the report yourself. What DQS provides is the foundation beneath the report: the layer that makes the numbers credible and able to withstand independent assurance. And the AFRC's December 2025 consultation is turning that foundation from optional into statutory.
Closing: set your compliance bar at the government's next step, not its last
The direction of Hong Kong's policy is unmistakable: it wants not more disclosure, but more credible disclosure; its end point is not a mandatory report, but a market in which all data can be independently assured. What was a trend a year ago is now a proposal on the table, moving through the legislative process.
For listed companies, the real risk has never been "not understanding what to disclose today." It is "preparing for tomorrow's compliance with yesterday's standard." The window for mandatory assurance is closing. Build your data system to an assurable standard now, and when the framework lands you'll be standing inside the door — not queuing outside it to catch up.
That is exactly what DQS wants to help every Hong Kong–listed company's sustainability leader get right.
DQS Hong Kong
DQS Hong Kong specialises in certification auditing and training services across core disciplines including Information Security (ISO 27001), Quality Management (ISO 9001), and the Automotive Industry (IATF 16949). Our auditors bring deep sector-specific expertise, working closely with clients' operational realities to deliver actionable management insights and lasting commercial value — well beyond the boundaries of compliance alone.
