Limited vs Reasonable Assurance
As sustainability reporting matures and regulatory requirements increase, expectations on the quality and accuracy of underlying ESG data also continue to rise. Undertaking a third-party assurance exercise brings independent scrutiny, challenging processes, governance, controls and methodologies to strengthen confidence in the information provided to stakeholders and investors.
For most organisations, we are still some way from the long-term goal of sustainability information held to the same level of rigour and reliability as financial reporting. However, planning for that transition, starting with limited assurance level and improving year on year will support to progressively enhance systems, controls, and data integrity in preparation for reasonable assurance level.
One of the key questions we are often asked is: What’s the difference between limited and reasonable assurance?
Put simply, reasonable assurance is a reduction in risk, going deeper across evidence, controls, processes, and resulting in a positive opinion
- Limited assurance provides a moderate level of confidence. The verifier performs fewer and less detailed procedures, meaning verification risk remains higher than under reasonable assurance. The conclusion is expressed in a negative form e.g. “Nothing has come to our attention that causes us to believe the information is materially misstated.”
- Reasonable assurance provides a high (but not absolute) level of confidence. The verifier performs more extensive and in-depth testing of data, controls, systems, estimates, and assumptions to reduce verification risk to an acceptably low level. The conclusion is expressed in a positive form e.g. “In our opinion, the information is materially correct and prepared in accordance with the stated criteria.”
What regulatory and market signals are we seeing?
We are seeing clear signals globally towards the introduction of assurance (particularly for climate-related financial disclosures) at a limited level and in some cases, longer-term requirements of a reasonable assurance level.
- California Senate Bill 253 (Climate Corporate Data Accountability Act) requires limited assurance over Scope 1 and Scope 2 emissions disclosures initially, expanding to scope 3 over time and then transitioning reasonable assurance by 2030
- The European Union Corporate Sustainability Reporting Directive (CSRD) was originally designed with a longer-term pathway toward reasonable assurance over the sustainability statement. However, following the December 2025 Omnibus developments and trilogue agreements, this has been scaled back to a requirement for limited assurance only. This requirement goes beyond GHG emissions assurance and includes all published data including the double materiality assessment.
- Globally, jurisdictions adopting the International Sustainability Standards Board (ISSB) framework – such as Australia through the Australian Sustainability Reporting Standards (ASRS) – have incorporated staged assurance requirements on AASB S2 reports, with an expected shift toward reasonable assurance over time applied to reporting group categories.
Why it matters
The level of assurance determines the confidence users can place in ESG information.
Stakeholders may also misinterpret the level of comfort provided if the distinction is not clearly understood – and this applies not only directly to the reporting organisation, but across the supply chain where the reliability of its data depends on the robustness of information provided by others.
Next steps for organisations:
- Align assurance level with the maturity of data, processes, and internal controls
- Use limited assurance as a diagnostic tool to strengthen controls
- Identify gaps that would be exposed under reasonable assurance (e.g. estimates, documentation, governance)
- Plan assurance transitions early, rather than treating them as a final compliance step
If you’re interested in learning more or want to know how this could affect your organisation, reach out!
