TCFD vs. IFRS S2: what risk and compliance leaders need to know

The landscape has shifted

If a climate-disclosure line item has landed on your risk register in the last twelve months, you have almost certainly inherited a question you did not ask for. Your auditors reference TCFD. Your investors reference IFRS S2. California SB 261 names both. Your enterprise customers are starting to ask for something that looks like either, and your internal controls team needs one answer, not two.

This article frames the TCFD vs. IFRS S2 question the way a GRC function actually has to think about it: as control frameworks with overlapping scope, different levels of prescription, and very different implications for audit, vendor management, and board reporting. The goal is not to pick sides. It is to help you rationalize one disclosure stack across the regulators, investors, and customers you already answer to.

FRAMEWORK STATUS

What happened to TCFD?

Functionally, TCFD as a standard-setter no longer exists. The Financial Stability Board announced in July 2023 that the TCFD’s work had been completed, described the ISSB Standards as “the culmination of the work of the TCFD,” and the TCFD disbanded in October 2023. The IFRS Foundation took over responsibility for monitoring corporate climate-related disclosures in 2024.

The four-pillar architecture practitioners know — governance, strategy, risk management, metrics and targets — is not going away. It has been absorbed into IFRS S2. The IFRS Foundation confirms that companies applying IFRS S1 and IFRS S2 will meet the TCFD recommendations, so applying both frameworks is unnecessary.

For your control narrative, this matters: auditor walkthroughs that reference “TCFD controls” are pointing at a framework whose monitoring body no longer publishes new guidance. The underlying recommendations remain readable and usable, but the standard-setting center of gravity has moved to the ISSB. Reference TCFD where you must for legacy disclosures; build new controls against IFRS S2.

KEY DIFFERENCES

What’s actually different between TCFD and IFRS S2?

The four pillars are the same. The difference is in how much is prescribed. IFRS S2’s technical comparison, updated by the IFRS Foundation in February 2026, uses black bold text to mark requirements in IFRS S2 that go beyond the TCFD recommendations and red bold text for requirements not in TCFD at all.

Three of these differences carry the most weight for a risk team.

First, industry-based metrics. IFRS S2 requires industry-specific metrics drawn from SASB-derived guidance, something the TCFD recommendations did not mandate. If your company sits in a high-emitting sector, the baseline data request is materially larger.

Second, Scope 3 and financed emissions. IFRS S2 is aligned with TCFD in structure but represents a clear advancement in both scope and detail of disclosure requirements. Scope 3 is expected; financial institutions must disclose additional information about their financed emissions.

Third, recent reliefs you should know about. On December 11, 2025, the ISSB issued targeted amendments to IFRS S2 that provide reliefs and clarifications for GHG emissions disclosure requirements, effective for reporting periods beginning on or after January 1, 2027, with early application permitted. The reliefs matter for financial-services entities in particular.

For your risk register: document IFRS S2 as the forward-looking standard, TCFD as a legacy reference, and the December 2025 amendments as a pending control-design change with a 2027 effective date.

CALIFORNIA SB 261

Does SB 261 require TCFD or IFRS S2?

Either. SB 261 directs covered entities to use the TCFD framework or an equivalent standard such as the IFRS Sustainability Disclosure Standards issued by the ISSB. The practical guidance is more specific: the statute names ISSB’s IFRS S2 as an acceptable reporting framework, and an FAQ document released in June 2025 indicates the less prescriptive TCFD framework is acceptable for first-year reports in 2026.

Enforcement context matters here. Enforcement of SB 261 is currently paused pending the outcome of litigation, but the law could be reinstated at short notice following the Ninth Circuit’s ruling; companies with existing TCFD, ISSB, or CSRD disclosures should map these against SB 261’s requirements to identify any gaps. The prudent GRC posture is to build toward IFRS S2 — the more demanding of the two — so that a pause does not become a capability gap.

Threshold reminders: SB 261 applies to U.S. business entities doing business in California with more than $500 million in annual revenue and requires a biennial climate-related financial risk report posted publicly on the company website. For mid-market organizations near that threshold, a single defensible disclosure now covers California today and IFRS S2 adoption tomorrow.

AUDIT AND CONTROLS

How should climate disclosure controls integrate with internal audit?

Treat IFRS S2 like any other financial-adjacent disclosure: evidence, ownership, and assurance. The four pillars map cleanly onto a standard three-lines-of-defense model: sustainability or finance owns the data and control operation, risk and compliance owns oversight, internal audit tests. The data-integrity controls your existing GRC framework already documents for other business systems — access control, change management, vendor management, and evidence retention — can be extended to cover the platform that produces your climate disclosure.

Two governance gaps show up most often in mid-market environments. The first is source-data lineage. Auditors want to trace a reported Scope 1 figure back to a specific meter reading or fuel invoice, and most spreadsheet-based processes cannot do that cleanly. The second is scenario-analysis documentation. Qualitative analysis is acceptable in the near term, but the model, assumptions, and approver need to be logged.

A platform that centralizes emissions data, policy documentation, and disclosure outputs in one auditable workflow is the control you are effectively buying. Assurance-ready reports, including Scope 3 from value chains, are the direction the market is moving. Identifying qualified assurance providers familiar with ISSA 5000, ISAE 3410, AICPA AT-C 210/205, and ISO 14064-3 is increasingly time-sensitive given capacity constraints.

VENDOR CONSOLIDATION

How many vendors should be involved in a climate disclosure?

Fewer than most mid-market stacks currently carry. Every additional tool in the disclosure workflow — one for carbon accounting, one for CDP, one for EcoVadis, one for ESG consulting — is a separate vendor risk review, a separate data-processing agreement, and a separate audit surface. Jurisdictional adoption of IFRS S1 and S2 is accelerating, with more than 30 jurisdictions moving toward mandatory reporting, which means disclosure obligations are only going to expand.

Greenplaces’ position is that one platform, one team, and one audit trail beats a portfolio of point tools for risk-constrained mid-market organizations. The hybrid AI + expert model is designed so that the vendor you add to cover SB 261 is the same vendor covering CDP, EcoVadis, ISSB/SASB, and Scopes 1/2/3 — which is a materially simpler picture for a vendor-consolidation review. Greenplaces is an EcoVadis Approved Training Partner, SASB Consultant Content-certified, and B Corp certified, which takes the vendor-credential question off a procurement review’s critical path.

Make it real

What to do next

If your risk register now includes a climate-disclosure line item and you’re still working out which framework it maps to:

Greenplaces can support ISSB/SASB reporting, California SB 253 and SB 261 compliance, and your broader carbon accounting workflow under one platform, so your controls environment stays consolidated as the disclosure landscape continues to shift.