ESG data collection for Dutch SMEs: five steps that actually work
- David Owo
- Mar 11
- 14 min read
Updated: Mar 13
Dutch small businesses now face unprecedented pressure to collect and report ESG data with the same rigour as financial statements. New EU regulations, including CSRD, demand comprehensive disclosure on emissions, human rights, and supply chains.
Small businesses across the Netherlands confront growing regulatory demands to track and report ESG performance. Companies in the Netherlands face rising pressure to manage ESG data as rigorously as financial data, due to regulations such as CSRD, CSDDD, EUDR, and CBAM.
This guide walks you through a practical five-step approach to efficiently manage ESG data collection, meet compliance requirements, and build sustainable workplace practices without overwhelming your team or budget.
Table of Contents
Key takeaways
Key Takeaway | What It Means in Practice |
CSRD compliance is not optional for most Dutch SMEs | If you supply to large companies or operate in regulated sectors, you will be asked for ESG data. The question is whether you have it. |
Start with what’s mandatory, not what’s measurable | Most SMEs waste their first three months tracking metrics nobody asked for. Scope 1 and 2 emissions, human rights due diligence, and supply chain transparency are the legal priorities. |
The VSME Standard is a genuine shortcut, but check your eligibility first | If you have fewer than 250 employees and fall below the CSRD size thresholds, VSME is significantly less work. Many Dutch SMEs don't realise they qualify. |
Double materiality is not optional bureaucracy | It determines which data you legally need to collect. Skipping it and collecting everything wastes money. Skipping it and collecting nothing creates compliance gaps. |
Manual collection breaks at scale | Spreadsheets work until about year two, then they become a liability in audits. Plan your automation early, even if you don't implement it immediately. |
The real problem with ESG data collection for Dutch SMEs
Most guides on this topic will tell you to "start with a materiality assessment, build a framework, and leverage technology." That’s not wrong. It’s just not where most SMEs actually get stuck.
Where they actually get stuck: discovering in month three that the Scope 3 data they need lives inside a supplier’s accounting system, and that supplier has no intention of sharing it. Or spending six weeks building an ESG data template in Excel, only to find out their industry association requires a different format. Or completing a double materiality assessment correctly, only to have no idea what to do with the output.
This guide addresses those gaps. It follows a five-step structure, but the focus is on what can go wrong at each step, not just on what you are supposed to do.
Dutch SMEs are in a particular position right now. The CSRD thresholds mean many businesses aren’t directly required to report yet. But large companies that are required to report are pushing that data request down the supply chain. If you sell to Albert Heijn, ASML, or any large Dutch manufacturer, you will receive an ESG questionnaire. Probably already have.
Preparing your ESG data collection process
Proper preparation determines whether your ESG data collection succeeds or becomes an administrative burden. Start by identifying which ESG topics pose the greatest financial risks and external impacts for your specific business context.
A five-step guide recommends starting with materiality assessment, setting strategy and frameworks, prioritisation, process setup, and data quality tooling. This structured approach ensures you build foundations before collecting data.
Step 1: Work out what you actually need to collect (materiality assessment)
The double materiality assessment is the step most SMEs either skip or misunderstand, and it's the one that determines everything else.
Double materiality has two sides. Financial materiality asks: which ESG issues affect your business, its revenue, costs, access to finance, and legal exposure? Impact materiality asks: which ESG issues does your business affect, which communities, environments, or labour conditions does your operation touch?
You need both. A manufacturing SME in Noord-Holland might find that water scarcity is financially material (rising costs, operational risk) and also impact-material (the company's process draws from local groundwater). A logistics company might find that Scope 3 emissions are both financially material (fuel costs, regulatory exposure) and impact-material (road transport pollution in dense urban areas).
What this step actually involves:
Run a workshop with leadership, a representative from operations, and someone from finance. Two hours minimum. Walk through each ESG topic, environmental, social, governance, and ask both questions: Does this affect us financially? Do we affect this externally?
Score each topic. Topics that score high on both dimensions go into your mandatory disclosure list. Topics that score low on both can be deprioritised. Topics in the middle require judgment.
The output isn’t a document. It’s a prioritised list of ESG topics that tells you exactly what data to collect and what to ignore.
Where SMEs go wrong: Treating double materiality as a form to fill in rather than an actual business analysis. If your CEO and CFO weren’t in the room, you haven’t done it properly.
Understanding ESG basics helps new team members grasp fundamental concepts quickly.
Step 2: Set a realistic ESG reporting framework before collecting anything
Once you know which topics are material, you need to decide which reporting framework applies to your situation, because this determines the format, frequency, and depth of the data you'll collect.
The VSME question is the first decision to make.
The VSME Standard (Voluntary SME Standard under ESRS) is the EU’s proportional framework for small businesses. If you have fewer than 250 employees and meet at least two of these three criteria: annual turnover below €50 million, balance sheet below €25 million, and fewer than 250 employees, you are below the CSRD thresholds, and VSME applies to you.
Standard | Reporting scope | Data requirements | Best suited for | Assurance required? | Typical setup time for SME |
VSME Standard | Proportional disclosure on material topics | Simplified metrics, estimation allowed | Under 250 employees, below CSRD thresholds | No | 6–10 weeks |
Full CSRD | Comprehensive disclosure across all ESG topics | Detailed quantitative and qualitative data | 250+ employees or high-impact sectors | Yes (limited assurance) | 4–6 months |
VSME is substantially less demanding than full CSRD. It covers the same three pillars (environmental, social, governance) but with simplified metrics, less granular data requirements, and more flexibility on estimation methods. For an SME with no dedicated sustainability function, the difference between VSME and full CSRD is roughly the difference between a manageable quarterly process and a full-time job.
But here’s what the guides don't tell you: Even if you qualify for VSME, your large customers might request data that goes beyond VSME’s scope. Unilever, Shell, or IKEA’s supplier questionnaires aren’t calibrated to what their SME suppliers are legally required to report; they are calibrated to what those large companies need for their own CSRD regulation reports. So you might technically be a VSME-eligible company that needs to collect Scope 3 data anyway, because your biggest customer asked for it.
Check your material contracts. If a customer’s sustainability questionnaire already specifies what data they need, that defines your actual collection scope more practically than any regulatory framework.
Your framework should define:
Which topics are you reporting on and why (link back to your materiality assessment)
Which standard are you using (VSME or full CSRD, with justification)
Who owns each data point (named individuals, not departments)
How often data is collected (quarterly for operational data, annually for aggregated metrics)
What counts as an acceptable data source versus an estimate
The last point matters more than most SMEs realise. Auditors and corporate customers increasingly distinguish between directly measured data, calculated data, and estimated data. You should, too. Document the difference from the start. Review your framework against ESG compliance guidelines to ensure you address all regulatory requirements.
Once your preparation is complete, you can establish operational processes for ongoing data collection. Moving from planning to execution requires clear procedures that teams can follow consistently.
Step 3: Prioritise your mandatory data categories
With your framework in place, sequence your data collection by legal exposure, not by what’s easiest to collect.
The three areas where Dutch SMEs face the most immediate compliance pressure are:
GHG emissions (Scope 1, 2, and 3)
Scope 1 covers direct emissions from your operations, gas boilers, company vehicles, and on-site processes. Most SMEs can measure this from utility bills and fuel receipts within a few days.
Scope 2 covers purchased electricity and heat. Again, utility bills. Straightforward.
Scope 3 is where it gets complicated. This covers your value chain, emissions from your suppliers’ production processes, business travel, employee commuting, and product end-of-life disposal. For most Dutch SMEs, Scope 3 accounts for 70-90% of their total carbon footprint, and most of that data lies outside their direct control.
Be realistic about Scope 3 in year one. Use sector-average emission factors from the IPCC or the EXIOBASE database when you can’t obtain supplier data directly. Document your estimation methodology clearly. An honest estimate with a clear methodology is more defensible in an audit than silence.
Human rights and labour practices
This is the area most Dutch SMEs underestimate. The CSDDD (Corporate Sustainability Due Diligence Directive) creates legal obligations around human rights that extend through your supply chain. If you source materials from outside the EU, you need to know the labour conditions in that supply chain.
You don't need to audit every supplier immediately. Start by mapping your supply chain tiers and identifying your highest-risk relationships, suppliers in high-risk geographies, sectors with known labour issues, or relationships with limited visibility.
Supply chain transparency
Related to the above, but distinct: this is about documenting your supplier relationships, what you have asked them to disclose, and what they have provided. Even if a supplier doesn’t cooperate, your documentation of what you asked and what you did with non-responsive suppliers is part of your compliance record.
Step 4: Build your data collection processes
Now you are ready to actually collect data. The common mistake here is to build everything manually first and plan to automate "later." Later never comes, and you spend three years maintaining spreadsheets that an accounting intern patches before every reporting cycle.
What to automate immediately, even at a small scale:
Utility data doesn’t need to be entered manually. Most Dutch energy suppliers (Vattenfall, Eneco, Essent) offer API access or downloadable consumption reports. Connect these to a central spreadsheet or ESG tool from day one.
HR data, headcount, diversity metrics, training hours, and safety incidents already exist in your HR or payroll system. Build an export template, not a separate data entry process.
Procurement data on supplier ESG certifications can be managed through a simple annual supplier questionnaire, with responses stored in a shared folder with version control. It's not glamorous, but it works.
What still requires human judgment:
Governance disclosures, board composition, whistleblower policies, and anti-corruption procedures need someone who actually understands the business to document them. These can’t be automated.
Materiality updates require an annual conversation with leadership, not a data pull.
Scope 3 category 11 (use of sold products) often requires engineering input to calculate correctly. Build it into your product development process, not your finance process.
The cross-functional problem
ESG data doesn’t live in one department. Environmental data is in operations. Social data is in HR. Governance data is with the board or legal. Financial materiality data is in finance. Supply chain data is in procurement.
Most SMEs don’t have a "sustainability team" to coordinate this. What works: assign one named person in each department responsibility for their ESG data inputs, give them a clear data dictionary (what the metric means, how it’s measured, what source to use), and set quarterly deadlines two weeks before your internal reporting date. Build in one review meeting per quarter where all owners check each other’s numbers.
That’s it. You don’t need a sustainability manager. You need ownership and a calendar.
Approach | Stick with manual if... | Switch to automation if... |
Team size | 1–2 people handling ESG data | 3+ data owners across departments |
Reporting frequency | Annual only | Quarterly or continuous |
Audit exposure | Voluntary/customer-driven reporting | CSRD or bank due diligence required |
Budget | Under €500/year for tools | Can justify €1,500–5,000/year |
Once you establish regular data collection rhythms, focus shifts to ensuring the information you gather meets quality and compliance standards through systematic verification.
Step 5: Verify your data and prepare for external scrutiny
Internal verification is not the same as audit preparation, and confusing the two is expensive.
Internal verification checks three things:
Mathematical consistency: Do your Scope 1 + Scope 2 emissions match your energy consumption and emission factors? Do your headcount numbers match payroll records? These errors are embarrassing and easy to catch before an auditor does.
Year-on-year consistency: Did your water consumption increase 40% from last year? If yes, is that because you opened a new facility, or because someone changed the measurement methodology? Document the reason.
Source documentation: Every reported number should trace back to a primary source. Utility invoice, HR export, supplier certificate. If you can't trace it, it's not reportable.
Explore resources on reporting and evidence to understand what documentation auditors expect.
What external scrutiny actually looks like for Dutch SMEs:
For most SMEs, external scrutiny comes in three forms: a large customer’s supplier audit, a bank’s ESG due diligence for green financing, or, if you cross the CSRD thresholds, a formal limited assurance engagement from an auditor.
Customer audits are the most common and usually the least rigorous. They want to see your questionnaire completed, some documentation behind your numbers, and a signed statement that the information is accurate.
Bank due diligence is more thorough, especially for sustainability-linked loans. Expect them to cross-reference your energy data with invoices and your governance disclosures with company registration documents.
Formal assurance is a different level. If you are heading toward CSRD-mandated reporting, start engaging an assurance provider early, not to do the audit, but to review your methodology before you have built it incorrectly for two years.
The VSME shortcut, properly understood
If you qualify for VSME and your customers aren't asking for more than VSME covers, this is genuinely the right place to start. The VSME framework was published by EFRAG in 2024 and provides simplified disclosure requirements specifically calibrated for SME capacity. It covers:
Basic environmental data (energy, emissions, water, waste)
Core social metrics (workforce composition, health and safety, training)
Minimum governance disclosures (policies, board oversight, anti-corruption)
It does not require third-party assurance. It allows estimation of data that can’t be measured directly. And it’s accepted by most Dutch banks and large companies as a credible starting point.
The honest assessment: VSME gets you 80% of the way to defensible ESG reporting at roughly 30% of the effort of full CSRD. For an SME with no dedicated sustainability resource, that ratio matters.
Small businesses eligible for simplified reporting should understand and implement the VSME Standard. The VSME Standard offers simplified proportional reporting for SMEs, reducing burden compared to CSRD. This framework provides a practical middle ground between no ESG reporting and full CSRD compliance.
Learn more about ESG reporting essentials and explore detailed ESG metrics to continuously refine your approach. Quality ESG data becomes a strategic asset supporting better decisions, not merely a compliance checkbox.
What to do if your data has gaps
Every SME's first ESG report has gaps. This is normal and doesn’t disqualify you from reporting.
The mistake is either pretending the gaps don’t exist (which creates audit exposure) or refusing to report until everything is perfect (which means never reporting).
The right approach: report what you have, document what you don’t have and why, and explain what you are doing to close the gap. "We do not currently have supplier-level Scope 3 data for categories 1-3. We are implementing a supplier questionnaire process in Q3 2026 and expect to report this data in our 2027 disclosure" This is a legitimate and defensible position.
Auditors and sophisticated corporate buyers respect honest documentation of gaps far more than they respect suspiciously clean data.
Tools worth knowing about
This is not an exhaustive market review, but these are tools Dutch SMEs actually use:
For small SMEs (under 50 employees): A well-structured Excel or Google Sheets template with locked calculation cells, version control via Google Drive, and a shared folder for source documents gets you further than most people expect. The constraint isn’t the tool; it’s the process discipline.
For mid-size SMEs (50-250 employees): Purpose-built ESG platforms start making sense once you have multiple data owners and quarterly reporting cycles. Tools such as Sweep, Watershed (for emissions-heavy businesses), and Apiday are used by Dutch SMEs. Evaluate based on which frameworks they support and how their Scope 3 calculation methodology works.
For the VSME framework specifically, EFRAG’s own implementation guidance documents are free and more useful than most paid guides. Start there.
Explore Greennect’s ESG reporting services designed specifically for small organisations seeking structure and results. Our knowledge centre offers detailed resources covering ESG fundamentals through advanced compliance topics. Discover practical tools and templates in our reporting and evidence section.
Take the next step towards efficient ESG data management today. Greennect transforms compliance obligations into opportunities for improved workplace practices and sustainable growth.
FAQ: ESG data collection
How do I start collecting ESG data for my small business?
Start with your double materiality assessment. This is the step most SMEs skip, and it's the one that determines everything else. Spend two hours with your leadership and finance teams identifying which ESG issues affect your business financially and which issues your business affects externally. The output is a prioritised list of topics that tells you exactly what data to collect and what to ignore.
Once you know your material topics, check whether you qualify for the VSME Standard (under 250 employees, below the CSRD size thresholds). If you do, your data requirements are significantly simpler than those under the full CSRD. Assign one named person in each department, finance, operations, HR, and procurement, responsibility for their data inputs, set quarterly collection deadlines, and start with Scope 1 and 2 emissions plus your core workforce metrics. Those are achievable within six to eight weeks for most SMEs and cover the bulk of what customers and banks will ask for.
What is the difference between VSME and full CSRD reporting?
VSME is the EU's proportional framework for small businesses. If you have fewer than 250 employees and fall below the CSRD financial thresholds (annual turnover under €50 million, balance sheet under €25 million), VSME applies to you. It covers the same three pillars, environmental, social, and governance, but with simplified metrics, greater flexibility in estimation methods, and no third-party assurance requirement.
The full CSRD applies to larger companies and requires comprehensive disclosure across all ESG topics, detailed quantitative and qualitative data, and limited assurance from an external auditor. The practical difference in workload is significant; VSME is roughly a manageable quarterly process for a small team, while full CSRD is closer to a part-time job without dedicated resources.
One important caveat: even if you qualify for VSME, your large corporate customers may request data that goes beyond VSME’s scope because they need it for their own CSRD reports. Check your material customer contracts before assuming VSME covers everything you will be asked for.
What ESG data is mandatory to collect for CSRD compliance?
The three areas with the most immediate legal pressure for Dutch SMEs are GHG emissions, human rights due diligence, and supply chain transparency.
For emissions: Scope 1 (direct operations) and Scope 2 (purchased electricity and heat) are straightforward utility bills, and fuel receipts get you there. Scope 3 is harder because the data lives in your suppliers’ systems, but spend-based estimation using the EXIOBASE database is a defensible and auditable starting point while you build toward primary data collection.
For human rights: map your supply chain tiers and identify your highest-risk supplier relationships, particularly those outside the EU or in sectors with known labour issues. You don’t need to audit every supplier immediately, but you need documentation that you have assessed the risk and acted on it.
For supply chain transparency: document what you have asked suppliers to disclose and what they have provided. Even non-responsive suppliers need to be noted; your due diligence record matters, not just the data you received.
What’s the minimum viable ESG dataset for a Dutch SME in 2026?
For a business starting from scratch under the VSME framework, a defensible minimum covers: total energy consumption in kWh, total GHG emissions Scope 1 and 2 in tCO₂e, headcount broken down by gender and contract type, lost-time injury rate, and a brief written description of your governance policies covering anti-corruption and whistleblower procedures.
That’s achievable in six to eight weeks for most SMEs and requires no specialist software; a well-structured spreadsheet with source documentation in a shared folder is sufficient for year one. It won’t satisfy a large corporate customer’s full supplier questionnaire, but it establishes a credible baseline you can build on.
How do I handle Scope 3 emissions when my suppliers won’t share data?
Use spend-based emission factors as a proxy. Multiply your procurement spend in each category by the relevant emission factor from the EXIOBASE or Ecoinvent database. It's less accurate than supplier-reported primary data, but it's auditable, it's standard practice across the industry, and it’s significantly more defensible than leaving Scope 3 blank.
Document your methodology clearly: state that you used spend-based factors, name the database and version you used, and note that you are working toward primary data collection. An honest estimate with a clear methodology is more credible in an audit than silence, and most auditors and corporate buyers know that Scope 3 primary data from SME supply chains is a years-long project, not a first-year deliverable.
Can customers require ESG data from me even if I am below the CSRD thresholds?
Yes, and this is how most Dutch SMEs end up in ESG data collection conversations before they have thought about it as a compliance issue. Large companies required to report under the CSRD need to supply chain data to calculate their Scope 3 emissions and to demonstrate human rights due diligence. That data request lands in your inbox regardless of your own reporting obligations.
There’s no legal mechanism that forces you to respond, but the commercial reality is that non-responsive suppliers create a problem for their large customers’ compliance reports. Whether that matters to your business depends on how much revenue comes from CSRD-obligated companies. If Albert Heijn, ASML, or any large manufacturer represents a meaningful share of your revenue, treat their ESG questionnaire as a de facto compliance obligation even if it isn’t technically one.
Recommended
Comments