E-commerce

Sustainability Accounting Standard

CONSUMER GOODS SECTOR

Sustainable Industry Classification System® (SICS®) CG-EC

Under Stewardship of the International Sustainability Standards Board

INDUSTRY STANDARD | VERSION 2023-12

sasb.org
© 2023 The IFRS Foundation. All Rights Reserved.
ABOUT THE SASB STANDARDS
As of August 2022, the International Sustainability Standards Board (ISSB) of the IFRS Foundation assumed
responsibility for the SASB Standards. The ISSB has committed to maintain, enhance and evolve the SASB
Standards and encourages preparers and investors to continue to use the SASB Standards.

IFRS S1 General Requirements for Disclosure of Sustainability-related Financial Information (IFRS S1) requires
entities to refer to and consider the applicability of disclosure topics in the SASB Standards when identifying
sustainability-related risks and opportunities that could reasonably be expected to affect an entity’s prospects.
Similarly, IFRS S1 requires entities to refer to and consider the applicability of metrics in the SASB Standards when
determining what information to disclose regarding sustainability-related risks and opportunities.

In June 2023, the ISSB amended climate-related topics and metrics in the SASB Standards to align them with the
industry-based guidance accompanying IFRS S2 Climate-related Disclosures. In December 2023, the ISSB amended
the non-climate-related topics and metrics in connection with the International Applicability of SASB Standards
project.

Effective Date

This version 2023-12 of the Standard is effective for all entities for annual periods beginning or after January 1, 2025.
Early adoption is permitted for all entities.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 2

Table of Contents
INTRODUCTION.............................................................................................................................................................. 4
Overview of SASB Standards..................................................................................................................................... 4
Use of the Standards ................................................................................................................................................. 5
Industry Description ...................................................................................................................................................5
Sustainability Disclosure Topics & Metrics................................................................................................................. 6
Hardware Infrastructure Energy & Water Management .............................................................................................8
Data Privacy & Advertising Standards .....................................................................................................................11
Data Security ........................................................................................................................................................... 14
Employee Recruitment, Inclusion & Performance ....................................................................................................17
Product Packaging & Distribution ............................................................................................................................ 22

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 3

INTRODUCTION

Overview of SASB Standards

The SASB Standards are a set of 77 industry-specific sustainability accounting standards (“SASB Standards” or
® ®
“Industry Standards”), categorised pursuant to the Sustainable Industry Classification System (SICS ).

SASB Standards include:

1. Industry descriptions – which are intended to help entities identify applicable industry guidance by describing the
business models, associated activities and other common features that characterise participation in the industry.

2. Disclosure topics – which describe specific sustainability-related risks or opportunities associated with the
activities conducted by entities within a particular industry.

3. Metrics – which accompany disclosure topics and are designed to, either individually or as part of a set, provide
useful information regarding an entity’s performance for a specific disclosure topic.

4. Technical protocols – which provide guidance on definitions, scope, implementation and presentation of
associated metrics.

5. Activity metrics – which quantify the scale of specific activities or operations by an entity and are intended for use
in conjunction with the metrics referred to in point 3 to normalise data and facilitate comparison.

Entities using the SASB Standards as part of their implementation of ISSB Standards should consider the relevant
ISSB application guidance.

For entities using the SASB Standards independently from ISSB Standards, the SASB Standards Application
Guidance establishes guidance applicable to the use of all Industry Standards and is considered part of the
Standards. Unless otherwise specified in the technical protocols contained in the Industry Standards, the guidance in
the SASB Standards Application Guidance applies to the definitions, scope, implementation, compilation and
presentation of the metrics in the Industry Standards.

Historically, the SASB Conceptual Framework set out the basic concepts, principles, definitions and objectives that
guided the SASB Standards Board in its approach to setting standards for sustainability accounting.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 4

Use of the Standards
SASB Standards are intended to aid entities in disclosing information about sustainability-related risks and
opportunities that could reasonably be expected to affect the entity’s cash flows, its access to finance or cost of capital
over the short, medium or long term. An entity determines which Industry Standard(s) and which disclosure topics are
relevant to its business, and which associated metrics to report. In general, an entity should use the SASB Standard
® ®
specific to its primary industry as identified in SICS . However, companies with substantial business in multiple SICS
industries should refer to and consider the applicability of the disclosure topics and associated metrics in additional
SASB Standards.

The disclosure topics and associated metrics contained in this Standard have been identified as those that are likely
to be useful to investors. However, the responsibility for making materiality judgements and determinations rests with
the reporting entity.

Industry Description
E-Commerce industry entities provide an online marketplace for other entities or individuals to sell their goods and
services, as well as retailers and wholesalers that provide an exclusively web-based platform for consumers to buy
goods and services. Entities in this industry sell to consumers as well as to other businesses. Because of the
accessibility of e-commerce sites, the industry is a global marketplace for buyers and sellers.

Note: This industry scope applies only to ‘pure-play’ e-commerce operations and does not address the manufacturing
or brick-and-mortar retail operations of entities. Many consumer goods manufacturers and retailers have incorporated
or are in the process of incorporating an e-commerce component to their business. Separate standards exist for the
Multiline and Specialty Retailers & Distributors (CG-MR); Apparel, Accessories & Footwear (CG-AA); and Toys &
Sporting Goods (CG-TS) industries. Depending on the specific activities and operations of entities in these industries,
disclosure topics and metrics associated with the E-Commerce industry also may be relevant.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 5

SUSTAINABILITY DISCLOSURE TOPICS & METRICS
Table 1. Sustainability Disclosure Topics & Metrics

UNIT OF
TOPIC METRIC CATEGORY CODE
MEASURE
Gigajoules
(1) Total energy consumed,
(GJ),
(2) percentage grid electricity and Quantitative CG-EC-130a.1
Percentage
(3) percentage renewable
(%)
Hardware
Thousand
Infrastructure (1) Total water withdrawn, (2) total water
cubic metres
Energy & consumed; percentage of each in regions
Quantitative (m³), CG-EC-130a.2
Water with High or Extremely High Baseline
Percentage
Management Water Stress
(%)

Discussion of the integration of

Discussion and
environmental considerations into n/a CG-EC-130a.3
Analysis
strategic planning for data centre needs

Number of users whose information is

Quantitative Number CG-EC-220a.1
used for secondary purposes
Data Privacy &
Advertising
Description of policies and practices
Standards Discussion and
relating to targeted advertising and user n/a CG-EC-220a.2
Analysis
privacy

Description of approach to identifying and Discussion and

n/a CG-EC-230a.1
addressing data security risks Analysis
Data Security
(1) Number of data breaches, Number,
(2) percentage that are personal data Quantitative Percentage CG-EC-230a.2
breaches, (3) number of users affected 1 (%)

Percentage
Employee engagement as a percentage 2 Quantitative CG-EC-330a.1
(%)

(1) Voluntary and (2) involuntary turnover Percentage

Quantitative CG-EC-330a.2
rate for all employees (%)
Employee
Recruitment, Percentage of (1) gender and (2) diversity
Inclusion & group representation for (a) executive
Percentage
Performance management, (b) non-executive Quantitative CG-EC-330a.3
(%)
management, (c) technical employees,
and (d) all other employees 3

Percentage of technical employees that Percentage

Quantitative CG-EC-330a.4
require a work visa 4 (%)

continued...

1 Note to CG-EC-230a.2 – The disclosure shall include a description of corrective actions implemented in response to data breaches.
2 Note to CG-EC-330a.1 – The disclosure shall include a description of the method employed.
3 Note to CG-EC-330a.3 – The entity shall discuss its policies and programmes for fostering equitable employee representation across its
global operations.
4 Note to CG-EC-330a.4 – The disclosure shall include a description of any potential risks of recruiting employees that require a work visa
and how the entity manages these risks.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 6

...continued

UNIT OF
TOPIC METRIC CATEGORY CODE
MEASURE
Total greenhouse gas (GHG) footprint of Metric tonnes
Quantitative CG-EC-410a.1
Product product shipments (t) CO₂-e
Packaging &
Distribution Discussion of strategies to reduce the Discussion and
n/a CG-EC-410a.2
environmental impact of product delivery Analysis

Table 2. Activity Metrics

UNIT OF
ACTIVITY METRIC CATEGORY CODE
MEASURE
Entity-defined measure of user activity5 Quantitative Number CG-EC-000.A

Data processing capacity, percentage outsourced6 Quantitative See note CG-EC-000.B

Number of shipments Quantitative Number CG-EC-000.C

5 Note to CG-EC-000.A - The entity shall define and disclose a basic measure of user activity suitable for its business activities. This
measure may be sales transactions, purchase transactions, number of searches, monthly active users, page views or unique URLs.
6 Note to CG-EC-000.B – Data processing capacity shall be reported in units of measure typically tracked by the entity or used as the basis
for contracting its IT services needs, such as million service units (MSUs), million instructions per second (MIPS), mega floating-point
operations per second (MFLOPS), compute cycles or other units of measure. Alternatively, the entity may disclose owned and outsourced
data processing needs in other units of measure, such as rack space or data centre square footage. The percentage outsourced shall
include co-location facilities and cloud services (for example, platform as a service or infrastructure as a service).

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 7

Hardware Infrastructure Energy & Water Management
Topic Summary
The E-Commerce industry uses a large part of the energy it consumes to power critical hardware and IT infrastructure
in data centres. Data centres must be powered continuously, and disruptions to the energy supply can have a material
impact on operations, depending on the disruption magnitude and timing. Entities also face a trade-off between
energy and water consumption for their data centre cooling needs. Cooling data centres with water instead of chillers
improves energy efficiency, but this method can result in dependence on potentially scarce local water resources.
Entities that effectively manage this issue may benefit from cost savings and minimise reputational risks, because
concerns over energy and water use are growing.

Metrics

CG-EC-130a.1. (1) Total energy consumed, (2) percentage grid electricity and
(3) percentage renewable
1 The entity shall disclose (1) the total amount of energy it consumed as an aggregate figure, in gigajoules (GJ).

1.1 The scope of energy consumption includes energy from all sources, including energy purchased from
external sources and energy produced by the entity itself (self-generated). For example, direct fuel usage,
purchased electricity, and heating, cooling and steam energy are all included within the scope of energy
consumption.

1.2 The scope of energy consumption includes only energy directly consumed by the entity during the reporting
period.

1.3 In calculating energy consumption from fuels and biofuels, the entity shall use higher heating values (HHV),
also known as gross calorific values (GCV), which are measured directly or taken from the
Intergovernmental Panel on Climate Change (IPCC).

2 The entity shall disclose (2) the percentage of energy it consumed that was supplied from grid electricity.

2.1 The percentage shall be calculated as purchased grid electricity consumption divided by total energy
consumption.

3 The entity shall disclose (3) the percentage of energy it consumed that was renewable energy.

3.1 Renewable energy is defined as energy from sources that are replenished at a rate greater than or equal to
their rate of depletion, such as geothermal, wind, solar, hydro and biomass.

3.2 The percentage shall be calculated as renewable energy consumption divided by total energy consumption.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 8

 3.3 The scope of renewable energy includes renewable fuel the entity consumed, renewable energy the entity
directly produced and renewable energy the entity purchased, if purchased through a renewable power
purchase agreement (PPA) that explicitly includes renewable energy certificates (RECs) or Guarantees of
Origin (GOs), a Green‐e Energy Certified utility or supplier programme, or other green power products that
explicitly include RECs or GOs, or for which Green‐e Energy Certified RECs are paired with grid electricity.

3.3.1 For any renewable electricity generated on-site, any RECs and GOs shall be retained (not sold) and
retired or cancelled on behalf of the entity for the entity to claim them as renewable energy.

3.3.2 For renewable PPAs and green power products, the agreement shall explicitly include and convey
that RECs and GOs be retained or replaced and retired or cancelled on behalf of the entity for the
entity to claim them as renewable energy.

3.3.3 The renewable portion of the electricity grid mix that is outside of the control or influence of the
entity is excluded from the scope of renewable energy.

3.4 For the purposes of this disclosure, the scope of renewable energy from biomass sources is limited to
materials certified to a third-party standard (for example, Forest Stewardship Council, Sustainable Forest
Initiative, Programme for the Endorsement of Forest Certification or American Tree Farm System),
materials considered eligible sources of supply according to the Green-e Framework for Renewable Energy
Certification, Version 1.0 (2017) or Green-e regional standards, or materials eligible for an applicable
jurisdictional renewable portfolio standard.

4 The entity shall apply conversion factors consistently for all data reported under this disclosure, such as the use of
HHVs for fuel usage (including biofuels) and conversion of kilowatt hours (kWh) to GJ (for energy data including
electricity from solar or wind energy).

5 The entity may disclose the trailing twelve-month (TTM) weighted average power usage effectiveness (PUE) for its
data centres.

5.1 PUE is defined as the ratio of the total amount of power a computer data centre facility uses to the amount
of power delivered to computing equipment.

5.2 If disclosing PUE, the entity shall follow the guidance and calculation methodology described in PUE™: A
Comprehensive Examination of the Metric (2014), published by ASHRAE and The Green Grid Association.

CG-EC-130a.2. (1) Total water withdrawn, (2) total water consumed; percentage of
each in regions with High or Extremely High Baseline Water Stress
1 The entity shall disclose the amount of water, in thousands of cubic metres, withdrawn from all sources.

1.1 Water sources include surface water (including water from wetlands, rivers, lakes and oceans),
groundwater, rainwater collected directly and stored by the entity, and water and wastewater obtained from
municipal water supplies, water utilities or other entities.

2 The entity may disclose portions of its supply by source if, for example, significant portions of withdrawals are from
non-freshwater sources.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 9

 2.1 Fresh water may be defined according to the local laws and regulations where the entity operates. If no
legal definition exists, fresh water shall be considered to be water that has less than 1,000 parts per million
of dissolved solids.

2.2 Water obtained from a water utility in compliance with jurisdictional drinking water regulations can be
assumed to meet the definition of fresh water.

3 The entity shall disclose the amount of water, in thousands of cubic metres, consumed in its operations.

3.1 Water consumption is defined as:

3.1.1 Water that evaporates during withdrawal, use and discharge;

3.1.2 Water that is directly or indirectly incorporated into the entity’s product or service

3.1.3 Water that does not otherwise return to the same catchment area from which it was withdrawn,
such as water returned to another catchment area or the sea.

4 The entity shall analyse all its operations for water risks and identify activities that withdraw and consume water in
locations with High (40–80%) or Extremely High (>80%) Baseline Water Stress as classified by the World
Resources Institute’s (WRI) Water Risk Atlas tool, Aqueduct.

5 The entity shall disclose water withdrawn in locations with High or Extremely High Baseline Water Stress as a
percentage of the total water withdrawn.

6 The entity shall disclose water consumed in locations with High or Extremely High Baseline Water Stress as a
percentage of the total water consumed.

CG-EC-130a.3. Discussion of the integration of environmental considerations into

strategic planning for data centre needs
1 The entity shall discuss the environmental considerations integrated into siting, design, construction,
refurbishment and operational specifications for its data centres, including factors related to energy and water
consumption.

1.1 Environmental factors may include energy-efficiency standards; layout design, such as ‘hot aisle/cold aisle’
layouts; and location-based factors, such as accounting for regional humidity, average temperature, water
availability and groundwater stress, water permits, jurisdictional carbon legislation or pricing, and the
carbon intensity of electricity from the local grid.

2 The scope of disclosure shall include data centres currently owned and operated by the entity, data centres that
have been planned or are under construction, and outsourced data centre services.

3 The entity shall discuss how it incorporates environmental considerations into decisions related to its data centres
made during the reporting period, including if they influenced decisions to insource or outsource data centre
services, improve efficiency of existing data centres or construct new data centres.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 10

Data Privacy & Advertising Standards
Topic Summary
Entities in the E-Commerce industry have access to consumer information including financial information, purchase
history and basic demographic data. Entities must carefully manage two separate and often conflicting priorities.
Entities compete by leveraging data to provide users with relevant services and target advertising or product
recommendations based on consumers’ preferences and behaviour patterns, but their access to a range of user data
may raise privacy concerns among users and the public at large. These privacy concerns can result in increased
regulatory scrutiny. Failure to manage the issue can result in incremental costs associated with managing regulatory
and reputational risks. Furthermore, effective management in this area can increase user confidence and loyalty,
which are particularly important to maintain market share.

Metrics

CG-EC-220a.1. Number of users whose information is used for secondary

purposes
1 The entity shall disclose the total number of unique users whose information is used for secondary purposes.

1.1 User information is defined as data that pertains to a user’s attributes or actions which may include account
statements, transaction records, records of communications, content of communications, demographic
data, behavioural data, location data and personal data.

1.1.1 Demographic data is defined as information that identifies and distinguishes a given population.
Examples of demographic data include gender, age, race/ethnicity, language, disabilities, mobility,
home ownership and employment status.

1.1.2 Behavioural data is defined as information that tracks, measures and records individual behaviours,
such as online browsing patterns, buying habits, brand preferences and product usage patterns.

1.1.3 Location data is defined as information that describes the physical location or movement patterns of
an individual, such as Global Positioning System (GPS) coordinates or other related data that
identifies and tracks an individual’s physical location.

1.1.4 Personal data is defined as information that relates to an identified or identifiable living individual.
Various pieces of information, which collected together can lead to the identification of a particular
person, also constitute personal data.

1.1.5 The entity may define personal data based on applicable jurisdictional laws or regulations. In such
cases, the entity shall disclose the applicable jurisdictional standard or definition used.

1.2 A secondary purpose is defined as the entity intentionally using data outside the primary purpose for which
the data was collected. Examples of secondary purposes may include selling targeted advertisements and
transferring data or information to a third party through sale, rental or sharing.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 11

 1.3 User accounts that the entity cannot verify as belonging to the same individual shall be disclosed
separately.

2 The scope of the disclosure shall include the users whose information is used by the entity for secondary
purposes, as well as the users whose information is provided to third parties, including those that directly or
indirectly control, are controlled by, or are under common control with the entity, to use for secondary purposes.

CG-EC-220a.2. Description of policies and practices relating to targeted

advertising and user privacy
1 The entity shall describe the nature, scope and implementation of its policies and practices related to user privacy,
including its targeted advertising practices, with a specific focus on how it manages the collection, use and
retention of user information.

1.1 User information is defined as information that pertains to a user’s attributes or actions which may include
account statements, transaction records, records of communications, content of communications,
demographic data, behavioural data, location data and personal data.

1.1.1 Demographic data is defined as information that identifies and distinguishes a given population.
Examples of demographic data include gender, age, race/ethnicity, language, disabilities, mobility,
home ownership and employment status.

1.1.2 Behavioural data is defined as information that tracks, measures and records individual behaviours,
such as online browsing patterns, buying habits, brand preferences and product usage patterns.

1.1.3 Location data is defined as information that describes the physical location or movement patterns of
an individual, such as Global Positioning System (GPS) coordinates or other related data that
would enable identifying and tracking an individual’s physical location.

1.1.4 Personal data is defined as information that relates to an identified or identifiable living individual.
Various pieces of information, which collected together can lead to the identification of a particular
person, also constitute personal data.

1.1.5 The entity may define personal data based on an applicable jurisdictional definition. In such cases,
the entity shall disclose the applicable jurisdictional standard or definition used.

1.2 Targeted advertising is defined as the practice of selecting and displaying advertisements to individual
users based on their user information.

2 The entity shall describe the information ‘lifecycle’ (collection, use, retention, processing, disclosure and
destruction of information) and how information-handling practices at each stage may affect individuals’ privacy.

2.1 With respect to data collection, the entity may discuss the data or types of data it collects without the
consent of an individual, data that requires opt-in consent and data that requires an opt-out action from the
individual.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 12

 2.2 With respect to data use, the entity may discuss the data or types of data it uses internally and under which
circumstances the entity shares, sells, rents or otherwise distributes data or information to third parties.

2.3 With respect to retention, the entity may discuss the data or types of data it retains, the duration of
retention, and practices used to ensure that data is stored securely.

3 The entity shall discuss its use of privacy impact assessments (PIAs), data protection impact assessments
(DPIAs) or similar assessments.

3.1 A PIA or DPIA is an analysis of how information is handled that ensures handling conforms to applicable
jurisdictional legal, regulatory and policy requirements regarding privacy; determines the risks and effects
of collecting, maintaining and disseminating information in an identifiable form in an electronic information
system; and examines and evaluates protections and alternative processes for handling information to
mitigate potential privacy risks.

4 The entity shall discuss how its policies and practices related to privacy of user information address children’s
privacy, including the provisions of applicable jurisdictional children’s privacy laws or regulations.

5 The scope of the disclosure includes both first- and third-party advertising.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 13

Data Security
Topic Summary
The business models of entities in the E-Commerce industry depend on an entity’s ability to securely process
electronic payments. As consumers become more educated about the threats of cybercrime, their perceptions of an
entity’s cybersecurity will become increasingly important to maintain or gain market share. The most trusted brands
have an opportunity to position themselves favourably in the eyes of consumers and gain a significant competitive
advantage. Conversely, entities that are perceived to be vulnerable to cybersecurity breaches may experience
financial consequences in the form of fines, litigation and decreased market share.

Metrics

CG-EC-230a.1. Description of approach to identifying and addressing data

security risks
1 The entity shall describe its approach to identifying information system vulnerabilities that may pose a data
security risk.

1.1 Vulnerability is defined as a weakness in an information system, implementation, system security procedure
or internal control that could be exploited.

1.2 Data security risk is defined as the risk of any circumstance or event with the potential to affect
organisational operations (including mission, functions, image or reputation), assets, individuals, or other
organisations or governments through an information system via unauthorised access, destruction,
disclosure, modification of information or denial of service.

2 The entity shall describe its approach to managing identified data security risks and vulnerabilities which may
include operational procedures, management processes, structure of products, selection of business partners,
employee training and use of technology.

3 The entity may discuss observed trends in type, frequency and origination of attacks on its data security and
information systems.

4 The entity may describe the degree to which its approach aligns with an external standard or framework, or
applicable jurisdictional legal or regulatory framework for managing data security, such as:

4.1 the ISO/IEC 27000-series; and

4.2 the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure
Cybersecurity, 2018.

5 All disclosure shall be sufficient such that it is specific to the risks the entity faces but disclosure itself would not
compromise the entity’s ability to maintain data privacy and security.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 14

CG-EC-230a.2. (1) Number of data breaches, (2) percentage that are personal data
breaches, (3) number of users affected
1 The entity shall disclose (1) the total number of data breaches identified during the reporting period.

1.1 A data breach is defined as an unauthorised occurrence on, or conducted through, an entity’s information
systems that jeopardises the confidentiality, integrity or availability of an entity’s information systems or any
information contained therein.

1.1.1 Information systems are defined as information resources, owned or used by the entity, including
physical or virtual infrastructure controlled by such information resources, or components thereof,
organised for the collection, processing, maintenance, use, sharing, dissemination or disposition of
an entity’s information to maintain or support operations.

1.2 The scope of the disclosure excludes occurrences in which an entity has reasonable and supportable belief
that the occurrence (i) does not pose a risk of damage to the entity’s business performance or prospects
and (ii) does not pose a risk of economic or social disadvantage to individuals.

2 The entity shall disclose (2) the percentage of data breaches that were personal data breaches.

2.1 A personal data breach is defined as a data breach resulting in the accidental or unauthorised destruction,
loss, alteration, disclosure of, or access to, personal data transmitted, stored or otherwise processed.

2.2 Personal data is defined as any information that relates to an identified or identifiable living individual.
Various pieces of information, which collected together can lead to the identification of a particular person,
also constitute personal data.

2.2.1 The entity may define personal data based on applicable jurisdictional laws or regulations. In such
cases, the entity shall disclose the applicable jurisdictional standard or definition used.

2.3 The scope of the disclosure shall include incidents during which encrypted data was acquired with an
encryption key that also was acquired, as well as whether a reasonable belief exists that encrypted data
could be converted readily to plaintext.

2.3.1 Encryption is defined as the process of transforming plaintext into ciphertext.

3 The entity shall disclose (3) the total number of unique users affected by personal data breaches.

3.1 Accounts that the entity cannot verify as belonging to the same user shall be disclosed separately.

4 The entity may delay disclosure if a law enforcement agency has determined that notification impedes a criminal
investigation and may be delayed until the law enforcement agency determines that such notification does not
compromise the investigation.

Note to CG-EC-230a.2

1 The entity shall describe any corrective actions taken in response to data breaches, such as changes in
operations, management, processes, products, business partners, training or technology.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 15

2 All disclosure shall be sufficient such that it is specific to the risks the entity faces, but disclosure itself would not
compromise the entity’s ability to maintain data privacy and security.

3 The entity may disclose its policy for disclosing data breaches to affected users in a timely manner.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 16

Employee Recruitment, Inclusion & Performance
Topic Summary
Employees are essential contributors to value creation in the E-Commerce industry. In important markets, a shortage
of technically skilled domestic workers has created intense competition to acquire such employees, contributing to
high turnover rates. This competition for skilled workers and the search for innovative opportunities presents several
interrelated sustainability challenges regarding human capital that entities must manage. Entities offer significant
monetary and nonmonetary benefits to improve employee engagement, retention and productivity. Initiatives to
improve employee engagement and work-life balance might positively influence the recruitment and retention of a
diverse workforce. Efforts to recruit from and develop globally diverse talent pools can serve to address skilled worker
shortages and improve the value of entity offerings more generally. Greater workforce diversity is important for
innovation, and it helps entities understand the needs of their diverse and global customer base.

Metrics

CG-EC-330a.1. Employee engagement as a percentage

1 The entity shall disclose employee engagement as a percentage.

1.1 Types of employee engagement levels may include:

1.1.1 actively engaged;

1.1.2 not engaged;

1.1.3 passive; and

1.1.4 actively disengaged.

1.2 If employee engagement is measured as an index (for example, strength of employee agreement with a
survey statement), the entity shall convert the index into a percentage for this disclosure.

2 The percentage shall be calculated based on the results of an employee engagement survey or research study
conducted by the entity, by an external party contracted by the entity to perform such a study or by an
independent third party.

2.1 The percentage shall be calculated as the number of employees who self-describe as actively engaged
divided by the total number of employees who completed the survey.

Note to CG-EC-330a.1

1 The entity shall briefly describe:

1.1 the source of its survey (for example, third-party survey or entity’s own);

1.2 the method used to calculate the percentage; and

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 17

 1.3 a summary of questions or statements included in the survey or study (for example, those related to goal-
setting, support to achieve goals, training and development, work processes and commitment to the
organisation).

2 If the survey method changes compared to previous reporting periods, the entity shall provide results based on
both the old and new methods for the period in which the change is made.

3 If results are limited to a subset of employees, the entity shall provide the percentage of employees included in the
study or survey and the representativeness of the sample.

4 The entity may disclose results of other survey findings, such as the percentage of employees who are: proud of
their work/where they work, inspired by their work/co-workers and aligned with corporate strategy and goals.

CG-EC-330a.2. (1) Voluntary and (2) involuntary turnover rate for all employees
1 The entity shall disclose the employee turnover rate as a percentage for all employees.

1.1 Turnover shall be disclosed separately for (1) voluntary and (2) involuntary departures.

2 The entity shall calculate (1) the voluntary turnover rate as the number of employee-initiated voluntary separations
(for example, resignations or retirement) during the reporting period, divided by the average number of workers
employed during the reporting period.

3 The entity shall calculate (2) the involuntary turnover rate as the number of entity-initiated separations (for
example, dismissal, downsizing, redundancy or non-renewal of contract) during the reporting period, divided by
the average number of workers employed during the reporting period.

CG-EC-330a.3. Percentage of (1) gender and (2) diversity group representation for
(a) executive management, (b) non-executive management, (c) technical
employees, and (d) all other employees
1 The entity shall disclose (1) the percentage of gender representation among its employees for (a) executive
management, (b) non-executive management, (c) technical employees and (d) all other employees.

1.1 The entity shall categorise the gender of its employees as women, men or not disclosed.

1.1.1 The entity may disclose additional categories of gender identity or expression.

1.2 The entity shall use these employee categories: (a) executive management, (b) non-executive
management, (c) technical employees and (d) all other employees.

1.3 Executive management is defined as chief executives and senior officials who formulate and review the
entity’s policies, and plan, direct, coordinate and evaluate the overall activities of the entity with the support
of other managers.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 18

 1.3.1 The entity may refer to the International Standard Classification of Occupations (ISCO) Sub-Major
Group 11 or an applicable jurisdictional occupation classification system for a definition of executive
management. In such cases, the entity shall disclose the occupation classification standard used to
classify executive management.

1.4 Non-executive management is defined as those who plan, direct, coordinate and evaluate the activities of
the entity, or of organisational units within it, and formulate and review its policies, rules and regulations,
other than executive management.

1.4.1 The entity may refer to the ISCO Major Group 1 (excluding Sub-Major Group 11) or an applicable
jurisdictional occupational classification system for a definition of non-executive management. In
such cases, the entity shall disclose the occupation classification standard used to classify non-
executive management.

1.5 Technical employees are defined as employees who perform highly skilled or highly qualified work generally
categorised in the computing, mathematical, architectural and engineering occupations.

1.5.1 The entity may refer to the ISCO Sub-Major Groups 21 and 25 or an applicable jurisdictional
occupation classification system for a definition of technical employees. In such cases, the entity
shall disclose the occupation classification system used to classify technical employees.

1.6 All other employees are defined as those employees who are not classified as executive management, non-
executive management or technical employees.

1.7 The entity shall calculate the percentage of gender representation for each employee category as the
number of employees in each gender category divided by the total number of employees in the respective
employee category.

2 The entity shall disclose (2) the percentage of diversity group representation among its employees for (a)
executive management, (b) non-executive management, (c) technical employees and (d) all other employees.

2.1 The entity shall identify diversity groups in its workforce.

2.1.1 Diversity is defined as the presence of people from populations who have been underrepresented in
a particular field or are otherwise historically marginalised in a particular society.

2.1.2 Diversity groups may be defined by dimensions such as race, ethnicity, disability status, region of
origin, migrant status, indigenous background, age, socioeconomic background, religious affiliation,
sexual orientation or gender identity.

2.1.3 Diversity groups may be defined by applicable jurisdictional laws or regulations or third-party
frameworks.

2.1.4 The entity may omit diversity groups if collecting data on that group would be prohibited by
applicable jurisdictional laws or regulations or would pose a risk of harm to members of the group.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 19

 2.2 The entity shall calculate the percentage of diversity group representation for each employee category as
the number of employees in each diversity group, divided by the total number of employees in the
respective employee category.

3 The entity may provide disclosures on gender or diversity group representation disaggregated by jurisdiction.

4 The entity may provide supplementary contextual disclosures on factors that significantly influence gender or
diversity group representation, such as the jurisdiction in which employees are located.

5 The entity may disclose gender or diversity group representation by employee category in these table formats:

Table 3. Gender Representation of Global Employees (%)

WOMEN MEN ... N/D*

Executive
Management

Non-executive
Management

Technical
Employees

All Other
Employees

*N/D = not disclosed

Table 4. Diversity Group Representation of Global Employees (%)

GROUP A GROUP B GROUP C ... N/A*

Executive
Management

Non-executive Manage-
ment

Technical
Employees

All Other Employees

*N/A = not available or not disclosed

Note to CG-EC-330a.3

1 The entity shall describe its policies and programmes for fostering equitable employee representation in its global
operations.

1.1 Relevant policies may include maintaining transparency of hiring, promotion and wage practices, ensuring
equal employment opportunities, developing and disseminating diversity policies and ensuring
management accountability for equitable representation.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 20

 1.2 Relevant programmes may include training on diversity, mentorship and sponsorship programmes,
partnership with employee resource and advisory groups and provision of flexible work schedules to
accommodate the varying needs of employees.

CG-EC-330a.4. Percentage of technical employees that require a work visa

1 The entity shall disclose the percentage of its technical employees that require a work visa in the country in which
they are employed as of the close of the reporting period.

1.1 A work visa is defined as any non-immigrant visa, permit or other associated documentation issued by the
applicable jurisdictional legal or regulatory immigration authorities to permit an employee who is a foreign
national to work temporarily in the country in which they are employed. Work visas exclude permanent work
and residence authorizations granted to foreign nationals (for example, permanent leave to remain or
permanent resident status).

1.2 The percentage shall be calculated as the number of technical employees requiring a work visa divided by
the total number of the entity’s technical employees at the close of the reporting period.

1.3 Technical employees are defined as employees who perform highly skilled or highly qualified work generally
categorised in the computing, mathematical, architectural and engineering occupations.

1.3.1 The entity may refer to the International Standard Classification of Occupations (ISCO) Sub-Major
Groups 21 and 25 or an applicable jurisdictional occupation classification system for a definition of
technical employees. In such cases, the entity shall disclose the occupation classification system
used to classify technical employees.

2 The scope of employees includes those directly employed by the entity and excludes contractors and outsourced
employees.

3 The scope of employees includes both full- and part-time employees.

Note to CG-EC-330a.4

1 The entity shall describe potential risks from recruiting employees that require a work visa, which may arise from
immigration, naturalisation and visa regulations.

2 The entity shall describe how it manages the identified risks related to recruiting employees that require a work
visa.

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 21

Product Packaging & Distribution
Topic Summary
A significant part of the E-Commerce industry’s added value comes from an entity’s ability to move a wide array of
goods efficiently to consumers who would otherwise have to personally travel to collect the goods from brick-and-
mortar stores. As the volume of packaging shipments increases, the industry may become more exposed to
environmental externalities, such as carbon pricing and rising fuel costs that present risks associated with the shipping
of products. While entities that outsource shipping and logistics have less control over the specific processes of
shipping operations, they still can select suppliers with more energy-efficient business practices. Because this is a
highly competitive and low-margin industry, the ability to reduce shipping costs through fuel reduction and more
efficient routing may permit entities to pass those savings on to their customers. E-commerce entities also have an
incentive to minimise the use of packaging. Efficient packaging can decrease costs by reducing the amount of
purchased packaging material, as well as saving logistics costs because more products may fit into a single shipping
load.

Metrics

CG-EC-410a.1. Total greenhouse gas (GHG) footprint of product shipments

1 The entity shall disclose the complete tank-to-wheels greenhouse gas (GHG) footprint, in metric tonnes of CO2-e,
associated with outbound shipment of the entity’s products.

1.1 Tank-to-wheels emissions relate to vehicle processes and exclude upstream emissions associated with
primary energy production (well-to-tank emissions).

1.2 The entity shall calculate its disclosure according to EN 16258:2012 – Methodology for calculation and
declaration of energy consumption and GHG emissions of transport services (freight and passengers).

1.2.1 Calculations shall be consistent with the methodology used to calculate the ‘tank-to-wheels GHG
emissions (Gt)’ result that is described in EN 16258:2012.

1.2.2 Determination of transportation system scope, boundaries and any necessary allocations shall be
consistent with the methodology described in EN 16258:2012.

2 The scope of disclosure includes emissions from all freight transportation and logistics activities associated with
the outbound shipment of the entity’s products, including those from contract carriers and outsourced freight
forwarding services and logistics providers (Scope 3) as well as those from the entity’s own assets (Scope 1).

3 The scope of disclosure includes emissions from all modes of transportation, such as road freight, air freight,
barge transport, marine transport, and rail transport.

4 Consistent with EN 16258:2012, disclosure may be based on calculations from a mix of categories of emissions
values (specific measured values, transport operator vehicle-type- or route-type-specific values, transport
operator fleet values and default values).

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 22

5 If relevant and necessary for interpretation of disclosure, the entity shall describe its allocation methods,
emissions values, boundaries, mix of transport services used and other information.

CG-EC-410a.2. Discussion of strategies to reduce the environmental impact of

product delivery
1 The entity shall discuss its strategies to reduce the environmental impact of fulfilment and product delivery,
including impacts associated with packaging materials and those associated with product transportation.

2 Relevant strategies to discuss may include:

2.1 Discussion of logistics selection, mode selection and management (for example, rail transport vs air freight
transport) or operation for route efficiency

2.2 Discussion of packaging choices that may include decisions to use recycled or renewable (for example, bio-
based plastic) packaging material, decisions to optimise the amount of packaging materials used (for
example, source reduction), use of refillable or reusable packaging, and design for efficient shipping and
transport

2.3 Discussion of fuel choices and vehicle choices for fleets owned or operated by the entity, such as decisions
to use renewable and low-emission fuels and low-emission vehicles

2.4 Other relevant strategies, such as efforts to reduce idling of vehicles owned or operated by the entity,
innovations to improve the efficiency of ‘last-mile’ delivery and strategies to optimise delivery times to
reduce traffic congestion

SUSTAINABILITY ACCOUNTING STANDARD | E-COMMERCE | 23

 | | 24
sasb.org/contact