Creating An ESG Policy: Australian Small Business Guidance

Australian consumers, investors and regulators increasingly expect businesses of all sizes to act responsibly. If you run a small business, a straightforward Environmental, Social and Governance (ESG) policy can help you turn values into daily practice, show stakeholders what you stand for, and reduce compliance risk.

The good news? You don’t need a 50-page corporate report. A clear, honest, and practical ESG policy that fits your operations can go a long way in Australia’s current climate-especially when tenders, major customers or partners ask for it.

Below, we break down what ESG means for small business, how to draft a tailored policy, where legal obligations actually sit (versus what’s optional), and common pitfalls to avoid-like greenwashing risks under the Australian Consumer Law. We’ll also outline the supporting documents that make your ESG framework work in real life.

What Is An ESG Policy (And Why It Matters)?

ESG stands for Environmental, Social and Governance. An ESG policy sets out your commitments, standards and processes across these areas:

• Environmental: How you minimise your environmental footprint (energy use, waste, water, emissions, procurement and product stewardship).
• Social: How you treat people-staff, customers, suppliers and the community (safety, inclusion, fair work, ethical sourcing, accessibility and community impact).
• Governance: How you run the business-compliance, ethics, accountability, risk management and transparency.

For small businesses, a concise ESG policy does four important jobs:

• Demonstrates your values to customers, funders and partners.
• Helps you meet contract, procurement or grant requirements that ask for ESG information.
• Builds better systems-clear responsibilities, practical actions and regular reviews.
• Attracts and retains people who want to work for a responsible employer.

It also future‑proofs your operations as expectations continue to rise.

Do Small Businesses In Australia Really Need One?

You may not be legally required to publish an ESG policy. However, pressure is flowing down supply chains and into public procurement. You’re more likely to be asked to demonstrate what you’re doing on sustainability, inclusion and governance, even as a micro or small enterprise.

In practice, an ESG policy can help when:

• Bidding for work: Larger corporate clients and government tenders often require environmental or social responsibility information.
• Securing partnerships: Distributors, enterprise customers and platform partners may vet your governance and compliance posture.
• Managing risk: Clarity on privacy, advertising, safety, and ethical conduct reduces day‑to‑day legal and reputational risks.

Even if nobody asks for it today, having a policy ready means you can respond quickly and consistently if they do.

How To Build Your ESG Policy Step‑By‑Step

You don’t need to boil the ocean. Start small, be specific, and focus on actions you can track. A 3–5 page policy is enough for many small businesses. Here’s a practical way to build it.

1) Map What Matters And Set Priorities

• List the environmental, social and governance issues relevant to your industry and size (waste, transport, supply chain, accessible services, safety, data security, etc.).
• Note legal obligations you already have (workplace safety, fair work, advertising, privacy, modern slavery thresholds if relevant, local council rules).
• Talk to stakeholders-team members, key customers and suppliers-and note what they care about.
• Pick 3–6 priority commitments to start. Think measurable, realistic and aligned to your operations.

2) Draft Clear Commitments And Responsibilities

Structure your document with short sections for E, S and G, and keep the language plain. A helpful policy usually includes:

• Purpose: Why ESG matters to your business and stakeholders.
• Scope: Who and what the policy applies to (your operations, contractors, suppliers, sites, products or services).
• Environmental: Practical initiatives (e.g. reduce single‑use packaging, improve recycling, manage energy use, sustainable supplier selection).
• Social: Commitments to WHS, diversity and inclusion, respectful workplaces, fair treatment, community engagement and ethical sourcing.
• Governance: Compliance approach, ethics, anti‑bribery stance, complaints handling, audit and risk processes, escalation pathways.
• Accountability: Who owns ESG (usually a director, owner or senior manager) and who monitors progress.
• Review: When you will review (for example, annually or when laws change) and who approves updates.

Keep it honest-avoid grand promises you can’t evidence. Small, specific steps beat big, vague statements.

3) Connect Your Policy To Everyday Practice

ESG policies only work if people can follow them. Embed the essentials into processes you already use:

• Include highlights in onboarding and toolkits for managers.
• Update purchasing checklists to include environmental and ethical criteria.
• Set basic metrics-waste reduction actions, diversity goals, incident tracking, completion of staff training.
• Decide how you’ll communicate progress internally and externally (e.g. a short annual update or webpage summary).

4) Review, Improve And Keep Records

Set a regular cadence to review your policy and evidence. Keep simple records-training logs, supplier checks, incident responses, energy or waste initiatives-so you can back up what you say if a client or regulator asks.

Legal Requirements To Cover In Your ESG Policy

There isn’t a single “ESG law” in Australia. Instead, your policy should reference and support the laws that already apply to your business. Here’s how to think about it by topic.

Environmental (Right‑Sized For Your Business)

• Council and state rules: Waste and recycling requirements, regulated materials, signage and noise rules, and industry‑specific environmental permits where relevant.
• Procurement impacts: Some tenders incorporate sustainability or supplier standards-ensure your commitments are achievable and evidence‑based.
• Product stewardship: If your business produces or sells products, consider end‑of‑life and packaging impacts in a practical way.

For many service businesses, sensible steps to reduce waste and energy-and honest reporting-are the main environmental focus areas.

Social (Workplace, Customers And Community)

• Work Health and Safety (WHS): You must provide a safe workplace and follow current WHS laws-outline your approach (risk assessments, training, incident procedures).
• Fair work and inclusion: Set out commitments on anti‑discrimination, respectful workplaces and fair treatment. A short set of workplace policies or a Staff Handbook can support consistent application.
• Customer fairness: The Australian Consumer Law (ACL) prohibits misleading or deceptive conduct-your advertising, claims and refund practices need to comply with section 18. If you make environmental or social claims, make sure they are specific, accurate and substantiated to avoid “greenwashing” risks, including issues under section 29 (false or misleading representations).

Governance (Privacy, Security, Ethics And Risk)

• Privacy and data: Many small businesses collect personal information. The Privacy Act 1988 (Cth) generally applies to businesses with an annual turnover above $3 million, but there are important exceptions-for example, health service providers and some businesses trading in personal information may be covered regardless of turnover. Even if you’re under the threshold, having a clear Privacy Policy and good data practices is best practice and often required by clients. Consider technical and organisational measures (access controls, staff training, secure storage) and how you would handle incidents-document this with a Data Breach Response Plan and, where appropriate, an Information Security Policy.
• Whistleblower laws: Whistleblower protections under the Corporations Act apply broadly, but a formal whistleblower policy is only mandatory for public companies, large proprietary companies, and corporate trustees of registrable superannuation entities. If you’re a small proprietary company, a whistleblower policy is generally optional-but having a simple speak‑up process is still good governance. Where a formal policy is appropriate, you can implement a tailored Whistleblower Policy.
• Anti‑bribery, conflicts and ethics: Spell out your expectations for legal and ethical conduct, how conflicts are disclosed and managed, and who oversees concerns. A short, practical Conflict of Interest Policy helps here.
• Complaints and escalation: Outline how staff or customers can raise concerns and how you’ll investigate and resolve them. Assign a responsible person (owner, director or manager) for ESG matters and risk reporting.

When you reference laws in your ESG policy, keep the language plain and avoid legal jargon. The key is that your daily processes match what the policy says.

What Documents Should Sit Beside Your ESG Policy?

An ESG policy works best when it is supported by short, practical policies and contracts that people can actually use. Depending on your business, consider:

• Privacy Policy: Explains how you collect and handle personal information. Many clients expect to see a clear Privacy Policy even if you’re under the Privacy Act threshold.
• Information Security Policy: Sets out access controls, security measures and responsibilities for systems and data-pair it with a Data Breach Response Plan so you can respond quickly if something goes wrong.
• Workplace policies or Staff Handbook: Brings together WHS, anti‑discrimination, bullying and harassment, leave and grievance procedures in one place-your Staff Handbook underpins the “S” in ESG.
• Whistleblower Policy: Only mandatory for certain companies, but a succinct, fit‑for‑purpose Whistleblower Policy is a strong governance signal where appropriate.
• Conflict of Interest Policy: A simple framework for disclosure and management of conflicts aligned to your Conflict of Interest Policy.
• Customer and supplier contracts: Make sure your Terms and Conditions, statements of work and supplier agreements reflect your ESG expectations where relevant (for example, ethical sourcing requirements or data handling standards).

Not every business needs every document on day one. Start with the essentials that align with the risks you actually face, and add more as you grow.

Key Takeaways

• A short, honest ESG policy helps small Australian businesses show values, meet procurement expectations and reduce compliance risk.
• Focus on practical, specific commitments across environmental, social and governance areas, with clear responsibilities and a simple review cycle.
• There’s no single “ESG law” in Australia-your policy should support the laws that already apply, including WHS, the ACL, and privacy and data security obligations.
• Be careful with marketing and sustainability claims; avoid greenwashing by ensuring claims are accurate and substantiated under the ACL (including sections 18 and 29).
• The Privacy Act generally applies to businesses over $3m turnover (with important exceptions); even if you’re under the threshold, good privacy and security practices-and a clear Privacy Policy-are often expected.
• Only certain companies must have a formal whistleblower policy; for small companies it’s optional, but a simple speak‑up process still strengthens governance.
• Support your ESG policy with practical documents such as a Privacy Policy, Data Breach Response Plan, Staff Handbook, Whistleblower Policy (where appropriate) and a Conflict of Interest Policy.

If you’d like a consultation on ESG policies or help tailoring the right supporting documents for your small business, reach out to us at 1800 730 617 or team@sprintlaw.com.au for a free, no‑obligations chat.