Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
“ESG” can feel like something only big corporates and listed companies talk about.
But if you’re a small business owner or startup founder in Australia, an ESG policy is quickly becoming a practical (and often commercial) necessity - especially if you’re dealing with enterprise customers, government tenders, investors, or supply chain partners who want to see how you operate.
An ESG policy doesn’t need to be long, expensive, or complicated. What it does need to be is clear, relevant to your business, and backed by processes you can actually follow.
Below, we’ll break down what an ESG policy is, why it matters for SMEs and startups, what to include, and a step-by-step process for creating a policy you can confidently share with customers, investors, and your team.
Note: This article provides general information only and does not constitute legal advice. ESG obligations and expectations can differ depending on your industry, location, customers, and business structure.
What Is An ESG Policy (And Why Do Small Businesses Need One)?
An ESG policy is a written document that sets out your business’s approach to:
- Environmental impacts (e.g. waste, emissions, energy use, sustainable sourcing)
- Social responsibilities (e.g. workforce practices, diversity and inclusion, supply chain standards, community impact)
- Governance (e.g. ethical conduct, accountability, risk management, compliance processes)
In other words, an ESG policy explains the standards your business intends to operate by - and how you’ll manage risks and opportunities connected to sustainability, people, and good decision-making.
Is An ESG Policy A Legal Requirement In Australia?
For most SMEs and startups, an ESG policy is not a single “must-have” document required by one specific law.
However, ESG topics overlap with a lot of legal obligations you may already have, such as:
- Work health and safety obligations (protecting staff and contractors)
- Employment law responsibilities (fair, lawful workplace practices)
- Privacy and data handling obligations (which may apply depending on your business type, turnover, and what information you collect)
- Consumer law compliance (including avoiding misleading claims)
- Anti-discrimination and workplace conduct obligations
- Director duties and governance expectations (depending on your structure)
So while “having an ESG policy” may not be mandatory, you can think of it as a practical way to document how you’re meeting (or aiming to exceed) the standards that already apply to your business.
Why ESG Policies Matter More Than Ever For SMEs And Startups
Even if you’re early-stage, an ESG policy can help you:
- Win deals faster when customers ask for ESG information during procurement
- Build investor confidence by showing you’ve thought about risk and sustainability early
- Reduce operational risk by setting clear expectations for your team and suppliers
- Support hiring and retention (people want to work for values-driven businesses)
- Stay consistent as you scale, especially when you move from “founder-led” to “team-led” operations
It can also make other policies and contracts easier to implement, because your ESG policy becomes the “umbrella” document that connects your standards across the business.
What Should An ESG Policy Include For An Australian SME Or Startup?
The best ESG policy is one that matches your actual operations and risk profile.
A SaaS startup storing customer data will have different ESG priorities to a construction business, an ecommerce store, or a manufacturing company. That said, most strong ESG policies include the following building blocks.
1. Purpose, Scope And Who It Applies To
Start with a short statement that answers:
- Why you have the ESG policy (what you’re trying to achieve)
- Who it applies to (directors, employees, contractors, suppliers)
- Where it applies (Australia only, or global operations too)
- How it will be reviewed and updated
This helps prevent the policy becoming “vague values” that no one knows how to apply.
2. Environmental Commitments (The “E” In ESG)
Your environmental commitments should be realistic and measurable. For SMEs, this often includes:
- Waste management (recycling, minimising packaging, responsible disposal)
- Energy use (energy-efficient equipment, switching to renewable options where possible)
- Sustainable purchasing (prioritising suppliers with ethical and sustainable practices)
- Travel and logistics (reducing unnecessary travel, optimising deliveries)
- Compliance with any environmental obligations relevant to your industry and location
If you make public sustainability claims (for example on your website or in tenders), it’s important those claims are accurate and can be supported with evidence. Overstating your environmental performance can create reputational and legal risk.
3. Social Commitments (The “S” In ESG)
For many small businesses, the “social” pillar is where your ESG policy becomes very practical: it impacts how you hire, manage, and support people - and how you treat customers and the community.
Common inclusions are:
- Workplace conduct (safe, respectful behaviour, and clear reporting processes)
- Fair employment practices (lawful pay, entitlements, and non-discrimination)
- Training and capability (especially around safety, privacy, and ethical conduct)
- Supplier and contractor standards (e.g. minimum expectations around labour practices)
- Customer impact (accessibility, complaints handling, responsible marketing)
Many businesses support these commitments with a mix of contracts and internal policies, like an Employment Contract and a clear Workplace Policy framework that sets expectations and reduces the risk of disputes.
4. Governance Commitments (The “G” In ESG)
Governance is about how decisions are made, who is accountable, and how you manage risk.
For startups and SMEs, governance commitments often include:
- Ethical business conduct (e.g. anti-bribery, conflicts of interest)
- Compliance with applicable laws and regulations
- Record-keeping and documentation standards
- Clear roles and decision-making authority
- Reporting and escalation pathways for issues and incidents
If you operate through a company, governance also ties into your foundational documents - for example, your Company Constitution and, if you have multiple owners, a Shareholders Agreement can work alongside your ESG policy to clarify how decisions are made and what happens when the business faces a major risk or dispute.
5. Privacy And Data Handling (Often Part Of “S” And “G”)
For many modern businesses, data practices are a major ESG issue - because poor privacy practices can harm customers and create serious compliance and reputational risk.
If your business collects personal information (for example through a website form, online orders, marketing lists, employee records, or analytics tools), your ESG policy can reference your privacy commitments and the safeguards you have in place.
In practice, that often means ensuring you have a fit-for-purpose Privacy Policy and internal processes that match what you say you do. Whether you must comply with the Privacy Act depends on factors like your annual turnover and whether you fall into a category covered regardless of turnover - but customers and partners may still expect robust privacy standards.
6. How You’ll Measure, Report And Improve
This is where you turn your ESG policy from a “nice statement” into something operational.
Even if you’re a small team, consider including:
- Who owns ESG internally (a role, not necessarily a full-time job title)
- How often you review the policy (e.g. annually or after major business changes)
- What you track (a short list of metrics relevant to your operations)
- How issues are reported and resolved
If you’re not ready for detailed metrics, start small. It’s better to track 3-5 meaningful indicators than publish a long list you can’t maintain.
How Do You Create An ESG Policy For Your Business? (Step-By-Step)
If you’re creating your first ESG policy, the key is to keep it grounded in your business model and operations.
Here’s a practical process you can follow.
Step 1: Identify Your ESG Drivers (Why Are You Doing This?)
Start by clarifying the “why” behind your ESG policy. For example:
- You need it to respond to customer procurement requirements
- You’re preparing for fundraising or due diligence
- You want to manage supply chain risk
- You’re building internal culture and accountability early
Your “why” will shape how detailed the policy needs to be, and where you should focus.
Step 2: Map Your Key ESG Risks And Impacts
Next, do a simple risk and impact map. Ask:
- Where do we have the biggest environmental footprint (even indirect)?
- Where could people be harmed (staff, customers, contractors, the public)?
- Where are our biggest governance or compliance risks?
For example, a tech startup might prioritise privacy, security, and responsible marketing. A product business may prioritise packaging waste, supplier standards, and product safety.
Step 3: Review What You Already Have In Place
Most businesses already do ESG-related things - they’re just not documented under the ESG label.
Look at your existing:
- HR practices and onboarding
- Contracts and supplier arrangements
- Workplace safety processes
- Privacy processes and customer communications
- Complaint handling and refund processes
Your ESG policy should align with these documents and processes. If there’s a gap, it’s usually better to fix the process first (or at least plan the fix), rather than publish commitments you can’t meet.
Step 4: Draft The Policy In Plain English
Your ESG policy should be easy for your team and external stakeholders to read.
A simple structure that works well is:
- Purpose and scope
- Definitions (brief, only if needed)
- Environmental commitments
- Social commitments
- Governance commitments
- Roles and responsibilities
- Reporting and review
Keep paragraphs short and avoid overly legalistic language. The point is clarity and accountability.
Step 5: Align It With Your Operations, Contracts And Marketing
This step is where many businesses run into trouble: the ESG policy is published, but it doesn’t match reality.
Before you roll it out, sense-check your ESG policy against:
- What you actually do day-to-day
- How your staff and contractors are managed
- What your customer-facing terms, claims, and marketing say
- What your supplier arrangements require (or don’t require)
If you’re using ESG commitments in sales or tender responses, it’s worth treating the ESG policy like any other risk-managed business document - consistent, accurate, and supported by evidence.
Step 6: Roll It Out Internally (Then Externally)
Even a short ESG policy works best when your team understands it.
Rollout can be simple:
- Include it in onboarding
- Train managers on what it means in practice
- Set up a basic reporting channel (even a dedicated email address can be a start)
- Review performance periodically
Once you’re comfortable it reflects reality, you can publish it on your website, include it in tenders, or share it with customers and investors.
How An ESG Policy Connects To Your Legal Compliance (And Where SMEs Get Caught Out)
One of the biggest mistakes we see is treating ESG as purely a branding exercise.
Your ESG policy can create legal and commercial risk if you make statements that are misleading, inconsistent, or not backed by actual practices.
Be Careful With Public Claims (Especially Environmental Claims)
If you publish sustainability claims (for example, “carbon neutral”, “100% recyclable”, or “ethically sourced”), you should be able to back them up.
Even if your intentions are good, unclear or unsubstantiated claims can cause disputes with customers, procurement teams, or regulators. A practical approach is to:
- Use specific, accurate language (avoid absolute statements unless you can prove them)
- Keep evidence on file (supplier certifications, internal calculations, audits)
- Update your policy as your operations change
Make Sure Your People Practices Match Your ESG Policy
Many ESG policies include commitments around fairness, inclusion, and respectful workplaces - which is a great start, but it needs to be supported by documentation and processes.
For example, it’s hard to enforce workplace standards without clear contracts and policies. Aligning your ESG commitments with practical documents like an employment contract (where relevant) can help set expectations and reduce confusion.
Privacy And Cyber Practices Are ESG Issues Now
For startups in particular, data handling is often one of your biggest trust and governance risks.
Even if you’re not legally required to comply with every part of the Privacy Act framework (for example, some businesses are exempt based on turnover, while others are covered due to the type of service or information handled), customers and enterprise clients may still expect privacy and security standards. If your ESG policy talks about privacy and security, make sure your actual systems and documents (including your Privacy Policy) match those statements.
What Legal Documents Often Support An ESG Policy?
An ESG policy is usually most effective when it sits alongside the “everyday” legal documents your business already needs.
Depending on your business model, you may want to consider:
- Company Constitution: helps support governance and decision-making structures, especially as you grow (Company Constitution).
- Shareholders Agreement: helpful if you have co-founders or investors, and want a clear framework for decisions, disputes, and exits (Shareholders Agreement).
- Employment Contracts: set expectations and obligations with team members (Employment Contract).
- Workplace Policies: help turn “social” commitments into real conduct standards and processes (Workplace Policy).
- Privacy Policy: important if your business collects personal information, and often expected by customers and partners even where exemptions may apply (Privacy Policy).
Not every SME will need every document above, and it’s important they’re tailored to your specific business (what you do, who you deal with, and how you operate). The key is consistency: your ESG policy should not contradict your contracts, policies, or customer-facing statements.
Key Takeaways
- An ESG policy sets out how your business manages environmental, social, and governance standards - and it’s increasingly expected even for Australian SMEs and startups.
- While an ESG policy isn’t usually a stand-alone legal requirement, it overlaps with many legal and compliance areas, including employment, privacy, consumer law, and governance.
- A practical ESG policy should include clear commitments, who it applies to, how it’s implemented, and how it’s reviewed - not just high-level values.
- Make sure your ESG policy matches what you actually do, especially if you use it in sales, tenders, or fundraising (inconsistent claims can create risk).
- Your ESG policy often works best when supported by core legal documents like a Privacy Policy, Employment Contracts, and governance documents.
If you’d like help putting together an ESG policy (or aligning it with your contracts and internal policies), you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
