Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
If you’re running a startup or small business, you’ve probably noticed ESG popping up everywhere - in customer questionnaires, supplier onboarding forms, tender documents, and investor conversations.
And even if you’re not chasing big institutional funding, ESG (Environmental, Social and Governance) is becoming a practical business requirement. It’s increasingly tied to revenue (winning work), risk management (avoiding issues before they become expensive), and credibility (building trust with customers, staff and partners).
That’s where using an ESG policy template can help. A good template gives you a clear starting structure, but the key is tailoring it to your actual business operations (and making sure it aligns with your contracts, marketing claims and workplace practices).
Below, we’ll walk you through what an ESG policy should include for Australian startups and small businesses, how to customise it without overcommitting, and where it fits into your wider legal setup. This article is general information only and isn’t legal advice.
What Is An ESG Policy (And Do Small Businesses Really Need One)?
An ESG policy is a written document that explains how your business manages:
- Environmental issues (like emissions, waste, energy use, materials, packaging, and supply chain impacts)
- Social issues (like workplace culture, diversity and inclusion, worker conditions, customer impacts, and community engagement)
- Governance issues (like ethical conduct, board/management oversight, privacy, compliance, and reporting)
For large organisations, ESG can be a sophisticated reporting framework. For startups and small businesses, an ESG policy is usually more practical: it’s a short, clear statement of what you do now, what you’re working towards, and how you manage risks.
You’re not always legally required to have an ESG policy. But in practice, you may need one to:
- Respond to supplier onboarding questionnaires or RFPs/tenders
- Meet expectations from enterprise customers (especially if you’re in their supply chain)
- Support investor due diligence
- Back up “sustainability” or “ethical” claims in your marketing
- Set internal standards as you start hiring and scaling
In other words: many startups adopt an ESG policy not because they have to, but because it helps them grow with fewer surprises.
How To Use An ESG Policy Template Without Creating Legal Risk
Templates are helpful because they stop you staring at a blank page. But ESG is an area where “sounding good” can accidentally create risk if your policy makes promises you can’t keep.
When you use an ESG policy template, your goal is to create a policy that is:
- Accurate (it reflects what you actually do, not what you wish you did)
- Realistic (commitments are achievable with your current resources)
- Measurable (where possible, set targets you can track)
- Consistent with your contracts, internal policies and public statements
- Owned by someone internally (even if that’s one founder wearing many hats)
Common Template Mistakes We See
- Overpromising: “We will only use 100% renewable energy” when you work in a co-working space or rely on third-party data centres.
- Vague commitments: “We care about the environment” without any practical actions or accountability.
- No governance: It’s not clear who is responsible for ESG decisions or how issues are escalated.
- Copy-paste legal language: It reads like a large corporate policy but doesn’t match how a small business operates.
Also keep in mind: your ESG policy can interact with Australian Consumer Law (ACL) if it influences customers’ buying decisions. If you make “green” claims such as being “carbon neutral”, “sustainable”, or “ethically sourced”, those statements should be accurate, evidence-based, and not misleading.
If your business sells to consumers (or even to other businesses), it’s worth ensuring your terms and communications are consistent with your broader consumer compliance approach, including the misleading or deceptive conduct rules.
ESG Policy Template: The Core Sections To Include
If you’re building or reviewing an ESG policy template, these are the sections that typically matter most for Australian startups and small businesses.
1. Purpose And Scope
This section sets the tone. Keep it simple and tailored. For example:
- Why your business has an ESG policy (e.g. to manage risks, meet customer expectations, build a responsible business)
- Who it applies to (directors, employees, contractors, and potentially suppliers)
- What parts of the business it covers (operations, procurement, product development, customer relationships)
If you engage contractors, it’s also worth making sure your ESG expectations align with your broader contracting approach (and are reflected where needed in your contractor agreements).
2. Definitions (Keep It Minimal)
Short definitions can help reduce confusion, especially when a policy is shared externally. You might define:
- What ESG means for your business
- What you mean by “supplier”, “stakeholders”, “reportable incident” or “modern slavery” (if relevant)
Avoid turning this into a legal dictionary. A startup-friendly policy should be readable.
3. Environmental Commitments
Environmental commitments should connect to your actual footprint. For many startups, the biggest environmental factors are:
- Electricity usage (office, remote work, cloud computing)
- Business travel
- Waste and packaging (if you ship physical products)
- Procurement choices (suppliers, materials, merchandise)
Practical commitments in this section might include:
- Reducing waste and encouraging recycling where possible
- Choosing lower-impact suppliers (where commercially reasonable)
- Tracking energy usage or travel emissions (even if approximate)
- Complying with environmental laws relevant to your industry and location
If you’re early-stage, it’s okay to say you’re building capability - just avoid stating or implying you already meet standards you haven’t implemented.
4. Social Commitments (People, Customers, Community)
For small businesses, “social” is often the most immediate part of ESG because it overlaps with how you hire, manage staff, and treat customers.
Common social topics to include:
- Workplace culture: expectations for respectful behaviour, bullying and harassment prevention
- Diversity and inclusion: fair recruitment, equal opportunity
- Work health and safety: commitment to safe work practices
- Employment compliance: paying correctly, meeting minimum entitlements
- Customer impacts: accessibility, product safety, responsible sales practices
If your team is growing, your ESG policy should not contradict your employment documentation. For example, if your policy promises certain standards around conduct, safety, confidentiality or device usage, you’ll usually want those to match your Employment Contract and internal policies (so you can actually enforce them).
5. Governance Commitments (How You Stay Accountable)
Governance is often where small businesses get stuck - not because governance is “hard”, but because people assume it requires a formal board and complex frameworks.
In a startup or small business, governance can be simple and still effective. Your ESG policy template should usually cover:
- Roles and responsibilities: who is responsible for ESG oversight (e.g. the founder/CEO, operations lead, or a nominated ESG owner)
- Decision-making: how ESG risks are considered in major decisions (new suppliers, new product lines, expansion)
- Compliance: a commitment to comply with applicable laws and regulations (noting that specific obligations can vary by industry and business size)
- Reporting and escalation: how staff/contractors can raise concerns and how issues are handled
- Record keeping: keeping relevant evidence of claims and actions
If your startup has multiple founders or investors, governance commitments can also intersect with your internal company rules and decision-making documents. This is where a tailored Shareholders Agreement and Company Constitution can help clarify control, approvals, and accountability as you grow.
6. Supplier And Third-Party Expectations
Even if you don’t have much leverage as a smaller business, your ESG policy should address expectations for third parties where relevant.
Depending on what you do, this may include:
- Supplier screening (basic due diligence before onboarding)
- Expectations around lawful operations and ethical conduct
- Data protection and confidentiality expectations
- Right to terminate or remediate if serious issues arise
This section is particularly important if your customers are asking you about supply chain issues - because they want to know what you do beyond your own walls. Depending on your business size and structure, you may also be asked about modern slavery risks and, in some cases, whether reporting obligations apply (for example, under the Modern Slavery Act 2018 (Cth) certain entities are required to report once they meet specific thresholds).
7. Monitoring, Review And Continuous Improvement
Your ESG policy should be a “living document”, not something you publish once and forget.
For small businesses, a practical approach is to commit to reviewing your ESG policy:
- annually, and
- whenever there’s a major change (new operations, new market, new supplier category, acquisition, rapid team growth).
You can also include a short list of metrics you intend to monitor over time (even if they’re basic at first), such as:
- energy use or travel frequency
- staff turnover and engagement
- training completion
- customer complaints trends
- privacy incidents or security events
ESG Policy Template Add-Ons For Startups: Privacy, AI, And Marketing Claims
Many Australian startups aren’t heavy manufacturers - they’re tech-enabled, service-based, or ecommerce businesses. That means your ESG policy often overlaps with other legal and operational documents.
Privacy And Data Protection
If your business collects personal information (through a website, signup forms, subscriptions, client onboarding, or even CCTV in premises), privacy becomes a real governance issue.
It’s common for ESG questionnaires to ask about how you handle data, security and privacy. Your ESG policy can include high-level privacy commitments, but it shouldn’t replace the documents you actually need for compliance.
In practice, you’ll often also need a Privacy Policy and internal processes for handling data access requests and incidents.
Marketing Claims And “Green” Statements
Startups often use strong brand messaging to compete - and sustainability claims can be part of that. Just be careful: ESG statements can become “proof points” that customers rely on.
To keep things consistent:
- Make sure your ESG policy doesn’t contradict your website, product pages, or pitch decks
- Keep records of evidence supporting any key ESG statements
- Be particularly cautious with absolute claims (like “zero waste” or “100% ethical”)
If you’re updating your public-facing terms as part of this process, it may also be the right time to review your Website Terms and Conditions so your customer-facing commitments are consistent and enforceable.
Employment Practices And Workplace Policies
For growing businesses, ESG “social” commitments often end up being tested internally first. If you say you have a safe and respectful workplace, you need practical mechanisms behind it: onboarding, training, reporting channels, and clear expectations.
As you scale, this is where workplace documentation can support what you’ve promised in your ESG policy - including workplace policies and clauses in your employment agreements.
How To Implement Your ESG Policy (So It’s More Than A PDF On Your Website)
An ESG policy works best when it’s part of your actual operations. The good news is you don’t need a large compliance team to do this well - you just need a consistent, repeatable approach.
Step 1: Assign A Responsible Owner
Pick one person accountable for keeping the policy updated and making sure commitments are realistic. In a small business, this might be a director, operations lead, or founder.
Step 2: Map Your Biggest ESG Risks And Impacts
You don’t need to cover every issue under the sun. Focus on what actually matters for your business model.
For example:
- If you’re in ecommerce, packaging and returns may be a big environmental factor.
- If you’re in SaaS, energy usage and data governance might matter more.
- If you’re in services, social factors like workforce conditions and client impacts may be front and centre.
Step 3: Align Your Contracts And Policies
This is the part many businesses miss. If your ESG policy says you require suppliers to meet certain standards, you may need those standards reflected in supplier agreements, onboarding terms, or purchase orders.
If you promise staff training or reporting pathways, you may need a staff handbook or workplace policy set to make that real.
Step 4: Set A Review Cycle And Keep Records
ESG is increasingly evidence-based. Even for small businesses, simple documentation can go a long way:
- keep copies of supplier checks
- record ESG training or communications
- track key metrics quarterly or annually
- record incidents and how they were resolved
This makes it easier to respond to customer due diligence, renew contracts, and show progress over time.
Key Takeaways
- An ESG policy template is a practical starting point, but it should be tailored to what your startup or small business actually does (and can realistically commit to).
- A strong ESG policy usually covers purpose and scope, environmental commitments, social commitments, governance responsibilities, supplier expectations, and a clear review process.
- Be careful not to overpromise - ESG policies can create reputational and legal risk if they conflict with your real practices or public marketing claims.
- ESG commitments often overlap with core legal documents like your Privacy Policy, Website Terms and Conditions, and employment documentation.
- Implementation matters: assign an owner, focus on material risks, align contracts and policies, and keep basic records to support your ESG statements.
If you’d like help putting together an ESG policy that fits your business (and aligns with your contracts and compliance obligations), you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
