Over 23,000 companies disclosed environmental data through CDP in 2023, making it the world’s largest climate disclosure platform. CDP reporting has become a baseline expectation for investors, supply chain partners, and regulators who need standardized climate risk data. Yet many organizations struggle with the questionnaire’s complexity, unclear data requirements, and the scoring methodology.
CDP reporting is the process of responding to CDP’s annual environmental disclosure questionnaire. Organizations report their greenhouse gas emissions, climate risks, governance structures, and transition plans. Responses are scored from A (leadership) to D- (disclosure) and shared with over 740 institutional investors representing $136 trillion in assets.
Below, you will learn what CDP reporting requires, how the process works step by step, and what climate data you need to score well.
What Is CDP Reporting?
CDP (formerly the Carbon Disclosure Project) operates a global disclosure system that enables companies, cities, and financial institutions to report their environmental impact. CDP reporting covers three questionnaire tracks: climate change, water security, and forests.
The climate change questionnaire is the most widely used. It asks organizations to disclose Scope 1, 2, and 3 greenhouse gas emissions, describe their governance of climate-related issues, identify physical and transition risks, and outline their strategy for reducing emissions.
CDP reporting aligns closely with the TCFD framework. Since 2018, CDP has incorporated TCFD’s four pillars (governance, strategy, risk management, and metrics) into its questionnaire structure. Organizations that already report under TCFD will find significant overlap with CDP’s requirements.
Unlike voluntary sustainability reports, CDP reporting produces a standardized score. Investors and supply chain buyers use these scores to compare climate performance across companies and sectors.
CDP Reporting Requirements: What You Need to Disclose
The CDP climate change questionnaire covers several core areas. Understanding these requirements before you begin saves time and prevents incomplete submissions.
Governance and strategy. CDP asks who in your organization oversees climate-related issues, how climate considerations factor into business strategy, and what financial planning processes account for climate risk. Board-level oversight is a key differentiator for higher scores.
Emissions data. You must report Scope 1 (direct), Scope 2 (purchased energy), and ideally Scope 3 (value chain) emissions. CDP expects emissions to be calculated using the GHG Protocol methodology. Running a climate audit and getting third-party verification of emissions data improves your score.
Climate risks and opportunities. CDP requires you to identify physical risks (floods, heat stress, water scarcity) and transition risks (policy changes, market shifts, technology disruption) that could affect your operations. For each risk, you must estimate the financial impact and describe your response.
Targets and performance. Organizations should disclose emissions reduction targets, renewable energy commitments, and progress against previous targets. Science-based targets aligned with the Paris Agreement receive favorable scoring.
How the CDP Reporting Process Works
CDP reporting follows a structured annual cycle. Here are the six steps from registration to scoring.
Step 1: Registration. Organizations register on the CDP platform between January and April. You select which questionnaire(s) to respond to based on your sector and stakeholder requests. Companies are often invited to disclose by investors or supply chain buyers through CDP’s request system.
Step 2: Data collection. Gather your emissions data, governance documentation, risk assessments, and target information. The data collection phase typically takes 4 to 8 weeks depending on organizational complexity. Start early to avoid last-minute gaps.
Step 3: Questionnaire completion. Complete the online questionnaire by the July deadline. The questionnaire contains approximately 100 questions organized into 12 modules. Each module covers a specific topic area (governance, risks, emissions, targets, etc.).
Step 4: Physical risk assessment. One of the most data-intensive sections requires you to identify climate-related physical risks at your key locations. You need to specify the hazard type, likelihood, magnitude, and estimated financial impact. Continuuiti’s climate risk assessment provides the location-level hazard data many organizations need for this section.
Step 5: Submission and verification. Submit your completed questionnaire before the deadline. While third-party verification is optional, verified data significantly improves scoring. CDP accepts assurance from accredited third-party verifiers.
Step 6: Scoring and disclosure. CDP scores responses from A (leadership) to D- (disclosure). Scores are released in December and shared with requesting investors and supply chain partners. Organizations that do not respond receive an F (failure to disclose).
How CDP Scoring Works
CDP uses a tiered CDP scoring methodology that evaluates both the completeness and quality of your disclosure. Understanding the scoring criteria helps you prioritize where to invest effort.
| Score | Level | What It Means |
|---|---|---|
| A / A- | Leadership | Best practice, ambitious targets, verified data, board oversight |
| B / B- | Management | Taking coordinated action, setting targets, integrating climate into strategy |
| C / C- | Awareness | Aware of climate issues, beginning to measure and manage |
| D / D- | Disclosure | Providing basic information, limited action |
| F | Failure | Did not respond or provided insufficient information |
Scoring progresses through four levels. First, CDP checks whether you disclosed the requested information (D level). Next, it evaluates whether you are aware of the issues (C level). Then it assesses whether you are managing them (B level). Finally, it looks for best-practice leadership actions (A level).
Key factors that differentiate A-list companies include verified emissions data, science-based targets, board-level climate governance, and quantified financial impacts of climate risks.
What Climate Data Do You Need for CDP Reporting?
The physical risk section of the CDP questionnaire requires specific climate risk data for your operational locations. Here is what CDP expects you to report.
Hazard identification. Identify which physical hazards affect your locations: flooding, heat stress, water stress, drought, wildfire, storms, and sea level rise. CDP asks you to specify the type, time horizon, and likelihood of each hazard.
Financial impact estimation. For each identified risk, estimate the potential financial impact. CDP provides categories: low (less than $1M), medium-low ($1M-$10M), medium ($10M-$100M), medium-high ($100M-$500M), and high (over $500M). The CDP 2026 Corporate Health Check found that companies have collectively identified $1.47 trillion in physical risk, yet only 9% have invested in adaptation.
Vulnerability and response. Describe your vulnerability to each risk and the management actions you are taking. CDP expects specific responses, not generic statements about monitoring climate trends.
Scenario analysis. CDP increasingly expects organizations to conduct scenario analysis using recognized frameworks. Using SSP or RCP scenarios to project future risks demonstrates methodological rigor and supports higher scores.
CDP Reporting vs Other Disclosure Frameworks
CDP reporting does not operate in isolation. Several other frameworks cover similar territory, and understanding the overlaps helps you avoid duplicate work.
CDP and TCFD. CDP has fully integrated the TCFD framework’s recommendations into its questionnaire. A strong TCFD report provides most of the content needed for CDP. However, CDP requires more granular emissions data and uses its own scoring methodology.
CDP and ISSB/IFRS S2. The ISSB’s sustainability disclosure standards (IFRS S1 and S2) are becoming mandatory in several jurisdictions. CDP has announced alignment with ISSB standards, meaning future CDP questionnaires will closely mirror IFRS S2 requirements.
CDP and TNFD. CDP’s forests and water security questionnaires now include questions aligned with the TNFD framework for nature-related disclosures. Organizations responding to these tracks are already generating data relevant to TNFD reporting on biodiversity dependencies and ecosystem impacts.
CDP and California SB 253. Companies subject to California’s climate disclosure laws will find overlap with CDP reporting, since both require GHG emissions data following the GHG Protocol. SB 253 mandates Scope 1, 2, and 3 reporting for companies above $1 billion in revenue, mirroring the emissions data already collected for CDP.
CDP and GHG Protocol. CDP requires emissions calculations to follow the GHG Protocol methodology. If you already calculate emissions using the GHG Protocol, you can use the same data for CDP reporting.
Frequently Asked Questions
What does CDP stand for?
CDP originally stood for the Carbon Disclosure Project. The organization rebranded to just CDP in 2013 as its scope expanded beyond carbon to include water security and deforestation. Today CDP operates the world’s largest environmental disclosure system covering climate change, water, and forests.
What does CDP stand for in ESG?
In ESG (Environmental, Social, and Governance) contexts, CDP refers to the disclosure platform that collects and scores corporate environmental data. CDP scores are widely used by ESG rating agencies, institutional investors, and sustainability benchmarks to evaluate a company’s environmental performance and climate risk management.
What does CDP stand for in climate change?
In climate change contexts, CDP is the global disclosure system through which companies report greenhouse gas emissions, climate risks, and reduction targets. CDP’s climate change questionnaire is the most widely used track, with over 23,000 companies disclosing climate data to investors and supply chain partners.
Is CDP reporting mandatory?
CDP reporting is technically voluntary, but it is increasingly expected by investors, regulators, and supply chain partners. Over 740 institutional investors with $136 trillion in assets request CDP disclosure from their portfolio companies. Many large buyers also require CDP disclosure from their suppliers through the CDP Supply Chain program.
How long does CDP reporting take?
First-time CDP reporting typically takes 8 to 12 weeks from data collection to submission. Experienced reporters can complete the process in 4 to 6 weeks. The most time-consuming elements are gathering Scope 3 emissions data, conducting physical risk assessments, and obtaining third-party verification.
Conclusion
CDP reporting gives organizations a structured way to disclose climate risks, emissions, and governance to the investors and partners who need that information. The process follows a clear annual cycle from registration through scoring, and the requirements align closely with TCFD and emerging ISSB standards. Start by gathering your emissions data and conducting location-level physical risk assessments, then work through the questionnaire systematically. Organizations that invest in data quality and third-party verification consistently achieve higher CDP reporting scores.
