Imagine for a moment, a business gets a compliance request around sustainability it has not had before. A major customer wants Scope 3 emissions data. Another requests polygon level geolocation data in relation to raw materials. A new extended producer responsibility (EPR) obligation lands on its packaging. Somebody, somewhere has made a 'sustainably sourced' claim and nobody is quite sure what it means, or whether it can be evidenced.

The business knows it needs help, but it is not sure what kind. So it either calls its lawyers, or it hires a sustainability consultant.

We need to acknowledge the difference in perspective here. For a major retailer or manufacturer with a large compliance function, much of this is familiar territory: new rules arrive, teams triage them, systems are built, reporting follows. For a small or medium-sized enterprise (SME), being told "you need to get your sustainability compliance position in order" can be genuinely daunting. It can feel like a high-stakes problem with unfamiliar language, unclear expectations and open-ended cost.

Why getting the right expert help matters

The goal of this guide is to make that first step feel more navigable: define the question, use the right expertise, and keep the response proportionate.

This piece is about how to avoid misdirected effort. It is not a comprehensive guide to sustainability regulation - there are plenty of those. It is about a narrower, more practical question: when you need external help on sustainability, what should you be using lawyers for, what should you be using consultants for, and where do people get that wrong? It doesn’t answer the question definitively but it will hopefully enable the correct questions to be asked.

Why this is harder than it looks

Much of the regulatory pressure in this area is aimed at the largest organisations, the Corporate Sustainability Reporting Directive (CSRD), the Corporate Sustainability Due Diligence Directive (CSDDD), and the EU Taxonomy Regulation being obvious examples. But those obligations cascade down through the supply chain. When a multinational has to report on supply-chain due diligence, it does not just report; it starts asking its suppliers for data, evidence and contractual commitments. Those suppliers, in turn, ask their suppliers. Before long, a mid-sized manufacturer or regional retailer that is nowhere near the scope thresholds of the underlying regulation is fielding detailed compliance requests simply because its biggest customer needs the information.

At the same time, product- and packaging-level rules, EPR being the obvious example, can create direct legal obligations that do not neatly track company size, and the operational burden and cost can be significant even for smaller businesses because it isn’t linked to turnover but to items sold.

The result is that businesses across the supply-chain spectrum are dealing with sustainability compliance, but the shape of what they face varies enormously. That is why the "lawyer or consultant?" question is so important.

Sustainability compliance is genuinely multidisciplinary. The direction of travel is legal - it comes from regulation, reporting obligations and liability risk. But actually doing the work requires technical and operational expertise that most lawyers simply cannot provide.

Where consultants should be leading

In most businesses, the bulk of the substantive sustainability work is best led by consultants and internal teams. That includes things like:

• Mapping supply chains across multiple tiers.
• Working out what data can realistically be collected from suppliers.
• Designing packaging data processes that support EPR compliance.
• Running a materiality assessment grounded in actual risks rather than a generic template.
• Building a reporting process that produces something useful year after year, not a one-off compliance document.

All of that requires sector knowledge, technical skill and operational judgement.

Lawyers do get asked to do work of this kind. When that happens, you might find that they say to find a consultant instead. That is not the lawyer being unhelpful; it is being honest about where value is actually added.

Where legal input makes the biggest difference

Legal input tends to matter at specific pressure points.

Scoping

The first is scoping: what actually applies to your business, and when. This sounds simple, but it often is not. Own-brand products can pull a business into regimes it assumes do not apply (even putting your branding sticker on a battery can bring you within unexpected obligations). Group structures and cross-border activity create edge cases. Getting scoping wrong early means building to the wrong set of requirements.

Claims

The second is claims. A 'responsibly sourced' hangtag. A 'carbon neutral' webpage. A net-zero target in an annual report. These statements can attract regulatory scrutiny and private enforcement if the evidence behind them isn’t sufficient. They benefit from legal review early in the process, not at the final hour.

Governance

The third is governance. Someone needs to review and advise on sustainability statements before board approval. That approval needs to be informed, recorded and defensible. Boards increasingly understand that climate and supply-chain risks can be financial risks, and that oversight matters.

‘The gaps’

The fourth is providing advice on 'the gaps'; how should this or that be interpreted? Why does this particular regulation seem to not make sense?

Finally, it probably goes without saying, but if things get litigious legal input is vital.

There is also a more prosaic, but important, point: conversations with lawyers are subject to duties of confidentiality and, where the conditions are met, legal professional privilege (LPP) may apply. That matters when a business is exploring where its controls are weak, where data is missing, or where it thinks it might not yet be compliant. Having a protected space to identify problems honestly often makes the difference between fixing them early and managing a problem later.

A note on transition plans

Transition plans are a good example of where people often get this wrong.

A credible transition plan has to be grounded in reality. It needs proper data, plausible assumptions, and a pathway that reflects how the business actually operates. That is consultant-led work.

But transition plans also create exposure. They involve commitments, targets and timelines that may be repeated in public disclosures, customer communications and regulatory filings. Boards are approving them. Regulators are scrutinising them.

In practice, the strongest transition planning processes will be collaborative. Consultants build the substance. Lawyers help define the guardrails: what is safe to say, how uncertainty is described, and how governance and sign-off are documented. Neither discipline delivers the best (for which read lowest risk) outcome on its own.

Supply chains: Where the disciplines interlock

Supply chains deserve separate treatment, because this is where the most value is lost when lawyers and consultants operate in isolation.

On the operational side, the work is familiar: mapping supplier tiers, identifying high-risk sites, running questionnaires, engaging factories, building capacity. That is consultant and procurement territory.

But none of that works properly unless the contractual framework supports it. If your supplier contract does not actually require traceability data, cooperation with audits, or flow-down of obligations to sub-suppliers, your operational programme quickly runs out of road.

This is where legal input matters: data-provision obligations on a defined cadence; audit and cooperation rights that reflect how assurance actually works; remedies that prioritise remediation over immediate termination. Where supplier-provided information is repeated in public disclosures, warranties, and sometimes indemnities, can matter as well.

Each side amplifies the other. Mapping exercises are more valuable when there is a contractual mechanism to enforce the data flows they identify. Contract clauses work better when there is an operational programme behind them.

Getting the sequencing right

Running legal and consultancy workstreams in parallel from day one looks and feels thorough, but in practice it means lawyers are reviewing drafts that are still evolving and consultants are building systems without clarity on legal requirements.

A better approach is simpler:

• Early legal scoping: What applies, when, and where the real judgement calls sit.
• Consultant-led build, grounded in operational reality.
• Targeted legal input when specific issues arise.
• Joint review before anything is published or filed.

That final step is where gaps are identified: claims that do not quite match the evidence, commitments the business has not really agreed to, governance steps that have been assumed rather than done.

A final point for smaller businesses (and first-timers)

If you are new to this, the most important thing to hear is: you do not need to build a multinational-level programme overnight.

If your immediate issue is EPR compliance, responding to a customer Scope 3 data request, or checking whether a claim can be supported, you may need a few days of focused consultancy input and a short piece of legal advice, not a six-month programme. The best value comes from defining the question tightly before you pick up the phone, and then using each adviser for their specific skills.

Round up of our key takeaways for businesses

• Regulation reaches further than you think: Sustainability rules aimed at large organisations cascade down supply chains, pulling SMEs into compliance demands even when they fall below the thresholds of the underlying legislation.
• Use the right adviser for the right task: Lawyers and consultants serve different functions - conflating them leads to misdirected spend and weaker outcomes.
• Consultants own the operational build: Supply chain mapping, data collection, materiality assessments and reporting processes are consultant territory.
• Legal input has a specific job: It matters most at the point of scoping, claims review, governance sign-off and regulatory interpretation.
• Privilege has practical value: Legal advice may attract professional privilege, creating a protected space to identify weaknesses honestly before they become problems.
• Sequencing is everything: Legal scoping first, consultant-led build second, joint review before anything is published or filed.
• Supply chains need both disciplines working together: Operational programmes and contractual frameworks must reinforce each other to be effective.
• SMEs should start narrow: Define the question tightly, use each adviser for their specific strengths, and resist the pull towards a disproportionate programme.

Closing thought

Sustainability compliance works best when the people who understand the operational reality build the programme, and lawyers add guardrails at the points where legal risk is real.

Get that division right and you spend less, move faster, and end up with something that is both credible and defensible. Get it wrong and you might pay twice for a result that is half as valuable.

As acknowledged above, those who are familiar with this will know who to call; the intention isn’t to teach anyone how to suck eggs. But it seems the direction of travel over the next few years will be that even those who thought they were 'off the hook' are increasingly going to be drawn in as the scope of regulation expands or as being part of a value chain indirectly brings an SME into the world of CSRD reporting obligations.

Suppliers and customers are going to start requiring data from a business that they have never had to provide before and hopefully what is set out above will mean that workstreams arising can be focused in the right place from the start for the benefit of everyone.