From compliance to governance: How boards should be thinking about ecocide risk
Most companies are managing ecocide risk at the wrong level of the organisation, using the wrong frameworks, with the wrong level of scrutiny. Here is what genuine board-level governance of this issue looks like.
The wrong level of the organisation
The most common response to emerging environmental legal risk in large organisations follows a predictable pattern: the risk is identified, assigned to the sustainability or legal function, incorporated into a risk register and managed through a combination of policy updates, management system adjustments and disclosure enhancements. That pattern was adequate for the previous generation of environmental regulatory risk – a world in which environmental liability was primarily civil, primarily administrative and primarily organisational in its consequences. It is not adequate for the emerging criminal liability framework that ecocide law represents.
Criminal liability requires a governance response, not a management response. The distinction matters. A management response treats the issue as a problem to be solved within the existing organisational structure, using existing tools and reporting lines, with board oversight provided through periodic updates from the function responsible. A governance response treats the issue as a board-level accountability question – one that the board owns, that it has the expertise and information to evaluate independently and that it is prepared to act on when the evidence requires.
The shifting litigation landscape
The Grantham Research Institute at the London School of Economics has documented in its 2025 Global Trends in Climate Change Litigation report that the broader impacts of climate and environmental litigation are 'becoming increasingly visible and well-documented,' including impacts on climate governance, legislation and financial decision-making. The report noted that 'highly anticipated decisions in corporate climate cases affirmed that companies have a duty to contribute to combatting climate change and in principle they can be held liable for climate-related harm.' This shift from policy debate to legal accountability is the context in which boards are now operating.[1]
Board composition and capability
The first element of genuine board-level governance of ecocide risk is board composition and capability. Does the board have sufficient environmental and legal expertise to evaluate the organisation's exposure independently, or is it entirely dependent on management representation? This does not mean that every board needs a former environmental regulator or ecosystem scientist as a member. It means that the board collectively needs the capability to ask hard, informed questions about environmental management and to understand the answers critically – rather than accepting management reassurances at face value.
Many boards have addressed this through the appointment of independent non-executive directors with sustainability or legal backgrounds, or through the establishment of dedicated environmental, social and governance committees with specifically mandated oversight of environmental risk and compliance. The committee structure matters less than its effectiveness – a dedicated ESG committee that receives only management-prepared reports and never commissions independent review is not meaningfully different from no committee at all.
Independent assurance as a board tool
The second element is independent assurance. The board should not be relying solely on management-prepared assessments of environmental performance. Third-party assurance over environmental management systems, supply chain due diligence processes and material environmental disclosure is the mechanism through which the board obtains evidence it can rely on independently of the management team that generated it. This is not a novel concept – audit committees have long insisted on independent financial audit for exactly this reason. The principle applies with equal force to non-financial performance in a world where non-financial liability is real, material and criminal.
The quality of the assurance provider matters significantly. An assurance opinion from a provider with no relevant credentials, no industry expertise and no understanding of the legal standards being applied is worth very little in a governance or liability context. Boards should be asking who is providing assurance over environmental performance, what standard they are applying, what scope of work they have undertaken and whether the resulting opinion would withstand scrutiny from a regulator or a court.
Scenario analysis and stress testing
The third element is scenario analysis. Boards should be stress-testing their environmental risk exposure against the emerging ecocide legal framework, not just current regulatory requirements. What activities in the organisation's direct operations or supply chain could potentially meet the threshold for serious environmental harm under the EU Environmental Crime Directive's 'comparable to ecocide' standard? What is the state of the documentation, management systems and independent verification for those activities? What would the organisation's position be if those activities were subject to criminal scrutiny rather than a standard regulatory audit?
Law firm Hogan Lovells has advised that companies should 'ensure board-level oversight of climate-related activities and risks, to ensure that they are consistent with corporate values and risk appetite, and that their interaction with regulatory, fiduciary and contractual duties is clearly understood' and should 'monitor developments in the status of the climate and significant changes in scientific understanding and attribution science.'[2]
Escalation and board-level reporting
The fourth element is escalation protocols. Does the board have clear mechanisms for ensuring that material environmental incidents, near-misses and emerging regulatory developments reach board level in a timely way, rather than being managed within the business and reported retrospectively? In most organisations, the escalation of environmental issues to board level is discretionary and depends on management judgement about what is significant enough to report. In a world where an environmental incident can create criminal liability for individual board members, that discretion needs to be replaced with a structured protocol that ensures the board is informed before, not after, it matters.
These are not aspirational governance standards designed for a hypothetical future. They are the minimum that a genuinely diligent board should be applying to a risk category that now carries criminal personal liability, is subject to mandatory disclosure obligations across multiple major jurisdictions and is increasingly capable of producing litigation with quantified damages assigned to named defendants. The boards that build this governance infrastructure now are the ones that will be able to demonstrate, if they ever need to, that they took the issue seriously before they were required to.
References
[1] Grantham Research Institute on Climate Change and the Environment, LSE, 'Global Trends in Climate Change Litigation: 2025 Snapshot' (11 December 2025). https://www.lse.ac.uk/granthaminstitute/publication/global-trends-in-climate-change-litigation-2025-snapshot/
[2] Hogan Lovells, 'Climate Liability Litigation: A Growing Risk for UK Financial Institutions' (2025). https://www.hoganlovells.com/en/publications/climate-liability-litigation-a-growing-risk-for-uk-financial-institutions