Double materiality for technology & ICT.
Technology and ICT undertakings face concentrated impact materiality across energy use, workforce, consumer and end-user rights, and business conduct — overlaid with the AI Act, GDPR, DSA and Energy Efficiency Directive data-centre provisions. This sector guide outlines the typical material IROs, the regulatory overlay, and the DMA pitfalls observed in Wave 1 filings.
Where technology and ICT’s material topics cluster.
All 10 ESRS topics plotted on a dual-materiality map calibrated to the sector. Click any topic for the specific IROs, scoring rationale and disclosure mapping. Switch between typical and heightened scenarios — the latter reflects exposure to high-intensity AI workloads, large consumer-facing platforms, or hardware manufacturing.
12 illustrative IROs for technology & ICT.
Impacts, risks and opportunities drawn from the topical ESRS and EFRAG IG 1, contextualised to technology and ICT’s operations and value chain. Filter by category.
Data centre electricity consumption
Growing AI workloads are driving data centre electricity consumption at double-digit rates. Largest single climate impact for cloud, platform and AI undertakings.
Algorithmic bias and discrimination in AI systems
AI systems deployed in consequential decisions (credit, hiring, healthcare) can systematically disadvantage protected groups. S4 information-related impact with AI Act regulatory anchor.
Online safety, particularly for minors
Platforms used by minors carry documented impacts on mental health, exposure to harmful content, and addictive design. DSA amplifies the regulatory frame.
Workforce mental health and burnout
Always-on working cultures in the sector drive documented mental-health impacts. Impact materiality is severity-weighted under ESRS S1-14.
AI Act compliance for high-risk systems
Conformity assessment, risk management systems, data governance and human oversight requirements for high-risk AI. Direct S4 and G1 financial materiality.
GDPR enforcement and data breach exposure
Fines of up to 4% of global turnover for serious breaches. Data-breach notification and individual-redress regime. Direct consumer-materiality driver.
DMA gatekeeper designation and DSA platform obligations
Gatekeeper and VLOP obligations carry material operating-model restrictions. Non-compliance penalties at 10%+ of global turnover.
Customer Scope 3 cascading disclosure demand
Enterprise customers increasingly require verified per-service emissions factors. Non-provision risks contract loss and pipeline attrition.
Renewable PPA-backed data centres
Direct PPAs with renewable generators deliver both emissions reduction and electricity-cost hedging. Taxonomy-alignment benefit if additional capacity.
Trustworthy AI and privacy-by-design certifications
Formal certification to emerging AI trust frameworks and privacy-by-design standards unlocks enterprise buyer preference, particularly in EU public sector.
Circular IT hardware and device-as-a-service
Refurbishment, take-back and device-as-a-service programmes reduce e-waste impact while creating margin-resilient recurring-revenue models.
Human-capital reporting as investor differentiator
High-quality ESRS S1 disclosure on DEI, remuneration and human-capital metrics is increasingly valued by institutional investors in tech-sector M&A and IPO.
EU regulations that intersect the DMA.
These adjacent EU regulations shape which impacts and financial effects are likely to score as material for a manufacturing undertaking. Read them into the DMA as evidence sources.
EU AI Act
Risk-based regulation of AI systems. High-risk systems face conformity assessment and ongoing governance requirements. GPAI model obligations from Aug 2025. Central S4 and G1 input.
General Data Protection Regulation
Personal data protection and data-subject rights. Enforcement intensifying with cross-border cooperation regulation. Central S4 materiality for consumer-data businesses.
Digital Services Act
Platform and intermediary-service obligations, VLOP systemic-risk assessment. Direct S4 risk and G1 governance materiality for platforms.
Digital Markets Act
Gatekeeper obligations on core platform services. Interoperability, data portability and self-preferencing restrictions. Direct G1 materiality for designated undertakings.
Energy Efficiency Directive — data centre provisions
Data centre reporting obligations and energy-efficiency first principle. Reporting threshold starting with 500 kW capacity. Direct E1 input for cloud and platform operators.
Waste Electrical and Electronic Equipment Directive
Extended producer responsibility for electronic products. Collection and recycling targets. Direct E5 materiality for hardware businesses.
Six DMA errors seen in Wave 1 technology and ICT filings.
Patterns drawn from EFRAG’s 2025 implementation review and a review of published Wave 1 technology and ICT CSRD reports. Treat as a pre-flight checklist before the DMA is signed off.
Data centre emissions reported on location-based only
Both location-based and market-based Scope 2 are required. PPAs that don’t meet market-based boundary criteria do not count for market-based Scope 2 reduction.
AI ethics treated as a standalone disclosure, not S4
AI-system bias and fairness is an S4 information-related impact on consumers and end-users. It flows into S4 scoring, not only into a separate responsible-AI narrative.
Scope 3 Cat. 1 hardware emissions undercounted
Embodied carbon of purchased hardware (servers, routers, end-user devices) often dominates Scope 3 for ICT undertakings. Spend-based proxies heavily understate the real profile.
Vendor content-moderation workforce not assessed under S2
Outsourced content moderation is a value-chain workforce topic with documented psychological-harm severity. S2 assessment must extend to these vendors.
Algorithmic and AI impact on vulnerable users not assessed under S4
DSA and AI Act both focus on vulnerable-user outcomes (minors, disability, linguistic minorities). S4 scoring must reflect differential impact across user segments.
Tax transparency absent from G1 disclosure
ESRS G1-1 and EU Public CbC Directive converge on tax-transparency expectations. Tax practices that diverge from commercial substance are a G1 governance risk.