bmad-plus 0.7.5 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (294) hide show
  1. package/CHANGELOG.md +450 -425
  2. package/LICENSE +21 -21
  3. package/README.md +555 -447
  4. package/osint-agent-package/README.md +88 -88
  5. package/osint-agent-package/SETUP_KEYS.md +108 -108
  6. package/osint-agent-package/agents/osint-investigator.md +80 -80
  7. package/osint-agent-package/install.ps1 +87 -87
  8. package/osint-agent-package/install.sh +76 -76
  9. package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
  10. package/osint-agent-package/skills/bmad-osint-investigate/osint/SKILL.md +452 -452
  11. package/osint-agent-package/skills/bmad-osint-investigate/osint/assets/dossier-template.md +116 -116
  12. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/content-extraction.md +100 -100
  13. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
  14. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/platforms.md +130 -130
  15. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/psychoprofile.md +69 -69
  16. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/tools.md +281 -281
  17. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
  18. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -260
  19. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
  20. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
  21. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
  22. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
  23. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/mcp-client.py +136 -136
  24. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
  25. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
  26. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
  27. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
  28. package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
  29. package/package.json +62 -57
  30. package/readme-international/README.de.md +576 -426
  31. package/readme-international/README.es.md +578 -518
  32. package/readme-international/README.fr.md +576 -516
  33. package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
  34. package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
  35. package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
  36. package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
  37. package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
  38. package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
  39. package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
  40. package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
  41. package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
  42. package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
  43. package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
  44. package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
  45. package/src/bmad-plus/agents/pack-animated/animated-website-agent.md +325 -325
  46. package/src/bmad-plus/agents/pack-animated/templates/animated-website-workflow.md +55 -55
  47. package/src/bmad-plus/agents/pack-backup/backup-agent.md +71 -71
  48. package/src/bmad-plus/agents/pack-backup/templates/backup-workflow.md +51 -51
  49. package/src/bmad-plus/agents/pack-seo/SKILL.md +171 -171
  50. package/src/bmad-plus/agents/pack-seo/checklist.md +140 -140
  51. package/src/bmad-plus/agents/pack-seo/pagespeed-playbook.md +320 -320
  52. package/src/bmad-plus/agents/pack-seo/ref/audit-schema.json +187 -187
  53. package/src/bmad-plus/agents/pack-seo/ref/cwv-thresholds.md +87 -87
  54. package/src/bmad-plus/agents/pack-seo/ref/eeat-criteria.md +123 -123
  55. package/src/bmad-plus/agents/pack-seo/ref/geo-signals.md +167 -167
  56. package/src/bmad-plus/agents/pack-seo/ref/hreflang-rules.md +153 -153
  57. package/src/bmad-plus/agents/pack-seo/ref/quality-gates.md +133 -133
  58. package/src/bmad-plus/agents/pack-seo/ref/schema-catalog.md +91 -91
  59. package/src/bmad-plus/agents/pack-seo/ref/schema-templates.json +356 -356
  60. package/src/bmad-plus/agents/pack-seo/seo-chief.md +294 -294
  61. package/src/bmad-plus/agents/pack-seo/seo-judge.md +241 -241
  62. package/src/bmad-plus/agents/pack-seo/seo-scout.md +171 -171
  63. package/src/bmad-plus/agents/pack-seo/templates/seo-audit-workflow.md +241 -241
  64. package/src/bmad-plus/data/role-triggers.yaml +209 -209
  65. package/src/bmad-plus/module-help.csv +10 -10
  66. package/src/bmad-plus/module.yaml +283 -280
  67. package/src/bmad-plus/packs/pack-animated/animated-website-agent.md +325 -0
  68. package/src/bmad-plus/packs/pack-animated/templates/animated-website-workflow.md +55 -0
  69. package/src/bmad-plus/packs/pack-backup/backup-agent.md +71 -0
  70. package/src/bmad-plus/packs/pack-backup/templates/backup-workflow.md +51 -0
  71. package/src/bmad-plus/packs/pack-dev-studio/README.md +162 -162
  72. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/analyst-agent.md +73 -73
  73. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/document-project.md +61 -61
  74. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/domain-research.md +95 -95
  75. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/market-research.md +95 -95
  76. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/prfaq.md +134 -134
  77. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/product-brief.md +80 -80
  78. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/tech-writer-agent.md +73 -73
  79. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/technical-research.md +95 -95
  80. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/architect-agent.md +73 -73
  81. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-architecture.md +73 -73
  82. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-epics-stories.md +92 -92
  83. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/generate-project-context.md +80 -80
  84. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/implementation-readiness.md +90 -90
  85. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01-init.md +153 -153
  86. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01b-continue.md +173 -173
  87. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-02-context.md +224 -224
  88. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-03-starter.md +329 -329
  89. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-04-decisions.md +318 -318
  90. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-05-patterns.md +359 -359
  91. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-06-structure.md +379 -379
  92. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-07-validation.md +361 -361
  93. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-08-complete.md +81 -81
  94. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/checkpoint-preview.md +67 -67
  95. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-01-gather-context.md +85 -85
  96. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-02-review.md +35 -35
  97. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-03-triage.md +49 -49
  98. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-04-present.md +131 -131
  99. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review.md +89 -89
  100. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/correct-course.md +300 -300
  101. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/create-story.md +428 -428
  102. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-agent.md +73 -73
  103. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story-checklist.md +80 -80
  104. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story.md +484 -484
  105. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/investigate.md +193 -193
  106. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/qa-e2e-tests.md +175 -175
  107. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/quick-dev.md +110 -110
  108. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/retrospective.md +1511 -1511
  109. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-planning.md +298 -298
  110. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-status.md +296 -296
  111. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-prd.md +29 -29
  112. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-ux-design.md +74 -74
  113. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/edit-prd.md +29 -29
  114. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/pm-agent.md +73 -73
  115. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/prd.md +89 -89
  116. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/ux-designer-agent.md +73 -73
  117. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/validate-prd.md +29 -29
  118. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/advanced-elicitation.md +141 -141
  119. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/adversarial-review.md +37 -37
  120. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/bmad-help.md +75 -75
  121. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/brainstorming.md +6 -6
  122. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/customize.md +110 -110
  123. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/distillator.md +176 -176
  124. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/edge-case-hunter.md +67 -67
  125. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-prose.md +86 -86
  126. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-structure.md +179 -179
  127. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/index-docs.md +66 -66
  128. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/party-mode.md +127 -127
  129. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/shard-doc.md +105 -105
  130. package/src/bmad-plus/packs/pack-dev-studio/dev-studio-orchestrator.md +120 -120
  131. package/src/bmad-plus/packs/pack-dev-studio/shared/architecture-decision-template.md +12 -12
  132. package/src/bmad-plus/packs/pack-dev-studio/shared/bwml-spec.md +328 -328
  133. package/src/bmad-plus/packs/pack-dev-studio/shared/module-help.csv +32 -32
  134. package/src/bmad-plus/packs/pack-dev-studio/upstream-sync.yaml +81 -81
  135. package/src/bmad-plus/packs/pack-memory/README.md +106 -106
  136. package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
  137. package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
  138. package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
  139. package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
  140. package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
  141. package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
  142. package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
  143. package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
  144. package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
  145. package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
  146. package/src/bmad-plus/packs/pack-seo/SKILL.md +171 -0
  147. package/src/bmad-plus/packs/pack-seo/checklist.md +140 -0
  148. package/src/bmad-plus/packs/pack-seo/pagespeed-playbook.md +320 -0
  149. package/src/bmad-plus/packs/pack-seo/ref/audit-schema.json +187 -0
  150. package/src/bmad-plus/packs/pack-seo/ref/cwv-thresholds.md +87 -0
  151. package/src/bmad-plus/packs/pack-seo/ref/eeat-criteria.md +123 -0
  152. package/src/bmad-plus/packs/pack-seo/ref/geo-signals.md +167 -0
  153. package/src/bmad-plus/packs/pack-seo/ref/hreflang-rules.md +153 -0
  154. package/src/bmad-plus/packs/pack-seo/ref/quality-gates.md +133 -0
  155. package/src/bmad-plus/packs/pack-seo/ref/schema-catalog.md +91 -0
  156. package/src/bmad-plus/packs/pack-seo/ref/schema-templates.json +356 -0
  157. package/src/bmad-plus/packs/pack-seo/seo-chief.md +294 -0
  158. package/src/bmad-plus/packs/pack-seo/seo-judge.md +241 -0
  159. package/src/bmad-plus/packs/pack-seo/seo-scout.md +171 -0
  160. package/src/bmad-plus/packs/pack-seo/templates/seo-audit-workflow.md +241 -0
  161. package/src/bmad-plus/packs/pack-shield/README.md +110 -110
  162. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +262 -262
  163. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +179 -179
  164. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +201 -201
  165. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +97 -97
  166. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +251 -251
  167. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +133 -133
  168. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +221 -221
  169. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +150 -150
  170. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +167 -167
  171. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +83 -83
  172. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +250 -250
  173. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +218 -218
  174. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
  175. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
  176. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
  177. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
  178. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
  179. package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +127 -127
  180. package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +272 -272
  181. package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +202 -202
  182. package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +367 -367
  183. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +510 -510
  184. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +247 -247
  185. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +173 -173
  186. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +239 -239
  187. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +266 -266
  188. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +164 -164
  189. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
  190. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
  191. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
  192. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
  193. package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
  194. package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
  195. package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
  196. package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
  197. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
  198. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
  199. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
  200. package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
  201. package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
  202. package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
  203. package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
  204. package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
  205. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
  206. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
  207. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
  208. package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
  209. package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
  210. package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
  211. package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
  212. package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
  213. package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
  214. package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
  215. package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
  216. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
  217. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
  218. package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
  219. package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
  220. package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
  221. package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
  222. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
  223. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
  224. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
  225. package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
  226. package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
  227. package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
  228. package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
  229. package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
  230. package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
  231. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
  232. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
  233. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
  234. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
  235. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
  236. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
  237. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
  238. package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
  239. package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
  240. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
  241. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
  242. package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
  243. package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
  244. package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
  245. package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
  246. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
  247. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
  248. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
  249. package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
  250. package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
  251. package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
  252. package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
  253. package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
  254. package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
  255. package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
  256. package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
  257. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
  258. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
  259. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
  260. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
  261. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
  262. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
  263. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
  264. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
  265. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
  266. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
  267. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
  268. package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
  269. package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
  270. package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
  271. package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
  272. package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
  273. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
  274. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
  275. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
  276. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
  277. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
  278. package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
  279. package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
  280. package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
  281. package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
  282. package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
  283. package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
  284. package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
  285. package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
  286. package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
  287. package/tools/cli/commands/autoconfig.js +498 -489
  288. package/tools/cli/commands/doctor.js +222 -222
  289. package/tools/cli/commands/install.js +739 -739
  290. package/tools/cli/commands/memory.js +194 -194
  291. package/tools/cli/commands/scan.js +360 -350
  292. package/tools/cli/commands/uninstall.js +96 -96
  293. package/tools/cli/commands/update.js +174 -174
  294. package/tools/cli/i18n.js +763 -763
@@ -1,401 +1,401 @@
1
- # ESRS Standards — Detailed Reference
2
-
3
- ## Cross-Cutting Standards (Mandatory for All In-Scope Companies)
4
-
5
- ---
6
-
7
- ### ESRS 1 — General Requirements
8
-
9
- **Purpose:** Sets the foundations for CSRD reporting — principles, structure, and the double materiality concept.
10
-
11
- **Key Requirements:**
12
-
13
- **Reporting Principles (paras. 1–18)**
14
- - Relevance, faithful representation, comparability, verifiability, understandability
15
- - Materiality-based reporting — only report what is material after DMA
16
- - Connected information — sustainability information must connect to financial statements
17
-
18
- **Double Materiality (paras. 19–44)**
19
- - Two perspectives: impact materiality + financial materiality
20
- - Both lenses must be applied; a topic is material if it meets EITHER criterion
21
- - DMA must cover own operations AND value chain
22
-
23
- **Value Chain (paras. 62–68)**
24
- - Must consider upstream (suppliers) and downstream (customers, end-users) value chain
25
- - Depth of value chain assessment scales with material impacts/risks
26
- - Where direct data unavailable, use proxy data / sector averages (disclose methodology)
27
-
28
- **Time Horizons (para. 72)**
29
- - Short-term: up to 1 year
30
- - Medium-term: 1–5 years
31
- - Long-term: beyond 5 years
32
-
33
- **Comparative Information (para. 86)**
34
- - Prior-year comparative data required for all quantitative disclosures
35
-
36
- **Transition Relief (paras. 118–134)**
37
- - Phase-in for Scope 3, ESRS S1 pay gap, some biodiversity datapoints
38
- - Listed SMEs may use simplified ESRS (voluntary standard pending)
39
-
40
- ---
41
-
42
- ### ESRS 2 — General Disclosures
43
-
44
- **Purpose:** Mandatory disclosures on governance, strategy, and risk management applicable to all in-scope companies regardless of DMA outcome.
45
-
46
- **Status:** Fully mandatory — cannot be omitted even if all topical standards are found non-material.
47
-
48
- #### GOV — Governance
49
-
50
- **GOV-1: Role of the administrative, management and supervisory bodies**
51
- - Composition and diversity of governance bodies related to sustainability
52
- - Sustainability expertise of governance members
53
- - How governance bodies oversee sustainability strategy and IROs
54
- - Integration of sustainability in board agendas and reporting lines
55
-
56
- **GOV-2: Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies**
57
- - Frequency and nature of sustainability information provided to governing bodies
58
- - How governing bodies consider sustainability risks and opportunities in decision-making
59
-
60
- **GOV-3: Integration of sustainability-related performance in incentive schemes**
61
- - Whether and how ESG performance is integrated in executive/management remuneration
62
- - Proportion of remuneration linked to sustainability targets
63
-
64
- **GOV-4: Statement on due diligence**
65
- - Whether the company has a due diligence process aligned with international standards (UN Guiding Principles, OECD Guidelines)
66
- - How human rights and environmental due diligence is embedded in operations
67
-
68
- **GOV-5: Risk management and internal controls over sustainability reporting**
69
- - Internal control framework for sustainability reporting
70
- - How risks of material misstatement in sustainability data are managed
71
-
72
- #### SBM — Strategy and Business Model
73
-
74
- **SBM-1: Strategy, business model, and value chain**
75
- - Business model overview and key value drivers
76
- - How sustainability matters are integrated into strategy
77
- - Full value chain description (upstream, operations, downstream)
78
- - Significant products, services, markets, and geographies
79
-
80
- **SBM-2: Interests and views of stakeholders**
81
- - Stakeholder engagement process and which stakeholders were consulted
82
- - How stakeholder views influenced strategy and reporting
83
- - Linkage between stakeholder input and material IROs identified
84
-
85
- **SBM-3: Material impacts, risks and opportunities and their interaction with strategy and business model**
86
- - Output of the DMA: list of material topics
87
- - How material IROs interact with the business model and strategy
88
- - Financial effects: current financial effects and anticipated financial effects of material IROs
89
- - Resilience of strategy under different scenarios
90
-
91
- #### IRO — Impacts, Risks and Opportunities
92
-
93
- **IRO-1: Description of the processes to identify and assess material impacts, risks and opportunities**
94
- - DMA methodology: scope, process, tools, assessment criteria
95
- - How impact significance is assessed (scale, scope, irremediability, likelihood)
96
- - How financial risks/opportunities are identified and assessed
97
- - Stakeholders consulted and how their input was used
98
- - Any sector-specific guidance applied
99
-
100
- ---
101
-
102
- ## Environmental Standards
103
-
104
- ### ESRS E1 — Climate Change
105
-
106
- **Applicability:** Apply if material after DMA. Climate is presumed material for most large companies — requires compelling justification to omit.
107
-
108
- **Mandatory Datapoints Regardless of Materiality:**
109
- - E1-1: Transition plan for climate change mitigation (Art. 19a(2)(a) — legally required even if topic found non-material)
110
- - Energy consumption from fossil fuels (ESRS E1-5, para. 40)
111
-
112
- **Key Disclosures:**
113
-
114
- **E1-1: Transition plan for climate change mitigation**
115
- - Decarbonisation targets: 2030, 2040, 2050 aligned with 1.5°C
116
- - Planned actions and enablers
117
- - Financial resources allocated (capex, opex, R&D)
118
- - Role of carbon offsets (must distinguish from own-emission reductions)
119
- - Locked-in GHG assets and stranded asset risk
120
- - EU Taxonomy alignment targets
121
-
122
- **E1-2: Policies related to climate change mitigation and adaptation**
123
- - Scope of policies (own operations / value chain)
124
- - Climate risk management policies
125
- - Net-zero ambition and pathway description
126
-
127
- **E1-3: Actions and resources in relation to climate change policies**
128
- - Decarbonisation action plan with timelines
129
- - Resources committed (financial, human, technical)
130
- - Actions relating to key GHG sources in own operations and value chain
131
-
132
- **E1-4: Targets related to climate change mitigation and adaptation**
133
- - GHG reduction targets (scope 1, 2, 3 separately)
134
- - Alignment with Paris Agreement (1.5°C pathway)
135
- - Energy efficiency and renewable energy targets
136
- - Physical and transition risk mitigation targets
137
-
138
- **E1-5: Energy consumption and mix**
139
- - Total energy consumption (MWh)
140
- - Breakdown: fossil fuels / renewables / nuclear
141
- - Energy intensity (per net revenue or other denominator)
142
- - Renewable energy share
143
-
144
- **E1-6: Gross Scopes 1, 2, 3 and Total GHG emissions**
145
- - Scope 1: direct GHG emissions (tCO2e)
146
- - Scope 2: location-based AND market-based (tCO2e)
147
- - Scope 3: all 15 GHG Protocol categories (tCO2e)
148
- - Total GHG emissions (Scope 1 + 2 + 3)
149
- - GHG intensity (tCO2e per € net revenue)
150
- - Methodology: GHG Protocol, emission factors, exclusions
151
-
152
- **E1-7: GHG removals and climate project finance**
153
- - GHG removals from own operations
154
- - Carbon credits purchased (volume, type, standard)
155
- - Distinction between removals and credits in net-zero claims
156
-
157
- **E1-8: Internal carbon pricing**
158
- - Whether internal carbon price is used in decision-making
159
- - Price per tCO2e and application scope
160
-
161
- **E1-9: Anticipated financial effects from material physical and transition risks and potential climate-related opportunities**
162
- - Financial effects of physical risks (acute: flood, storm; chronic: temperature rise, sea-level)
163
- - Financial effects of transition risks (policy, technology, market, reputational)
164
- - Climate opportunities and anticipated financial benefits
165
- - Climate scenario analysis (at minimum 1.5°C and >2°C scenarios recommended)
166
-
167
- ---
168
-
169
- ### ESRS E2 — Pollution
170
-
171
- **Applicability:** Apply if material — manufacturing, chemicals, mining, agriculture sectors most likely.
172
-
173
- **Key Disclosures:**
174
- - **E2-1:** Policies related to pollution
175
- - **E2-2:** Actions and resources to prevent/control pollution
176
- - **E2-3:** Targets related to pollution
177
- - **E2-4:** Pollution of air, water, soil — by pollutant type and medium
178
- - Substances of Very High Concern (SVHC) under REACH Regulation
179
- - Persistent Organic Pollutants (POPs)
180
- - NOx, SOx, PM2.5 emissions
181
- - Wastewater discharges by type and receiving body
182
- - **E2-5:** Substances of concern — use, release, incidents
183
- - **E2-6:** Anticipated financial effects from pollution-related risks and opportunities
184
-
185
- ---
186
-
187
- ### ESRS E3 — Water and Marine Resources
188
-
189
- **Applicability:** Apply if material — agriculture, food & beverage, mining, textiles, electronics most likely.
190
-
191
- **Key Disclosures:**
192
- - **E3-1:** Policies related to water and marine resources
193
- - **E3-2:** Actions and resources to manage water and marine resources
194
- - **E3-3:** Targets for water and marine resources
195
- - **E3-4:** Water consumption and withdrawal
196
- - Total water withdrawal (megalitres) by source (surface, groundwater, third-party)
197
- - Total water consumption (megalitres)
198
- - Water intensity
199
- - Withdrawal in water-stressed areas (WRI Aqueduct or equivalent)
200
- - **E3-5:** Anticipated financial effects from water and marine resource risks
201
-
202
- ---
203
-
204
- ### ESRS E4 — Biodiversity and Ecosystems
205
-
206
- **Applicability:** Apply if material — sites in or adjacent to biodiversity-sensitive areas, land use change, supply chains impacting biodiversity.
207
-
208
- **Key Disclosures:**
209
- - **E4-1:** Transition plan and consideration of biodiversity and ecosystems in strategy and business model
210
- - **E4-2:** Policies related to biodiversity and ecosystems
211
- - **E4-3:** Actions and resources related to biodiversity and ecosystems
212
- - **E4-4:** Targets related to biodiversity and ecosystems
213
- - **E4-5:** Impact metrics related to biodiversity and ecosystems change — land use, ecosystem fragmentation, invasive species
214
- - **E4-6:** Anticipated financial effects from biodiversity and ecosystem-related risks
215
-
216
- **Key metric:** Sites owned, leased, or managed in or near protected areas / key biodiversity areas.
217
-
218
- ---
219
-
220
- ### ESRS E5 — Resource Use and Circular Economy
221
-
222
- **Applicability:** Apply if material — manufacturing, retail, packaging, construction, electronics most likely.
223
-
224
- **Key Disclosures:**
225
- - **E5-1:** Policies related to resource use and circular economy
226
- - **E5-2:** Actions and resources related to resource use and circular economy
227
- - **E5-3:** Targets related to resource use and circular economy
228
- - **E5-4:** Resource inflows — material consumption, virgin materials, renewable vs. non-renewable
229
- - **E5-5:** Resource outflows — waste by type (hazardous/non-hazardous) and disposal method (recycling, landfill, incineration); by-products and secondary raw materials
230
- - **E5-6:** Anticipated financial effects from resource use and circular economy transition risks/opportunities
231
-
232
- ---
233
-
234
- ## Social Standards
235
-
236
- ### ESRS S1 — Own Workforce
237
-
238
- **Applicability:** Apply if material — workforce impacts are typically material for most large companies.
239
-
240
- **Phase-in:** Gender pay gap and some workforce metrics have phase-in provisions for first-year reporters.
241
-
242
- **Key Disclosures:**
243
-
244
- **S1-1:** Policies related to own workforce (working conditions, equal treatment, health & safety)
245
- **S1-2:** Processes for engaging with own workers and workers' representatives
246
- **S1-3:** Processes to remediate negative impacts and channels for own workers to raise concerns
247
-
248
- **S1-4:** Taking action on material impacts on own workers, and approaches to managing material risks and pursuing material opportunities related to own workforce, and effectiveness of those actions
249
-
250
- **S1-5:** Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities
251
-
252
- **S1-6:** Characteristics of the undertaking's employees
253
- - Total number of employees
254
- - Breakdown: by gender, by country (for companies ≥1,000 employees in a country — if applicable), by employment type (permanent/temporary), by employment regime (full-time/part-time)
255
- - Number of non-employee workers (contractors, agency staff)
256
-
257
- **S1-7:** Characteristics of non-employees in the undertaking's own workforce
258
-
259
- **S1-8:** Collective bargaining coverage and social dialogue
260
- - % of own employees covered by collective bargaining agreements
261
- - Countries where collective bargaining coverage applies
262
-
263
- **S1-9:** Diversity metrics
264
- - % female employees (total workforce + management levels)
265
- - % employees by age group (<30, 30-50, >50)
266
-
267
- **S1-10:** Adequate wages — alignment with living wage benchmarks
268
-
269
- **S1-11:** Social protection coverage
270
-
271
- **S1-12:** Persons with disabilities in the workforce
272
-
273
- **S1-13:** Training and skills development
274
- - Average training hours per employee per year
275
- - % employees receiving regular performance reviews
276
- - Transition assistance programs
277
-
278
- **S1-14:** Health and safety
279
- - % employees covered by health & safety management system (ISO 45001 or equivalent)
280
- - Number of work-related fatalities (employees and non-employees)
281
- - Lost Time Injury Frequency Rate (LTIFR) — per 1 million hours worked
282
- - Number of recordable work-related accidents
283
- - Work-related ill health cases
284
-
285
- **S1-15:** Work-life balance — parental leave uptake rates by gender
286
-
287
- **S1-16:** Compensation metrics
288
- - CEO pay ratio (CEO total remuneration / median employee total remuneration)
289
- - Gender pay gap (median remuneration women vs. men, %)
290
-
291
- ---
292
-
293
- ### ESRS S2 — Workers in the Value Chain
294
-
295
- **Applicability:** Apply if material — companies with complex supply chains in high-risk sectors (garments, electronics, agriculture) most likely material.
296
-
297
- **Key Disclosures:**
298
- - **S2-1:** Policies related to workers in the value chain
299
- - **S2-2:** Processes for engaging with workers in the value chain about impacts
300
- - **S2-3:** Processes to remediate negative impacts on value chain workers
301
- - **S2-4:** Actions taken, and approaches to managing risks related to value chain workers
302
- - **S2-5:** Targets related to managing material impacts on workers in the value chain
303
-
304
- **Key metrics:** Number of value chain workers potentially affected by adverse impacts; coverage of due diligence by supply chain tier.
305
-
306
- ---
307
-
308
- ### ESRS S3 — Affected Communities
309
-
310
- **Applicability:** Apply if material — extractives, infrastructure, large land users, operations in indigenous territories.
311
-
312
- **Key Disclosures:**
313
- - **S3-1:** Policies related to affected communities
314
- - **S3-2:** Processes for engaging with affected communities about impacts
315
- - **S3-3:** Processes to remediate negative impacts on affected communities
316
- - **S3-4:** Actions and approaches to managing community-related risks
317
- - **S3-5:** Targets related to managing impacts on affected communities
318
-
319
- **Topics covered:** Access to land/water/food, community health, indigenous peoples' rights (FPIC), economic displacement, cultural heritage.
320
-
321
- ---
322
-
323
- ### ESRS S4 — Consumers and End-Users
324
-
325
- **Applicability:** Apply if material — B2C companies, healthcare, financial services, digital platforms, food/beverage most likely.
326
-
327
- **Key Disclosures:**
328
- - **S4-1:** Policies related to consumers and end-users
329
- - **S4-2:** Processes for engaging with consumers and end-users about impacts
330
- - **S4-3:** Processes to remediate negative impacts on consumers and end-users
331
- - **S4-4:** Actions and approaches to managing consumer-related risks and opportunities
332
- - **S4-5:** Targets related to managing material impacts on consumers and end-users
333
-
334
- **Topics covered:** Product safety, data protection, accessibility, responsible marketing, non-discrimination, right to privacy, financial inclusion.
335
-
336
- ---
337
-
338
- ## Governance Standards
339
-
340
- ### ESRS G1 — Business Conduct
341
-
342
- **Applicability:** Apply if material — typically material for most large companies given breadth of topics.
343
-
344
- **Key Disclosures:**
345
-
346
- **G1-1:** Corporate culture and business conduct policies
347
- - Code of conduct / code of ethics
348
- - Anti-corruption and anti-bribery policies
349
- - Lobbying and political engagement policies
350
- - Payment practices policies (prompt payment)
351
-
352
- **G1-2:** Management of relationships with suppliers
353
- - Responsible procurement policies
354
- - Fair dealing with suppliers (payment terms, supplier codes)
355
- - Tier-1 supplier coverage of due diligence
356
-
357
- **G1-3:** Prevention and detection of corruption and bribery
358
- - Risk assessment methodology
359
- - Training coverage for anti-corruption
360
- - Incidents of corruption confirmed during the reporting period
361
-
362
- **G1-4:** Incidents of corruption or bribery
363
- - Number of convictions for corruption
364
- - Total monetary value of fines for corruption
365
- - Actions taken in response to confirmed incidents
366
-
367
- **G1-5:** Political influence and lobbying activities
368
- - Total financial or in-kind contributions to political parties
369
- - List of significant lobbying activities and positions taken
370
-
371
- **G1-6:** Payment practices
372
- - Average payment period (days) to suppliers
373
- - % of payments made beyond contractual terms
374
- - Complaints from suppliers about payment practices
375
-
376
- ---
377
-
378
- ## Interoperability Notes
379
-
380
- ### GRI Alignment (ESRS 1, Appendix C)
381
- EFRAG published an interoperability mapping between ESRS and GRI Standards. Key mappings:
382
- - ESRS E1 ↔ GRI 305 (Emissions), GRI 302 (Energy)
383
- - ESRS S1 ↔ GRI 401 (Employment), GRI 403 (OHS), GRI 405 (Diversity)
384
- - ESRS G1 ↔ GRI 205 (Anti-corruption), GRI 206 (Anti-competitive behaviour)
385
-
386
- Companies with GRI reports should conduct gap analysis against ESRS rather than starting fresh.
387
-
388
- ### TCFD Alignment
389
- ESRS E1 incorporates TCFD framework recommendations:
390
- - Governance → ESRS 2 GOV disclosures
391
- - Strategy → ESRS 2 SBM disclosures + E1-9 financial effects
392
- - Risk management → ESRS 2 IRO-1
393
- - Metrics & targets → ESRS E1-4, E1-6
394
-
395
- TCFD reporters have a strong foundation but must add: Scope 3 (all 15 categories), transition plan (E1-1), and EU Taxonomy alignment.
396
-
397
- ### SASB Alignment
398
- EFRAG published ESRS-SASB interoperability guidance. Sector-specific SASB metrics may provide useful proxies for ESRS datapoints in the same domain.
399
-
400
- ### CDP Alignment
401
- CDP questionnaire responses (Climate, Water, Forests) provide significant data that maps to ESRS E1, E3, E4. CDP reporters can reuse much of their data collection infrastructure.
1
+ # ESRS Standards — Detailed Reference
2
+
3
+ ## Cross-Cutting Standards (Mandatory for All In-Scope Companies)
4
+
5
+ ---
6
+
7
+ ### ESRS 1 — General Requirements
8
+
9
+ **Purpose:** Sets the foundations for CSRD reporting — principles, structure, and the double materiality concept.
10
+
11
+ **Key Requirements:**
12
+
13
+ **Reporting Principles (paras. 1–18)**
14
+ - Relevance, faithful representation, comparability, verifiability, understandability
15
+ - Materiality-based reporting — only report what is material after DMA
16
+ - Connected information — sustainability information must connect to financial statements
17
+
18
+ **Double Materiality (paras. 19–44)**
19
+ - Two perspectives: impact materiality + financial materiality
20
+ - Both lenses must be applied; a topic is material if it meets EITHER criterion
21
+ - DMA must cover own operations AND value chain
22
+
23
+ **Value Chain (paras. 62–68)**
24
+ - Must consider upstream (suppliers) and downstream (customers, end-users) value chain
25
+ - Depth of value chain assessment scales with material impacts/risks
26
+ - Where direct data unavailable, use proxy data / sector averages (disclose methodology)
27
+
28
+ **Time Horizons (para. 72)**
29
+ - Short-term: up to 1 year
30
+ - Medium-term: 1–5 years
31
+ - Long-term: beyond 5 years
32
+
33
+ **Comparative Information (para. 86)**
34
+ - Prior-year comparative data required for all quantitative disclosures
35
+
36
+ **Transition Relief (paras. 118–134)**
37
+ - Phase-in for Scope 3, ESRS S1 pay gap, some biodiversity datapoints
38
+ - Listed SMEs may use simplified ESRS (voluntary standard pending)
39
+
40
+ ---
41
+
42
+ ### ESRS 2 — General Disclosures
43
+
44
+ **Purpose:** Mandatory disclosures on governance, strategy, and risk management applicable to all in-scope companies regardless of DMA outcome.
45
+
46
+ **Status:** Fully mandatory — cannot be omitted even if all topical standards are found non-material.
47
+
48
+ #### GOV — Governance
49
+
50
+ **GOV-1: Role of the administrative, management and supervisory bodies**
51
+ - Composition and diversity of governance bodies related to sustainability
52
+ - Sustainability expertise of governance members
53
+ - How governance bodies oversee sustainability strategy and IROs
54
+ - Integration of sustainability in board agendas and reporting lines
55
+
56
+ **GOV-2: Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies**
57
+ - Frequency and nature of sustainability information provided to governing bodies
58
+ - How governing bodies consider sustainability risks and opportunities in decision-making
59
+
60
+ **GOV-3: Integration of sustainability-related performance in incentive schemes**
61
+ - Whether and how ESG performance is integrated in executive/management remuneration
62
+ - Proportion of remuneration linked to sustainability targets
63
+
64
+ **GOV-4: Statement on due diligence**
65
+ - Whether the company has a due diligence process aligned with international standards (UN Guiding Principles, OECD Guidelines)
66
+ - How human rights and environmental due diligence is embedded in operations
67
+
68
+ **GOV-5: Risk management and internal controls over sustainability reporting**
69
+ - Internal control framework for sustainability reporting
70
+ - How risks of material misstatement in sustainability data are managed
71
+
72
+ #### SBM — Strategy and Business Model
73
+
74
+ **SBM-1: Strategy, business model, and value chain**
75
+ - Business model overview and key value drivers
76
+ - How sustainability matters are integrated into strategy
77
+ - Full value chain description (upstream, operations, downstream)
78
+ - Significant products, services, markets, and geographies
79
+
80
+ **SBM-2: Interests and views of stakeholders**
81
+ - Stakeholder engagement process and which stakeholders were consulted
82
+ - How stakeholder views influenced strategy and reporting
83
+ - Linkage between stakeholder input and material IROs identified
84
+
85
+ **SBM-3: Material impacts, risks and opportunities and their interaction with strategy and business model**
86
+ - Output of the DMA: list of material topics
87
+ - How material IROs interact with the business model and strategy
88
+ - Financial effects: current financial effects and anticipated financial effects of material IROs
89
+ - Resilience of strategy under different scenarios
90
+
91
+ #### IRO — Impacts, Risks and Opportunities
92
+
93
+ **IRO-1: Description of the processes to identify and assess material impacts, risks and opportunities**
94
+ - DMA methodology: scope, process, tools, assessment criteria
95
+ - How impact significance is assessed (scale, scope, irremediability, likelihood)
96
+ - How financial risks/opportunities are identified and assessed
97
+ - Stakeholders consulted and how their input was used
98
+ - Any sector-specific guidance applied
99
+
100
+ ---
101
+
102
+ ## Environmental Standards
103
+
104
+ ### ESRS E1 — Climate Change
105
+
106
+ **Applicability:** Apply if material after DMA. Climate is presumed material for most large companies — requires compelling justification to omit.
107
+
108
+ **Mandatory Datapoints Regardless of Materiality:**
109
+ - E1-1: Transition plan for climate change mitigation (Art. 19a(2)(a) — legally required even if topic found non-material)
110
+ - Energy consumption from fossil fuels (ESRS E1-5, para. 40)
111
+
112
+ **Key Disclosures:**
113
+
114
+ **E1-1: Transition plan for climate change mitigation**
115
+ - Decarbonisation targets: 2030, 2040, 2050 aligned with 1.5°C
116
+ - Planned actions and enablers
117
+ - Financial resources allocated (capex, opex, R&D)
118
+ - Role of carbon offsets (must distinguish from own-emission reductions)
119
+ - Locked-in GHG assets and stranded asset risk
120
+ - EU Taxonomy alignment targets
121
+
122
+ **E1-2: Policies related to climate change mitigation and adaptation**
123
+ - Scope of policies (own operations / value chain)
124
+ - Climate risk management policies
125
+ - Net-zero ambition and pathway description
126
+
127
+ **E1-3: Actions and resources in relation to climate change policies**
128
+ - Decarbonisation action plan with timelines
129
+ - Resources committed (financial, human, technical)
130
+ - Actions relating to key GHG sources in own operations and value chain
131
+
132
+ **E1-4: Targets related to climate change mitigation and adaptation**
133
+ - GHG reduction targets (scope 1, 2, 3 separately)
134
+ - Alignment with Paris Agreement (1.5°C pathway)
135
+ - Energy efficiency and renewable energy targets
136
+ - Physical and transition risk mitigation targets
137
+
138
+ **E1-5: Energy consumption and mix**
139
+ - Total energy consumption (MWh)
140
+ - Breakdown: fossil fuels / renewables / nuclear
141
+ - Energy intensity (per net revenue or other denominator)
142
+ - Renewable energy share
143
+
144
+ **E1-6: Gross Scopes 1, 2, 3 and Total GHG emissions**
145
+ - Scope 1: direct GHG emissions (tCO2e)
146
+ - Scope 2: location-based AND market-based (tCO2e)
147
+ - Scope 3: all 15 GHG Protocol categories (tCO2e)
148
+ - Total GHG emissions (Scope 1 + 2 + 3)
149
+ - GHG intensity (tCO2e per € net revenue)
150
+ - Methodology: GHG Protocol, emission factors, exclusions
151
+
152
+ **E1-7: GHG removals and climate project finance**
153
+ - GHG removals from own operations
154
+ - Carbon credits purchased (volume, type, standard)
155
+ - Distinction between removals and credits in net-zero claims
156
+
157
+ **E1-8: Internal carbon pricing**
158
+ - Whether internal carbon price is used in decision-making
159
+ - Price per tCO2e and application scope
160
+
161
+ **E1-9: Anticipated financial effects from material physical and transition risks and potential climate-related opportunities**
162
+ - Financial effects of physical risks (acute: flood, storm; chronic: temperature rise, sea-level)
163
+ - Financial effects of transition risks (policy, technology, market, reputational)
164
+ - Climate opportunities and anticipated financial benefits
165
+ - Climate scenario analysis (at minimum 1.5°C and >2°C scenarios recommended)
166
+
167
+ ---
168
+
169
+ ### ESRS E2 — Pollution
170
+
171
+ **Applicability:** Apply if material — manufacturing, chemicals, mining, agriculture sectors most likely.
172
+
173
+ **Key Disclosures:**
174
+ - **E2-1:** Policies related to pollution
175
+ - **E2-2:** Actions and resources to prevent/control pollution
176
+ - **E2-3:** Targets related to pollution
177
+ - **E2-4:** Pollution of air, water, soil — by pollutant type and medium
178
+ - Substances of Very High Concern (SVHC) under REACH Regulation
179
+ - Persistent Organic Pollutants (POPs)
180
+ - NOx, SOx, PM2.5 emissions
181
+ - Wastewater discharges by type and receiving body
182
+ - **E2-5:** Substances of concern — use, release, incidents
183
+ - **E2-6:** Anticipated financial effects from pollution-related risks and opportunities
184
+
185
+ ---
186
+
187
+ ### ESRS E3 — Water and Marine Resources
188
+
189
+ **Applicability:** Apply if material — agriculture, food & beverage, mining, textiles, electronics most likely.
190
+
191
+ **Key Disclosures:**
192
+ - **E3-1:** Policies related to water and marine resources
193
+ - **E3-2:** Actions and resources to manage water and marine resources
194
+ - **E3-3:** Targets for water and marine resources
195
+ - **E3-4:** Water consumption and withdrawal
196
+ - Total water withdrawal (megalitres) by source (surface, groundwater, third-party)
197
+ - Total water consumption (megalitres)
198
+ - Water intensity
199
+ - Withdrawal in water-stressed areas (WRI Aqueduct or equivalent)
200
+ - **E3-5:** Anticipated financial effects from water and marine resource risks
201
+
202
+ ---
203
+
204
+ ### ESRS E4 — Biodiversity and Ecosystems
205
+
206
+ **Applicability:** Apply if material — sites in or adjacent to biodiversity-sensitive areas, land use change, supply chains impacting biodiversity.
207
+
208
+ **Key Disclosures:**
209
+ - **E4-1:** Transition plan and consideration of biodiversity and ecosystems in strategy and business model
210
+ - **E4-2:** Policies related to biodiversity and ecosystems
211
+ - **E4-3:** Actions and resources related to biodiversity and ecosystems
212
+ - **E4-4:** Targets related to biodiversity and ecosystems
213
+ - **E4-5:** Impact metrics related to biodiversity and ecosystems change — land use, ecosystem fragmentation, invasive species
214
+ - **E4-6:** Anticipated financial effects from biodiversity and ecosystem-related risks
215
+
216
+ **Key metric:** Sites owned, leased, or managed in or near protected areas / key biodiversity areas.
217
+
218
+ ---
219
+
220
+ ### ESRS E5 — Resource Use and Circular Economy
221
+
222
+ **Applicability:** Apply if material — manufacturing, retail, packaging, construction, electronics most likely.
223
+
224
+ **Key Disclosures:**
225
+ - **E5-1:** Policies related to resource use and circular economy
226
+ - **E5-2:** Actions and resources related to resource use and circular economy
227
+ - **E5-3:** Targets related to resource use and circular economy
228
+ - **E5-4:** Resource inflows — material consumption, virgin materials, renewable vs. non-renewable
229
+ - **E5-5:** Resource outflows — waste by type (hazardous/non-hazardous) and disposal method (recycling, landfill, incineration); by-products and secondary raw materials
230
+ - **E5-6:** Anticipated financial effects from resource use and circular economy transition risks/opportunities
231
+
232
+ ---
233
+
234
+ ## Social Standards
235
+
236
+ ### ESRS S1 — Own Workforce
237
+
238
+ **Applicability:** Apply if material — workforce impacts are typically material for most large companies.
239
+
240
+ **Phase-in:** Gender pay gap and some workforce metrics have phase-in provisions for first-year reporters.
241
+
242
+ **Key Disclosures:**
243
+
244
+ **S1-1:** Policies related to own workforce (working conditions, equal treatment, health & safety)
245
+ **S1-2:** Processes for engaging with own workers and workers' representatives
246
+ **S1-3:** Processes to remediate negative impacts and channels for own workers to raise concerns
247
+
248
+ **S1-4:** Taking action on material impacts on own workers, and approaches to managing material risks and pursuing material opportunities related to own workforce, and effectiveness of those actions
249
+
250
+ **S1-5:** Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities
251
+
252
+ **S1-6:** Characteristics of the undertaking's employees
253
+ - Total number of employees
254
+ - Breakdown: by gender, by country (for companies ≥1,000 employees in a country — if applicable), by employment type (permanent/temporary), by employment regime (full-time/part-time)
255
+ - Number of non-employee workers (contractors, agency staff)
256
+
257
+ **S1-7:** Characteristics of non-employees in the undertaking's own workforce
258
+
259
+ **S1-8:** Collective bargaining coverage and social dialogue
260
+ - % of own employees covered by collective bargaining agreements
261
+ - Countries where collective bargaining coverage applies
262
+
263
+ **S1-9:** Diversity metrics
264
+ - % female employees (total workforce + management levels)
265
+ - % employees by age group (<30, 30-50, >50)
266
+
267
+ **S1-10:** Adequate wages — alignment with living wage benchmarks
268
+
269
+ **S1-11:** Social protection coverage
270
+
271
+ **S1-12:** Persons with disabilities in the workforce
272
+
273
+ **S1-13:** Training and skills development
274
+ - Average training hours per employee per year
275
+ - % employees receiving regular performance reviews
276
+ - Transition assistance programs
277
+
278
+ **S1-14:** Health and safety
279
+ - % employees covered by health & safety management system (ISO 45001 or equivalent)
280
+ - Number of work-related fatalities (employees and non-employees)
281
+ - Lost Time Injury Frequency Rate (LTIFR) — per 1 million hours worked
282
+ - Number of recordable work-related accidents
283
+ - Work-related ill health cases
284
+
285
+ **S1-15:** Work-life balance — parental leave uptake rates by gender
286
+
287
+ **S1-16:** Compensation metrics
288
+ - CEO pay ratio (CEO total remuneration / median employee total remuneration)
289
+ - Gender pay gap (median remuneration women vs. men, %)
290
+
291
+ ---
292
+
293
+ ### ESRS S2 — Workers in the Value Chain
294
+
295
+ **Applicability:** Apply if material — companies with complex supply chains in high-risk sectors (garments, electronics, agriculture) most likely material.
296
+
297
+ **Key Disclosures:**
298
+ - **S2-1:** Policies related to workers in the value chain
299
+ - **S2-2:** Processes for engaging with workers in the value chain about impacts
300
+ - **S2-3:** Processes to remediate negative impacts on value chain workers
301
+ - **S2-4:** Actions taken, and approaches to managing risks related to value chain workers
302
+ - **S2-5:** Targets related to managing material impacts on workers in the value chain
303
+
304
+ **Key metrics:** Number of value chain workers potentially affected by adverse impacts; coverage of due diligence by supply chain tier.
305
+
306
+ ---
307
+
308
+ ### ESRS S3 — Affected Communities
309
+
310
+ **Applicability:** Apply if material — extractives, infrastructure, large land users, operations in indigenous territories.
311
+
312
+ **Key Disclosures:**
313
+ - **S3-1:** Policies related to affected communities
314
+ - **S3-2:** Processes for engaging with affected communities about impacts
315
+ - **S3-3:** Processes to remediate negative impacts on affected communities
316
+ - **S3-4:** Actions and approaches to managing community-related risks
317
+ - **S3-5:** Targets related to managing impacts on affected communities
318
+
319
+ **Topics covered:** Access to land/water/food, community health, indigenous peoples' rights (FPIC), economic displacement, cultural heritage.
320
+
321
+ ---
322
+
323
+ ### ESRS S4 — Consumers and End-Users
324
+
325
+ **Applicability:** Apply if material — B2C companies, healthcare, financial services, digital platforms, food/beverage most likely.
326
+
327
+ **Key Disclosures:**
328
+ - **S4-1:** Policies related to consumers and end-users
329
+ - **S4-2:** Processes for engaging with consumers and end-users about impacts
330
+ - **S4-3:** Processes to remediate negative impacts on consumers and end-users
331
+ - **S4-4:** Actions and approaches to managing consumer-related risks and opportunities
332
+ - **S4-5:** Targets related to managing material impacts on consumers and end-users
333
+
334
+ **Topics covered:** Product safety, data protection, accessibility, responsible marketing, non-discrimination, right to privacy, financial inclusion.
335
+
336
+ ---
337
+
338
+ ## Governance Standards
339
+
340
+ ### ESRS G1 — Business Conduct
341
+
342
+ **Applicability:** Apply if material — typically material for most large companies given breadth of topics.
343
+
344
+ **Key Disclosures:**
345
+
346
+ **G1-1:** Corporate culture and business conduct policies
347
+ - Code of conduct / code of ethics
348
+ - Anti-corruption and anti-bribery policies
349
+ - Lobbying and political engagement policies
350
+ - Payment practices policies (prompt payment)
351
+
352
+ **G1-2:** Management of relationships with suppliers
353
+ - Responsible procurement policies
354
+ - Fair dealing with suppliers (payment terms, supplier codes)
355
+ - Tier-1 supplier coverage of due diligence
356
+
357
+ **G1-3:** Prevention and detection of corruption and bribery
358
+ - Risk assessment methodology
359
+ - Training coverage for anti-corruption
360
+ - Incidents of corruption confirmed during the reporting period
361
+
362
+ **G1-4:** Incidents of corruption or bribery
363
+ - Number of convictions for corruption
364
+ - Total monetary value of fines for corruption
365
+ - Actions taken in response to confirmed incidents
366
+
367
+ **G1-5:** Political influence and lobbying activities
368
+ - Total financial or in-kind contributions to political parties
369
+ - List of significant lobbying activities and positions taken
370
+
371
+ **G1-6:** Payment practices
372
+ - Average payment period (days) to suppliers
373
+ - % of payments made beyond contractual terms
374
+ - Complaints from suppliers about payment practices
375
+
376
+ ---
377
+
378
+ ## Interoperability Notes
379
+
380
+ ### GRI Alignment (ESRS 1, Appendix C)
381
+ EFRAG published an interoperability mapping between ESRS and GRI Standards. Key mappings:
382
+ - ESRS E1 ↔ GRI 305 (Emissions), GRI 302 (Energy)
383
+ - ESRS S1 ↔ GRI 401 (Employment), GRI 403 (OHS), GRI 405 (Diversity)
384
+ - ESRS G1 ↔ GRI 205 (Anti-corruption), GRI 206 (Anti-competitive behaviour)
385
+
386
+ Companies with GRI reports should conduct gap analysis against ESRS rather than starting fresh.
387
+
388
+ ### TCFD Alignment
389
+ ESRS E1 incorporates TCFD framework recommendations:
390
+ - Governance → ESRS 2 GOV disclosures
391
+ - Strategy → ESRS 2 SBM disclosures + E1-9 financial effects
392
+ - Risk management → ESRS 2 IRO-1
393
+ - Metrics & targets → ESRS E1-4, E1-6
394
+
395
+ TCFD reporters have a strong foundation but must add: Scope 3 (all 15 categories), transition plan (E1-1), and EU Taxonomy alignment.
396
+
397
+ ### SASB Alignment
398
+ EFRAG published ESRS-SASB interoperability guidance. Sector-specific SASB metrics may provide useful proxies for ESRS datapoints in the same domain.
399
+
400
+ ### CDP Alignment
401
+ CDP questionnaire responses (Climate, Water, Forests) provide significant data that maps to ESRS E1, E3, E4. CDP reporters can reuse much of their data collection infrastructure.