bmad-plus 0.7.5 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (281) hide show
  1. package/CHANGELOG.md +479 -425
  2. package/LICENSE +21 -21
  3. package/README.md +557 -447
  4. package/osint-agent-package/README.md +88 -88
  5. package/osint-agent-package/SETUP_KEYS.md +108 -108
  6. package/osint-agent-package/agents/osint-investigator.md +80 -80
  7. package/osint-agent-package/install.ps1 +87 -87
  8. package/osint-agent-package/install.sh +76 -76
  9. package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
  10. package/osint-agent-package/skills/bmad-osint-investigate/osint/SKILL.md +452 -452
  11. package/osint-agent-package/skills/bmad-osint-investigate/osint/assets/dossier-template.md +116 -116
  12. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/content-extraction.md +100 -100
  13. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
  14. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/platforms.md +130 -130
  15. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/psychoprofile.md +69 -69
  16. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/tools.md +281 -281
  17. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
  18. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -260
  19. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
  20. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
  21. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
  22. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
  23. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/mcp-client.py +136 -136
  24. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
  25. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
  26. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
  27. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
  28. package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
  29. package/package.json +62 -57
  30. package/readme-international/README.de.md +584 -426
  31. package/readme-international/README.es.md +601 -518
  32. package/readme-international/README.fr.md +599 -516
  33. package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
  34. package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
  35. package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
  36. package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
  37. package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
  38. package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
  39. package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
  40. package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
  41. package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
  42. package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
  43. package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
  44. package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
  45. package/src/bmad-plus/data/role-triggers.yaml +209 -209
  46. package/src/bmad-plus/module-help.csv +10 -10
  47. package/src/bmad-plus/module.yaml +283 -280
  48. package/src/bmad-plus/{agents → packs}/pack-animated/animated-website-agent.md +325 -325
  49. package/src/bmad-plus/{agents → packs}/pack-animated/templates/animated-website-workflow.md +55 -55
  50. package/src/bmad-plus/{agents → packs}/pack-backup/backup-agent.md +71 -71
  51. package/src/bmad-plus/{agents → packs}/pack-backup/templates/backup-workflow.md +51 -51
  52. package/src/bmad-plus/packs/pack-dev-studio/README.md +162 -162
  53. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/analyst-agent.md +73 -73
  54. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/document-project.md +61 -61
  55. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/domain-research.md +95 -95
  56. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/market-research.md +95 -95
  57. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/prfaq.md +134 -134
  58. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/product-brief.md +80 -80
  59. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/tech-writer-agent.md +73 -73
  60. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/technical-research.md +95 -95
  61. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/architect-agent.md +73 -73
  62. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-architecture.md +73 -73
  63. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-epics-stories.md +92 -92
  64. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/generate-project-context.md +80 -80
  65. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/implementation-readiness.md +90 -90
  66. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01-init.md +153 -153
  67. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01b-continue.md +173 -173
  68. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-02-context.md +224 -224
  69. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-03-starter.md +329 -329
  70. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-04-decisions.md +318 -318
  71. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-05-patterns.md +359 -359
  72. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-06-structure.md +379 -379
  73. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-07-validation.md +361 -361
  74. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-08-complete.md +81 -81
  75. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/checkpoint-preview.md +67 -67
  76. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-01-gather-context.md +85 -85
  77. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-02-review.md +35 -35
  78. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-03-triage.md +49 -49
  79. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-04-present.md +131 -131
  80. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review.md +89 -89
  81. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/correct-course.md +300 -300
  82. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/create-story.md +428 -428
  83. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-agent.md +73 -73
  84. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story-checklist.md +80 -80
  85. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story.md +484 -484
  86. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/investigate.md +193 -193
  87. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/qa-e2e-tests.md +175 -175
  88. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/quick-dev.md +110 -110
  89. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/retrospective.md +1511 -1511
  90. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-planning.md +298 -298
  91. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-status.md +296 -296
  92. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-prd.md +29 -29
  93. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-ux-design.md +74 -74
  94. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/edit-prd.md +29 -29
  95. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/pm-agent.md +73 -73
  96. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/prd.md +89 -89
  97. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/ux-designer-agent.md +73 -73
  98. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/validate-prd.md +29 -29
  99. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/advanced-elicitation.md +141 -141
  100. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/adversarial-review.md +37 -37
  101. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/bmad-help.md +75 -75
  102. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/brainstorming.md +6 -6
  103. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/customize.md +110 -110
  104. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/distillator.md +176 -176
  105. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/edge-case-hunter.md +67 -67
  106. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-prose.md +86 -86
  107. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-structure.md +179 -179
  108. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/index-docs.md +66 -66
  109. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/party-mode.md +127 -127
  110. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/shard-doc.md +105 -105
  111. package/src/bmad-plus/packs/pack-dev-studio/dev-studio-orchestrator.md +120 -120
  112. package/src/bmad-plus/packs/pack-dev-studio/shared/architecture-decision-template.md +12 -12
  113. package/src/bmad-plus/packs/pack-dev-studio/shared/bwml-spec.md +328 -328
  114. package/src/bmad-plus/packs/pack-dev-studio/shared/module-help.csv +32 -32
  115. package/src/bmad-plus/packs/pack-dev-studio/upstream-sync.yaml +81 -81
  116. package/src/bmad-plus/packs/pack-memory/README.md +106 -106
  117. package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
  118. package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
  119. package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
  120. package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
  121. package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
  122. package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
  123. package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
  124. package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
  125. package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
  126. package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
  127. package/src/bmad-plus/{agents → packs}/pack-seo/SKILL.md +171 -171
  128. package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -0
  129. package/src/bmad-plus/{agents → packs}/pack-seo/checklist.md +140 -140
  130. package/src/bmad-plus/{agents → packs}/pack-seo/pagespeed-playbook.md +320 -320
  131. package/src/bmad-plus/{agents → packs}/pack-seo/ref/audit-schema.json +187 -187
  132. package/src/bmad-plus/{agents → packs}/pack-seo/ref/cwv-thresholds.md +87 -87
  133. package/src/bmad-plus/{agents → packs}/pack-seo/ref/eeat-criteria.md +123 -123
  134. package/src/bmad-plus/{agents → packs}/pack-seo/ref/geo-signals.md +167 -167
  135. package/src/bmad-plus/{agents → packs}/pack-seo/ref/hreflang-rules.md +153 -153
  136. package/src/bmad-plus/{agents → packs}/pack-seo/ref/quality-gates.md +133 -133
  137. package/src/bmad-plus/{agents → packs}/pack-seo/ref/schema-catalog.md +91 -91
  138. package/src/bmad-plus/{agents → packs}/pack-seo/ref/schema-templates.json +356 -356
  139. package/src/bmad-plus/{agents → packs}/pack-seo/seo-chief.md +294 -294
  140. package/src/bmad-plus/{agents → packs}/pack-seo/seo-judge.md +241 -241
  141. package/src/bmad-plus/{agents → packs}/pack-seo/seo-scout.md +171 -171
  142. package/src/bmad-plus/{agents → packs}/pack-seo/templates/seo-audit-workflow.md +241 -241
  143. package/src/bmad-plus/packs/pack-shield/README.md +110 -110
  144. package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -0
  145. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +262 -262
  146. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +179 -179
  147. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +201 -201
  148. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +97 -97
  149. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +251 -251
  150. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +133 -133
  151. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +221 -221
  152. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +150 -150
  153. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +167 -167
  154. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +83 -83
  155. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +250 -250
  156. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +218 -218
  157. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
  158. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
  159. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
  160. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
  161. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
  162. package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +127 -127
  163. package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +272 -272
  164. package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +202 -202
  165. package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +367 -367
  166. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +510 -510
  167. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +247 -247
  168. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +173 -173
  169. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +239 -239
  170. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +266 -266
  171. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +164 -164
  172. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
  173. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
  174. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
  175. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
  176. package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
  177. package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
  178. package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
  179. package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
  180. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
  181. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
  182. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
  183. package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
  184. package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
  185. package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
  186. package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
  187. package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
  188. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
  189. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
  190. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
  191. package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
  192. package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
  193. package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
  194. package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
  195. package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
  196. package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
  197. package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
  198. package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
  199. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
  200. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
  201. package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
  202. package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
  203. package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
  204. package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
  205. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
  206. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
  207. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
  208. package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
  209. package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
  210. package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
  211. package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
  212. package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
  213. package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
  214. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
  215. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
  216. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
  217. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
  218. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
  219. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
  220. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
  221. package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
  222. package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
  223. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
  224. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
  225. package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
  226. package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
  227. package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
  228. package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
  229. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
  230. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
  231. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
  232. package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
  233. package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
  234. package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
  235. package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
  236. package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
  237. package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
  238. package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
  239. package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
  240. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
  241. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
  242. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
  243. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
  244. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
  245. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
  246. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
  247. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
  248. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
  249. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
  250. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
  251. package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
  252. package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
  253. package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
  254. package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
  255. package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
  256. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
  257. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
  258. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
  259. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
  260. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
  261. package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
  262. package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
  263. package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
  264. package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
  265. package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
  266. package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
  267. package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
  268. package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
  269. package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
  270. package/tools/bmad-plus-npx.js +3 -5
  271. package/tools/cli/commands/autoconfig.js +508 -489
  272. package/tools/cli/commands/doctor.js +219 -222
  273. package/tools/cli/commands/install.js +548 -739
  274. package/tools/cli/commands/memory.js +194 -194
  275. package/tools/cli/commands/scan.js +362 -350
  276. package/tools/cli/commands/uninstall.js +96 -96
  277. package/tools/cli/commands/update.js +116 -174
  278. package/tools/cli/i18n.js +845 -763
  279. package/tools/cli/lib/memory-init.js +114 -0
  280. package/tools/cli/lib/pack-copy.js +84 -0
  281. package/tools/cli/lib/packs.js +114 -0
@@ -1,401 +1,401 @@
1
- # ESRS Standards — Detailed Reference
2
-
3
- ## Cross-Cutting Standards (Mandatory for All In-Scope Companies)
4
-
5
- ---
6
-
7
- ### ESRS 1 — General Requirements
8
-
9
- **Purpose:** Sets the foundations for CSRD reporting — principles, structure, and the double materiality concept.
10
-
11
- **Key Requirements:**
12
-
13
- **Reporting Principles (paras. 1–18)**
14
- - Relevance, faithful representation, comparability, verifiability, understandability
15
- - Materiality-based reporting — only report what is material after DMA
16
- - Connected information — sustainability information must connect to financial statements
17
-
18
- **Double Materiality (paras. 19–44)**
19
- - Two perspectives: impact materiality + financial materiality
20
- - Both lenses must be applied; a topic is material if it meets EITHER criterion
21
- - DMA must cover own operations AND value chain
22
-
23
- **Value Chain (paras. 62–68)**
24
- - Must consider upstream (suppliers) and downstream (customers, end-users) value chain
25
- - Depth of value chain assessment scales with material impacts/risks
26
- - Where direct data unavailable, use proxy data / sector averages (disclose methodology)
27
-
28
- **Time Horizons (para. 72)**
29
- - Short-term: up to 1 year
30
- - Medium-term: 1–5 years
31
- - Long-term: beyond 5 years
32
-
33
- **Comparative Information (para. 86)**
34
- - Prior-year comparative data required for all quantitative disclosures
35
-
36
- **Transition Relief (paras. 118–134)**
37
- - Phase-in for Scope 3, ESRS S1 pay gap, some biodiversity datapoints
38
- - Listed SMEs may use simplified ESRS (voluntary standard pending)
39
-
40
- ---
41
-
42
- ### ESRS 2 — General Disclosures
43
-
44
- **Purpose:** Mandatory disclosures on governance, strategy, and risk management applicable to all in-scope companies regardless of DMA outcome.
45
-
46
- **Status:** Fully mandatory — cannot be omitted even if all topical standards are found non-material.
47
-
48
- #### GOV — Governance
49
-
50
- **GOV-1: Role of the administrative, management and supervisory bodies**
51
- - Composition and diversity of governance bodies related to sustainability
52
- - Sustainability expertise of governance members
53
- - How governance bodies oversee sustainability strategy and IROs
54
- - Integration of sustainability in board agendas and reporting lines
55
-
56
- **GOV-2: Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies**
57
- - Frequency and nature of sustainability information provided to governing bodies
58
- - How governing bodies consider sustainability risks and opportunities in decision-making
59
-
60
- **GOV-3: Integration of sustainability-related performance in incentive schemes**
61
- - Whether and how ESG performance is integrated in executive/management remuneration
62
- - Proportion of remuneration linked to sustainability targets
63
-
64
- **GOV-4: Statement on due diligence**
65
- - Whether the company has a due diligence process aligned with international standards (UN Guiding Principles, OECD Guidelines)
66
- - How human rights and environmental due diligence is embedded in operations
67
-
68
- **GOV-5: Risk management and internal controls over sustainability reporting**
69
- - Internal control framework for sustainability reporting
70
- - How risks of material misstatement in sustainability data are managed
71
-
72
- #### SBM — Strategy and Business Model
73
-
74
- **SBM-1: Strategy, business model, and value chain**
75
- - Business model overview and key value drivers
76
- - How sustainability matters are integrated into strategy
77
- - Full value chain description (upstream, operations, downstream)
78
- - Significant products, services, markets, and geographies
79
-
80
- **SBM-2: Interests and views of stakeholders**
81
- - Stakeholder engagement process and which stakeholders were consulted
82
- - How stakeholder views influenced strategy and reporting
83
- - Linkage between stakeholder input and material IROs identified
84
-
85
- **SBM-3: Material impacts, risks and opportunities and their interaction with strategy and business model**
86
- - Output of the DMA: list of material topics
87
- - How material IROs interact with the business model and strategy
88
- - Financial effects: current financial effects and anticipated financial effects of material IROs
89
- - Resilience of strategy under different scenarios
90
-
91
- #### IRO — Impacts, Risks and Opportunities
92
-
93
- **IRO-1: Description of the processes to identify and assess material impacts, risks and opportunities**
94
- - DMA methodology: scope, process, tools, assessment criteria
95
- - How impact significance is assessed (scale, scope, irremediability, likelihood)
96
- - How financial risks/opportunities are identified and assessed
97
- - Stakeholders consulted and how their input was used
98
- - Any sector-specific guidance applied
99
-
100
- ---
101
-
102
- ## Environmental Standards
103
-
104
- ### ESRS E1 — Climate Change
105
-
106
- **Applicability:** Apply if material after DMA. Climate is presumed material for most large companies — requires compelling justification to omit.
107
-
108
- **Mandatory Datapoints Regardless of Materiality:**
109
- - E1-1: Transition plan for climate change mitigation (Art. 19a(2)(a) — legally required even if topic found non-material)
110
- - Energy consumption from fossil fuels (ESRS E1-5, para. 40)
111
-
112
- **Key Disclosures:**
113
-
114
- **E1-1: Transition plan for climate change mitigation**
115
- - Decarbonisation targets: 2030, 2040, 2050 aligned with 1.5°C
116
- - Planned actions and enablers
117
- - Financial resources allocated (capex, opex, R&D)
118
- - Role of carbon offsets (must distinguish from own-emission reductions)
119
- - Locked-in GHG assets and stranded asset risk
120
- - EU Taxonomy alignment targets
121
-
122
- **E1-2: Policies related to climate change mitigation and adaptation**
123
- - Scope of policies (own operations / value chain)
124
- - Climate risk management policies
125
- - Net-zero ambition and pathway description
126
-
127
- **E1-3: Actions and resources in relation to climate change policies**
128
- - Decarbonisation action plan with timelines
129
- - Resources committed (financial, human, technical)
130
- - Actions relating to key GHG sources in own operations and value chain
131
-
132
- **E1-4: Targets related to climate change mitigation and adaptation**
133
- - GHG reduction targets (scope 1, 2, 3 separately)
134
- - Alignment with Paris Agreement (1.5°C pathway)
135
- - Energy efficiency and renewable energy targets
136
- - Physical and transition risk mitigation targets
137
-
138
- **E1-5: Energy consumption and mix**
139
- - Total energy consumption (MWh)
140
- - Breakdown: fossil fuels / renewables / nuclear
141
- - Energy intensity (per net revenue or other denominator)
142
- - Renewable energy share
143
-
144
- **E1-6: Gross Scopes 1, 2, 3 and Total GHG emissions**
145
- - Scope 1: direct GHG emissions (tCO2e)
146
- - Scope 2: location-based AND market-based (tCO2e)
147
- - Scope 3: all 15 GHG Protocol categories (tCO2e)
148
- - Total GHG emissions (Scope 1 + 2 + 3)
149
- - GHG intensity (tCO2e per € net revenue)
150
- - Methodology: GHG Protocol, emission factors, exclusions
151
-
152
- **E1-7: GHG removals and climate project finance**
153
- - GHG removals from own operations
154
- - Carbon credits purchased (volume, type, standard)
155
- - Distinction between removals and credits in net-zero claims
156
-
157
- **E1-8: Internal carbon pricing**
158
- - Whether internal carbon price is used in decision-making
159
- - Price per tCO2e and application scope
160
-
161
- **E1-9: Anticipated financial effects from material physical and transition risks and potential climate-related opportunities**
162
- - Financial effects of physical risks (acute: flood, storm; chronic: temperature rise, sea-level)
163
- - Financial effects of transition risks (policy, technology, market, reputational)
164
- - Climate opportunities and anticipated financial benefits
165
- - Climate scenario analysis (at minimum 1.5°C and >2°C scenarios recommended)
166
-
167
- ---
168
-
169
- ### ESRS E2 — Pollution
170
-
171
- **Applicability:** Apply if material — manufacturing, chemicals, mining, agriculture sectors most likely.
172
-
173
- **Key Disclosures:**
174
- - **E2-1:** Policies related to pollution
175
- - **E2-2:** Actions and resources to prevent/control pollution
176
- - **E2-3:** Targets related to pollution
177
- - **E2-4:** Pollution of air, water, soil — by pollutant type and medium
178
- - Substances of Very High Concern (SVHC) under REACH Regulation
179
- - Persistent Organic Pollutants (POPs)
180
- - NOx, SOx, PM2.5 emissions
181
- - Wastewater discharges by type and receiving body
182
- - **E2-5:** Substances of concern — use, release, incidents
183
- - **E2-6:** Anticipated financial effects from pollution-related risks and opportunities
184
-
185
- ---
186
-
187
- ### ESRS E3 — Water and Marine Resources
188
-
189
- **Applicability:** Apply if material — agriculture, food & beverage, mining, textiles, electronics most likely.
190
-
191
- **Key Disclosures:**
192
- - **E3-1:** Policies related to water and marine resources
193
- - **E3-2:** Actions and resources to manage water and marine resources
194
- - **E3-3:** Targets for water and marine resources
195
- - **E3-4:** Water consumption and withdrawal
196
- - Total water withdrawal (megalitres) by source (surface, groundwater, third-party)
197
- - Total water consumption (megalitres)
198
- - Water intensity
199
- - Withdrawal in water-stressed areas (WRI Aqueduct or equivalent)
200
- - **E3-5:** Anticipated financial effects from water and marine resource risks
201
-
202
- ---
203
-
204
- ### ESRS E4 — Biodiversity and Ecosystems
205
-
206
- **Applicability:** Apply if material — sites in or adjacent to biodiversity-sensitive areas, land use change, supply chains impacting biodiversity.
207
-
208
- **Key Disclosures:**
209
- - **E4-1:** Transition plan and consideration of biodiversity and ecosystems in strategy and business model
210
- - **E4-2:** Policies related to biodiversity and ecosystems
211
- - **E4-3:** Actions and resources related to biodiversity and ecosystems
212
- - **E4-4:** Targets related to biodiversity and ecosystems
213
- - **E4-5:** Impact metrics related to biodiversity and ecosystems change — land use, ecosystem fragmentation, invasive species
214
- - **E4-6:** Anticipated financial effects from biodiversity and ecosystem-related risks
215
-
216
- **Key metric:** Sites owned, leased, or managed in or near protected areas / key biodiversity areas.
217
-
218
- ---
219
-
220
- ### ESRS E5 — Resource Use and Circular Economy
221
-
222
- **Applicability:** Apply if material — manufacturing, retail, packaging, construction, electronics most likely.
223
-
224
- **Key Disclosures:**
225
- - **E5-1:** Policies related to resource use and circular economy
226
- - **E5-2:** Actions and resources related to resource use and circular economy
227
- - **E5-3:** Targets related to resource use and circular economy
228
- - **E5-4:** Resource inflows — material consumption, virgin materials, renewable vs. non-renewable
229
- - **E5-5:** Resource outflows — waste by type (hazardous/non-hazardous) and disposal method (recycling, landfill, incineration); by-products and secondary raw materials
230
- - **E5-6:** Anticipated financial effects from resource use and circular economy transition risks/opportunities
231
-
232
- ---
233
-
234
- ## Social Standards
235
-
236
- ### ESRS S1 — Own Workforce
237
-
238
- **Applicability:** Apply if material — workforce impacts are typically material for most large companies.
239
-
240
- **Phase-in:** Gender pay gap and some workforce metrics have phase-in provisions for first-year reporters.
241
-
242
- **Key Disclosures:**
243
-
244
- **S1-1:** Policies related to own workforce (working conditions, equal treatment, health & safety)
245
- **S1-2:** Processes for engaging with own workers and workers' representatives
246
- **S1-3:** Processes to remediate negative impacts and channels for own workers to raise concerns
247
-
248
- **S1-4:** Taking action on material impacts on own workers, and approaches to managing material risks and pursuing material opportunities related to own workforce, and effectiveness of those actions
249
-
250
- **S1-5:** Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities
251
-
252
- **S1-6:** Characteristics of the undertaking's employees
253
- - Total number of employees
254
- - Breakdown: by gender, by country (for companies ≥1,000 employees in a country — if applicable), by employment type (permanent/temporary), by employment regime (full-time/part-time)
255
- - Number of non-employee workers (contractors, agency staff)
256
-
257
- **S1-7:** Characteristics of non-employees in the undertaking's own workforce
258
-
259
- **S1-8:** Collective bargaining coverage and social dialogue
260
- - % of own employees covered by collective bargaining agreements
261
- - Countries where collective bargaining coverage applies
262
-
263
- **S1-9:** Diversity metrics
264
- - % female employees (total workforce + management levels)
265
- - % employees by age group (<30, 30-50, >50)
266
-
267
- **S1-10:** Adequate wages — alignment with living wage benchmarks
268
-
269
- **S1-11:** Social protection coverage
270
-
271
- **S1-12:** Persons with disabilities in the workforce
272
-
273
- **S1-13:** Training and skills development
274
- - Average training hours per employee per year
275
- - % employees receiving regular performance reviews
276
- - Transition assistance programs
277
-
278
- **S1-14:** Health and safety
279
- - % employees covered by health & safety management system (ISO 45001 or equivalent)
280
- - Number of work-related fatalities (employees and non-employees)
281
- - Lost Time Injury Frequency Rate (LTIFR) — per 1 million hours worked
282
- - Number of recordable work-related accidents
283
- - Work-related ill health cases
284
-
285
- **S1-15:** Work-life balance — parental leave uptake rates by gender
286
-
287
- **S1-16:** Compensation metrics
288
- - CEO pay ratio (CEO total remuneration / median employee total remuneration)
289
- - Gender pay gap (median remuneration women vs. men, %)
290
-
291
- ---
292
-
293
- ### ESRS S2 — Workers in the Value Chain
294
-
295
- **Applicability:** Apply if material — companies with complex supply chains in high-risk sectors (garments, electronics, agriculture) most likely material.
296
-
297
- **Key Disclosures:**
298
- - **S2-1:** Policies related to workers in the value chain
299
- - **S2-2:** Processes for engaging with workers in the value chain about impacts
300
- - **S2-3:** Processes to remediate negative impacts on value chain workers
301
- - **S2-4:** Actions taken, and approaches to managing risks related to value chain workers
302
- - **S2-5:** Targets related to managing material impacts on workers in the value chain
303
-
304
- **Key metrics:** Number of value chain workers potentially affected by adverse impacts; coverage of due diligence by supply chain tier.
305
-
306
- ---
307
-
308
- ### ESRS S3 — Affected Communities
309
-
310
- **Applicability:** Apply if material — extractives, infrastructure, large land users, operations in indigenous territories.
311
-
312
- **Key Disclosures:**
313
- - **S3-1:** Policies related to affected communities
314
- - **S3-2:** Processes for engaging with affected communities about impacts
315
- - **S3-3:** Processes to remediate negative impacts on affected communities
316
- - **S3-4:** Actions and approaches to managing community-related risks
317
- - **S3-5:** Targets related to managing impacts on affected communities
318
-
319
- **Topics covered:** Access to land/water/food, community health, indigenous peoples' rights (FPIC), economic displacement, cultural heritage.
320
-
321
- ---
322
-
323
- ### ESRS S4 — Consumers and End-Users
324
-
325
- **Applicability:** Apply if material — B2C companies, healthcare, financial services, digital platforms, food/beverage most likely.
326
-
327
- **Key Disclosures:**
328
- - **S4-1:** Policies related to consumers and end-users
329
- - **S4-2:** Processes for engaging with consumers and end-users about impacts
330
- - **S4-3:** Processes to remediate negative impacts on consumers and end-users
331
- - **S4-4:** Actions and approaches to managing consumer-related risks and opportunities
332
- - **S4-5:** Targets related to managing material impacts on consumers and end-users
333
-
334
- **Topics covered:** Product safety, data protection, accessibility, responsible marketing, non-discrimination, right to privacy, financial inclusion.
335
-
336
- ---
337
-
338
- ## Governance Standards
339
-
340
- ### ESRS G1 — Business Conduct
341
-
342
- **Applicability:** Apply if material — typically material for most large companies given breadth of topics.
343
-
344
- **Key Disclosures:**
345
-
346
- **G1-1:** Corporate culture and business conduct policies
347
- - Code of conduct / code of ethics
348
- - Anti-corruption and anti-bribery policies
349
- - Lobbying and political engagement policies
350
- - Payment practices policies (prompt payment)
351
-
352
- **G1-2:** Management of relationships with suppliers
353
- - Responsible procurement policies
354
- - Fair dealing with suppliers (payment terms, supplier codes)
355
- - Tier-1 supplier coverage of due diligence
356
-
357
- **G1-3:** Prevention and detection of corruption and bribery
358
- - Risk assessment methodology
359
- - Training coverage for anti-corruption
360
- - Incidents of corruption confirmed during the reporting period
361
-
362
- **G1-4:** Incidents of corruption or bribery
363
- - Number of convictions for corruption
364
- - Total monetary value of fines for corruption
365
- - Actions taken in response to confirmed incidents
366
-
367
- **G1-5:** Political influence and lobbying activities
368
- - Total financial or in-kind contributions to political parties
369
- - List of significant lobbying activities and positions taken
370
-
371
- **G1-6:** Payment practices
372
- - Average payment period (days) to suppliers
373
- - % of payments made beyond contractual terms
374
- - Complaints from suppliers about payment practices
375
-
376
- ---
377
-
378
- ## Interoperability Notes
379
-
380
- ### GRI Alignment (ESRS 1, Appendix C)
381
- EFRAG published an interoperability mapping between ESRS and GRI Standards. Key mappings:
382
- - ESRS E1 ↔ GRI 305 (Emissions), GRI 302 (Energy)
383
- - ESRS S1 ↔ GRI 401 (Employment), GRI 403 (OHS), GRI 405 (Diversity)
384
- - ESRS G1 ↔ GRI 205 (Anti-corruption), GRI 206 (Anti-competitive behaviour)
385
-
386
- Companies with GRI reports should conduct gap analysis against ESRS rather than starting fresh.
387
-
388
- ### TCFD Alignment
389
- ESRS E1 incorporates TCFD framework recommendations:
390
- - Governance → ESRS 2 GOV disclosures
391
- - Strategy → ESRS 2 SBM disclosures + E1-9 financial effects
392
- - Risk management → ESRS 2 IRO-1
393
- - Metrics & targets → ESRS E1-4, E1-6
394
-
395
- TCFD reporters have a strong foundation but must add: Scope 3 (all 15 categories), transition plan (E1-1), and EU Taxonomy alignment.
396
-
397
- ### SASB Alignment
398
- EFRAG published ESRS-SASB interoperability guidance. Sector-specific SASB metrics may provide useful proxies for ESRS datapoints in the same domain.
399
-
400
- ### CDP Alignment
401
- CDP questionnaire responses (Climate, Water, Forests) provide significant data that maps to ESRS E1, E3, E4. CDP reporters can reuse much of their data collection infrastructure.
1
+ # ESRS Standards — Detailed Reference
2
+
3
+ ## Cross-Cutting Standards (Mandatory for All In-Scope Companies)
4
+
5
+ ---
6
+
7
+ ### ESRS 1 — General Requirements
8
+
9
+ **Purpose:** Sets the foundations for CSRD reporting — principles, structure, and the double materiality concept.
10
+
11
+ **Key Requirements:**
12
+
13
+ **Reporting Principles (paras. 1–18)**
14
+ - Relevance, faithful representation, comparability, verifiability, understandability
15
+ - Materiality-based reporting — only report what is material after DMA
16
+ - Connected information — sustainability information must connect to financial statements
17
+
18
+ **Double Materiality (paras. 19–44)**
19
+ - Two perspectives: impact materiality + financial materiality
20
+ - Both lenses must be applied; a topic is material if it meets EITHER criterion
21
+ - DMA must cover own operations AND value chain
22
+
23
+ **Value Chain (paras. 62–68)**
24
+ - Must consider upstream (suppliers) and downstream (customers, end-users) value chain
25
+ - Depth of value chain assessment scales with material impacts/risks
26
+ - Where direct data unavailable, use proxy data / sector averages (disclose methodology)
27
+
28
+ **Time Horizons (para. 72)**
29
+ - Short-term: up to 1 year
30
+ - Medium-term: 1–5 years
31
+ - Long-term: beyond 5 years
32
+
33
+ **Comparative Information (para. 86)**
34
+ - Prior-year comparative data required for all quantitative disclosures
35
+
36
+ **Transition Relief (paras. 118–134)**
37
+ - Phase-in for Scope 3, ESRS S1 pay gap, some biodiversity datapoints
38
+ - Listed SMEs may use simplified ESRS (voluntary standard pending)
39
+
40
+ ---
41
+
42
+ ### ESRS 2 — General Disclosures
43
+
44
+ **Purpose:** Mandatory disclosures on governance, strategy, and risk management applicable to all in-scope companies regardless of DMA outcome.
45
+
46
+ **Status:** Fully mandatory — cannot be omitted even if all topical standards are found non-material.
47
+
48
+ #### GOV — Governance
49
+
50
+ **GOV-1: Role of the administrative, management and supervisory bodies**
51
+ - Composition and diversity of governance bodies related to sustainability
52
+ - Sustainability expertise of governance members
53
+ - How governance bodies oversee sustainability strategy and IROs
54
+ - Integration of sustainability in board agendas and reporting lines
55
+
56
+ **GOV-2: Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies**
57
+ - Frequency and nature of sustainability information provided to governing bodies
58
+ - How governing bodies consider sustainability risks and opportunities in decision-making
59
+
60
+ **GOV-3: Integration of sustainability-related performance in incentive schemes**
61
+ - Whether and how ESG performance is integrated in executive/management remuneration
62
+ - Proportion of remuneration linked to sustainability targets
63
+
64
+ **GOV-4: Statement on due diligence**
65
+ - Whether the company has a due diligence process aligned with international standards (UN Guiding Principles, OECD Guidelines)
66
+ - How human rights and environmental due diligence is embedded in operations
67
+
68
+ **GOV-5: Risk management and internal controls over sustainability reporting**
69
+ - Internal control framework for sustainability reporting
70
+ - How risks of material misstatement in sustainability data are managed
71
+
72
+ #### SBM — Strategy and Business Model
73
+
74
+ **SBM-1: Strategy, business model, and value chain**
75
+ - Business model overview and key value drivers
76
+ - How sustainability matters are integrated into strategy
77
+ - Full value chain description (upstream, operations, downstream)
78
+ - Significant products, services, markets, and geographies
79
+
80
+ **SBM-2: Interests and views of stakeholders**
81
+ - Stakeholder engagement process and which stakeholders were consulted
82
+ - How stakeholder views influenced strategy and reporting
83
+ - Linkage between stakeholder input and material IROs identified
84
+
85
+ **SBM-3: Material impacts, risks and opportunities and their interaction with strategy and business model**
86
+ - Output of the DMA: list of material topics
87
+ - How material IROs interact with the business model and strategy
88
+ - Financial effects: current financial effects and anticipated financial effects of material IROs
89
+ - Resilience of strategy under different scenarios
90
+
91
+ #### IRO — Impacts, Risks and Opportunities
92
+
93
+ **IRO-1: Description of the processes to identify and assess material impacts, risks and opportunities**
94
+ - DMA methodology: scope, process, tools, assessment criteria
95
+ - How impact significance is assessed (scale, scope, irremediability, likelihood)
96
+ - How financial risks/opportunities are identified and assessed
97
+ - Stakeholders consulted and how their input was used
98
+ - Any sector-specific guidance applied
99
+
100
+ ---
101
+
102
+ ## Environmental Standards
103
+
104
+ ### ESRS E1 — Climate Change
105
+
106
+ **Applicability:** Apply if material after DMA. Climate is presumed material for most large companies — requires compelling justification to omit.
107
+
108
+ **Mandatory Datapoints Regardless of Materiality:**
109
+ - E1-1: Transition plan for climate change mitigation (Art. 19a(2)(a) — legally required even if topic found non-material)
110
+ - Energy consumption from fossil fuels (ESRS E1-5, para. 40)
111
+
112
+ **Key Disclosures:**
113
+
114
+ **E1-1: Transition plan for climate change mitigation**
115
+ - Decarbonisation targets: 2030, 2040, 2050 aligned with 1.5°C
116
+ - Planned actions and enablers
117
+ - Financial resources allocated (capex, opex, R&D)
118
+ - Role of carbon offsets (must distinguish from own-emission reductions)
119
+ - Locked-in GHG assets and stranded asset risk
120
+ - EU Taxonomy alignment targets
121
+
122
+ **E1-2: Policies related to climate change mitigation and adaptation**
123
+ - Scope of policies (own operations / value chain)
124
+ - Climate risk management policies
125
+ - Net-zero ambition and pathway description
126
+
127
+ **E1-3: Actions and resources in relation to climate change policies**
128
+ - Decarbonisation action plan with timelines
129
+ - Resources committed (financial, human, technical)
130
+ - Actions relating to key GHG sources in own operations and value chain
131
+
132
+ **E1-4: Targets related to climate change mitigation and adaptation**
133
+ - GHG reduction targets (scope 1, 2, 3 separately)
134
+ - Alignment with Paris Agreement (1.5°C pathway)
135
+ - Energy efficiency and renewable energy targets
136
+ - Physical and transition risk mitigation targets
137
+
138
+ **E1-5: Energy consumption and mix**
139
+ - Total energy consumption (MWh)
140
+ - Breakdown: fossil fuels / renewables / nuclear
141
+ - Energy intensity (per net revenue or other denominator)
142
+ - Renewable energy share
143
+
144
+ **E1-6: Gross Scopes 1, 2, 3 and Total GHG emissions**
145
+ - Scope 1: direct GHG emissions (tCO2e)
146
+ - Scope 2: location-based AND market-based (tCO2e)
147
+ - Scope 3: all 15 GHG Protocol categories (tCO2e)
148
+ - Total GHG emissions (Scope 1 + 2 + 3)
149
+ - GHG intensity (tCO2e per € net revenue)
150
+ - Methodology: GHG Protocol, emission factors, exclusions
151
+
152
+ **E1-7: GHG removals and climate project finance**
153
+ - GHG removals from own operations
154
+ - Carbon credits purchased (volume, type, standard)
155
+ - Distinction between removals and credits in net-zero claims
156
+
157
+ **E1-8: Internal carbon pricing**
158
+ - Whether internal carbon price is used in decision-making
159
+ - Price per tCO2e and application scope
160
+
161
+ **E1-9: Anticipated financial effects from material physical and transition risks and potential climate-related opportunities**
162
+ - Financial effects of physical risks (acute: flood, storm; chronic: temperature rise, sea-level)
163
+ - Financial effects of transition risks (policy, technology, market, reputational)
164
+ - Climate opportunities and anticipated financial benefits
165
+ - Climate scenario analysis (at minimum 1.5°C and >2°C scenarios recommended)
166
+
167
+ ---
168
+
169
+ ### ESRS E2 — Pollution
170
+
171
+ **Applicability:** Apply if material — manufacturing, chemicals, mining, agriculture sectors most likely.
172
+
173
+ **Key Disclosures:**
174
+ - **E2-1:** Policies related to pollution
175
+ - **E2-2:** Actions and resources to prevent/control pollution
176
+ - **E2-3:** Targets related to pollution
177
+ - **E2-4:** Pollution of air, water, soil — by pollutant type and medium
178
+ - Substances of Very High Concern (SVHC) under REACH Regulation
179
+ - Persistent Organic Pollutants (POPs)
180
+ - NOx, SOx, PM2.5 emissions
181
+ - Wastewater discharges by type and receiving body
182
+ - **E2-5:** Substances of concern — use, release, incidents
183
+ - **E2-6:** Anticipated financial effects from pollution-related risks and opportunities
184
+
185
+ ---
186
+
187
+ ### ESRS E3 — Water and Marine Resources
188
+
189
+ **Applicability:** Apply if material — agriculture, food & beverage, mining, textiles, electronics most likely.
190
+
191
+ **Key Disclosures:**
192
+ - **E3-1:** Policies related to water and marine resources
193
+ - **E3-2:** Actions and resources to manage water and marine resources
194
+ - **E3-3:** Targets for water and marine resources
195
+ - **E3-4:** Water consumption and withdrawal
196
+ - Total water withdrawal (megalitres) by source (surface, groundwater, third-party)
197
+ - Total water consumption (megalitres)
198
+ - Water intensity
199
+ - Withdrawal in water-stressed areas (WRI Aqueduct or equivalent)
200
+ - **E3-5:** Anticipated financial effects from water and marine resource risks
201
+
202
+ ---
203
+
204
+ ### ESRS E4 — Biodiversity and Ecosystems
205
+
206
+ **Applicability:** Apply if material — sites in or adjacent to biodiversity-sensitive areas, land use change, supply chains impacting biodiversity.
207
+
208
+ **Key Disclosures:**
209
+ - **E4-1:** Transition plan and consideration of biodiversity and ecosystems in strategy and business model
210
+ - **E4-2:** Policies related to biodiversity and ecosystems
211
+ - **E4-3:** Actions and resources related to biodiversity and ecosystems
212
+ - **E4-4:** Targets related to biodiversity and ecosystems
213
+ - **E4-5:** Impact metrics related to biodiversity and ecosystems change — land use, ecosystem fragmentation, invasive species
214
+ - **E4-6:** Anticipated financial effects from biodiversity and ecosystem-related risks
215
+
216
+ **Key metric:** Sites owned, leased, or managed in or near protected areas / key biodiversity areas.
217
+
218
+ ---
219
+
220
+ ### ESRS E5 — Resource Use and Circular Economy
221
+
222
+ **Applicability:** Apply if material — manufacturing, retail, packaging, construction, electronics most likely.
223
+
224
+ **Key Disclosures:**
225
+ - **E5-1:** Policies related to resource use and circular economy
226
+ - **E5-2:** Actions and resources related to resource use and circular economy
227
+ - **E5-3:** Targets related to resource use and circular economy
228
+ - **E5-4:** Resource inflows — material consumption, virgin materials, renewable vs. non-renewable
229
+ - **E5-5:** Resource outflows — waste by type (hazardous/non-hazardous) and disposal method (recycling, landfill, incineration); by-products and secondary raw materials
230
+ - **E5-6:** Anticipated financial effects from resource use and circular economy transition risks/opportunities
231
+
232
+ ---
233
+
234
+ ## Social Standards
235
+
236
+ ### ESRS S1 — Own Workforce
237
+
238
+ **Applicability:** Apply if material — workforce impacts are typically material for most large companies.
239
+
240
+ **Phase-in:** Gender pay gap and some workforce metrics have phase-in provisions for first-year reporters.
241
+
242
+ **Key Disclosures:**
243
+
244
+ **S1-1:** Policies related to own workforce (working conditions, equal treatment, health & safety)
245
+ **S1-2:** Processes for engaging with own workers and workers' representatives
246
+ **S1-3:** Processes to remediate negative impacts and channels for own workers to raise concerns
247
+
248
+ **S1-4:** Taking action on material impacts on own workers, and approaches to managing material risks and pursuing material opportunities related to own workforce, and effectiveness of those actions
249
+
250
+ **S1-5:** Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities
251
+
252
+ **S1-6:** Characteristics of the undertaking's employees
253
+ - Total number of employees
254
+ - Breakdown: by gender, by country (for companies ≥1,000 employees in a country — if applicable), by employment type (permanent/temporary), by employment regime (full-time/part-time)
255
+ - Number of non-employee workers (contractors, agency staff)
256
+
257
+ **S1-7:** Characteristics of non-employees in the undertaking's own workforce
258
+
259
+ **S1-8:** Collective bargaining coverage and social dialogue
260
+ - % of own employees covered by collective bargaining agreements
261
+ - Countries where collective bargaining coverage applies
262
+
263
+ **S1-9:** Diversity metrics
264
+ - % female employees (total workforce + management levels)
265
+ - % employees by age group (<30, 30-50, >50)
266
+
267
+ **S1-10:** Adequate wages — alignment with living wage benchmarks
268
+
269
+ **S1-11:** Social protection coverage
270
+
271
+ **S1-12:** Persons with disabilities in the workforce
272
+
273
+ **S1-13:** Training and skills development
274
+ - Average training hours per employee per year
275
+ - % employees receiving regular performance reviews
276
+ - Transition assistance programs
277
+
278
+ **S1-14:** Health and safety
279
+ - % employees covered by health & safety management system (ISO 45001 or equivalent)
280
+ - Number of work-related fatalities (employees and non-employees)
281
+ - Lost Time Injury Frequency Rate (LTIFR) — per 1 million hours worked
282
+ - Number of recordable work-related accidents
283
+ - Work-related ill health cases
284
+
285
+ **S1-15:** Work-life balance — parental leave uptake rates by gender
286
+
287
+ **S1-16:** Compensation metrics
288
+ - CEO pay ratio (CEO total remuneration / median employee total remuneration)
289
+ - Gender pay gap (median remuneration women vs. men, %)
290
+
291
+ ---
292
+
293
+ ### ESRS S2 — Workers in the Value Chain
294
+
295
+ **Applicability:** Apply if material — companies with complex supply chains in high-risk sectors (garments, electronics, agriculture) most likely material.
296
+
297
+ **Key Disclosures:**
298
+ - **S2-1:** Policies related to workers in the value chain
299
+ - **S2-2:** Processes for engaging with workers in the value chain about impacts
300
+ - **S2-3:** Processes to remediate negative impacts on value chain workers
301
+ - **S2-4:** Actions taken, and approaches to managing risks related to value chain workers
302
+ - **S2-5:** Targets related to managing material impacts on workers in the value chain
303
+
304
+ **Key metrics:** Number of value chain workers potentially affected by adverse impacts; coverage of due diligence by supply chain tier.
305
+
306
+ ---
307
+
308
+ ### ESRS S3 — Affected Communities
309
+
310
+ **Applicability:** Apply if material — extractives, infrastructure, large land users, operations in indigenous territories.
311
+
312
+ **Key Disclosures:**
313
+ - **S3-1:** Policies related to affected communities
314
+ - **S3-2:** Processes for engaging with affected communities about impacts
315
+ - **S3-3:** Processes to remediate negative impacts on affected communities
316
+ - **S3-4:** Actions and approaches to managing community-related risks
317
+ - **S3-5:** Targets related to managing impacts on affected communities
318
+
319
+ **Topics covered:** Access to land/water/food, community health, indigenous peoples' rights (FPIC), economic displacement, cultural heritage.
320
+
321
+ ---
322
+
323
+ ### ESRS S4 — Consumers and End-Users
324
+
325
+ **Applicability:** Apply if material — B2C companies, healthcare, financial services, digital platforms, food/beverage most likely.
326
+
327
+ **Key Disclosures:**
328
+ - **S4-1:** Policies related to consumers and end-users
329
+ - **S4-2:** Processes for engaging with consumers and end-users about impacts
330
+ - **S4-3:** Processes to remediate negative impacts on consumers and end-users
331
+ - **S4-4:** Actions and approaches to managing consumer-related risks and opportunities
332
+ - **S4-5:** Targets related to managing material impacts on consumers and end-users
333
+
334
+ **Topics covered:** Product safety, data protection, accessibility, responsible marketing, non-discrimination, right to privacy, financial inclusion.
335
+
336
+ ---
337
+
338
+ ## Governance Standards
339
+
340
+ ### ESRS G1 — Business Conduct
341
+
342
+ **Applicability:** Apply if material — typically material for most large companies given breadth of topics.
343
+
344
+ **Key Disclosures:**
345
+
346
+ **G1-1:** Corporate culture and business conduct policies
347
+ - Code of conduct / code of ethics
348
+ - Anti-corruption and anti-bribery policies
349
+ - Lobbying and political engagement policies
350
+ - Payment practices policies (prompt payment)
351
+
352
+ **G1-2:** Management of relationships with suppliers
353
+ - Responsible procurement policies
354
+ - Fair dealing with suppliers (payment terms, supplier codes)
355
+ - Tier-1 supplier coverage of due diligence
356
+
357
+ **G1-3:** Prevention and detection of corruption and bribery
358
+ - Risk assessment methodology
359
+ - Training coverage for anti-corruption
360
+ - Incidents of corruption confirmed during the reporting period
361
+
362
+ **G1-4:** Incidents of corruption or bribery
363
+ - Number of convictions for corruption
364
+ - Total monetary value of fines for corruption
365
+ - Actions taken in response to confirmed incidents
366
+
367
+ **G1-5:** Political influence and lobbying activities
368
+ - Total financial or in-kind contributions to political parties
369
+ - List of significant lobbying activities and positions taken
370
+
371
+ **G1-6:** Payment practices
372
+ - Average payment period (days) to suppliers
373
+ - % of payments made beyond contractual terms
374
+ - Complaints from suppliers about payment practices
375
+
376
+ ---
377
+
378
+ ## Interoperability Notes
379
+
380
+ ### GRI Alignment (ESRS 1, Appendix C)
381
+ EFRAG published an interoperability mapping between ESRS and GRI Standards. Key mappings:
382
+ - ESRS E1 ↔ GRI 305 (Emissions), GRI 302 (Energy)
383
+ - ESRS S1 ↔ GRI 401 (Employment), GRI 403 (OHS), GRI 405 (Diversity)
384
+ - ESRS G1 ↔ GRI 205 (Anti-corruption), GRI 206 (Anti-competitive behaviour)
385
+
386
+ Companies with GRI reports should conduct gap analysis against ESRS rather than starting fresh.
387
+
388
+ ### TCFD Alignment
389
+ ESRS E1 incorporates TCFD framework recommendations:
390
+ - Governance → ESRS 2 GOV disclosures
391
+ - Strategy → ESRS 2 SBM disclosures + E1-9 financial effects
392
+ - Risk management → ESRS 2 IRO-1
393
+ - Metrics & targets → ESRS E1-4, E1-6
394
+
395
+ TCFD reporters have a strong foundation but must add: Scope 3 (all 15 categories), transition plan (E1-1), and EU Taxonomy alignment.
396
+
397
+ ### SASB Alignment
398
+ EFRAG published ESRS-SASB interoperability guidance. Sector-specific SASB metrics may provide useful proxies for ESRS datapoints in the same domain.
399
+
400
+ ### CDP Alignment
401
+ CDP questionnaire responses (Climate, Water, Forests) provide significant data that maps to ESRS E1, E3, E4. CDP reporters can reuse much of their data collection infrastructure.