bmad-plus 0.8.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (213) hide show
  1. package/CHANGELOG.md +45 -1
  2. package/LICENSE +21 -21
  3. package/README.md +107 -85
  4. package/osint-agent-package/README.md +88 -88
  5. package/osint-agent-package/SETUP_KEYS.md +108 -108
  6. package/osint-agent-package/agents/osint-investigator.md +80 -80
  7. package/osint-agent-package/install.ps1 +87 -87
  8. package/osint-agent-package/install.sh +76 -76
  9. package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
  10. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
  11. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
  12. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -266
  13. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
  14. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
  15. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
  16. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
  17. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
  18. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
  19. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
  20. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
  21. package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
  22. package/package.json +30 -3
  23. package/readme-international/README.de.md +18 -5
  24. package/readme-international/README.es.md +40 -12
  25. package/readme-international/README.fr.md +36 -8
  26. package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
  27. package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
  28. package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
  29. package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
  30. package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
  31. package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
  32. package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
  33. package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
  34. package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
  35. package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
  36. package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
  37. package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
  38. package/src/bmad-plus/data/role-triggers.yaml +209 -209
  39. package/src/bmad-plus/module-help.csv +10 -10
  40. package/src/bmad-plus/packs/pack-memory/README.md +106 -106
  41. package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
  42. package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
  43. package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
  44. package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
  45. package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
  46. package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
  47. package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
  48. package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
  49. package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
  50. package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
  51. package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -0
  52. package/src/bmad-plus/packs/pack-shield/README.md +110 -110
  53. package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -0
  54. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +251 -251
  55. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +168 -168
  56. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +190 -190
  57. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +86 -86
  58. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +240 -240
  59. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +122 -122
  60. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +210 -210
  61. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +139 -139
  62. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +156 -156
  63. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +72 -72
  64. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +239 -239
  65. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +207 -207
  66. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
  67. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
  68. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
  69. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
  70. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
  71. package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +116 -116
  72. package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +261 -261
  73. package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +191 -191
  74. package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +356 -356
  75. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +499 -499
  76. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +236 -236
  77. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +162 -162
  78. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +228 -228
  79. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +255 -255
  80. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +153 -153
  81. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
  82. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
  83. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
  84. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
  85. package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
  86. package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
  87. package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
  88. package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
  89. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
  90. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
  91. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
  92. package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
  93. package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
  94. package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
  95. package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
  96. package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
  97. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
  98. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
  99. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
  100. package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
  101. package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
  102. package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
  103. package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
  104. package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
  105. package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
  106. package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
  107. package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
  108. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
  109. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
  110. package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
  111. package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
  112. package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
  113. package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
  114. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
  115. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
  116. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
  117. package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
  118. package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
  119. package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
  120. package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
  121. package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
  122. package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
  123. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
  124. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
  125. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
  126. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
  127. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
  128. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
  129. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
  130. package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
  131. package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
  132. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
  133. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
  134. package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
  135. package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
  136. package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
  137. package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
  138. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
  139. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
  140. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
  141. package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
  142. package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
  143. package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
  144. package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
  145. package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
  146. package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
  147. package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
  148. package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
  149. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
  150. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
  151. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
  152. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
  153. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
  154. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
  155. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
  156. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
  157. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
  158. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
  159. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
  160. package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
  161. package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
  162. package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
  163. package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
  164. package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
  165. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
  166. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
  167. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
  168. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
  169. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
  170. package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
  171. package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
  172. package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
  173. package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
  174. package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
  175. package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
  176. package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
  177. package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
  178. package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
  179. package/tools/bmad-plus-npx.js +3 -5
  180. package/tools/cli/bmad-plus-cli.js +5 -3
  181. package/tools/cli/commands/autoconfig.js +18 -61
  182. package/tools/cli/commands/doctor.js +30 -31
  183. package/tools/cli/commands/install.js +33 -343
  184. package/tools/cli/commands/memory.js +1 -0
  185. package/tools/cli/commands/scan.js +61 -74
  186. package/tools/cli/commands/uninstall.js +7 -4
  187. package/tools/cli/commands/update.js +15 -72
  188. package/tools/cli/i18n.js +92 -10
  189. package/tools/cli/lib/ide-config.js +259 -0
  190. package/tools/cli/lib/memory-init.js +113 -0
  191. package/tools/cli/lib/pack-copy.js +84 -0
  192. package/tools/cli/lib/packs.js +114 -0
  193. package/tools/cli/lib/stack-detect.js +102 -0
  194. package/tools/cli/lib/validate.js +45 -0
  195. package/src/bmad-plus/agents/pack-animated/animated-website-agent.md +0 -325
  196. package/src/bmad-plus/agents/pack-animated/templates/animated-website-workflow.md +0 -55
  197. package/src/bmad-plus/agents/pack-backup/backup-agent.md +0 -71
  198. package/src/bmad-plus/agents/pack-backup/templates/backup-workflow.md +0 -51
  199. package/src/bmad-plus/agents/pack-seo/SKILL.md +0 -171
  200. package/src/bmad-plus/agents/pack-seo/checklist.md +0 -140
  201. package/src/bmad-plus/agents/pack-seo/pagespeed-playbook.md +0 -320
  202. package/src/bmad-plus/agents/pack-seo/ref/audit-schema.json +0 -187
  203. package/src/bmad-plus/agents/pack-seo/ref/cwv-thresholds.md +0 -87
  204. package/src/bmad-plus/agents/pack-seo/ref/eeat-criteria.md +0 -123
  205. package/src/bmad-plus/agents/pack-seo/ref/geo-signals.md +0 -167
  206. package/src/bmad-plus/agents/pack-seo/ref/hreflang-rules.md +0 -153
  207. package/src/bmad-plus/agents/pack-seo/ref/quality-gates.md +0 -133
  208. package/src/bmad-plus/agents/pack-seo/ref/schema-catalog.md +0 -91
  209. package/src/bmad-plus/agents/pack-seo/ref/schema-templates.json +0 -356
  210. package/src/bmad-plus/agents/pack-seo/seo-chief.md +0 -294
  211. package/src/bmad-plus/agents/pack-seo/seo-judge.md +0 -241
  212. package/src/bmad-plus/agents/pack-seo/seo-scout.md +0 -171
  213. package/src/bmad-plus/agents/pack-seo/templates/seo-audit-workflow.md +0 -241
@@ -1,253 +1,253 @@
1
- # Double Materiality Assessment (DMA) — Methodology and Templates
2
-
3
- ## Overview
4
-
5
- The Double Materiality Assessment is the mandatory first step in CSRD compliance (ESRS 1, paras. 19–56). Every in-scope company must complete a DMA before deciding which ESRS topical standards to report on. The DMA determines what is reported; it cannot be completed retrospectively.
6
-
7
- ---
8
-
9
- ## Two Perspectives Explained
10
-
11
- ### 1. Impact Materiality (Inside-Out)
12
- *Does the company have actual or potential impacts on people or the environment?*
13
-
14
- **Scope:** Own operations + upstream and downstream value chain
15
-
16
- **Actual impacts:** Currently occurring
17
- **Potential impacts:** Could occur in the future (assess likelihood)
18
-
19
- **Positive impacts:** Benefits to people or environment (e.g., jobs created, carbon sequestration)
20
- **Negative impacts:** Harm to people or environment (e.g., pollution, unsafe working conditions)
21
-
22
- **Significance assessment formula:**
23
- - *Negative actual impacts:* Scale × Scope × Irremediability
24
- - *Negative potential impacts:* Scale × Scope × Irremediability × Likelihood
25
- - *Positive actual impacts:* Scale × Scope
26
- - *Positive potential impacts:* Scale × Scope × Likelihood
27
-
28
- **Definitions:**
29
- | Criterion | Definition |
30
- |-----------|-----------|
31
- | Scale | Severity of the impact on people or environment |
32
- | Scope | How widespread (number of people affected / geographic area) |
33
- | Irremediability | Difficulty of restoring pre-impact state |
34
- | Likelihood | Probability of potential impact occurring |
35
-
36
- ### 2. Financial Materiality (Outside-In)
37
- *Does the sustainability matter create risks or opportunities affecting the company's finances?*
38
-
39
- **Financial effects include:** Revenue, costs, assets, liabilities, cash flows, access to finance, cost of capital
40
-
41
- **Time horizons:** Short-term (<1 year), medium-term (1–5 years), long-term (>5 years)
42
-
43
- **Assessment criteria:**
44
- - Magnitude: How large could the financial effect be? (quantify where possible)
45
- - Likelihood: How probable is the financial effect?
46
-
47
- **Sources of financial risks and opportunities:**
48
- - Physical risks (acute: extreme weather; chronic: temperature, sea-level)
49
- - Transition risks (policy/regulation, technology, market, reputational)
50
- - Opportunities (energy efficiency, new markets, brand value, talent attraction)
51
-
52
- ### The Materiality Threshold
53
- A topic is **material** if it meets EITHER the impact materiality threshold OR the financial materiality threshold (or both).
54
-
55
- There is no prescribed numerical threshold — companies set their own thresholds, which must be justified and disclosed (ESRS 2 IRO-1).
56
-
57
- ---
58
-
59
- ## DMA Process — Step by Step
60
-
61
- ### Step 1: Understand the Context (ESRS 1, para. 45)
62
-
63
- **Activities:**
64
- 1. Map the business model: products/services, markets, geographies
65
- 2. Map the value chain: key suppliers (tier 1 and beyond), distribution, customers, end-users
66
- 3. Identify the company's key activities, assets, and relationships
67
- 4. Identify sector-specific sustainability risks using industry references (ESRS sector standards when published, SASB, GRI sector standards)
68
-
69
- **Output:** Business context document / value chain map
70
-
71
- ---
72
-
73
- ### Step 2: Identify Actual and Potential Impacts (ESRS 1, paras. 46–48)
74
-
75
- **Sources of impact identification:**
76
- - Internal: operations review, incident data, management interviews
77
- - External: stakeholder engagement, industry benchmarks, peer analysis, ESG ratings
78
-
79
- **Stakeholder engagement (ESRS 1, para. 22):**
80
- ESRS requires meaningful engagement with affected stakeholders and users of sustainability reporting. Stakeholders to engage:
81
- - Workers (own and value chain)
82
- - Local communities
83
- - Customers / consumers
84
- - NGOs and civil society
85
- - Investors and financial institutions
86
- - Regulators
87
-
88
- **Output:** Long list of potential impacts per ESRS topic area
89
-
90
- ---
91
-
92
- ### Step 3: Assess Significance of Impacts
93
-
94
- Rate each identified impact on each criterion using a 1–5 scale (or equivalent):
95
-
96
- **Impact Scoring Matrix:**
97
-
98
- | Score | Scale | Scope | Irremediability | Likelihood |
99
- |-------|-------|-------|----------------|-----------|
100
- | 1 | Minimal | Very local / few individuals | Easily remediable | Very unlikely (<5%) |
101
- | 2 | Low | Local / small group | Mostly remediable | Unlikely (5–25%) |
102
- | 3 | Moderate | Regional / significant group | Partially remediable | Possible (25–50%) |
103
- | 4 | High | National / large group | Mostly irreversible | Likely (50–75%) |
104
- | 5 | Severe | International / systemic | Irreversible | Very likely (>75%) |
105
-
106
- **Severity score (negative actual):** Scale × Scope × Irremediability (max 125)
107
- **Severity score (negative potential):** Scale × Scope × Irremediability × Likelihood (max 625)
108
-
109
- **Materiality threshold:** Company-defined (example: severity ≥ 27 for actual impacts; ≥ 50 for potential impacts)
110
-
111
- ---
112
-
113
- ### Step 4: Identify Financial Risks and Opportunities
114
-
115
- For each ESRS topic, assess whether there are associated financial risks or opportunities.
116
-
117
- **Financial Risk/Opportunity Identification Template:**
118
-
119
- | ESRS Topic | Risk/Opportunity Type | Description | Time Horizon | Potential Financial Effect |
120
- |-----------|----------------------|-------------|-------------|--------------------------|
121
- | Climate (E1) | Physical risk (acute) | Flooding of key manufacturing site | Short-term | Asset damage, business interruption |
122
- | Climate (E1) | Transition risk | Carbon pricing increases operating costs | Medium-term | Higher fuel/energy costs |
123
- | Water (E3) | Physical risk (chronic) | Water scarcity in production region | Long-term | Supply disruption, increased costs |
124
- | Workforce (S1) | Opportunity | Employer brand attracts talent | Short-term | Lower recruitment costs, retention |
125
-
126
- ---
127
-
128
- ### Step 5: Assess Financial Significance
129
-
130
- Rate identified risks/opportunities:
131
-
132
- | Rating | Magnitude | Likelihood |
133
- |--------|-----------|-----------|
134
- | Low | <1% of EBITDA | <25% |
135
- | Medium | 1–5% of EBITDA | 25–75% |
136
- | High | >5% of EBITDA | >75% |
137
-
138
- **Financial materiality score:** Magnitude × Likelihood → topic is financially material if score exceeds threshold.
139
-
140
- ---
141
-
142
- ### Step 6: Determine Materiality — Topic by Topic
143
-
144
- Apply the materiality determination matrix:
145
-
146
- | ESRS Topic | Impact Material? | Financially Material? | Overall Materiality | Report? |
147
- |-----------|-----------------|----------------------|-------------------|---------|
148
- | E1 Climate | Yes (Scope 3 GHG) | Yes (carbon pricing risk) | **MATERIAL** | Full ESRS E1 |
149
- | E2 Pollution | No | No | Non-material | Omit (brief statement) |
150
- | E3 Water | Yes (operations in water-stressed area) | No | **MATERIAL** | Full ESRS E3 |
151
- | S1 Own Workforce | Yes | No | **MATERIAL** | Full ESRS S1 |
152
- | G1 Business Conduct | No | Yes (compliance risk) | **MATERIAL** | Full ESRS G1 |
153
-
154
- ---
155
-
156
- ### Step 7: Document the DMA (ESRS 2 SBM-3 + IRO-1)
157
-
158
- **Mandatory disclosures about the DMA process:**
159
-
160
- *ESRS 2 IRO-1 — Description of the process to identify and assess material IROs:*
161
- - Scope of assessment (own operations / value chain depth)
162
- - Methodology and criteria used
163
- - How stakeholders were engaged
164
- - Timeline and frequency of DMA
165
- - How the results inform strategy and reporting
166
-
167
- *ESRS 2 SBM-3 — Material impacts, risks and opportunities:*
168
- - Complete list of material topics identified
169
- - How material IROs interact with business model and strategy
170
- - Current and anticipated financial effects
171
-
172
- **Materiality Statement:** Brief explanation for each ESRS topic found non-material (why it was excluded).
173
-
174
- ---
175
-
176
- ### Step 8: Validate and Update
177
-
178
- - DMA must be updated at least annually
179
- - Trigger for mid-period review: significant business change, new regulation, emerging risk, stakeholder concern
180
- - Changes to materiality conclusions must be disclosed
181
-
182
- ---
183
-
184
- ## Sector-Specific Guidance
185
-
186
- ### High-Likelihood Material Topics by Sector
187
-
188
- | Sector | Typically Material |
189
- |--------|-------------------|
190
- | Energy / Utilities | E1 (Climate), E2 (Pollution), E3 (Water), G1 (Business Conduct) |
191
- | Financial Services | E1 (financed emissions), G1 (Business Conduct), S4 (Consumers) |
192
- | Manufacturing | E1 (GHG), E2 (Pollution), E5 (Circular Economy), S1 (Workforce), S2 (Value Chain) |
193
- | Retail / Consumer Goods | E1, E5 (packaging/waste), S2 (supply chain labour), S4 (consumers) |
194
- | Agriculture / Food | E3 (Water), E4 (Biodiversity), E2 (Pollution), S2 (Value Chain) |
195
- | Construction / Real Estate | E1 (building emissions), E5 (materials), E4 (land use), S3 (communities) |
196
- | Technology | S1 (Workforce), S4 (data protection/consumers), G1 (Business Conduct) |
197
- | Mining / Extractives | E1, E2, E3, E4, S3 (communities), G1 |
198
- | Healthcare / Pharma | S4 (consumers), S1 (workforce), G1 (business conduct), E1 |
199
-
200
- ---
201
-
202
- ## DMA Documentation Templates
203
-
204
- ### Impact Register Template
205
-
206
- | ID | ESRS Topic | Impact Description | Direction | Scope | Time Horizon | Scale (1-5) | Scope (1-5) | Irremediability (1-5) | Likelihood (1-5) | Severity Score | Material? |
207
- |----|-----------|-------------------|-----------|-------|-------------|------------|------------|----------------------|----------------|---------------|-----------|
208
- | I-001 | E1 | Scope 3 GHG emissions from product use | Negative | Downstream | Long-term | 5 | 5 | 4 | 5 | 500 | YES |
209
- | I-002 | S1 | Gender pay inequity among employees | Negative | Own ops | Short-term | 3 | 3 | 3 | 4 | 108 | YES |
210
- | I-003 | E4 | No operations near biodiversity areas | n/a | — | — | 1 | 1 | 1 | 1 | 1 | NO |
211
-
212
- ### Financial Risk/Opportunity Register Template
213
-
214
- | ID | ESRS Topic | Type | Description | Time Horizon | Magnitude | Likelihood | Financial Score | Material? |
215
- |----|-----------|------|-------------|-------------|-----------|-----------|----------------|-----------|
216
- | F-001 | E1 | Transition risk | EU ETS carbon costs increase | Short-medium | High | High | HIGH | YES |
217
- | F-002 | E3 | Physical risk | Water scarcity affects key plant | Long-term | Medium | Medium | MEDIUM | YES |
218
- | F-003 | S1 | Opportunity | ESG leader attracts talent | Short-term | Low | Medium | LOW | NO |
219
-
220
- ### DMA Summary Table
221
-
222
- | ESRS Standard | Topic | Impact Materiality | Financial Materiality | Overall Material | First Reporting Year |
223
- |--------------|-------|-------------------|----------------------|-----------------|---------------------|
224
- | E1 | Climate Change | ✓ | ✓ | ✓ | FY 2025 |
225
- | E2 | Pollution | ✗ | ✗ | ✗ | — |
226
- | E3 | Water & Marine | ✓ | ✓ | ✓ | FY 2025 |
227
- | E4 | Biodiversity | ✗ | ✗ | ✗ | — |
228
- | E5 | Circular Economy | ✓ | ✗ | ✓ | FY 2025 |
229
- | S1 | Own Workforce | ✓ | ✗ | ✓ | FY 2025 |
230
- | S2 | Value Chain Workers | ✓ | ✗ | ✓ | FY 2025 |
231
- | S3 | Communities | ✗ | ✗ | ✗ | — |
232
- | S4 | Consumers | ✗ | ✓ | ✓ | FY 2025 |
233
- | G1 | Business Conduct | ✓ | ✓ | ✓ | FY 2025 |
234
-
235
- ---
236
-
237
- ## Common DMA Pitfalls
238
-
239
- **1. Scope too narrow:** Limiting the DMA to own operations only; ESRS requires value chain consideration where material.
240
-
241
- **2. Stakeholder engagement inadequate:** Consulting only investors; ESRS requires engagement with affected stakeholders (workers, communities).
242
-
243
- **3. Financial materiality neglected:** Conducting only impact assessment; financial risks/opportunities must be assessed separately.
244
-
245
- **4. Thresholds not justified:** Setting arbitrary thresholds without documenting the rationale; thresholds must be disclosed in IRO-1.
246
-
247
- **5. DMA done retrospectively:** Completing the DMA after deciding what to report; the DMA must drive reporting decisions.
248
-
249
- **6. Over-exclusion:** Excluding topics from reporting without adequate justification; ESRS requires a brief explanation for excluded topics.
250
-
251
- **7. Static DMA:** Treating DMA as a one-time exercise; it must be reviewed at least annually.
252
-
253
- **8. Climate auto-excluded:** Climate change (E1) is presumed material for most companies; requires robust justification and strong evidence to exclude.
1
+ # Double Materiality Assessment (DMA) — Methodology and Templates
2
+
3
+ ## Overview
4
+
5
+ The Double Materiality Assessment is the mandatory first step in CSRD compliance (ESRS 1, paras. 19–56). Every in-scope company must complete a DMA before deciding which ESRS topical standards to report on. The DMA determines what is reported; it cannot be completed retrospectively.
6
+
7
+ ---
8
+
9
+ ## Two Perspectives Explained
10
+
11
+ ### 1. Impact Materiality (Inside-Out)
12
+ *Does the company have actual or potential impacts on people or the environment?*
13
+
14
+ **Scope:** Own operations + upstream and downstream value chain
15
+
16
+ **Actual impacts:** Currently occurring
17
+ **Potential impacts:** Could occur in the future (assess likelihood)
18
+
19
+ **Positive impacts:** Benefits to people or environment (e.g., jobs created, carbon sequestration)
20
+ **Negative impacts:** Harm to people or environment (e.g., pollution, unsafe working conditions)
21
+
22
+ **Significance assessment formula:**
23
+ - *Negative actual impacts:* Scale × Scope × Irremediability
24
+ - *Negative potential impacts:* Scale × Scope × Irremediability × Likelihood
25
+ - *Positive actual impacts:* Scale × Scope
26
+ - *Positive potential impacts:* Scale × Scope × Likelihood
27
+
28
+ **Definitions:**
29
+ | Criterion | Definition |
30
+ |-----------|-----------|
31
+ | Scale | Severity of the impact on people or environment |
32
+ | Scope | How widespread (number of people affected / geographic area) |
33
+ | Irremediability | Difficulty of restoring pre-impact state |
34
+ | Likelihood | Probability of potential impact occurring |
35
+
36
+ ### 2. Financial Materiality (Outside-In)
37
+ *Does the sustainability matter create risks or opportunities affecting the company's finances?*
38
+
39
+ **Financial effects include:** Revenue, costs, assets, liabilities, cash flows, access to finance, cost of capital
40
+
41
+ **Time horizons:** Short-term (<1 year), medium-term (1–5 years), long-term (>5 years)
42
+
43
+ **Assessment criteria:**
44
+ - Magnitude: How large could the financial effect be? (quantify where possible)
45
+ - Likelihood: How probable is the financial effect?
46
+
47
+ **Sources of financial risks and opportunities:**
48
+ - Physical risks (acute: extreme weather; chronic: temperature, sea-level)
49
+ - Transition risks (policy/regulation, technology, market, reputational)
50
+ - Opportunities (energy efficiency, new markets, brand value, talent attraction)
51
+
52
+ ### The Materiality Threshold
53
+ A topic is **material** if it meets EITHER the impact materiality threshold OR the financial materiality threshold (or both).
54
+
55
+ There is no prescribed numerical threshold — companies set their own thresholds, which must be justified and disclosed (ESRS 2 IRO-1).
56
+
57
+ ---
58
+
59
+ ## DMA Process — Step by Step
60
+
61
+ ### Step 1: Understand the Context (ESRS 1, para. 45)
62
+
63
+ **Activities:**
64
+ 1. Map the business model: products/services, markets, geographies
65
+ 2. Map the value chain: key suppliers (tier 1 and beyond), distribution, customers, end-users
66
+ 3. Identify the company's key activities, assets, and relationships
67
+ 4. Identify sector-specific sustainability risks using industry references (ESRS sector standards when published, SASB, GRI sector standards)
68
+
69
+ **Output:** Business context document / value chain map
70
+
71
+ ---
72
+
73
+ ### Step 2: Identify Actual and Potential Impacts (ESRS 1, paras. 46–48)
74
+
75
+ **Sources of impact identification:**
76
+ - Internal: operations review, incident data, management interviews
77
+ - External: stakeholder engagement, industry benchmarks, peer analysis, ESG ratings
78
+
79
+ **Stakeholder engagement (ESRS 1, para. 22):**
80
+ ESRS requires meaningful engagement with affected stakeholders and users of sustainability reporting. Stakeholders to engage:
81
+ - Workers (own and value chain)
82
+ - Local communities
83
+ - Customers / consumers
84
+ - NGOs and civil society
85
+ - Investors and financial institutions
86
+ - Regulators
87
+
88
+ **Output:** Long list of potential impacts per ESRS topic area
89
+
90
+ ---
91
+
92
+ ### Step 3: Assess Significance of Impacts
93
+
94
+ Rate each identified impact on each criterion using a 1–5 scale (or equivalent):
95
+
96
+ **Impact Scoring Matrix:**
97
+
98
+ | Score | Scale | Scope | Irremediability | Likelihood |
99
+ |-------|-------|-------|----------------|-----------|
100
+ | 1 | Minimal | Very local / few individuals | Easily remediable | Very unlikely (<5%) |
101
+ | 2 | Low | Local / small group | Mostly remediable | Unlikely (5–25%) |
102
+ | 3 | Moderate | Regional / significant group | Partially remediable | Possible (25–50%) |
103
+ | 4 | High | National / large group | Mostly irreversible | Likely (50–75%) |
104
+ | 5 | Severe | International / systemic | Irreversible | Very likely (>75%) |
105
+
106
+ **Severity score (negative actual):** Scale × Scope × Irremediability (max 125)
107
+ **Severity score (negative potential):** Scale × Scope × Irremediability × Likelihood (max 625)
108
+
109
+ **Materiality threshold:** Company-defined (example: severity ≥ 27 for actual impacts; ≥ 50 for potential impacts)
110
+
111
+ ---
112
+
113
+ ### Step 4: Identify Financial Risks and Opportunities
114
+
115
+ For each ESRS topic, assess whether there are associated financial risks or opportunities.
116
+
117
+ **Financial Risk/Opportunity Identification Template:**
118
+
119
+ | ESRS Topic | Risk/Opportunity Type | Description | Time Horizon | Potential Financial Effect |
120
+ |-----------|----------------------|-------------|-------------|--------------------------|
121
+ | Climate (E1) | Physical risk (acute) | Flooding of key manufacturing site | Short-term | Asset damage, business interruption |
122
+ | Climate (E1) | Transition risk | Carbon pricing increases operating costs | Medium-term | Higher fuel/energy costs |
123
+ | Water (E3) | Physical risk (chronic) | Water scarcity in production region | Long-term | Supply disruption, increased costs |
124
+ | Workforce (S1) | Opportunity | Employer brand attracts talent | Short-term | Lower recruitment costs, retention |
125
+
126
+ ---
127
+
128
+ ### Step 5: Assess Financial Significance
129
+
130
+ Rate identified risks/opportunities:
131
+
132
+ | Rating | Magnitude | Likelihood |
133
+ |--------|-----------|-----------|
134
+ | Low | <1% of EBITDA | <25% |
135
+ | Medium | 1–5% of EBITDA | 25–75% |
136
+ | High | >5% of EBITDA | >75% |
137
+
138
+ **Financial materiality score:** Magnitude × Likelihood → topic is financially material if score exceeds threshold.
139
+
140
+ ---
141
+
142
+ ### Step 6: Determine Materiality — Topic by Topic
143
+
144
+ Apply the materiality determination matrix:
145
+
146
+ | ESRS Topic | Impact Material? | Financially Material? | Overall Materiality | Report? |
147
+ |-----------|-----------------|----------------------|-------------------|---------|
148
+ | E1 Climate | Yes (Scope 3 GHG) | Yes (carbon pricing risk) | **MATERIAL** | Full ESRS E1 |
149
+ | E2 Pollution | No | No | Non-material | Omit (brief statement) |
150
+ | E3 Water | Yes (operations in water-stressed area) | No | **MATERIAL** | Full ESRS E3 |
151
+ | S1 Own Workforce | Yes | No | **MATERIAL** | Full ESRS S1 |
152
+ | G1 Business Conduct | No | Yes (compliance risk) | **MATERIAL** | Full ESRS G1 |
153
+
154
+ ---
155
+
156
+ ### Step 7: Document the DMA (ESRS 2 SBM-3 + IRO-1)
157
+
158
+ **Mandatory disclosures about the DMA process:**
159
+
160
+ *ESRS 2 IRO-1 — Description of the process to identify and assess material IROs:*
161
+ - Scope of assessment (own operations / value chain depth)
162
+ - Methodology and criteria used
163
+ - How stakeholders were engaged
164
+ - Timeline and frequency of DMA
165
+ - How the results inform strategy and reporting
166
+
167
+ *ESRS 2 SBM-3 — Material impacts, risks and opportunities:*
168
+ - Complete list of material topics identified
169
+ - How material IROs interact with business model and strategy
170
+ - Current and anticipated financial effects
171
+
172
+ **Materiality Statement:** Brief explanation for each ESRS topic found non-material (why it was excluded).
173
+
174
+ ---
175
+
176
+ ### Step 8: Validate and Update
177
+
178
+ - DMA must be updated at least annually
179
+ - Trigger for mid-period review: significant business change, new regulation, emerging risk, stakeholder concern
180
+ - Changes to materiality conclusions must be disclosed
181
+
182
+ ---
183
+
184
+ ## Sector-Specific Guidance
185
+
186
+ ### High-Likelihood Material Topics by Sector
187
+
188
+ | Sector | Typically Material |
189
+ |--------|-------------------|
190
+ | Energy / Utilities | E1 (Climate), E2 (Pollution), E3 (Water), G1 (Business Conduct) |
191
+ | Financial Services | E1 (financed emissions), G1 (Business Conduct), S4 (Consumers) |
192
+ | Manufacturing | E1 (GHG), E2 (Pollution), E5 (Circular Economy), S1 (Workforce), S2 (Value Chain) |
193
+ | Retail / Consumer Goods | E1, E5 (packaging/waste), S2 (supply chain labour), S4 (consumers) |
194
+ | Agriculture / Food | E3 (Water), E4 (Biodiversity), E2 (Pollution), S2 (Value Chain) |
195
+ | Construction / Real Estate | E1 (building emissions), E5 (materials), E4 (land use), S3 (communities) |
196
+ | Technology | S1 (Workforce), S4 (data protection/consumers), G1 (Business Conduct) |
197
+ | Mining / Extractives | E1, E2, E3, E4, S3 (communities), G1 |
198
+ | Healthcare / Pharma | S4 (consumers), S1 (workforce), G1 (business conduct), E1 |
199
+
200
+ ---
201
+
202
+ ## DMA Documentation Templates
203
+
204
+ ### Impact Register Template
205
+
206
+ | ID | ESRS Topic | Impact Description | Direction | Scope | Time Horizon | Scale (1-5) | Scope (1-5) | Irremediability (1-5) | Likelihood (1-5) | Severity Score | Material? |
207
+ |----|-----------|-------------------|-----------|-------|-------------|------------|------------|----------------------|----------------|---------------|-----------|
208
+ | I-001 | E1 | Scope 3 GHG emissions from product use | Negative | Downstream | Long-term | 5 | 5 | 4 | 5 | 500 | YES |
209
+ | I-002 | S1 | Gender pay inequity among employees | Negative | Own ops | Short-term | 3 | 3 | 3 | 4 | 108 | YES |
210
+ | I-003 | E4 | No operations near biodiversity areas | n/a | — | — | 1 | 1 | 1 | 1 | 1 | NO |
211
+
212
+ ### Financial Risk/Opportunity Register Template
213
+
214
+ | ID | ESRS Topic | Type | Description | Time Horizon | Magnitude | Likelihood | Financial Score | Material? |
215
+ |----|-----------|------|-------------|-------------|-----------|-----------|----------------|-----------|
216
+ | F-001 | E1 | Transition risk | EU ETS carbon costs increase | Short-medium | High | High | HIGH | YES |
217
+ | F-002 | E3 | Physical risk | Water scarcity affects key plant | Long-term | Medium | Medium | MEDIUM | YES |
218
+ | F-003 | S1 | Opportunity | ESG leader attracts talent | Short-term | Low | Medium | LOW | NO |
219
+
220
+ ### DMA Summary Table
221
+
222
+ | ESRS Standard | Topic | Impact Materiality | Financial Materiality | Overall Material | First Reporting Year |
223
+ |--------------|-------|-------------------|----------------------|-----------------|---------------------|
224
+ | E1 | Climate Change | ✓ | ✓ | ✓ | FY 2025 |
225
+ | E2 | Pollution | ✗ | ✗ | ✗ | — |
226
+ | E3 | Water & Marine | ✓ | ✓ | ✓ | FY 2025 |
227
+ | E4 | Biodiversity | ✗ | ✗ | ✗ | — |
228
+ | E5 | Circular Economy | ✓ | ✗ | ✓ | FY 2025 |
229
+ | S1 | Own Workforce | ✓ | ✗ | ✓ | FY 2025 |
230
+ | S2 | Value Chain Workers | ✓ | ✗ | ✓ | FY 2025 |
231
+ | S3 | Communities | ✗ | ✗ | ✗ | — |
232
+ | S4 | Consumers | ✗ | ✓ | ✓ | FY 2025 |
233
+ | G1 | Business Conduct | ✓ | ✓ | ✓ | FY 2025 |
234
+
235
+ ---
236
+
237
+ ## Common DMA Pitfalls
238
+
239
+ **1. Scope too narrow:** Limiting the DMA to own operations only; ESRS requires value chain consideration where material.
240
+
241
+ **2. Stakeholder engagement inadequate:** Consulting only investors; ESRS requires engagement with affected stakeholders (workers, communities).
242
+
243
+ **3. Financial materiality neglected:** Conducting only impact assessment; financial risks/opportunities must be assessed separately.
244
+
245
+ **4. Thresholds not justified:** Setting arbitrary thresholds without documenting the rationale; thresholds must be disclosed in IRO-1.
246
+
247
+ **5. DMA done retrospectively:** Completing the DMA after deciding what to report; the DMA must drive reporting decisions.
248
+
249
+ **6. Over-exclusion:** Excluding topics from reporting without adequate justification; ESRS requires a brief explanation for excluded topics.
250
+
251
+ **7. Static DMA:** Treating DMA as a one-time exercise; it must be reviewed at least annually.
252
+
253
+ **8. Climate auto-excluded:** Climate change (E1) is presumed material for most companies; requires robust justification and strong evidence to exclude.