From January 2026, large financial institutions will have to address ESG risks as part of their risk management, as the new EBA guidelines require institutions to take ESG risks into account when granting loans. For medium-sized companies, this means that without reliable ESG data, financing could become more complicated and potentially more expensive. We outline how you can systematically prepare now and the importance of the VSME standard in this process.
Until now, financial institutions have asked about CO₂ emissions, energy consumption and supply chains – but the answers have rarely had any impact on the conditions of loans. However, this could change in the coming year: on 11 January 2026, the new EBA guidelines (Guidelines on the management of ESG risks of the European Banking Authority (EBA/GL/2025/01)) will come into force for many banks. Only small and non-complex institutions will be required to apply the new guidelines from 11 January 2027. EBA-Leitlinien (Guidelines on the management of ESG risks der European Banking Authority (EBA/GL/2025/01)) für viele Banken in Kraft. Lediglich kleine und nicht komplexe Institute sind erst ab dem 11. Januar 2027 zur Anwendung der neuen Leitlinien verpflichtet.
The new guidelines require financial institutions to incorporate ESG risks into all risk management processes – from lending and portfolio management to reporting. Even though BaFin grants certain concessions to smaller institutions, the trend is clear: in future, banks will no longer simply request ESG data, but will actively evaluate it and integrate it into their decisions. This puts sustainability factors at the heart of lending policy. Although no set of rules explicitly stipulates that lending terms must automatically change, in practice the assessment of ESG risks will increasingly influence credit decisions, risk premiums and financing costs. Our discussions with banks also show that financial institutions are already going one step further and in some cases even excluding companies with high ESG risks from accepting new customers. Sustainability is thus finally becoming a decisive factor in access to capital.
What this means for companies in concrete terms
Requirements are becoming more detailed and risk-oriented. Whereas simple self-disclosures were often sufficient in the past, financial institutions will increasingly expect more structured ESG data such as CO₂ emissions (Scope 1, 2, and possibly 3), energy consumption and dependence on fossil fuels, depending on the risk profile. In addition, there will be sustainability strategies with specific targets for CO₂ reduction and risk assessments (e.g. climate risks) – for example, the risk of flooding or drought, but also transition risks due to changes in legislation or technological change. The supply chain is also coming into focus: what social and environmental risks exist in the value chain?
Those who cannot provide this data may face consequences: stricter credit checks, higher risk premiums or, in the worst case, rejection of financing.
A fictional example: what could change in concrete terms
Let's take the fictitious Müller GmbH, a mechanical engineering company with around 250 employees. Until now, credit discussions have revolved around balance sheets, profit and loss statements and collateral. ESG issues? At most, a brief look at energy management for larger loans.
From 2026, this will change. Financial institutions will have to identify ESG risks in their loan portfolios and report them to supervisory authorities and internally – and to do so, they will need data from Müller GmbH.
The questions will become more specific: "Please disclose your direct and indirect greenhouse gas emissions (Scope 1–3)." Or: "What is your annual energy consumption, broken down by energy source?" Supply chains are also coming into focus: "Do you have information about the ESG risks of your most important suppliers?" Geographical risks are becoming relevant: "Are your production facilities located in areas with an increased risk of flooding?" And finally: "Do you have specific targets for reducing emissions or improving resource efficiency?"
Without organised ESG data management, Müller GmbH cannot answer these questions. The bank classifies the company as high risk. This could lead to higher interest rates or, in extreme cases, to a loan being refused. Conversely, with reliable ESG data, the company could obtain more favourable terms because the bank can assess it as lower risk.
Why financial institutions need to be stricter
The EBA guidelines are not a voluntary initiative, but are based on EU requirements. In future, large financial institutions will have to demonstrate how they systematically identify and measure ESG risks and integrate them into their strategies, processes and credit decisions – including scenario analyses and traceable data collection. For large institutions, the European Central Bank (ECB) will monitor the implementation of these requirements from 2026 onwards as part of its supervisory and audit processes.
In Germany, BaFin does not intend to apply the guidelines in full to smaller institutions. However, the general requirements have long been enshrined in the MaRisk (minimum requirements for risk management). Smaller banks are also increasingly integrating ESG criteria into their lending processes.
The additional costs for banks are considerable – and they have to pass them on to their borrowers. The collection of ESG data is becoming standard practice, and its evaluation is becoming more professional and consistent.
What you should do now: The VSME standard as strategic preparation
Small and medium-sized companies face the challenge of providing reliable ESG data – without getting lost in bureaucracy. The time until January 2026 is running out. Most importantly, determine your status quo. What ESG data do you already have, and where is data still missing? Talk to your bank early on and clarify what specific requirements you will face. Then it's time to start building systematically: establish processes for regular data collection. And if you notice that the complexity is increasing, get support. Professional assistance pays off.
The VSME standard (Voluntary Sustainability Reporting Standard for non-listed SMEs) is a good basis for this. It was drafted by EFRAG (European Financial Reporting Advisory Group) on behalf of the European Commission and officially recommended for SMEs by the Commission in July 2025. Large companies and financial institutions are also advised to rely as far as possible on the voluntary standard when requesting sustainability information from SMEs. The voluntary standard focuses on the key ESG issues and provides clear guidelines on what data should be collected. The advantage: the VSME structure covers most of the typical information requirements of financial institutions. Those who get involved now and systematically collect their ESG data will be able to respond confidently to bank enquiries. This saves time in specific financing situations and secures long-term financing capacity. In addition, standardised reporting creates trust – not only among financial institutions, but also among other stakeholders.
The EBA guidelines are less of a burden than an opportunity. Companies that understand ESG data as a strategic asset and systematically build it up have an advantage when it comes to financing. You should set the course now.
