Insight: What are the needs of SMEs in the automotive industry in the

About the Authors and This Research

Tova Karlsson and Märta-Louise Söderberg conducted this study with a focus on supply chain sustainability governance and SME capacity building, publishing through arXiv in 2024. Their research fills a significant knowledge gap in the academic literature: while much CSRD scholarship focuses on large listed companies that are directly regulated, this study investigates the indirect effects on the non-listed SME subcontractors that form the backbone of industrial supply chains. The Swedish automotive sector—home to globally recognized brands such as Volvo and Scania—provides an ideal research context, as these OEMs are among the first wave of enterprises directly subject to CSRD mandatory reporting. The study's qualitative methodology, drawing on interviews with SME managers and document analysis, yields granular insights into operational realities that quantitative studies often miss.

The study's relevance to Taiwan cannot be overstated. Taiwan's automotive electronics and component manufacturers occupy a structurally similar position to the Swedish SMEs studied: they are Tier 2 or Tier 3 subcontractors supplying European and Japanese OEMs that face mandatory sustainability disclosure obligations. The "regulatory ripple effect" documented in this study is already beginning to affect Taiwanese suppliers through customer audit questionnaires and procurement sustainability requirements.

Five Critical Needs of Automotive SMEs Under CSRD: Core Research Findings

The study's central finding is that while CSRD does not directly regulate non-listed SMEs, its Scope 3 disclosure requirements create a powerful indirect information demand that filters down the value chain. The research identifies five key needs that SMEs must address to maintain their competitive position in the automotive supply chain.

Finding 1: Scope 3 CO2 Emissions Data Is the Most Urgent Capability Gap

The study found that customer demands for Scope 3 emissions data—particularly at the product level—represent the most pressing and rapidly escalating requirement for SME subcontractors. Most interviewed companies lack automated data collection systems and rely on manual spreadsheets, resulting in inconsistent data quality and calculation methodologies. The study specifically notes that while the GHG Protocol is the internationally recognized standard for emissions accounting, its adoption among the studied SMEs remains insufficient. For Taiwanese automotive electronics suppliers, this translates directly into customer audit risk: if carbon data cannot be delivered with sufficient accuracy and consistency, supplier qualification status may be at risk during OEM sustainability audits.

Finding 2: Organizational Structure and Resource Constraints Are Systemic Barriers

Perhaps the most important structural finding is that the primary barrier to CSRD compliance readiness is not technical but organizational. The studied SMEs typically lack dedicated sustainability personnel; sustainability responsibilities are added to existing employees' workloads on an ad hoc basis. This creates systemic quality inconsistency in sustainability reporting. From a COSO ERM perspective, this organizational fragmentation constitutes a measurable "compliance capability risk" that should be formally tracked in the enterprise risk register. The study recommends that SMEs invest in improved organizational structures—a recommendation that aligns directly with COSO ERM's emphasis on the Control Environment component.

Finding 3: Absence of Industry-Level Standardization Amplifies Individual Compliance Costs

The study documents a significant market failure: without standardized industry-level systems for sustainability data reporting, each SME must respond to varying and sometimes conflicting requirements from different customers. This multiplies compliance costs and administrative burdens far beyond what a single standardized system would require. The researchers found strong demand among SMEs for harmonized data formats and calculation methodologies—a finding that validates the design rationale of the Voluntary SME Sustainability Reporting Standard (VSME) developed by EFRAG, which aims to provide simplified, modular frameworks that reduce individual compliance costs.

Implications for Taiwanese Enterprise Risk Management (ERM) Practice

The research findings translate into a clear set of risk management imperatives for Taiwanese enterprises operating in global automotive supply chains. Under the ISO 31000 framework, the "regulatory ripple effect" documented in this study represents a material change in external context that must trigger a systematic risk reassessment. ISO 31000 Clause 5.4 requires organizations to establish the external context of their risk management process, and CSRD's expanding scope—including Japan's FSA requirement for companies with market capitalization exceeding 1 trillion yen to disclose sustainability information from the fiscal year ending March 2027—constitutes exactly the kind of regulatory environment shift that demands proactive risk identification.

Under COSO ERM's five components framework, the study's findings map directly onto the Risk Assessment and Risk Response components. Taiwanese automotive SMEs should treat "CSRD indirect compliance risk" as a formal risk category, assign it a probability-impact score using a structured risk matrix, and select an appropriate risk response strategy from the four options: accept, avoid, reduce, or share. The evidence from this study strongly suggests that a "reduce" strategy—investing in automated carbon data systems and GHG Protocol-aligned reporting capabilities—offers the best risk-adjusted return for most Taiwanese suppliers in this sector.

It is worth noting a methodological limitation of this study: the Swedish context involves labor market structures and sustainability education levels that differ from Taiwan. Swedish SMEs may have greater access to sustainability-trained graduates and government support programs than their Taiwanese counterparts. However, this difference arguably makes the urgency higher for Taiwanese companies, not lower—the capability gap may be more significant, requiring earlier and more deliberate action.

How Winners Consulting Services Co. Ltd. Helps Taiwanese Enterprises

積穗科研股份有限公司（Winners Consulting Services Co. Ltd.）provides integrated ISO 31000 and COSO ERM implementation services tailored to the specific compliance challenges facing Taiwanese automotive supply chain enterprises. Our approach translates the research findings of Karlsson and Söderberg directly into operational risk management actions.

1. ISO 31000 Gap Diagnosis for Supply Chain Compliance Risk (complete within 3 months): Systematically map existing carbon data collection processes against GHG Protocol Scope 3 requirements, identify organizational capability gaps, and produce a structured risk register with probability-impact scores using our proprietary risk matrix methodology.
2. KRI Design for CSRD Indirect Requirements Monitoring: Design a minimum of 5 Key Risk Indicators covering customer audit requirement change frequency, Scope 3 data submission accuracy rates, sustainability reporting response timelines, and supplier qualification risk scores. Integrate KRI reporting into quarterly board-level risk governance cycles.
3. Automated Carbon Data Management System Roadmap: Assess existing ERP system integration capabilities, design an automation upgrade pathway aligned with GHG Protocol standards, and establish product-level carbon footprint calculation capabilities meeting customer audit thresholds by end of 2026.

Frequently Asked Questions (English)

If our Taiwanese company is not directly subject to CSRD, do we still need to worry about Scope 3 emissions disclosure?

Yes—and this is the central finding of Karlsson and Söderberg (2024). CSRD's mandatory Scope 3 disclosure requirements for large listed companies create indirect information demands that cascade down supply chains to non-listed SME subcontractors. If your major customers are European OEMs or Japanese manufacturers with market capitalization exceeding 1 trillion yen (subject to Japan FSA requirements from March 2027), you will face increasing sustainability data requests regardless of your own regulatory status. ISO 31000 requires organizations to monitor their external context continuously; this regulatory ripple effect is precisely the kind of emerging risk that must be identified and assessed in your enterprise risk register. We recommend completing a Scope 3 capability gap analysis by end of 2025.

What are the most common CSRD supply chain compliance challenges for Taiwanese SMEs implementing ISO 31000?

The most common dual challenge is inadequate data quality combined with organizational capability gaps—exactly what this study documents in the Swedish context. Under ISO 31000's risk assessment requirements, organizations must have credible data to support risk identification and evaluation; manual spreadsheet-based carbon accounting fails this standard. Under COSO ERM's Control Environment component, the lack of dedicated sustainability personnel creates systemic control weaknesses. The recommended solution path is: first establish external context under ISO 31000 Clause 5.4 by documenting specific GHG Protocol requirements from key customers; then design risk response mechanisms and KRI tracking systems that provide board-level visibility into compliance readiness.

What is the realistic timeline and process for implementing ISO 31000 for CSRD supply chain compliance?

Based on Winners Consulting's implementation experience, a three-phase timeline of 7 to 12 months is realistic for most Taiwanese SMEs. Phase 1 (months 1–3): Current state diagnosis, including process mapping, GHG Protocol gap analysis, and initial risk register development. Phase 2 (months 4–6): Mechanism design, including ISO 31000-aligned risk management architecture, Scope 3 data collection standard operating procedures, and KRI dashboard implementation. Phase 3 (months 7–12): Full implementation, staff training, system go-live, and first board-level risk report rehearsal. This timeline ensures basic compliance capabilities are in place before most major customer audit cycles.

How should we assess the investment required for automated carbon data management systems?

Karlsson and Söderberg (2024) identify investment in automated data management systems as one of five essential needs for SMEs facing CSRD indirect requirements. The risk management perspective is clear: the opportunity cost of under-investment—potential loss of supplier qualification status with major OEM customers—significantly exceeds typical system implementation costs. For medium-sized Taiwanese suppliers (200–500 employees), initial investment in basic carbon data automation typically ranges from NTD 1 million to NTD 3 million, while delivering measurable improvements in customer audit pass rates. We recommend quantifying the "under-investment risk" using an ISO 31000-aligned probability-impact matrix before finalizing system specifications and investment priorities.

Why choose Winners Consulting Services Co. Ltd. for ERM and CSRD supply chain compliance?

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) brings integrated expertise in ISO 31000 and COSO ERM implementation specifically applied to sustainability compliance challenges facing Taiwanese enterprises. Our consultants are fluent in both the technical requirements of CSRD, SSBJ, and GHG Protocol standards and the operational realities of Taiwanese manufacturing SMEs. We deliver structured 7-to-12-month ERM implementation programs that produce measurable compliance outcomes—not generic frameworks. Our approach begins with a complimentary diagnostic that identifies your highest-priority supply chain compliance risks, ensuring every consulting engagement delivers quantifiable value aligned to your customer audit requirements.

日本語版

積穗科研股份有限公司（Winners Consulting Services Co. Ltd.）は、EUの企業サステナビリティ報告指令（CSRD）が自動車サプライチェーン全体に間接的なコンプライアンス圧力を生み出していることを明らかにした2024年の重要研究に注目します。KarlssonとSöderbergによる本研究は、スウェーデンの自動車産業における中小企業分包業者を対象に、CSRD時代の中小企業が直面する情報開示要件と組織能力ニーズを詳細に分析しており、日系顧客を持つ台湾企業のERM（企業リスク管理）実務に対して直接的な示唆を提供しています。