Key Considerations for the 2026 Annual Reporting Season for Foreign Private Issuers

This is the first annual reporting season in recent years in which there are no new disclosure requirements compared to the prior year. Nevertheless, a shift in focus by institutional investors and different SEC priorities under the Trump administration require a change in approach to a number of key disclosures. This alert discusses ESG, AI, cybersecurity, DEI and general drafting considerations for the annual reporting season, proxy advisor policy updates and the shifting proxy advisor environment through the lens of a foreign private issuer. It also highlights what to expect from the evolving legislative and regulatory landscape during 2026.

Drafting Considerations

US-Facing Disclosures on Environmental or Social Factors

We anticipate the 2026 annual reporting season will follow the trend that started last year in the United States of a broad shift away from climate and “ESG”-related reporting, with many (although not all) companies generally concluding that most disclosures on those topics are not material for the purposes of their annual reports and providing only legally mandated disclosures in the annual report and in other locations, such as corporate websites and separate sustainability/impact reports. While Europe continues to pursue a detailed ESG reporting agenda (see “Omnibus I” below), companies subject to U.S. reporting obligations should ensure that any non-mandated disclosures arising out of or in connection with environmental or social matters are limited, clear and, where practicable, linked to the financial interests of shareholders. Development of any such disclosures is typically conducted with advice from lawyers and economists/consultants.

Beyond SEC reports, companies must contend with environmental disclosures required by state regulations, to the extent applicable. Although a company may be outside the scope of the laws, it is possible that U.S.-based subsidiaries may be impacted:

• California is moving forward with the implementation of SB 253 (the California Climate Corporate Data Accountability Act) and SB 261 (the Climate-Related Financial Risks Act).[1] Both laws are currently being challenged by a business coalition in the Ninth Circuit, which granted a preliminary injunction to suspend enforcement of SB 261. SB 253’s first reporting requirement is scheduled to come into effect on Aug. 10. The California Air Resources Board (CARB) also released draft reporting templates[2] and guidance in October 2025, as well as a preliminary draft list of in-scope entities. CARB released draft regulations for certain aspects of SB 253 and SB 261, and additional regulations to clarify other aspects of these news laws are expected but have not yet been released. A public meeting hosted by CARB is scheduled for Feb. 27.
• California has already implemented AB 1305, the Voluntary Carbon Market Disclosures Act, which mandates public disclosures that trigger when a company makes claims of achievement of “net-zero”, “carbon neutrality” or claims of “significant reductions” of greenhouse gas (GHG) emissions, as well as disclosures relating to the buying, selling and marketing of carbon credits.
• Other states proposed similar climate-related disclosure rules in 2025, including New York (S.B. 3456), Colorado (H.B. 25-1119), New Jersey (S.B. 4117) and Illinois (H.B. 3673). On Dec. 1, 2025, New York issued its final regulations requiring GHG reporting disclosures starting in 2027 from carbon-intensive businesses located or operating in New York capturing 2026 emissions. While narrower than California’s climate disclosure laws and impacting only specific high emissions sectors, the New York regulations are another indication that some states with Democratic party majorities will seek to mandate climate disclosures in the future.
• In step with the broader trend against disclosures relating to environmental factors, the U.S. Environmental Protection Agency proposed a rule that effectively ends the Greenhouse Gas Reporting program and announced plans to rescind some greenhouse gas reporting requirements under the Clean Air Act.

Companies will need to continue tracking these disparate disclosure obligations, in addition to any other jurisdiction-specific requirements, and publish them in the location that achieves the best outcome for the company (e.g., corporate website, sustainability/impact report, etc.).

EU-Facing Disclosures on Environmental or Social Factors

In a strategic pivot aimed at bolstering EU competitiveness and reducing administrative friction, EU institutions formally approved the “Omnibus I” package in mid-Dec. 2025. This landmark package narrows the scope of companies captured by the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD).

The CSRD is a mandatory EU regulatory framework for disclosure, measurement and reporting on the sustainability performance of a company. Among other requirements, the CSRD requires a “double materiality” assessment, whereby businesses must disclose both “financial materiality” (how sustainability affects the company’s finances) and “impact materiality” (how the company impacts people and the environment). CSDDD is closely linked to CSRD and requires large companies to undertake due diligence to identify and remediate negative human rights and environmental impacts in downstream and upstream operations and supply chains.

For companies with a presence or significant exposure to Europe, the Omnibus I package delivers:

1. A reduction in scope of both CSRD and CSDDD while still mandating detailed disclosures on environmental and social factors compared to other markets.
2. Simplification of the reporting mechanics.

Furthermore, the CSDDD’s controversial requirement for undertakings to create and implement a climate transition plan was deleted in its entirety.

Companies with subsidiaries that will be in scope of the rules from Jan. 1, 2027, should ensure that these subsidiaries develop a compliance plan in 2026 to enable compliance with those EU regulatory reporting obligations. For details of the qualification criteria and a fuller summary of the reforms please see our client alert.

AI

SEC Chairman Paul Atkins recently remarked, “Our principles-based rules were intentionally designed to allow companies to inform investors of material impacts of any new development, including how AI affects their financial results, how AI can be a material risk factor to an investment, and how AI is a material aspect of their business model.” In line with his general goal of streamlining required disclosures, Chairman Atkins indicated that he does not currently see a need for the development of AI-specific disclosure rules.

As a result, in preparing its Form 20-F, a company should consider how its use of AI fits into the existing disclosure framework and focus on accurately describing its AI capabilities, avoiding hyperbolic disclosure or claims that AI is more advanced, capable, autonomous or proprietary than it is. The discussion should consider how the technology could improve the company’s results of operations, financial condition and future prospects. Descriptions of future AI prospects should be limited to those with an underlying reasonable basis. In addition to accurately describing the AI and its use and capabilities, disclosure should include a discussion of risks associated with the use of AI and limitations of AI tools. All disclosure should be tailored and specific rather than boilerplate and should be commensurate with its underlying materiality to the company.

More than just drawing an SEC comment, “AI-washing” can give rise to enforcement. In April 2025, the SEC brought its first AI-washing enforcement action under the Trump administration against Albert Saniger, the founder and former CEO of Nate, Inc., a privately held technology startup, alleging that Saniger violated Section 17(a) of the Securities Act, Rule 10(b) of the Exchange Act and Rule 10b5-1 thereunder through misrepresenting to investors the extent of AI integration into the company’s app.[3]

Cybersecurity

Companies are now accustomed to their disclosure obligations under the SEC’s cybersecurity disclosure regime adopted in 2023 but should nevertheless review their Item 16K disclosure with a critical eye.[4] These disclosures are intended to provide investors insight into companies’ cybersecurity risk management and strategy as well as governance oversight, which in turn inform whether a company is reasonably disclosing cybersecurity risks.

The SEC has issued a limited number of cybersecurity-related comments, generally focused on ensuring companies’ technical compliance with the rule. When drafting Item 16K disclosures, companies should ensure they disclose the relevant experience of each member of senior management (i.e., members of an information security oversight committee) responsible for assessing and managing material risks from cybersecurity threats, not just the relevant experience of their chief information security officer, and be sure to include disclosure responsive to each subsection of Item 16-K(b) to avoid drawing a comment.[5]

In addition, some companies are going beyond the items specifically delineated by the SEC to incorporate responses applicable to the Governance QualityScore issued by ISS (e.g., whether they have information security risk insurance, how many directors have information security skills and whether the company experienced an information security breach in the last three years).

Annual reporting season also provides a good time for a company to review what “materiality” means for the company. As a reminder, in determining materiality, the SEC instructed public companies to evaluate both quantitative and qualitative factors, considering immediate fallout and any longer-term effects on its operations, customer relationships, financial impact, reputational or brand perception, and the potential for litigation or regulatory action.[6] ^{/ [7]}

DEI

There was a contraction in DEI-related disclosure in the 2025 annual reporting season with companies reducing or reframing disclosure to focus on terms such as “belonging,” “inclusion,” or “equal opportunity,” instead of “diversity” and “equality,” and pivoting to more explicit emphasis on merit-based decision-making practices. Now that companies have had a chance to gauge investor reaction and to benefit from their peers’ 2025 annual disclosure, we expect that many companies will continue to move away from DEI-related disclosures in their Form 20-Fs and standalone ESG report.

Counsel should carefully review any disclosures to ensure that they comply with legal requirements and align with company programs and policies. Consideration should be given to feedback from shareholders, recent court decisions, a shift in U.S. federal strategy regarding enforcement of antidiscrimination laws and the threat of shareholder litigation.[8] To the extent that DEI-disclosures are mandated by jurisdiction-specific requirements, companies can consider providing a clarifying explanation to manage investor impact.

Other Macro Trends

Companies should keep in mind the following pertinent matters and reflect any necessary changes throughout their annual report:

• U.S. Government Shutdown: What impact did the extended duration and uncertainty of the recent U.S. government shutdown have on the company’s operations, if any? Is the prospect of future prolonged U.S. government shutdowns and full scope of related impacts adequately accounted for in the company’s risk factor and Item 5 discussion?
• Tariffs: Throughout 2025, U.S. trade policy fluctuated, introducing a myriad of new challenges from increased costs of goods to interruptions in supply chains and changes in consumer sentiment. Companies should continue to assess the impact of the shift in U.S. trade policy and tariffs on their Items 4 and 5 disclosures, risk factors and financial statements.
• Geopolitical Conflict: Though changing in scope, ongoing geopolitical conflict is a well-worn disclosure topic. As companies review their existing disclosure regarding geopolitical risks, not only should they consider updates related to the protracted nature of the Russia/Ukraine conflict and the evolving conflict in the Middle East but also should consider the potential impacts of U.S. military action in South America.

Proxy Advisor Policy Updates

As companies develop their disclosures and consider any policy changes for 2026, they should keep in mind ISS’ and Glass Lewis’ jurisdiction-specific guidelines, in light of their potential impact on investor sentiment.

In their respective U.S. guidelines, neither ISS nor Glass Lewis changed their approach toward board diversity disclosures for the 2026 proxy season. For a second year, ISS will not take diversity factors into account in its voting recommendations while Glass Lewis will continue to flag if its recommendations for director election proposals are based on, at least in part, diversity considerations and offer an alternative recommendation not taking into account diversity considerations. Foreign private issuers should review the relevant ISS and Glass Lewis guidelines that apply to them.

The Shifting Proxy Advisor Environment

ISS and Glass Lewis have both announced important changes to their business models that will impact the 2026 proxy season and could impact investor sentiment for all companies:

• Glass Lewis. 2026 will be the last year in which Glass Lewis issues single proxy research reports that include vote recommendations and analysis based on “in-house” proxy voting guidelines. Starting in 2027, Glass Lewis will issue separate research reports covering a given company, reflecting the multiple viewpoints of its clients. When announcing this shift, CEO Bob Mann stated, “[a]s institutional investors take increasingly different approaches to voting preferences, the traditional one-size-fits-all model of proxy advice no longer meets the needs of a diverse client base. Instead, investors want proxy voting frameworks and guidance that reflect their own unique investment strategies, stewardship goals and voting preferences.” By 2028, Glass Lewis commits to moving all clients to custom voting advice, aligned with their needs. Furthermore, Glass Lewis announced that it will register as an investment adviser.
• ISS. ISS will continue to issue its proxy research report and voting recommendations, but has introduced two new products, Gov360 and Custom Lens. Gov360 will provide research reports divorced from voting recommendations, and Custom Lens will enable customers to customize research reports based on their proprietary voting policies. ISS is already a registered investment adviser.

There are a number of legislative, executive and judicial actions pending or being considered that may also impact proxy advisors’ business model and approach in the coming year (likely after proxy season):

• Federal: Recent administrations, both Republican and Democratic, have sought to regulate proxy advisors over the past decade through SEC rulemaking and guidance. In Dec. 2025, President Trump issued an executive order outlining a multi-pronged approach to curtail proxy advisors’ influence through rule making and enforcement by the SEC, Federal Trade Commission (FTC) and Department of Labor. There are also multiple bills pending in Congress that seek to regulate proxy advisors. For example, the Corporate Governance Fairness Act would require “major” proxy advisory firms to register as investment advisers under the Investment Advisers Act of 1940, H.R. 3402 would require institutional investment managers to file an annual report with the SEC disclosing certain information when they engage with proxy advisory firms and the Stopping Proxy Advisor Racketeering Act would amend the Exchange Act to prohibit proxy advisory firms from providing advice if they have a conflict of interest. It was reported in Nov. 2025 that the FTC launched an investigation into whether ISS and Glass Lewis violated antitrust laws, with the FTC focused on the firms’ competitive practices and guidance on DEI and ESG issues.
• State: A number of states including Arkansas, Florida, Kansas, Oklahoma and West Virginia have adopted laws regulating how state entities vote their interests in public company investments, limiting what information (like proxy advisor recommendations) can be taken into account.

Texas has gone further with the signing into law in June 2025 of Senate Bill 2337, which regulates proxy advisors providing voting recommendations or other proxy advisory services to public companies headquartered or incorporated in, or redomesticating to, Texas. The law imposes mandatory disclosure and other obligations on proxy advisory services “not provided solely in the financial interest of the shareholders,” including advice based on ESG or DEI factors, and recommendations that are inconsistent with a board’s recommendation. The law is currently stayed pending judicial review.[9]

In July, the Missouri Attorney General launched an investigation into and filed lawsuits against ISS and Glass Lewis seeking compliance with demands for information regarding their promotion of “radical” ESG and DEI agendas. In Sept. 2025, the Texas Attorney General announced its investigation of Glass Lewis and ISS alleging their potential misdirection of investors and public companies through prioritizing “radical political agendas” over “sound financial principles.” In Nov. 2025, the Florida Attorney General filed an enforcement action against ISS and Glass Lewis alleging that the firms misled Florida consumers, used their influence to impose an ESG agenda and agreed to move in lockstep to prevent competition.

• Recent Court Decision: In July 2025, the U.S. Court of Appeals for the District of Columbia Circuit ended more than five years of uncertainty and confusion by ruling that proxy voting advice issued by proxy advisors is not a “solicitation” under the Exchange Act. Absent an appeal to the Supreme Court, the court’s decision effectively ends the SEC’s long-running regulatory effort to hold proxy advisors accountable based on the theory that their recommendations constitute a “solicitation” under the proxy solicitation provisions of the Exchange Act.

Reminders

There are a few additional housekeeping items companies should add to their list this year.

• SOX Certifications: Principal executive and financial officers are required to certify annual and quarterly reports pursuant to Sections 302 and 906 of the Sarbanes-Oxley Act. In the SEC’s 2024 AI Use Case Inventory it revealed that it plans to use AI to help identify non-compliant Section 302 certifications. Companies should review their SOX certifications to ensure the language matches the statute to avoid drawing an SEC comment.
• XBRL Tagging: The SEC made an announcement in July 2025 reminding reporting companies to ensure proper scaling of public float figures in XBRL tagging and to check for consistency between the date reported and the date tagged. Companies should be sure that their public float figures are accurately tagged, particularly if they elect to spell out “millions” rather than disclose the full number. In addition, companies should review the XBRL tagging of their cover page, Item 6.F., Item 16J and Item 16K disclosures as well as in their financial statements and information regarding the auditors who issued the audit opinion, to ensure proper tagging and formatting.
• China-Specific Disclosures: In July 2023, the SEC issued a Sample Letter to Companies Regarding China-Specific Disclosures consolidating guidance for companies with a majority of operations in the People’s Republic of China. The sample letter reminds China-based companies of their obligations under the Holding Foreign Companies Accountable Act, encourages companies to consider if risk factor disclosure

may be appropriate regarding any material impacts that “intervention” or “control by” the People’s Republic of China might have on the company or its securities and points out companies’ potential obligations pursuant to the Uyghur Forced Labor Prevention Act. China-based companies should review the sample letter to ensure compliance.

Looking Ahead

There are a number of ongoing legislative and regulatory priorities that could impact 2026. The SEC’s Spring 2025 Regulatory Flexibility Agenda previewed the SEC’s intent to rationalize disclosure practices, modernize the shelf-registration process, enhance accommodations available to EGCs and update exempt offering pathways, among other things. The SEC is also considering feedback received in response to its concept release on foreign private issuer eligibility and during the Roundtable on Executive Compensation Disclosure Requirements.[10] Furthermore, in September 2025, Nasdaq proposed a rule that would impose a $25 million minimum offering size on the IPO of a China-based company in order to list on the exchange, which is currently under SEC review.

The recently adopted Holding Foreign Insiders Accountable Act subjects the directors and officers of foreign private issuers to Section 16(a) reporting obligations, which represents a significant change for foreign private issuers and their officers and directors that will require advance preparation before the March 18, 2026, compliance date (see our client alert for more information). There are also a number of pending bills that could impact capital raising and disclosure like the Expanding WKSI Eligibility Act which, if adopted, would reduce the public float required for an issuer to achieve WKSI status to $400 million.[11]

With well-established disclosure obligations in the crosshairs of potential change, it will be important for companies to stay abreast of legislative and regulatory changes during 2026.