If your ClimateTech or ESG SaaS platform routes GHG calculation data, TCFD scenario outputs, or ESRS reporting events through a cloud iPaaS, you have a problem that no DPA or SLA can fix.
SEC Release No. 33-11275 (the 2024 climate disclosure rule) requires accelerated filers to document material climate risks and GHG Scope 1/2/3 emissions in their annual reports starting FY2025. The SEC's Regulation S-X Rule 14-02 and Reg S-K Items 1500–1507 require that the entire disclosure controls chain be documented — including every system that touches climate data used in public filings.
Cloud iPaaS in that chain is not a control. It is an undocumented third-party data processor. SEC examiners reviewing disclosure controls will ask: who had access to the GHG calculation inputs, and how is the chain of custody documented? If the answer is 'it went through a vendor's multi-tenant cloud servers,' you have a SOX 302 disclosure controls gap before you've filed a single form.
Here are five production-ready n8n workflows that keep your ESG data pipeline inside a defensible perimeter.
The Regulatory Stack
SEC Release No. 33-11275 (2024 Climate Disclosure Rule)
Phase-in: accelerated filers FY2025, large accelerated filers FY2025 (filed in 2026). Requires Scope 1/2 GHG in 10-K (Scope 3 if material or if you've made public Scope 3 targets). Physical and transition climate risk disclosure under Reg S-K Items 1500–1507. TCFD-aligned framework required for risk governance narrative.
EU Corporate Sustainability Reporting Directive (CSRD) — ESRS E1-E5
Large EU companies: first sustainability reports covering FY2024 (filed 2025). ESRS E1 (climate change) + E2 (pollution) + E3 (water/marine) + E4 (biodiversity) + E5 (circular economy). Limited assurance mandatory 2026, reasonable assurance 2028. EU Green Taxonomy alignment required for environmental claims.
California SB 253 (CRSSA) + SB 261 (CCRSA)
SB 253: Scope 1, 2, AND 3 annual reporting for CA-domiciled companies with >$1B US revenue. First reports due January 1, 2026 — enforced by CARB at $50,000/day up to $500,000. SB 261: biennial climate risk report for >$500M CA companies, also due January 1, 2026.
GHG Protocol Corporate Value Chain (Scope 3) Standard
Fifteen categories of Scope 3 emissions. Category 15 (investments) is particularly relevant for ESG platform vendors with asset-manager clients. Chain-of-custody documentation for each input source is an audit requirement — not a best practice.
The Self-Hosting Argument (Before the Workflows)
Cloud iPaaS in the SEC Climate Disclosure Pipeline
SEC Release No. 33-11275 adds climate data to the SOX 302 disclosure controls and procedures perimeter. Every cloud iPaaS node that processes GHG calculation inputs, TCFD scenario data, or ESRS report assembly is an undocumented processor outside your assessed ICFR environment. A QSA or SEC examiner reviewing your disclosure controls will find the gap. Self-hosted n8n inside your SOX ICFR boundary = internal system, no vendor review obligation.
CA SB 253 Scope 3 Chain-of-Custody
CARB enforcement of CA SB 253 began January 1, 2026. The $50,000/day penalty is per-day of non-compliance, not per-incident. If your Scope 3 Category 15 calculation pipeline routes through cloud iPaaS, your audit trail has a gap that CARB's examination process will identify. Self-hosted n8n keeps GHG data in your perimeter — the audit trail is in your Postgres, not a vendor's logs.
EU CSRD Assurance Boundary
EU CSRD Art.26 requires third-party assurance of sustainability reports. The assurance provider will ask for evidence of the entire ESRS data pipeline. Cloud iPaaS nodes in the ESRS E1 GHG calculation chain are outside the assurance boundary unless explicitly included in the assurance scope — which means a vendor assessment, additional audit fees, and potential qualified opinion. Self-hosted n8n inside the assurance boundary eliminates this exposure.
Workflow 1: ESG SaaS Tier-Segmented Onboarding Drip
Seven customer tiers, each with a distinct compliance briefing at Day 0:
- ENTERPRISE_ESG_PLATFORM: SEC Release No. 33-11275 FY2025 phase-in + SOX 302 disclosure controls chain
- CARBON_ACCOUNTING_SAAS: CA SB 253 Scope 1-2-3 due Jan 2026 + GHG Protocol Category 15 chain-of-custody
- CLIMATE_RISK_ANALYTICS_SAAS: SEC TCFD Reg S-K Item 1503 physical+transition risk narrative
- ESG_REPORTING_SAAS: EU CSRD ESRS E1-E5 assurance boundary + limited assurance 2026
- SUPPLY_CHAIN_SUSTAINABILITY_SAAS: Scope 3 Category 1-14 supplier engagement + CA SB 253 indirect emissions
- ENERGY_MANAGEMENT_SAAS: ISO 50001 energy data chain + Scope 2 market-based accounting
- CLIMATETECH_STARTUP: SEC voluntary climate disclosure pathway + GHG Protocol readiness
Day 3: GHG data health monitor configuration guide.
Day 7: Climate incident pipeline setup.
Day 14: Compliance deadline tracker activation.
Day 30: ESG KPI dashboard review.
{
"name": "ESG SaaS Tier-Segmented Onboarding Drip",
"nodes": [
{
"parameters": {
"httpMethod": "POST",
"path": "esg-onboarding",
"responseMode": "responseNode"
},
"name": "Webhook",
"type": "n8n-nodes-base.webhook",
"typeVersion": 1,
"position": [
250,
300
]
},
{
"parameters": {
"conditions": {
"string": [
{
"value1": "={{$json[\"tier\"]}}",
"operation": "equal",
"value2": "ENTERPRISE_ESG_PLATFORM"
}
]
}
},
"name": "Is Enterprise ESG Platform?",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
500,
200
]
},
{
"parameters": {
"conditions": {
"string": [
{
"value1": "={{$json[\"tier\"]}}",
"operation": "equal",
"value2": "CARBON_ACCOUNTING_SAAS"
}
]
}
},
"name": "Is Carbon Accounting SaaS?",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
500,
400
]
},
{
"parameters": {
"conditions": {
"string": [
{
"value1": "={{$json[\"tier\"]}}",
"operation": "equal",
"value2": "CLIMATE_RISK_ANALYTICS_SAAS"
}
]
}
},
"name": "Is Climate Risk Analytics?",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
500,
550
]
},
{
"parameters": {
"subject": "Welcome to FlowKit \u2014 Your SEC Climate Disclosure & ESG Compliance Stack",
"message": "={{$json[\"company_name\"]}}, your enterprise clients face SEC Release No. 33-11275 FY2025 phase-in. Five n8n automations keep your GHG pipeline inside your SOX 302 disclosure controls perimeter. Cloud iPaaS in your Scope 3 chain is an undocumented data processor \u2014 self-hosted n8n fixes that. Day 3: GHG data health monitor config. Day 7: SEC material climate risk incident pipeline. Store: https://stripeai.gumroad.com"
},
"name": "Enterprise ESG Email",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 1,
"position": [
750,
200
]
},
{
"parameters": {
"subject": "Welcome to FlowKit \u2014 GHG Protocol Scope 3 & CA SB 253 Automation",
"message": "={{$json[\"company_name\"]}}, CA SB 253 (CRSSA) first Scope 1-2-3 reports due Jan 1 2026 for CA companies >$1B revenue. CARB enforcement up to $50,000/day. Cloud iPaaS in your GHG calculation pipeline = undocumented TPSP in your Scope 3 chain-of-custody audit. Self-hosted n8n keeps GHG data in your perimeter. Day 3: Scope 3 Category 15 chain config. Day 7: CA SB 253 deadline tracker. Store: https://stripeai.gumroad.com"
},
"name": "Carbon Accounting Email",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 1,
"position": [
750,
400
]
},
{
"parameters": {
"subject": "Welcome to FlowKit \u2014 SEC TCFD & Physical Risk Analytics Compliance",
"message": "={{$json[\"company_name\"]}}, SEC registrants need TCFD-aligned disclosure on physical and transition climate risks. Climate risk scenarios routed through cloud iPaaS = undocumented processor in your SEC Reg S-K disclosure controls. Self-hosted n8n keeps TCFD analytics pipeline inside your SOX ICFR perimeter. Day 3: TCFD scenario health monitor. Day 7: Physical risk incident pipeline. Store: https://stripeai.gumroad.com"
},
"name": "Climate Risk Analytics Email",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 1,
"position": [
750,
550
]
},
{
"parameters": {
"respondWith": "json",
"responseBody": "{\"status\":\"ok\"}"
},
"name": "Respond OK",
"type": "n8n-nodes-base.respondToWebhook",
"typeVersion": 1,
"position": [
1000,
300
]
}
],
"connections": {
"Webhook": {
"main": [
[
{
"node": "Is Enterprise ESG Platform?",
"type": "main",
"index": 0
}
]
]
},
"Is Enterprise ESG Platform?": {
"main": [
[
{
"node": "Enterprise ESG Email",
"type": "main",
"index": 0
}
],
[
{
"node": "Is Carbon Accounting SaaS?",
"type": "main",
"index": 0
}
]
]
},
"Is Carbon Accounting SaaS?": {
"main": [
[
{
"node": "Carbon Accounting Email",
"type": "main",
"index": 0
}
],
[
{
"node": "Is Climate Risk Analytics?",
"type": "main",
"index": 0
}
]
]
},
"Is Climate Risk Analytics?": {
"main": [
[
{
"node": "Climate Risk Analytics Email",
"type": "main",
"index": 0
}
],
[
{
"node": "Respond OK",
"type": "main",
"index": 0
}
]
]
},
"Enterprise ESG Email": {
"main": [
[
{
"node": "Respond OK",
"type": "main",
"index": 0
}
]
]
},
"Carbon Accounting Email": {
"main": [
[
{
"node": "Respond OK",
"type": "main",
"index": 0
}
]
]
},
"Climate Risk Analytics Email": {
"main": [
[
{
"node": "Respond OK",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 2: GHG Data Source & ESG API Health Monitor
Five endpoints, 15-minute polling, $getWorkflowStaticData for deduplication (one alert per endpoint per hour maximum):
| Endpoint | Annotation |
|---|---|
ghg_calculation_engine_api |
GHG Protocol Scope 3 Cat 15 chain DOWN = Scope 3 gap in SEC Release 33-11275 filing |
sec_climate_disclosure_api |
SEC Release No. 33-11275 material risk data DOWN = disclosure control failure (SOX 302) |
csrd_reporting_api |
EU CSRD ESRS E1 GHG intensity data DOWN = assurance gap (limited assurance mandatory 2026) |
carbon_registry_api |
Carbon credit registry DOWN = credit verification gap (SEC greenwashing enforcement risk) |
energy_management_api |
ISO 50001 energy data DOWN = energy intensity calculation gap |
The ghg_calculation_engine_api annotation is the most consequential: if Scope 3 data is incomplete when a SEC-filing client runs their annual GHG inventory, the disclosure has a material gap — and the cloud iPaaS downtime window will not be in your ICFR documentation.
{
"name": "GHG Data Source & ESG API Health Monitor",
"nodes": [
{
"parameters": {
"rule": {
"interval": [
{
"field": "minutes",
"minutesInterval": 15
}
]
}
},
"name": "Every 15 Minutes",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
250,
300
]
},
{
"parameters": {
"url": "={{$env.GHG_CALC_ENGINE_URL}}/health",
"options": {
"timeout": 8000
}
},
"name": "Check GHG Calc Engine",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 3,
"position": [
480,
200
],
"continueOnFail": true
},
{
"parameters": {
"url": "={{$env.SEC_CLIMATE_API_URL}}/health",
"options": {
"timeout": 8000
}
},
"name": "Check SEC Climate API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 3,
"position": [
480,
350
],
"continueOnFail": true
},
{
"parameters": {
"url": "={{$env.CSRD_REPORTING_API_URL}}/health",
"options": {
"timeout": 8000
}
},
"name": "Check CSRD Reporting API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 3,
"position": [
480,
500
],
"continueOnFail": true
},
{
"parameters": {
"url": "={{$env.CARBON_REGISTRY_API_URL}}/health",
"options": {
"timeout": 8000
}
},
"name": "Check Carbon Registry API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 3,
"position": [
480,
650
],
"continueOnFail": true
},
{
"parameters": {
"url": "={{$env.ENERGY_MGMT_API_URL}}/health",
"options": {
"timeout": 8000
}
},
"name": "Check Energy Mgmt API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 3,
"position": [
480,
800
],
"continueOnFail": true
},
{
"parameters": {
"functionCode": "\nconst staticData = $getWorkflowStaticData('global');\nconst now = Date.now();\nconst endpoints = [\n { name: 'ghg_calculation_engine_api', result: $node['Check GHG Calc Engine'].json, annotation: 'GHG Protocol Scope 3 Cat 15 chain DOWN = Scope 3 gap in SEC Release 33-11275 filing' },\n { name: 'sec_climate_disclosure_api', result: $node['Check SEC Climate API'].json, annotation: 'SEC Release No. 33-11275 material risk data DOWN = disclosure control failure (SOX 302)' },\n { name: 'csrd_reporting_api', result: $node['Check CSRD Reporting API'].json, annotation: 'EU CSRD ESRS E1 GHG intensity data DOWN = assurance gap (limited assurance mandatory 2026)' },\n { name: 'carbon_registry_api', result: $node['Check Carbon Registry API'].json, annotation: 'Carbon credit registry DOWN = carbon credit verification gap (SEC greenwashing risk)' },\n { name: 'energy_management_api', result: $node['Check Energy Mgmt API'].json, annotation: 'ISO 50001 energy data DOWN = energy intensity calculation gap' }\n];\nconst alerts = [];\nfor (const ep of endpoints) {\n const isDown = ep.result.error || ep.result.status !== 'ok';\n if (isDown) {\n const key = 'alerted_' + ep.name;\n if (!staticData[key] || (now - staticData[key]) > 3600000) {\n staticData[key] = now;\n alerts.push({ endpoint: ep.name, annotation: ep.annotation, ts: new Date().toISOString() });\n }\n } else {\n delete staticData['alerted_' + ep.name];\n }\n}\nreturn alerts.map(a => ({json: a}));\n"
},
"name": "Dedup & Build Alerts",
"type": "n8n-nodes-base.function",
"typeVersion": 1,
"position": [
720,
500
]
},
{
"parameters": {
"conditions": {
"number": [
{
"value1": "={{$json}}",
"operation": "isNotEmpty"
}
]
}
},
"name": "Any Alerts?",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
950,
500
]
},
{
"parameters": {
"subject": "[CRITICAL] ESG API Down: {{$json[\"endpoint\"]}}",
"message": "Endpoint: {{$json[\"endpoint\"]}}\nRisk: {{$json[\"annotation\"]}}\nTime: {{$json[\"ts\"]}}\n\nCompliance note: If ghg_calculation_engine_api is down, GHG Protocol Scope 3 data continuity is broken. SEC Release No. 33-11275 requires documented material risk controls. Restore immediately and document downtime window for disclosure controls audit trail."
},
"name": "Alert ESG Team",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 1,
"position": [
1180,
400
]
}
],
"connections": {
"Every 15 Minutes": {
"main": [
[
{
"node": "Check GHG Calc Engine",
"type": "main",
"index": 0
},
{
"node": "Check SEC Climate API",
"type": "main",
"index": 0
},
{
"node": "Check CSRD Reporting API",
"type": "main",
"index": 0
},
{
"node": "Check Carbon Registry API",
"type": "main",
"index": 0
},
{
"node": "Check Energy Mgmt API",
"type": "main",
"index": 0
}
]
]
},
"Check GHG Calc Engine": {
"main": [
[
{
"node": "Dedup & Build Alerts",
"type": "main",
"index": 0
}
]
]
},
"Check SEC Climate API": {
"main": [
[
{
"node": "Dedup & Build Alerts",
"type": "main",
"index": 0
}
]
]
},
"Check CSRD Reporting API": {
"main": [
[
{
"node": "Dedup & Build Alerts",
"type": "main",
"index": 0
}
]
]
},
"Check Carbon Registry API": {
"main": [
[
{
"node": "Dedup & Build Alerts",
"type": "main",
"index": 0
}
]
]
},
"Check Energy Mgmt API": {
"main": [
[
{
"node": "Dedup & Build Alerts",
"type": "main",
"index": 0
}
]
]
},
"Dedup & Build Alerts": {
"main": [
[
{
"node": "Any Alerts?",
"type": "main",
"index": 0
}
]
]
},
"Any Alerts?": {
"main": [
[
{
"node": "Alert ESG Team",
"type": "main",
"index": 0
}
],
[]
]
}
}
}
Workflow 3: ESG Compliance Deadline Tracker
Twelve deadline types, 6-hour polling, 30-day advance warning, $getWorkflowStaticData for persistence:
| Deadline | Regulation | Priority |
|---|---|---|
| SEC Climate Disclosure Annual | SEC Release No. 33-11275 / Reg S-K Items 1500-1507 (accelerated filers FY2025) | P0 |
| EU CSRD ESRS E1-E5 Annual Report | EU CSRD 2022/2464 (large companies first reports) | P0 |
| CA SB 253 Scope 1-2-3 Annual | CA Health & Safety Code §38532 — CARB $50,000/day up to $500,000 | P0 |
| CA SB 261 Climate Risk Biennial | CA Health & Safety Code §38537 — companies >$500M | P1 |
| TCFD Annual Review | SEC Reg S-K Item 1503 physical+transition risk | P1 |
| GHG Protocol Scope 3 Annual Inventory | GHG Protocol 15-category corporate value chain | P1 |
| CDP Annual Disclosure | CDP Climate/Water/Forest questionnaire | P2 |
| Carbon Credit Expiry Review | VCS/Gold Standard/CAR retirement rules | P1 |
| ESRS Assurance Readiness Review | EU CSRD Art.26 limited assurance mandatory 2026 | P1 |
| ISO 14001 Surveillance Audit | ISO 14001:2015 EMS annual | P2 |
| SOC 2 Type II Renewal | AICPA TSC for ESG data processors | P2 |
| Annual Penetration Test | SEC disclosure controls / SOC 2 CC7.1 | P2 |
CA SB 253 and CA SB 261 both carry first-report deadlines of January 1, 2026 — less than seven months from this writing. Any CA company >$1B revenue that has not yet locked its Scope 3 inventory methodology and documentation chain is at CARB enforcement risk.
{
"name": "ESG / Climate Compliance Deadline Tracker",
"nodes": [
{
"parameters": {
"rule": {
"interval": [
{
"field": "hours",
"hoursInterval": 6
}
]
}
},
"name": "Every 6 Hours",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
250,
300
]
},
{
"parameters": {
"functionCode": "\nconst staticData = $getWorkflowStaticData('global');\nconst now = new Date();\nconst deadlines = staticData.deadlines || [\n { id: 'SEC_CLIMATE_DISCLOSURE_ANNUAL', label: 'SEC Release No. 33-11275 Annual Climate Disclosure', due: '2026-04-01', regulation: 'SEC Release No. 33-11275 / Reg S-K Item 1500-1507 (accelerated filers FY2025)', priority: 'P0' },\n { id: 'EU_CSRD_ESRS_ANNUAL_REPORT', label: 'EU CSRD ESRS E1-E5 Annual Sustainability Report', due: '2026-04-30', regulation: 'EU CSRD 2022/2464 ESRS E1-E5 (large companies first reports)', priority: 'P0' },\n { id: 'CA_SB_253_SCOPE123_ANNUAL', label: 'CA SB 253 (CRSSA) Scope 1-2-3 Annual Report', due: '2026-01-01', regulation: 'CA Health & Safety Code \u00a738532 \u2014 CARB enforcement $50,000/day up to $500,000', priority: 'P0' },\n { id: 'CA_SB_261_CLIMATE_RISK_BIENNIAL', label: 'CA SB 261 (CCRSA) Climate Risk Biennial Report', due: '2026-01-01', regulation: 'CA Health & Safety Code \u00a738537 \u2014 companies >$500M biennial', priority: 'P1' },\n { id: 'TCFD_ANNUAL_REVIEW', label: 'TCFD Aligned Disclosure Annual Review', due: '2026-04-01', regulation: 'SEC Reg S-K Item 1503 physical+transition risk / TCFD 2017 framework', priority: 'P1' },\n { id: 'GHG_PROTOCOL_SCOPE3_ANNUAL_INVENTORY', label: 'GHG Protocol Scope 3 Annual Inventory Lock', due: '2026-03-01', regulation: 'GHG Protocol Corporate Value Chain (Scope 3) Standard \u2014 15 categories', priority: 'P1' },\n { id: 'CDP_ANNUAL_DISCLOSURE_DEADLINE', label: 'CDP (Carbon Disclosure Project) Annual Disclosure', due: '2026-07-31', regulation: 'CDP Climate / Water / Forest questionnaire \u2014 investor disclosure deadline', priority: 'P2' },\n { id: 'CARBON_CREDIT_EXPIRY_REVIEW', label: 'Carbon Credit Vintage & Expiry Review', due: '2026-06-01', regulation: 'VCS / Gold Standard / CAR retirement rules \u2014 greenwashing risk if expired credits used', priority: 'P1' },\n { id: 'ESRS_ASSURANCE_READINESS_REVIEW', label: 'ESRS Limited Assurance Readiness Review', due: '2026-03-01', regulation: 'EU CSRD Art.26 \u2014 limited assurance mandatory 2026, reasonable assurance 2028', priority: 'P1' },\n { id: 'ISO_14001_SURVEILLANCE_AUDIT', label: 'ISO 14001 EMS Surveillance Audit', due: '2026-09-01', regulation: 'ISO 14001:2015 Environmental Management System annual surveillance', priority: 'P2' },\n { id: 'SOC2_TYPE2_RENEWAL', label: 'SOC 2 Type II Annual Renewal', due: '2026-12-01', regulation: 'AICPA TSC \u2014 security, availability, confidentiality for ESG data processors', priority: 'P2' },\n { id: 'ANNUAL_PENTEST', label: 'Annual Penetration Test', due: '2026-11-01', regulation: 'SEC disclosure controls / SOC 2 CC7.1 \u2014 annual pentest for climate data systems', priority: 'P2' }\n];\nstaticData.deadlines = deadlines;\nconst alerts = [];\nfor (const d of deadlines) {\n const dueDate = new Date(d.due);\n const daysLeft = Math.ceil((dueDate - now) / 86400000);\n if (daysLeft <= 30 && daysLeft >= 0) {\n alerts.push({ ...d, days_left: daysLeft, urgency: daysLeft <= 7 ? 'P0' : d.priority });\n }\n}\nreturn alerts.length > 0 ? alerts.map(a => ({json: a})) : [{ json: { status: 'no_deadlines_within_30_days' } }];\n"
},
"name": "Check ESG Deadlines",
"type": "n8n-nodes-base.function",
"typeVersion": 1,
"position": [
500,
300
]
},
{
"parameters": {
"conditions": {
"string": [
{
"value1": "={{$json[\"status\"]}}",
"operation": "notEqual",
"value2": "no_deadlines_within_30_days"
}
]
}
},
"name": "Has Upcoming Deadline?",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
750,
300
]
},
{
"parameters": {
"subject": "[ESG DEADLINE] {{$json[\"days_left\"]}}d \u2014 {{$json[\"label\"]}}",
"message": "Deadline: {{$json[\"label\"]}}\nDue: {{$json[\"due\"]}}\nDays Left: {{$json[\"days_left\"]}}\nRegulation: {{$json[\"regulation\"]}}\nPriority: {{$json[\"urgency\"]}}\n\nAction required: Review compliance posture and ensure GHG data pipeline documentation is audit-ready. For SEC Release No. 33-11275 deadlines, confirm disclosure controls (SOX 302/906) cover the entire climate data chain."
},
"name": "Alert: Compliance Deadline",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 1,
"position": [
1000,
200
]
}
],
"connections": {
"Every 6 Hours": {
"main": [
[
{
"node": "Check ESG Deadlines",
"type": "main",
"index": 0
}
]
]
},
"Check ESG Deadlines": {
"main": [
[
{
"node": "Has Upcoming Deadline?",
"type": "main",
"index": 0
}
]
]
},
"Has Upcoming Deadline?": {
"main": [
[
{
"node": "Alert: Compliance Deadline",
"type": "main",
"index": 0
}
],
[]
]
}
}
}
Workflow 4: SEC/CSRD/CA Climate Incident Response Pipeline
Eight incident types classified by SLA and escalation path:
| Incident Type | SLA | Regulation | Fastest Clock |
|---|---|---|---|
SEC_MATERIAL_CLIMATE_DISCLOSURE_ERROR |
IMMEDIATE | SEC Release 33-11275 + 10b-5 securities fraud | Yes — legal hold within minutes |
CARBON_CREDIT_FRAUD_DETECTED |
IMMEDIATE | SEC Release No. 34-93389 greenwashing + criminal referral | Yes |
GHG_SCOPE3_CALCULATION_ERROR |
IMMEDIATE | GHG Protocol Scope 3 material restatement risk | Yes |
EU_CSRD_ASSURANCE_GAP |
720h | EU CSRD Art.26 limited assurance failure | P1 |
CA_SB_253_REPORTING_FAILURE |
720h | CA §38532 CARB $50,000/day | P0 |
CA_SB_261_RISK_REPORT_OVERDUE |
720h | CA §38537 climate risk disclosure | P1 |
TCFD_DISCLOSURE_INCONSISTENCY |
72h | SEC Reg S-K Item 1503 inconsistency | P1 |
GENERAL_ESG_INCIDENT |
48h | ESG triage | P2 |
SEC_MATERIAL_CLIMATE_DISCLOSURE_ERROR is the fastest clock in this series: securities fraud exposure under 10b-5 attaches on the day a material misstatement is filed, not when it is discovered. Legal hold on all climate data must begin immediately — before any records are moved, altered, or transmitted through any system.
CARBON_CREDIT_FRAUD_DETECTED carries criminal referral risk alongside SEC enforcement. The SEC's Climate and ESG Task Force (Release No. 34-93389) has enforcement precedent for greenwashing claims. Immediate escalation to securities counsel is required.
{
"name": "SEC/CSRD/CA Climate Incident Response Pipeline",
"nodes": [
{
"parameters": {
"httpMethod": "POST",
"path": "esg-incident",
"responseMode": "responseNode"
},
"name": "Incident Webhook",
"type": "n8n-nodes-base.webhook",
"typeVersion": 1,
"position": [
250,
400
]
},
{
"parameters": {
"functionCode": "\nconst incident = $json;\nconst tiers = {\n 'SEC_MATERIAL_CLIMATE_DISCLOSURE_ERROR': { sla_hours: 0, label: 'SEC Material Climate Disclosure Error', regulation: 'SEC Release No. 33-11275 + 10b-5 securities fraud exposure \u2014 IMMEDIATE legal hold on all climate data', escalation: 'CEO+GC+external_securities_counsel', priority: 'P0' },\n 'EU_CSRD_ASSURANCE_GAP': { sla_hours: 720, label: 'EU CSRD ESRS Assurance Gap Detected', regulation: 'EU CSRD 2022/2464 Art.26 \u2014 limited assurance failure (mandatory 2026 onward)', escalation: 'CEO+CCO+DPO', priority: 'P1' },\n 'CA_SB_253_REPORTING_FAILURE': { sla_hours: 720, label: 'CA SB 253 Scope 1-2-3 Reporting Failure', regulation: 'CA Health & Safety Code \u00a738532 \u2014 CARB penalty $50,000/day up to $500,000', escalation: 'CEO+GC+CARB_counsel', priority: 'P0' },\n 'CA_SB_261_RISK_REPORT_OVERDUE': { sla_hours: 720, label: 'CA SB 261 Climate Risk Report Overdue', regulation: 'CA Health & Safety Code \u00a738537 \u2014 climate risk disclosure failure', escalation: 'CEO+GC', priority: 'P1' },\n 'GHG_SCOPE3_CALCULATION_ERROR': { sla_hours: 0, label: 'GHG Scope 3 Calculation Error', regulation: 'GHG Protocol Corporate Value Chain Standard \u2014 Scope 3 material restatement risk in SEC filing', escalation: 'CEO+CFO+sustainability_team', priority: 'P0' },\n 'CARBON_CREDIT_FRAUD_DETECTED': { sla_hours: 0, label: 'Carbon Credit Fraud Detected', regulation: 'SEC greenwashing enforcement (Release No. 34-93389) + potential criminal referral \u2014 IMMEDIATE legal hold', escalation: 'CEO+GC+external_securities_counsel', priority: 'P0' },\n 'TCFD_DISCLOSURE_INCONSISTENCY': { sla_hours: 72, label: 'TCFD Disclosure Inconsistency', regulation: 'SEC Reg S-K Item 1503 physical+transition risk \u2014 inconsistency = disclosure controls failure', escalation: 'CEO+CCO+IR', priority: 'P1' },\n 'GENERAL_ESG_INCIDENT': { sla_hours: 48, label: 'General ESG Incident', regulation: 'ESG compliance triage \u2014 route to appropriate framework lead', escalation: 'sustainability_team', priority: 'P2' }\n};\nconst t = tiers[incident.incident_type] || tiers['GENERAL_ESG_INCIDENT'];\nreturn [{ json: { ...incident, ...t, detected_at: new Date().toISOString(), sla_deadline: new Date(Date.now() + t.sla_hours * 3600000).toISOString() } }];\n"
},
"name": "Classify ESG Incident",
"type": "n8n-nodes-base.function",
"typeVersion": 1,
"position": [
500,
400
]
},
{
"parameters": {
"conditions": {
"string": [
{
"value1": "={{$json[\"priority\"]}}",
"operation": "equal",
"value2": "P0"
}
]
}
},
"name": "Is P0?",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
750,
400
]
},
{
"parameters": {
"subject": "[P0 ESG CRITICAL] {{$json[\"label\"]}} \u2014 IMMEDIATE ACTION",
"message": "INCIDENT: {{$json[\"label\"]}}\nType: {{$json[\"incident_type\"]}}\nPriority: P0 \u2014 IMMEDIATE\nSLA: {{$json[\"sla_deadline\"]}}\nRegulation: {{$json[\"regulation\"]}}\nEscalate to: {{$json[\"escalation\"]}}\nDetected: {{$json[\"detected_at\"]}}\n\nNOTE: SEC_MATERIAL_CLIMATE_DISCLOSURE_ERROR and CARBON_CREDIT_FRAUD_DETECTED require immediate legal hold on ALL climate data. Do not alter, delete, or transmit any climate-related records until securities counsel confirms scope."
},
"name": "P0 Alert \u2014 Escalate Now",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 1,
"position": [
1000,
300
]
},
{
"parameters": {
"subject": "[{{$json[\"priority\"]}} ESG] {{$json[\"label\"]}} \u2014 SLA: {{$json[\"sla_deadline\"]}}",
"message": "INCIDENT: {{$json[\"label\"]}}\nType: {{$json[\"incident_type\"]}}\nPriority: {{$json[\"priority\"]}}\nSLA Deadline: {{$json[\"sla_deadline\"]}}\nRegulation: {{$json[\"regulation\"]}}\nEscalate to: {{$json[\"escalation\"]}}\nDetected: {{$json[\"detected_at\"]}}"
},
"name": "P1/P2 Alert",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 1,
"position": [
1000,
500
]
},
{
"parameters": {
"respondWith": "json",
"responseBody": "{\"status\":\"received\"}"
},
"name": "Respond",
"type": "n8n-nodes-base.respondToWebhook",
"typeVersion": 1,
"position": [
1250,
400
]
}
],
"connections": {
"Incident Webhook": {
"main": [
[
{
"node": "Classify ESG Incident",
"type": "main",
"index": 0
}
]
]
},
"Classify ESG Incident": {
"main": [
[
{
"node": "Is P0?",
"type": "main",
"index": 0
}
]
]
},
"Is P0?": {
"main": [
[
{
"node": "P0 Alert \u2014 Escalate Now",
"type": "main",
"index": 0
}
],
[
{
"node": "P1/P2 Alert",
"type": "main",
"index": 0
}
]
]
},
"P0 Alert \u2014 Escalate Now": {
"main": [
[
{
"node": "Respond",
"type": "main",
"index": 0
}
]
]
},
"P1/P2 Alert": {
"main": [
[
{
"node": "Respond",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 5: Weekly ESG KPI Dashboard — CEO + CFO + CSO
Monday 8AM delivery to CEO, CFO, and Chief Sustainability Officer (BCC CISO+Legal):
- Enterprise ESG Platform / Carbon Accounting / Climate Risk / ESG Reporting accounts + MRR
- Active SEC filer clients (Release 33-11275 P0 exposure count)
- Active EU CSRD clients (ESRS assurance gap risk)
- Active CA SB 253 clients (CARB enforcement Jan 2026)
- GHG Scope 3 data completeness % (SEC material disclosure flag)
- Open P0/P1 incidents + deadlines within 30 days
{
"name": "Weekly ESG KPI Dashboard \u2014 CEO+CFO+CSO",
"nodes": [
{
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 8 * * 1"
}
]
}
},
"name": "Every Monday 8AM",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
250,
300
]
},
{
"parameters": {
"url": "={{$env.CRM_API_URL}}/api/esg-kpis",
"options": {}
},
"name": "Fetch ESG KPIs",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 3,
"position": [
480,
300
]
},
{
"parameters": {
"functionCode": "\nconst d = $json;\nconst rows = [\n ['Metric', 'This Week', 'WoW Change', 'Compliance Flag'],\n ['Enterprise ESG Platform Accounts', d.enterprise_esg_accounts || 0, d.enterprise_esg_delta || '+0', 'SEC Release 33-11275 exposure'],\n ['Carbon Accounting SaaS Accounts', d.carbon_accounting_accounts || 0, d.carbon_delta || '+0', 'CA SB 253 CARB $50k/day'],\n ['Climate Risk Analytics Accounts', d.climate_risk_accounts || 0, d.climate_risk_delta || '+0', 'SEC TCFD Reg S-K 1503'],\n ['ESG Reporting SaaS Accounts', d.esg_reporting_accounts || 0, d.esg_reporting_delta || '+0', 'EU CSRD ESRS E1-E5'],\n ['Total MRR', '$' + (d.mrr || 0), d.mrr_delta || '+0%', ''],\n ['Net New MRR (7d)', '$' + (d.net_new_mrr || 0), '', ''],\n ['Active SEC Filer Clients', d.sec_filer_clients || 0, '', 'SEC Release 33-11275 P0'],\n ['Active EU CSRD Clients', d.csrd_clients || 0, '', 'ESRS assurance gap risk'],\n ['Active CA SB 253 Clients', d.ca_sb253_clients || 0, '', 'CARB enforcement Jan 2026'],\n ['GHG Scope 3 Completeness %', (d.scope3_completeness || 0) + '%', '', 'SEC material disclosure flag'],\n ['Open P0 Incidents', d.p0_incidents || 0, '', 'Immediate escalation required'],\n ['Open P1 Incidents', d.p1_incidents || 0, '', 'SLA tracking active'],\n ['Deadlines Within 30d', d.deadlines_30d || 0, '', 'Review scheduler output']\n];\nconst body = rows.map(r => r.join(' | ')).join('\\n');\nreturn [{ json: { kpi_table: body, period_end: new Date().toISOString().split('T')[0] } }];\n"
},
"name": "Format KPI Table",
"type": "n8n-nodes-base.function",
"typeVersion": 1,
"position": [
720,
300
]
},
{
"parameters": {
"subject": "[FlowKit ESG Weekly KPI] Week ending {{$json[\"period_end\"]}}",
"message": "ESG SaaS Weekly KPI Dashboard\n\n{{$json[\"kpi_table\"]}}\n\nNote: CA SB 253 first Scope 1-2-3 reports due Jan 1, 2026 \u2014 CARB enforcement $50,000/day. Ensure all CA >$1B clients have GHG data pipeline audit trail. SEC Release No. 33-11275 FY2025 phase-in: accelerated filers must include material climate risk in 10-K.",
"toEmail": "ceo@yourcompany.com",
"ccEmail": "cfo@yourcompany.com,cso@yourcompany.com"
},
"name": "Send KPI Email \u2014 CEO+CFO+CSO",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 1,
"position": [
960,
300
]
}
],
"connections": {
"Every Monday 8AM": {
"main": [
[
{
"node": "Fetch ESG KPIs",
"type": "main",
"index": 0
}
]
]
},
"Fetch ESG KPIs": {
"main": [
[
{
"node": "Format KPI Table",
"type": "main",
"index": 0
}
]
]
},
"Format KPI Table": {
"main": [
[
{
"node": "Send KPI Email \u2014 CEO+CFO+CSO",
"type": "main",
"index": 0
}
]
]
}
}
}
Get the Full n8n Automation Bundle
All five workflows above — plus 10 more production-ready templates for SaaS compliance, CRM automation, AI agents, and business operations — are in the FlowKit n8n Automation Bundle at stripeai.gumroad.com.
Individual templates: $12–$29. Bundle (all 15): $97.
Each template includes:
- Full workflow JSON ready to import
- Node-by-node setup guide
- Environment variable reference
- Compliance annotation comments
Why Self-Hosted n8n for ESG Compliance?
| Regulation | Cloud iPaaS Risk | Self-Hosted n8n Fix |
|---|---|---|
| SEC Release 33-11275 (SOX 302) | Climate data pipeline outside ICFR boundary | Self-hosted inside SOX ICFR perimeter — internal system, no vendor review |
| CA SB 253 (CRSSA) CARB | Scope 3 chain-of-custody gap — CARB audit finds undocumented processor | GHG data stays in your Postgres — audit trail complete |
| EU CSRD Art.26 Assurance | Cloud iPaaS node outside assurance boundary = qualified opinion risk | Self-hosted inside assurance boundary — assurer can inspect the system |
| GHG Protocol Scope 3 | Category 15 investment emissions pipeline through vendor servers = chain-of-custody break | Full chain documented in your infrastructure |
| SEC Greenwashing (Release 34-93389) | Carbon credit verification through cloud iPaaS = undocumented processing chain | Registry API calls logged in your system — full audit trail |
Questions or customization requests: open an issue on github.com/flowkithq/n8n-automation-templates.
Top comments (0)