Corporate Social Responsibility (CSR) Policies And Legal Requirements In NZ

If you’re running a small business, “doing the right thing” is usually already part of how you operate. You might be paying staff fairly, choosing ethical suppliers, cutting down waste, or supporting your local community.

A corporate social responsibility (CSR) policy is how you turn those good intentions into a clear, consistent plan - and make sure your team (and your customers) understand what you stand for.

Just as importantly, a CSR policy can help you line up your business practices with New Zealand legal requirements around things like health and safety, employment, privacy, consumer protection, and director duties. It’s not about ticking boxes - it’s about putting strong legal foundations in place so you can grow confidently.

This article provides general information only and isn’t legal advice. For advice tailored to your business, talk to a lawyer.

In this guide, we’ll walk you through what a CSR policy is, whether you need one, the key NZ laws that often connect to CSR commitments, and how to create a policy that’s practical for a small business (not just a big corporate).

What Is A Corporate Social Responsibility Policy?

A corporate social responsibility policy is a written document that sets out how your business will operate responsibly across areas such as:

• People (e.g. staff wellbeing, fair pay, diversity and inclusion, safe workplaces)
• Planet (e.g. reducing waste, sustainable sourcing, emissions, energy use)
• Ethics (e.g. honest marketing, ethical suppliers, anti-corruption, conflicts of interest)
• Community (e.g. local sponsorships, volunteering, social impact initiatives)
• Governance (e.g. decision-making processes, accountability, risk management)

It’s closely linked to corporate social responsibility as a concept, but the policy part is where it becomes real and actionable.

What A CSR Policy Is (And Isn’t)

It is:

• A practical guide for your team and decision-makers
• A way to align your values with day-to-day operations
• A signal to customers, suppliers, and investors that you take responsibility seriously

It isn’t:

• A marketing statement full of vague promises
• A “nice-to-have” document that sits in a folder and never gets used
• A substitute for complying with NZ law (compliance still comes first)

One quick reality check: the moment you publish CSR commitments (on your website, in proposals, in tenders, or in pitch decks), you may create legal risk if those claims are inaccurate or can’t be backed up. So it’s worth getting the wording right.

Do NZ Businesses Have To Have A CSR Policy?

For most small businesses in New Zealand, there’s no single law that says “you must have a CSR policy”. But that doesn’t mean CSR is optional from a legal perspective.

Instead, CSR tends to sit across multiple legal obligations you already have - and a CSR policy can help you organise those obligations into a clear internal standard.

When A CSR Policy Is Especially Useful

Even if you’re a small business, a CSR policy is often worth prioritising if you:

• Employ staff (even one person)
• Collect customer data (names, emails, payment details, online orders, CCTV footage)
• Sell products or services to the public (especially online)
• Supply to government agencies or larger organisations (tenders and procurement processes often ask about CSR/ESG)
• Operate in a higher-risk industry (construction, manufacturing, transport, hospitality, health services)
• Have investors, shareholders, or a board (or plan to bring them on)

CSR vs ESG: Do You Need Both?

You’ll often hear “CSR” and “ESG” used together. They overlap, but they’re not identical:

• CSR is usually about your broader commitments and culture (what you do and why).
• ESG is often more measurement-driven (how you track environmental, social and governance risks and performance).

Small businesses can keep it simple: start with a corporate social responsibility policy that’s realistic, and build more formal ESG reporting later if your customers, funders, or industry expects it.

What Laws Does A CSR Policy Help You Comply With In New Zealand?

A CSR policy shouldn’t try to rewrite the law - but it should help your team consistently meet (and ideally exceed) the legal baseline.

Here are some key NZ legal areas that often connect directly to CSR commitments.

Health And Safety: Health And Safety At Work Act 2015

If your CSR policy includes commitments like “we put people first” or “we provide a safe workplace”, you’ll want those to align with your duties under the Health and Safety at Work Act 2015.

In practice, this often means documenting and acting on things like:

• hazard identification and risk management
• incident reporting and investigation
• training and supervision
• contractor safety procedures
• taking steps that are reasonably practicable to protect workers and others affected by your work

A good CSR policy can reinforce safety culture - but you’ll still need proper operational processes behind it.

Employment Practices: Employment Relations Act 2000 And The Holidays Act 2003

Many CSR commitments relate to staff wellbeing, fair pay, and respectful workplaces. In NZ, these areas often link back to the Employment Relations Act 2000, the Holidays Act 2003, and related employment obligations.

One of the simplest ways to support your CSR commitments is to make sure your legal basics are solid, including a compliant Employment Contract and clear workplace policies.

If you’re making public claims like “we prioritise inclusion” or “we are a values-led employer”, it’s also worth checking that your internal processes actually match that - for example, how you handle grievances, performance management, and staff complaints.

Anti-Discrimination And Fair Treatment: Human Rights Act 1993

If your CSR policy includes diversity, equity, and inclusion commitments, it should align with the Human Rights Act 1993. That law prohibits discrimination in employment and other areas on specified grounds.

Practical steps might include:

• reviewing recruitment and interview practices
• training managers on respectful conduct and harassment prevention
• ensuring reasonable workplace accommodations where appropriate

CSR language should be careful here - it’s better to commit to “clear, lawful processes and a respectful workplace” than to make guarantees you can’t consistently deliver.

Privacy And Responsible Data Use: Privacy Act 2020

If your CSR policy talks about respecting customers or acting ethically, privacy is usually part of that promise.

In NZ, the Privacy Act 2020 applies to most businesses handling personal information. Your CSR policy may cover high-level commitments like data security and respectful marketing, but you’ll typically also need a fit-for-purpose Privacy Policy and internal processes for:

• collecting personal information fairly
• storing it securely and limiting access
• using it only for appropriate purposes
• responding to access/correction requests
• managing privacy breaches

Privacy is also a common “trust” issue - meaning it’s both a legal requirement and a brand risk if you get it wrong.

Consumer Protection And Honest Marketing: Fair Trading Act 1986 And Consumer Guarantees Act 1993

CSR policies often include commitments like “we’re transparent” or “we act with integrity”. If you sell to consumers, your advertising and sales practices need to comply with the Fair Trading Act 1986 (misleading and deceptive conduct) and the Consumer Guarantees Act 1993 (automatic guarantees for consumer purchases).

This is particularly important if you make “ethical” or “sustainable” claims in marketing. If your claims are unclear, exaggerated, or untrue, you risk complaints and enforcement action - as well as reputational damage.

Company Director Duties And Governance: Companies Act 1993

If you operate through a company, CSR also touches governance. Under the Companies Act 1993, directors must act in good faith and in the best interests of the company, and they must exercise care, diligence, and skill.

That doesn’t mean CSR is “not allowed” - it means you should approach CSR decisions in a way that makes sense commercially and is properly considered. For example:

• documenting why a CSR spend supports the company’s long-term interests
• managing risk (including reputational and compliance risk)
• ensuring the company can meet its financial obligations

Strong governance documents can also help here, such as a Company Constitution and (where relevant) a Shareholders Agreement, especially if there are multiple founders with different views on how “purpose-led” the business should be.

Ethical Conduct And Anti-Corruption

If your CSR policy includes commitments around ethical conduct (including anti-corruption), it’s important to back that up with clear internal rules and training. Depending on what your business does, relevant NZ laws can include the Crimes Act 1961 (for bribery of officials and corruption-related offences) and the Secret Commissions Act 1910 (which can apply to secret commissions in commercial dealings).

Practical steps might include:

• setting clear rules on gifts, hospitality, and facilitation payments
• requiring staff to declare conflicts of interest
• having a process to report concerns safely and confidentially

How To Write A Corporate Social Responsibility Policy For Your Small Business (Step-By-Step)

Drafting a corporate social responsibility policy doesn’t have to be complicated. The key is to keep it specific, realistic, and linked to how you actually run your business.

Here’s a simple step-by-step approach that works well for small NZ businesses.

1. Define What “Responsible” Means For Your Business

Start with a short statement of purpose. Ask:

• What impact do we want to have (on people, community, environment)?
• What risks do we want to avoid (legal, operational, reputational)?
• What does “good” look like in our industry?

This prevents your CSR policy becoming generic. A café’s CSR focus might be waste reduction and ethical suppliers. A tech business might focus more on privacy, accessibility, and ethical AI use.

2. Choose Your CSR Commitments (And Keep Them Measurable)

CSR policies work best when commitments are clear enough that a manager can actually implement them.

Examples of practical commitments include:

• People: “We provide training and supervision for all staff and contractors, and we maintain a safe workplace.”
• Environment: “We will track waste streams and set an annual waste reduction target.”
• Ethics: “We do not offer, accept, or encourage bribery or secret commissions, and we manage conflicts of interest transparently.”
• Supply chain: “We assess key suppliers for labour and environmental risks and document our due diligence.”
• Customers: “We market our products honestly and we don’t make sustainability claims we can’t substantiate.”

A common mistake is making big promises you can’t prove. It’s better to start with commitments you can deliver and build from there.

3. Align Your CSR Policy With Existing Legal Documents

Your CSR policy should fit with the documents you already use to run your business, such as:

• employment agreements, contractor agreements, and onboarding documents
• privacy documentation and internal data handling procedures
• health and safety policies and procedures
• supplier terms and procurement processes

For example, if your CSR policy says “we avoid conflicts of interest”, your internal approach should be backed by a workable Conflict Of Interest Policy so staff know what they must disclose and when.

4. Add Governance: Who Owns CSR Internally?

A CSR policy needs accountability. Even in a small business, you should clearly state:

• who is responsible for implementing the policy (e.g. director, operations manager, HR lead)
• how often the policy will be reviewed (e.g. annually)
• how issues will be escalated (e.g. safety incidents, supplier concerns, complaints)

If no one “owns” CSR, it usually becomes a document no one uses.

5. Include A Plain-English Reporting Or Review Plan

You don’t need formal reporting frameworks to get value from CSR. A simple plan might include:

• an annual check against CSR targets (even a one-page internal summary)
• a process for recording incidents and improvements
• who signs off updates and communications

This is also how you protect your business if anyone questions your claims later - you’ll have a record of what you’ve done.

How Do You Implement And Enforce A CSR Policy (Without Creating Extra Risk)?

Writing a corporate social responsibility policy is only half the job. The real value comes from how it’s used in day-to-day operations.

Train Your Team And Make It Part Of Onboarding

CSR should be introduced the same way you introduce other key expectations: clearly, early, and consistently. That can mean:

• including CSR commitments in onboarding
• training managers on how to apply the policy
• refreshing staff annually (especially for safety, privacy, and ethical conduct)

Be Careful With Public Claims (Avoid “Greenwashing” And Overpromising)

If you publish your CSR policy online or reference it in sales proposals, make sure what you say is accurate and current.

Practical tips:

• Avoid absolute statements like “100% sustainable” unless you can prove it.
• Be specific about what you’ve done versus what you’re aiming to do.
• Keep evidence of claims (supplier certifications, internal data, audit results).

From a legal standpoint, this is closely connected to Fair Trading Act risks around misleading conduct - so it’s worth taking seriously.

Make CSR Part Of Supplier And Contractor Relationships

If your CSR policy includes ethical sourcing or environmental commitments, your supplier arrangements should support that.

Depending on your business, this could include:

• supplier codes of conduct
• contract clauses requiring legal compliance (e.g. employment law and safety compliance)
• rights to request information or audit in higher-risk relationships

This is where tailored contracts matter - generic templates often don’t reflect the real risks in your supply chain.

Review And Update It As You Grow

CSR expectations evolve as your business grows. A policy that worked when you had two founders might not fit once you have 15 staff and multiple suppliers.

It’s smart to review your policy when you:

• hire your first employee or manager
• move into a new market or start exporting
• start selling to government or larger corporates
• change your products, materials, or supply chain
• raise capital or add shareholders

Keeping it updated helps ensure your CSR policy stays aligned with what you actually do - which reduces both legal risk and operational confusion.

Key Takeaways

• A CSR policy sets out how your business will operate responsibly across people, planet, ethics, community, and governance.
• Most NZ small businesses aren’t legally required to have a CSR policy, but CSR commitments often overlap with legal obligations you already have.
• Your CSR policy should align with key laws such as the Health and Safety at Work Act 2015, Employment Relations Act 2000, Privacy Act 2020, Fair Trading Act 1986, and (for companies) director duties under the Companies Act 1993.
• A strong CSR policy is practical and measurable - it avoids vague promises and focuses on commitments you can actually deliver and evidence.
• Implementation matters: train your team, align your contracts and internal processes, and be cautious with public CSR claims to avoid misleading statements.
• As your business grows, your CSR policy should be reviewed and updated so it stays accurate, useful, and legally aligned.

If you’d like help drafting or reviewing a CSR policy (or making sure your employment, privacy, and governance documents match what you’re promising), you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.