Legal Didn't Sign Up to Be a Data Auditor Either
A pattern has become familiar in fashion and textiles organisations. A claim is going to market — on a product page, in a procurement tender, in an investor disclosure. Someone sends it to Legal for review. Legal checks the language, notes the risks, may soften a phrase or add a qualification. The claim goes out.
What Legal rarely gets to ask is the prior question: what is the evidence behind this claim, where does it live, who is responsible for keeping it current, and what happens when it lapses?
The Green Claims Directive has shifted what accountability means for sustainability claims. It does not simply raise the bar for marketing language. It places a specific evidentiary standard on claims made in any commercial communication — and it places accountability for that standard on the organisation making the claim. Reviewing the language of a claim is no longer sufficient if the evidence infrastructure behind it has not been examined.
The DPP sharpens this further. A digital passport is not a document that Legal reviews and approves. It is a live data record, accessible on demand, that will be read against claims made elsewhere — in annual reports, in supplier declarations, in marketing communications. Whether those claims are consistent, substantiated, and current is not a one-time legal review. It is an ongoing evidentiary obligation — one that adds to an obligation Legal was already carrying.
Many Legal functions find themselves with a perimeter that has expanded significantly, a data infrastructure that has not kept pace, and a team that was never sized for what is now being asked of it. The instinctive response — more reviews, more qualifications, more careful language — addresses the symptom without touching the cause.
The cause is that Legal is being asked to certify the defensibility of claims built on data it had no hand in shaping. Material composition figures assembled for a certification submission three seasons ago. Supplier declarations that may or may not reflect current practice. Environmental indicators estimated at category level and published as if they were product-specific. The language can be reviewed. The evidence behind it cannot be conjured at the point of review if it was never built.
The data-as-product argument — introduced earlier in this series — becomes directly relevant here. An organisation that treats product data as a managed asset rather than something assembled on demand is building something Legal can actually work with. Data that is intentional, maintained, and governed does not need to be reconstructed every time a claim is reviewed. It exists. It can be verified. It has a known provenance and a defined process for keeping it current.
That shifts Legal's role from assembling evidence under pressure to verifying that a functioning system is doing what it should. The first is open-ended and unmanageable at scale. The second is a bounded, repeatable function that does not require doubling the size of the Legal team.
The organisations that understand this are not asking Legal to solve the data problem. They are asking Legal to help define the evidentiary standard — what does defensible actually mean for this claim, in this regulatory context — and then holding the rest of the organisation accountable for meeting it. That is a different brief. It is also a more useful one.
What genuine legal preparedness looks like in this environment is less about reviewing more claims and more about being present earlier in the decisions that determine whether claims can ever be substantiated. The brief stage, where material choices are made. The sourcing stage, where supplier relationships are structured. The governance conversation, where accountability for the accuracy and currency of product information is assigned.
Legal is the function best placed to name what the evidentiary standard actually requires — before the gap between what the organisation can demonstrate and what it has already said becomes a liability. The expanding perimeter is real. Organisations that cannot close that gap will find it appearing in enforcement actions, in lost procurement qualifications, in investor scrutiny that turns on the quality of disclosed data. Those are not distant risks. They are the direction the regulatory environment is already moving.
The organisations building the data capability to manage this well are not simply reducing their exposure. They are accumulating something their competitors will find difficult to replicate — not because the technology is proprietary, but because the governance habits and organisational trust that make data defensible take time to build. Legal's role in that is not peripheral. It is one of the few functions that can hold the evidentiary standard firm across the organisation — and in doing so, help turn a compliance obligation into a durable operational foundation.
Michael Shea is a digital excellence advisor, non-executive director, and leadership coach working with organisations navigating the human and technical dimensions of digital transformation. He hosts The Aeolian Discourse and writes at The Aeolian.