Blockchain for Supply Chain Management and ESG Reporting

Your Go-To Guide for Decision-Makers: Deploying Blockchain for Audit-Ready Traceability and ESG Disclosures

This guide is here to help decision-makers tackle the sometimes tricky world of blockchain technology. We know it can be a bit overwhelming, so we’re breaking it down for you! We've got the scoop on how to get your operations all set for audits and make sure you're in line with the fast-evolving Environmental, Social, and Governance (ESG) disclosure rules in the US and EU. So, here’s the scoop on what you can look forward to:

• Current Timelines: Get a grip on the upcoming deadlines and see how they might affect your choices.
• Reference Architectures: We'll share some simple frameworks to help you kick things off and build from there.
• Real-World Examples: Take a look at some case studies that highlight how different organizations are making great use of blockchain for things like traceability and ESG reporting. It's pretty cool to see how others are leveraging this technology!

With this info in your pocket, you’ll be totally ready to make smart choices and keep ahead of the curve in these ever-changing environments. Let's dive in!.

Blockchain has really evolved from just being an experimental concept to becoming a fundamental part of supply chains. It's now quietly backing some pretty cool stuff, like digital product passports, reliable emissions data, and even going paperless for trade. In this article, we’re going to dive into what’s new for 2024-2025, what’s actually hitting the mark in production, and how you can start an implementation that’s ready for both audits and growth. Let’s get into it!

Why 2025 is different: regulations and deadlines you cannot ignore

• EU CSRD/ESRS: So, in April 2025, the EU decided to hit the pause button on some aspects of the CSRD rollout with a “stop-the-clock” update. Basically, that means they're giving us a little more time to get everything sorted out. So, here's the deal: for the "Wave 24" large companies, their deadlines have been moved from 2025 to 2027. And for the listed SMEs, they're getting an extension too, shifting their deadlines from 2026 to 2028. Even with this delay, you can still expect the assurance expectations to get a bit more demanding moving forward. Switching gears here, back in late 2025, there were some talks about possibly making cuts and simplifying things on the political front. But hey, we’re still waiting for the final version of the law to be approved. So, in the meantime, it’s a good idea to prepare for compliance based on the current ESRS-ISSB interoperability guidance. Better safe than sorry, right? (dart.deloitte.com).

So, back in March 2024, the SEC introduced a simplified version of the climate rule. But, just as things were getting interesting, they hit the brakes because of some legal issues popping up. Jump ahead to March 27, 2025, when the Commission chose to stop defending the rule in court. So, here’s the scoop: as of now, there’s no federal requirement for companies to disclose their climate-related info. If you’re in a multinational company, it’d be a smart move to pay attention to the ISSB S2 and the EU ESRS for some solid guidance. Also, don’t forget to keep an eye on what’s happening in California--there could be some interesting developments on the horizon! (theguardian.com).

So, here’s the scoop: California's SB 253 and SB 261 are making some changes. The California Air Resources Board (CARB) has opted to push the rulemaking process back to early 2026. So, they're aiming to have the first deadline for Scope 1-2 reporting set for August 10, 2026. As for Scope 3, that one's slated to start in 2027. Just a heads up--there's been an injunction from the Ninth Circuit that’s temporarily put the brakes on SB 261, which is all about risk reporting. But the good news is that SB 253, the one focusing on emissions, is still moving forward and is set for 2026. Plus, it looks like CARB is giving us some positive vibes on that front! Hey, why not start setting up your systems now? It’ll save you from that stressful last-minute rush later on! (dart.deloitte.com).

Hey! Just a heads up, the application dates for the EUDR (that’s the EU deforestation thing) have been pushed back a little.
So, remember that targeted revision we all agreed on back in December 2025? Well, it’s official now: the new start date for all operators is December 30, 2026. So, if you're part of the micro or small business group, good news! You’ll get an extra six months to meet the requirements. Just keep in mind that this is all subject to formal approval. Many companies have already made changes based on the updated timeline from December 2025 to June 2026. So, definitely keep an eye out for the final trilogue results! (consilium.europa.eu).

Hey there! Just a heads up, the Ecodesign for Sustainable Products Regulation, also known as ESPR and the Digital Product Passport, is set to officially launch on July 18, 2024. Exciting stuff, right? For the 2025-2030 working plan, we're really zeroing in on a few important industries. We're talking textiles, tyres, furniture, iron and steel, and aluminum. These areas are going to be where we put our energy and resources! Be on the lookout for the first Digital Product Passport (DPP) measures making their debut sometime between 2026 and 2028! Just a quick heads-up: starting February 18, 2027, battery passports are going to be a must-have. If you're looking for more info, check it out here. You'll find all the details you need!

• Battery Passport (EU): So, here’s the deal! Starting February 18, 2027, if you own an electric vehicle, a light mobility transporter, or any industrial battery that’s over 2 kWh, you’ll need to get a digital “battery passport.” This passport will have to include all sorts of important info about your battery, both at the model level and for each individual unit. We’re talking details like what the battery is made of and how healthy it is overall. This new requirement is prompting us to create some practical specs, like the DIN/DKE SPEC 99100 data attributes. You can totally use these as a solid starting point! Take a look at this! You can find it right here: eur-lex.europa.eu. Enjoy exploring!
• CBAM (EU Carbon Border Levy): Alright, so here’s the deal--transitional reporting is gonna run until the end of 2025. But starting January 1, 2025, the EU's new method comes into play, and then we’ll actually see payments rolling out in 2026.
  If you're an importer, it's really important to have your embedded-emissions data ready to go. You want that info to be easily auditable so you can stay on top of things! If you're looking for more info, you can check it out here.

So, here’s the scoop on FSMA 204, which is all about food traceability in the U.S. The FDA has decided to give folks a bit more breathing room--pushing back the original deadline by 30 months. That means instead of having to comply by January 20, 2026, businesses now have until July 20, 2028, to get everything in order. Just a heads up! With this change, the industry guidelines and templates are getting a refresh. So, make sure to line up your digitization plans with the new timeline. If you're interested, you can find more info over at this link: food-safety.com. It's got all the details you might need!

• DSCSA (US Pharma): So, the FDA is taking a step-by-step approach to make sure we have full electronic interoperability right down to the package level. They've got some stabilization plans and even a few exemptions that will be in place until 2025-2026. Plus, smaller dispensers are getting a little extra time, with their deadline pushed back to 2026. Now's a perfect time to shake things up with identity management, serialization, and event exchange. On top of that, blockchain is a great tool for tracing the origin of products and keeping track of any exceptions. For more info, feel free to check this out here. It’s got all the details you need!
• Digital trade is really taking off! Container shipping companies are fully committed to switching to 100% electronic Bills of Lading (eBL) by 2030. Can you believe it? In 2025, we actually witnessed the very first interoperable eBL transaction that followed the new standards. Pretty exciting stuff! So, it looks like GSBN and DCSA-compliant eBLs are starting to step out from those isolated platforms. If you want to dive deeper into this topic, just click here to get all the details!

What’s working in production (and why)

• Automotive Battery Supply Chains: Hey, did you hear that Volvo just launched a battery passport for the EX90? They teamed up with Circulor to make it happen. This passport tracks the materials, recycled content, and carbon footprint of each battery. It's pretty cool because it only costs about $10 for each vehicle! Think of it like a guide to help us navigate the EU's battery passport rules that kick in by 2027. It's also a way to give buyers a clearer picture of what they're getting. (reuters.com).
• Luxury DPP at scale: The Aura Blockchain Consortium has really made waves, bringing in major players like LVMH, Prada, Cartier/Richemont, and OTB. They’ve welcomed over 50 brands and registered an impressive 70 million products! They're linking physical products to their digital identities through things like QR codes and NFC technology. This helps to guarantee their origins and authenticity, all while putting a bigger spotlight on sustainability claims. Take a look at auraconsortium.com when you get a chance! You won't want to miss it.
• Maritime trade: The DCSA's eBL standard is really gaining traction! Companies like GSBN and major carriers such as ONE, COSCO, OOCL, and Hapag-Lloyd are now rolling out electronic Bill of Lading (eBLs) on platforms that integrate smoothly with each other, and they’re all sticking to the DCSA guidelines. This is a really big step towards hitting our goal of going paperless in trade by 2030! (smartmaritimenetwork.com).

When it comes to traceability in food and pharma, the industry is mostly sticking with EPCIS for sharing events. Blockchain is also coming into play as a way to secure the data, especially when there’s a bit of uncertainty and trust issues between different parties involved. It’s pretty clever how they’re using these technologies to ensure everything stays on the up and up! Given the phased rollout of the DSCSA and the FDA's exemptions for smaller dispensers, now's a great time to nail down identities and track event history before things get a bit more serious with enforcement. (gs1.org).

A Word of Warning: Just because a consortium is formed doesn't mean it will automatically reap the benefits of network effects. In 2023, Maersk and IBM decided to shut down TradeLens because it just couldn't catch on like they had hoped. You know, it’s interesting--governance, staying neutral, and having the right commercial incentives are just as important as the technology itself. (maersk.com).

Data and identity stack that stands up to audits

• Event Data Standardization: Don't forget to track all those supply chain events with GS1 EPCIS 2. It's super important to get this right! How about we stick to something like JSON or JSON-LD for handling sensor data and certifications? It's a lot easier than trying to come up with custom schemas, don’t you think? This method really enhances interoperability with DPPs, DSCSA, FSMA 204, and eBL processes. Take a look at this: (gs1.org). It's worth checking out!
• Product identity and packaging experience: Make the most of the GS1 Digital Link by using a single 2D barcode or QR code. This can really help at the point of sale, during recalls, for sustainability claims, and to access DPP info. This method really makes sure that the retail transition to 2D is set up for the long haul. Take a look at this: (gs1.org).
• Organizational and Device Identity: Begin rolling out W3C Verifiable Credentials (VCs) linked to W3C DIDs for your suppliers, facilities, and IoT gateways. Using OpenID for Verifiable Credential Issuance (OID4VCI) is a really smart choice! It makes the whole issuing process much more scalable, which is definitely a big plus. With this setup, you'll be able to easily present cryptographically verifiable attestations to regulators, all without needing to dive into the nitty-gritty of the raw supplier data. It's a smart way to share what you need without overwhelming anyone with too much info! For more info, feel free to take a look at w3.org. It's got everything you need!
• Product carbon data: Let's share the carbon footprints for individual products using the WBCSD PACT Data Exchange Protocol version 2.

3. x/v3. 0. This matches up perfectly with the current Pathfinder/PACT approach, and it's actually the fastest way to get those auditable Scope 3 inputs from your suppliers. Take a look at this: wbcsd.github.io. You'll find some cool stuff there!

• Pay close attention to chain-of-custody: It's crucial to clearly outline your material claims by sticking to ISO 22095 guidelines. This means thinking about things like segregation, mass balance, and the book-and-claim approach. And don’t forget to include the model you used right in the credential or data payloads! This really helps close the gap between what companies are promoting and the actual data behind it. (iso.org).
• Privacy-Preserving Proofs: Sometimes, suppliers might feel a bit uneasy about sharing sensitive details, like emissions data or pricing. That’s where zero-knowledge proof designs really come into play. They let us verify things without exposing all the nitty-gritty info. It’s a smart way to keep things transparent while still respecting everyone’s privacy! These let them prove they meet specific requirements--like CBAM, EUDR, or EPR limits--without having to share any raw data. Recent research has revealed that zero-knowledge (ZK) methods for tracking emissions claims are really effective across various blockchain networks. What's even cooler is that they’re now totally doable on the latest Layer 2 and Layer 3 solutions! If you want to dive deeper into the details, take a look at this research paper: anil.recoil.org. It’s packed with great info!

Reference architecture (what we deploy at 7Block Labs)

• Data Capture
• Edge: We’ve got a bunch of connectors like IoT, MES, LIMS, and ERP that all team up to bring EPCIS 2 to life. 0 events. On top of that, we're actually signing events right from the source with device or organization keys (DIDs). Take a look at this: gs1.org. It's worth checking out!
• Supplier Attestations: It’s essential to provide verifiable credentials (VCs) for different certifications such as organic, FSC, and labor standards. This also includes things like PCFs, due-diligence statements (EUDR), and chain-of-custody claims. How about we keep the proofs and claims off-chain? We can still anchor the hashes on a public chain to make sure we have a solid timestamp and a clear audit trail.
• Swapping data and who we are.
• We've got OID4VCI issuance endpoints for suppliers, along with verifier APIs designed for buyers and regulators. The PACT PCF endpoints are set up to handle all those back-and-forth requests and responses for PCF. Oh, and don't forget--you can totally map product IDs using GS1 identifiers and Digital Link URIs! Take a look at this link: wbcsd.github.io. You won’t want to miss it!
• Ledger choices If you're working on consortium projects that require some level of privacy, definitely consider using permissioned ledgers. Hyperledger Fabric or Besu with private transactions are great options for this kind of setup. They'll give you the confidentiality you need! You can also leverage public anchoring using Ethereum or Layer 2 solutions to ensure non-repudiation and verify things across various ecosystems.
• It's a good idea to avoid putting your personal info or complete documents on the blockchain. Just focus on saving content-addressable hashes along with a bit of metadata.
• Confidentiality
• Make sure to use zero-knowledge circuits when you need to, like when you're verifying if the “supplier’s batch CO2e is under the agreed limit.” Hey, don't forget to save that raw telemetry in your data lake or warehouse. And make sure to include those audit trails while you're at it! (anil.recoil.org).
• Compliance reporting
• Make sure the VC/EPCIS payloads are lined up with:
• The ESRS datapoints are designed to mesh seamlessly with ISSB S2, thanks to their joint guidance. Hey there! So, we’ve got the California SB 253 S1-S3 templates ready to go.
• The emissions fields of the CBAM are integrated into the system.
• Different categories of data for the Battery Passport. (ifrs.org).

Implementation playbook (fast path to value)

• Weeks 0-4: Figuring Out the Regulations and Spotting Data Gaps. First things first, you’ll need to figure out which regulations are going to impact your SKUs and markets between 2026 and 2028. Make sure to keep an eye on a few key things, like the CSRD updates, the ESPR/DPP for priority groups, the EUDR scope, CBAM products, and the SB 253 entity status. It's good to stay on top of these areas! If you want to dive deeper into the details, just click on this link: dart.deloitte.com. It’s got all the info you need!
• Next up, let's see what data sources you have available. Let’s take a moment to consider your ERP, PLM, LCA tools, and those supplier portals you’re using. Alright, now it’s time to figure out which standards you want to stick with, like EPCIS 2 and all that. You're working with 0, PACT, or VC schemas.

Weeks 5-12: Start with 1-2 Material Flows

Example Pilots:

• EV Battery Subcomponents: We're going to take a closer look at tracking cobalt and nickel, working alongside our supplier VCs. You’ll be getting all the nitty-gritty details at the unit level for battery passports, plus tracking those EPCIS events from the smelter right through to the cell and pack. How about we take a look at how our practices stack up against what Volvo and Circulor are doing? If you want to dive deeper into this topic, feel free to check it out here. It's a pretty interesting read!
• Apparel Cotton → Fabric → Garment: We’re going to establish a solid chain of custody that aligns with ISO 22095 standards. And don’t worry, we’ll also be gearing up those DPP-ready features for the textile measures rolling out in 2027! If you want more info, just check out this link: European Commission.

KPIs to Keep an Eye On:

• Supplier Onboarding Cycle Time: Our goal is to keep this process under 10 business days. With the OID4VCI self-service option, we're confident we can make that happen!
• Trace Time: Our goal is to get the query source up and running in under 5 seconds for each batch.
• Data Coverage: We’re going to keep an eye on how much of the Bill of Materials (BOM) includes those main Product Carbon Footprints (PCFs). Our goal for the pilot lanes is to hit over 60%. Let’s strive to make it happen!
• Audit Exceptions: Aim to keep this at less than 2% for any events that lack signatures or keys.
• Months 4 to 9: Time to Ramp Up and Make Sure Everything's Solid. Let’s get more suppliers involved and work out some data-sharing agreements. And when it comes to proving something like the origin within a specific geofence to comply with the EUDR, we can totally use ZK proofs to make it happen.
• Bring those auditors into the picture right from the start! You want to aim for some solid limited assurance on your emissions and narrative disclosures. Plus, don't forget to align everything with the ISSB S2/ESRS cross-walks. It’ll make life a whole lot easier down the line!
  (ifrs.org).
• Get hooked up with your trade and compliance workflows: jump right into the DCSA eBL processes, set up your CBAM reporting feeds, and give the integration with the battery passport registry a spin. (dcsa.org).

Emerging practices you can adopt now

• Imagine having Digital Product Passports that you only need to scan once, but all kinds of ecosystems can keep using them over and over. How cool is that?
• Go ahead and slap a GS1 Digital Link QR code right on the packaging. This code should lead to some cool stuff like details on the product's authenticity (that’s your VC), info on sustainability (like PACT PCF and ESRS tags), tips for repair and reuse, and all the DPP compliance info that the authorities are looking for. With this approach, we’re ready for the shift to 2D in retail and whatever ESPR requirements come our way in the future--without having to juggle a bunch of different barcodes. (gs1.org).
• You can count on our product-level carbon data--it's solid and passes audits with flying colors.
• Instead of relying on those spend-based Scope 3 proxies, let’s use the Product Carbon Footprints (PCFs) that our suppliers provide through PACT v2. 3+/v3.

0. Don’t forget to include cryptographic signing and chain-of-custody declarations in the payload whenever you’re dealing with mass-balance claims. It’s super important! (wbcsd.github.io).

• Battery Passports: More Than Just Meeting the Rules.
• Boost your value by incorporating features that go beyond just the basics.
  When you're considering stuff like reselling or passing along warranties after a change in ownership, it’s important to keep an eye on the overall health of the item. You really want to make sure everything’s in good shape, right? That way, whether you’re selling it or transferring ownership, you can do so with confidence. You can dive right into using the DIN/DKE 99100! It offers a super handy catalog filled with all sorts of practical attributes that’ll make your life easier. (bitkom-compliance-solutions.com).
• A seamless paperless trading experience that truly collaborates.
• Choose eBL providers that align with DCSA’s interoperability framework and work smoothly with GSBN. This way, you won't have to worry about getting tied down to just one platform. Also, it’s a smart move to begin testing out multicarrier eBL handling as soon as possible. (dcsa.org).
• Privacy-first supplier attestations Hey, when it comes to those sensitive KPIs, like emissions intensity or wage info, it’s a good idea to let suppliers submit ZK proofs. This way, they can show they hit the necessary thresholds without just throwing raw tables at us. It keeps things cleaner and more trust-worthy! Regulators really want to make sure that your claims are solid and can be verified. They're not looking to peek at your competitors' secret info. (anil.recoil.org).

Pitfalls (and how to avoid them)

• “Blockchain first” mindset The rollercoaster ride of projects like TradeLens really shows us that it’s not just about having the right technology. Sure, the tech is important, but you also need good governance, some solid incentives for all the players, and data standards that make it easy for folks to join in. It’s all about creating a system that works for everyone! Before you dive into picking a ledger, it's a good idea to start with EPCIS/VCs and nail down a strong value proposition first. It sets a solid foundation! (maersk.com).
• Personal or confidential data that’s stored on the blockchain.
• You might want to steer clear of storing personal identifiable information (PII) or full trade documents on-chain. It’s just a safer bet! Instead, why not use hashes and verifiable pointers? They're a solid choice! Using VCs, access-controlled APIs, and zero-knowledge proofs (ZK) is a clever strategy when the situation calls for it. (w3.org).
• Claims that just don’t add up when you look at the chain-of-custody calculations. So, when it comes to managing resources, you've got options like mass-balance, segregation, and book-and-claim, which all fall under ISO 22095. Just a heads up--it's super important to clearly outline your model and how you calculate everything in your credentials. This way, you can avoid any potential greenwashing pitfalls. Trust me, it's worth it! (iso.org).
• Overlooking standards momentum
  So, when we talk about ESRS-ISSB interoperability, it’s awesome to see how GS1 EPCIS/Digital Link, DCSA eBL, and PACT PCF exchange are really bringing auditors, carriers, and buyers together. It’s like everyone’s on the same page now! Honestly, it's way smarter to stick to these standards when you're building your systems instead of trying to blaze your own trail. Trust me, it’ll save you a lot of headaches down the road! Take a look at this link: ifrs.org. It’s got some helpful stuff on IFRS Sustainability Disclosure Standards!

2026-2027 action checklist

• By the first quarter of 2026, aim to have an EPCIS 2 in place. Hey team! Just wanted to share that we've got the 0 event backbone up and running. We're also issuing the OID4VCI for supplier attestations, which is exciting! Plus, let’s kick things off with a PACT PCF exchange pilot featuring our top 20 suppliers. Looking forward to seeing how this progresses! (gs1.org).
• By mid-2026, if you're part of the California SB 253 crowd, make sure you’ve got those Scope 1-2 reporting packs all set to go. And don’t forget to gear up for that limited assurance process! Hey EU exporters! Just a quick reminder to ensure that your CBAM transitional reporting follows the EU guidelines. It’s super important to keep everything compliant. (dart.deloitte.com).
• Looking ahead to late 2026: If you’re involved in the battery industry in the EU, don’t forget to finalize those integration tests for battery passports and get your data pipelines sorted out! If you’re handling commodities coming into the EU, make sure you’ve got your EUDR due-diligence pipeline set up and ready to go before the new application date rolls around. It’s a must-do! (eur-lex.europa.eu).

Hey there! Just a heads up: by 2027, you’ll want to roll out those DPP-ready QR codes (you know, the GS1 Digital Link) for your main product lines. It’s going to be super important! Also, don’t forget to start using eBL in maritime lanes, no matter where your carriers are on board. It’s all about that DCSA-aligned interoperability! If you want to dive deeper into this, you can find all the details here. Enjoy exploring!

What success looks like (KPIs and audit readiness)

• Traceability: We're pretty much on top of our products! Around 95% of our finished goods can be tracked all the way from their origin to the store, thanks to detailed EPCIS event chains. Plus, we’re hitting a median trace time of under 5 seconds across the board. How cool is that? (gs1.org).
• Emissions Data Quality: We're really working on boosting the quality of our emissions data! In fact, over 60% of our upstream spending is now supported by primary Product Carbon Footprints (PCFs) that we’ve shared through PACT. It’s a big step forward! Oh, and just so you know, more than 90% of the PCFs we send out include those signed Verification Certificates (VCs) along with chain-of-custody notes. Pretty solid, right? (wbcsd.github.io).
• Compliance Coverage: We're really nailing it on the compliance side! All of our in-scope SKUs have the necessary DPP or battery passport info, and we’re cranking out Carbon Border Adjustment Mechanism (CBAM) reports that include supplier-verified embedded emissions. It’s great to see everything coming together! (eur-lex.europa.eu).
• Trade Efficiency: We're really stepping up our game when it comes to trade efficiency! I’m excited to share that the use of electronic Bills of Lading (eBL) has now surpassed 25% in the lanes we’re focusing on. We've managed to speed things up so much that now, it takes us over 24 hours less to get cargo released after it arrives, thanks to ditching those old paper processes. (bimco.org).

How 7Block Labs can help

• Strategy: Begin by getting a clear picture of your regulatory exposure. It's a good idea to zero in on a data and identity architecture that prioritizes standards - trust me, your auditors are going to love it! Make sure to keep things in mind like ESRS/ISSB, PACT, EPCIS, and DCSA eBL. For more info, head over to ifrs.org. You'll find all the details you need there!

Alright, so here’s the deal: your next steps involve getting the credential issuance and verification (that’s OID4VCI) up and running. You’ll also need to set up those EPCIS gateways, create some PACT endpoints, and don’t forget about designing the ZK proof circuits for those important KPIs. It’s going to be quite the project! If you're looking for the specs, just head over to openid.net. You'll find all the info you need there!

Alright, so let’s talk about scale for a minute. You definitely want to consider things like supplier onboarding kits, GS1 Digital Link packaging, and eBL integrations. And don’t forget about those battery passport data pipelines! It’s super important to weave in governance and change management along the way, too. Just a little reminder to keep everything organized while you’re at it! If you want to dive deeper into this topic, check out gs1.org. There’s a lot of great info waiting for you there!

Starting in Q1 2026 is a great way to ride the first wave of California's SB 253. You'll be in a good spot to get ready for audits related to ESRS and ISSB interoperability, plus you can keep your eyes on that EU 2027 battery passport target. Plus, you can take a load off your mind about sharing supplier data by using secure and privacy-friendly proofs. Hey, take a look at this link: (dart.deloitte.com). You'll find some interesting stuff there!

---

This article draws on the most recent guidelines from a bunch of important organizations, like the SEC, the EU Commission and Council, the FDA, GS1, ISSB/IFRS, and WBCSD PACT. We’ve also sprinkled in some real-world examples from companies such as Volvo, Circulor, Aura, and GSBN to really bring the points home. Just a heads up: if there are any policy changes that could roll out by 2025 but haven’t been officially approved yet, the timelines you see are considered provisional. So, it’s a good idea to stay updated on the final texts before jumping into any enforcement plans. (sec.gov).