ISO 17298: Useful Structure, Familiar Territory

As biodiversity rises up the corporate sustainability agenda, so too does the alphabet soup of frameworks and standards designed to help companies act. The new ISO 17298:2025, the international standard for considering biodiversity in strategy and operations, enters this landscape with good timing, but not necessarily groundbreaking thinking.

ISO 17298 doesn’t rewrite the rules on corporate biodiversity action. Instead, it provides a structured process that will be familiar to anyone already navigating the CSRD, TNFD, or SBTN. It’s a helpful consolidation, rather than a radical reconsideration. 

In this post, we walk through the standard’s core approach, flag what’s useful, and explain why ISO 17298 is best understood as another step in the evolution of sustainability-related frameworks.

A Familiar Three-Step Framework

ISO 17298 lays out a logical, phased approach to integrating biodiversity into business practice:

• Identify Dependencies, Impacts, Risks, and Opportunities (DIROs)
• Prioritise them
• Develop a Biodiversity Action Plan (BAP)
  If that sounds familiar, it’s because it is. This process closely mirrors double materiality assessments under CSRD, the LEAP framework from TNFD, and even environmental risk mapping in ISO 14001.

Step 1: Identify and Prioritise DIROs

ISO 17298 starts with mapping out an organisation’s relationships with biodiversity - what it relies on, what it affects, and the risks and opportunities that flow from both.

What to Identify

• Dependencies: On ecosystem services like water, pollination, or fertile soil.
• Impacts: Actual and potential effects on biodiversity, both positive and negative.
• Risks and Opportunities: Both transition and physical risks, as well as new revenue streams in nature-positive products or services.

ISO 17298 encourages organisations to take an iterative approach with the information and data available. 

Identifying Material Impacts (Nothing Particularly New Here)

The standard encourages a qualitative or semi-quantitative assessment of impact materiality, based on criteria including:

• Severity
• Frequency
• Likelihood
• Timing
• Duration
• Irreversibility

Many of these dimensions will look familiar to anyone already working with CSRD or TNFD.

Risk and Opportunity Assessment

Here, the standard encourages organisations to identify physical, transition and systemic risks. To assess risks and opportunities, the standard suggests considering:

• Magnitude and likelihood
• Vulnerability and timing

What’s notable, and slightly ambitious, is the suggestion to integrate financial implications into the analysis:

“The assessment of the magnitude of risks and opportunities should integrate an estimate of the financial implications…”

In practice, this will likely remain a light-touch exercise for many companies, especially given the complexity of quantifying biodiversity-related financial risk in early-stage assessments.

Link to Enterprise Risk Management

ISO 17298 goes further than some previous standards in explicitly calling for integration of biodiversity risk into enterprise risk management (ERM):

“Organizations shall develop an understanding of how to integrate them [risks and opportunities] into their existing risk management processes.”

Step 2: Build a Biodiversity Action Plan

This is arguably where ISO 17298 adds the most structure. It pushes companies to move beyond identification into formal planning, though again, the mechanics will feel familiar.

Define Your Ambition
Organisations are encouraged to articulate their ambition on a spectrum from:

• “Compliance” – meeting basic stakeholder and legal expectations
• “Smart-to-do” – cost-efficient, risk-reducing actions
• “Complete change” - changing core business model and operations
• “Long-term viability” – strategic transformation for resilience
• “Create value” – nature-positive innovation and leadership

This ambition-setting framework mirrors maturity models already used in climate and ESG strategies.

Set Objectives
The standard distinguishes between two types of objectives:

• Fundamental objectives – focused on biodiversity outcomes (e.g. species protection)
• Means objectives – related to business processes (e.g. land use, procurement)

The standard outlines extensive criteria for objectives. For example they should be Specific, Measurable, Achievable, Relevant, and many others.

Plan Actions
For each objective, the organisation must define:

• What will be done
• The expected results
• Resources needed (financial and human)
• Who is responsible
• Timelines
• Evaluation method

In other words: standard project planning disciplines are now applied to biodiversity.

What’s Actually New?

In truth, ISO 17298 doesn’t break new ground. Most of the concepts - DIROs, materiality, action planning - are already embedded in other frameworks. What the standard does offer is:

• Clear structure – a useful template, especially for smaller or less mature organisations
• Terminology alignment – harmonisation with existing ESG language
• Legitimacy – the ISO stamp gives weight to internal and external conversations
• Integration nudges – particularly the push to link biodiversity to ERM

But for organisations already deep into CSRD readiness or implementing TNFD-aligned assessments, ISO 17298 will feel more like a validation than a transformation.

So, What Should Companies Do?

Use ISO 17298 as a checklist or gap analysis tool. Ask:

• Have we clearly mapped our DIROs?
• Are our biodiversity risks integrated into ERM?
• Do we have a defined ambition and measurable objectives?
• Are our actions clearly planned and resourced?
• Have we identified relevant indicators?

If you're already reporting to CSRD or aligning with TNFD, this standard shouldn’t require a major rework. Instead, treat it as an opportunity to tighten internal processes, bridge silos between sustainability and risk teams, and ensure your biodiversity strategy is execution-ready.

Final Word: Structure Over Surprise

ISO 17298 is a useful step in aligning business with nature. Its greatest strength is providing structure where confusion or fragmentation exists.

However, it seems like ISO 17298 could have better aligned and integrated other standards. For example, there is only 1 mention of TNFD and SBTN, none of CSRD, GRI and CDP.  

This new standard risks adding to an already crowded regulatory landscape.