Water Security

CDP Water Security: complete guide for 2026

Cristina Alcalá-Zamora · · 9 min read
CDP Water Security: complete guide for 2026

Photo by Tim Jones on Unsplash

Why Water Security is no longer optional

For years, CDP Water Security was treated as the second tier disclosure, behind Climate Change in pressure and visibility. That window has closed. In 2024, more than 4,800 companies disclosed to CDP Water Security, up roughly 20 percent year on year. Investor coalitions such as the Valuing Water Finance Initiative now manage over 17 trillion dollars in assets and explicitly request water disclosure. Large buyers in food, beverage, pharma, and apparel have quietly added Water Security to their supplier requirements alongside Climate.

If your company operates in a water dependent sector or in a basin under physical stress, expect Water Security requests within the next two reporting cycles. Preparing the data architecture in advance is significantly cheaper than scrambling between April and June when the questionnaire opens.

What the questionnaire actually asks

CDP Water Security is structured around four pillars. Understanding each before you start collecting data prevents the most common mistakes.

1. Current state: withdrawal, consumption, and discharge

The numerical core of the questionnaire. You report water flows by source, by site, and by quality:

  • Withdrawal by source (surface freshwater, groundwater renewable and non renewable, third party municipal, seawater, produced water).
  • Consumption in operations, including evaporation, irrigation, and product incorporation.
  • Discharge by destination (surface water, groundwater, seawater, third party treatment) and by treatment level.

Reporting only municipal supply and ignoring groundwater or process water is the single most common scoring error. CDP cross checks sector benchmarks and penalises missing categories more than imperfect numbers.

2. Procedures: risk assessment, governance, monitoring

How the company identifies, monitors, and governs water risk. Scorers expect:

  • Basin level risk assessment using tools such as WRI Aqueduct or WWF Water Risk Filter.
  • Documented frequency and scope of monitoring.
  • Named board level oversight, with frequency of reviews.
  • Integration with enterprise risk management.

3. Risk and opportunities

Substantive water risks identified in operations and value chain, with type (physical, regulatory, reputational), timeframe, financial impact, and management response. Opportunities are scored too: water efficiency investments, new products, access to new markets.

4. Targets, goals, and value chain engagement

Quantitative water related targets with baseline year, target year, and clear scope. Engagement with suppliers, communities, and basin level stakeholders. Public commitments such as the AWS Standard or Alliance for Water Stewardship certifications.

Who needs to respond

Water Security is mandatory in practice for:

  • Food and beverage: water is both raw material and process input.
  • Pharma and life sciences: large process water flows and discharge regulation.
  • Textiles and apparel: dyeing and finishing processes are water intensive and pollution sensitive.
  • Mining and metals: dewatering, tailings, and basin level conflicts.
  • Semiconductors and electronics: ultrapure water demand at scale.
  • Agriculture and forestry: direct withdrawal and irrigation.
  • Utilities: water supply, treatment, and hydroelectric operations.

Geography matters too. Companies operating in the Iberian peninsula, southern Italy, parts of Germany under Brandenburg drought, Mexico, India, large parts of Australia, the US Southwest, or northern Chile face increasing investor and regulatory pressure regardless of sector.

What scores well

CDP rewards depth and transparency. The combinations that produce A and A minus scores share patterns:

  • Site level data, not corporate averages. Aggregate withdrawal numbers without site breakdowns get penalised in scoring even if the total is correct.
  • Withdrawal in water stressed basins explicitly identified and quantified. Scorers want to see that the company knows where water risk concentrates.
  • Verified data. Third party assurance over water flows is rare and rewarded heavily.
  • Quantitative targets with baseline and timeline. Vague targets like “reduce water use” do not score.
  • Active engagement with suppliers in water stressed regions, with measurable outcomes.
  • Scenario analysis including a 2 to 4 degree warming scenario and its basin level implications.

Common pitfalls

Repeated errors that drag down water scores:

  • Treating Water Security as an extension of Climate Change. The two questionnaires share governance and risk frameworks but the data is fundamentally different. Reusing climate boilerplate without water specific evidence is penalised.
  • Reporting only freshwater withdrawal. Discharge quality and consumption are equally weighted.
  • Ignoring third party water. Municipal supply still counts as withdrawal from a stressed basin if that basin is the source.
  • Setting absolute targets without context. A 10 percent reduction goal scores better when paired with intensity targets and basin level stewardship commitments.

Planning a multi year response

If 2026 is your first Water Security cycle, plan in three steps:

Year 1: data layer. Map withdrawal, consumption, and discharge by site for at least 12 months. Use water meters where available, and document estimation methods where they are not. Run a basin level risk screening with WRI Aqueduct.

Year 2: management and targets. Set water targets with baselines aligned to year one data. Add board level oversight evidence, integrate water into enterprise risk management, and start a supplier engagement programme for the highest risk regions. Consider limited assurance over withdrawal data.

Year 3: leadership. Validate context based water targets aligned with the Science Based Targets Network framework where applicable. Conduct basin level stewardship initiatives. Move to reasonable assurance for material flows. Publish a water transition narrative comparable to your climate plan.

How CDP Water Security connects to other frameworks

Water disclosure is moving toward consolidation. ESRS E3 under CSRD covers many of the same datapoints. The TNFD framework requires water dependency and impact assessment as part of nature related disclosure. The Science Based Targets Network methodology for freshwater is gaining traction. Companies that build a single water inventory aligned with CDP can largely reuse it across these frameworks.

This is exactly the architecture Dcycle is built around: collect water flows from operational systems once, structure them in CDP and ESRS compatible categories, and reuse the same evidence across investor questionnaires, customer requests, and regulatory filings. To see how this would apply to your operations and basins, request a demo.

Final thought

Water risk is no longer a niche issue for companies in arid regions. Investors, customers, and regulators increasingly expect the same rigour for water that they have demanded for emissions. Building the data layer once, with the right granularity and verifiability, is what separates an average response from one that genuinely strengthens the company’s risk profile and commercial position.

CDPWaterSustainabilityCompliance

Related articles

ESG 8 min read

ESG data as financial intelligence: the CFO opportunity

ESG data is your company's most valuable AI dataset. Learn how CFOs unlock fleet savings, CBAM exposure, and supply chain risk in minutes, not weeks.

Read more
CSRD 5 min read

The Delegated Act on Simplified ESRS Now Has a Timeline Do You?

The Delegated Act on simplified ESRS arrives before Q4 2026. We explain what changes, who is affected, and what to do now if you are in scope or outside it.

Read more
CSRD 5 min read

Your ESG Excel Has an Expiration Date

80% of companies still manage carbon footprint in Excel. RD 214/2025 already demands more. Discover why Excel-based ESG has an expiration date.

Read more

Collect once. Use everywhere.

See how Dcycle can cut your reporting time by 70% and give your auditors what they need , the first time.

See Dcycle in action