ESG Supply Chain Risk MCP Server

ESG supply chain risk assessment and compliance intelligence, delivered through the Model Context Protocol. This MCP server orchestrates 15 public regulatory and intergovernmental data sources to produce multi-pillar Environmental, Social, and Governance scores (E: 0-35, S: 0-35, G: 0-30), SASB sector materiality mapping, supply chain country risk classification, and EU CSRD/CSDDD compliance gap analysis — all in a single tool call.

Built for ESG analysts, GRC teams, supply chain officers, and asset managers who need independent, government-sourced ESG intelligence without relying on self-reported questionnaires or expensive subscription platforms.

What data can you access?

Why use ESG Supply Chain Risk MCP Server?

Manual ESG due diligence means pulling data from a dozen government portals, normalizing inconsistent formats, and assembling a score by hand. A thorough supplier ESG assessment typically takes 8-12 hours per company. At scale — screening 50 suppliers before an annual contract review — that becomes weeks of analyst time.

Enterprise ESG platforms like EcoVadis and MSCI ESG cost $30,000-$150,000 per year. They also rely heavily on company self-reported questionnaires, which create inherent conflicts of interest. This MCP server draws exclusively from government enforcement databases and intergovernmental registries: sources that companies cannot edit.

This MCP server automates the entire process — parallel data collection, algorithmic scoring, materiality mapping, and compliance gap detection — in a single tool call averaging under 3 minutes.

• Scheduling — run quarterly or annual ESG monitoring cycles on any supplier list automatically
• API access — integrate ESG screening into your procurement, GRC, or investment workflow via any MCP client
• 15 data sources in parallel — all actors run simultaneously using Apify's infrastructure, not sequentially
• Monitoring — receive alerts when assessments complete or when risk thresholds are breached
• Integrations — connect to Zapier, Make, Google Sheets, HubSpot, or any GRC platform via webhooks

Features

• Multi-pillar ESG scoring — Environmental (0-35), Social (0-35), and Governance (0-30) pillar scores with separate findings lists, summing to a composite score on a 0-100 risk scale
• Five-tier risk grading — ESG LEADER (0-15), LOW ESG RISK (16-30), MODERATE ESG RISK (31-50), HIGH ESG RISK (51-70), SEVERE ESG RISK (71-100)
• 15-actor parallel orchestration — all data sources queried simultaneously via runActorsParallel, reducing latency from sequential minutes to under 3 minutes
• SASB materiality mapping — sector-specific material factors pre-mapped for 8 sectors: energy, mining, manufacturing, apparel, technology, financial, healthcare, and food
• EU CSRD compliance gap detection — checks data availability against four key ESRS standards: E1 (Climate Change), S1 (Own Workforce), S2 (Workers in Value Chain), and G1 (Business Conduct)
• EU CSDDD supply chain due diligence alerts — ILAB forced labor flags trigger explicit CSDDD obligation warnings in the labor rights assessment
• High-risk country classification — 20-country supply chain risk list sourced from ILAB and FATF methodology (includes CN, BD, MM, VN, TH, IN, PK, KH, ET, and 11 others)
• EPA penalty aggregation — sums penalty amounts across all EPA records for total financial liability exposure
• OSHA severity stratification — filters for serious, willful, and repeat violations separately from total inspection count
• DOL back wages calculation — aggregates back wages owed across all DOL WHD enforcement actions
• Year-over-year trend analysis — groups EPA, OSHA, and DOL records by year for improving/deteriorating compliance trend detection
• Governance sanctions screening — dual-layer screening combining OFAC SDN list with OpenSanctions 100+ source consolidation
• LEI verification — checks GLEIF registry for legal entity transparency; missing LEI scores as a governance risk signal
• World Bank governance scoring — applies jurisdiction corruption control and rule of law percentile scores to the governance pillar
• Spending limit controls — every tool call checks Actor.charge() limits before execution; returns a structured error if the cap is reached

Use cases for ESG supply chain risk assessment

Supplier ESG due diligence

Procurement and ESG teams at manufacturers, retailers, and technology companies must screen new and existing suppliers for environmental, labor, and governance risks before onboarding or contract renewal. Manual screening of a 200-supplier base takes months. Call company_esg_assessment for each supplier at $0.045 per call to generate pillar scores, SASB materiality flags, and CSRD gap reports — the complete screening cycle runs in hours.

EU CSRD and CSDDD compliance preparation

Companies subject to the EU Corporate Sustainability Reporting Directive face mandatory ESRS disclosures from 2025. The csrd_compliance_gap tool maps available data against E1, S1, S2, and G1 reporting standards, classifying each as DATA AVAILABLE, REVIEW NEEDED, CRITICAL GAP, or NEEDS ASSESSMENT. The labor_rights_assessment tool generates CSDDD supply chain due diligence alerts when ILAB forced labor indicators are present.

Portfolio ESG screening for asset managers

Investment analysts screening 50-100 companies for ESG risk before a fund allocation cycle can call company_esg_assessment with sector context for SASB-aligned scores. The governance pillar pulls OFAC/OpenSanctions screening automatically, flagging any sanctions exposure before investment. The structured JSON output integrates directly into portfolio management systems.

Supply chain reshoring and sourcing decisions

When evaluating alternative sourcing countries — moving production from Bangladesh to Vietnam, or Vietnam to nearshore Mexico — call supply_chain_country_risk for each candidate country. The tool classifies risk level against the 20-country ILAB/FATF high-risk list, pulls UN COMTRADE trade flow data, and returns World Bank governance indicators to support the sourcing decision with quantified evidence.

ESG trend monitoring for active engagement

Investors and ESG managers engaged with a company over a remediation period need to measure whether compliance is actually improving. The esg_trend_analysis tool groups EPA violations, OSHA inspections, and DOL enforcement actions by calendar year, making year-over-year improvement or deterioration visible in the data — not just in the company's self-reported targets.

Anti-corruption governance due diligence

M&A teams, private equity firms, and compliance officers performing pre-transaction governance checks can call governance_integrity_check to combine dual-layer sanctions screening (OFAC + OpenSanctions), corporate registration verification via OpenCorporates, LEI status from GLEIF, and World Bank corruption control scores for the operating jurisdiction — all in a single structured response.

How to connect the ESG Supply Chain Risk MCP Server

Claude Desktop

Add this entry to your claude_desktop_config.json file (typically at ~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "esg-supply-chain-risk": {
      "url": "https://esg-supply-chain-risk-mcp.apify.actor/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_APIFY_TOKEN"
      }
    }
  }
}

Restart Claude Desktop after saving. The 8 ESG tools will appear in the tools panel immediately.

Cursor, Windsurf, or Cline

Add the same MCP server URL to your IDE's MCP settings. All clients that support the Model Context Protocol Streamable HTTP transport work with this server.

Programmatic (HTTP POST)

curl -X POST https://esg-supply-chain-risk-mcp.apify.actor/mcp \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_APIFY_TOKEN" \
  -d '{
    "jsonrpc": "2.0",
    "method": "tools/call",
    "params": {
      "name": "company_esg_assessment",
      "arguments": {
        "company_name": "Pinnacle Textiles",
        "sector": "apparel",
        "country": "BD"
      }
    },
    "id": 1
  }'

MCP tools

Tool parameters

company_esg_assessment

environmental_compliance_check

labor_rights_assessment

governance_integrity_check

supply_chain_country_risk

esg_trend_analysis

sasb_materiality_report

csrd_compliance_gap

Output example

Full company_esg_assessment response for a manufacturing company:

{
  "company": "Pinnacle Textiles",
  "sector": "apparel",
  "country": "BD",
  "esgScore": 58,
  "esgGrade": "HIGH ESG RISK",
  "pillarScores": {
    "environmental": {
      "score": 18,
      "max": 35,
      "findings": [
        "7 EPA violations",
        "$340,000 in EPA penalties",
        "Operations near areas with poor air quality (AQI > 150)"
      ]
    },
    "social": {
      "score": 26,
      "max": 35,
      "findings": [
        "6 serious OSHA violations — critical worker safety failures",
        "14 total OSHA inspection records — pattern of safety issues",
        "$87,400 in DOL back wages owed — significant labor exploitation",
        "ILAB forced/child labor indicators: cotton, jute",
        "Supply chain exposure to high-risk labor countries: BD, VN, MM"
      ]
    },
    "governance": {
      "score": 14,
      "max": 30,
      "findings": [
        "No LEI — reduced financial transparency",
        "Low corruption control score in operating jurisdiction: 24/100"
      ]
    }
  },
  "sasbMateriality": [
    "supply chain labor",
    "raw material sourcing",
    "chemical management",
    "water use",
    "fair wages"
  ],
  "csrdGaps": [
    "ESRS S1 Own Workforce: Labor violations detected — requires detailed workforce disclosure",
    "ESRS S2 Workers in Value Chain: Forced labor indicators in supply chain — CSDDD due diligence obligation",
    "ESRS G1 Business Conduct: Insufficient corporate transparency for governance disclosure"
  ],
  "recommendation": "Significant ESG risk. Remediation plan required. May impact EU CSRD/CSDDD compliance.",
  "actorsUsed": 15
}

Output fields

How much does ESG supply chain screening cost?

This MCP uses pay-per-event pricing — you pay $0.045 per tool call. There is no monthly subscription or platform fee beyond Apify compute costs, which are included.

You can set a maximum spending limit per session to control costs. The server returns a structured error when your budget is reached, so no run ever exceeds your cap.

Compare this to EcoVadis at $30,000-$150,000/year, or MSCI ESG at enterprise pricing — most teams doing regular supplier screening with this MCP spend under $20/month with no subscription commitment. Apify's free tier includes $5 of monthly credits, enough for 111 tool calls at no cost.

How ESG Supply Chain Risk MCP Server works

Phase 1: Parallel data collection across 15 actors

When any tool is called, the server dispatches parallel HTTP requests to multiple Apify actors via runActorsParallel. For company_esg_assessment, all 15 actors run simultaneously — EPA ECHO, OpenAQ, OSHA, MSHA, DOL WHD, ILAB, OFAC, OpenSanctions, OpenCorporates, GLEIF, UN COMTRADE, World Bank, OECD, EIA, and GDACS. Each call uses a 120-second timeout and 256 MB memory allocation. The actor returns an empty array on failure rather than throwing, so a single unavailable data source does not abort the entire assessment.

Phase 2: ESG scoring engine

The computeESGScore function in scoring.ts applies weighted penalty logic across three pillars. The Environmental pillar (max 35 points) applies graduated scoring: 3 points for 1+ EPA violations, 8 for 4+, 15 for 10+, plus 5 additional points for EPA penalties exceeding $100,000. An air quality AQI above 150 (WHO "Unhealthy" threshold) adds 5 points. GDACS RED/SEVERE disaster alerts near operations add 4 points. The Social pillar (max 35) scores OSHA serious/willful/repeat violations at 6-12 points, MSHA records at 2 points each (max 8), DOL back wages on a three-tier scale up to 10 points, and ILAB forced labor indicators at 10 points flat. Supply chain exposure to the 20-country high-risk list adds 2 points per unique country (max 6). The Governance pillar (max 30) scores sanctions matches at 15 points, missing corporate registration at 5, no LEI at 4, and World Bank corruption control or rule of law scores below 30 at 5 and 3 points respectively.

Phase 3: SASB materiality and CSRD gap mapping

After scoring, the engine applies two additional analytical layers. SASB materiality is resolved by matching the sector parameter against a pre-loaded materiality map covering 8 SASB sectors with 4-5 material factors each. EU CSRD gap analysis checks data availability across ESRS E1, S1, S2, and G1 standards: gaps are classified as CRITICAL GAP when ILAB flags or missing corporate data are present, REVIEW NEEDED when labor violations exist, DATA AVAILABLE when enforcement records are found, and NEEDS ASSESSMENT otherwise. The criticalGaps count determines overall CSRD readiness: READY (0 gaps), PARTIALLY READY (1-2 gaps), or NOT READY (3+ gaps).

Phase 4: Structured JSON response assembly

All tool responses use a consistent json() helper that serializes output as { content: [{ type: "text", text: "..." }] } per MCP specification. Every tool checks Actor.charge() before executing and returns a structured error object (not an exception) if the spending limit has been reached, ensuring safe and predictable behavior in automated workflows.

Tips for best results

1. Always provide sector for the full assessment. SASB materiality results are only meaningful when the sector is specified. Without it, the tool returns a generic "General ESG disclosure required" message instead of the 4-5 sector-specific material factors. Use one of the 8 supported values: energy, mining, manufacturing, apparel, technology, financial, healthcare, food.

2. Provide country for governance and supply chain tools. The World Bank governance indicators, UN COMTRADE trade flows, and GDACS disaster exposure all require a country context. Without it, the tool defaults to US for most queries, which may not reflect the company's actual operating environment.

3. Use supply_chain_country_risk before the full assessment. If you are screening a new sourcing country, run supply_chain_country_risk first to determine whether you need enhanced due diligence. If the country is on the 20-country high-risk list, proceed directly to company_esg_assessment with full context rather than a lighter check.

4. Run esg_trend_analysis for ongoing supplier relationships. Point-in-time ESG scores capture current state. For suppliers you have been working with for 3+ years, the trend analysis reveals whether enforcement incidents are concentrated in recent years (deteriorating) or declining (improving), which changes the remediation conversation significantly.

5. Combine csrd_compliance_gap with sasb_materiality_report for reporting preparation. The CSRD gap tool identifies missing disclosure data; the SASB report identifies which factors are most material to disclose. Running both on the same company gives you a complete map of what to collect and what to prioritize.

6. Set a spending limit in your MCP client. For automated workflows screening large supplier lists, configure the maxTotalChargeUsd parameter in your Apify actor settings to prevent unexpected costs if a loop runs longer than expected.

7. Company name matching is approximate. Government databases use varying company name formats (legal entity name, DBA, parent company). If company_esg_assessment returns unexpectedly few records, try the exact legal entity name, parent company name, or facility name as known to regulators.

Combine with other Apify actors

Limitations

• US-centric environmental and labor data. EPA ECHO, OSHA, MSHA, and DOL WHD only cover US-based facilities and operations. Companies operating exclusively outside the United States will show limited or no data in the Environmental and Social pillars, resulting in artificially low (favorable) risk scores that do not reflect their actual compliance status.
• No Scope 1/2/3 emissions data. Full GHG Protocol accounting requires company-reported data. EIA energy data provides sector-level energy intensity benchmarks as a proxy, but is not a substitute for facility-level emissions reporting.
• Company name matching is not exact. Government enforcement databases use legal entity names, DBAs, and subsidiary names inconsistently. A parent company search will not retrieve records filed under subsidiary names unless the subsidiary name is provided separately.
• ILAB data reflects published lists, not real-time monitoring. The ILAB List of Goods Produced by Child Labor or Forced Labor is updated periodically, not continuously. New forced labor concerns in a supply chain country may not appear immediately.
• World Bank and OECD indicators are country-level, not company-level. Governance pillar scores reflect the operating jurisdiction's governance quality, not the specific company's internal governance practices. A well-governed company in a poorly governed jurisdiction will score worse than its actual practices warrant.
• No private company financial data. Credit ratings, financial distress indicators, and capital structure data are not available through public sources included in this MCP. Pair with financial data providers for full counterparty risk assessment.
• Parallel actor timeout is 120 seconds per source. If individual Apify actors experience delays, the overall assessment may take longer. The 15-actor full assessment can occasionally extend to 5+ minutes.
• CSRD gap analysis covers four ESRS standards. The csrd_compliance_gap tool maps against E1, S1, S2, and G1. The full ESRS framework includes E2-E5 and S3-S4 standards that require company-reported data not available in public databases.

Integrations

• Apify API — call ESG assessments programmatically from Python, JavaScript, or any HTTP client; integrate into procurement and GRC platforms
• Zapier — trigger ESG assessments from new supplier records in your procurement system and route results to GRC or CRM tools
• Make — build automated ESG monitoring workflows that run on quarterly schedules and push results to Google Sheets or Airtable
• Google Sheets — export bulk supplier ESG scores directly into a scoring spreadsheet for risk committee review
• Webhooks — notify compliance teams via Slack or email when assessments complete or when HIGH/SEVERE ESG risk grades are returned
• LangChain / LlamaIndex — feed ESG assessment outputs into RAG pipelines for AI-assisted compliance reporting and narrative generation

Troubleshooting

• Environmental and Social pillar scores are zero for a non-US company. EPA, OSHA, MSHA, and DOL WHD only index US-registered facilities. For international companies, use governance_integrity_check and supply_chain_country_risk instead, which use jurisdiction-agnostic sources (OpenSanctions, World Bank, UN COMTRADE, GLEIF).

• SASB materiality returns "General ESG disclosure required". The sector parameter was not provided or did not match a supported value. Use one of: energy, mining, manufacturing, apparel, technology, financial, healthcare, or food — lowercase, exact match.

• CSRD gap shows CRITICAL GAP for S2 even when no obvious supply chain issues exist. ILAB forced labor data is commodity- and country-level, not company-specific. If the company's sector imports from countries with ILAB-flagged goods (cotton from Uzbekistan, electronics from China), the flag will appear regardless of the specific company's sourcing practices. This indicates a need for company-level supply chain mapping, not necessarily a confirmed violation.

• Sanctions check returns hits that seem incorrect. Sanctions matching uses name similarity against OFAC SDN and OpenSanctions databases. Common company names may produce false positives. Review the records array in the governance response to verify whether the match is for the same legal entity, jurisdiction, and entity type.

• Full assessment taking more than 5 minutes. One or more of the 15 upstream actors is experiencing latency. Individual actors have 120-second timeouts and return empty arrays on failure, so the assessment will complete — the affected pillar may have reduced data. Check Apify platform status at status.apify.com if latency is persistent.

Responsible use

• This MCP accesses publicly available government enforcement data, intergovernmental databases, and open corporate registries.
• All 15 data sources are official public records: EPA, OSHA, MSHA, DOL, ILAB, OFAC, UN COMTRADE, World Bank, OECD, OpenCorporates, GLEIF, EIA, and GDACS.
• ESG scores derived from public enforcement data represent regulatory record, not a complete ESG assessment. Use as one input in a broader due diligence process, not as a sole basis for supplier termination decisions.
• Comply with GDPR and applicable data protection laws when processing ESG data that includes information about natural persons (e.g., PEP records from OpenSanctions).
• For guidance on web scraping and public data legality, see Apify's guide.

FAQ

How does ESG Supply Chain Risk MCP compare to EcoVadis or MSCI ESG Ratings? EcoVadis and MSCI ESG rely primarily on company self-reported questionnaires and analyst review, which are time-consuming to collect and subject to reporting bias. This MCP draws exclusively from government enforcement databases and intergovernmental registries — sources companies cannot edit. It provides independent, quantified compliance evidence rather than scores derived from self-disclosure. The trade-off is that it covers the regulatory footprint, not the full ESG disclosure universe.

How many data sources does ESG supply chain risk assessment use? The company_esg_assessment tool calls all 15 actors in parallel: EPA ECHO, OpenAQ, OSHA, MSHA, DOL WHD, ILAB, OFAC, OpenSanctions, OpenCorporates, GLEIF, UN COMTRADE, World Bank, OECD, EIA, and GDACS. Focused tools use 3-6 sources depending on the pillar.

Does ESG supply chain risk assessment cover Scope 1, 2, and 3 emissions? No. Full GHG Protocol emissions accounting requires company-reported data that is not available in public databases. EIA energy data provides sector-level intensity benchmarks as a proxy for the Environmental pillar, and OpenAQ provides ambient air quality data near operating locations. For Scope 1/2/3, this MCP should be paired with company-reported CDP or sustainability report data.

Which SASB sectors does the materiality mapping support? Eight sectors are supported with pre-mapped material factors: energy, mining, manufacturing, apparel, technology, financial, healthcare, and food. Each sector returns 4-5 SASB-aligned material factors. Companies in sectors outside this list receive a generic disclosure guidance message.

Can I use ESG supply chain risk data for EU CSRD compliance reporting? Yes, with caveats. The csrd_compliance_gap tool maps data availability against ESRS E1, S1, S2, and G1 standards and identifies gaps. ILAB forced labor flags generate explicit CSDDD supply chain due diligence obligation alerts. However, CSRD reporting also requires company-reported GHG data, double materiality assessments, and stakeholder engagement that cannot be derived from public databases alone.

How accurate is the ESG supply chain country risk classification? The 20-country high-risk list is derived from ILAB methodology (countries with documented forced and child labor in goods production) and FATF financial crime risk lists. These represent countries where supply chain due diligence requirements are most acute. The classification is binary (HIGH/STANDARD) — it is a risk signal, not a definitive assessment of every company sourcing from those countries.

How long does a full company ESG assessment take? Typically 2-4 minutes. All 15 actors run in parallel with 120-second timeouts. Total elapsed time is bounded by the slowest data source, not the sum of all 15. The focused tools (environmental compliance, labor rights, governance) typically complete in 60-90 seconds.

Is it legal to use EPA, OSHA, and DOL enforcement data for ESG screening? Yes. All data sources used by this MCP are official public records published by US federal agencies, UN bodies, and international registries specifically for public access and transparency. See Apify's guide on web scraping legality.

Can I schedule ESG supply chain risk assessments to run automatically? Yes. The MCP server runs in Apify's Standby mode, meaning it stays active and responds to requests without cold starts. You can schedule periodic ESG monitoring runs via Apify's built-in scheduler or trigger them from Zapier, Make, or any cron-based workflow on a quarterly or annual cycle.

What happens if one of the 15 data sources is unavailable? Individual actor failures return empty arrays rather than exceptions, so the overall assessment completes with reduced data in the affected pillar. The response will still include a score and findings based on the sources that returned data. Persistent failures are logged at the error level in Apify's run log.

How is ESG supply chain risk scoring different from a simple sanctions check? A sanctions check (OFAC/OpenSanctions) only scores the Governance pillar — and only the "blocked entity" signal within it. The ESG assessment adds Environmental pillar scoring from EPA enforcement data, Social pillar scoring from OSHA/MSHA/DOL/ILAB, SASB materiality context, and CSRD compliance gap analysis. Governance is only 30 of 100 possible risk points; the Environmental and Social pillars each contribute up to 35 points for a complete picture.

Can ESG supply chain risk assessment be used with Claude or other AI assistants? Yes. The server implements the MCP Streamable HTTP protocol, which is supported by Claude Desktop, Cursor, Windsurf, Cline, and any other MCP-compatible AI assistant. Add the server URL to your MCP client configuration and the 8 tools appear immediately in the tool panel.

Help us improve

If you encounter issues, enable run sharing to help us debug faster:

1. Go to Account Settings > Privacy
2. Enable Share runs with public Actor creators

This lets us see your run details when something goes wrong. Your data is only visible to the actor developer, not publicly.

Support

Found a bug or have a feature request? Open an issue in the Issues tab on this actor's page. For custom integrations — connecting ESG screening to your GRC platform, procurement system, or investment workflow — reach out through the Apify platform.