Terms, privacy, cookies & disclaimer

In these Terms & Conditions (“Terms”), unless the context otherwise requires:

• “Carbon Mandate”, “we”, “us” or “our” refers to Carbon Mandate Ltd, a company registered in England and Wales (Reg 07221424), with its registered office at London, England, N3 3ST, United Kingdom.
• “Client”, “you” or “your” refers to the corporate entity or authorised representative engaging our services.
• “Services” means the advisory, analytical, and managed execution services provided by Carbon Mandate, including but not limited to CBAM liability quantification, MRV data extraction, ETS equivalency structuring, and compliance architecture deployment.
• “CBAM Operating System™” refers to the proprietary methodological framework, software tools, analytical processes, and execution architecture developed and owned exclusively by Carbon Mandate Ltd.
• “Platform” means the Carbon Mandate website at carbonmandate.com and the secure Client Vault portal.

By accessing the Platform or engaging our Services, you confirm that you are acting in a professional or commercial capacity on behalf of a corporate entity, and that you accept these Terms in full. These Terms constitute a legally binding agreement between you and Carbon Mandate Ltd. If you do not agree to any provision herein, you must not access or use the Platform or Services.

These Terms are intended exclusively for business-to-business (B2B) engagements. Carbon Mandate does not provide services to individual consumers.

Carbon Mandate provides principal advisory and managed execution services in the field of EU Carbon Border Adjustment Mechanism compliance. Our Services comprise:

• Carbon liability quantification and financial exposure modelling;
• Monitoring, Reporting, and Verification (MRV) data extraction and structuring;
• EU Emissions Trading System equivalency framework design;
• CBAM declaration preparation and registry management;
• Audit verification defence architecture.

Important: Our Services constitute advisory and execution frameworks based on our interpretation of applicable EU and UK regulations as at the date of engagement. We do not guarantee specific regulatory rulings, determinations, or outcomes by the European Commission, EU Member State customs authorities, or any other regulatory body. Regulatory frameworks, including the EU CBAM, are subject to amendment, reinterpretation, and revision, and Carbon Mandate accepts no liability for changes to applicable law or regulation occurring after the date of our advice or deliverables.

All intellectual property rights in the CBAM Operating System™, including but not limited to its methodological framework, analytical models, proprietary algorithms, data structures, software components, documentation, and branding, are and shall remain the exclusive property of Carbon Mandate Ltd.

No licence, assignment, or transfer of intellectual property rights is granted to the Client by virtue of an engagement, except for the limited, non-exclusive, non-transferable right to use deliverables produced for the Client during the term of the engagement and for the purposes specified therein.

The Client shall not, without the prior written consent of Carbon Mandate:

• Reproduce, modify, adapt, or create derivative works based on the CBAM Operating System™ or any proprietary methodology;
• Reverse-engineer, decompile, or disassemble any software or analytical tool provided;
• Disclose, distribute, or make available any proprietary materials to third parties.

To the maximum extent permitted by applicable law:

• Carbon Mandate’s aggregate liability arising out of or in connection with any engagement shall not exceed the total fees paid by the Client under the relevant engagement in the twelve (12) months preceding the event giving rise to the claim.
• Carbon Mandate shall not be liable for any indirect, consequential, special, or punitive damages, including but not limited to loss of profit, loss of revenue, loss of business opportunity, or loss of data, howsoever arising.
• Carbon Mandate shall not be liable for any loss or damage arising from changes to EU or Member State regulations, including amendments to the CBAM Regulation (EU) 2023/956, its implementing and delegated acts, or any related customs, tax, or emissions trading legislation.
• Carbon Mandate shall not be liable for the accuracy, completeness, or timeliness of data provided by the Client or third parties upon which our analysis or deliverables are based.

Nothing in these Terms shall exclude or limit liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability which cannot be excluded or limited under applicable law.

The Client shall:

• Provide accurate, complete, and timely data as reasonably required for the performance of the Services;
• Ensure that all information provided does not infringe any third-party rights;
• Designate a suitably authorised officer or representative as the primary point of contact;
• Comply with all applicable laws and regulations in connection with the engagement.

The Client acknowledges and agrees that the accuracy, completeness, and provenance of all CBAM-relevant data — including but not limited to embedded emissions values, supplier Monitoring, Reporting and Verification (“MRV”) submissions, Combined Nomenclature (“CN”) classifications, declarant and importer Economic Operators Registration and Identification (“EORI”) numbers, country-of-origin codes per ISO 3166-1, net mass figures, default-value markups, and any timestamps used to establish reporting periods — is the sole and continuing responsibility of the Client.

Carbon Mandate’s analytical outputs, dashboards, declaration drafts, and diagnostic reports are derived directly from data supplied by or on behalf of the Client. We do not independently verify upstream supplier data, primary measurement instrumentation, or third-party laboratory results unless an explicit, separately scoped verification engagement has been agreed in writing.

The Client shall promptly notify Carbon Mandate of any inaccuracy, omission, or material change in submitted data. Failure to do so may result in the rejection of CBAM declarations by EU customs authorities, the imposition of default-value markups, the assessment of penalties under Article 16 of Regulation (EU) 2023/956, or the recalculation of CBAM certificate liabilities — in each case at the Client’s sole risk and expense.

Carbon Mandate may make available, free of charge or as part of a paid subscription, certain diagnostic tools, including without limitation the CBAM XML Validator, the Sector Benchmarks viewer, and the Live Exposure Indices (collectively, the “Diagnostic Tools”).

The Diagnostic Tools are provided strictly on an “as-is” and “as-available” basis for advisory, exploratory, and structural-quality-assurance purposes. They are not:

• A substitute for legal, accounting, or customs-clearance advice;
• An official verification, certification, or pre-clearance of any CBAM declaration;
• A representation that any submission processed by a Diagnostic Tool will be accepted by the European Commission, the EU CBAM Registry, or any Member State competent authority;
• A guarantee that an XML file passing structural validation conforms to the EU CBAM Transitional or Definitive XSD in every respect, or that all in-document business-rule violations have been detected.

Diagnostic Tool outputs may flag a subset of detectable issues only. The absence of a flagged error does not constitute clearance, sign-off, or any form of warranty. The Client remains exclusively responsible for the content, accuracy, and timely lodgement of every CBAM submission.

Files uploaded to the Diagnostic Tools are processed under a zero-retention architecture: they are parsed in volatile memory and immediately destroyed. Operational metadata (filename, byte size, error count, run timestamp, and authenticated user identifier) may be retained for audit, security, and product-improvement purposes in accordance with our Privacy Policy.

The Client acknowledges that, under Regulation (EU) 2023/956 and its implementing acts, the legal obligation to lodge CBAM declarations, to redeem CBAM certificates, to operate as an authorised CBAM declarant where required, and to respond to enquiries from EU customs and competent authorities rests exclusively with the importer of record, its authorised CBAM declarant, or its indirect customs representative — not with Carbon Mandate.

To the maximum extent permitted by applicable law, Carbon Mandate shall not be liable, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any of the following arising out of or in connection with any Service or Diagnostic Tool:

• Rejection, suspension, or non-acceptance of a CBAM declaration by EU customs, the European Commission, the EU CBAM Registry, or any Member State competent authority;
• Imposition of default-value markups, financial penalties, fines, surcharges, interest, or back-duties under Article 16 of Regulation (EU) 2023/956 or any successor provision;
• Detention, delay, demurrage, or release-conditions imposed on goods at the EU border;
• Audit findings, retroactive recalculations, or reassessments of embedded emissions or certificate liability;
• Disputes between the Client and its suppliers, customs agents, freight forwarders, verifiers, or end customers concerning data, filings, or pricing;
• Loss of margin, opportunity, contracts, or goodwill consequent upon any of the above.

This Section 9 is in addition to, and shall be read together with, the limitation of liability provisions in Section 5. Where the two conflict, the more limiting of the two shall apply. Nothing in this Section excludes or limits liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability that cannot lawfully be excluded.

Each party agrees to treat as confidential all information received from the other party that is designated as confidential or that, by its nature, a reasonable person would regard as confidential. This obligation shall survive the termination of any engagement for a period of five (5) years.

This obligation does not apply to information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was known to the receiving party prior to disclosure; (c) is independently developed; or (d) is required to be disclosed by law, regulation, or order of a competent authority.

Either party may terminate an engagement by providing thirty (30) days’ written notice to the other party. Carbon Mandate reserves the right to terminate immediately in the event of a material breach by the Client that is not remedied within fourteen (14) days of written notice.

Upon termination, the Client shall pay all fees and expenses accrued up to the date of termination. Clauses relating to intellectual property, confidentiality, limitation of liability, and governing law shall survive termination.

These Terms, and any dispute or claim arising out of or in connection with them (including non-contractual disputes or claims), shall be governed by and construed in accordance with the laws of England and Wales.

The courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms.

Carbon Mandate reserves the right to amend these Terms at any time. The most current version shall be published on the Platform with the effective date indicated below. Continued use of the Platform or Services following any amendment constitutes acceptance of the revised Terms.

The data controller for the purposes of the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018 is:

Carbon Mandate Ltd (Reg 07221424)
Registered Office: London, England, N3 3ST, United Kingdom
Email: info@carbonmandate.com
Phone: +44 20 3918 3500

This Privacy Policy applies to all personal data processed by Carbon Mandate in connection with our website (carbonmandate.com), the secure Client Vault portal, and the delivery of our advisory and managed execution services. This policy is directed exclusively at business-to-business (B2B) relationships. We do not knowingly collect or process personal data from individual consumers.

In the course of our business operations, we may collect and process the following categories of personal data:

• Professional contact information: corporate email addresses, business telephone numbers, job titles, and organisational affiliations of client officers and authorised representatives.
• Industrial facility data: installation-level emissions data, production volumes, energy consumption figures, and MRV documentation submitted by or on behalf of clients for the purposes of CBAM compliance.
• Engagement records: correspondence, service requests, Discipline Brief submissions, and records of advisory interactions.
• Technical data: IP addresses, browser type, and device information collected automatically when accessing the Platform, and authentication credentials for the Client Vault portal.
• Financial data: invoicing details and payment records as required for the administration of engagements.

We process personal data for the following purposes, relying on the legal bases indicated:

• Performance of a contract (Article 6(1)(b) UK/EU GDPR): Processing data necessary for the delivery of our Services, including MRV data extraction, liability quantification, and CBAM declaration preparation.
• Legitimate interests (Article 6(1)(f) UK/EU GDPR): Processing data for business development, service improvement, security monitoring, and fraud prevention, where such processing does not override the fundamental rights and freedoms of the data subject.
• Legal obligation (Article 6(1)(c) UK/EU GDPR): Processing data where necessary for compliance with applicable legal or regulatory obligations, including tax, anti-money laundering, and corporate record-keeping requirements.
• Consent (Article 6(1)(a) UK/EU GDPR): Where applicable, processing analytical cookies or marketing communications with the explicit consent of the data subject.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Client engagement records: retained for seven (7) years from the conclusion of the engagement, in accordance with professional and regulatory obligations.
• MRV and facility data: retained for the duration of the CBAM compliance period to which it relates, plus an additional five (5) years for audit defence purposes.
• Discipline Brief requests and prospect data: retained for twenty-four (24) months from the date of submission, unless an engagement is commenced.
• Technical and cookie data: retained in accordance with the periods specified in our Cookie Policy.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.

We do not sell personal data to third parties. We may share personal data with:

• Sub-processors: cloud infrastructure providers (Supabase, Vercel), email service providers (Resend), and security services (Cloudflare) engaged under appropriate data processing agreements.
• Professional advisers: legal, accounting, and audit advisers, subject to professional confidentiality obligations.
• Regulatory authorities: where required by law, regulation, or order of a competent authority.

Where personal data is transferred outside the United Kingdom or European Economic Area, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions, in accordance with Chapter V of the UK/EU GDPR.

Under the UK GDPR and EU GDPR, you have the following rights in relation to your personal data:

• Right of access (Article 15) — the right to obtain confirmation of whether your data is being processed and to request a copy.
• Right to rectification (Article 16) — the right to request correction of inaccurate or incomplete data.
• Right to erasure (Article 17) — the right to request deletion of your data, subject to applicable legal retention obligations.
• Right to restriction of processing (Article 18) — the right to request that processing be restricted in certain circumstances.
• Right to data portability (Article 20) — the right to receive your data in a structured, commonly used, machine-readable format.
• Right to object (Article 21) — the right to object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent — where processing is based on consent, the right to withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@carbonmandate.com. We will respond within one (1) calendar month.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or, for EU data subjects, with the relevant supervisory authority in your Member State.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, role-based access controls, and regular security assessments. The audit log on which all administrative actions are recorded is stored under an immutable trigger that prevents update or deletion of historical events.

Cookies are small text files stored on your device when you access a website. They serve various functions, including enabling essential features, remembering preferences, and collecting analytical data to improve user experience.

Carbon Mandate uses a limited number of cookies, categorised as follows:

2.1 Strictly Necessary Cookies

These cookies are essential for the operation of the Platform and cannot be disabled. They include:

• Client Vault authentication: session cookies required to maintain your authenticated state within the secure Client Vault portal. These are set upon successful login and expire when you close your browser or log out.
• Security cookies: cookies set by Cloudflare Turnstile to verify user authenticity and prevent automated abuse of our forms.
• CSRF protection: cookies used to prevent cross-site request forgery attacks on form submissions.

2.2 Analytical Cookies

With your consent, we may use analytical cookies to understand how visitors interact with the Platform. These cookies collect aggregated, anonymised data and do not identify individual users. We do not currently deploy third-party analytics trackers. Should this change, we will update this policy and seek your explicit consent before setting any analytical cookies.

Our Platform relies on the following third-party services that may set cookies:

• Supabase: authentication and session management for the Client Vault portal.
• Cloudflare: security verification (Turnstile CAPTCHA) and performance optimisation.
• Vercel: hosting platform — may set performance-related cookies.

We do not use advertising cookies, social media tracking pixels, or remarketing technologies.

You can manage cookie preferences through your browser settings. Most browsers allow you to view and delete existing cookies, block cookies from specific or all websites, and set preferences for first-party and third-party cookies separately. Disabling strictly necessary cookies may impair the functionality of the Client Vault portal and form submissions.

For instructions on managing cookies in your specific browser, consult your browser’s help documentation or visit allaboutcookies.org.

Carbon Mandate provides advisory and managed execution services in the field of EU CBAM compliance. While our analysis is grounded in our interpretation of applicable EU and UK regulations, it does not replace the need for independent legal, tax, or accounting counsel qualified in the relevant jurisdiction.

No client-adviser relationship is formed by your access to this website or by the submission of a Discipline Brief request. A formal engagement exists only upon the execution of a written engagement letter or service agreement between Carbon Mandate Ltd and the client entity.

Any case studies, performance metrics, outcome descriptions, or client references published on this website or in our Insights hub are provided for illustrative purposes only. Past performance, results, and savings achieved for previous clients do not guarantee or predict future outcomes. Each engagement is subject to its own factual circumstances, regulatory environment, and data quality.

The EU Carbon Border Adjustment Mechanism, the EU Emissions Trading System, and related regulatory frameworks are subject to ongoing legislative amendment, implementing regulation, and judicial interpretation. Carbon Mandate does not warrant that the information on this website reflects the current state of applicable law at the time of your access. We endeavour to update our content regularly but accept no liability for inaccuracies arising from regulatory changes occurring after publication.

By accessing and using this website, you acknowledge and agree that you do so at your own risk, and that Carbon Mandate Ltd, its directors, officers, and employees shall not be liable for any loss or damage arising from your reliance on any information published herein.