The European Union has adopted a new regulation 2024/3005 of 27 November 2024 on environmental, social and governance (ESG) rating providers. The aim of this Regulation is to is to simplify information flows and facilitate investment decisions within the broader framework of sustainable EU financing. The Union's approach to sustainable and inclusive growth is anchored in the 20 principles of the European Pillar of Social Rights, while also drawing on the Union's social acquis, including equality strategies. The Regulation is binding in its entirety and directly applicable in all Member States from 2 July 2026.

Who does the regulation apply to?

The Regulation applies to ESG rating providers operating in the Union. A distinction is made between providers established in the Union and those established outside the Union. Providers established in the Union are considered to be operating in the Union when they issue and publish ratings on their website or by other means, or when they issue and distribute them on a subscription or other contractual basis to regulated financial undertakings, certain types of undertakings and institutions of the Union or Member States. Providers outside the Union are considered to be operating in the Union only when they issue and distribute their ratings to the same entities on a subscription or contractual basis. The term ‘establishment’ includes all actual activities carried out through permanent arrangements, taking into account stability, the conduct of activities in the Union and the nature of the economic activities.

Exemptions from the scope

Certain activities and entities are exempted from the scope of the Regulation. This includes information that a company or financial institution discloses about its own sustainability impacts. Private ESG ratings issued on an individual order exclusively for the client and not intended for publication or distribution are also excluded. Ratings issued by regulated financial undertakings in the Union that are used exclusively for internal purposes or for the provision of internal financial services/products or services/products within a group are also excluded. The Regulation does not apply to ESG ratings produced solely for accreditation or certification purposes that do not aim at investment or financial analysis/decision-making. Labelling activities are excluded, provided that the labels do not include the disclosure of an ESG rating. Non-profit organisations that publish or distribute ratings for non-commercial purposes are also exempted, but if they charge fees to rated entities or users of ratings for data, ratings or access to information, the Regulation applies to them.

Permit and registration

A legal entity wishing to operate as an ESG rating provider in the Union must be subject to authorisations granted by the European Securities and Markets Authority (ESMA). An application for authorisation shall be submitted by legal entities established in the Union and shall contain the information set out in Annex I. ESMA shall assess the completeness of the application within 25 working days and shall decide whether to grant or refuse authorisation within 90 working days (with a possible extension to 120 days under certain conditions). The authorisation shall be valid throughout the Union. ESMA may suspend or withdraw authorisation under specific conditions, such as obtaining authorisation on the basis of false declarations, a serious breach of the Regulation or where the provider no longer meets the conditions for authorisation.

Three regimes are established for ESG rating providers established outside the Union: equivalence, endorsement and recognition. The equivalence regime requires a Commission decision that the legal framework and supervisory practices of a third country are equivalent to EU requirements. Under the recognition regime, non-Union providers must comply with the requirements of the Regulation and submit an application for recognition to ESMA. They must also have a legal representative established in the Union who demonstrates to ESMA that the provider complies with the requirements on an ongoing basis and is responsible for doing so. ESMA maintains a public register of authorised providers, registered under the temporary regime for small providers and those from third countries subject to equivalence, endorsement or recognition regimes.

There is also a temporary regime for small ESG rating providers established in the Union. They must notify ESMA of their intention to operate in the Union and be registered. In that case, only selected provisions of the Regulation apply to them. If they cease to be classified as small providers or after three years of registration, they must apply for full authorisation.

Requirements for providers

The Regulation sets strict requirements for independence and the management of conflicts of interest. Providers must ensure the independence of their activities from political and economic influences. They must put in place rules and procedures to ensure that ratings are issued in accordance with the Regulation. It is also important to take measures to ensure that the information used in assigning ratings is of good quality and from reliable sources. Providers must state that their ratings represent their own views.

Transparency is a key element. Providers must disclose methodologies, models and key rating inputs on their website. Instead of a single rating summing the E, S and G factors, separate ratings are required for each factor, unless the provider discloses additional information in the aggregate rating. Providers must also disclose additional information to users of ratings and rated entities, such as a more detailed overview of methodologies and data processes. They must inform the rated entity or issuer at least two business days before the first issue of a rating and make the relevant information available upon request.

Providers must have procedures in place to receive, investigate and record complaints from users of ratings and rated entities. Small providers may not seek to respond to justified concerns within 30 working days, while other providers may. Outsourcing of important tasks must not impair the quality of internal control or ESMA's ability to carry out supervision.

ESMA supervision

ESMA is the supervisor of ESG rating providers. It has the power to request information, conduct investigations and on-site inspections, impose fines and periodic penalty payments. However, ESMA may not interfere with the content of ESG ratings or methodologies. If a provider fails to comply, ESMA may take various measures, including suspension/withdrawal of authorisation, temporary ban on publishing ratings, requirement to cease the infringement, imposition of fines or issuing public notices. The maximum fine is 10 % of the provider's total annual net turnover. When imposing sanctions, ESMA must take into account criteria such as the seriousness and duration of the infringement, the financial benefit and previous infringements. ESMA cooperates with national competent authorities in carrying out its supervision and may delegate certain investigative tasks to them.

The Regulation also requires ESG rating providers to submit certain information to the data collection authority (which is ESMA) for access through the European Single Access Point (ESAP) from 1 January 2028. This information must be in a data-extractable or machine-readable format with relevant metadata.

Overall, the new regulation introduces a comprehensive framework for the regulation and supervision of ESG rating providers in the EU, with the aim of increasing the transparency, integrity and reliability of these ratings in the financial market. Spring

Glossary of key terms:

• 2030 Agenda for Sustainable Development: The global framework for sustainable development adopted by the UN General Assembly in 2015, with the Sustainable Development Goals at its core.
• European Green Deal: Commission Communication of December 2019 aiming to make the Union's economy and society climate-neutral by 2050.
• Sustainable Development Goals (SDGs): A set of 17 global goals set by the UN that cover social, environmental and economic challenges.
• Sustainable financing: The process of considering environmental, social and governance factors in investment decisions to promote sustainable growth.
• ESG (Environmental, Social and Governance) ratings: An opinion or score, or a combination thereof, regarding the profile or characteristics of an assessed item in terms of environmental, social and human rights factors, or governance factors, based on an established methodology and classification system.
• ESG rating provider: A legal entity that issues and distributes ESG ratings for commercial purposes.
• Rated item: A legal entity, financial instrument, financial product, public sector entity or public entity that is assessed under ESG ratings.
• Double significance: The principle that sustainability takes into account not only how sustainability affects the business (financial materiality), but also how the business affects the environment and society (impact materiality).
• ESMA (European Securities and Markets Authority): The EU authority responsible for supervising ESG rating providers under this Regulation.
• European Single Access Point (ESAP): An online platform that provides centralized access to publicly available information related to financial services, capital markets and sustainability in the EU.
• Temporary mode: Simplified registration regime for small ESG rating providers established in the Union for a limited period.
• Equivalence regime: A regime that allows ESG rating providers established outside the Union to operate in the Union if the Commission decides that the regulatory and supervisory regime of the third country is equivalent to the EU regime.
• Approval mode: A regime that allows an ESG rating provider established in the Union to endorse ESG ratings produced by an ESG rating provider established outside the Union within the same group.
• Recognition mode: A regime that allows small ESG rating providers established outside the Union to operate in the Union after being recognised by ESMA, pending an equivalence decision by the Commission.
• A regulated financial undertaking in the Union: Entities such as credit institutions, investment firms, insurance companies, etc., as defined in Article 3, point 5.
• Marketing communications: Communication materials used by regulated financial firms to promote financial products or services that include ESG ratings.
• Conflict of interest: A situation in which the independence and impartiality of an ESG rating provider, its employees or other persons involved in the rating process are compromised due to personal, financial, business or other relationships.
• Regulatory Technical Regulations (RTS): Detailed rules adopted by the Commission to supplement this Regulation, for example concerning progressive rules and fees.