Submit RFP

      November 2025

      In our last article, we noted that both the UK and EU recognise the important role played by ESG ratings in global capital markets. Each jurisdiction is now finalising its respective regulatory regimes, addressing the need for ratings to be independent, transparent and of adequate quality.

      HM Treasury (HMT) first put forward proposals to regulate the activities of ESG ratings providers in the UK in 2023, including bringing them within the remit of the FCA. It has now laid before Parliament a statutory instrument (SI) and explanatory note, outlining the approach on areas such as scope, exclusions and transitional provisions. The FCA has welcomed the SI, having previously encouraged firms to sign up to the International Capital Market Association’s (ICMA’s) voluntary Code of Conduct, and has now confirmed that it will consult on detailed regulatory requirements by the end of 2025. The FCA’s proposals will be informed by IOSCO’s recommendations, focusing on transparency, governance, systems and controls, and conflicts of interest.

      The European Commission also published proposals to regulate ESG ratings providers in 2023. The Regulation on the transparency and integrity of ESG rating activities will apply from July 2026, and ESMA has recently submitted to the Commission its final report on draft RTS on authorisations, separation of activities and public disclosures.

      At a glance — how the UK and EU regimes stack up

      General approach

      UK: The regime is intended to enhance the integrity of the ESG ratings market, through ‘robust governance, effective management of conflicts of interest, and sound systems and controls, while also advancing transparency.'

      Focus will be on the provision of ESG ratings, and while it will not be a requirement to know the exact use of every rating provided, it will be relevant for firms to consider whether their ratings will typically be used to inform customers’ investment decisions or will influence other commercial or operational activities. Specific regulatory requirements will be clearer once the FCA publishes its consultation.

      The UK regime will also include transitional provisions, with firms able to apply for permission to carry on the new regulated activity before the legal requirement comes into full effect (the ‘main commencement day’). The FCA may specify certain time periods for firms to submit applications — where applications have not been determined before the main commencement day, those firms will be treated as though the regulated activity is not yet in force.

      EU: The EU Regulation includes 14 general principles on the integrity and reliability of ESG rating activities, focusing on independence, methodologies and oversight.

      ESMA’s draft RTS outline the application process and expectations around firm structure, senior management and staffing resources. They also clarify that where ESG ratings are provided by firms conducting other regulated activities (see ‘Scope and exclusions’), those firms must apply additional safeguards to support the separation of activities, including:

      • information security and network-related controls, training, contractual measures and compliance monitoring checks
      • physical separation measures e.g. dedicated workspaces for rating analysts
      • organisational, technical and internal control measures on remuneration for those involved in ESG ratings
      • self-declaration every 12 months to confirm that ESG rating employees are not involved in other business activities prohibited by the regulation

      Scope and exclusions

      UK: Under the definition in HMT’s SI, a firm will be in scope if it ‘produces’ an ESG rating, ‘makes it available’, and if ‘that rating is likely to influence a decision to make an investment’. Exclusions from the scope include:

      • firms that only distribute but do not produce ESG ratings
      • provision of an ESG rating as part of another financial service or activity that is already regulated by the FCA
      • provision of an ESG rating that can also be characterised as a benchmark or is used to produce/incorporated into a credit rating
      • activities undertaken by charities, academics and journalists
      • intra-group ESG ratings where the provider does not reasonably expect the rating to be made available outside the group

      EU: Similarly, in the EU an ESG rating provider is defined as a firm that issues ESG ratings and either publishes the ratings on its website or distributes them via some other contractual means e.g. subscription.

      Private ESG ratings not intended for public disclosure, and internal intra-group ratings, are excluded from the Regulation. ESG ratings cannot be issued from the same legal entity as credit ratings, auditing and consulting activities. However, an ESG ratings provider can provide investment, banking, insurance or financial benchmarks from the same legal entity if ESMA considers that the specified measures to manage the conflicts of interest are sufficient (see ‘General approach’). 

      Approach to overseas firms

      UK: Where an ESG rating is provided to a UK customer, either directly or indirectly, by an overseas provider, this will fall within the scope of the regime — unless the overseas firm provides the rating for free. In this scenario, this activity will be excluded from the regulatory regime.

      EU: The approach to allowing third-country ESG ratings providers to operate in the EU is similar to that for third-country financial benchmarks providers — based on equivalence, endorsement and recognition.

      Disclosures

      UK: The SI does not provide information on what public disclosures will be required — firms will need to wait for the FCA consultation for more detail. Given that the government’s focus is on transparency, managing conflicts of interest and governance, it is reasonable to expect the FCA to consult on disclosures relating to the rating methodology used, data sources and any data limitations, the weighting of different E, S and G factors in the rating, and how conflicts of interests have been mitigated.

      EU: Annex III of the Regulation lists the minimum disclosures that will be required for methodologies, models and key rating assumptions. The draft RTS add further detail on public disclosures, such as:

      • methodological disclosures: time horizon, supporting models and key assumptions, absolute and relative values for the ranking categories, methods used to collect non-public data, process and frequency for revising methodologies etc.
      • limitations in data and methodology: availability, completeness and timeliness of data etc.
      • organisational disclosures: business model description, criteria for establishing fees etc.

      Implications for users of ratings and ratings providers

      Users of ESG ratings will welcome the additional robustness that the new regimes introduce. However, for ratings providers the new regimes will result in a significant uplift in their regulatory requirements, and in-scope firms will need to understand how they will be affected. This includes:

      • defining suitable authorisation pathways to support the EU and UK regimes
      • implementing new policies, processes, systems and controls to support compliance with new regulatory requirements
      • implementing new governance and legal structures to support firms moving into a regulated environment
      • preparing public disclosures

      While UK firms await the FCA’s consultation paper, they may benefit from conducting a ‘no regrets’ analysis to assess readiness in the above areas.

      ESMA will authorise and be the primary supervisor for ESG ratings providers in the EU. As set out in the 2026 Workplan, in the first half of 2026 ESMA will organise a workshop to identify and address practical questions around the registration process for providers. They will be able to submit registration applications from mid-2026 and may also want to consider ESMA’s recently published ‘Supervisory expectations for the management body’ which is applicable to directly supervised entities. 

      How KPMG in the UK can help

      KPMG’s ESG Data and Risk and Regulatory Advisory teams are well-placed to support financial institutions on a range of activities relating to the evolving ESG data and ratings landscape, for example:

      • Regulatory readiness assessments of ESG ratings providers’ business activities against the relevant requirements.
      • Remediation and implementation of enhancements required to meet the relevant requirements, including ratings entity design, governance structures and data controls.
      • Preparation and submission of regulatory applications for the authorisation of ESG ratings providers.
      • Provision of ESG Rating Assurance for use with ratings clients and users against either the voluntary Code of Conduct or future EU and UK regulatory obligations.

      Related content

      Providing pragmatic and insightful intelligence on regulatory developments.
      Read more

      Regulatory insights on environmental, social and governance topics on the horizon.
      Read more

      Our people