Regulatory regimes for ESG ratings providers

Comparing UK and EU approaches

Male commuter or messenger with a bike in urban background. Safe cycling in the city, going to work by bicycle, delivery man image

January 2025

It is just over 12 months since the launch of the UK Code of Conductopens in a new tab for ESG Ratings and Data Products Providers. A year on, regulators in both the EU and UK have responded to shortcomings and risks in the transparency and integrity of ESG ratings and have now also developed formal regulatory approaches. The analysis below looks at how the two regimes have been structured and considers how they will impact providers and users of ratings.

The European Commission first published proposals to regulate ESG ratings providers in 2023 and the resulting Regulation on the transparency and integrity of ESG rating activitiesopens in a new tab has now been published in the Official Journal of the European Union. The rules will apply from July 2026.

In the UK, HM Treasury (HMT) also put forward proposals in 2023 on regulating the activities of ESG ratings providers and has now published its response to the consultationopens in a new tab alongside a draft statutory instrumentopens in a new tab. Once these have been considered by Parliament, it will be for the FCA to develop and consult on specific requirements for in-scope providers, with the government estimating that the  entire process from design to applicability could take up to four years, subject to the volume of applications for authorisation.

Both regimes recognise that ESG ratings play an important role in global capital markets and consequently address the need for them to be independent, comparable where possible, transparent and of adequate quality. The EU regime has progressed faster, and in-scope firms must now assess how the rules will affect their business models and take appropriate action to comply with the final requirements – although some detail is still to be published by the European Securities and Markets Authority (ESMA) in regulatory technical standards (RTS).

For firms likely to be captured by the UK regime, although final rules are yet to be published by the FCA, HMT has provided enough information for them to begin to assess the likely impacts. The FCA continues to encourage firms to sign up to the industry Code of Conductopens in a new tab, which has also been leveraged by Hong Kong (SAR), China to develop its code. Other countries such as Singapore & Japan have introduced their own codes of conduct, indicating the appetite for transparency and integrity in the ESG ratings market.

What is an ESG ratings provider?

HMT’s draft definition of an ESG ratings provider for regulatory purposes is ‘an assessment regarding one or more ESG factors, produced in the form of an ESG opinion, an ESG score or a combination of both, whether or not it is characterised as an ESG rating’. ESG opinions include an ESG rating where there has been substantial analytical input from an analyst, regardless of whether the opinion is formally characterised as a ‘rating’. Additionally, an ESG score refers to a rating that has been derived from data and a pre-established statistical or algorithmic model.

The EU has carved out a similar definition, with the final rules defining a system ‘that is based on both an established methodology and a defined ranking system of rating categories, irrespective of whether such ESG rating is labelled as “ESG rating”, “ESG opinion” or “ESG score”.’

Overview of the proposed regulatory requirements

The EU regime introduces specific requirements on the general principles of ESG ratings providers’ operation, disclosure of their data and methodologies, and their governance and organisational structure. The regime regulates the issuance, distribution and publication of ESG ratings, not the intended use of them.

Similarly, HMT intends for the regulatory regime to promote transparency, good governance, manage conflicts of interest, and introduce robust systems and controls. Like the EU, ‘the regulated activity would be the direct provision of an assessment’, i.e. regulate the provision rather than the use of ESG ratings. 


Implications for users of ratings and ratings providers

Users of ESG ratings will welcome the additional robustness that the EU rules introduce. However, for ratings providers the new regimes may result in a significant uplift in their regulatory requirements, and in-scope firms will need to understand how they might be affected. This could include needing to seek authorisation, compliance with the EU’s general principles on the integrity and reliability of ESG ratings activities, and implementation of robust governance requirements. They will also need to comply with numerous disclosure requirements and may therefore benefit from considering how to leverage existing systems to gather the disclosure metrics. ‘Readiness assessments’ can help to establish overall preparedness for the new regime.

In the UK, HMT has signalled a similar trajectory and emphasised alignment with the IOSCO recommendations on ESG ratings. UK firms may benefit from conducting a ‘no regrets’ analysis to assess their readiness for future authorisation, covering transparency, good governance, managing conflicts of interests and robust systems and controls. 

In the EU, ESMA, not the National Competent Authorities, will authorise and be the primary supervisor for ESG ratings providers. Where firms do not comply with the requirements, it may take the following supervisory measures:

  • Suspending or withdrawing the authorisation or recognition of the ESG rating provider
  • Temporarily prohibiting the ESG rating provider from publishing or distributing ESG ratings, until the infringement has been resolved
  • Requiring the ESG rating provider to bring the infringement to an end
  • Imposing fines
  • Issuing public notices

ESMA will develop draft RTS on areas such as information to be provided in the application for authorisation and recognition, measures and safeguards on the separation of business and activities, and disclosure of methodologies, models and assumptions.

Supervisory measures and penalties in the UK will become clearer once the FCA publishes its consultation paper. 


How KPMG in the UK can help

KPMG’s ESG Data and Risk and Regulatory Assurance teams are well-placed to support financial institutions on a range of activities relating to the evolving ESG data and ratings landscape, for example:

  • Regulatory readiness assessments of ESG ratings providers’ business activities against the relevant requirements.
  • Remediation and implementation of enhancements required to meet the relevant requirements, including ratings entity design, governance structures and data controls.
  • Preparation and submission of regulatory applications for the authorisation of ESG ratings providers.
  • Provision of ESG Rating Assurance for use with ratings clients and users against either the Code of Conduct or future EU and UK regulatory obligations.   

More detail


Related Content

Comparing regulatory proposals for ESG ratings

As the EU and UK press ahead with proposals, differing approaches may be challenging

ESG ratings — the EU’s journey to regulation begins

European Commission consults on a regulatory regime for ESG rating providers

ESG Data and Ratings Providers

Emerging Regulatory Landscape



Our People 


Connect with us

KPMG combines our multi-disciplinary approach with deep, practical industry knowledge to help clients meet challenges and respond to opportunities. Connect with our team to start the conversation.

Two colleagues having a chat