Regulation (EU) 2023/2859
ESG Ratings Regulation Compliance Guide
EU Regulation 2023/2859 on ESG rating providers applies from 2 July 2026. This guide covers authorisation requirements for ESG rating providers, transparency and governance obligations, and what asset managers and fund managers need to do before the deadline.
Action required now: ESMA will open the authorisation window before 2 July 2026. ESG rating providers should prepare applications immediately — the authorisation process takes 60+ working days once ESMA accepts a complete application. Asset managers should audit their provider lists before the deadline.
What Is the ESG Ratings Regulation?
Regulation (EU) 2023/2859 on the transparency and integrity of ESG rating activities was published on 20 December 2023 and will apply from 2 July 2026. It is the first EU-level framework specifically governing ESG rating providers — filling a gap that SFDR and the EU Taxonomy left unaddressed by regulating the data layer underlying those frameworks.
The regulation responds to concerns from supervisors and market participants about the opacity of ESG rating methodologies, the lack of comparability between providers, and unmanaged conflicts of interest (particularly where the same firm provides both ESG ratings and consulting services to rated entities).
ESG Rating Providers
Any entity that issues ESG ratings to EU-regulated users on a professional basis must obtain ESMA authorisation (or qualify for an exemption) before 2 July 2026.
- ESG rating agencies (MSCI, Sustainalytics, ISS, etc.)
- Index providers with ESG scores
- Data vendors offering ESG ratings alongside data
- Non-EU providers via endorsement or recognition
Users of ESG Ratings
Regulated financial entities using ESG ratings in investment processes, product disclosures, or client communications are indirectly affected through the authorisation status of their providers.
- AIFMs and UCITS ManCos (SFDR PAI reporting)
- MiFID investment firms (suitability assessments)
- Credit institutions (ESG risk frameworks)
- Insurance and pension funds (sustainability integration)
Key Obligations for ESG Rating Providers
Authorised providers are subject to six categories of ongoing obligations under the regulation.
ESMA Authorisation
Arts. 6–19Providers must apply to ESMA for authorisation before offering ESG ratings to EU users. ESMA has 25 working days to assess completeness and 60 working days to make a decision.
Methodology Disclosure
Art. 23Methodologies, models, and key assumptions used to develop ESG ratings must be publicly disclosed in machine-readable format and kept up to date.
Conflicts of Interest
Arts. 25–28Providers must separate ESG rating activities from consulting and advisory services. A compliance function and board-level governance are required.
Annual Transparency Report
Art. 23(2)An annual report on governance, methodologies, rating actions, and conflicts of interest management must be published on the provider's website.
E, S, G Separation
Art. 23(1)(b)Where a rating covers environmental, social, and governance factors separately, each component must be disclosed individually and not aggregated into a single score without clear methodology explanation.
Rating Actions
Art. 23(1)(f)Providers must disclose information about changes to their rating actions, including upgrades, downgrades, and withdrawals, along with the reasons for material changes.
What Asset Managers Must Do Before July 2, 2026
Asset managers are not directly authorised under the regulation, but they are indirectly affected through their reliance on ESG ratings for SFDR disclosures and investment processes.
Source ratings from ESMA-authorised providers
From July 2, 2026, ESG ratings used in investment processes or disclosures should come from ESMA-authorised (or exempt) providers.
Review SFDR disclosures referencing ESG ratings
SFDR PAI statements and Article 8/9 fund disclosures that reference third-party ESG scores should identify whether the provider is compliant.
Update due diligence processes
Investment due diligence frameworks and ESG integration policies should be updated to include provider authorisation status checks.
Monitor non-EU provider status
Managers using non-EU ESG rating providers (e.g., US-based) should track their endorsement, recognition, or certification status with ESMA.
Key Dates
20 December 2023
Regulation published in the EU Official Journal
9 January 2024
Regulation entered into force
Q1–Q2 2026
ESMA opens authorisation applications for ESG rating providers
2 July 2026
Regulation fully applies — providers must be authorised (or exempt) to offer ESG ratings in the EU
2 July 2027
First annual transparency reports due for authorised providers
How ESG Ratings Regulation Intersects with SFDR and the EU Taxonomy
The ESG Ratings Regulation sits at the data layer of the EU sustainable finance framework — governing the quality and integrity of the inputs that underpin SFDR disclosures and Taxonomy alignment assessments.
SFDR (Regulation (EU) 2019/2088)
SFDR requires fund managers to disclose principal adverse impacts (PAIs) and sustainability-related information in pre-contractual documents and periodic reports. Many PAI indicators rely on third-party ESG data and ratings. From July 2026, managers must ensure their ESG data providers are ESMA-authorised where they provide ESG ratings (not just raw data).
EU Taxonomy (Regulation (EU) 2020/852)
Taxonomy alignment assessments require environmental performance data on investee companies. Where this data is sourced from ESG rating providers rather than direct company disclosure (CSRD), the provider's authorisation status will be relevant. The Commission is expected to issue guidance on the interaction between these frameworks before July 2026.
CSRD (Directive (EU) 2022/2464)
CSRD requires large companies to disclose sustainability information under ESRS standards. As CSRD data becomes available from 2025 reporting periods, ESG rating providers will increasingly rely on standardised CSRD disclosures as inputs — improving comparability and reducing reliance on estimated data. This should reduce ESG rating divergence over time.
Frequently Asked Questions
What is EU Regulation 2023/2859 on ESG ratings?
Regulation (EU) 2023/2859, published in the Official Journal on 20 December 2023, establishes the EU regulatory framework for ESG rating providers. It requires providers issuing ESG ratings to users in the EU to be authorised by ESMA (the European Securities and Markets Authority) and to comply with transparency, governance, and conflicts of interest requirements. The regulation applies from 2 July 2026.
Who needs ESMA authorisation under the ESG Ratings Regulation?
Any entity that issues ESG ratings and offers them to regulated financial undertakings, financial advisers, or issuers in the EU on a professional basis must be authorised by ESMA — unless they qualify for an exemption. Exemptions include providers issuing fewer than two ESG ratings per year (small providers), ratings produced purely for internal use, credit ratings that incorporate ESG factors (covered by the CRA Regulation), and ratings issued by EU public bodies.
What are the key obligations for authorised ESG rating providers?
Authorised providers must: (1) disclose their methodologies, models, and key assumptions publicly and in machine-readable format; (2) separate ESG rating activities from consulting, auditing, and credit rating activities; (3) implement governance arrangements to manage conflicts of interest, including board-level oversight and a compliance function; (4) publish an annual transparency report; (5) notify ESMA of material changes to methodologies; and (6) apply the same methodologies consistently and not accept payment structures that compromise objectivity.
What does the ESG Ratings Regulation mean for asset managers using ESG ratings?
Asset managers (AIFMs, UCITS ManCos, and MiFID investment firms) that rely on ESG ratings in investment processes or client disclosures should ensure the ratings they use are sourced from ESMA-authorised providers (or exempt providers) from July 2, 2026. Using ratings from non-authorised providers where authorisation is required could create regulatory risk. Managers should also review their SFDR and Taxonomy disclosures that reference ESG ratings to ensure underlying data sources remain compliant.
How does the ESG Ratings Regulation interact with SFDR and the EU Taxonomy?
The three frameworks are complementary but distinct. SFDR (Sustainable Finance Disclosure Regulation) governs how fund managers disclose sustainability risks and impacts to investors. The EU Taxonomy provides a classification system for environmentally sustainable activities. The ESG Ratings Regulation governs the providers and methodologies behind the ESG scores that inform SFDR disclosures and Taxonomy assessments. In practice, ESG ratings underpin both SFDR principal adverse impact reporting and Taxonomy alignment claims — so the quality and authorisation status of rating providers directly affects SFDR/Taxonomy compliance.
Can non-EU ESG rating providers operate in the EU after July 2, 2026?
Yes, through one of three routes: (1) endorsement — a third-country rating endorsed by an ESMA-authorised EU provider; (2) recognition — ESMA may recognise third-country providers where the Commission has adopted an equivalence decision for their jurisdiction; or (3) certification — smaller third-country providers may apply for ESMA certification without equivalence. Non-EU providers not yet authorised via one of these routes cannot offer ESG ratings to EU users after the application date.
Questions on ESG Ratings Compliance?
financialregulations.eu covers the full text of Regulation 2023/2859, SFDR, the EU Taxonomy, and CSRD. Get cited answers from the regulatory text in 90 seconds — no law degree required.