EU ESG Ratings Regulation: What do I need to do if I’m not a ratings provider?

The EU ESG Ratings Regulation (ESGRR) entered into force on January 2, 2025 and will start applying from July 2, 2026.

The ESGRR is primarily aimed at firms that aim to explicitly position themselves as an ESG ratings provider. However, the broad scope of the ESGRR will impact other firms who may not think of themselves as an ESG ratings provider. It is therefore a key compliance issue for other types of firms (both EU and non-EU) to consider.

Executive summary

Even where a firm is not intending to operate as an ESG ratings provider, it will need to carefully consider whether ESG related information, analysis or figures that it produces are in scope of the ESGRR. These may be in-scope of the ESGRR even when there is no immediately obvious nexus to the EU.
If any ESG ratings are produced – the exemptions in the ESGRR need to be considered in detail. Some exemptions are narrower than they first appear, and, for non-EU financial services firms in particular, it is difficult to rely on general exemptions for ESG ratings that are fully disclosed to third parties.
For EU regulated firms offering financial services or products that disclose ESG ratings, even when relying on the relevant exemptions, new obligations in the ESGRR must be complied.
Firms therefore need to assess the scope of the ESGRR in detail to avoid breaching it.

What is an ESG rating?

The ESGRR defines an ESG rating as (in summary):

an opinion or score, or a combination of both;
regarding a rated item’s profile or characteristics, or exposure to risks or impact on ESG factors;
that is based on both an:
- established methodology; and
- defined ranking system of rating categories.

The terms “ESG opinion” and “ESG score” are both defined in turn to cover ESG assessments carried out by rating analysts, and ESG measures derived from data using a statistical or algorithmic model.

A “rated item” includes legal persons, financial instruments and public authorities and bodies.

Whilst individual ESG opinions or scores will need to be assessed against this definition, it is clear that the concept of an ESG rating has a broad scope. It in principle captures certain ESG scores or assessments applied by entities that are not consciously set up as “ESG rating providers”.

For example – an asset manager that assigns “ESG impact” scores to investments, an insurer that assigns “climate risk exposure” scores to companies, or an investment bank which conducts ESG risk assessments on issuers as part of research, may all be producing “ESG ratings.”

When is an ESG rating in scope?

The ESGRR applies to ESG ratings issued by providers “operating in the Union.” This includes EU-established entities issuing and publishing or distributing ESG ratings, but also crucially applies to non-EU entities that issue and distribute ESG ratings to EU-regulated financial institutions, entities in-scope of the EU Accounting or Transparency Directives and/or EU/member state public bodies.

It is critical to appreciate that it captures the distribution of ESG ratings to not just entities in the EU, but, on its face, also EU entities’ operations outside the EU and some non-EU entities. Notably certain non-EU entities are in-scope of the EU Accounting or Transparency Directives – such as non-EU firms with an EU equity or debt listing.

Therefore, there is a risk of falling in-scope of the ESGRR even when there is no immediately obvious nexus to the EU (for example a non-EU firm distributes an ESG rating to another non-EU firm that happens to be listed in the EU).

There is a “reverse solicitation” regime in the ESGRR, but it is extremely narrow in scope compared to other EU financial services regulations, and difficult to use.

What about exemptions?

Given the broad potential scope of ESG ratings capture by the ESGRR, it is important to consider exemptions in narrowing its scope.

There are some straightforward exemptions that are likely to be useful for firms that are not consciously set up as ESG ratings providers, such as those for “private ratings” and ratings issued by regulated financial undertakings in the EU for intragroup and internal purposes.

A lot of focus to date has been on two seemingly broad sets of exemptions that could apply to client or external-facing products:

Exemptions for ESG ratings incorporated into other EU regulated products/services:
- Art. 2(2)(c) includes one for regulated financial undertakings in the EU, which issue ESG ratings which are “incorporated into a product or a service” where such products or services are already regulated under EU law and the ratings are disclosed to a third party.
- Art. 2(2)(m)-(n) include exemptions for disclosures under the EU Sustainable Finance Disclosure Regulation and the Taxonomy Regulation.
  
  (the Disclosure Exemptions)
An exemption under Art. 2(2)(g) for products or services that “incorporate an element of an ESG rating”, including investment research under MiFID (the Element Exemption).

It is important to note that using Disclosure Exemptions still requires the relevant firm to make additional disclosures under the ESGRR, so the “exemption” is really from the broader authorization and organizational requirements of the ESGRR that apply to “pure” ESG ratings providers, rather than a complete exemption.

The interaction of the Disclosure Exemptions and Element Exemption has been the subject of some debate, as the Element Exemption, at first glance, seems significantly more favourable. Notably, it does not require additional disclosures by the firm relying on it, and it is not limited to regulated financial undertakings in the EU (which would exclude non-EU firms, e.g. in cases where they are providing services to in-scope clients either outside the EU or on a cross border basis into the EU).

Our view

Our view is that the key limitation on the Element Exemption is that it refers to products or services that “incorporate an element” of an ESG rating, whereas the Disclosure Exemptions refer to products or services that “incorporate” an ESG rating and disclose it to third parties.

What exactly is the difference between incorporating “an element” of an ESG rating and incorporating an ESG rating? In the absence of further guidance, it appears to us that the distinction is that the Disclosure Exemptions are intended to exempt the full disclosure of ESG ratings to third parties as part of an otherwise EU-regulated product or service; whilst the Element Exemption only exempts a product or service that includes an aspect, component or part (even if an essential or key part) of an ESG rating but does not fully disclose the actual full ESG rating to third parties.

The example of investment research referred to in the Element Exemption is potentially instructive, as one can easily imagine how the investment recommendation in a piece of investment research could be informed by an ESG rating, have parts of the research which are similar to parts of an ESG rating, or perhaps even refer to the outcome of one without fully disclosing an ESG rating as a whole.

For example, saying the recommendation is to “buy” a particular investment at least partly because of its good performance on an ESG risk-management score. This would seem to align with the plain English meaning of “incorporating an element” of an ESG rating into a product or service, and mean that the Element Exemption does not completely supersede the Disclosure Exemptions (which could not be the intention given it is available to a narrower range of firms and is subject to additional compliance obligations).

Purposively, this also seems appropriate given one can see that when a full ESG rating is actually disclosed to third parties, that is when the additional disclosures required by the ESGRR become relevant (in providing transparency and to a certain extent creating a level playing field with authorized ESG ratings providers).

It is therefore important for firms to think carefully about whether they fully disclose ESG ratings as part of other products or services (in which case, depending on the type of firm the Disclosure Exemptions may or may not be available, but in any case comes with additional compliance obligations) or whether they can rely on the Element Exemption for products or services incorporating an element of an ESG rating (in which case they will need to be quite careful as to exactly what is communicated or disclosed to third parties).

Once the use of exemptions is understood, firms may need to adjust business models to ensure they can be relied upon, and, if using the Disclosure Exemptions, prepare additional disclosures and ensure compliance with the applicable obligations of the ESGRR.

Next steps

Firms will need to consider the potential impact of the ESGRR in advance of its July 2026 implementation.

Ben Maconick is a partner in the Financial Services team. Laura Houët is a partner in CMS’ Financial Services and Products team and CMS’ Co-Head of ESG.

Topics

Latest News

FINRA disciplinary action update 2025/18

Responding effectively to your CASS audit

ASIC roundup: Macquarie Securities sued, Zurich pays out, and ex coconut water CEO sentenced

Topics

Latest News

SEC to examine executive comp disclosure rules

Simplifying the Regulatory Capital Regime for FCA investment firms: FCA CP25/10

New rules to combat debanking in the UK

Topics

Latest News

Crypto wrap: Celsius founder jailed, American Bitcoin listing, plus more

UK retailers face steeper cyber insurance cover after recent attacks

The UK's new cryptoasset legal and regulatory framework explained

Topics

Latest News

SIFMA conference highlights efficient, dynamic US equity markets

GRIP Extra: Coinbase victim of $400m cyberattack, Trump fires Copyright Office director

FINRA Annual 2025: Modernizing rules and empowering compliance