Discover how new ESMA rules on ESG ratings transparency affect companies and what steps businesses can take to prepare for clearer sustainability assessments.
As of 2 July 2026, ESG rating activities in the European Union enter a new regulatory phase. Regulation (EU) 2024/3005 introduces the EU’s first dedicated framework for ESG rating providers, bringing covered providers under ESMA supervision and setting clearer requirements on transparency, governance and methodology disclosure.
For companies, this does not mean that ESG ratings can be negotiated or directly challenged. It does, however, make the rating process more transparent, helping businesses better understand the methodologies, data sources and assumptions used in ESG assessments, and identify potential factual inaccuracies where relevant.
Takeaways
-
2 July 2026 marks the application date of Regulation (EU) 2024/3005: from this day, ESG rating activities in the EU become subject to a dedicated EU regulatory and supervisory framework for the first time.
-
ESMA becomes the competent supervisory authority for ESG rating providers covered by the Regulation.
-
Methodology transparency is now mandatory: providers must publicly disclose their rating models, data sources and key assumptions, helping companies better understand how ESG ratings are developed and, where relevant, identify potential factual inaccuracies in the information used.
-
For financial institutions and other users of ESG ratings, the new framework reinforces the importance of relying on ratings issued by authorised providers.
Why ESG Ratings transparency has become a business issue
ESG ratings have become central infrastructure in sustainable finance and increasingly in procurement and supply chain decisions:
-
Asset managers use them to construct ESG-labelled funds.
-
Banks use them in sustainable financial processes, credit assessment, customer ESG profiling or monitoring frameworks.
-
Large corporations use them to assess supplier sustainability.
-
Institutional investors use them as one of the inputs to support their ESG policies, product governance, and disclosures under SFDR (Sustainable Finance Disclosure Regulation) and other EU frameworks.
Regulation (EU) 2024/3005 is the legislative response. It brings ESG rating providers under a dedicated ESMA supervisory regime inspired, in certain respects, by the regulatory framework applicable to credit rating agencies.
Scope: who is covered and who is not
The regulation defines a broad perimeter:
-
EU provider
-
Non-EU providers whenever ESG ratings are made available to relevant EU users.
Its scope goes beyond financial markets: also reaches corporate reporting, public disclosures and supply chain assessment activities, making it important for companies to understand whether the ratings they issue, use or receive fall under the new framework.
Supply chain rating platforms
The regulation explicitly recognises that ESG ratings are used in the procurement and supply chain context, not only in financial markets.
ESG Platforms that issue ESG scores to assess supplier sustainability, for use in B2B procurement or due diligence, fall within scope if they operate on a professional basis and use a defined methodology and ranking system.
The Pillars of the Regulation
The Regulation introduces a set of obligations for ESG rating providers covered by the EU framework. For companies, the most relevant changes concern transparency, supervision, conflicts of interest and the way ESG ratings are structured.
Pillar 1: ESMA authorisation and registration
ESG rating providers within scope must be authorised by ESMA before providing ESG rating services in the EU. ESMA also maintains a public register of authorised providers.
Pillar 2: Methodology transparency
Providers must publicly disclose key information on how their ratings are developed, including methodologies, models, assumptions, data sources, estimation methods, objectives and limitations.
They must also clarify which ESG factors are assessed and whether the rating reflects financial risk, impact materiality, or both. Where an aggregated ESG score is provided, separate E, S and G components must also be made available.
Pillar 3: Conflicts of interest
The Regulation introduces stricter rules to prevent conflicts of interest. ESG rating activities must be separated from services that could compromise independence, such as consulting, audit, investment advice or credit rating activities.
For companies, this is important because ESG ratings are expected to become more independent, transparent and easier to interpret.
Pillar 4: Governance and organisational requirements
ESG rating providers must have clear governance arrangements, defined roles and responsibilities, qualified senior management and processes that protect rating analysts from commercial pressure.
This strengthens the organisational reliability of ESG rating activities and supports greater confidence in how assessments are produced.
The full regulatory timeline: key dates at a glance

What changes for companies that are rated: new rights, new opportunities
Most of the regulation's text is directed at ESG rating providers. But its effects ripple directly through the companies being assessed, including SMEs in supply chains that are evaluated through platforms used by larger clients or financial institutions. For rated companies, the new framework is not just a compliance development to monitor: it is a set of concrete new rights and a new level of visibility into a process that has long been opaque.
Greater methodological transparency means you can now understand your score
For the first time, the methodology behind your ESG rating must be publicly disclosed. As of today, providers are required to publish, in a dedicated section of their website:
• What factors they assess (and how they weight them)
• What data sources they use (public disclosures, proprietary data, media monitoring, questionnaires)
• How they estimate data where it is not available
• Whether the rating reflects financial risk exposure, societal impact, or both
This means companies can now study how they are being assessed and take more targeted action to improve their profile.
Separate E, S, and G scores will be available
The requirement to provide separate environmental, social, and governance components (rather than only an aggregate score) gives companies clearer insight into which dimensions are driving or dragging their rating. This is particularly useful for companies with strong performance in some areas but weaknesses in others that are hidden by a composite score.
Appeal procedure
Before the first issuance of an ESG rating, you have the right to receive relevant information made available under the Regulation and flag factual inaccuracies or errors before the rating is finalised. This is a significant procedural protection, particularly for companies that have historically discovered errors in their publicly available ESG profiles only after the fact.
The Checklist

What changes for companies that use ESG Ratings
Financial institutions, corporate buyers, and procurement teams that rely on ESG ratings (whether to make investment decisions, assess suppliers, or substantiate sustainable finance claims) face important changes.
Due diligence on your rating provider relationships
Buyers of ESG ratings, from large asset managers with dozens of data vendor contracts to mid-sized companies using a single supply chain rating platform, should conduct a formal review of their provider relationships.
Key questions:
• Is this provider within scope of the regulation?
• Have they notified ESMA by 2 August 2026 (the first mandatory notification deadline)?
• Have they received authorisation or recognition, or are they in the transitional window?
• Do their disclosures now meet the transparency requirements of the Regulation?
The ESMA public register is the authoritative reference for provider status.
Procurement and supply chain due diligence
Companies that use ESG ratings platforms to assess suppliers (for CSDDD compliance, internal sustainability standards, or contractual requirements) should be aware that those platforms are also in scope if they meet the definition of an ESG rating provider. The regulation explicitly acknowledges the supply chain context. This creates an alignment opportunity: supply chain ESG assessments will now be produced under a regulated, transparent framework, making them more defensible as part of formal due diligence documentation.
The impact on ESG Ratings market structure
The new regulatory framework is expected to reshape not only how ESG ratings are produced, but also who can realistically operate in the market. Higher compliance requirements, stricter separation rules and new disclosure obligations may drive a more transparent, but also more concentrated, ESG ratings ecosystem.
Consolidation and market exit
The compliance costs associated with ESMA authorisation (governance restructuring, methodology documentation, conflict-of-interest frameworks, IT systems, supervisory fees) are substantial. Smaller, specialist rating providers that cannot absorb these costs may exit the market or be acquired by larger platforms. The consolidation of the ESG ratings industry, already underway before the regulation, is likely to accelerate.
Separation of ratings and consulting
The prohibition on providing consulting alongside rating activities in the same legal entity, particularly sustainability strategy consulting, will require some of the largest players in the market to restructure. Providers that have built integrated business models combining ratings with advisory services face a choice: separate into distinct legal entities, exit one of the activities, or partner with separate advisory firms.
FAQ
Does the regulation apply to my company if we only receive ESG ratings, not issue them?
The regulation’s primary obligations fall on ESG rating providers, not on rated companies. However, companies that are rated may be affected by the new framework, including through greater transparency around the methodologies and information used to produce ESG ratings, as well as mechanisms to flag factual errors or inaccuracies. Users of ratings, such as financial institutions and procurement teams, may also need to verify the regulatory status of ESG rating providers where the ratings fall within the scope of the Regulation. So while rated companies are not directly regulated as providers, the framework materially affects how ESG information about them is produced, reviewed and used.
What happens if an ESG rating provider we use has not yet obtained ESMA authorisation?
Providers that were already operating in the EU before 2 January 2025 have a transitional window: they must notify ESMA of their intention to continue by 2 August 2026 and submit a full authorisation application by 2 November 2026. During this window, they may continue operating and will be temporarily listed on ESMA's public register. After November 2026, providers that have not been authorised or are not awaiting a decision on a complete application must cease EU activities. Companies using such providers should monitor ESMA's register closely and plan for the possibility of provider changes.
Does this regulation affect SMEs that are rated by their larger clients or banks?
Yes, indirectly and importantly. If an SME is assessed by a supply chain ESG platform used by a larger client for procurement due diligence, or by a bank as part of a green loan assessment, that platform may fall within the scope of the regulation. The transparency requirements mean SMEs will have greater insight into how they are being assessed, and the right to correct factual errors. SMEs should also ensure their public information is accurate and up to date, as it will be increasingly used as a data input by authorised rating providers.
How can a company align with the new ESG rating regulation?
Alignment does not require companies to become regulatory experts, but it does require deliberate action across three areas. First, know who rates you: identify the ESG rating providers, and any supply chain assessment platforms that may produce ESG ratings in the technical sense, that include your company in their coverage, whether or not you have a direct commercial relationship with them. Where the provider falls within the scope of the Regulation, check its regulatory status, such as ESMA authorisation, endorsement, recognition or reliance on the transitional regime. Second, take control of your data: greater transparency requirements around methodologies, models, key rating assumptions and data sources can help you understand what information may influence your ESG profile and ensure that your public disclosures, including annual reports, CSRD filings and website content, are accurate, complete and clearly structured. Third, make use of available engagement mechanisms: in accordance with the Regulation’s procedures, you may be entitled to receive or request certain information used for the rating and to flag factual errors or inaccuracies. Building a process to do this systematically, rather than reacting after the fact, is the most direct way to improve the reliability and accuracy of your ESG profile under the new framework.