ESMA Final Report on ESG Ratings Technical Standards: What’s Changed and What It Means for Financial Institutions

Overview

On 15 October, the European Securities and Markets Authority (ESMA) published its Final Report on the draft regulatory technical standards under the ESG Ratings Regulation, covering authorisation/recognition, separation of activities, and disclosures.

The final text materially adjusts the consultation package (see our prior client note on this here) to reduce the compliance burden and sharpen proportionality in several areas. Most notably, ESMA has: simplified information requirements for applications; retained but reframed the physical separation expectation; removed or softened several granular disclosure points; and allowed cross-referencing and hyperlinks for public disclosures.

Subject to adoption by the Commission and non‑objection by Parliament and Council, the RTS are set to apply from 2 July 2026, aligning with the Level 1 application date.

What has changed since the consultation paper

ESMA has responded to concentrated feedback on proportionality, feasibility, and scope creep and in response has generally aimed to pare back some of the more onerous elements of the consultation versions. Key movements include:

• RTS on authorisation and recognition applications (“Authorisation and Recognition RTS”):
  • Ownership mapping is narrowed to parent undertakings and subsidiaries (no longer “associated entities”).
  • Senior management “good repute” evidence is refocused on specified financial crimes, with flexible sourcing of criminal record certificates depending on countries of residence; self‑declaration remains a fallback where official certificates are unavailable.
  • Staffing disclosures shift from person‑level data to team‑level descriptions of headcount, training and seniority, separating analyst and non‑analyst functions; ESMA recognises some providers may not have “rating analysts” as such.
  • Expected market coverage is simplified to a product description and number of rated items per product in the EU.
  • Methodology content in applications is streamlined: models and key rating assumptions are no longer required; provision of the methodology suffices.
  • For recognition, the list of ratings intended for EU distribution is now a simple .csv list without specified data fields.
• RTS on separation of activities (“Separation of Business RTS”):
  • Physical separation remains, but prescriptive references to segregated office space and secure access are replaced with outcome‑oriented measures supporting independent, impartial decision‑making.
  • “Network segmentation” is removed; the focus is on role‑based access controls, supported by data classification and confidentiality policies.
  • Staff conflict self‑declarations are now required annually (12‑month cadence), with recognition that existing annual attestations within codes of conduct meet the requirement.
  • Redundant references to the group level are removed where covered by Level 1.
  • Monitoring of employees’ communications is repositioned as a best‑practice recital example rather than a binding control.
  • Adequacy assessments of measures are required at least every 24 months (not annually).
• RTS on disclosures to public, users and rated items (“Disclosures RTS”):
  • The table prescribing sequence/structure is retained for public disclosures (Annex III.1), but ESMA has decided not to extend it to non‑public disclosures (Annex III.2). Cross‑referencing and hyperlinks are permitted provided the prescribed order is preserved.
  • ESMA drops the controversial proposal to disclose names/identifiers of rated items, clarifying the intent is at product/methodology level, not per rating.
  • Requirements shift from quantitative split to descriptive explanation of how risk and impact materiality are considered, with “where applicable” flexibility.
  • The level of prescription in methodology disclosures is tempered:
    • Engagement. New explicit disclosure of engagement processes with rated items and how input is taken into account.
    • Scientific evidence. Reframed to describe the process for identifying relevant scientific evidence, rather than listing studies.
    • AI. The consultation‑stage granularity on AI “types” is removed; Level 1 obligations on AI‑related risks remain the baseline.
    • Ranking systems/time horizons. Duplicate or overly granular items are removed or relocated; the illustrative ranking disclosure is recast within general methodology.
    • Organisational disclosures focus on main conflict risk areas and business model/fee model transparency without requiring granular mitigation narratives.
  • Providers must disclose criteria for what constitutes a “material change” (not only the occurrence of changes) in methodologies, and maintain public transparency on all methodology updates consistent with Level 1.

Practical impacts

Firms preparing to operate as an authorised or recognised ESG ratings provider under this new regime should review these final draft RTS carefully.

Authorisation and recognition applications are set to become less onerous than anticipated in the consultation paper versions of the RTS. However, the requirements are still fairly granular, and hence firms will need to prepare the necessary materials carefully.

The greater flexibility in business separation is likely to be welcome. However, given how prescriptive the requirements remain (both in the Level 1, and in this final draft RTS), firms which currently operate their ESG ratings as part of broader, integrated businesses will need to assess the requirements in detail. This would include refreshing any conflicts risk assessment and designing a separation model appropriate to your footprint (e.g., dedicated floors/zones, controlled meeting rooms, clean‑desk policies) supported by role‑based access, data classification tiers and confidentiality protocols. For providers also administering benchmarks, this would also include implementing compensation firewalls, documenting non‑mechanistic uses of benchmark outputs in ratings, and embedding pre‑contract conflict assessments for rated items, issuers and investor clients.

Disclosures are a key part of the regime for ESG ratings providers. Firms should review the final draft RTS and make sure they align public‑disclosure sequence while using the new flexibility for cross‑references/hyperlinks to existing materials to reduce the workload where possible. Inevitably firms will need to update methodology documentation to meet the prescriptive requirements of the RTS. Firms will also need to define and document criteria for “material change” to methodologies and align notification and publication workflows and ensure versioning discipline going forward.

Timelines and next steps

ESMA has submitted the RTS to the European Commission for adoption. Parliamentary and Council non‑objection will follow the Commission’s adoption. The RTS are drafted to apply from 2 July 2026, aligned with Level 1.