UK Introduces Its First Regulatory Regime for ESG Ratings Providers

As the significance of ESG ratings has grown materially with investors channelling more capital towards sustainable investments, the UK government is bringing providers of ESG ratings within the scope of financial services regulation for the first time. The Financial Services and Markets Act 2000 (Regulated Activities) (ESG Ratings) Order 2025 (the Order) was signed into law on 15 December 2025, giving the Financial Conduct Authority (FCA) power to make rules to regulate the ESG ratings sector. Those rules will come into force by 29 June 2028, and ESG ratings providers in scope of regulation will need to apply for and obtain FCA authorisation by this date. In the meantime, the FCA are consulting on their approach to regulating the sector through their Consultation Paper 25/34, “ESG ratings: proposed approach to regulation”. Below, we look at the scope of the new regulated activities and the FCA proposals for regulating the sector.  

While the regime will be directly relevant to specialist ESG ratings providers, it will also be of wider importance to other firms that produce ESG-related analysis, scores or metrics, including where those outputs are not explicitly branded or marketed as “ratings”. All parties in the sector will need to assess whether their services are captured by the newly created regulated activity of “providing an ESG rating”.

The FCA’s policy objectives are to:

• Make ESG ratings more transparent, reliable and comparable.
• Support better decision-making and greater confidence in the market.
• Be proportionate and support growth in sustainable finance.

It is also worth mentioning that the UK is also not alone in extending regulation to ESG ratings providers. The European Union has, for example, introduced its own regulatory framework through its ESG Ratings Regulation ((EU) 2024/3005). Both the UK and EU frameworks are based on the recommendations published by the International Organization of Securities Commissions (IOSCO), which are intended to enable international interoperability in this space.

The UK ESG Ratings Order

The Order defines the scope of ESG ratings activities that will become subject to an FCA authorisation requirement.

Formally, the Order amends the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO) to specify “providing an ESG rating” as a regulated activity, where the rating is likely to influence a decision to make a specified investment.

As with other regulated activities under the Financial Services and Markets Act (FSMA), firms carrying on this activity in the UK will require authorisation unless an exemption applies. Non-UK firms will also be caught in certain circumstances, as detailed below.

The definition of the new regulated activity is potentially very broad, given that it bites on ratings that “are likely to influence” an investment decision. There is no requirement that the rating must take the form of advice or a recommendation made to a particular investor based on the investor’s circumstances. The Order makes it clear that it does not matter whether the rating is solicited or unsolicited. The potentially very wide scope of the activity is limited in circumstances where the provider of the EGG rating could not reasonably have expected the rating to influence a decision to make an investment.

When Does a Person ‘Provide’ a Rating?

The new regulated activity will arise where a person “provides” an ESG rating. The draft Order states that “provides” in this context means both producing the rating and “making it available”. This latter phrase includes but is not limited to issuing the rating to another person or publishing the rating on a website or other digital medium.

Non-UK Ratings Providers

Ratings providers located outside the UK will be captured by the new regulated activity where they provide an ESG rating to a person located in the UK. This will cover circumstances both where the rating is provided directly to a person in the UK but also where the rating is provided to a person outside the UK and the ratings provider could “reasonably expect the rating to be made available to” the UK person indirectly.

The broad definition of the term “provide”, which includes provision of the rating through a website or other digital medium, raises issues as to whether access to ESG ratings on non-UK websites will need to be controlled.

The UK does have an overseas person exclusion whereby activities engaged in by persons who do not have a permanent place of business in the UK can avail themselves of an exclusion from UK regulation.

However, the overseas person exclusion will be applied in very limited form. An overseas person will not be treated as carrying on a UK regulated activity where they provide a rating to a person in the UK and receive no remuneration from any person with respect to the rating.

Defining an ESG Rating

While some ESG ratings are clearly recognisable as such, the UK definition is deliberately broad and is capable of capturing outputs that firms may not consider to be “ratings” in the conventional sense.

Under the Order, an ESG rating is defined as: “an assessment regarding one or more ESG factors, which (a) is produced in the form of an opinion, a score or a combination of both … and (b) is prepared using an established methodology and a defined ranking system of rating categories”.

The legislation distinguishes between:

• ESG Scores:  ratings derived from data using a pre-established statistical or algorithmic system or model, without substantial analytical input from an analyst; and
• ESG Opinions:  ratings involving substantial analytical input from an analyst.

Both types are within scope regardless of how they are labelled or presented.

The Order also provides illustrative (but nonexhaustive) examples of what constitutes a “rating category”, including variables or divisions within a system such as letters, numbers, symbols, colours or temperatures that provide a relative measure distinguishing characteristics of rated items. In practice, this means that even relatively simple assessment frameworks — such as the use of red, amber and green indicators — could fall within scope, regardless of whether the firm presents itself as an ESG ratings provider.

Notably, the EU’s definition of an ESG rating expressly encompasses both ESG and human rights factors. By contrast, the UK definition makes no explicit reference to human rights, although it appears to proceed on the assumption that such considerations are subsumed within the “social” component of ESG.

ESG Ratings and Investment Decisions

A key feature of the UK regime is that the provision of ESG ratings is regulated only where the rating is likely to influence an investment decision.

The relevant investment decision must relate to a “specified investment” under the RAO. Specified investments include regulated financial instruments such as shares, debt securities, units in collective investment schemes, derivatives, contracts of insurance and pension interests (as set out in Part III of the RAO).

As a result, ESG assessments that influence decisions relating to physical assets, corporate operational strategy or consumer purchasing behaviour will generally fall outside scope, unless they are also likely to influence investment decisions in specified investments.

Exclusions

The Order contains a number of targeted exclusions. For firms engaged in ESG-related activities, many of these exclusions will be of limited application. However, several are notable for their broader practical relevance.

Key exemptions include those for:

• Regulated Products and Services: Where the rating is not provided as a stand-alone product or service and is provided in the course of carrying on another regulated activity or ancillary service for which the person is already authorised.
• Intra-Group Ratings: Where an ESG rating is provided to another member of the same corporate group and is not expected to be shared externally.
• Private Use: Where an ESG rating is provided under a contract solely for the benefit of the counterparty and is not expected to be shared externally.
• Non-Commercial Provision: Where a person provides an ESG rating in the course of the person’s activities as a journalist, an academic or a charity, and either the person is not paid for the rating or it is provided on an occasional or one-off basis.
• Regulatory or Legal Requirement: Where the rating is provided solely for the purpose of complying with any regulatory or legal requirement the person is subject to.

Although ESG ratings are not separately regulated when provided in the course of a regulated activity, FCA-authorised firms remain subject to existing requirements. These include the FCA’s anti-greenwashing rule and, where applicable, the ESG naming and marketing rules and sustainable finance labelling regime set out in the ESG Sourcebook. Firms will also already be subject to many of the governance and systems and controls requirements being introduced by the FCA, including around conflicts of interest.

While this approach is intended to avoid unnecessary regulatory duplication, it does create an uneven playing field between regulated firms and standalone ESG ratings providers. We expect the FCA to monitor how this operates in practice and to consider whether further adjustments are needed.

Authorisation Requirements

If a firm is unable to rely on an exemption and falls within the scope of the regime, it will be required to seek FCA authorisation to provide ESG ratings before the main commencement date of the new regime. This will entail submitting a formal application to the FCA, supported by detailed information on the firm’s legal and ownership structure, governance arrangements, senior management and key staff, and the nature of its ESG ratings activities and controls. The FCA will then undertake a structured assessment of the application before determining whether to grant permission.

The FCA is currently consulting on the regulatory requirements that will apply to authorised ESG ratings providers. Firms that expect to require authorisation should therefore closely review the consultation and consider how the proposed rules may affect their operating model, governance and compliance arrangements.

Timing and Next Steps

The new regulated activity of providing ESG ratings is scheduled to come into force on 29 June 2028. The FCA will open an application window to receive applications for authorisation under the new regime before this date so that applications can be processed in advance of the new requirements coming into force.

The Order provides transitional and savings measures allowing persons that have applied for the necessary permission to carry on the new regulated activity to continue providing ESG ratings after the main commencement date if the FCA has not yet determined their application. The transitional and savings provisions will expire after one year, on 29 June 2029.

Firms that may fall within scope should therefore:

• Assess whether their ESG-related activities constitute regulated ESG ratings;
• Consider whether any exclusions apply; and
• Begin planning authorisation strategies, governance enhancements and compliance frameworks in parallel with the FCA’s consultation process.

The FCA’s consultation on the regulatory requirements for ESG ratings providers will be the subject of a subsequent briefing.