Op-ed by Geoffroy Marcassoli, sustainability assurance leader at PwC Luxembourg.
For years, valid criticism was directed at ESG ratings providers as, the argument went, ESG scores were largely devised through black box methodologies which directly and indirectly shaped investment strategies worth billions of euros in capital allocation. The European Commission has seemingly listened to the feedback and has delivered a regime designed to make the market for sustainability opinions more trustworthy.
Indeed, on 2 July 2026, ESG ratings providers operating in the EU will come under a new supervisory framework whereby the European Securities and Markets Authority (ESMA) holds the keys: authorisation, registration, governance requirements, separation of conflicting business lines, disclosure of methodologies, data sources and the use of estimates and artificial intelligence (AI).
That is a genuine step forward for Europe’s sustainable finance framework, and it should be welcomed. But for asset managers, it would be a costly mistake if they were to read this regulation as a quality stamp that absolves them from any additional due diligence on ESG data.
As a matter of fact, while the new framework regulates conduct and transparency, it does not necessarily certify accuracy, methodological harmonisation, or guarantee that any given rating is fit for the purpose a financial market participant wants to put it to. Understanding what the regulation does not do is now just as important as understanding what it does.
Transparency is not standardisation
The regulation deliberately does not harmonise what an ESG rating should measure or how, and providers remain free to define their own materiality logic, weightings and aggregation choices. They must simply explain them better.
The well-documented divergence between providers, where the same issuer can be rated leader by one agency and laggard by another, will not disappear, but will only become better documented. As such, a rating remains an opinion rather than a scientifically proven and standardised fact.
Moreover, the supervisory regime’s perimeter is not as wide as headlines suggest. The regulation targets ESG ratings as defined products. Raw ESG data feeds, estimated datasets and many analytics products that asset managers consume in far greater volume than ratings sit largely outside its scope. Internal ratings produced by asset managers for their own use are also excluded.
In other words, the most regulated object in the sustainability data chain is not necessarily the most used one.
Inadvertent impact on European ESG ratings providers
A second weakness lies in enforcement and the broader market impacts that the regulation will have. ESMA gains powers over an industry that is global, concentrated and largely headquartered outside the EU. Large third-country providers – primarily from the United States – can serve EU users through endorsement or equivalence-style routes.
Recognising and supervising entities from a distance is notoriously harder than supervising those at home, while the compliance bill, authorisation fees, complaints handling and disclosure systems – to name a few – will be quite hefty costs that will fall most strongly on smaller European providers who can’t amortise them across vast client bases.
The plausible end state is a market that is more transparent but also more concentrated, with European users even more dependent on a handful of large, mostly non-EU groups. A regulation conceived to strengthen trust in the inputs of European sustainable finance may, perversely, weaken the diversity of those inputs.
The due diligence obligation does not disappear
Here is the uncomfortable message for asset managers: nothing in the ESG ratings regulation transfers responsibility for data quality from the user to the provider. A fund manager that builds an exclusion policy, a portfolio threshold or a client-facing sustainability claim on a third-party score remains fully accountable for that claim.
Supervisors have been consistent on this point across SFDR and the ESMA fund-naming guidelines: reliance on an external provider is not a defence. If anything, the new transparency makes passive reliance harder to justify. Once a provider has disclosed its methodology, its estimation practices and its data gaps, an asset manager can no longer plausibly say it could not have known.
The direction of travel of the EU’s sustainable finance framework makes this concrete. The European Commission’s proposed revision of the SFDR (‘SFDR 2.0’), published in November 2025, essentially terminates the disclosure and transparency regime and its well-known Article 8 and 9 de facto labels.
Instead, it proposes de jure defined product categories (Sustainable, Transition and ESG Basics), each subject to a minimum quantitative threshold of investments aligned with the category’s stated objective, mandatory exclusions, and tighter rules on the use of sustainability terms in fund names and marketing.
The era of narrative sustainability, where positioning could be described rather than measured, is closing.
Quantitative thresholds change the nature of data risk. Under a regime akin to the one proposed by SFDR 2.0, a flawed data point can tip a portfolio below 70%, push a holding into an exclusion list, or invalidate the very name of the fund. Classification and exposure to greenwashing allegations all start to hinge on the reliability of inputs that the asset manager did not produce, which mean that due diligence on data providers and ratings agencies must deepen precisely as the ratings market becomes regulated.
Conclusion
By shedding light on the black box methodologies of ESG ratings providers, the ESG ratings regulation fixes a real problem. But it only regulates the messenger, not the message. Scores will remain divergent opinions, much of the data chain remains outside the perimeter, and the burden of proving that a sustainability claim is sound stays exactly where it has always been, with the financial market participant making it.
This is why asset managers cannot afford to sit back and expect that they can take whatever the providers give them without any scrutiny. They will need to interrogate coverage and the share of estimated versus reported data in each universe they invest in, as well as understand how methodology changes affect comparability over time and whether a threshold breach reflects the portfolio or the provider’s model update.
Moreover, they will need to document the rationale for selecting and retaining providers in terms supervisory authorities would accept.
As the upcoming SFDR 2.0 is expected to convert sustainability from a disclosure exercise into a categorisation exercise with hard thresholds, the burden of due diligence grows heavier on asset managers. Those best placed for this next phase will not be those who treat July 2026 as the moment ESG data became safe to rely on. Instead, it will be those who treat the new transparency as an invitation, and an obligation, to scrutinise harder.
