A handful of agencies sit between every voluntary carbon credit and every corporate buyer — issuing opinions that move millions in procurement decisions, without the regulatory scaffolding that surrounds every comparable rating discipline. The EU's ESG Ratings Regulation closes part of the gap from July 2026. The rest is still an open question.
Carbon rating agencies sit between every voluntary credit and every corporate buyer — yet operate without the regulatory scaffolding that surrounds every comparable rating discipline. From 2 July 2026 the EU's ESG Ratings Regulation opens ESMA's authorisation regime, with effective supervision building through 2027 — and only for the EU market. The global question — statutory regulator, expanded ICVCM, or a new purpose-built body — is still open.
A carbon rating agency assesses the quality and risk of individual carbon credits — not the standards that issue them, not the registries that store them. Its output is a single rating on a proprietary scale. As of 2025–26 the three highest-volume agencies have converged on the same 8-point letter scale: BeZero Carbon, Sylvera, and Calyx Global all rate from AAA to D, with Calyx having moved to that scale in January 2025 to align with the market norm. Pachama, MSCI's new Carbon Project Ratings product, and a growing list of AI-driven tools each use their own variant of the same idea.
Carbon rating agencies sit between every issuer and every meaningful buyer. The methodology behind a single rating shapes the price, eligibility, and reputational risk of a credit for everyone downstream of it. That is the structural position Moody's, S&P and Fitch hold in the bond markets. The difference is in everything that surrounds them.
Behind each rating is a methodology that combines project documentation review with satellite imagery, baseline analysis, additionality and permanence testing, leakage modelling, and an evaluation of co-benefits. Different agencies weight these inputs differently, which is why the same project routinely receives materially different scores from different raters. The phenomenon is well-known in the industry: five agencies, one project, five ratings.
Ratings are consumed by corporate buyers building net-zero portfolios, traders running compliance and voluntary positions, asset managers underwriting projects, and registries that increasingly publish ratings alongside project data. They feed into procurement decisions, board-level disclosures, and the credibility of net-zero claims that are themselves under regulatory scrutiny — the UK's Green Claims Code, the EU's Empowering Consumers Directive, the SEC's climate disclosure rules.
The output of a single rating agency, in other words, has become a load-bearing input in the global voluntary carbon market. That is why the question of how the agencies themselves are governed is no longer academic.
The business-model question is more nuanced than a clean buyer-pays vs issuer-pays binary. Each major agency operates differently, and the distinctions matter because they map directly onto what conflicts each firm is — and is not — exposed to.
BeZero (London, founded 2020) operates a commission model. Any market participant — developer, buyer, investor, exchange — can commission a rating, and the fee is a flat upfront amount paid regardless of outcome, with no variation by project size. Once contracted, ratings analysts work independently of the commercial team.
For ex post ratings on issued credits, the headline letter is public and free; deeper analysis is behind subscription. For ex ante (pre-issuance) ratings, public release is conditional on the commissioner's agreement — meaning a developer-commissioned pre-issuance rating can remain private. BeZero does not trade, develop projects, broker, or do MRV consulting. Its own developer-engagement page documents that many ratings are commissioned by the projects themselves.
Sylvera (London, founded 2020) is mostly a subscription business. Around 85% of revenue is buyer-side platform access — corporates, financial institutions, asset managers, typically $50K–$250K a year. Developers can request a rating but cannot influence the outcome.
What complicates the picture is everything else Sylvera sells. The same firm runs pricing intelligence, a distribution channel that handles 400M+ tonnes of carbon inventory, geospatial and biomass products, and a carbon-intensity line for commodities. Any one of those is reasonable. Stacked together, they put one company in the position of rating credits, selling the data that informs those ratings, and helping move the credits between buyers and sellers.
Calyx Global is the clearest buyer-side exemplar. Subscription tiers run from a free Explorer level to ~$699/month Essentials and a custom Expert tier; ratings are also available through Bloomberg Terminal and Carbonplace. Calyx explicitly does not sell ratings — or early-stage Pre-Verification Assessments — to project developers; the policy is formalised on the company's site as a "financial independence" commitment.
Project developers can submit to be added to the rating queue at zero cost. Calyx takes no commissions tied to credit transactions and does not trade. As of early 2026 it holds 1,100+ GHG ratings and 500+ SDG ratings across 25+ project types. Adjacent products (Calyx Compass, Expert Advisory) are also priced for buyers and investors rather than developers.
Pachama operates an AI-driven marketplace with embedded ratings, focused on nature-based credits. Earthly offers a lighter B2B rating product. MSCI — the global ESG and credit-ratings major — has launched a Carbon Project Ratings product, a sign that traditional rating institutions are extending into VCM territory and bringing their existing CRA-Regulation and NRSRO disciplines with them. A separate category of AI-driven scoring tools is also emerging. It is now routine for the same credit to receive several different scores from several different raters plus an AI tool.
No model is inherently corrupt. Buyer-side subscription can pressure agencies toward stringency. Commission-based work creates the classic issuer-pays incentive toward leniency. And in an oversupplied buyer's market, even ratings paid for by the buyer can have their cost passed through to the seller via deal economics, or be picked up by an upstream sponsor financing the developer. The relevant question is not which model is used, but what governance sits on top of it.
Two patterns sit across the industry. The first is scope creep. Most of the major agencies now sell market intelligence, geospatial data, distribution access, and advisory work on top of ratings. Taken individually each product can be justified. But the firm offering all of them ends up rating credits, selling the data that informs those ratings, advising parties to the rated transactions, and sometimes brokering the credits' onward sale. In bond markets, in audit, and in mainstream ESG ratings, that combination is what triggers a regulator to look closely.
The second pattern is methodological divergence. The three largest agencies have settled on the same letter scale, but their underlying frameworks still produce materially different scores on the same project. In every other rating discipline, divergence of that kind is bounded by mandatory methodology disclosure, peer-review of changes, and supervisory review. In carbon ratings, methodology disclosure is voluntary and supervisory review does not yet exist.
The closest structural parallel to carbon ratings is the corporate bond ratings industry. Moody's, S&P, and Fitch are paid by the issuers whose debt they rate. This is the textbook conflict of interest, and yet the system functions because of decades of regulatory scaffolding built around it.
In the United States, the major agencies operate as Nationally Recognized Statistical Rating Organizations (NRSROs), supervised by the SEC under the Credit Rating Agency Reform Act of 2006 and the subsequent Dodd-Frank amendments. In the European Union, they operate under Regulation (EC) No 1060/2009 — the CRA Regulation — and have been directly supervised by ESMA since 2011. Both regimes require registration, methodology disclosure, governance separation between analytical and commercial functions, conflict-of-interest management, methodology-change procedures, and enforceable penalties for non-compliance.
Even with the full regulatory framework in place, the 2008 financial crisis happened — AAA ratings on mortgage-backed securities collapsed, and the three major agencies later paid combined settlements in the billions of dollars. Regulation does not eliminate the issuer-pays conflict, but it bounds it, makes it auditable, and creates a path to accountability when failure occurs. Absence of regulation means none of that exists.
Carbon rating agencies today operate the same payment model in part of their book — with parts of it (Calyx's stance, BeZero's transparency on top-line ratings) more conservative than the bond-market norm — but without the scaffolding. There is no equivalent of NRSRO designation. There is no equivalent of the CRA Regulation outside the EU. There is no enforceable methodology-disclosure requirement. There is no statutory liability framework. And there is no industry-wide conduct standard binding the agencies to a profession.
Forum shopping — the migration of issuers toward the more lenient rater — is the specific failure mode this kind of framework is designed to prevent. In the bond markets, it took 2008 to put the framework's enforcement mechanisms to the test. In the voluntary carbon market, the conditions for forum shopping already exist; the test cases have not yet arrived.
The table below sets the two disciplines side-by-side. The conclusion is not that carbon raters are uniquely conflicted — bond raters operate with the same payment dynamic. The conclusion is that carbon raters are uniquely ungoverned.
| Discipline | Credit Ratings (bonds) | Carbon Ratings (VCM) |
|---|---|---|
| Who pays | Issuer (corporate, sovereign) | Mixed — buyer-pays subscription + commission-based work |
| Statutory regulator | SEC (NRSRO) / ESMA (CRA Regulation since 2011) | None today; ESMA authorisation regime opens 2 July 2026 in EU, with effective supervision building through 2027 |
| Methodology disclosure | Mandatory; change procedures regulated | Voluntary; varies by firm |
| Conflict-of-interest rules | Separation of analytical and commercial functions; enforced | No external rules; firm-level policies only |
| Liability framework | Statutory + civil; settlements in billions (2008 MBS) | Contractual only; no statutory liability |
| Profession-wide standard-setter | SEC / ESMA / IOSCO | None |
Canopy is the procurement workspace for voluntary carbon credits. Every publicly available view on a credit — ratings, registry data, integrity labels, methodology assessments — lives in one place, with the factual differences between them surfaced transparently. Which view to weight is the buyer's call.
The most concrete piece of regulation arrives in less than two months.
Regulation (EU) 2024/3005 — the ESG Ratings Regulation — entered into force on 17 December 2024 and applies from 2 July 2026. But "applies from" and "agencies are regulated" are not the same thing. The date of application opens ESMA's authorisation regime; agencies enter the process from that date but become regulated only as authorisations are granted — a build-out that runs from late 2026 into 2027. The model deliberately mirrors the CRA Regulation that has supervised credit rating agencies in the EU since 2011.
Article 2 defines an ESG rating as "an opinion, score, or combination of the two… regarding the ESG profile, the exposure to ESG risks of, or the impact on ESG of, a legal person, financial instrument, or financial product." On a plain reading, a rating of a voluntary carbon credit — an opinion on the environmental impact of a credit/product — falls within that definition, and none of the Article 2 exclusions (internal ratings, SFDR/UCITS/AIFMD products, private ratings) carve carbon ratings out. The major carbon rating agencies are positioning on the same reading: BeZero's CEO Tommy Ricketts has publicly committed to embracing the regime. What ESMA's Regulatory Technical Standards still need to settle through 2026 is the operational detail — how disclosure rules designed for entity-level ratings apply to credit-level ratings, whether voluntary credits qualify as "financial products" in all member-state interpretations, and how non-EU-issued credits rated by non-EU agencies but sold into the EU fit the territorial test.
First, the regulation is jurisdictional — it covers ESG ratings issued in or to the EU market. Carbon rating agencies serve a market that is global by definition, and large portions of demand sit outside the EU's regulatory reach. Second, even where the regulation bites, it sets disclosure and conduct rules — not methodology rules. Two agencies could give the same credit very different ratings and both still be compliant. The point is supervised divergence, not converged scores.
Outside the EU, the picture is patchier but moving. The UK legislated in October–December 2025 to bring ESG ratings within the FCA's perimeter; the FCA's consultation (CP25/34) closed on 31 March 2026, with final rules expected in Q4 2026, an authorisations gateway opening in June 2027, and the regime going live on 29 June 2028. India's SEBI already operates an ESG Rating Providers (ERP) framework and, on 18 February 2026, constituted a working group to review it. The US SEC has not extended NRSRO-style oversight to carbon ratings; Singapore's MAS and other major jurisdictions have not yet adopted carbon-rating-specific regimes. In every case, the same operational question applies: whether voluntary-carbon-credit ratings squarely fall within the "ESG ratings" definition each jurisdiction uses, or sit just outside it, is still being worked out in practice.
The natural question is whether the Integrity Council for the Voluntary Carbon Market (ICVCM) — the body that has done more than any other to set integrity standards for the credits themselves — could fill the gap.
ICVCM's existing mandate, expressed through the Core Carbon Principles and Assessment Framework, is structured around credits and crediting programmes. It assesses methodologies. By early 2026, 40 methodologies had been approved as meeting the Assessment Framework and 25 had not; further programme and methodology decisions, including the May 2026 batch that brought the Global Carbon Council (GCC) onto the CCP-Eligible list alongside new renewable-energy and mangrove-restoration methodologies, continue to build the cumulative count. An estimated 107 million credits are now eligible to carry the CCP label. A new version of the CCP and Assessment Framework is in development for consultation later in 2026.
What ICVCM does not currently do — and was not designed to do — is govern the methodologies of rating agencies or set conduct standards for the firms that produce ratings. The rating layer sits one floor above the integrity framework, and it sits there largely uncovered. Whether ICVCM's mandate should expand to reach it is a structural question, not a procedural one.
There are essentially three ways to close the governance gap. Each has a coherent case behind it. Each has a real constraint.
Extend ESMA's model globally, or have major jurisdictions adopt parallel frameworks — the SEC in the US, the FCA in the UK, MAS in Singapore, SEBI in India. The advantage is enforceability and a tested model: the CRA Regulation has been operating since 2011 and the SEC's NRSRO framework since 1975 in some form.
The ICVCM expands its mandate to include governance standards and conduct rules for carbon rating agencies. The advantage is that ICVCM is already the VCM's primary integrity body, has built the assessment-framework infrastructure, and is institutionally trusted by both buyers and standards bodies — the fastest path because ICVCM already convenes the parties.
A new global body for carbon rating agencies — modelled on the PCAOB for auditors or IOSCO for securities regulators, but designed specifically for VCM ratings. Clean mandate, free from legacy scope debates, and a chance to design the right professional infrastructure for the discipline from scratch.
An active statutory regulator, an expanded ICVCM, or a new purpose-built body — which of the three is the right answer is not yet settled. Each option has a serious case. Whoever ends up owning the rating layer will shape what the next decade of the voluntary carbon market looks like.
The agencies themselves are not the problem. They are doing what every emerging rating profession does at its origin: building methodologies, hiring analysts, signing buyers, iterating their scales. The problem is the empty space above them — the absence of the regulatory or professional ceiling that, in every comparable discipline, distinguishes a credible opinion from a powerful one.
"Who pays?" is, in the end, the wrong question. The right questions — are they objective, and are they independently regulated? — are still open. July 2026 closes part of the gap. The rest is the next decade's work.
What does a carbon rating agency actually rate?
A carbon rating agency rates the quality and risk of individual voluntary carbon credits — not the standards that issue them, and not the registries that store them. The three largest agencies (BeZero, Sylvera, Calyx Global) have converged on the same 8-point AAA–D letter scale. Each agency applies its own weighting across additionality, permanence, leakage, baseline, and co-benefits, which is why the same project routinely receives different scores from different raters.
Why do different agencies often disagree on the same credit?
Each agency uses a different methodology, weights inputs differently, and applies its own qualitative judgment on items like baseline conservatism and counterfactual risk. The same divergence exists in credit-bond ratings between Moody's, S&P and Fitch — but there the disagreement is bounded by methodology disclosure rules and supervisory review. In carbon ratings, neither layer currently exists.
When does the EU ESG Ratings Regulation apply, and does it cover carbon ratings?
Regulation (EU) 2024/3005 entered into force on 17 December 2024 and applies from 2 July 2026. That date is when the regulation takes legal effect and the ESMA authorisation regime opens — not when ESG rating providers become regulated. From 2 July, providers serving the EU must enter the authorisation process. Larger providers must notify ESMA by 2 August 2026 and submit authorisation applications by 2 November 2026; smaller providers have until 2 November 2026 to notify. Existing providers can continue operating during the transition while applications are assessed, and become fully regulated only when ESMA grants authorisation — which builds through late 2026 and into 2027. The first Annual Market Share Report is due 1 December 2027 and the Commission's evaluation of the regime by 1 December 2028. On scope: Article 2 defines an ESG rating as an opinion on the ESG profile, ESG risks, or impact on ESG of a legal person, financial instrument or financial product — broad enough to capture ratings of voluntary carbon credits on a plain reading, and BeZero, Sylvera and Calyx are positioning on that basis. The operational detail (how entity-level disclosure rules translate to credit-level ratings, member-state treatment of credits as "financial products", and territorial reach for non-EU-issued credits rated for EU buyers) is what ESMA's Regulatory Technical Standards will settle through 2026.
Does ICVCM govern carbon rating agencies today?
No. ICVCM's mandate, expressed through the Core Carbon Principles and Assessment Framework, governs carbon credits and crediting programmes — not the methodologies of rating agencies or the conduct of the firms that produce ratings. By early 2026, ICVCM had approved 40 methodologies and rejected 25, with further programme and methodology decisions in May 2026 (including GCC becoming CCP-Eligible). Whether ICVCM should expand to cover the rating layer is one of the open structural questions raised in this article.
What are the three structural options for closing the governance gap?
(1) Statutory regulation by securities/financial regulators (ESMA-style extended globally); (2) Expanding ICVCM's mandate to include rating agency governance and conduct; (3) A new purpose-built global body modelled on the PCAOB for auditors or IOSCO for securities. Each has merits and constraints — and which option is right is still open.
Every agency-specific claim above is verifiable against a primary source. The list below collects them, alongside the regulatory and integrity-body references used elsewhere in the piece.
Climate Decode is publishing its deep-dive VCM 2026 Market Outlook — covering pricing trends, CCP-labelled credit demand, Verra VCS v5.0 impact, and Gold Standard Paris Agreement alignment. Subscribers get priority access before public release.
Monthly cadence • No spam • Unsubscribe anytime
Canopy is the procurement workspace for voluntary carbon credits — every publicly available view on a credit in one place, with the factual differences between them surfaced transparently. Buyers keep the judgement on weighting.