ESMA Q&As May 2026: ESG Ratings, MiCAR, and MAR Answers

ByOfficer

Last updated: June 2026

Get the scope of an ESMA Q&A wrong and your team either over-builds controls for something that does not apply, or misses a clarification that changes how you interpret a live obligation. On 28 May 2026, ESMA published six new Q&As spanning three regulations: the EU ESG Ratings Regulation (ESGRR), the Markets in Crypto-Assets Regulation (MiCAR), and the Market Abuse Regulation (MAR). None of these is earth-shattering on its own. Together, they fill gaps that compliance and reporting teams have been working around since the texts entered force.

Related reading: EC MiCAR Review: What European CASPs Should Submit

What ESMA Published and Where to Find It

The 28 May 2026 release sits on the ESMA Q&A portal under three regulation headings. Six individual Q&As carry reference numbers that map directly to the ESMA database:

EU ESG Ratings Regulation (Regulation (EU) 2024/3005):

  • Q&A 2853: Defined ranking system
  • Q&A 2854: Transitional provisions
  • Q&A 2855: ESG rating providers established after date of entry into force
  • Q&A 2856: Material changes to registration information

Market Abuse Regulation (Regulation (EU) No 596/2014):

  • Q&A 2839: Annually conducted audit under Commission Delegated Regulation (EU) 2016/957

Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114):

  • Q&A 2671: Exemption from white paper requirements when offering a crypto-asset other than an ART or EMT

Each Q&A is individually accessible on the ESMA publications-data portal. I have linked the source announcement in Sources and References below.

ESMA Q&As on the ESG Ratings Regulation: Registration Mechanics

Four of the six Q&As target the ESGRR. That concentration is not surprising. The regulation was published in the Official Journal in December 2024, entered into force on 2 January 2025, and applies from 2 July 2026. From that date, ESMA directly supervises ESG rating providers offering their services in the EU. Teams working on ESGRR registration have been operating with limited implementation guidance, and these Q&As start filling that gap.

Q&A 2853 addresses what constitutes a “defined ranking system” under the ESGRR. This matters because the regulation requires ESG rating providers to use methodologies that produce ratings based on a defined ranking system. The distinction between a ranking system and a loose scoring framework has been a recurring question in registration preparations. I have seen compliance teams treat any numeric output as a ranking system, which misses the point: ESMA expects a systematic, predefined structure that allows comparability across rated entities.

Q&A 2854 covers transitional provisions. The ESGRR includes a transitional period for existing ESG rating providers operating before the regulation’s application date, allowing them to continue operating while completing registration. The operational question has been whether providers can issue new ratings during transition or only maintain existing ones. Teams working through ESGRR readiness assessments should read this Q&A against the specific transitional articles in the regulation.

Q&A 2855 addresses ESG rating providers established after the ESGRR’s entry into force. For new entrants, the registration requirement applies from day one with no transitional cushion. The timing implication is straightforward, but the practical question is what constitutes “established” for purposes of the regulation. An entity incorporated after entry into force but not yet issuing ratings faces a different registration posture than one actively providing ESG assessments.

Q&A 2856 tackles material changes to registration information. Post-registration, ESG rating providers must notify ESMA of material changes. The Q&A clarifies what qualifies as material. This is where I expect the most operational friction. Compliance teams in financial institutions that consume ESG ratings need to understand these thresholds too, because a provider’s failure to notify a material change could affect the reliability of ratings used in investment processes and regulatory disclosures.

ESMA Q&A on MAR: Annual Audit of STOR Arrangements

Q&A 2839 addresses the annually conducted audit requirement under Commission Delegated Regulation (EU) 2016/957, which supplements MAR Article 16 on suspicious transaction and order reports (STORs). Article 3(5) of CDR 2016/957 requires persons professionally arranging or executing transactions to regularly review their STOR detection arrangements and have them audited on at least an annual basis.

The practical question has always been what “audit” means in this context. An internal compliance review? An external audit? A technology-focused assessment of detection algorithms? Many firms treat this as a checkbox exercise within the annual compliance monitoring programme. The Q&A provides ESMA’s view on the expected scope and independence of this annual audit.

The common mistake here is conflating the CDR 2016/957 audit with the broader MAR compliance review. The CDR requirement is specifically about the arrangements, systems, and procedures for detecting and reporting suspicious orders and transactions. It is not a general MAR compliance audit. Firms that bundle this into a wider review often miss the targeted assessment that the delegated regulation expects, particularly around the calibration and effectiveness of detection models and alert parameters.

For Luxembourg-based firms, the CSSF’s supervisory expectations on AML reporting and suspicious transaction obligations run parallel to this MAR requirement, and teams sometimes confuse the two tracks. STOR obligations sit under MAR and the CDR; anti-money laundering STR obligations sit under AMLD/AMLR and national law. The annual audit requirement in Q&A 2839 is MAR-specific.

ESMA Q&A on MiCAR: White Paper Exemption Scope

Q&A 2671 clarifies when a crypto-asset other than an ART or EMT can be offered to the public without publishing a white paper. MiCAR Title II (Articles 4 to 15) sets out the white paper requirements for crypto-assets that are neither asset-referenced tokens nor e-money tokens. Article 4(2) and 4(3) list specific exemptions from the white paper obligation.

The Q&A addresses the scope of these exemptions. This is operationally significant because the boundary between “exempt offering” and “white paper required” determines the compliance burden for token classification and reporting. Get the exemption assessment wrong and you either publish an unnecessary white paper (wasted cost but compliant) or skip one when required (non-compliant and potentially subject to supervisory action).

The common error I see in token classification exercises is treating the Title II exemptions as a checklist rather than a substantive assessment. Meeting the formal criteria for an exemption does not automatically mean the exemption applies. The Q&A reinforces that the exemption analysis must consider the specific characteristics of the crypto-asset and the manner of offering. An issuer that restructures an offering to technically fit an exemption category without genuinely meeting its purpose risks supervisory pushback.

For teams working through the EC’s ongoing MiCAR review consultation, this Q&A provides useful context. The Commission is already gathering views on whether MiCAR’s scope and exemption framework need refinement, and the practical questions behind Q&A 2671 feed directly into that review.

What These Q&As Change vs. Confirm

Not every Q&A changes existing interpretation. Some confirm what most practitioners already assumed. The distinction matters for prioritising compliance updates.

The ESGRR Q&As on transitional provisions (2854) and new entrant registration (2855) mostly confirm what the regulation’s text already implies. Their value is in removing ambiguity, not in changing direction. If your ESGRR readiness programme was built on a reasonable reading of the regulation, these Q&As should validate rather than disrupt your approach.

The defined ranking system Q&A (2853) has more potential to change interpretation. If your ESG rating provider has been operating with a loosely structured scoring methodology, this Q&A may force a reassessment of whether the output qualifies as a rating under the ESGRR. The same applies to material changes (2856): depending on ESMA’s threshold definition, some providers may need to file notifications they previously considered unnecessary.

The MAR audit Q&A (2839) is likely to change practice for firms that have been treating the CDR 2016/957 audit as a general compliance review rather than a targeted assessment of STOR detection systems. If ESMA expects a higher degree of independence or specificity than your current approach delivers, this Q&A signals a need to restructure.

The MiCAR white paper exemption Q&A (2671) adds specificity to a judgment call that issuers have been making with limited guidance. For any token offering structured around a Title II exemption, this Q&A should be reviewed before proceeding.

Frequently Asked Questions

Where can I find the full text of each Q&A?

Each Q&A is published individually on the ESMA publications-data portal. The announcement page links directly to Q&As 2853, 2854, 2855, 2856, 2839, and 2671. The full Q&A database is accessible at the ESMA Questions and Answers section.

Do these Q&As have binding legal force?

ESMA Q&As are not legally binding. They represent ESMA’s supervisory expectations for the consistent application of EU financial legislation. National competent authorities are expected to take them into account in their supervisory practices to promote consistent application across the EU. In practice, deviating from an ESMA Q&A without a clear justification creates supervisory risk.

Does this batch include any DORA Q&As?

No. Despite some automated domain tagging that flagged DORA, the May 2026 Q&A batch does not include any DORA-related Q&As. ESMA has published separate DORA guidance through the ESAs’ joint Q&A process, but this particular release covers only ESGRR, MAR, and MiCAR.

When does the ESG Ratings Regulation start applying?

The ESGRR (Regulation (EU) 2024/3005) was published in the Official Journal in December 2024, entered into force on 2 January 2025, and applies from 2 July 2026. From 2 July 2026, ESMA directly supervises ESG rating providers offering their services in the EU. Providers that were operating in the EU on 2 January 2025 and wish to continue must notify ESMA between 2 August 2026 and 2 November 2026, and apply for authorisation or recognition within four months of 2 July 2026. Q&A 2854 clarifies the transitional provisions that apply during this period.

How does the MAR audit Q&A affect firms in Luxembourg?

Luxembourg firms supervised by the CSSF are subject to MAR and CDR 2016/957. The annual audit requirement for STOR detection arrangements applies regardless of entity size. The CSSF has historically emphasised the quality of suspicious transaction detection systems in its supervisory reviews. Q&A 2839 provides a clearer benchmark for what ESMA expects from this audit, which CSSF-supervised firms should incorporate into their 2026 compliance monitoring plans.

Is Q&A 2671 relevant to firms that only provide crypto-asset services but do not issue tokens?

Directly, no. The white paper exemption under MiCAR Title II applies to offerors, persons seeking admission to trading, and operators of trading platforms. CASPs that only provide services such as custody, exchange, or portfolio management are not the primary audience. Indirectly, CASPs should understand the exemption framework because they may need to verify whether crypto-assets traded on their platforms have valid white papers or legitimate exemptions.

Key Takeaways

  • Six new ESMA Q&As published 28 May 2026 cover three regulations: ESGRR, MAR, and MiCAR. No DORA Q&As were included.
  • Four ESGRR Q&As (2853-2856) address defined ranking systems, transitional provisions, new entrant registration, and material change notifications. These are the first Q&As specifically targeting ESGRR implementation mechanics.
  • MAR Q&A 2839 clarifies the annual audit requirement for STOR detection arrangements under CDR 2016/957. Firms treating this as a general compliance review may need to restructure their approach.
  • MiCAR Q&A 2671 narrows the interpretation of white paper exemptions under Title II. Issuers relying on exemptions should review their assessment against ESMA’s guidance.
  • ESGRR Q&As on transitional provisions and new entrant registration largely confirm existing interpretations. The defined ranking system and material changes Q&As are more likely to shift practice.
  • ESMA Q&As are not legally binding but represent supervisory expectations. Deviating without justification creates compliance risk.

Related Articles

Sources and References

Disclaimer: The information on RegReportingDesk.com is for educational and informational purposes only. It does not constitute legal, regulatory, tax, or compliance advice. Always consult your compliance officer, legal counsel, or the relevant supervisory authority for guidance specific to your institution.

Similar Posts