A handful of agencies sit between every voluntary carbon credit and every corporate buyer — issuing opinions that move billions in capital, without the regulatory scaffolding that surrounds every comparable rating discipline. The EU's ESG Ratings Regulation closes part of the gap from July 2026. The rest is still an open question.
A carbon rating agency assesses the quality and risk of individual carbon credits — not the standards that issue them, not the registries that store them. Its output is a single rating on a proprietary scale. As of 2025–26 the three highest-volume agencies have converged on the same 8-point letter scale: BeZero Carbon, Sylvera, and Calyx Global all rate from AAA to D, with Calyx having moved to that scale in January 2025 to align with the market norm. Renoster uses a numeric, model-driven score; Pachama, MSCI's new Carbon Project Ratings product, and a growing list of AI-driven tools each use their own variant of the same idea.
Carbon rating agencies sit between every issuer and every meaningful buyer. The methodology behind a single rating shapes the price, eligibility, and reputational risk of a credit for everyone downstream of it. That is the structural position Moody's, S&P and Fitch hold in the bond markets. The difference is in everything that surrounds them.
Behind each rating is a methodology that combines project documentation review with satellite imagery, baseline analysis, additionality and permanence testing, leakage modelling, and an evaluation of co-benefits. Different agencies weight these inputs differently, which is why the same project routinely receives materially different scores from different raters. The phenomenon is well-known in the industry: five agencies, one project, five ratings.
Ratings are consumed by corporate buyers building net-zero portfolios, traders running compliance and voluntary positions, asset managers underwriting projects, and registries that increasingly publish ratings alongside project data. They feed into procurement decisions, board-level disclosures, and the credibility of net-zero claims that are themselves under regulatory scrutiny — the UK's Green Claims Code, the EU's Empowering Consumers Directive, the SEC's climate disclosure rules.
The output of a single rating agency, in other words, has become a load-bearing input in the global voluntary carbon market. That is why the question of how the agencies themselves are governed is no longer academic.
The business-model question is more nuanced than a clean buyer-pays vs issuer-pays binary. Each major agency operates differently, and the distinctions matter because they map directly onto what conflicts each firm is — and is not — exposed to.
BeZero (London, founded 2020) operates a commission model. Any market participant — developer, buyer, investor, exchange — can commission a rating, and the fee is a flat upfront amount paid regardless of outcome, with no variation by project size. Once contracted, ratings analysts work independently of the commercial team.
For ex post ratings on issued credits, the headline letter is public and free; deeper analysis is behind subscription. For ex ante (pre-issuance) ratings, public release is conditional on the commissioner's agreement — meaning a developer-commissioned pre-issuance rating can remain private. BeZero does not trade, develop projects, broker, or do MRV consulting. Its own developer-engagement page documents that many ratings are commissioned by the projects themselves.
Sylvera (London, founded 2020) charges buyers, not developers, for ratings. Approximately 85% of revenue is platform subscription from corporates, financial institutions, and asset managers (typical enterprise pricing $50K–$250K+ annually). Developers can request a project rating but cannot influence outcomes.
The complication is scope: alongside ratings, Sylvera operates Market Intelligence (pricing data), Market Gateway (a distribution channel for 400M+ tonnes of inventory), Earth Analytics and Biomass Atlas (geospatial data), Mechanism Eligibility & Value assessments, Carbon Intensity Assessment for commodities, and Commodity Insights. Each line is defensible; together they describe a firm rating credits, selling the underlying market data, and intermediating supply on adjacent rails.
Calyx Global is the clearest buyer-side exemplar. Subscription tiers run from a free Explorer level to ~$699/month Essentials and a custom Expert tier; ratings are also available through Bloomberg Terminal and Carbonplace. Calyx explicitly does not sell ratings — or early-stage Pre-Verification Assessments — to project developers; the policy is formalised on the company's site as a "financial independence" commitment.
Project developers can submit to be added to the rating queue at zero cost. Calyx takes no commissions tied to credit transactions and does not trade. As of early 2026 it holds 1,100+ GHG ratings and 500+ SDG ratings across 25+ project types. Adjacent products (Calyx Compass, Expert Advisory) are also priced for buyers and investors rather than developers.
Renoster (US, co-founded by Saif Bhatti and Dr Elias Ayrey, with Ayrey as head scientist; the company shifted its focus to carbon in 2022) takes the most algorithmic approach — minimising qualitative judgment and deriving ratings from reference-area data and public-research infrastructure (USGS, NASA, Sentinel, GEDI). Subscription is the primary revenue path on the buyer side, with a stated goal of making analysis publicly accessible.
Rated portfolio is materially smaller than the three majors. The firm positions itself around accessibility for small landowners and low-cost MRV — reducing the minimum acreage at which a project can credibly produce monitoring data from ~10,000 acres to as low as 50.
Pachama operates an AI-driven marketplace with embedded ratings, focused on nature-based credits. Earthly offers a lighter B2B rating product. MSCI — the global ESG and credit-ratings major — has launched a Carbon Project Ratings product, a sign that traditional rating institutions are extending into VCM territory and bringing their existing CRA-Regulation and NRSRO disciplines with them. A separate category of AI-driven scoring tools is also emerging. It is now routine for the same credit to receive five different scores from five different raters plus an AI tool.
No model is inherently corrupt. Buyer-side subscription can pressure agencies toward stringency. Commission-based work creates the classic issuer-pays incentive toward leniency. And in an oversupplied buyer's market, even ratings paid for by the buyer can have their cost passed through to the seller via deal economics, or be picked up by an upstream sponsor financing the developer. The relevant question is not which model is used, but what governance sits on top of it.
Two further patterns complicate the picture across the industry. The first is scope creep: most major agencies now operate adjacent product lines — market intelligence, distribution, geospatial data, advisory — on top of ratings. Each line is individually defensible. Taken together, they describe firms rating credits, selling the underlying market data, advising counterparties to the rated transactions, and in some cases intermediating supply. In every comparable rating discipline — bonds, audit, ESG — that combination is the trigger for regulatory attention.
The second is methodological divergence. The three largest agencies have converged on the same letter scale, but their underlying frameworks still produce materially different scores on the same project. In every other rating discipline, this kind of divergence is bounded by mandatory methodology disclosure, peer-review of changes, and supervisory review. In carbon ratings, transparency is voluntary and supervisory review does not yet exist.
The closest structural parallel to carbon ratings is the corporate bond ratings industry. Moody's, S&P, and Fitch are paid by the issuers whose debt they rate. This is the textbook conflict of interest, and yet the system functions because of decades of regulatory scaffolding built around it.
In the United States, the major agencies operate as Nationally Recognized Statistical Rating Organizations (NRSROs), supervised by the SEC under the Credit Rating Agency Reform Act of 2006 and the subsequent Dodd-Frank amendments. In the European Union, they operate under Regulation (EC) No 1060/2009 — the CRA Regulation — and have been directly supervised by ESMA since 2011. Both regimes require registration, methodology disclosure, governance separation between analytical and commercial functions, conflict-of-interest management, methodology-change procedures, and enforceable penalties for non-compliance.
Even with the full regulatory framework in place, the 2008 financial crisis happened — AAA ratings on mortgage-backed securities collapsed, and the three major agencies later paid combined settlements in the billions of dollars. Regulation does not eliminate the issuer-pays conflict, but it bounds it, makes it auditable, and creates a path to accountability when failure occurs. Absence of regulation means none of that exists.
Carbon rating agencies today operate the same payment model in part of their book — with parts of it (Calyx's stance, BeZero's transparency on top-line ratings) more conservative than the bond-market norm — but without the scaffolding. There is no equivalent of NRSRO designation. There is no equivalent of the CRA Regulation outside the EU. There is no enforceable methodology-disclosure requirement. There is no statutory liability framework. And there is no industry-wide conduct standard binding the agencies to a profession.
Forum shopping — the migration of issuers toward the more lenient rater — is the specific failure mode this kind of framework is designed to prevent. In the bond markets, it took 2008 to put the framework's enforcement mechanisms to the test. In the voluntary carbon market, the conditions for forum shopping already exist; the test cases have not yet arrived.
A sharper parallel than credit ratings is the audit profession. Auditors are paid by the firms they audit — exactly the issuer-pays dynamic — and yet the system is generally accepted because of the professional infrastructure built around it.
In the United States, audit firms are registered with the PCAOB (Public Company Accounting Oversight Board), which inspects, sanctions, and can revoke licences. In the United Kingdom and the EU, the FRC, IAASA, and national professional bodies play analogous roles. Auditors are bound by independence rules, partner-rotation requirements, prohibitions on providing certain advisory services to audit clients (a direct consequence of Sarbanes-Oxley after Enron and Arthur Andersen), and a liability framework that allows clients, investors, and regulators to sue for negligence.
The issuer-pays model can work — but only when the rater is a member of a regulated profession with enforceable independence and conduct rules. The payment relationship is not the determinant of integrity. The professional regulator is.
Carbon rating agencies have the same payment dynamic in part of their book, none of the professional infrastructure, and additional structural conflicts that auditors face only in their most constrained form: several carbon rating firms simultaneously offer advisory services, market intelligence, and bespoke project reviews. The audit profession spent twenty years post-Enron specifically excluding most of these activities from audit-firm balance sheets. The carbon rating industry is currently consolidating them.
The table below sets the three disciplines side-by-side. The conclusion is not that carbon raters are uniquely conflicted — both auditors and credit raters operate with structural conflicts of comparable severity. The conclusion is that carbon raters are uniquely ungoverned.
| Discipline | Credit Ratings | Auditors | Carbon Ratings |
|---|---|---|---|
| Who pays | Issuer (corporate, sovereign) | Audited firm | Mixed — buyer-pays subscription + some issuer-engaged |
| Statutory regulator | SEC (NRSRO) / ESMA (CRA Regulation) | PCAOB / FRC / national bodies | None globally; ESMA from July 2026 in EU |
| Methodology disclosure | Mandatory; change procedures regulated | Mandatory professional standards (GAAS, ISA) | Voluntary; varies by firm |
| Conflict-of-interest rules | Separation of analytical and commercial; enforced | SOX prohibits most advisory to audit clients | No external rules; firm-level policies only |
| Liability framework | Statutory + civil; settlements in billions (2008) | Professional negligence liability; insurance market | Contractual only; no statutory liability |
| Profession-wide standard-setter | SEC / ESMA / IOSCO | IAASB / national bodies | None |
Canopy is the procurement workspace for voluntary carbon credits. Every publicly available view on a credit — ratings, registry data, integrity labels, methodology assessments — lives in one place, with the factual differences between them surfaced transparently. Which view to weight is the buyer's call.
The most concrete piece of regulation arrives in less than two months.
Regulation (EU) 2024/3005 — the ESG Ratings Regulation — applies from 2 July 2026. From that date, ESG rating providers offering services within the EU must be authorised by ESMA, register methodologies, separate analytical and commercial functions, disclose governance arrangements, and manage conflicts of interest under a defined framework. Notification and authorisation submissions are scheduled between 2 August and 2 November 2026. The model deliberately mirrors the CRA Regulation that has supervised credit rating agencies in the EU since 2011.
First, the regulation is jurisdictional — it covers ESG ratings issued in or to the EU market. Carbon rating agencies serve a market that is global by definition, and large portions of demand sit outside the EU's regulatory reach. Second, the scope of "ESG rating" as a defined term is still being interpreted in practice; whether carbon credit ratings squarely fall within it, and on what conditions, is one of the questions ESMA's authorisation process and its technical guidelines will resolve during 2026.
Outside the EU, the picture is patchier but moving. The UK legislated in October–December 2025 to bring ESG ratings within the FCA's perimeter; the FCA's consultation (CP25/34) closed on 31 March 2026, with final rules expected in Q4 2026, an authorisations gateway opening in June 2027, and the regime going live on 29 June 2028. India's SEBI already operates an ESG Rating Providers (ERP) framework and, on 18 February 2026, constituted a working group to review it. The US SEC has not extended NRSRO-style oversight to carbon ratings; Singapore's MAS and other major jurisdictions have not yet adopted carbon-rating-specific regimes. In every case, the same operational question applies: whether voluntary-carbon-credit ratings squarely fall within the "ESG ratings" definition each jurisdiction uses, or sit just outside it, is still being worked out in practice.
The natural question is whether the Integrity Council for the Voluntary Carbon Market (ICVCM) — the body that has done more than any other to set integrity standards for the credits themselves — could fill the gap.
ICVCM's existing mandate, expressed through the Core Carbon Principles and Assessment Framework, is structured around credits and crediting programmes. It assesses methodologies. By early 2026, 40 methodologies had been approved as meeting the Assessment Framework and 25 had not; further programme and methodology decisions, including the May 2026 batch that brought the Global Carbon Council (GCC) onto the CCP-Eligible list alongside new renewable-energy and mangrove-restoration methodologies, continue to build the cumulative count. An estimated 107 million credits are now eligible to carry the CCP label. A new version of the CCP and Assessment Framework is in development for consultation later in 2026.
What ICVCM does not currently do — and was not designed to do — is govern the methodologies of rating agencies or set conduct standards for the firms that produce ratings. The rating layer sits one floor above the integrity framework, and it sits there largely uncovered. Whether ICVCM's mandate should expand to reach it is a structural question, not a procedural one.
There are essentially three ways to close the governance gap. Each has a coherent case behind it. Each has a real constraint.
Extend ESMA's model globally, or have major jurisdictions adopt parallel frameworks — the SEC in the US, the FCA in the UK, MAS in Singapore, SEBI in India. The advantage is enforceability and a tested model: the CRA Regulation has been operating for fifteen years, the audit regulators for longer.
The ICVCM expands its mandate to include governance standards and conduct rules for carbon rating agencies. The advantage is that ICVCM is already the VCM's primary integrity body, has built the assessment-framework infrastructure, and is institutionally trusted by both buyers and standards bodies — the fastest path because ICVCM already convenes the parties.
A new global body for carbon rating agencies — modelled on the PCAOB for auditors or IOSCO for securities regulators, but designed specifically for VCM ratings. Clean mandate, free from legacy scope debates, and a chance to design the right professional infrastructure for the discipline from scratch.
An active statutory regulator, an expanded ICVCM, or a new purpose-built body — which of the three is the right answer is not yet settled. Each option has a serious case. Whoever ends up owning the rating layer will shape what the next decade of the voluntary carbon market looks like.
The agencies themselves are not the problem. They are doing what every emerging rating profession does at its origin: building methodologies, hiring analysts, signing buyers, iterating their scales. The problem is the empty space above them — the absence of the regulatory or professional ceiling that, in every comparable discipline, distinguishes a credible opinion from a powerful one.
"Who pays?" is, in the end, the wrong question. The right questions — are they objective, and are they independently regulated? — are still open. July 2026 closes part of the gap. The rest is the next decade's work.
What does a carbon rating agency actually rate?
A carbon rating agency rates the quality and risk of individual voluntary carbon credits — not the standards that issue them, and not the registries that store them. The three largest agencies (BeZero, Sylvera, Calyx Global) have converged on the same 8-point AAA–D letter scale; Renoster uses a numeric, model-driven score. Each agency applies its own weighting across additionality, permanence, leakage, baseline, and co-benefits, which is why the same project routinely receives different scores from different raters.
Why do different agencies often disagree on the same credit?
Each agency uses a different methodology, weights inputs differently, and applies its own qualitative judgment on items like baseline conservatism and counterfactual risk. The same divergence exists in credit-bond ratings between Moody's, S&P and Fitch — but there the disagreement is bounded by methodology disclosure rules and supervisory review. In carbon ratings, neither layer currently exists.
When does the EU ESG Ratings Regulation apply, and does it cover carbon ratings?
Regulation (EU) 2024/3005 applies from 2 July 2026. ESMA becomes the direct supervisor of ESG rating providers offering services in the EU, with notifications due between 2 August and 2 November 2026. Whether carbon credit ratings fall squarely within "ESG ratings" is being interpreted by ESMA during 2026; the operational answer will depend on authorisation decisions and forthcoming technical guidelines.
Does ICVCM govern carbon rating agencies today?
No. ICVCM's mandate, expressed through the Core Carbon Principles and Assessment Framework, governs carbon credits and crediting programmes — not the methodologies of rating agencies or the conduct of the firms that produce ratings. By early 2026, ICVCM had approved 40 methodologies and rejected 25, with further programme and methodology decisions in May 2026 (including GCC becoming CCP-Eligible). Whether ICVCM should expand to cover the rating layer is one of the open structural questions raised in this article.
Why is the auditor analogy stronger than the credit-rating analogy?
Auditors are paid directly by the firms they audit — the same issuer-pays dynamic that creates concern in carbon ratings. Audit functions despite that conflict because of professional infrastructure: PCAOB/FRC oversight, mandatory independence rules, partner rotation, prohibitions on advisory services for audit clients (post-SOX), and statutory liability. The model demonstrates that issuer-pays can work, but only with full professional scaffolding — which carbon ratings currently lack.
What are the three structural options for closing the governance gap?
(1) Statutory regulation by securities/financial regulators (ESMA-style extended globally); (2) Expanding ICVCM's mandate to include rating agency governance and conduct; (3) A new purpose-built global body modelled on the PCAOB for auditors or IOSCO for securities. Each has merits and constraints — and which option is right is still open.
Every agency-specific claim above is verifiable against a primary source. The list below collects them, alongside the regulatory and integrity-body references used elsewhere in the piece.
Climate Decode is publishing its deep-dive VCM 2026 Market Outlook — covering pricing trends, CCP-labelled credit demand, Verra VCS v5.0 impact, and Gold Standard Paris Agreement alignment. Subscribers get priority access before public release.
Monthly cadence • No spam • Unsubscribe anytime
Canopy is the procurement workspace for voluntary carbon credits — every publicly available view on a credit in one place, with the factual differences between them surfaced transparently. Buyers keep the judgement on weighting.