Table of Contents

1. MiCAR at a Glance
   1. MiCAR as Part of the Digital Finance Package
   2. MiCAR’s Vision and Taxonomy
      1. Duties and Obligations
      2. Regulatory Yardsticks
   3. AML provisions
      1. Point of Sale Obligations
      2. Transactions-related Obligations
   4. EBA/ESMA Report on Developments in Crypto-assets
2. Status Quo after one Year MiCAR
   1. MiCAR Goes Live: Timeline & Grandfathering
   2. Level II and below: Regulations, Delegated Acts, Technical
      Standards, & Guidelines
   3. Adoption in the Market
3. Influencing Factors and Relevant Statements
   1. ESMAs Supervisory Briefing: Authorization of CASPs
   2. Peer Review on Maltas CASP Authorization and Supervision
   3. Austria’s, France’s, and Italy’s Quest for Consistent Supervision
4. Pooling Supervision at EU Level
   1. Transfer of Supervision of CASPs
   2. Financial Services Providers with a National License
   3. Supervisory Powers of ESMA and Transitional Provisions
5. Quo Vadis?

A. MiCAR at a Glance

I. MiCAR as Part of the Digital Finance Package

The EU-regulation MiCA,^[1]Regulation 2023/1114 of 31 May 2023 on markets in crypto-assets, and amending Regulations 1093/2010 and 1095/2010 and Directives 2013/36 and 2019/1937, OJ L 150/40, 9.6.2023. being fully applicable since December 30, 2024,^[2]See for further details Zetzsche Dirk A./Annunziata Filippo/Arner Douglas W./Buckley Ross P., The Markets in Crypto-Assets Regulation (MICA) and the EU Digital Finance Strategy, 16 Capital Markets … Continue reading is a cornerstone of the European Commission’s Digital Finance Package^[3]The Digital finance package aims to regulate the use of innovative technologies in the financial sector: <finance.ec.europa.eu/publications/digital-finance-package_en>. and establishes a harmonized regulatory framework within the EU^[4]See for the Swiss regulatory framework: Weber Rolf H./Baisch Rainer, Switzerland, in Lehmann Matthias/Morishita Tetsuo (eds.), Cryptocurrencies in National Laws – A Global Survey, Leiden/Boston … Continue reading for all crypto-assets that are not classified as financial instruments under MiFID.^[5]MiFID (2014 replaced by MiFID II) harmonizes the financial markets in the European single market; Directive 2014/65 of 15 May 2014 on markets in financial instruments and amending Directive 2002/92 … Continue reading

Cryptocurrencies and stablecoins remain a key focus point for EU authorities. MiCAR clarifies that the tradability of crypto-assets^[6]See for a general overview regarding crypto-assets: Weber Rolf H./Baisch Rainer, Cryp­to­as­sets: Taxonomy and Regulatory Approaches, 39 Banking and Finance Law Review 2023, 467; Buckley … Continue reading and their use as a means of payment or store of value with the expectation of a return do not necessarily lead to a classification as a financial instrument because the absence of a return option comparable to a dividend or interest (except for staking) is not the sole determining factor.^[7]However, derivatives, such as crypto-asset futures, which represent e.g. an agreement for a future Bitcoin purchase at a fixed price, or a crypto-asset option, which grants the right to buy or sell a … Continue reading A regulatory and supervisory challenge is the wide area of crypto derivative trading offered 24/7 accessible to everyone;^[8]See regarding the crypto-derivative market Dell’Erba Marco, Crypto-Derivatives, 2025 University of Illinois Law Revue, 1613, 1667: “ […] bringing with them well-known risks that regulators are … Continue reading in principle, in the EU such instruments are in the scope of MiFID, in consequence, the respective service providers must be fully com­pli­ant with MiFID.

In the EU, next to MiCAR, crypto-asset markets are covered by the revised AML Regulation (AMLR3),^[9]Regulation 2024/1624 of 31 May 2024 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, OJ L, 2024/1624, 19.6.2024. the sixth AML Directive (AMLD6),^[10]Directive 2024/1640 of 31 May 2024 on the mechanisms to be put in place by Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist … Continue reading and the Transfer of Funds Regulation (TFR5).^[11]Regulation 2023/1113 of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets and amending Directive 2015/849, OJ L 150/1, 9.6.2023.

Some tokens are unsuitable as regulatory objects due to the lack of a clearly identifiable issuer, meaning that the legal requirements must primarily target CASPs (Crypto Asset Service Providers). Thus, while the cryptocurrency Bitcoin is not regulated by MiCAR,^[12]Difficulties regarding a clear classification of tokens arise when there is no issuer (e.g., Bitcoin). Legally, a Bitcoin embodies neither rights nor obligations, which is why it lacks the … Continue reading the ESAs^[13]Within the framework of the Joint Committee of the European Supervisory Authorities (JC-ESA’s) the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority … Continue reading classify Bitcoin (without providing a detailed explanation) as a crypto-asset within the meaning of MiCAR,^[14]Regarding the classification of Bitcoin as a crypto asset according to MiCAR see also Völkel Oliver, Art. 3 N 26 seq., in: Kalss Susanne/Krönke Christoph/Völkel Oliver (eds.), Crypto-Assets, … Continue reading even though there is no issuer. Although Bitcoins lack intrinsic value according to Article 3. 1(5) MiCAR, the ESAs consider it sufficient that a valuation takes place within the context of a transaction between seller and buyer, or that other market participants demonstrate this through pricing.^[15]The same applies to other “meme coins”, that are traded on a marketplace with public prices. Therefore, anyone offering a service involving crypto-assets such as Bitcoins must have authorization from the competent national supervisory authority (NCA). The MiCAR authorization framework for CASPs covers all those offering services in the EU related to crypto-assets (crypto exchanges, wallet providers, etc.).

The licensing process presented significant challenges for previously un­li­censed CASPs, particularly those lacking experience with supervisory standards and practices. Established financial service providers that already hold a MiFID license can generally also offer crypto-asset services; then, only a notification procedure to the NCA is required. Because the MiCAR re­quire­ments are not as extensive as those for traditionally regulated financial institutions, these providers already meet a higher level of requirements. For CASPs that were nationally approved before MiCAR, a simplified procedure was available to demonstrate compliance with MiCAR regulations.

II. MiCAR’s Vision and Taxonomy

1. Duties and Obligations

From this outset, MiCAR’s primary legislative vision was an alignment of the regulations governing crypto-assets as closely as possible with the rules applying within the traditional financial market law. In consequence, MiCAR provisions often follow established financial market rules. Chapter 2 of MiCAR “Obligations for all CASPs” (Articles 66 to 74) specifically defines important rules:

• Obligation to act honestly, fairly, and professionally in the best interests of customers (Article 66);
• Prudential requirements (Article 67): minimum capital requirement and adequate insurance policy to ensure the financial security of the company through adequate equity capital;
• Governance arrangements & NCA notification obligations (Articles 68 and 69): “fit and proper” requirements, qualifications of employees, investors, and the governing body (shareholders) to ensure continuity and regularity in the performance of their crypto-asset services;
• Safekeeping of customers’ crypto-assets and funds (Article 70): seg­re­gated and secure custody of client assets to safeguard the ownership rights of clients, especially in the event of CASPs insolvency, and no own account use of clients’ crypto-assets;
• Complaints-handling procedures (Article 71): establish and maintain ef­fec­tive and transparent procedures for the prompt, fair, and consistent handling of complaints received from customers free of charge;
• Identification, prevention, management, and disclosure of conflicts of in­ter­est (Article 72);
• Outsourcing (Article 73): CASPs outsourcing services or activities to third parties for the performance of operational functions remain fully responsible;
• Orderly wind-down of crypto-asset service providers (Article 74).

In addition, it is mandatory to implement an effective risk management, keep track of correct and complete documentation of all business transactions, and monitor and detect illegal activities and/or market abuse. All these general requirements are like those in traditional securities trading.

2. Regulatory Yardsticks

The MiCAR taxonomy covers crypto-assets made available in the EU and distinguishes between three groups: (i) asset-referenced tokens (ART), where a “stable” value is to be ensured by reference to another asset, right, or a combination thereof; (ii) e-money tokens (EMT), where a “stable” value is to be ensured by reference to an official fiat currency; and (iii) other crypto assets as a collective category that includes cryptocurrencies (Bitcoin, Ether, etc.) and investment tokens that do not qualify as transferable securities.^[16]See Weber Rolf H./Baisch Rainer, Regulatory Guardrails for “Stablecoins”, 42 Banking and Finance Law Review, 2025, 111; for the German law see Omlor Sebastian, Stablecoins unter MiCAR: … Continue reading

In general, each token must be analyzed separately, so that, regardless of the principles of “technology neutrality” and “substance over form”, a hierarchical approach must be followed; that is, if a digital asset exhibits characteristics of a financial instrument, these aspects take precedence in classification.^[17]An issuer is obliged to explain in the crypto-asset whitepaper why the crypto asset in question does not meet the criteria of a financial instrument; however, the NCA may reach a different … Continue reading Utility tokens, NFTs (non-fungible tokens),^[18]NFTs are digital certificates of authenticity or ownership for digital or analog assets stored on a blockchain which can be bought and traded online. If certain qualities are attributed to a NFT, it … Continue reading and central bank digital currencies (CBDCs)^[19]See also Baisch Rainer/Weber Rolf H., Entwicklungen im europäischen Finanzmarktrecht – “Sustainable Finance” und DLT-Regulierung, in: Epiney Astrid/Progin-Theuerkauf Sarah/Zlatescu Petru … Continue reading issued by central banks are not covered by the scope of MiCAR.

MiCAR already changed parts of the crypto universe; Circle, for example, has obtained a license as a major issuer (USDC).^[20]USDC is a widely used cryptocurrency pegged to the US dollar, managed by Circle (<https://circle.com>); they also offer a euro-denominated coin, EURC. Circle has obtained an electronic money … Continue reading Since important implementation deadlines have already passed,^[21]However, it can be expected that investors will then transfer the tokens to a non-custodial wallet or to a non-EU-regulated trading venue. licensed CASPs are no longer permitted to offer custody or trading of unregulated stablecoins like USDT^[22]USDT is the leading cryptocurrency pegged to the US dollar, launched in 2014 by Tether Limited Inc. (<https://tether.to>); Tether does not seem to be willing to submit USDT to the MiCAR regime … Continue reading in the EU – a point reiterated by ESMA.^[23]ESMA, Public Statement – On the provision of certain crypto-asset services in relation to non-MiCA compliant ARTs and EMTs, 17 January 2025; … Continue reading As of March 2026, ESMA meanwhile lists 36 licensed EMT issuers but no ART issuers, as well as 170 CASP.^[24]ESMA provides a central register of white papers, authorized CASPs and non-compliant companies. (Articles 109, 110 MiCAR): preliminary MiCAR register with five CSV files for (i) White papers for … Continue reading

For the time being, it remains to be seen whether ESMA or the EBA together with the NCAs will take further measures against unregulated CASPs;^[25]ESMA has published a supervisory briefing for the NCAs to achieve a convergent approach to MiCAR licensing: ESMA, Supervisory Briefing Authorisation of CASPs under MiCA, 31 January 2025; … Continue reading the transfer of tokens and fiat money to international CASPs not domiciled in the EU remains outside the regulatory perimeter having the consequence that such transfers cannot simply be prevented.

The very narrowly defined reverse solicitation concept^[26]Only if an EU customer actually initiates a crypto-asset service through a third-country company on his own initiative is that third-country company not subject to the MiCAR authorization requirement. would allow a non-EU CASP access to the EU market (Article 61 MiCAR), but in principle, there is no exception to reverse solicitation; rather, there is a prohibition for companies from third countries.^[27]The Guidelines on Reverse Solicitation outline the narrow limits in detail; see ESMA, Guide­lines – On situations in which a third-country firm is deemed to solicit clients established or … Continue reading Because any CASP naturally operates online, the broadly interpreted term “advertising” means that only geo-blocking^[28]However, this regional blocking of websites can be circumvented by using a proxy server, which simulates access via an unrestricted region; this service is provided by VPN (Virtual Private Network) … Continue reading can prevent a website in English, an official language of the EU, from being classified as advertising.

The extensive requirements as well as complex transparency, disclosure, and reporting obligations under MiCAR^[29]See Baisch Rainer, Entwicklungen im europäischen Finanzmarktrecht – Umsetzung der Vorgaben im Bereich “Sustainable Finance” und “Digital Finance”, in: Epiney Astrid/Progin-Theuerkauf … Continue reading are further specified in numerous delegated acts (guidelines and technical standards) issued by ESMA^[30]In accordance with the multi-stage EU regulatory process, MiCAR delegates numerous tasks to ESMA; this has resulted in a flood of technical regulatory and implementing standards as well as Level 3 … Continue reading and EBA.^[31]See EBA, Asset-Referenced and E-money Tokens (MiCA): In February 2026, 15 RTS/ITS, 8 Guidelines, 5 Opinions, 2 Decisions, 2 Reports, and 7 Other publications are available for download; … Continue reading Of particular importance are the minimum standards for ensuring the redemption of EMTs at any time. Generally, reserves of at least 30% (or 60% for “significant EMTs”) must be held in segregated accounts at licensed credit institutions; furthermore, only secure, low-risk, highly liquid financial instruments denominated in the same currency are permitted.^[32]The continuous reporting obligations (Article 30 MiCAR) ensure that up-to-date information on reserves is always available; see also Möslein Florian, Art. 30 N 4, in: Kalss Susanne/Krönke … Continue reading ART/EMT issuers are required to submit a redemption plan designed to guarantee the orderly redemption of the tokens, even if the issuer encounters difficulties.^[33]EBA, Guidelines on redemption plans under Articles 47 and 55 of Regulation 2023/1114, 9 October 2024 (application date/compliance deadline 10.02.2025); … Continue reading

The EBA has defined the criteria for the significance of stablecoins^[34]Criteria for classifying ARTs and EMTs as significant: see Articles 43 and 56 MiCAR: Commission Delegated Regulation 2024/1506 of 22 February 2024 supplementing Reg­u­la­tion 2023/1114 … Continue reading and is also authorized to intervene in product transactions.^[35]Commission Delegated Regulation 2024/1507 of 22 February 2024 supplementing Reg­u­la­tion 2023/1114 by specifying the criteria and factors to be taken into account by the European … Continue reading ART and EMT are considered significant if three of these criteria are met: (i) the number of ART/EMT holders exceeds 10 million; (ii) the total value of issued ART/EMT exceeds €5 billion; (iii) the average number and estimated aggregate value of transactions exceed 2.5 million transactions or €500 million per day; (iv) the ART/EMT issuer is classified as a gatekeeper^[36]In September 2023, six gatekeepers were named (Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft). In April 2024, the Commission also designated Booking as a gatekeeper for its online … Continue reading under the DMA;^[37]DMA: Regulation 2022/1925 of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives 2019/1937 and 2020/1828 (Digital Markets Act), OJ L 265/1, 12.10.2022. (v) the issuer is classified as a significant issuer internationally; (vi) there is a high degree of integration with the financial system; (vii) the issuer of multiple ART/EMT is also active as a CASP.^[38]Among other things, it must be determined whether the activities of the ART/EMT issuer are considered significant at the international level outside the EU and under what conditions ART/EMT or their … Continue reading

III. AML provisions

1. Point of Sale Obligations

The MiCAR KYC requirements lead to an increased vigilance based on detailed and robust checks of customers because only thorough customer verification processes can finally prevent illegal activities such as money laundering and terrorist financing. Next to the onboarding process a protocolled transaction monitoring must be in place to identify suspicious crypto wallets and transactions. The very explicit customer due diligence requirements on CASPs under MiCAR are much more detailed than most previous national crypto regimes.

Therefore, the processes for account opening and customer onboarding, for continuous monitoring of the business relationship itself, as well as for the transaction reporting require the attention of CASPs and NCAs. Article 68 of MiCAR refers to the AML/CFT obligations within the EU; in consequence, not only full name verification and date of birth as well as nationality against a government-issued identity document is mandatory but also the residential address must be validated (utility bill, bank statement, etc.).^[39]In the near future, with the eIDAS 2.0 EU Digital Identity Wallet a cryptographic credential verification can partially replace the traditional document-based identity checks: … Continue reading Equally, a general sanctions and PEP screening (politically exposed person) in the light of EU consolidated sanctions lists, national watchlists, and respective databases is required (with daily rescreening).

Furthermore, to determine the beneficial owner the source of funds must be assessed. During the ongoing monitoring, the transaction pattern analysis should be able to detect behavior not consistent with the documented customer profile. In addition, a periodic review of client information and the monitoring of unusual activities should be integrated into the compliance processes. Any failure to do so might lead to severe fines under MiCAR’s penalty framework and AMLD penalties.

2. Transactions-related Obligations

Under MiCAR it is mandatory to report suspicious activities and disclose relevant transaction information to authorities to ensure transparency. In practice, standardized reporting methods must be in place addressing also stablecoin transactions to curb their misuse for illegal activities. To prevent violations of money laundering regulations, from 2026 all CASPs are required to document the data of the sender and the beneficiary for all transfers.^[40]EBA, Guidelines on information requirements in relation to transfers of funds and certain crypto-assets transfers under Regulation 2023/1113 (‘Travel Rule Guidelines’), 4 July 2024; … Continue reading The Travel Rule based on the TFR is applicable to all crypto-asset transfers regardless of the amount and, therefore, requires that the identity information “travels” with every crypto transaction; in consequence, the originator’s CASP is obliged to collect and transmit the full name, the account number/wallet address as well as additional information (residential address, national ID number, or date of birth) of the originator and the beneficiary. This data must be transmitted to the receiving CASP at least simultaneously with the transfer so that whenever the verification process fails (either due to missing originator data or inconsistent beneficiary data) the transfer can be rejected.^[41]See also regarding wallet-regulation Baisch Rainer/Weber Rolf H., “Sta­ble­coins” – Herausforderungen für die Regulierung, GesKR 2025, 23; Baisch Rainer/Weber Rolf H., … Continue reading

In addition, for non-custodial wallets, a wallet ownership verification will be required before the transaction once the value of the transferred amount exceeds €1,000^[42]The TFR (Fn 11) implements the FATF recommendations on virtual assets and extends the obligation of CASPs to provide details of the parties involved in the transaction (payer and payee) when … Continue reading or is suspect to money laundering / terrorist financing. In such cases a transfer triggers an obligation for the involved CASP to verify that the wallet owner is identical to the declared originator or beneficiary. In practice, a wallet owner must prove his ownership with cryptographic message signing, micro-transfer verification, or other forms of technical attestation. This application of the Travel Rule results in a data exchange obligation between CASPs similarly to traditional banking (SWIFT messages carry standardized originator/beneficiary data); however, within the crypto universe, there is still no standardized messaging format established. In prac­tice, it is therefore challenging to run a system which is capable to collect/receive, transmit, and verify the required data; in addition, the automized data processes must not only screen all originators/beneficiaries regarding completeness and against sanctions lists in real time to reject forbidden transfers but also keep the records for at least five years.

IV. EBA/ESMA Report on Developments in Crypto-assets

According to Art. 142 MiCAR, the European Commission is required to submit a report to the European Parliament and the Council on developments in crypto assets; in consequence, a contribution from the EBA and ESMA has been requested for this purpose.^[43]EBA & ESMA, Joint Report – Recent developments in crypto-assets (Article 142 of MiCAR), 16 January 2025; … Continue reading

Two findings are particularly noteworthy:

1. The number of DeFi hacks and the value of stolen crypto assets have developed relative to the growth of the DeFi market. However, the threat is shifting from hacks that exploit on-chain vulnerabilities (“exploit of smart contract vulnerabilities and price manipulation attacks”) to off-chain attacks (“compromising the private keys that give access to non-custodial wallets”).
2. Regarding crypto lending, borrowing, and staking, the report points to information asymmetries because users have insufficient information about the terms and conditions (“fees, interest rates, returns, etc.), the requirements for collateral, and their rights and obligations in the event of a dispute or insolvency […] information on those aspects is often not clear or misleading […] disclosures are insufficient […] hindering […] ability to properly identify and assess all potential risks […] ”). Fur­ther­more, warnings are issued about risks posed by potentially excessive leverage and market concentration.

B. Status Quo after one Year MiCAR

I. MiCAR Goes Live: Timeline & Grandfathering

In principle, MiCAR is based on a common authorization approach that all NCAs need to follow; in consequence, from January 2025, CASPs must apply for a license to be allowed to operate within the EU. Until the end of not uniform grandfathering periods of up to 18 months existing crypto firms continue operating. Due to the option to shorten the transitional regime, NCAs ended up with different grandfathering periods.

Because some transitional periods have already ended and the remaining end in June 2026, ESMA expects that not yet authorized crypto service providers have implemented wind-down plans or at least have them ready for implementation ahead of the end of the remaining transitional periods in case they should not be authorised by then.^[45]ESMA, Statement on MiCA Transitional Measure, 4 December 2025; … Continue reading This can include the transfer of the crypto-assets held for their clients to another already aurthorized CASP. NCAs are requested to treat “last minute” applications with caution being ready to initiate enforcement proceedings against the unauthorized provision of crypto-asset services.

II. Level II and below: Regulations, Delegated Acts, Technical Standards, & Guidelines

The manifold interlocking regulatory and supervisory powers of the ESAs, combined with those of the ECB, as stipulated by MiCAR, result in a complex network. The practical implementation of this cooperation is further complicated by, among other things, the fragility of the sectoral boundaries between crypto-assets and financial instruments.^[46]See Chirulli Paola, The (R) Evolution of the EU Financial Supervisory Framework: Architecture in Search of an Architect?, 36/2 European Business Law Review 2025, 259 ff., 276 ff. It is extremely challenging to keep track of all the relevant texts, let alone mentally grasp their complexity; to highlight the dimension, the following list illustrates the sheer scale of the problem.^[47]Latham & Watkins, MiCA: Summary of All Texts (December 2025); <https://www.lw.com/en/markets-in-crypto-assets-regulation-tracker/mica-all-texts>.

• MiCA – the Regulation itself: Regulation 2023/1114 on Markets in Crypto-Assets.
• Four MiCAR “supplementing” Delegated Regulations:
  one addressing the powers of competent authorities, product in­ter­ven­tion powers, and three regarding Requirements for significant ARTs / EMTs:
  • Commission Delegated Regulation 2024/1507 specifying the criteria and factors to be taken into account by ESMA, the EBA, and com­pe­tent authorities in relation to their intervention powers;^[48]See Fn 35.
  • Commission Delegated Regulation 2024/1503 specifying the fees charged by the EBA to issuers of significant ARTs and issuers of sig­nif­i­cant EMTs;^[49]Commission Delegated Regulation 2024/1503 of 22 February 2024 supplementing Reg­u­la­tion 2023/1114 by specifying the fees charged by the European Banking Authority to issuers of … Continue reading
  • Commission Delegated Regulation 2024/1504 specifying the pro­ce­dural rules for the exercise of the power to impose fines or periodic penalty payments by the EBA on issuers of significant ARTs and issuers of significant EMTs;^[50]Commission Delegated Regulation 2024/1504 of 22 February 2024 supplementing Reg­u­la­tion 2023/1114 by specifying the procedural rules for the exercise of the power to impose fines or … Continue reading
  • Commission Delegated Regulation 2024/1506 specifying certain criteria for classifying ARTs and EMTs as significant.^[51]See Fn 34.
• Thirty-seven MiCAR RTS and ITS are sorted into five categories:
  • Fifteen MiCAR RTS and ITS regarding requirements for ARTs, EMTs, and other tokens:
    1. one addressing supervisory colleges for significant ARTs / EMTs:
       – Commission Delegated Regulation 2025/297 with regard to RTS specifying conditions for the establishment and the func­tion­ing of supervisory colleges (for each issuer of a significant ART or EMT);^[52]Commission Delegated Regulation 2025/297 of 31 October 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the conditions for the … Continue reading
    2. one addressing renumeration policy for significant ARTs / EMTs:
       – Commission Delegated Regulation 2025/418 with regard to RTS specifying the minimum content of the governance arrange­ments on the remuneration policy of issuers of significant ART or EMTs;^[53]Commission Delegated Regulation 2025/418 of 16 December 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the minimum content of the … Continue reading
    3. three addressing liquidity requirements for ARTs / EMTs:
       – RTS for further specifying the liquidity requirements of the reserve of assets;^[54]EBA, RTS further specifying the liquidity requirements of the reserve of assets, Status: Final draft adopted by the EBA and submitted to the European Commission; Final report – Draft RTS to … Continue reading
       – RTS for specifying the highly liquid financial instruments with minimal market risk, credit risk, and concentration risk (of the reserve of assets);^[55]EBA, RTS further specifying the highly liquid financial instruments, Status: Final draft adopted by the EBA and submitted to the European Commission; Final Report – Draft Regulatory Technical … Continue reading
       – Commission Delegated Regulation 2025/1264 with regard to RTS for specifying the minimum contents of the liquidity management policy and procedures for certain issuers of ARTs and EMTs;^[56]Commission Delegated Regulation 2025/1246 of 18 June 2025 amending the regulatory technical standards laid down in Delegated Regulations 2017/583 and 2017/587 as regards transparency requirements … Continue reading
    4. three addressing own funds and stress testing for ARTs / EMTs:
       – RTS on the calculation and aggregation of crypto exposure values;^[57]EBA, RTS on the calculation and aggregation of crypto exposure values, Status: Final draft adopted by the EBA and submitted to the European Commission; Final Report – Draft regulatory technical … Continue reading
       – Commission Delegated Regulation 2025/415 with regard to RTS specifying adjustment of own funds requirement and minimum features of stress testing programs of issuers of ARTs or of EMTs subject to such requirements;^[58]Commission Delegated Regulation 2025/415 of 13 December 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying adjustment of own funds … Continue reading
       – Commission Delegated Regulation 2025/419 with regard to RTS specifying the procedure and timeframe for an issuer of ARTs or EMTs to adjust the amount of its own funds;^[59]Commission Delegated Regulation 2025/419 of 16 December 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the procedure and timeframe … Continue reading
    5. two addressing reporting requirements for ARTs / EMTs:
       – Commission Delegated Regulation 2025/298 with regard to RTS specifying the methodology to estimate the number and value of transactions associated to uses of ARTs as a means of exchange and of EMTs denominated in a currency that is not an official currency of a Member State;^[60]Commission Delegated Regulation 2025/298 of 31 October 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the methodology to estimate the … Continue reading
       – Commission Delegated Regulation 2024/2902 laying down ITS with regard to reporting related to ARTs and related to EMTs denominated in a currency that is not an official currency of a Member State;^[61]Commission Implementing Regulation 2024/2902 of 20 November 2024 laying down im­ple­ment­ing technical standards for the application of Regulation 2023/1114 with regard to reporting … Continue reading
    6. one addressing complaints handling for ARTs:
       – Commission Delegated Regulation 2025/293 with regard to RTS to further specify the requirements, templates, and pro­ce­dures for handling complaints (for issuers of ARTs);^[62]Commission Delegated Regulation 2025/293 of 30 September 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the requirements, templates … Continue reading
    7. one addressing conflicts of interest for ARTs:
       – Commission Delegated Regulation 2025/1141 as regards RTS specifying the requirements for policies and procedures on conflicts of interest for issuers of ARTs;^[63]Commission Delegated Regulation 2025/1141 of 27 February 2025 supplementing Regulation 2023/1114 as regards regulatory technical standards specifying the requirements for policies and procedures on … Continue reading
    8. two addressing authorization to issue ARTs:
       – Commission Delegated Regulation 2025/1125 with regard to RTS specifying the information to be contained in an ap­pli­ca­tion for authorization to offer to the public or to admit to trading ARTs;^[64]Commission Delegated Regulation 2025/1125 of 5 June 2025 supplementing Regulation 2023/1114 with regard to regulatory technical standards specifying the information in an application for … Continue reading
       – Commission Implementing Regulation 2025/1126 laying down ITS with regard to the establishment of standard forms, templates, and procedures for the information to be included in the ap­pli­ca­tion for authorization to offer to the public or to admit to trading ARTs;^[65]Commission Implementing Regulation 2025/1126 of 5 June 2025 laying down implementing technical standards for the application of Regulation 2023/1114 with regard to the establishment of standard … Continue reading
    9. one addressing suitability requirements and acquiring a qualifying holding in an ART issuer:
       – Commission Delegated Regulation 2025/413 with regard to RTS specifying the detailed content of information necessary to carry out the assessment of a proposed acquisition of qualifying holdings in issuers of ARTs;^[66]Commission Delegated Regulation 2025/413 of 18 December 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the detailed content of … Continue reading
  • eleven MiCAR RTS and ITS regarding requirements for CASPs:
    1. four addressing requirements for all CASPs:
       – Commission Delegated Regulation 2025/299 with regard to RTS on continuity and regularity in the performance of crypto-asset services;^[67]Commission Delegated Regulation 2025/299 of 31 October 2024 supplementing Reg­u­la­tion 2023/1114 on markets in crypto-assets with regard to regulatory technical standards on continuity … Continue reading
       – Commission Delegated Regulation 2025/1140 with regard to RTS specifying records to be kept of all crypto-asset services, activities, orders, and transactions undertaken;^[68]Commission Delegated Regulation 2025/1140 of 27 February 2025 supplementing Regulation 2023/1114 with regard to regulatory technical standards specifying records to be kept of all crypto-asset … Continue reading
       – Commission Delegated Regulation 2025/294 with regard to RTS on the requirements, templates, and procedures for handling complaints by CASPs;^[69]Commission Delegated Regulation 2025/294 of 1 October 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the requirements, templates and … Continue reading
       – Commission Delegated Regulation 2025/1142 with regard to RTS specifying the requirements for policies and procedures on conflicts of interest for CASPs as well as the details and method­ol­ogy for the content of disclosures of conflicts of interest;^[70]Commission Delegated Regulation 2025/1142 of 27 February 2025 supplementing Regulation 2023/1114 with regard to regulatory technical standards specifying the requirements for policies and procedures … Continue reading
    2. four addressing authorization and notifications to provide crypto-asset services for all CASPs:
       – Commission Delegated Regulation 2025/303 with regard to RTS specifying the information to be included in a notification by certain financial entities of their intention to provide crypto-asset services;^[71]Commission Delegated Regulation 2025/303 of 31 October 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the information to be included … Continue reading
       – Commission Implementing Regulation 2025/304 laying down ITS with regard to standard forms, templates, and procedures for the information to be included in the notification by certain entities of their intention to provide crypto-asset services;^[72]Commission Implementing Regulation 2025/304 of 31 October 2024 laying down implementing technical standards for the application of Regulation 2023/1114 with regard to standard forms, templates and … Continue reading
       – Commission Delegated Regulation 2025/305 with regard to RTS specifying the information to be included in an application for authorization as a CASP;^[73]Commission Delegated Regulation 2025/305 of 31 October 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the information to be included … Continue reading
       – Commission Implementing Regulation 2025/306 laying down ITS with regard to standard forms, templates, and procedures for the information to be included in the application for the authorization of a CASP;^[74]Commission Implementing Regulation 2025/306 of 31 October 2024 laying down implementing technical standards for the application of Regulation 2023/1114 with regard to standard forms, templates and … Continue reading
    3. one addressing acquiring a qualifying holding for all CASPs:
       – Commission Delegated Regulation 2025/414 with regard to RTS specifying the detailed content of information necessary to carry out the assessment of a proposed acquisition of a qualifying holding in a CASP;^[75]Commission Delegated Regulation 2025/414 of 18 December 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the detailed content of … Continue reading
    4. two addressing trading platform requirements:
       – Commission Delegated Regulation 2025/417 with regard to RTS specifying the manners in which transparency data for CASPs operating a trading platform is to be presented;^[76]Commission Delegated Regulation 2025/417 of 28 November 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the manner in which … Continue reading
       – Commission Delegated Regulation 2025/416 with regard to RTS specifying the content and format of order book records for CASPs operating a trading platform;^[77]Commission Delegated Regulation 2025/416 of 29 November 2024 supplementing Regulation 2023/1114 with regard to regulatory technical standards specifying the content and format of order book … Continue reading
  • four MiCAR RTS and ITS regarding white paper and sustainability disclosures:
    – Commission Delegated Regulation 2025/422 with regard to RTS specifying the content, methodologies, and presentation of information in respect of sustainability indicators in relation to adverse impacts on the climate and other environment‐related adverse impacts;^[78]Commission Delegated Regulation 2025/422 of 17 December 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the content, methodologies and … Continue reading
    – Commission Implementing Regulation 2024/2984 laying down ITS with regard to forms, formats, and templates for the crypto-asset white papers;^[79]Commission Implementing Regulation 2024/2984 of 29 November 2024 laying down im­ple­ment­ing technical standards for the application of Regulation 2023/1114 with regard to forms, formats … Continue reading
    – Commission Delegated Regulation 2025/421 with regard to RTS specifying the data necessary for the classification of crypto-asset white papers and the practical arrangements to ensure that such data is machine-readable;^[80]Commission Delegated Regulation 2025/421 of 16 December 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the data necessary for the … Continue reading
    – Commission Delegated Regulation 2025/296 with regard to RTS specifying the procedure for the approval of a crypto-asset white paper (for ARTs issued by credit institutions);^[81]Commission Delegated Regulation 2025/296 of 31 October 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards specifying the procedure for the approval … Continue reading
  • two MiCAR RTS and ITS regarding prevention of market abuse:
    – Commission Delegated Regulation 2025/885 with regard to RTS specifying certain requirements in relation to the detection and prevention of market abuse;^[82]Commission Delegated Regulation 2025/885 of 29 April 2025 supplementing Regulation 2023/1114 with regard to regulatory technical standards specifying the arrangements, systems and procedures to … Continue reading
    – Commission Implementing Regulation 2024/2861 laying down ITS with regard to the technical means for appropriate public disclosure of inside information and for delaying the public disclosure of inside information;^[83]Commission Implementing Regulation 2024/2861 of 12 November 2024 laying down implementing technical standards for the application of Regulation 2023/1114 with regard to the technical means for the … Continue reading
  • five MiCAR RTS and ITS regarding powers of, and cooperation between, competent authorities:
    – Commission Delegated Regulation 2025/300 with regard to RTS on information to be exchanged between competent authorities;^[84]Commission Delegated Regulation 2025/300 of 10 October 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards on information to be exchanged between … Continue reading
    – Commission Implementing Regulation 2024/2545 laying down ITS with regard to standard forms, templates, and procedures for the cooperation and exchange of information between competent au­thor­i­ties;^[85]Commission Implementing Regulation 2024/2545 of 24 September 2024 laying down implementing technical standards for the application of Regulation 2023/1114 with regard to standard forms, templates and … Continue reading
    – Commission Implementing Regulation 2024/2494 laying down ITS with regard to standard forms, templates, and procedures for the cooperation and exchange of information between competent authorities and ESMA/EBA;^[86]Commission Implementing Regulation 2024/2494 of 24 September 2024 laying down implementing technical standards for the application of Regulation 2023/1114 with regard to standard forms, templates and … Continue reading
    – Commission Delegated Regulation 2025/292 with regard to RTS establishing a template document for cooperation arrangements between competent authorities and supervisory authorities of third countries;^[87]Commission Delegated Regulation 2025/292 of 26 September 2024 supplementing Reg­u­la­tion 2023/1114 with regard to regulatory technical standards establishing a template document for … Continue reading
    – Commission Delegated Regulation 2025/885 with regard to RTS on the appropriate arrangements, systems, and procedures as well as the notification templates to be used for preventing, detecting, and reporting suspected market abuse, and on the coordination procedures between the relevant competent authorities for the detection and sanctioning of market abuse in case of cross-border situations.^[88]Commission Delegated Regulation 2025/885 of 29 April 2025 supplementing Regulation 2023/1114 with regard to regulatory technical standards specifying the arrangements, systems and procedures to … Continue reading
• In addition, various MiCAR guidelines, opinions, advice, statements, and decisions were (and will be) published:
  • MiCAR documents with requirements for ARTs, EMTs, and other tokens:
    1. one EBA document addressing significant ARTs / EMTs:
       – Decision concerning the procedure for the classification of ARTs and EMTs as significant and the transfer of supervisory powers and reporting on those tokens following the clas­si­fi­ca­tion as significant under MiCAR;^[89]EBA, Decision – concerning the procedure for the classification of asset-referenced tokens and e-money tokens as significant and the transfer of supervisory powers and reporting on those tokens … Continue reading
    2. three EBA documents addressing liquidity requirements for ARTs / EMTs:
       – Guidelines on establishing the common reference parameters of the stress test scenarios for the liquidity stress tests referred to in Article 45(4) MiCAR;^[90]EBA, Guidelines establishing the common reference parameters of the stress test scenarios for the liquidity stress tests referred in Article 45(4) MiCAR, 19 June 2024 (application date/compliance … Continue reading
       – Opinion on the Commission’s amendments to the RTS further specifying the liquidity requirements of the reserve of assets;^[91]EBA, Opinion on the European Commission’s amendments relating to the final draft RTS to further specify the liquidity requirements of the reserve of assets under Article 36(4) MiCAR, 9 October … Continue reading
       – Opinion on the Commission’s amendments to the RTS specifying the highly liquid financial instruments with minimal market, credit, and concentration risk;^[92]EBA, Opinion on the European Commission’s amendments relating to the final draft RTS to specify the highly liquid financial instruments with minimal market risk, credit risk and concentration risk … Continue reading
    3. one document addressing reporting requirements regarding ARTs / EMTs:
       – Guidelines on templates to assist competent authorities in performing their supervisory duties regarding issuers’ com­pli­ance under Titles III and IV (ART / EMT reporting re­quire­ments);^[93]EBA, Guidelines on templates to assist competent authorities in performing their supervisory duties regarding issuers’ compliance under Titles III and IV MiCAR, 18 December 2024 (application … Continue reading
    4. one document addressing recovery plans regarding ARTs / EMTs:
       – Guidelines on recovery plans under Articles 46 and 55 (to be drafted by issuers of ARTs / EMTs);^[94]EBA, Guidelines on recovery plans under Articles 46 and 55 MiCAR, 13 June 2024 (application date/compliance deadline 13.11.2024); … Continue reading
    5. one document addressing redemption plans regarding ARTs / EMTs:
       – Guidelines on redemption plans under Articles 47 and 55 (to be drafted by issuers of ARTs / EMTs);^[95]EBA (Fn 33).
    6. one EBA-opinion addressing conflicts of interest regarding ARTs:
       – Opinion on EC-amendments relating to the final draft RTS on conflicts of interest for issuers of ART in accordance with Article 32(5);^[96]EBA, Opinion on the European Commission’s amendments relating to the final draft RTS on conflicts of interests for issuers of ART supplementing MiCAR in accordance with Article 32(5), 24 January … Continue reading
    7. one EBA-opinion addressing authorization to issue ARTs:
       – Opinion on the EC-amendments relating to the final draft RTS on the information to be included in the application for authorization to offer to the public and to seek admission to trading of asset-referenced tokens under Article 18(6) MiCAR;^[97]EBA, Opinion on the European Commission’s amendments relating to the final draft RTS on the information to be included in the application for authorisation to offer to the public and to seek … Continue reading
    8. two joint EBA and ESMA guidelines addressing suitability re­quire­ments and acquiring a qualifying holding in an ART issuer:
       – Guidelines on the assessment of the suitability of the members of the management body of ART-issuers and CASPs;
       – Guidelines on the suitability assessment of shareholders and members, whether direct or indirect, with qualifying holdings in ART-issuers and in CASPs;^[98]EBA/ESMA, Joint EBA and ESMA Guidelines on the assessment of the suitability of the members of the management body of issuers of asset-referenced tokens and of crypto-asset service providers & on … Continue reading
    9. one EBA guideline addressing governance arrangements regarding ARTs:
       – Guidelines on the minimum content of the governance arrangements for ART-issuers;^[99]EBA, Guidelines on internal governance arrangements for issuers of ARTs under MiCAR, 6 June 2024 (application date/compliance deadline 20.12.2024); … Continue reading
    10. one ESMA guideline addressing requirements for other tokens:
        – Guidelines on the specification of Union standards for the maintenance of systems and security access protocols for offerors and persons seeking admission to trading of crypto-assets other than ART and EMT;^[100]ESMA, Guidelines on the specification of Union standards for the maintenance of systems and security access protocols for offerors and persons seeking admission to trading of crypto-assets other than … Continue reading
  • MiCAR guidelines with requirements for CASPs:
    1. one ESMA guideline addressing advice and portfolio management requirements:
       – Guidelines on certain aspects of the suitability requirements and format of the periodic statement for portfolio management activities under MiCAR;^[101]ESMA, Guidelines on certain aspects of the suitability requirements and format of the periodic statement for portfolio management activities under MiCAR, 26 March 2025; … Continue reading
    2. one ESMA guideline addressing assessment of knowledge and competence:
       – Guidelines for the criteria on the assessment of knowledge and competence under MiCAR;^[102]ESMA, Guidelines for the criteria on the assessment of knowledge and competence under MiCAR, 20 January 2026; … Continue reading
    3. one ESMA guideline addressing transfer services requirements:
       – Guidelines on the procedures and policies, including the rights of clients, in the context of transfer services for crypto-assets under MiCAR on investor protection;^[103]ESMA, Guidelines on the procedures and policies, including the rights of clients, in the context of transfer services for crypto-assets under MiCAR on investor protection, 26 February 2025; … Continue reading
  • MiCAR guidelines to prevent market abuse:
    – ESMA, Guidelines on supervisory practices for competent authorities to prevent and detect market abuse;^[104]ESMA, Guidelines – On supervisory practices for competent authorities to prevent and detect market abuse under MiCAR, 9 July 2025; … Continue reading
  • MiCAR guidelines classifying crypto-assets:
    – ESAs, Guidelines on templates for explanations and opinions, and the standardized test for the classification of crypto-assets including ARTs;^[105]ESAs, Guidelines on templates for explanations and opinions, and the standardised test for the classification of crypto-assets, under Article 97(1) MiCAR, 10 December 2024; … Continue reading
    – ESMA, Guidelines on the conditions and criteria for the qualification of crypto-assets as financial instruments;^[106]ESMA, Guidelines on the conditions and criteria for the qualification of crypto-assets as financial instruments, 19 March 2025; … Continue reading
  • MiCAR guidelines on reverse solicitation and broker models:
    – ESMA, Guidelines on situations in which a third-country firm is deemed to solicit clients established or situated in the EU and the supervision practices to detect and prevent circumvention of the reverse solicitation exemption under MiCAR.^[107]ESMA, Guidelines on situations in which a third-country firm is deemed to solicit clients established or situated in the EU and the supervision practices to detect and prevent circumvention of the … Continue reading

This list makes no claim to completeness and can and will need to be continuously expanded.

III. Adoption in the Market

Under MiCAR, crypto firms’ services are not any more often un-regulated activities but highly supervised operations, requiring authorization. Nearly all service providers offering some sort of crypto businesses in the EU are classified as CASPs; therefore, they need to be licensed and must comply with operational requirements similarly to intermediaries offering traditional financial services. In consequence, not only token issuers but also exchanges as well as trading platforms, custodian service and wallet providers must register with and report to the relevant authority.

The holder of a CASP authorization must follow conduct-of-business rules and established safeguards for market integrity; in addition, procedures for customer disclosures and complaints handling are required. Most importantly, for any custodian or wallet provider strict rules protecting client assets and asset segregation are mandatory; this also applies when using third-party services while the outsourcing must be fully disclosed. Apart from complex transparency and governance requirements, token issuers (ART/EMT) are also confronted with obligations regarding reserve management and redemption.

Undoubtedly, MiCAR provides severe compliance challenges for CASPs and some almost insurmountable obstacles for crypto businesses in need of a license. Thus, MiCAR pushes smaller providers out of the market, which leads to concentration in the market. In February 2026, around 170 CASP licenses have been granted EU-wide;^[108]ESMA, Interim MiCA Register: Crypto-asset service providers, 23 March 2026; <www.​esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica>. in consequence, there must be at least ten times as much virtual assets service provoders that are operating “illegally” or having left the EU market.

The authorization process has a deterrent effect because of the required details. Apart from the provision of a plausible business plan and solid governance structures, young start-up-like companies struggle with the mandatory specifications regarding management and shareholders. In addition, meeting the expected level of AML and IT-security policies is challenging. Finally, the proof of the minimum capital and the compliance with ongoing reporting standards causes small providers to give up. To pass often multiple rounds of questions and audits requires not only patience but also enough financial support. Consequently, some were merging with bigger ones, re­lo­cat­ing, or just winding down and quitting. Next to the legislative chal­lenges there are technical ones like filing documents in special machine-readable formats or given data structures for order books. In combination with DORA^[109]DORA: Regulation 2022/2554 of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations 1060/2009, 648/2012, 600/2014, 909/2014 and 2016/1011, OJ L 333/1, … Continue reading rules and the AML Travel Rule specifications only highly specialized IT experts can oversee these tasks.

As if that were not enough, the DeFi enthusiasts must accept that not much of the decentralization idea remains because fully decentralized protocols do not fit in the regulatory perimeter. In principle, any kind of centralizing element in a business model, being often unavoidable to collect the earnings and to finance the business, triggers criteria that the operation must comply with MiCAR because then this constitutes a business unit subordinated to regulation.

C. Influencing Factors and Relevant Statements

I. ESMAs Supervisory Briefing: Authorization of CASPs

ESMA was well aware of the complex rampant nature of MiCAR; therefore, a supervisory briefing for the use by NCAs was provided to achieve a convergent approach across national jurisdictions. To inform market participants and the public, a shortened version of this briefing should also provide orientation for CASPs regarding the practical application of MiCAR requirements in the authorization process.^[110]ESMA, Supervisory Briefing – Authorisation of CASPs under MiCA, 31 January 2025; … Continue reading The briefing describes different risk factors that NCAs should consider, and the elevated level of scrutiny expected for CASPs affected by these risks. The main sections are dedicated to “substance and governance”, “outsourcing”, “fit and proper assessment”, and “business plan”.

Within the “substance and governance” chapter, ESMA stresses the im­por­tance of the local CASPs ability to decide autonomously and independent from a mother company; therefore, adequate reporting lines, sufficient in-country personnel, and at least one executive management board member located in an EU jurisdiction is necessary. In addition, the importance and number of functions performed outside the EU must be assessed.

The “outsourcing” section specifies that such arrangements should not lead to a letterbox entity. Especially regarding third party risks, the ICT infrastructure must comply with DORA requirements; also, the outsourcing of AML functions is restricted. Outsourcing the custody of customer assets is only allowed to entities that are also authorized under MiCAR. In recent years, the crypto industry faced a rather low level of regulation and used the resulting sig­nif­i­cant contractual freedom not always to the advantage of their cus­tomers.^[111]See for details Zetzsche Dirk/Sinnig Julia/Nikolakopoulou Areti, Crypto custody, Capital Markets Law Journal 2024, 207; Zetzsche Dirk/Nikolakopoulou Areti, Crypto Custody: An Empirical Assessment, … Continue reading Looking at the “fit and proper assessment”, an executive man­age­ment board should have technical knowledge in the crypto-asset ecosystem, but less management experience can be compensated by board members with experience in the regulated finance industry. Finally, the shortest section addresses the “business plan” which should contain realistic projections of activity over a three-year horizon including a pessimistic scenario.

II. Peer Review on Maltas CASP Authorization and Supervision

Based on the EU approch to legislate through MiCAR in form of a directly applicable regulation, a uniform authorization level is introduced that all NCAs need to follow; however, due to the diversity of the former national legal provisions thereby superseded, national characteristics lead to differences in the implementation phase. In addition, by applying the given option to shorten the implementation period and to handle varying exceptions as set by the NCAs results in different grandfathering periods and timelines.

From January 2025, CASPs operating within the EU should have a MiCAR license or at least be in the authorization process. The grandfathering period of up to 18 months until 30 June 2026 is set to facilitate the transition and application process for previously nationally licensed providers. During this transition phase existing crypto firms are allowed to continue their operations provided that their services are in accordance with the national applicable law before 30 December 2024.

Fostering a comprehensive regulatory framework in a dynamic and rapidly evolving environment requires a consistency across the national im­ple­men­ta­tion levels; therefore, NCAs must ensure a convergent approach from the outset. During the year 2025 NCAs were busy authorizing the national CASP applicants. ESMA considers the authorization process as the gatekeeper ensuring that any licensed CASP is compliant with the MiCAR requirements thus mitigating the key risks of the crypto businesses.

Compared to the tradional finance sector in which securities trading trans­ac­tions are cleared and settled through central counterparties, central securities depositories, and payment systems, crypto trading is often based on a single entity hub. In consequence, there is no central counterparty acting as an intermediary in the contracts in exchange-traded assets and, therefore, there is no third party guarantor of performance.

Through the passport regime any licensed CASP can offer its services in the entire EU single market leading to a situation that the main customer base can be outside the national place of establishment. This has led to concerns in some Member States that other NCAs perform their oversight duties less strict allowing a forum shopping. As a ramification of this licensing regime, it is essential that NCAs have verified trust that MiCAR applications are treated equally at the national level to secure a unified level of investor protection.

The coordinated approach for CASPs authorizations established through the supervisory briefing on CASP authorization was further supported by the analysis of key CASPs authorization cases submitted to NCAs within a dedicated ESMA Group (Digital Finance Standing Committee, DFSC). Triggered through a series of events, ESMA launched a peer review on the authorization and early supervision of a CASP by the Malta Financial Services Authority (MFSA). While one NCA was in the focus it was intended to foster supervisory convergence and improve the supervisory practices of all NCAs.^[112]ESMA, Peer Review Report: Executive Summary – Fast-track peer review on [a CASP] authorisation and supervision in Malta, 10 July 2025; … Continue reading

The peer review covered (i) MFSA’s authorization process of the CASP entities (requirements for authorization, group/shareholders structure and gov­er­nance, conflicts of interests, enforcement processes, compliance with AML requirements), (ii) the supervisory review by MFSA on the CASPs after its authorization, and (iii) the overall adequacy of the supervisory set-up and resources of the MFSA.

The review concluded a good level of expertise within MFSA; however, MFSA was encoraged to keep an eye on the growth in authorization applications and supervised entities to identify any need to scale up and adjust supervisory practices. The presented results clearly criticized that in part CASPs were authorized before several material issues were solved; presumably, MFSA did not ensure that applicants remedy key deficiencies before the authorization was granted. In consequence, MFSAs overall authorization process was not enough thorough partly due to insufficient time used for it which was too short for a proper assessment of compliance with the MiCAR framework.

Acknowledging that any authorization includes some risks that can be addressed through the on-going supervision the inclusion of the supervisory history was neglected. The report suggest that MFSA has disregarded material issues and pending remediation at the time of authorization. It was all the more concerning to the reviewers that apparently certain key authorization aspects were not adequately assessed including (i) the business plan, (ii) potential conflicts of interest, (iii) governance arrangements, (iv) ICT and custody risks, and (v) AML risks and controls.

III. Austria’s, France’s, and Italy’s Quest for Consistent Supervision

In September 2025, three NCAs, the French Autorité des Marchés Financiers (AMF), the Austrian Finanzmarktaufsichtsbehörde (FMA) and the Italian Commissione Nazionale per le Società e la Borsa (CONSOB), proposed four potential improvements to ensure an effective supervision of crypto markets providing better investor protection.^[113]AMF/FMA/Consob, European crypto-asset markets’ framework: proposals from the French, the Austrian and the Italian Financial Markets Authorities, 15 September 2025; … Continue reading

Based on some months experience implementing MiCAR, these NCAs detected major differences in how crypto-markets are being supervised by NCAs; therefore, the coordination efforts of ESMA were citisized as not sufficient. Next to significant coordination cost, “revealed major weaknesses in the text, notably in its approval and supervision mechanisms” are mentioned as well as the lack of a cybersecurity certification at the authorization stage. In consequence, they demand the strengthening of the supervisory architecture. Until such corrections are in place, they threaten to take national action (precautionary measures) if a CASP authorized by another NCA constitutes a risk for their local investors. In addition, they consider some MiCAR requirements as insufficient to ensure that certain risks do not materialize. Especially, risks undermining investor protection^[114]Also, the three NCAs criticize the level of investor protection and the information provided to investors under MiCA. Due to the increasing hybridization of crypto and traditional financial assets a … Continue reading should be mitigated which are allocated in the area of access options offered by CASPs to platforms situated outside the EU not reaching the MiCAR protection level. The three NCAs also refer to recommendations made by the FSB^[115]Especially, recommendation 9 of the FSB report, High-level Recommendations for the Regulation, Supervision and Oversight of Crypto-Asset Activities and Markets, 17 July 2023; … Continue reading and IOSCO^[116]Especially, recommendation 2 of the IOSCO report, Policy Recommendations for Crypto and Digital Asset Markets, 16 November 2023; <www.iosco.org/library/pubdocs/pdf/IOSCOPD747.pdf>. and particularly mention issues raised by the MiCAR application with regard to stablecoins.

The four proposals are:

(i) Direct ESMA supervision of major CASPs to ensure uniform application of the MiCAR rules to avoid forum shopping: The direct ESMA supervision of significant CASPs instead of just a NCA reporting obligation would enhance the effectiveness and scope of supervision;^[117]The cross-border nature of crypto-asset markets which are dominated by only few global players (90% of the trading is concentrated on the ten largest platforms) is used by these major platforms to … Continue reading consequently, a transfer of powers to ESMA, like e.g., in case of the Single Supervisory Mechanism^[118]The single supervisory mechanism (SSM) is the first ‘pillar’ of the banking union, establishing the ECB as the central prudential supervisor of financial institutions. In consequence, the ECB … Continue reading or significant ART/EMT issuers to EBA could reduce fragmentation and ensure a uniform application of the rules.

(ii) Strengthening of rules for platforms operating outside the EU but targeting European investors: Now some third-country platforms are reaching EU customers through licensed CASPs;^[119]The three NCAs are worried because of potential conflicts of interest which are inherent in structures with numerous intra-group transactions; the conditions under which such services are provided … Continue reading therefore, any CASP executing orders should do so only on a platform that complies with MiCAR (or an equivalent regulation assessed by the European Commission).^[120]Trading activities on an order book outside of the EU hinder the trace of order flows and the control of MiCAR prohibitions (e.g., matched principal trading without the customer’s consent); … Continue reading In addition, any delegation of core CASP functions to a third-country entity should only be allowed if in that country the applicable legislation is at least MiCAR equivalent. Alternatively, the third country intragroup service provider could subject itself under full extraterritorial supervision of the CASPs home NCA or of ESMA.

(iii) Improve supervision of platforms to tackle cyber risk by mandatory independent cybersecurity audits^[121]Such an audit service provider should be defined in a harmonized Europe-wide certification scheme for cybersecurity auditors in accordance with Regulation 2019/881 of 17 April 2019 on ENISA (the … Continue reading prior to granting a MiCAR authorization as well as a periodic review: Reducing cyberthreats to protect assets by an optimized resilience to cyber-attacks, and an ongoing incident management.

(iv) Clarification of the scrutiny process on white papers and a single access point for the filing and management of token offerings (excluding stablecoins) to add legal certainty: A one-stop shop for token offerings centralizing the filing and management of token offerings with ESMA^[122]Article 109 MiCAR centralizes only the management of the “white paper” register. simplifies the process for issuers, would ensure a uniform MiCAR application, and could avoid market fragmentation.

D. Pooling Supervision at EU Level

I. Transfer of Supervision of CASPs

As just shown, there is a call from certain NCAs to enhance centralization to harmonize and secure the enforcement of the MiCAR requirements. This initiative might have its roots in the fact that not only the MiCAR regulatees struggle with its implementation, but also since the NCAs of some Member States may be overwhelmed by the volume and technical specificity.

In December 2025, the European Commission published a proposal with the ambition and hope to revive EU’s economy by initiating the revision of various regulations including MiCAR.^[123]European Commission, Proposal for a Regulation amending Regulations 1095/2010, 648/2012, 600/2014, 909/2014, 2015/2365, 2019/1156, 2021/23, 2022/858, 2023/1114, 1060/2009, 2016/1011, 2017/2402, … Continue reading The planned MiCAR amendments providing for the transfer of CASP supervision seek to move the authorization, monitoring, and supervision of all CASPs from NCAs to ESMA;^[124]Article 9 proposes amendments to MiCAR, see European Commission, Proposal (Fn 123), 23. revised definitions in Articles 3 and 59 – 92 MiCAR will render ESMA responsible for all of this, including the provisions that relate to market abuse.

II. Financial Services Providers with a National License

However, financial service providers offering crypto-asset services which are anyway subject to Union legislative acts on financial services and now not being obliged to obtain a MiCAR authorization will continue to be supervised for their crypto-asset activities by their NCA still being allowed to provide all or some crypto-asset services.^[125]European Commission, Proposal (Fn 123), 23. Only when crypto-asset services are the main activity they will be treated as CASPs and the supervision for all their activities will be transferred to ESMA; to organize the new form of supervision, ESMA intends to establish cooperation agreements with the NCAs which then will provide support and assistance to ESMA in the supervision of the activities that are not covered by MiCAR.

III. Supervisory Powers of ESMA and Transitional Provisions

The proposed MiCAR amendment introduces a new section on supervisory powers and competences of ESMA (Title VII: Articles 138a – 138j), including the investigation of infringements of the rules on market abuse;^[126]European Commission, Proposal (Fn 123), 23. the ESMA regulation 1095/2010^[127]Regulation 1095/2010 of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision 716/2009 and repealing Commission Decision … Continue reading will therefore also be amended including the power to carry out on-site inspections, take supervisory measures like suspending the provision of crypto-asset services or withdrawing the authorization under certain conditions, and impose fines.^[128]Article 1 proposes amendments to ESMA Regulation, see European Commission, Proposal (Fn 123), 13 seq. Transitional provisions (Article 143a) shall ensure the smooth transition of supervision from NCAs to ESMA.

ESMA will operate a centralized pan-EU data hub and market surveillance system for all CASPs, building on the ongoing work on MIDAS (Markets Integrity Data Analysis System);^[129]European Commission, Proposal (Fn 123), 383. the system then collects, aggregates, and analyses all transactions and order data reported by CASPs to enhance market integrity and detect market abuse.

Under such a framework, all CASPs would transition from their NCA au­tho­riza­tion to a single, centralized ESMA licensing regime replacing the current system of twenty-seven separate national processes, with no threshold like in the banking sector where only significant institutions fall under ECB supervision. However, there are concerns because such an effort would undermine subsidiarity and proportionality while there is until now no evidence of systemic failures or financial stability risks posed by CASPs. Also, local expertise and established national supervisory practices with good contacts to market participants might get lost; in addition, ESMAs ad­min­is­tra­tive capacity potentially duplicates existing national bureaucracy.

Critics of the centralization proposals argue that the real motivation is the dispute over market share. Because smaller, politically more agile jurisdictions can adapt their regulatory landscape faster than other Member States, they quickly had crypto frameworks in place attracting crypto businesses. Opinions are being voiced that these countries (e.g., Malta) are begrudged their success. Supposedly, this might be the only reason for the accusation that their regulatory authorities are too lax in fulfilling their duties.

Undoubtedly, centralizing supervision bears the risks to slow down innovation because bureaucratic layers reduce responsiveness.^[130]See for the Maltese perspective Buttigieg Christopher P./Gauci Ian, MiCA and the flawed premise of centralised supervision: operational burden vs. supervisory consistency, ERA Forum 2026; … Continue reading Ultimately, the con­sid­er­ate weighing between customer protection and stability versus a playing field for partially unregulated, innovative business models remains with the political institutions. Finally, the EU single-market principles should be respected; therefore, when Member States start to block passported firms for unjustified reasons this might harm the European idea itself. While respecting the principles of subsidiarity and proportionality within the EU, investor protection and financial stability concerns should be aligned with a competitive, innovation friendly environment to foster the development of the internal market.

E. Quo Vadis?

A recent very informative briefing provides interesting background considerations on digital assets not only providing quantitative and qualitative figures on stablecoins but also illustrating how the decentralized and centralized parts of crypto-assets interact.^[131]Becker Durcic Rudi, Iglesias Escudero Santiago, Sabol Maja, Stieber Harald, Verbeken Dirk (Economic Governance and EMU Scrutiny Unit, EGOV), Digital Assets: EU regulatory framework, market uptake, … Continue reading Since the creation of Bitcoin as the first genuine digital asset, many deployed crypto-assets inherit typical risks of traditional centralized financial institutions. On the one hand, stablecoins are based on decentralized public ledgers (such as Ethereum), on the other hand, management decisions are centralized (e.g., management of reserve assets). It remains to be seen whether these insights regarding the risks described will lead to the conviction within the EU regulatory bodies that there is a need for additional regulatory action.

Further market implications will be triggered by OECD’s CARF (Crypto Asset Reporting Framework),^[132]OECD, International Standards for Automatic Exchange of Information in Tax Matters: Crypto-Asset Reporting Framework and 2023 update to the Common Reporting Standard, 2023; … Continue reading implemented 2026 in many countries, and the EU counterpart DAC8;^[133]DAC8, the eighth amendment of the Directive on Administrative Cooperation in Direct Taxation, provides for the automatic exchange of information on crypto-assets between EU countries (tax … Continue reading in consequence, all CASPs holding a MiCAR license which are also involved in the operation of international platforms in, e.g., Malta, will be obliged to transmit users’ crypto data to the tax authorities starting from 2027. Encompassed is a broad scope of crypto-assets including decentralized tokens, stablecoins, and certain non-fungible tokens (NFTs).

During 2026, discussions regarding the risks based on regulatory frag­men­ta­tion versus the risks of centralization will continue throughout the year. It is hard to deny that the current system under MiCAR creates significant inefficiencies because each of the 27 EU Member States establishes its own crypto supervisory management. Differing implementation scrutiny based on a partially locally framed interpretation philosophy will not lead to convergent and uniform enforcement practice undermining MiCAR’s objective to establish consistent rules across the EU. However, Member States positioned as crypto hubs will oppose the centralization plans calling for an improved supervisory convergence instead of potentially ineffective centralized supervision. A balanced approach that considers both regulatory consistency and local expertise would be welcome, leading to a truly unified market. CASPs with strong compliance structures could benefit from potential centralization. The shared goal should be to position the EU as a serious global player in the crypto sector, ensuring long-term planning security.

To sum up, the main practical compliance challenges when applying for a CASP license proved to be the process of authorization because proper documentation often needs the assistance of external consultation support. In addition, the technical demands meeting not only MiCAR compliance but also the DORA resilience rules, as well as the continued application of the AML Travel Rule often require an extensive expansion of the existing IT infrastructure. As a result, MiCAR’s regulatory administrative burden has already led to market concentration.