.svg)
The call by three of the EU’s major financial supervisors for tighter and more harmonised oversight of crypto-asset markets, aimed at addressing flaws in the EU’s crypto regime, could create new compliance challenges for payments firms.
In a joint position document sent to the EU’s overseers, Italy’s Commissione Nazionale per le Società e la Borsa (Consob), France’s Autorité des Marchés Financiers (AMF) and Austria’s Finanzmarktaufsichtsbehörde (FMA) said they identified “major differences” in national supervision during the first months of the Markets in Crypto Assets (MiCA) regulation’s application.
The regulation, which has been in force since December 30, 2024, introduced a bloc-wide licensing regime for crypto-asset service providers (CASPs) and was hailed as a global first, even by the industry.
Since its introduction, the European Securities and Markets Authority (ESMA) has sought to coordinate the actions of national regulators across the EU.
However, the three authorities said that the disparities in implementation highlight the need “to quickly strengthen the supervisory architecture” to ensure the proper functioning of the European internal market.
Without changes, they warned, national regulators might have to use MiCA’s precautionary measures to protect investors in their countries from firms that are authorised in other EU states.
Recommended improvements
The regulators also flagged weaknesses in provisions covering European intermediaries’ access to platforms based outside the bloc, saying these gaps “undermine investor protection” and “jeopardise the competitiveness of European market participants”.
Consob, the AMF and the FMA put forward four initial proposals to improve MiCA:
- Establish direct ESMA supervision of the largest crypto-asset service providers to ensure uniform enforcement of the rules and avoid any “opportunistic choices” of jurisdiction, potentially lowering supervisory costs.
- Introduce stricter rules for non-EU platforms, so that intermediaries executing crypto-asset orders for EU clients are required to use platforms compliant with MiCA or equivalent standards.
- Require independent cybersecurity audits before and after authorisation to address the sector’s high cyber-risk exposure, covering asset protection, resilience to attacks and incident management.
- Impose clearer scrutiny of white papers and create a single EU access point for token offering filings, excluding stablecoins, to add legal certainty and streamline processes.
The authorities stressed that their proposals are “not exhaustive” and seek closer alignment with recommendations issued by the Financial Stability Board and IOSCO in 2023.
Worries for Brussels
Originally proposed in 2020, MiCA was intended to bring legal clarity and consistency to the EU’s fragmented crypto rules and boost market confidence.
During the previous US administration, the regulation seemed to be favoured by the crypto industry, providing at least some clarity on compliance expectations.
However, under President Trump, the US attitude to crypto has pivoted, leaving Europe the more sceptical jurisdiction.
Actions and interventions by both the UK and EU regulators and policymakers have shown that the region is far from crypto-friendly.
The call from three of the EU’s largest national regulators signals a push for a second phase of reforms just months after the regime came into force.
The regulators’ ideas are framed as investor-protection measures and an attempt to prevent so-called race-to-the-bottom authorisations.
However, for the industry they would mean tighter supervision, fewer loopholes and higher compliance obligations, especially for large players and intermediaries that have been using non-EU platforms.
The impact of the suggestions
The proposals would once again significantly change how crypto firms operate in the EU.
Direct supervision by ESMA of the largest service providers would shift oversight from national regulators to the bloc’s central markets watchdog, headquartered in Paris. This would affect large players such as Coinbase that have already established relationships with national regulators.
Although this could create a more level playing field and curb jurisdiction shopping, it also risks imposing stricter oversight, higher regulatory costs and less flexibility for big players, potentially making the EU a less attractive market for investment.
Stricter rules on non-EU platforms would also limit the ability of EU intermediaries to route client orders through offshore exchanges, extending compliance expectations to players outside the EU.
Unless those platforms were to seek MiCA-equivalent approval, firms could face reduced access to liquidity and trading venues, potentially reshaping market relationships in a highly globalised industry.
Mandatory cybersecurity audits prior to authorisation and at regular intervals thereafter would also further increase compliance obligations.
Delays likely
The proposals are intended to bolster resilience against attacks and protect investors’ assets, but they could be particularly burdensome for smaller providers, given that the crypto industry is still nascent.
However, there is likely to be a significant gap between the regulators making their suggestions and any tangible change taking place.
Implementing the proposed reforms will not be straightforward. Crypto firms have already invested heavily in MiCA compliance and may see new requirements as moving the goalposts, leading to intense lobbying at EU level.
In addition, EU financial legislation moves slowly: the European Commission first proposed MiCA in September 2020, yet it only came into force at the end of 2024.
Some member states will be displeased by the proposals, having fought to retain national control over licensing and supervision. Transferring those powers to ESMA would therefore be politically sensitive and likely contentious.
The likelihood is that, for now, MiCA compliance will remain a case of business as usual.
