Just months after the EU’s crypto rulebook, MiCA, took effect on 30 December 2024, three national regulators are already flagging gaps, reports Regulation Tomorrow. France’s AMF, Austria’s FMA, and Italy’s Consob jointly warn that the framework risks fragmentation and weak investor protection unless changes are made.
The authorities want the European Securities and Markets Authority (ESMA) to directly supervise the biggest crypto-asset service providers. The model would mirror the banking sector’s Single Supervisory Mechanism, giving ESMA powers to approve, monitor and sanction. The regulators argue this would cut down on regulatory arbitrage and lower compliance costs by creating one standard across the EU.
Another sticking point is the way global platforms structure their EU access. Often, orders from European clients are routed abroad via brokers registered as CASPs in the EU. The result: core trading decisions fall outside EU oversight, and investors miss out on MiCA protections such as cyber-resilience standards or safeguards against market abuse. The NCAs propose stricter rules on delegation to third-country entities, only allowing it where legal regimes are equivalent and cooperation agreements are in place.
Cybersecurity audits
Weaknesses in MiCA’s treatment of cybersecurity also drew attention. The three regulators want mandatory audits by independent providers before authorisation, with regular follow-ups. A Europe-wide certification scheme for auditors could anchor consistent standards.
For token offerings, the NCAs see inefficiency in today’s fragmented notification process. They propose a one-stop shop at ESMA, covering all but stablecoin issues. The aim is to simplify filings and ensure uniform application of rules across the Union.
The joint note does not amount to legislation yet. But coming so soon after MiCA’s start, the message from Paris, Vienna and Rome is clear: the framework may need more than just fine-tuning to deliver on its promises.
