Key Highlights
- ESMA has launched a supervisory review of crypto custody resilience under the MiCA framework.
- The review will assess how licensed crypto firms protect customer assets and manage operational risks.
- National regulators will inspect custody practices from the second half of 2026 through early 2027.
The European Securities and Markets Authority (ESMA) has launched a continent-wide supervisory review of crypto custody providers under the Markets in Crypto-Assets (MiCA) framework.
According to the announcement made on Wednesday, the Common Supervisory Action (CSA) will examine whether licensed crypto-asset service providers (CASPs) have implemented adequate safeguards to protect customer assets and maintain operational resilience as digital asset adoption continues to grow across Europe.
The review comes as EU regulators continue tightening supervision under MiCA while simultaneously rolling out broader anti-money laundering and investor protection measures across the crypto sector.
What regulators will be looking at
Unlike a new rulemaking initiative, ESMA’s latest action focuses on how existing MiCA requirements are being implemented in practice. National competent authorities across EU member states will conduct inspections of selected licensed crypto firms, concentrating specifically on custody operations.
The review will examine several areas, including governance and risk management, private key generation and storage, transaction authorization controls, incident detection and response, smart contract risks, third-party technology providers, and operational risks associated with distributed ledger technology (DLT).
According to ESMA, the exercise will run from the second half of 2026 through the first half of 2027, after which regulators will publish a consolidated report outlining their findings.
MiCA moves from rules to enforcement
The initiative reflects Europe’s transition from introducing MiCA rules to actively supervising firms that have received authorization under the framework. Rather than issuing additional regulations, ESMA is now assessing whether licensed crypto firms are operating with the level of resilience expected under Europe’s new digital asset regime.
The regulator said digital operational resilience and crypto service providers remain among its highest supervisory priorities as the industry continues to mature.
Part of a broader regulatory push
The custody review is only one piece of a much broader tightening of crypto oversight across the European Union. Earlier this month, ESMA warned that certain crypto event contracts could qualify as financial instruments under MiFID II, meaning many binary-style prediction market products may be prohibited for retail investors under existing EU rules.
The regulator urged firms offering such products to carefully assess whether they fall within the scope of Europe’s long-standing binary options restrictions. At the same time, the EU is also preparing to implement its Anti-Money Laundering Regulation (AMLR), which will introduce significantly stricter compliance obligations for crypto firms beginning in 2027.
Among other measures, the AMLR will prohibit regulated crypto providers from offering anonymous crypto accounts or supporting privacy-enhancing crypto services while strengthening customer due diligence, transaction monitoring, and reporting requirements across the bloc.
What this means for crypto firms in the EU
Taken together, MiCA, AMLR, and ESMA’s supervisory initiatives indicate that European regulators are moving beyond simply licensing crypto firms toward continuous oversight of how they operate. The latest review suggests regulators are increasingly focused on ensuring that licensed firms can securely custody customer assets while maintaining operational resilience as institutional participation in digital assets expands.
As more exchanges, custodians, and digital asset service providers enter the European market under MiCA, the findings from ESMA’s custody review are expected to shape future supervisory expectations and enforcement priorities across the region.
Also Read: BNB Chain Calls for Self-Custody as EU Crypto Rules Tighten Under MiCA
