Regulatory Inconsistency in the European Union’s Markets in Crypto-Assets Regulation (MiCA): Implications and Solutions

CImages8fd55011-fb32-44b2-afc3-a0b627f1f2f9

Abstract

The advent of decentralised ledger technologies (DLT) and the proliferation of crypto-assets have fundamentally reshaped the global financial landscape, presenting both unprecedented opportunities and novel regulatory challenges. In response, the European Union (EU) has taken a pioneering step with the Markets in Crypto-Assets Regulation (MiCA), a landmark legislative initiative designed to establish a harmonised regulatory framework for crypto-assets across its 27 member states. The primary objectives of MiCA are multifaceted: to enhance legal certainty for crypto-asset service providers (CASPs) and users, foster innovation, ensure robust investor and consumer protection, maintain market integrity, and prevent financial crime such as money laundering and terrorist financing. However, the path to seamless implementation of such a comprehensive framework is fraught with complexities. Recent observations, notably the European Securities and Markets Authority’s (ESMA) critical assessment of Malta’s crypto licensing processes, have brought to light significant inconsistencies in the application and enforcement of MiCA’s provisions across various national jurisdictions. These disparities pose a material threat to the overarching objectives of the regulation, risking regulatory arbitrage and undermining the very uniformity MiCA seeks to achieve. This detailed research paper undertakes an in-depth examination of the underlying causes contributing to these regulatory inconsistencies, their far-reaching systemic implications for market stability and integrity within the EU’s single market, and the resultant impact on investor confidence and fair competition. Furthermore, it proposes and elaborates upon a suite of robust mechanisms, both supervisory and cooperative, designed to enforce greater uniformity, promote supervisory convergence, and effectively counteract the perils of competitive leniency and a potential ‘race to the bottom’ in regulatory standards across member states.

Many thanks to our sponsor Panxora who helped us prepare this research report.

1. Introduction

The digital revolution, spearheaded by advancements in blockchain and distributed ledger technologies, has given rise to an entirely new asset class: crypto-assets. These digital innovations, ranging from established cryptocurrencies like Bitcoin and Ethereum to more complex utility tokens, asset-referenced tokens (ARTs), and electronic money tokens (EMTs), have rapidly transitioned from niche technological curiosities to significant components of the global financial ecosystem. Their inherent characteristics – decentralisation, borderlessness, and often, pseudonymous nature – have posed formidable challenges to traditional financial regulatory paradigms, which were largely conceived for centralised, geographically defined financial institutions. The absence of a unified international regulatory approach initially led to a patchwork of disparate national rules, creating regulatory uncertainty, fostering opportunities for illicit activities, and leaving investors vulnerable.

Recognising the imperative for a coherent and comprehensive response, the European Union embarked on an ambitious legislative journey culminating in the adoption of MiCA. Enacted as part of the broader Digital Finance Strategy, MiCA represents a pivotal stride towards establishing a predictable, secure, and innovation-friendly environment for crypto-assets within the EU. Its entry into force signifies a commitment to striking a delicate balance: nurturing technological innovation while simultaneously mitigating the inherent risks associated with novel financial instruments and services. MiCA aims to achieve this by categorising crypto-assets, imposing specific requirements on issuers, and establishing a rigorous authorisation and supervisory regime for CASPs, ensuring a level playing field across the Union. The regulation is particularly significant as it introduces the concept of ‘passporting’ for authorised CASPs, allowing them to operate across all EU member states based on a single license, thereby bolstering the single market for digital finance services.

Despite the legislative intent and the comprehensive nature of MiCA, early signs of its implementation reveal a concerning divergence in national interpretations and enforcement practices. These disparities, particularly highlighted by ESMA’s recent peer review of Malta’s regulatory practices, underscore a fundamental tension between the pursuit of harmonisation at the EU level and the practical realities of national implementation. Such inconsistencies threaten to undermine the efficacy of MiCA, creating avenues for regulatory arbitrage, eroding investor trust, and potentially fragmenting the EU’s single market for crypto-assets. This paper, therefore, is dedicated to an in-depth analysis of these emerging issues. It seeks to uncover the multifactorial root causes of these regulatory divergences, dissect their profound systemic implications for financial stability and market integrity, and critically evaluate their impact on the competitive landscape within the EU. Crucially, it advances a series of actionable recommendations and mechanisms aimed at fostering greater consistency, strengthening supervisory oversight, and ensuring MiCA’s successful and uniform application across the entire European economic bloc.

Many thanks to our sponsor Panxora who helped us prepare this research report.

2. Background

2.1 The Markets in Crypto-Assets Regulation (MiCA)

MiCA stands as a cornerstone of the EU’s Digital Finance Strategy, adopted as Regulation (EU) 2023/1114 of the European Parliament and of the Council, entering into force on 29 June 2023. It represents the first comprehensive regulatory framework for crypto-assets globally, providing a blueprint for other jurisdictions grappling with similar challenges. The regulation is designed to address the unique characteristics of crypto-assets that fall outside the scope of existing financial services legislation, such as the Markets in Financial Instruments Directive (MiFID II), Payment Services Directive (PSD2), and E-money Directive (EMD).

MiCA’s scope is broad, encompassing various types of crypto-assets and the services associated with them. It primarily distinguishes between:

Asset-Referenced Tokens (ARTs): Crypto-assets that aim to maintain a stable value by referencing the value of several fiat currencies, one or several commodities, or one or several crypto-assets, or a combination of such assets. These are often referred to as stablecoins, and MiCA imposes stringent requirements on their issuers, including prudential rules, governance, reserve management, and recovery plans.
Electronic Money Tokens (EMTs): Crypto-assets that aim to maintain a stable value by referencing the value of a single fiat currency. These are treated similarly to electronic money under the EMD, with additional requirements adapted for their DLT nature.
Other Crypto-Assets: Any other crypto-asset not falling under ARTs or EMTs (e.g., utility tokens, certain non-fungible tokens (NFTs) if they meet specific criteria for broader application), for which MiCA primarily sets out requirements for their issuance and for the CASPs providing services related to them.

Crucially, MiCA explicitly excludes crypto-assets already covered by existing financial legislation (e.g., security tokens falling under MiFID II), as well as certain NFTs unique and non-fungible in nature (though this distinction remains an area of ongoing interpretation).

For issuers of ARTs and EMTs, MiCA mandates authorisation by a national competent authority (NCA) and compliance with strict operational, governance, and prudential requirements. This includes the obligation to publish a comprehensive whitepaper, hold adequate capital, and maintain robust reserve assets in the case of ARTs and EMTs.

For Crypto-Asset Service Providers (CASPs), MiCA introduces a rigorous authorisation regime. A CASP is defined broadly as any natural or legal person whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis. The range of services covered includes:

Operation of a trading platform for crypto-assets
Exchange of crypto-assets for fiat currency or other crypto-assets
Transfer services for crypto-assets
Custody and administration of crypto-assets on behalf of third parties
Reception and transmission of orders for crypto-assets
Execution of orders for crypto-assets on behalf of third parties
Placing of crypto-assets
Provision of advice on crypto-assets
Portfolio management on crypto-assets

To obtain authorisation, CASPs must meet stringent organisational, prudential, and conduct-of-business requirements. These include having a sound governance framework, adequate internal controls, minimum capital requirements, robust cybersecurity measures, effective management of conflicts of interest, and adherence to market integrity rules similar to those in traditional finance (e.g., preventing market manipulation). Once authorised by an NCA in one member state, a CASP can ‘passport’ its services across the entire EU, subject to notification requirements to other NCAs and ESMA. This passporting mechanism is central to MiCA’s ambition to create a single market for crypto-asset services, fostering cross-border operations and reducing market fragmentation.

MiCA also grants significant supervisory powers to ESMA and the European Banking Authority (EBA) for certain aspects. ESMA is tasked with developing technical standards (Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS)) to specify the details of MiCA’s provisions, issue guidelines, and conduct peer reviews of NCAs. The EBA plays a similar role concerning ARTs and EMTs, particularly their reserve assets and stability mechanisms. NCAs, however, remain the primary authorising and supervising authorities for most CASPs, with ESMA providing a coordination and oversight role.

The phased implementation of MiCA began in July 2023, with rules for ARTs and EMTs becoming applicable in June 2024, and the full framework for other crypto-assets and CASPs taking effect in December 2024/January 2025. This staged approach allows time for NCAs, ESMA, and the industry to prepare for the new regime, but also highlights the complexity of the transition.

2.2 ESMA’s Critique of Malta’s Licensing Process

In a highly anticipated development in July 2025, the European Securities and Markets Authority (ESMA) concluded a targeted peer review focusing on the application of MiCA’s licensing provisions by the Malta Financial Services Authority (MFSA), Malta’s designated NCA for crypto-assets. This review, a standard tool for ESMA to promote supervisory convergence, yielded a critical assessment that reverberated across the EU’s nascent crypto regulatory landscape (Reuters, 2025a).

ESMA’s findings specifically highlighted several areas of concern regarding the MFSA’s approach to licensing CASPs. Key among these were:

Insufficient Risk Assessment: ESMA identified shortcomings in the depth and rigour of the MFSA’s risk assessment processes during the authorisation phase. This implied that the MFSA might not be adequately scrutinising the inherent risks posed by applicant CASPs, including operational risks (e.g., cybersecurity vulnerabilities, IT system resilience), financial crime risks (e.g., money laundering (AML) and terrorist financing (CTF) risks associated with their business models and client bases), and market integrity risks. A lax assessment in these areas could allow poorly prepared or high-risk entities to gain authorisation, thereby compromising the overall integrity and security of the EU’s crypto market.
Inadequate Consideration of Firms’ Supervisory Histories: The review pointed out that the MFSA was not sufficiently factoring in the past supervisory history of applicant firms or their key personnel. This is a critical element in a ‘fit and proper’ assessment, which aims to ensure that management and significant shareholders possess the requisite competence, integrity, and financial soundness. Overlooking past regulatory infractions, compliance issues, or involvement in questionable activities – whether in Malta or other jurisdictions – could permit entities with a problematic track record to re-establish themselves within the EU regulatory perimeter under MiCA. This creates a significant moral hazard and undermines the preventive objective of the authorisation process. Malta’s historical position as an early mover in crypto regulation, including its prior ‘Virtual Financial Assets Act’ (VFA Act), might have led to a faster processing of applications from firms already present in its jurisdiction, potentially without sufficiently stringent re-evaluation under the new MiCA lens.
Expedited Licensing Process: While not explicitly stated as a direct critique, the implication of the findings suggested that Malta’s processes might be overly expedited, prioritising speed over thoroughness. This could stem from a desire to attract crypto-businesses rapidly, potentially at the expense of comprehensive due diligence required by MiCA. ESMA’s implicit warning was that such practices could lead to a ‘light-touch’ regulatory environment, making Malta an attractive destination for firms seeking less rigorous scrutiny.

ESMA’s emphasis was clear: these practices had the potential to gravely undermine the consistency of MiCA’s application across the EU. If certain NCAs are perceived to be less stringent in their authorisation processes, it creates a powerful incentive for firms to engage in ‘forum shopping’ or ‘regulatory arbitrage’, where they strategically choose the jurisdiction offering the least burdensome or fastest path to authorisation. This phenomenon directly counteracts MiCA’s objective of creating a unified regulatory landscape and a truly level playing field. Moreover, it erodes investor confidence, as stakeholders may view the EU’s crypto market as a fractured environment where the level of protection varies significantly depending on the point of entry. The ESMA critique of Malta therefore served as a stark warning, highlighting the practical challenges in transitioning from a fragmented national approach to a truly harmonised EU-wide regulatory regime for crypto-assets.

Many thanks to our sponsor Panxora who helped us prepare this research report.

3. Causes of Regulatory Inconsistency

The emergence of regulatory inconsistencies in the application of a unified framework like MiCA is a complex phenomenon, driven by a confluence of factors ranging from national legal specificities to economic imperatives and resource disparities. Understanding these root causes is essential for devising effective strategies to promote convergence and ensure MiCA’s intended impact.

3.1 Divergent National Interpretations

Despite the direct applicability of EU regulations, which theoretically bypass the need for national transposition acts that often introduce variances, member states retain significant discretion in interpreting and implementing the detailed provisions of MiCA. This interpretative flexibility stems from several sources:

Legal Traditions and Regulatory Philosophies: European Union member states possess diverse legal systems (e.g., civil law vs. common law) and regulatory cultures. These foundational differences can influence how NCAs approach the letter and spirit of a regulation. For instance, a civil law jurisdiction might favour prescriptive, detailed rules, whereas a common law jurisdiction might rely more on principles-based regulation and supervisory discretion. This can lead to differing interpretations of broad MiCA requirements, such as the ‘fit and proper’ criteria for management, the scope of ‘professional client’ definitions in practice, or the granular requirements for operational resilience and cybersecurity frameworks. What one NCA deems ‘adequate’ or ‘robust’ might be considered insufficient by another, based on their ingrained supervisory philosophies and risk appetites.
Transposition and Implementation Risk (despite direct applicability): While MiCA is a regulation and therefore directly applicable, NCAs still need to integrate it into their national administrative and procedural frameworks. This includes adapting national licensing procedures, enforcement mechanisms, and supervisory methodologies. During this adaptation phase, subtle differences in how rules are translated into practical guidance, national decrees, or supervisory manuals can emerge. Furthermore, any optional provisions within MiCA, or areas where the regulation explicitly allows for national discretion (e.g., certain prudential requirements or fees), can lead to legitimate, but divergent, national choices. This is often termed ‘implementation risk’, where the practical application varies even if the legal text is identical.
Lack of Granular EU-Level Guidance in Initial Stages: As a nascent regulation, MiCA initially provides a broad framework. The detailed operationalisation often relies on subsequent Level 2 measures (Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS)) developed by ESMA and EBA, and Level 3 guidance (guidelines and recommendations). In the interim period before these detailed standards are fully developed and implemented, NCAs are left to interpret MiCA’s provisions independently, often leading to varied national approaches. Even once the technical standards are in place, their practical application can still be subject to national interpretative nuances. The ESMA (2025b) guidelines on MiCA best practices aim to mitigate this, but initial divergence is inevitable.
Specific National Market Characteristics: A member state’s domestic crypto market size, maturity, and historical experience with DLT-based financial services can influence its regulatory approach. A country with a large, established crypto industry might have more expertise but also potentially more vested interests lobbying for specific interpretations, whereas a smaller market might be more cautious or simply lack the resources for in-depth analysis.

3.2 Competitive Pressures

The concept of ‘regulatory competition’ is a powerful driver of inconsistency within a multi-jurisdictional framework like the EU. Member states, acting as sovereign entities, often face strong economic incentives to attract businesses and investment, leading them to adopt more lenient or ‘business-friendly’ regulatory postures. This phenomenon is particularly pronounced in emerging sectors like crypto-assets, where countries vie to become ‘crypto hubs’.

The ‘Race to the Bottom’ Dynamic: When jurisdictions compete by lowering regulatory standards or enforcement intensity, it can initiate a ‘race to the bottom’. Countries may believe that by offering a faster, less burdensome, or less costly licensing process, they can gain a competitive advantage in attracting CASPs, thereby fostering job creation, tax revenues, and innovation within their borders (Wikipedia, Regulatory Competition, 2025). This pursuit of economic benefit can inadvertently lead to a weakening of the overall regulatory framework, as firms migrate to the least stringent jurisdiction, undermining the very purpose of harmonisation.
Forum Shopping: As a direct consequence of regulatory competition, firms engage in ‘forum shopping’, strategically choosing the jurisdiction that offers the most advantageous regulatory environment for their specific business model. This might involve selecting a jurisdiction with lower capital requirements, less intrusive AML/CTF checks, fewer reporting obligations, or simply a quicker authorisation timeline. ESMA itself has warned about this ‘forum-shopping’ risk (JDSupra, 2023). Malta, with its historical ambition to be a blockchain island and its previously expedited VFA licensing, presents a case in point, potentially attracting firms looking for a smoother path to EU market entry under MiCA (ChainCatcher, 2025).
Economic Incentives: The potential economic benefits of attracting innovative crypto firms – ranging from the establishment of new companies and job creation to increased foreign direct investment and technological advancement – can exert significant pressure on national regulators to facilitate market entry. This pressure can manifest as a preference for speed and accessibility over thoroughness in the authorisation process, creating a perceived regulatory advantage.

3.3 Resource Constraints

The effective implementation and enforcement of a complex regulation like MiCA demand substantial resources and specialised expertise. Many NCAs, particularly those in smaller member states, face significant challenges in this regard.

Lack of Specialised Personnel: Regulating crypto-assets requires a unique blend of financial regulatory knowledge, deep technical understanding of DLT, cybersecurity expertise, and proficiency in tackling financial crime in a digital context. Many NCAs struggle to recruit and retain staff with this highly specialised skill set, particularly when competing with the often more lucrative private sector. This can lead to a shortage of qualified personnel capable of conducting thorough and technically informed assessments of CASP applications.
Inadequate Funding and Infrastructure: Effective supervision necessitates robust IT infrastructure, advanced analytical tools for transaction monitoring, and sufficient budget for continuous training of staff. Smaller NCAs or those facing budgetary constraints may lack the necessary financial resources to invest in these critical areas, leading to less sophisticated oversight. This can result in reliance on less granular data, manual processes, and ultimately, less stringent evaluations.
Challenges in Cross-Border Information Sharing: While MiCA aims to facilitate information exchange, resource constraints can hinder NCAs’ ability to effectively process and utilise information received from other jurisdictions or from ESMA. This creates information asymmetries that can be exploited by firms seeking to obfuscate their true risk profile or supervisory history.

Collectively, these factors contribute to a fragmented regulatory landscape where the theoretical uniformity of MiCA is undermined by practical disparities in its application, creating significant challenges for the EU’s overarching objectives for its digital finance market.

Many thanks to our sponsor Panxora who helped us prepare this research report.

4. Systemic Implications of Regulatory Inconsistency

The inconsistencies in MiCA’s application, driven by divergent interpretations, competitive pressures, and resource constraints, carry profound systemic implications that extend beyond mere administrative differences. These implications threaten the very foundation of the EU’s single market, undermine investor confidence, distort competition, and introduce systemic risks that could jeopardise financial stability.

4.1 Regulatory Arbitrage

Regulatory arbitrage is a primary and immediate consequence of inconsistent regulatory application. It describes the practice whereby financial institutions or businesses exploit differences in regulatory frameworks across jurisdictions to minimise their compliance costs, circumvent stringent rules, or maximise their operational flexibility. Within the context of MiCA, this translates to CASPs strategically ‘forum shopping’ for the member state perceived to offer the most lenient, fastest, or least resource-intensive path to authorisation.

Exploiting Loopholes and Divergent Standards: A firm seeking authorisation might opt for a jurisdiction where, for instance, the ‘fit and proper’ assessment of management is less stringent, the capital requirements are interpreted at the lower end of the allowed range, or the supervisory authority is known for a ‘light-touch’ approach to ongoing compliance. This allows them to operate with a potentially weaker governance structure, less robust risk management, or fewer financial buffers than their counterparts in more rigorously regulated jurisdictions.
Undermining the Level Playing Field: The ability to engage in regulatory arbitrage directly undermines the creation of a level playing field across the EU. Firms authorised in a less stringent jurisdiction gain a competitive advantage, as they incur lower compliance costs and face less operational burden. This distorts market competition, unfairly disadvantaging firms that commit to higher compliance standards in more demanding jurisdictions. It creates a perverse incentive for other jurisdictions to lower their own standards to remain competitive, leading to the feared ‘race to the bottom’ in regulatory quality rather than a ‘race to the top’.
Increased Risk Exposure: When firms are able to bypass robust regulatory checks through arbitrage, it elevates the overall risk profile of the EU crypto market. Entities that might not meet the standards of a stringent regulator could gain market access, potentially introducing higher operational, cybersecurity, prudential, and AML/CTF risks into the system. This can lead to a concentration of risk in jurisdictions with weaker oversight, making them potential points of failure that could propagate instability across the broader EU market.

4.2 Erosion of Investor Confidence

Investor confidence is paramount for the healthy functioning and growth of any financial market. Inconsistent regulatory application directly erodes this confidence, making the EU crypto market appear unpredictable, unreliable, and potentially unsafe. This impact is felt by both retail and institutional investors.

Perception of Uneven Protection: When investors perceive that the level of protection they receive varies significantly depending on where a CASP is licensed, it creates distrust. A retail investor who suffers losses due to the failure of a CASP licensed in a ‘light-touch’ jurisdiction might question the reliability of the entire EU regulatory framework. This lack of uniform assurance deters investment, particularly from larger institutional players who demand high levels of legal certainty and robust regulatory oversight before committing capital.
Increased Uncertainty and Risk Perception: Inconsistent enforcement means that the legal and operational landscape for crypto-assets is not uniform. This uncertainty increases the perceived risk of engaging with the market, as investors cannot be sure about the regulatory safeguards in place for their chosen CASP or asset. This uncertainty can lead to reduced liquidity, slower market development, and a general reluctance to participate in the EU crypto ecosystem.
Reputational Damage to the EU: The EU has positioned MiCA as a global standard-setter for crypto regulation. However, if its implementation is marred by inconsistencies and a lack of unified enforcement, it risks damaging the EU’s reputation as a leader in digital finance regulation. This could undermine its ability to export high standards globally (the ‘Brussels effect’) and weaken its competitive standing against other major financial centres.

4.3 Unfair Competition

Beyond regulatory arbitrage, inconsistencies breed unfair competition, distorting the market and disadvantaging compliant firms.

Disadvantage for Compliant Firms: CASPs that are licensed and supervised in jurisdictions with more stringent interpretation and enforcement of MiCA face higher compliance costs, greater operational burdens, and potentially longer authorisation times. These increased costs and delays can translate into higher prices for their services, reduced profit margins, or slower market entry, putting them at a significant competitive disadvantage compared to firms operating under lighter regulatory scrutiny. This creates a moral hazard, penalising those who adhere strictly to the spirit of the regulation.
Market Distortions: The competitive imbalance can lead to a misallocation of resources, as firms are incentivised to locate where regulatory costs are lowest, rather than where they can most efficiently and safely provide services. This can fragment the market, hinder the development of pan-EU service providers, and ultimately limit consumer choice to firms operating under potentially less secure conditions. It undermines the very objective of MiCA to foster a single, competitive, and innovative market for crypto-assets.
Reduced Incentive for Innovation in Best Practices: If regulatory compliance is viewed as a competitive burden rather than a necessary foundation for trust and stability, firms may be less incentivised to innovate in areas like robust security protocols, advanced risk management systems, or enhanced investor protection mechanisms. Instead, the focus might shift to finding ways to minimise regulatory overhead, potentially stifling genuine, responsible innovation.

These systemic implications highlight the critical need for robust mechanisms to ensure supervisory convergence and consistent application of MiCA, safeguarding the integrity and stability of the EU’s evolving crypto-asset market.

Many thanks to our sponsor Panxora who helped us prepare this research report.

5. Impact on Market Stability and Integrity

The ripple effects of regulatory inconsistency extend directly to the fundamental principles of market stability and integrity, which are cornerstones of any well-functioning financial system. When a unified regulatory framework like MiCA is applied unevenly, it creates vulnerabilities that can lead to systemic risk, fragment the single market, and expose consumers to heightened dangers.

5.1 Fragmentation of the Single Market

One of the core tenets of the European Union is the establishment and maintenance of a single market, ensuring the free movement of goods, services, capital, and people across member states. MiCA, with its passporting mechanism, is specifically designed to extend this principle to the burgeoning crypto-asset sector, fostering a truly pan-European digital finance market. However, regulatory inconsistencies actively undermine this objective.

Hindrance to Passporting and Cross-Border Operations: While MiCA theoretically allows a CASP authorised in one member state to operate across the entire EU, practical disparities in regulatory scrutiny can hinder this. If other NCAs perceive that a firm authorised in a ‘lax’ jurisdiction poses higher risks, they might indirectly discourage its operations through more intensive oversight, increased reporting demands, or a general reluctance to accept the passporting notification without additional scrutiny. This creates administrative friction and disincentives for legitimate cross-border expansion, negating the passporting benefit. The ideal of a seamless ‘EU crypto license’ becomes an illusion if its recognition is conditional on the perceived stringency of the authorising NCA.
Reduced Efficiency and Liquidity: A fragmented market is inherently less efficient. If firms cannot easily serve clients across borders due to perceived or actual regulatory hurdles, the market remains siloed. This reduces liquidity, as capital and services cannot flow freely to where they are most efficiently deployed. It limits the economies of scale that pan-EU CASPs could achieve, potentially leading to higher costs for consumers and less competitive offerings. For example, a crypto exchange might face higher operational costs if it needs to tailor its compliance framework slightly differently for each national regulator, even under a harmonised MiCA.
Undermining the Capital Markets Union (CMU): The EU’s ambitious Capital Markets Union project aims to strengthen Europe’s capital markets, foster investment, and enable businesses to raise capital more easily across the Union. A fragmented crypto-asset market directly counteracts the CMU’s goals by creating barriers to cross-border investment and the free flow of capital in innovative digital assets. It prevents the efficient allocation of capital towards promising DLT projects and limits the ability of European investors to diversify their portfolios across a wide range of compliant crypto-assets and services.

5.2 Increased Systemic Risk

Lax or inconsistent regulatory standards significantly elevate systemic risks, which are risks that threaten the stability of the entire financial system or a substantial part of it. When regulatory gaps are exploited, it creates vulnerabilities that can lead to market disruptions, financial instability, and widespread consumer detriment.

Heightened AML/CTF Risks: A primary concern is the potential for poorly regulated CASPs to become conduits for illicit financial flows. If NCAs fail to conduct thorough due diligence on applicant firms’ AML/CTF frameworks, or if ongoing supervision is weak, these firms can be exploited for money laundering, terrorist financing, and sanctions evasion. The interconnected nature of crypto transactions means that illicit funds can quickly move across borders, posing a threat to the integrity of the global financial system and directly implicating the EU’s commitment to combating financial crime.
Increased Operational and Cybersecurity Risks: Inadequate risk assessments and lenient oversight can allow CASPs with weak operational resilience, insufficient cybersecurity protocols, or fragile IT infrastructure to gain authorisation. Such vulnerabilities can lead to major service disruptions, data breaches, or even the loss of client crypto-assets due to hacks or system failures. In a highly interconnected digital market, a significant operational failure at one large, yet poorly supervised, CASP could trigger wider market panic, liquidity crises, and contagion across the ecosystem.
Prudential Risks and Consumer Detriment: MiCA sets out prudential requirements, including minimum capital and organisational safeguards, to ensure CASPs can absorb losses and protect client assets. If these requirements are not rigorously enforced, firms may operate with insufficient financial buffers, increasing the risk of insolvency. In the event of a CASP’s failure, inadequate client asset segregation or protection mechanisms could lead to significant investor losses, particularly for retail consumers who may lack the sophistication to assess the underlying risks. This directly undermines investor protection goals and erodes public trust.
Market Integrity Risks: Inconsistent supervision also facilitates market abuse. Lax oversight of trading platforms, for instance, could allow for practices like wash trading, front-running, or insider trading to proliferate without adequate detection or enforcement. Such activities distort prices, create an unfair trading environment, and deter legitimate market participation, thereby compromising the integrity of the entire crypto-asset market.
Contagion Effect: The interconnectedness of financial markets means that a failure or significant issue in one part of the system can propagate to others. If a large CASP licensed in a lenient jurisdiction collapses due to poor risk management, it could trigger a domino effect, impacting other CASPs, investment funds, or even traditional financial institutions with exposure to crypto-assets. This creates systemic risk that could spill over from the crypto sector into the broader financial system.

The compounding effect of these risks underscores the urgency of addressing regulatory inconsistencies. Without a truly uniform and robust application of MiCA, the EU risks not only failing to achieve its goals of fostering innovation and investor protection but also inadvertently introducing new avenues for financial instability and illicit activity within its borders.

Many thanks to our sponsor Panxora who helped us prepare this research report.

6. Mechanisms to Enforce Uniformity

Ensuring the consistent and uniform application of MiCA across all EU member states is paramount for its success, mitigating regulatory arbitrage, fostering investor confidence, and maintaining market integrity. This requires a multi-pronged approach that strengthens EU-level oversight, harmonises national supervisory practices, and enhances cooperation among competent authorities.

6.1 Strengthening ESMA’s Role

ESMA, as the EU’s securities markets regulator, is central to achieving supervisory convergence under MiCA. Its mandate to develop technical standards, issue guidance, and conduct peer reviews positions it as the key orchestrator of consistent implementation. However, its powers and resources need to be optimally leveraged and potentially augmented.

Developing Comprehensive and Granular Technical Standards: ESMA’s primary tool for harmonisation is the development of Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS). These standards translate the broad principles of MiCA into highly detailed, prescriptive rules and procedures. ESMA must prioritise the timely development of RTS and ITS covering all critical areas, such as detailed requirements for CASP governance, prudential safeguards, operational resilience, conflicts of interest management, disclosure obligations for whitepapers, and specific criteria for ‘fit and proper’ assessments of management. The more granular these standards, the less room for divergent national interpretations. ESMA’s efforts to provide guidance, as seen in its 2025 guidelines on MiCA best practices and market abuse prevention, are crucial steps ([ESMA, 2025b], [ESMA, 2025c]).
Enhancing Peer Review Effectiveness: ESMA’s peer review mechanism, as demonstrated by the Malta case, is an effective tool for identifying inconsistencies. To enhance its impact, peer reviews should be:
- More frequent and systematic: Covering all NCAs regularly and across a wider range of MiCA provisions.
- More in-depth: Going beyond formal compliance to assess the practical effectiveness of national supervisory processes and outcomes.
- Followed by strong corrective actions: ESMA should have mechanisms to ensure that NCAs effectively address identified shortcomings within a clear timeframe. Public reporting of peer review findings, including the progress made on recommendations, can increase accountability and exert pressure for convergence.
Strengthening ESMA’s Supervisory Convergence Powers: While ESMA currently has a coordination and oversight role, arguments exist for granting it more direct intervention powers in specific, critical cases. This could include:
- Binding opinions: ESMA could issue binding opinions to NCAs on the interpretation or application of MiCA in specific cases, ensuring consistency where significant divergence is identified.
- Mediation and Dispute Resolution: ESMA could mediate disputes between NCAs regarding cross-border supervision or passporting issues, ensuring a smooth flow of services across the single market.
- Limited Direct Supervisory Powers: For certain highly systemic CASPs or those operating extensively across borders, consideration could be given to granting ESMA direct supervisory authority, similar to the ECB’s role for significant banks under the Single Supervisory Mechanism (SSM). This would ensure a consistent, high standard of supervision for entities with the greatest potential systemic impact.
Increased Resource Allocation for ESMA: To effectively perform its expanded role, ESMA itself requires sufficient financial and human resources, including highly specialised experts in DLT, cybersecurity, and financial crime. Adequately resourcing ESMA is critical for it to meet its mandate.

6.2 Harmonizing Supervisory Practices

Beyond common rules, consistent outcomes require harmonised supervisory practices among NCAs. This goes to the heart of how rules are applied on the ground.

Joint Training Programs and Knowledge Sharing: ESMA, in collaboration with NCAs, should develop and implement comprehensive, regular training programs for national supervisory staff. These programs should cover the technical intricacies of crypto-assets, the specific requirements of MiCA, best practices in risk assessment (AML/CTF, operational, prudential), and effective enforcement techniques. Facilitating regular knowledge exchange forums and workshops among NCAs can also help disseminate best practices and foster a common understanding of supervisory challenges.
Common Methodologies for Risk Assessment and Stress Testing: Developing standardised methodologies for assessing the risks posed by CASPs – from their business models to their technological infrastructure and governance – is crucial. This includes common frameworks for conducting prudential assessments, operational resilience stress tests, and assessing the effectiveness of internal controls. Standardised approaches ensure that similar risks are identified and treated consistently across jurisdictions.
Standardised Reporting Templates and Data Standards: Establishing common reporting templates and data standards for CASPs would greatly facilitate consistent data collection and analysis by NCAs and ESMA. This would enable more effective comparative analysis of risk profiles, compliance levels, and market developments across the EU, making it easier to spot outliers or emerging trends indicative of inconsistencies.
Development of a Common Risk Taxonomy: A shared understanding and categorisation of crypto-asset-related risks (e.g., market risk, liquidity risk, cyber risk, smart contract risk, reputational risk) would ensure that NCAs are identifying and prioritising the same types of vulnerabilities, leading to more consistent supervisory responses.

6.3 Enhancing Cooperation Among NCAs

Effective cooperation and collaboration among national competent authorities are vital to combat regulatory arbitrage and ensure a cohesive approach to supervision, particularly given the cross-border nature of crypto-asset activities.

Formalised Information Sharing Agreements and Channels: Establishing robust and formalised protocols for the rapid and secure exchange of supervisory information, enforcement actions, and intelligence concerning CASPs is essential. This includes clear guidelines on what information should be shared, when, and in what format. ESMA should act as a central hub for this information exchange, aggregating data and identifying trends.
Supervisory Colleges and Joint Task Forces: For large, systemically important, or cross-border CASPs, the establishment of ‘supervisory colleges’ – regular meetings involving all relevant NCAs and ESMA – would facilitate coordinated oversight. These forums allow supervisors to discuss emerging risks, share insights from their respective jurisdictions, and coordinate supervisory actions. For specific complex cases or investigations, joint task forces involving multiple NCAs and law enforcement agencies could be formed to ensure a comprehensive and harmonised response.
Coordinated Enforcement Actions: To counter regulatory arbitrage and ensure that firms cannot simply move their operations to avoid enforcement, NCAs should coordinate their enforcement actions. This might involve simultaneous investigations, joint warnings, or coordinated penalties, sending a strong signal that non-compliance will not be tolerated anywhere within the EU.
Mutual Assistance Frameworks: Reinforcing existing legal frameworks for mutual assistance in investigations and enforcement across member states is critical. This ensures that NCAs can obtain the necessary information and support from their counterparts to pursue cross-border breaches effectively.

6.4 Leveraging Technology for Oversight

The digital nature of crypto-assets presents opportunities for technologically enhanced oversight. Developing EU-level data analytics capabilities, potentially within ESMA, could help identify patterns of regulatory arbitrage or emerging risks by analysing aggregated data from all NCAs. This could include transaction monitoring tools adapted for DLTs and AI-driven systems to flag suspicious activities or inconsistencies in firm behaviour across jurisdictions.

6.5 Reinforcing Sanctions and Penalties

Ensuring that penalties for non-compliance are sufficiently deterrent and consistently applied across all member states is crucial. Disparities in sanctioning regimes can weaken the overall enforcement framework. The EU should review whether national sanctioning powers under MiCA are sufficiently harmonised in terms of severity and scope to prevent a ‘soft’ approach in some jurisdictions.

By systematically implementing these mechanisms, the EU can move closer to achieving a truly unified and robust regulatory environment for crypto-assets, one that effectively balances innovation with robust investor protection and market integrity, thereby safeguarding the stability of its financial system and fostering a competitive single market.

Many thanks to our sponsor Panxora who helped us prepare this research report.

7. Conclusion

The European Union’s Markets in Crypto-Assets Regulation (MiCA) stands as a groundbreaking and ambitious legislative endeavour, positioning the EU at the forefront of global efforts to regulate the rapidly evolving digital finance sector. Its overarching objectives – to foster innovation, enhance legal certainty, ensure robust investor protection, maintain market integrity, and combat financial crime – are indispensable for the sustainable growth and integration of crypto-assets within the broader financial ecosystem. The introduction of MiCA’s passporting mechanism, in particular, signals a clear intent to transcend national silos and forge a unified, competitive single market for crypto-asset services across the Union.

However, as this detailed analysis has underscored, the journey from legislative intent to consistent practical application is fraught with inherent challenges. The critical assessment by the European Securities and Markets Authority (ESMA) regarding Malta’s crypto licensing processes has served as a timely and potent reminder that significant regulatory inconsistencies can and do emerge, even under a directly applicable EU regulation. These divergences are rooted in a complex interplay of factors, including the inevitable nuances of national interpretations influenced by distinct legal traditions and regulatory cultures, the powerful economic incentives that drive competitive pressures among member states leading to potential ‘races to the bottom’ or ‘forum shopping’ by firms, and the persistent resource constraints faced by various national competent authorities (NCAs) in acquiring the highly specialised expertise and infrastructure necessary for effective oversight.

The systemic implications of these regulatory inconsistencies are profound and far-reaching. They not only undermine the fundamental principle of a level playing field but also foster an environment ripe for regulatory arbitrage, where firms can strategically exploit differences to circumvent stringent oversight. This erosion of legal certainty and fairness directly impacts investor confidence, potentially deterring legitimate capital flows and damaging the EU’s global reputation as a safe and predictable market. Furthermore, such disparities inevitably lead to the fragmentation of the single market, hindering the seamless cross-border flow of services and capital that MiCA aims to enable. Crucially, they introduce heightened systemic risks, including increased vulnerabilities to money laundering, operational failures, and market manipulation, posing a tangible threat to the financial stability and integrity of the entire European economic bloc.

Addressing these critical challenges demands a concerted, multi-faceted, and ongoing commitment from all stakeholders. It necessitates a significant strengthening of ESMA’s role, transforming it into an even more proactive and authoritative coordinating body capable of driving supervisory convergence through comprehensive technical standards, rigorous peer reviews with clear follow-up mechanisms, and potentially, enhanced direct intervention powers for systemic entities. Concurrently, a concerted effort must be made to harmonise supervisory practices across NCAs through joint training initiatives, common risk assessment methodologies, and standardised data collection. Crucially, fostering seamless, robust cooperation and information sharing among NCAs is paramount to ensure a united front against cross-border risks and to facilitate coordinated enforcement actions.

In conclusion, MiCA represents a landmark achievement, a testament to the EU’s forward-thinking approach to digital finance. However, its true success hinges not merely on its legislative enactment but on its uniform and rigorous implementation across all member states. By diligently addressing the causes of regulatory inconsistency and proactively implementing the mechanisms for convergence outlined in this paper, the EU can solidify its position as a global leader in responsible digital innovation, creating a resilient, trustworthy, and integrated crypto-asset market that safeguards participants while propelling the financial sector into the digital future.

Many thanks to our sponsor Panxora who helped us prepare this research report.