The MiCAR crash: EU crypto regulation is canceled for the time being – inadequate regulations
- The European Securities and Markets Authority ESMA in Paris has surprisingly referred two central technical standard catalogs for implementing the EU MiCA regulations back to the advisory committees. This means that the MiCAR implementation in 2026 has been canceled for the time being.
- It may be delayed for a year or more. The project that was supposed to make the EU the global vanguard of crypto regulation has now become a laughing stock – and the consequences are hitting the German market particularly hard.
BaFin relies on technically formulated standards in order to finally examine MiCAR license applications. Without these requirements, there are no binding rules for the prevention of market abuse and for the interpretation of STOR reports, IT security requirements, governance structures and outsourcing models.
Although the authority can extend transitional regimes, it cannot guarantee complete harmonization. Germany is therefore in a regulatory limbo in which the MiCAR applies, but the detailed implementing regulations are missing.
For banks, the delay means an immediate operational burden. Institutions such as DZ Bank, Deka Bank, Commerzbank and Sparkassen-Finanzgruppe had planned their MiCAR products for 2025 and 2026. These schedules were based on the assumption that the Parisians ESMA delivers the technical standards in a timely manner – actually a given after years of planning.
Apparently not for the EU authorities. Now risk analyzes need to be reassessed, compliance architectures adjusted and outsourcing contracts revised. Product launches are postponed, resources are tied up and costs rise.
German crypto service providers are also coming under pressure. Providers such as BSDEX, Coinbase Germany and Bitvavo DE now have to comply with transitional rules while waiting for the final regulations. This leads to high costs and makes planning new products more difficult. While international competitors work in clear regimes, EU providers have to live in uncertainty.
disaster after years of preparation
The delay is grotesque. MiCAR was prepared for years, celebrated politically and presented as a global role model. MiCAR aimed to create the world’s first comprehensive set of crypto regulations.
The regulation must be issued at the same time as the Market Abuse Regulationanti-money laundering regulation, national IT security laws, existing securities rules, stablecoin rules and the EU data protection law be compatible.
ESMA probably underestimated these requirements. The technical standards are not just detailed rules, but the actual core of practical implementation. Any lack of clarity would have an immediate impact on banks, stock exchanges and custodians, not to mention all the legal proceedings that would have additionally burdened the judiciary, which is already overburdened.
Added to this is the massive criticism from the industry. Banks, custodians, stock exchanges, FinTechs and international associations responded to the consultations. The feedback was unusually clear. Many requirements are technically difficult to implement, the costs are disproportionate, definitions are unclear and reporting requirements are contradictory.
The planned monitoring systems were also criticized as unrealistically complex. ESMA was faced with the choice of implementing an error-prone set of rules or setting up new standards. The authority chose the safer but slower route.
Political dynamics play another role. After the scandals surrounding FTX, Celsius and Terra, expectations are enormous. The EU Commission demands maximum legal certainty, robust market abuse monitoring and clear liability rules. In this climate, no one wants to risk a second Wirecard scandal. The result is an overly cautious regulatory culture that sacrifices timely processing to avoid errors.
To make matters worse, national supervisors have different traditions and risk cultures. BaFin, the Austrian FMA, the French AMF and the Italian CONSOB pursue sometimes opposing approaches to IT security, outsourcing, market abuse definitions and liquidity requirements. The Paris ESMA has to harmonize these differences, which further slows down the process.
Ultimately, the technical reality of the industry is more heterogeneous than the EU parliamentarians had expected. While some providers work with state-of-the-art MPC systems, HSM clusters and institutional custody stacks, others use simple hot wallet infrastructures or cloud wallets. A single standard that everyone could follow is difficult to define without overwhelming large parts of the industry.
EU prestige project failed for the time being
MiCAR should make the EU a global pioneer. Instead, those involved, but especially the crypto industry, are now faced with a chaos of rules that is slowing down banks, burdening crypto asset service providers, unsettling national supervisors and strengthening international competitors.
One wonders where all the experts who were involved got so much incompetence from.
No Comments