Europe’s landmark crypto regulation risked being undermined just months after taking effect, three national watchdogs warned on 15 September 2025, as they raised concerns over gaps that could expose investors and fuel regulatory arbitrage. France’s AMF, Austria’s FMA and Italy’s Consob said fragmented supervision and loopholes in the Markets in Crypto-Assets Regulation (MiCA) threatened both investor protection and the global competitiveness of European market participants.

Fragmented supervision after MiCA rollout

The MiCA framework, in force since 30 December 2024, imposed a harmonised licensing regime on firms offering crypto-related services in the EU. But the AMF, FMA and Consob said the first months of its application revealed “major differences” in supervision between member states, despite coordination efforts by the European Securities and Markets Authority (ESMA).

According to the three regulators, these divergences left investors exposed and created the risk of regulatory arbitrage, as service providers sought jurisdictions with more lenient approaches. They warned that some intermediaries routed client orders to platforms outside the EU that were not covered by MiCA, depriving investors of safeguards such as limits on matched principal trading or resilience standards against cyberattacks.

The authorities also cited international standards, pointing to recommendations by the Financial Stability Board (FSB) in July 2023 and the International Organization of Securities Commissions (IOSCO) in November 2023, as benchmarks for strengthening EU rules.

Proposals for reform

The AMF, FMA and Consob outlined four areas for improvement.

They first called for direct supervision by ESMA of significant crypto-asset service providers. The three regulators noted that 90% of global crypto trading was concentrated on the ten largest platforms, many of which were seeking to expand in Europe through MiCA’s passporting system. Centralised oversight, they argued, would prevent jurisdiction shopping, reduce regulatory costs and mirror the model already used for significant issuers of asset-referenced and electronic money tokens supervised by the European Banking Authority (EBA).

Second, they proposed stricter rules for third-country platforms. The regulators observed that some global exchanges accessed EU clients through authorised European intermediaries, leaving core trading functions outside EU supervision. They suggested that intermediaries should be obliged to execute client orders only on platforms subject to MiCA or to “equivalent” regulation, with equivalence assessments carried out by the European Commission, backed by ESMA.

Third, the regulators urged mandatory cybersecurity audits for crypto-asset service providers (CASPs). They said applicants should undergo independent audits before authorisation and at regular intervals afterwards, covering asset protection, resilience to cyberattacks and incident response. This would align MiCA with the Digital Operational Resilience Act (DORA) and strengthen confidence in the sector.

Finally, they called for a single EU access point for token offerings, excluding stablecoins. Instead of the current fragmented system where national authorities process white papers and filings, they proposed centralisation under ESMA to simplify procedures, ensure uniform scrutiny and cut costs for issuers.

Investor protection and competitiveness

The regulators stressed that without these adjustments, MiCA’s effectiveness would remain limited. They warned that the hybridisation of crypto and traditional financial assets required consistent investor safeguards across markets, including robust information requirements and tests of client understanding of complex products.

The AMF, FMA and Consob concluded that reinforcing supervision would not only protect investors but also secure the competitiveness of European players in a rapidly evolving global market.