European Regulators Call for Tougher MiCA Rules to Strengthen Supervision & Cyber Resilience

Key Takeaways

• Regulators’ Concerns: France’s AMF, Austria’s FMA, and Italy’s Consob warn that MiCA’s early rollout has exposed uneven supervision, cyber gaps, and risks from global platforms.
• ESMA Oversight: The regulators propose direct supervision of the largest crypto-asset service providers by ESMA to ensure consistency and reduce regulatory arbitrage.
• Global Platforms: They call for stricter obligations on intermediaries to route orders only through EU-compliant or equivalent platforms, limiting loopholes for offshore exchanges.
• Cybersecurity Audits: Mandatory independent cyber audits before authorization and at regular intervals are proposed to bolster resilience and investor confidence.
• Token Offerings: A centralized ESMA-managed one-stop shop for token filings would simplify processes, avoid duplication, and promote uniform application across Europe.

Deep Dive

When the EU’s landmark Markets in Crypto-Assets Regulation (MiCA) took effect at the end of 2024, it was meant to bring order and credibility to a sector long defined by volatility and uneven rules. Less than a year later, three of Europe’s top financial watchdogs are warning that the job is far from finished.

The French AMF, Austria’s FMA, and Italy’s Consob have teamed up to push for changes they say are essential to protect investors and strengthen Europe’s competitiveness in the global crypto market. Their message is that MiCA has provided the scaffolding, but without stronger supervision, tighter cyber safeguards, and clearer rules for international platforms, the framework risks leaving dangerous gaps.

In the first months of MiCA’s rollout, regulators have seen how differently the rules are being applied across member states. That unevenness has opened the door for firms to pick the friendliest jurisdictions, undermining the consistency that was supposed to be MiCA’s hallmark. At the same time, the regulation does not go far enough in addressing cyber risks or the influence of global platforms that dominate trading activity.

Four proposals to close the gaps

The regulators are putting forward a package of reforms aimed at tightening Europe’s grip on the sector. Among them:

• A shift to direct oversight of the largest crypto-asset service providers by the European Securities and Markets Authority, to prevent fragmentation and reduce costs for both regulators and firms.
• Stronger obligations for platforms outside the EU that target European investors, ensuring intermediaries can only route orders through venues that meet MiCA standards or equivalent rules.
• Mandatory independent cybersecurity audits before firms are authorized, with regular renewals to keep pace with evolving threats.
• A centralized “one-stop shop” for token offerings, managed by ESMA, to streamline filings and ensure a consistent approach across the bloc.

These changes would mean preparing for closer EU-level scrutiny and tougher requirements around cyber resilience and outsourcing. The proposals also reflect a broader reality of crypto markets that are no longer experimental side projects. They are deeply entwined with Europe’s financial system, and regulators want safeguards that match the standards applied to traditional investment products.

Europe may have been the first mover with MiCA, but these calls from Paris, Vienna, and Rome suggest the framework is still evolving. For investors and firms alike, the real challenge now is making sure the rules are not just ambitious on paper but effective in practice.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.