ESMA: European Securities and Markets Authority — Crypto and Tokenization Oversight

Overview

The European Securities and Markets Authority (ESMA) is the EU’s independent financial markets regulator and supervisor, established under Regulation (EU) No 1095/2010 and headquartered in Paris with a staff of more than 250. ESMA’s mandate spans three functions: developing regulatory standards (binding technical standards under EU financial legislation), coordinating supervisory convergence among the 27 EU national competent authorities (NCAs), and direct supervision of specific entities (EU credit rating agencies, trade repositories, and certain third-country firms).

In the digital asset and tokenization domain, ESMA’s authority has expanded substantially through two regulatory instruments: the Markets in Crypto-Assets Regulation (MiCA), which came into full effect in December 2024, and the DLT Pilot Regime (Regulation (EU) 2022/858), which creates an experimental framework for DLT-based trading and settlement infrastructure. Under MiCA, ESMA administers the EU-wide CASP (Crypto-Asset Service Provider) public register, develops binding regulatory and implementing technical standards governing CASP operations, and coordinates enforcement across member states.

Mandate and Legal Foundation

ESMA’s legal foundation is the ESMA Regulation (Regulation (EU) No 1095/2010, as amended), which defines its tasks, powers, and governance structure. ESMA’s powers include: issuing binding Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) where empowered by Level 1 EU legislation, issuing non-binding guidelines and opinions, publishing warnings, temporarily prohibiting or restricting certain financial activities in the EU, and initiating binding mediation between national authorities in cross-border cases.

Under MiCA, ESMA received specific empowerments to develop RTS and ITS governing: CASP authorization content and procedures, whitepapers for asset-referenced tokens and e-money tokens, conflicts of interest policies, reverse solicitation documentation requirements, CASP prudential safeguards, and crypto-asset market abuse monitoring obligations. ESMA must submit draft technical standards within mandated timeframes, with the European Commission retaining power to endorse, amend, or reject them.

MiCA: Coordination Role Across 27 NCAs

MiCA’s authorization framework is member-state-based: a CASP seeking authorization applies to the NCA of its home member state (typically the member state where it has its registered office), and the NCA grants or refuses authorization within the 40-working-day procedure set out in MiCA. However, ESMA plays several coordination functions that make it the effective hub of the EU-wide CASP authorization system.

ESMA maintains the public register of all authorized CASPs across the EU — the single point of public record for CASP authorization status. Any CASP authorized in any EU member state appears on the ESMA register, and any refusal, suspension, or withdrawal of authorization must be notified to ESMA for publication. The register is publicly searchable and constitutes the authoritative reference for counterparty due diligence on CASP status.

ESMA also coordinates through the Crypto-Assets Task Force — an internal ESMA working group that develops consistent interpretive positions on MiCA application across NCAs — and through the ESMA Joint Committee, which coordinates cross-sectoral issues with the European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA).

CASP Authorization Requirements and ESMA Technical Standards

Under MiCA, CASPs must obtain authorization from their home NCA before providing any of eight regulated crypto-asset services, including: custody and administration of crypto-assets, operation of a crypto-asset trading platform, exchange of crypto-assets for fiat currency, exchange of crypto-assets for other crypto-assets, execution of orders for crypto-assets, placing of crypto-assets, reception and transmission of orders, and portfolio management.

ESMA has published draft RTS addressing: minimum content of CASP authorization applications, methodology for assessing shareholder suitability, prudential safeguards (capital requirements ranging from EUR 50,000 to EUR 150,000 depending on service category), custody asset segregation requirements, conflicts of interest policies, and complaints handling procedures.

The authorization capital requirements are notably lower than those applicable to investment firms under MiFID II, reflecting MiCA’s calibration to the current maturity of the crypto-asset market rather than the full systemic significance framework applicable to traditional financial markets.

DLT Pilot Regime Oversight

The DLT Pilot Regime (Regulation (EU) 2022/858) creates a three-year experimental framework for DLT Market Infrastructures (DLT MTFs, DLT Settlement Systems, and DLT Trading and Settlement Systems) that operate with exemptions from specific requirements of MiFIR, MiFID II, and CSDR that would otherwise apply.

ESMA’s role in the DLT Pilot Regime includes: receiving notifications from NCAs of granted DLT market infrastructure permissions, maintaining a register of approved DLT market infrastructures, monitoring the operation of the pilot regime, and reporting to the European Commission on the regime’s functioning. At the conclusion of the pilot period, ESMA’s report will inform the Commission’s decision on whether to extend, modify, or propose permanent legislation for DLT market infrastructure.

ESMA has published guidelines on DLT Pilot Regime applications covering: the definition of DLT for pilot purposes, the admissibility of specific distributed ledger technologies, the treatment of crypto-assets that are also financial instruments under MiFID II (the primary target of the Pilot Regime — tokenized securities, not crypto-assets regulated under MiCA), and the interaction between DLT Pilot Regime permissions and existing MiFID II and CSDR authorizations.

MiCA Fees and Implementation Timeline

MiCA’s full application timeline involves: asset-referenced token (ART) and e-money token (EMT) provisions from June 2024; all MiCA provisions including CASP requirements from December 2024; and an 18-month transitional period (to June 2026 at the latest) allowing entities operating under pre-MiCA national crypto frameworks to continue operating while seeking MiCA authorization.

ESMA’s supervisory fees for direct supervision functions (trade repositories, credit rating agencies) are established annually through ESMA’s budget procedure. For CASP-related functions — which are supervised by NCAs, not directly by ESMA — fees are set by each NCA under national fee schedules. ESMA’s costs for developing MiCA technical standards are funded through the EU budget rather than industry fees.

Enforcement Powers

ESMA’s direct enforcement powers are limited to entities it directly supervises — currently, EU credit rating agencies, trade repositories, and certain third-country firms. For CASPs, enforcement is the responsibility of the home NCA, with ESMA’s role limited to coordination, binding mediation in cross-border cases, and — in exceptional circumstances — emergency measures under Article 17 of the ESMA Regulation where a NCA has failed to act.

The cross-border enforcement coordination function is particularly relevant for CASPs operating in multiple EU member states under MiCA’s passporting mechanism: a CASP authorized in one member state can provide services across the EU without separate authorization in each member state, but enforcement actions in the home state affect the entire EU footprint.

Further Resources

• ESMA official website
• MiCA Regulation Overview
• Tokenization Licensing Overview
• Jurisdiction Profiles — EU