In early December 2025, the European Commission proposed giving ESMA direct supervisory powers over crypto-asset service providers as part of a wider reform of EU capital markets supervision. The announcement reignited a core question: should oversight of crypto firms remain with national authorities, or be centralised at EU level?
When the EU’s landmark Markets in Crypto-Assets regulation entered into force, it marked the shift from a mosaic of national rules to the world’s first comprehensive and internationally scalable regulatory framework for digital assets. For the first time anywhere, MiCA created a regime under which a crypto-asset service provider or a stablecoin issuer can operate, or issue, across 27 jurisdictions through an EU passport. Its unified rulebook and passporting system were designed not only to integrate the EU market, but to give the EU the first globally relevant framework enabling crypto-asset issuance across all member states.
But as the first year of implementation gives way to a second, a debate is emerging that strikes at the heart of European financial governance: should oversight of crypto firms remain with national regulators, or be moved to the EU level under the European Securities and Markets Authority?
Certain policymakers have begun calling for central supervision, arguing that only a pan-European authority can ensure consistency across a rapidly developing sector. Others, including regulators and firms steeped in the realities of MiCA’s early application, argue the opposite. The EU, they warn, risks overcorrecting before it has allowed its new framework to settle. The question is not whether Europe needs robust supervision, but whether shifting it to a central authority now would undermine the very stability MiCA is meant to provide.
The implementation of MiCA’s first year, and the reactions of regulators, exchanges, banks and custodians, suggest that Europe’s crypto market is entering a critical operational phase, one in which the pace of political ambition is looking to outstrip regulatory reality.
MiCA’s stability hangs in the balance
MiCA’s most immediate achievement was resolving the intense fragmentation that characterised the EU’s earlier approach to crypto supervision. Before MiCA, crypto firms were overseen through national registration regimes that varied widely in scope, speed, and standards. That patchwork produced confusion for firms and uneven consumer protection across the bloc.
The goal of MiCA was to replace this uneven landscape with a single rulebook and a harmonised authorisation regime. With MiCA now in force, day-to-day supervision sits where it does in every other major European financial regime, with national competent authorities such as the CSSF in Luxembourg and BaFin in Germany, applying a common framework to their domestic markets.
The first months of implementation showed exactly why that structure still matters. As Natasha Deloge, Head of Innovation at the CSSF, recalls, MiCA arrived with “a whole set of new concepts that until then were not in any way defined by a regulation, requiring a huge need of interpretation and extensive coordination with peer regulators.”
“a whole set of new concepts that until then were not in any way defined by a regulation, requiring a huge need of interpretation and extensive coordination with peer regulators.”
The technical standards accompanying MiCA, she adds, multiplied the complexity. Implementation was less a matter of simply applying rules than building a common supervisory vocabulary across 27 jurisdictions.
That coordination is not trivial. “Supervisory convergence”, a phrase used repeatedly by Deloge, is now one of the core demands of MiCA’s first years. Without it, the promise of a single EU market risks being undermined by differing interpretations and application standards across member states.
Yet the very complexity of early-stage implementation is also exactly why some argue against the shift to central oversight. Before even considering rewriting the supervisory architecture, Europe must first allow its new regulatory system to function. As Deloge puts it, the regime remains in its earliest phase: Europe needs time to “observe the phenomenon”, see “how it matures”, and understand where MiCA truly requires adjustment. “Every time you regulate you also interfere with a developing market and a developing system,” she emphasises.
Across the industry, this view is mirrored by the firms living the new regime.
Zodia Custody, which received their MiCA license in Luxembourg in December, notes that MiCA has finally provided clarity to firms that previously hesitated to enter the sector. According to Ami Nagata, Managing Director of Luxembourg at Zodia Custody (Europe), before MiCA, many institutions “had no idea where they stood on the regulatory side”. Clarity has now enabled risk departments to “give their view and add them into the risk framework”, unlocking conversations that would have been unthinkable just a few years ago.
Coinbase similarly describes the regime as transformational. Europe was previously “extremely fragmented”, but MiCA has delivered “one unified framework with maximum clarity” according to Jean-Baptiste Graftieaux, CEO of Coinbase Europe, enabling the exchange to secure its MiCA licence in Luxembourg and position itself for pan-European expansion.
Laurent Marochini, CEO Luxembourg, Standard Chartered, goes further, describing MiCA as “a guarantee of trust and confidence” for clients and “a no-brainer” as “all players in the value chain need this regulatory clarity to move forward with their projects.” This consensus, across regulators, exchanges, custodians and banks, gives MiCA its legitimacy.
But the same consensus carries a warning: the regime is incredibly young. The foundation has been laid, but Europe is still in the construction phase. A supervisory overhaul now risks destabilising what has only just begun to settle.
“all players in the value chain need this regulatory clarity to move forward with their projects.”
Transitional issues, not structural failures
The first year of MiCA exposed an unavoidable reality familiar from every major financial-services reform: implementation never happens in a single stroke. Grandfathering periods differ between member states, and licensing speeds vary – but firms and regulators emphasise that these are transitional phenomena, not structural deficiencies. Similar asymmetries accompanied the early phases of MiFID II, AIFMD and PSD2, where national supervisors applied new regimes on different timetables before convergence settled in.
Nagata notes that unaligned grandfathering periods have created “confusion” about how long legacy registrations remain valid. But this is a temporary administrative asymmetry, inevitable in the first year of a regime that replaced 27 separate systems. Crucially, it has not prevented firms from navigating the transition.
Differences in licensing speed have also prompted speculation, sometimes on the basis of gossip rather than evidence, that some regulators may be “more favourable than others”. As Nagata points out, speculation of this kind can arise in any early-phase regulatory rollout, even where standards are consistent. Importantly, she is clear that speed does not indicate lower scrutiny: what matters is that “each national competent authority” applies “the same level of scrutiny”, which is precisely what the EU’s joint supervisory mechanisms are designed to ensure.
What might appear from the outside as fragmentation is, from the inside, supervisory convergence in action. Applications for major firms are already discussed within ESA committees, where select individuals from various regulators, Deloge notes, “exchange on a detailed level” about authorisations, interpretations and supervisory approaches a level of transparency that simply did not exist under the previous patchwork of national regimes.
The scale of transition is also significant. Coinbase cites “200 MiCA applications in process” across the EU – not as evidence of incapacity, but as proof of unprecedented institutionalisation of the sector. “The EU has deliberately opened a new regulated market: a sudden inflow of applicants is confirmation that MiCA is working, not that the supervisory model is failing,” as Graftieaux emphasises. This demonstrates confidence in the new framework, even if it requires regulators to process a heavy first-year workload.
“The EU has deliberately opened a new regulated market: a sudden inflow of applicants is confirmation that MiCA is working, not that the supervisory model is failing,”
For Deloge, the conclusion is clear: year one of MiCA is still the “first phase” of a long regulatory cycle. Transitional inconsistencies are expected; rushing systemic redesign based on first-year data would be premature. Before contemplating changes to the supervisory architecture, Europe must complete the cycle of licensing, inspections, reporting and cross-border passporting – only then will genuine supervisory gaps (if any) become visible.
Calls for central supervision risk moving faster than reality
Advocates of central supervision argue that only an EU-level regulator can ensure genuine consistency across the bloc. They point to differing licensing speeds, interpretive divergences, and lingering national disagreements – exemplified by comments from some regulators suggesting they might refuse passporting from jurisdictions they distrust.
But the early strains cited by centralisation advocates reflect a system still bedding in, not one that has reached the limits of national supervision. Differing speeds and interpretations are characteristic of the first year of any major EU regulatory reform, as seen with MiFID II, PSD2 and AIFMD, when supervisors are translating new concepts, building internal expertise, and coordinating positions with peers. As CSSF’s Natasha Deloge stresses, MiCA’s initial phase has required “a huge need of interpretation and extensive coordination”, with regulators already “exchanging on a very detailed level”. The question, therefore, is whether these early variations are problems to be fixed through convergence or symptoms that justify restructuring the entire system.
The argument for patience is not an argument against ESMA, nor against stronger EU-level coordination. Rather, it is a warning that centralisation could impose costs with little gain.
First, centralising supervision would require ESMA to build deep technical expertise across crypto trading, custody, stablecoins, tokenisation, outsourcing, cybersecurity, risk modelling and market integrity – domains in which national regulators have already invested heavily. Technical depth is not easily transferable. Crypto custody alone involves intricate knowledge of wallets, key management, cold-storage infrastructure and attack vectors; Nagata emphasised that this expertise is so specialised that many traditional players now prefer to partner with established crypto custodians rather than build capabilities internally. Expecting ESMA to replicate this depth at speed is unrealistic.
Second, ESMA would be assuming responsibilities it has never held. Unlike national regulators, ESMA does not directly supervise financial institutions today. Creating new supervisory apparatus, with the staffing, technical capacity, and operational frameworks required, would take several years and have exceedingly high costs. During that period, central oversight risks slowing down licensing when Europe is competing fiercely with other regions for capital, innovation and market infrastructure. Marochini warns explicitly that “If Europe cannot attract crypto players, they will go elsewhere.” MiCA was designed to make the EU competitive. Rebuilding its supervisory structure from scratch risks delivering the opposite.
Third, centralisation may fail to account for national regulatory structures that already integrate crypto oversight with financial-markets, payments or prudential supervision. Nagata notes that in Luxembourg, CASPs, MiFID firms, and payment institutions fall under one supervisor, enabling coherent oversight across activities and avoiding the fragmentation seen elsewhere. A shift to ESMA could break these links, creating supervisory blind spots rather than solving them.
Fourth, the push for central supervision appears rooted partly in political frustration, not evidence of supervisory failure. Public criticism of smaller regulators, including accusations that some jurisdictions may be too permissive, has not been matched with proof that MiCA-licensed companies are systematically under-supervised. Where concerns arise, Nagata argues, the more proportionate response would be a targeted review: NCAs could “review the process of the licensing”, not pre-emptively question passporting.
The case against central supervision is therefore one of sequencing. Europe must complete the implementation of MiCA, and let it embed, before deciding whether to change who enforces it.
Evidence, stability and a view on competitiveness is needed
The question facing EU policymakers is not whether crypto supervision needs to evolve. It will. The question is when and how.
MiCA itself will require refinement. Stablecoin rules will need alignment with PSD3. Open questions around deposit tokens, settlement tokens and tokenised money-market funds, which currently fall across different regulatory regimes, will demand coherent treatment. DeFi will eventually require a framework of its own. But these are adjustments within the existing architecture, not arguments for immediately replacing it.
The measure of success for MiCA will be whether the regime can deliver a fully functioning, competitively neutral single market. For Marochini, one indicator will be the rise of euro-denominated stablecoins. “Today we have 99% of the stablecoin that are denominated in USD. If in 5 years’ time, EUR can be at 10% it will be a huge success.” Another will be the ability to attract institutional capital at scale, mirroring the US market, where bitcoin ETFs raised more than $120bn in just 18 months.
Graftieaux stresses the growing importance of stablecoins as payment infrastructure and the increasing use of tokenised assets. The firm describes stablecoin transaction volumes reaching “27 trillion, exceeding Visa and Mastercard combined” – a signal that digital assets are already central to global value transfer.
Nagata points to the gradual but tangible shift among institutions: “a decade ago, banks treated crypto with suspicion; today, clarity and infrastructure are allowing them to begin integrating it meaningfully, though still cautiously.”
“a decade ago, banks treated crypto with suspicion; today, clarity and infrastructure are allowing them to begin integrating it meaningfully,
Deloge highlights the key condition for Europe to succeed: trust. Passporting “is one of the fundamental features of the EU’s financial sector licences, but also for reinforcing the integrity of the system itself.” The EU’s SIU ambitions depend on a supervisory structure built on mutual reliance. That reliance requires time, convergence, and consistency, not structural upheaval.
If Europe builds on MiCA, uses evidence gathered through full supervisory cycles, and adapts carefully where needed, the regime could become the backbone of a competitive digital-asset economy. But if it rushes to centralise supervision before the system has matured, it risks stalling innovation, weakening flexibility, and undermining the trust it has only just begun to establish.
The EU has made a bold start. Now it must resist the temptation to remake its own framework before it has had the chance to work.