Learn about regulation

How does the EU legislative process work?

The European Union (EU) is a supranational entity with its own Internal Market and Laws. Three institutions take part in the EU’s legislative process: the European Parliament (representing EU citizens), the European Council (representing EU member state governments), and the European Commission (representing the EU’s overall interests).

The EU Commission has the right of initiative, meaning it can draft and propose laws. Economic, environmental and social impact assessments and inputs from various NGOs, National Competent Authorities, and Industry Associations usually accompany drafts.

After submitting a draft, the Council and the Parliament discuss the proposal with the Commission (the process known as a “Trialogue”) and further draft and propose amendments. All three legislators have a de facto right to veto any proposal or amendment since unanimous approval is required for the draft to be accepted and implemented in EU Law.

Following the approval and publication of a legal act, there is usually a period (known as Vacatio Legis) before the new act becomes enforceable. This period is for EU Member Countries, Industry participants, and individuals to familiarise themselves with the new rules.

Also, during this time, European supervisory authorities, known as ESAs, usually prepare regulatory technical standards and implementation technical standards to further specify the obligations set by the new legal act. These documents are referred to as Level 2 legislation.

There are several types of EU Legal Acts, including EU treaties, decisions, recommendations, opinions, and delegated and implementing acts. However, the two types most often referred to when talking about EU Law are Directives and Regulations.

Directives are EU Legal acts that set specific standards/regulatory goals. Still, the method of achieving such standards is left to the Member States, who are legally obligated to incorporate the directive into their legal system, as directives are not directly applicable (certain exceptions apply).

On the other hand, Regulations are binding in full throughout the EU legal system and do not require any transposition on the part of Member States. They often set both regulatory goals and the methods of achieving them.

EUCI closely monitors the development of EU legislation regulating crypto and crypto-related technology. We aim to participate in each step of this regulation process as an interested party. We regularly submit our input to EU consultation papers on proposed Legal Acts concerning Crypto, advocating for open, permissionless systems. You can read more about EUCI’s work here.

What is Markets in Crypto-Assets Regulation (MiCA)?

Markets in Crypto Assets Regulation or MiCA/MiCAR (official designation Regulation EU 2023/1114) is a comprehensive Legal Act that is a centrepiece of the crypto regulation in the EU. It defines and outlines the obligations of Crypto Asset Service Providers (CASPs) as well as of Asset Referenced Tokens (ART) and Electronic Money Tokens (EMT) Issuers.

Among other things, MiCA regulates the issuance, offer to the public and admission of Crypto Assets to trading, requirements for the authorisation and supervision of CASPs, ART and EMT issuers, as well as their operation, organisation and governance, requirements for the protection of token holders and CASP clients and the prevention of insider trading and other unlawful activities in crypto trading.

MiCA entered into force in June 2023, with some of its provisions only applying in December 2024. There is currently a process of creating Level 2 and Level 3 legislation that aims to regulate certain technical aspects of MiCA application in more detail.

Everything you need to know about the Anti-Money Laundering legislation (AML)

Anti-money laundering was one of the first areas that regulated crypto in the EU, with the first regulations dating back to 2018, when the AML5 directive was adopted. Since then, the regulators have been very active in this particular field.

Currently, the core of the Anti-Money Laundering legislation in the EU is the Anti-Money Laundering Directive (AMLD). Under AMLD, financial institutions and other obligated entities are required to implement a series of measures to counter Anti-Money Laundering and Terrorism Financing activities. These measures include:

  • Customer Due Diligence;
  • Beneficial Ownership Information;
  • Reporting suspicious transactions;
  • Internal Policies and Supervision;
  • Data Protection and Record Retention;

AML rules were extended to crypto in 2018 with the introduction of the Virtual Asset Service Provider framework, when, under the list of obliged entities, the following points were added:

  • (g) providers engaged in exchange services between virtual currencies and fiat currencies;
  • (h) custodian wallet providers;

At the moment the new AML regulatory framework is in preparation with Anti-Money Laundering Regulation. This regulation would be directly applicable (see “How does EU legislative process work) in member countries and would present an all-encompassing single rulebook for AML/CFT regulation in the EU.

Furthermore, a new AML Authority (AMLA) will be set up as a supranational authority in charge of AML compliance supervision, since supervisory activities are at the moment in the domain of national competent authorities.

At EUCI, we closely monitor the development of AML regulations in Europe and regularly inform our members and interested parties through our social media network and newsletters. You can access our publications here, and for up-to-date information and developments you can follow us through our social media accounts.

What is a DLT Pilot Regime?

The Digital Ledger Technology (DLT) Pilot Regime in the EU is a regulatory framework established with the DLT Pilot Regime Regulation that is intended to facilitate development and use cases for blockchain technology in the financial sector. This regime started applying in the EU on 23 March 2023. This framework is part of the broader EU strategy that aims to foster innovation in financial technology while strengthening market integrity and investor protection. It does so through the provision of the legal framework for trading and settlement of transactions in crypto-assets that qualify as financial instruments under MiFID II, while facilitating the set-up of new types of market infrastructures, including:

  • DLT multilateral trading facility (DLT MTF)
  • DLT settlement system (DLT SS)
  • DLT trading and settlement system (DLT TSS)

Objectives

DLT Pilot Regime strives to encourage the development of (i) crypto-assets that qualify as financial instruments and (ii) DLT market infrastructures. The EU regulators wish to achieve these goals while preserving investor protection, market integrity, financial stability, and transparency. Additionally, this Regime helps build a solid legal foundation and brings legal clarity to the market participants, thus avoiding unnecessary regulatory arbitrage and loopholes.

Eligibility criteria

For each of these new types of market infrastructures, there’s a set of eligible operators that can apply to participate in the DLT Pilot Regime: 

  • For the DLT MTF: any authorised investment firm and market operators can apply to operate a FLT multilateral trading facility;
  • For the DLT SS: any authorised central securities depositories (CSDs) may apply to operate a DLT settlement system;
  • For the DLT TSSL, both groups described above, authorised investment firms, market operators, and CSDs, may apply to operate a combined DLT trading and settlement system;

Please note that ESMA encourages new entrants to apply for both, a temporary authorisation as an investment firm/market operator or CSD while also applying for the DLT Pilot Regime.

Additional considerations exist as the DLT Pilot Regime scopes three types of financial instruments: shares, bonds and UCITS. The DLT Pilot Regime is only applicable for shares with a market capitalisation/tentative market capitalisation below EUR 500 million and bonds or forms of securitised debt, including depositary receipts in respect of such securities or money market instruments with an issuance size of less than EUR 1 billion (corporate bonds from issuers whose market capitalisation did not exceed EUR 200 million at the time of their issuance are not subject to this threshold). The Regime also applies to ‘undertaking for collective investment in transferable securities’ (UCITS) with a market value of assets under management of less than EUR 500 million.

This particular DLT Pilot regime is set to run for at least three years, with the possibility to be extended by the European Commission. The EU will also consider the possibility of covering other types of financial instruments with the DLT Pilot Regime. Depending on the outcomes of this Regime after three years of its implementation, the EU regulators will discuss possible amendments to the EU financial services legislation and the need to establish a bespoke, single, coherent framework resembling the new learnings.

We at the EUCI closely follow the developments related to the EU DLT pilot regime and post updates on our channels. You can follow us through our social media accounts for up-to-date information and developments.

Learn about DORA

Digital Operational Resilience Act or DORA is a Regulation of the EU (see “How does EU legislative process work”) that aims to set up a framework for Financial Institutions for handling ICT (Information and Communication Technology) related incidents. DORA sets up standards for Financial Institutions in the fields of:

  • ICT risk management;
  • Reporting on ICT incidents and threats; 
  • Digital operational resilience testing;
  • Information and Intelligence sharing;
  • Management requirements;

Furthermore, DORA elaborates on:

  • Requirements concerning the contractual arrangements concluded between ICT third-party service providers and financial entities;
  • rules for the establishment and conduct of the Oversight Framework for critical ICT third-party service providers when providing services to financial entities;
  • rules on cooperation among competent authorities, and regulations on supervision and enforcement by competent authorities concerning all matters covered by DORA;

DORA entered into force on 16 January 2023. However, it shall apply from 17 January 2025.

European Supervisory Agencies, or ESAs (seeHow does the EU legislative process work), issued six consultation papers in January 2024, further specifying the technical and implementation standards of DORA.

EUCI closely monitors the development process of DORA and related Legal Acts and their impact on the global crypto regulation landscape. You can follow us through our social media accounts for up-to-date information and developments.