Since our last newsletter, ESMA has released updated Q&As, supervisory guidelines, a peer review, further guidelines on staff competence, and a public statement – all regarding the implementation of Regulation (EU) 2023/1114 of 31 May 2023 on markets in crypto-assets (“MiCA”).
Supervisory guidelines to prevent market abuse under MiCA
Since MiCA’s entry into force on 29 June 2023, ESMA has been publishing various Q&As, guidelines, supervisory briefings, opinions, as well as maintaining an interim register (available here as a collection of CSV files until mid-2026 when it will be formally integrated into ESMA’s IT systems), in an effort to establish a more cohesive legal framework, regulating the crypto-asset markets in the EU.
On 29 April 2025, fulfilling its mandate under article 92(3) of MiCA, ESMA issued its final report on supervisory practices in order to prevent and detect market abuse under MiCA (the “MAR-related Guidelines”). The MAR-related Guidelines are directly applicable to the National Competent Authorities (as defined in Article 3(1)(35) of MiCA), (the “NCAs”) after three months following the date of their publication on ESMA’s website in all official EU languages. Within two months from such publication, the NCAs must confirm to ESMA whether they already comply or intend to comply with the MAR-related Guidelines, by incorporating them into national legal or supervisory frameworks. If they do not or do not intend to comply within this deadline, this decision and the reasons for it will be published on ESMA website. In Luxembourg, the MiCA NCA is the CSSF.
The MAR-related Guidelines build on the experience made under Regulation (EU) No 596/2014 of 16 April 2014 on market abuse (the “MAR”), while taking into consideration the unique features of crypto trading, such as its cross-border nature and the intensive use of social media. Their objective is to promote consistency in the supervisory practices of NCAs in relation to crypto assets, by establishing efficient and harmonized oversight mechanisms to better prevent, detect, and address market abuse –specifically insider trading, unlawful disclosure of inside information, and market manipulation.
Some of the key guidelines revolve around the following topics:
Proportionality and risk-based supervision
NCAs should tailor their supervisory practices and use their resources on a risk-based approach, while being forward-looking and responsive, particularly for new forms of market abuse (including monitoring non-traditional actors like miners, validators, and social media influencers).
Common supervisory culture and coordination
ESMA promotes cooperation and experience-sharing, exchanging best practices between NCAs, or exchanges of experiences with authorities in other connected areas, such as those responsible for consumer protection or prevention and anti-money laundering.
Integrating dedicated measures into existing frameworks
NCAs are encouraged to use and adapt existing supervisory practices for the detection and prevention of market abuse under MAR, for instance including in the existing monitoring of manipulative practices, actions linked to the technology behind crypto-assets and their offering and evaluation.
Resource adequacy, monitoring and surveillance
surveillance should be both data-driven and event-based, leveraging public, regulatory, and reconciled on-/off-chain data, and include automated and human monitoring of web platforms, social media, and newsletters. ESMA recommends to NCAs to allocate trained staff and to invest in tailored surveillance tools.
Stakeholder engagement, education and promotion initiatives
NCAs are encouraged to proactively engage with stakeholders – e.g. industry participants, experts, and data providers – to identify emerging risks and develop effective responses. ESMA also recommends promoting market integrity initiatives to raise awareness of abusive practices and to encourage voluntary adoption of best practices by market participants.
Notably, the MAR-related Guidelines repeatedly emphasise the widespread use of social media as a vehicle for disseminating false or misleading information. NCAs are encouraged to strengthen their monitoring and supervisory capabilities in this space, with a focus on identifying and deterring abusive practices early on.
Updated Q&As
On 17 and 20 June 2025, ESMA published updates of its questions and answers (“Q&A”) addressing key issues related to MiCA compliance and clarifications in response to market developments:Custody agreements in the exercise of rights attached to crypto-assetsA crypto-asset service provider (“CASP”) providing custody services must ensure clients can exercise rights attached to their crypto-assets and immediately record any event affecting a client’s rights – such as changes to the underlying distributed ledger – in the client’s register of positions. CASPs must also ensure clients retain entitlement to any newly created assets or rights resulting from such events, unless the client has given prior express and signed consent to a different arrangement. CASPs must obtain explicit and affirmative agreement – for example, through a clearly presented clause or a pop-up confirmation – when seeking to derogate from this obligation and cannot rely on “terms of services” or any type of standard, non-negotiated user agreements.
Commingling clients’ crypto-assets with crypto-assets from other entities of the group when acting as custodian :
To address potential risks due to information asymmetry and conflicts of interest, ESMA has clarified that CASPs providing custodian services to sister companies or other entities within the same corporate group must not commingle clients’ crypto-assets with such group assets.
Under Article 75(7) of MiCA, CASPs are required to keep clients’ assets in wallet addresses that are separate from their own proprietary holdings, or to avoid providing custody services to affiliates if risks cannot be properly managed. Although assets from sister companies are not classified as “own assets” per se under MiCA, ESMA warns that pooling them with client assets – such as in shared wallets – may expose CASPs to significant risks, including preferential access to sensitive information or group-level liquidity events that could adversely impact clients.
Shared order book model
Under MiCA, it is not permissible for an authorised CASP operating a trading platform to pool its order book with that of one or more non-EU platforms operated by entities not authorised under MiCA. ESMA clarifies that such a model would constitute unauthorized provision of a crypto-asset trading platform service within the EU, violating Article 59 of MiCA. Since managing an order book is a core element of operating a multilateral trading system under Article 3(18), all entities managing the shared order book must be MiCA-authorised CASPs.
Peer review
On 10 July 2025, ESMA published a peer review of the Maltese NCA’s authorisation of a CASP, highlighting some supervisory strengths but also gaps in risk assessment, particularly regarding governance, Web3 products, and the promotion of unregulated services which offers lessons for all NCAs across the EU.
Guidelines on CASP staff knowledge and competence
On 11 July 2025, ESMA published guidelines (the “CASP Staff Guidelines”) specifying the criteria for assessing the knowledge and competence of staff at CASPs who provide information or advice on crypto-assets and services. These Further Guidelines aim to ensure that client-facing staff possess an adequate level of professional qualifications and experience, as well as a clear understanding of the specific features and inherent risks of crypto-assets – such as high volatility and cyber threats.
The document offers concrete examples and assessment criteria that CASPs must apply to ensure compliance with their obligations under MiCA, ultimately enhancing investor protection and trust in crypto-asset markets. These guidelines will begin to apply six months after their publication in all EU official languages, and all NCAs must notify ESMA within two months as to whether they intend to comply.
Public statement
Finally on 11 July 2025, ESMA published a public statement, reminding CASPs to clearly distinguish between regulated and unregulated services in all client communications, warning against the potential “halo effect” that can mislead clients about the protections available under MiCA.
Share on
