- Europe’s securities regulator is launching a major review of crypto custody providers under the MiCA framework.
- National regulators will examine custody security, operational resilience, governance, and risk management through 2027.
- The initiative marks the EU’s next phase of enforcing its landmark cryptocurrency regulations.
The European Securities and Markets Authority (ESMA) has announced a new supervisory initiative aimed at strengthening oversight of cryptocurrency custody providers operating under the European Union’s Markets in Crypto-Assets (MiCA) framework. The review will focus on how crypto firms protect customer assets and manage operational risks as MiCA enters its enforcement phase.

The move follows the conclusion of MiCA’s transition period on July 1 and signals that European regulators are shifting their attention from implementing the rules to actively monitoring compliance across the industry.
ESMA Targets Crypto Custody Services
ESMA said it will launch a Common Supervisory Action (CSA) to evaluate the operational resilience of Crypto-Asset Service Providers (CASPs), placing particular emphasis on firms offering custody services.
The regulator will examine how companies manage digital asset security, including private key protection, storage systems, and broader operational safeguards. Officials want to ensure custody providers have mature resilience frameworks capable of protecting client assets against technical failures and cyber threats.
The initiative reflects growing regulatory focus on one of the most critical parts of the cryptocurrency ecosystem: securely safeguarding customer funds.
National Regulators Will Lead the Reviews
Rather than conducting the inspections directly, ESMA will coordinate with national competent authorities across the European Union. Each regulator will review a risk-based sample of licensed CASPs operating within its jurisdiction.
The examinations will continue through the first half of 2027 and will assess a wide range of operational areas beyond custody security. Regulators will review governance structures, transaction controls, incident response procedures, and the risks associated with relying on third-party service providers.

Following the review process, ESMA will compile the findings into a comprehensive report that will be presented to its Board of Supervisors during the second half of 2027.
MiCA Enforcement Enters a New Phase
The launch of the supervisory review demonstrates that European authorities are moving beyond simply introducing MiCA and are now focused on ensuring firms fully comply with its requirements.
As more cryptocurrency companies seek authorization under the new framework, regulators are expected to increase oversight of licensed providers while establishing consistent supervisory standards across all EU member states.
The initiative could also help identify industry best practices for digital asset custody as regulated crypto services continue expanding throughout Europe.
Crypto Firms Continue Preparing for MiCA
The regulatory review comes as custody providers continue adapting their businesses to Europe’s evolving crypto rules. Several companies have already introduced new products designed to help exchanges and financial institutions remain compliant under MiCA.
One recent example is BitGo, which launched a Europe-focused Crypto-as-a-Service platform to help businesses navigate MiCA’s operational and regulatory requirements while maintaining access to the European market.
With regulatory oversight now accelerating, crypto custody providers operating in Europe will likely face increasing scrutiny as MiCA transitions from implementation to full-scale enforcement.











