Europe’s ESMA Launches CSA to Increase Crypto Compliance - Coin Edition

Europe’s ESMA Launches CSA to Increase Crypto Compliance

Last Updated:
Europe’s ESMA Launches CSA to Increase Crypto Compliance
  • ESMA launched a CSA to assess digital operational resilience of CASPs, focusing on custody services.
  • NCAs will carry out the exercise on a risk-based sample of authorized CASPs, targeting DLT-related risks.
  • The findings from NCAs will be submitted to ESMA’s Board of Supervisors after the exercise ends in H2 2027.

The European Securities and Markets Authority (ESMA) is launching a Common Supervisory Action (CSA) focused on the digital operational resilience of Crypto Asset Service Providers (CASPs), with particular attention to custody services. National competent authorities (NCAs) will conduct the review on a risk based sample of authorized CASPs during the first half of 2027.

ESMA Launches CSA on Crypto Custody Providers 

On July 8, 2026, ESMA, the EU regulator and supervisor, announced the launch of a CSA targeting the digital operational resilience of CASPs, with a particular focus on custody services, which hold client assets on behalf of investors.

This marks ESMA’s first dedicated CSA on crypto custody providers following the end of the transitional periods for the Markets in Crypto Assets (MiCA) Regulation and the Digital Operational Resilience Act (DORA), which have applied to CASPs since January 17, 2025.

Why ESMA’s Review Matters for Crypto Firms and Users 

NCAs will assess a risk based sample of authorized CASPs under ESMA’s CSA, focusing on digital operational resilience in crypto custody services. The review will assess critical risks such as DLT security, governance frameworks, key storage management, transaction controls, incident response, smart contracts and third party dependencies.

The ESMA review also underscores the growing significance of crypto custody security as a regulatory priority in Europe because custody is the layer where user assets are most vulnerable.  Since custody providers safeguard user assets, strong cybersecurity, IT governance, and operational controls are essential to prevent disruptions and protect client funds. 

In addition, for CASPs regulated under MiCA, ESMA’s supervisory action is intended to bring about closer supervision of operational practices. The review seeks to provide clarity on the various custody models and align with the EU’s wider efforts to enhance the regulation, risk management and consumer protection of crypto.

Next Steps After the ESMA Review Announcement

The ESMA review will run from the second half of 2026 through the first half of 2027. After the exercise concludes, the findings will be consolidated into a final report and submitted to ESMA’s Board of Supervisors in the second half of 2027. 

Meanwhile, the final report is expected to outline key findings, industry best practices, operational weaknesses, and recommendations to improve crypto custody security across Europe. The review could strengthen regulatory consistency, enhance asset protection measures, and provide users with greater confidence in regulated CASPs.

Beyond the immediate supervisory action, ESMA’s findings could influence future MiCA developments and shape global crypto custody standards. As regulators place greater focus on cybersecurity, operational resilience, and risk management, CASPs could see increased expectations of protecting digital assets and maintaining secure custody structures.

Related: Over 80% of EU Crypto Firms Yet to Obtain Full MiCA License Despite Looming Deadline

Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.