EU CryptoReg Roundup: July 2025

This update is brought to you by our Regulatory & Risk Advisory practice group in Ireland. 

Our aim is to keep you informed of the fast-evolving legal landscape, from new legislation and guidance to significant case law and observations.

Sign up here to receive the next update in your inbox.

Legislation and guidance 

Ireland 

1. 10 July 2025 - S.I. No. 310/2025 - European Union (Information Accompanying Transfers of Funds) Regulations 2025 (the Regulations).

• The Regulations have been published which give effect in Ireland to Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 20231 on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849 (recast) (the EU Transfer of Funds Regulation).
• The EU Transfer of Funds Regulation sets out rules on the information on originators and beneficiaries that must accompany transfers of crypto-assets, for the purposes of preventing, detecting and investigating money laundering and terrorist financing (the so-called 'travel rule').
• The Regulations designate the Central Bank of Ireland as the competent authority for the purposes of the EU Transfers of Funds Regulation and provide details on administrative sanctions and offences for breaches of the EU Transfer of Funds Regulation in Ireland. 
• The Regulations come into operation on 1 August 2025.
  
  

2. 28 July 2025 – Central Bank of Ireland update to MiCAR FAQs.

• The Central Bank of Ireland has updated its MiCAR FAQs page, addressing the requirements applicable to Crypto-Asset Service Providers (CASPs) regarding the submission of the Register of Information (RoIs) in relation to the use of ICT services under the Digital Operational Resilience Act (DORA).
• Financial entities, including CASPs, shall report at least yearly to the Central Bank of Ireland on the number of new arrangements on the use of ICT services, the categories of ICT third-party service providers, the type of contractual arrangements and the ICT services and functions which are being provided (i.e. the RoIs). 
• From 2026 onwards, the formal submission of RoIs will take place in Q1 each year. The next formal submission of RoIs is scheduled for Q1 2026. CASPs should commence preparation of the RoIs as soon as possible, to ensure they are in a position to submit a compliant RoI within the scheduled timelines.

3. 28 July 2025 – Central Bank of Ireland publishes list of FAQ’s related to interplay between MiCAR and PSD2

• The Central Bank of Ireland has published a list of FAQ's clarifying its position on the EBA No Action Letter on the interplay between PSD2 and MiCAR. For more information on the EBA No Action Letter see our June CryptoReg Update.
• The Central Bank of Ireland will implement all of the recommendations contained in the EBA No Action Letter, including adopting a streamlined approach to CASPs seeking a Payment Institution authorisation.
• The Central Bank of Ireland has developed a specific shorter-form application form for CASPs seeking a Payment Institution authorisation in order to conduct the e-money token activities specified in the EBA No Action Letter. This form will be provided directly to applicants which notify the Central Bank of Ireland that they are seeking a Payment Institution authorisation in this context.
• The FAQ addresses further topics such as dual hatting of roles across the CASP and Payment Institution activities, and where a CASPs proposes to enter into a partnership arrangement rather than seek Payment Institution authorisation.

 

European Union 

1. 8 July 2025 – EBA launched a Consultation Paper on draft guidelines (the Draft Guidelines) on the sound management of third-party risk.

• The Draft Guidelines focus on third-party arrangements in relation to non-ICT related services provided by third-party service providers and their subcontractors with a particular focus on the provision of critical or important functions. 
• The Draft Guidelines revise and update the previous EBA guidelines on outsourcing (published in 2019) in line with DORA.
• The Draft Guidelines specify the steps to be taken by financial entities, including authorised issuers of e-money tokens and asset-referenced tokens, for the life cycle of third-party arrangements (i.e. risk assessment, due diligence, contractual phase, sub-contracting, monitoring, exit strategies and termination processes) to ensure consistency with the requirements under the DORA framework.
• The consultation period closes on 8 October 2025. 

2. 9 July 2025 – ESMA has published final Guidelines on supervisory practices for competent authorities to prevent and detect market abuse under MiCAR (the Guidelines).

• The objective of the Guidelines is to ensure consistency between competent authorities’ supervisory practices to prevent and detect market abuse involving crypto assets.
• More specifically, they aim to establish consistent, efficient and effective supervisory practices among competent authorities to prevent and detect insider dealing, unlawful disclosure of inside information and market manipulation. The Guidelines will apply from 9 October 2025.

3. 10 July 2025 – ESMA publishes fast-track peer review on a CASP authorisation and supervision in Malta.

• The peer review targeted the authorisation and early supervision of a CASP by the Malta Financial Services Authority (MFSA).
  
  
• Additionally, the peer review aims to foster supervisory convergence and improve the supervisory practices of all national competent authorities (NCAs). 
  
  
• The Peer Review Committee (PRC) did not provide any recommendations on policy issues where discussions are still on-going such as the booking model and custody but strongly encourages NCAs to continue such discussions.
  
  
• The PRC recommends to all NCAs to pay particular attention to certain aspects of the authorisation, related to business growth and resources, conflicts of interests, governance and intragroup arrangements, ICT architecture, and web3 and decentralised products. 
  
  
• With regards to the MFSA, the PRC noted that the overall authorisation process should have been more thorough and conducted on a sufficient time to allow the MFSA to properly assess compliance against MiCAR. The PRC did not find evidence that certain key aspects of the authorisation file were adequately assessed including (i) aspects of its business plan related to its growth and the on-boarding of new clients, (ii) potential conflicts of interest (iii) governance arrangements (iv) risks related to the ICT infrastructure, custody, use of the booking model, use of Web3 services and (v) certain AML/CFT risks and controls.
  
  
• The MFSA respects the views of the PRC and accepts the findings.

4. 11 July 2025 - ESMA Statement Avoiding Misperceptions: Guidance for CASPs Offering Unregulated Services (the Statement).

• In the Statement, ESMA warns that the practice of CASPs offering both MiCAR-regulated and unregulated products and services gives rise to investor protection risks.
  
  
• The Statement provides a list of "dos" and "don'ts" to mitigate the risks to investors. 

5. 11 July 2025 – ESMA Final Report - Guidelines for the criteria on the assessment of knowledge and competence under MiCAR.

• These guidelines are based on Article 81(15)(a) of MiCAR (CASPs providing advice on crypto-assets). The objectives of these guidelines are to establish the common, uniform and consistent application of the provisions in Articles 68(5) and 81(7) of MiCAR.
  
  
• The guidelines outline specific criteria for knowledge and competence of staff giving information about crypto-assets/services and for staff giving advice about crypto-assets/services.
  
  
• The guidelines will apply from six months after the publication of the translations on the ESMA website.
  
  

6. 16 July 2025 - Overview of Level 2 and Level 3 measures related to MiCAR.

• ESMA published an overview table of level 2 and level 3 measures related to MiCAR. Q&As from the EBA are not included.
  
  

7. 9 July 2025 - ESMA publishes Q&As under MiCAR.

• ESMA_QA_2608 - Pre-funding clients’ orders with clients’ crypto-assets
  
  
  • Pre-funding client transactions using clients’ crypto-assets qualifies as the sub-custody of client’s crypto-assets. As such, CASPs pre-funding clients’ transactions with clients’ crypto-assets must adhere to the requirements outlined in Articles 70 (Safekeeping of clients’ crypto-assets and funds) and 75 (Providing custody and administration of crypto-assets on behalf of clients) of MiCAR.
    
    
  • Consequently, the pre-funding of client transactions using client’s crypto-assets is only permissible under MiCAR where the third-party holding the client’s crypto-assets is authorised to provide the crypto-asset service of custody and administration of crypto-assets on behalf of clients in accordance with MiCAR.
    
    
  • Where clients’ crypto-assets are sent to a third party for the settlement of a transaction that has already been executed for the specific purpose of settling a specific order, this should not be seen as sub-custody.

• ESMA_QA_2607 - Staking on own account
   
  • In accordance with Article 70(1) of MiCAR, CASPs are expected to refrain from using clients’ crypto-assets for their own account. Consequently, MiCAR does not allow the staking of clients’ crypto-assets by CASPs for their own account, even in cases where the client has explicitly provided consent.
    
    
  • In line with the European Commission Q&A 2067, CASPs and clients may mutually agree on the terms under which staking as-a-service is provided by the CASP, provided that the profits from staking do not solely benefit the CASP.

8. 22 July 2025 - ESMA publishes lists under MiCAR.

• ESMA publishes list of grandfathering periods decided by Member States under MiCAR.
  
  
• ESMA publishes list of links for complaints handling under MiCAR. 

Other updates 

Ireland 

1. 21 July 2025 - Department of Finance launched a public consultation on the development of a new 'Ireland for Finance' international financial services strategy 2026-2030.

• A key area of the public consultation is on innovation and technology, including the use of distributed ledger technology in the financial services industry. 
  
  
• The public consultation notes that Ireland hosts several leading global fintech firms, with many choosing to establish their EU, EMEA or international headquarters in Ireland, and a number of global financial services firms have chosen Ireland as the location for a technology-related hub or centre of excellence.
  
  
• The public consultation period will run until 19 September 2025 and seeking responses on emerging technology opportunities for Ireland and the primary barriers. 

European Union 

1. 1 July 2025 - ESMA TRV Risk Analysis "Maximal Extractable Value Implications for crypto markets". 

• Maximal Extractable Value (MEV) commonly refers to the maximum amount of value a blockchain miner, validator or another agent, can make by changing the order of transactions within a block.
  
  
• ESMA started to look at MEV in the context of its contribution to the European Commission’s report on recent developments in crypto-assets provided under MiCAR.
  
  
• This article leverages on this work to explore further the implications of MEV for Decentralised Finance (DeFi) users, protocols and the wider crypto system. The article is intended to advance a shared understanding of MEV and the concerns it raises, also with a view to inform possible future EU regulatory and supervisory discussions on the topic, while noting the need for more analysis grounded on robust evidence to comprehend the phenomenon more fully.
  
  
• The article notes that MEV creates detriment to DeFi users to the extent that profits accrued to MEV extractors come in deduction to the wealth of users, raising transparency concerns.
  
  
• Furthermore, the high trading volumes can also create congestion and latency issues in the execution of transactions.

2. 1 July 2025 - ECB commits to distributed ledger technology (DLT) settlement plans with dual-track strategy.

• The ECB’s Governing Council has approved a plan that will enable settling DLT transactions using central bank money. The initiative follows a two-track approach: the first track “Pontes” provides a short-term offering to the market – including a pilot phase – and the second track “Appia” focuses on a potential long-term solution.
  
  
• The Eurosystem plans to launch a pilot for Pontes by the end of the third quarter of 2026.
  
  
• The ECB also published a dedicated report outlining the results of the Eurosystem’s exploratory work on new technologies for wholesale central bank money settlement, which was conducted between May and November 2024.
  
  

3. 1 July 2025 - AMLA publishes its Work Programme for 2025.

• The Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) will have a focus on the AML/CTF aspects of the supervision of higher risk sectors and areas across the EU, including CASPs. 
  
  
• CASPs are exposed to significant AML/CFT risks due to their technological features, cross-border operations, and anonymity-enhancing capabilities. Accordingly, this should be one area of activity for AMLA.
  
  
• Divergent national approaches to registration and authorisation can lead to supervisory fragmentation and increased risks of jurisdiction shopping by high-risk actors. AMLA will develop plans to promote high standards of AML/CFT controls and effectiveness in these areas through promoting convergence in national approaches. 
  
  
• In parallel, AMLA’s FIU pillar will reflect this priority by including crypto-asset related financial intelligence within the initial areas proposed for joint analyses, targeting cross-border typologies and emerging risks in this fast-evolving domain.
  
  

4. 15 July 2025 – The European Systemic Risk Board (ESRB) publishes Annual Report 2024.

• The ESRB maintains the view that authorities should strengthen their capacity to more effectively monitor developments in the crypto ecosystem and their potential implications for financial stability.
  
  
• The ESRB maintains the view that it deems it necessary to amend the relevant level I legislation to standardise the classification of financial instruments and crypto-assets throughout the EU and to address unregulated activities such as crypto lending and fully decentralised finance.
  
  
• The annual report provides an overview of key developments in global crypto-asset markets between January 2025 and March 2025. The ESRB notes that the difference between the EU and US regulatory approaches for stablecoins may encourage the further development of crypto-assets issued jointly by EU and US issuers (also known as “one-leg out multi-issuance schemes”).
  
  
• The ESRB will further analyse how provisions in MiCAR could be enforced by NCAs in order to mitigate issues from multi-issuance.

5. 28 July 2025 – EBA Opinion on money laundering and terrorist financing risks affecting the EU’s financial sector (the Opinion).

• This is the EBA’s fifth Opinion on ML/TF risks. It is based on data from January 2022 to December 2024.
  
  
• The Opinion notes that the abuse of crypto asset services for financial crime purposes remains a key area of concern.
  
  
• NCAs found that CASPs often lacked effective AML/CFT systems and controls. In several cases, concerns were also raised regarding the integrity of senior management and the transparency and adequacy of governance arrangements.
  
  
• The EBA highlights that the lack of robust AML/CFT controls in the sector reflects a gap between regulatory expectations, legal obligations and actual practice and notes that enhanced supervisory coordination and enforcement, and the effective and consistent application of the new EU crypto framework, are essential to address this challenge.