ESMA Targets MiCA-Licensed Crypto Custodians in EU Resilience Review
What does the 'dual regulation' mean for crypto custody firms in the EU starting in 2026?
Why is the EU shifting from paper-based reviews to on-site inspections for crypto custody services?
What changes are expected in the crypto custody industry due to the new regulatory tightening?

- The European Securities and Markets Authority (ESMA) began its first Common Supervisory Action targeting the operational resilience of EU crypto custodians newly licensed under MiCA.
- The review tests whether custodians meet strict security, incident response, and risk management standards set by both MiCA and DORA.
On July 10, 2026, Cointelegraph reported that the European Securities and Markets Authority (ESMA) launched its first Common Supervisory Action (CSA) focused on crypto asset service providers (CASPs) newly licensed under the EU’s Markets in Crypto-Assets Regulation (MiCA). This initiative began immediately after MiCA’s transitional period expired across the European Union.
The CSA zeroes in on the operational resilience of crypto custodians. ESMA is directly evaluating whether these regulated firms meet stringent requirements for security, incident response, and risk management detailed in MiCA and the Digital Operational Resilience Act (DORA). The review encompasses key management, storage procedures, transaction controls, and the readiness of incident response plans. ESMA is also assessing custodians’ dependence on third-party technology providers within their operations.
Sebastien Dessimoz of Taurus noted that ESMA’s action signals a regulatory shift, with custodians now required to provide verifiable evidence of their controls and resilience rather than basic compliance declarations. This approach elevates sector accountability, setting new operational and supervisory expectations.
Jody Mettler of BitGo added that institutional clients are increasingly demanding proof of custodial safeguards such as asset segregation, access management, and strong business continuity measures—driven by both regulatory demands and competitive pressure.
Yuriy Brisov of Digital & Analogue Partners stressed that custodians now navigate two layers of compliance: MiCA’s custody-specific rules and DORA’s broader operational standards. For firms reliant on a small pool of technology vendors, ensuring resilience throughout their supply chains is becoming a critical challenge.
Cointelegraph reported that this first pan-EU CSA is likely to set new operational and compliance benchmarks for MiCA supervision. The results may also shape the debate over whether ESMA should take direct oversight of all crypto asset service providers in the future.
Get real-time crypto breaking news on Unblock Media Telegram! (Click)










