EU fintech regulated under MiCA and PSD2; EBA/ESMA/CBK oversight
The European Union maintains a comprehensive regulatory framework for fintech and payments, primarily governed by the Markets in Crypto-Assets Regulation (MiCA) and the Payment Services Directive 2 (PSD2). The EBA and ESMA serve as the key supervisory authorities, with the EBA providing guidance on the interplay between PSD2 and MiCA for crypto-asset service providers handling electronic money tokens.
Recent regulatory developments include the end of the No-action Letter transition period for Crypto-Asset Service Providers on 2 March 2026, requiring full compliance with MiCA authorisation standards. The EBA has also issued consolidated ICT and security risk management guidelines to enhance user relationship management under PSD2, while ESMA continues to refine technical standards for crypto-asset service provider authorisations and notifications.
The regulatory environment emphasizes data reporting harmonization, with the EBA mandating that national competent authorities submit SEPA payment data exclusively via the EUCLID infrastructure. Additionally, the ECB has updated remuneration policies for excess reserves to ensure consistent application of the deposit facility rate, reflecting broader monetary policy alignment within the Single Supervisory Mechanism.
European Banking Authority (EBA)
Primary supervisor for payment services and crypto-asset service providers; issues guidelines on ICT risk and PSD2/MiCA interplay.
[1][2][3][4]European Securities and Markets Authority (ESMA)
Supervises crypto-asset service provider authorisations, EMIR CCPs, and investment firm passporting.
[5][6][7][8]European Central Bank (ECB)
Monetary policy and supervisory oversight for credit institutions; sets remuneration rules for excess reserves.
[9]Markets in Crypto-Assets Regulation (MiCA) (2023/2026)
Establishes the primary regulatory framework for crypto-assets, including authorisation requirements for Crypto-Asset Service Providers (CASPs) and specific provisions for electronic money tokens.
[2][4][6][7]Payment Services Directive 2 (PSD2) (2015)
Regulates payment services and providers, requiring enhanced ICT security and user relationship management processes for payment service providers.
[3][4]Crypto-Asset Service Provider (CASP)
Authorization required for entities providing crypto-asset services, with a transition period ending on 2 March 2026. ESMA has issued technical standards for authorisation and notifications, emphasizing data minimisation for management bodies. Timeline: Transition period ended 2 March 2026
[2][6][7]Payment Service Provider (PSP)
Authorization required under PSD2. National competent authorities must report SEPA data to the EBA via EUCLID, with an annual deadline of 9 October. Timeline: Ongoing
[1][3]Crypto-asset service providers transacting electronic money tokens must navigate the interplay between PSD2 and MiCA to avoid disproportionate dual authorization burdens, as clarified by EBA guidance.
[4]Central Counterparties (CCPs) must adhere to strict authorisation and extension conditions under EMIR 3, with ESMA defining accelerated procedures and exemptions.
[5]Email alerts for European Union updates
New circulars, rules and guidance — a digest in your inbox, same day.