
The European Securities and Markets Authority (ESMA), a key EU regulator supporting the implementation of the Markets in Crypto-Assets (MiCA) framework, is launching a dedicated process for reviewing crypto custody providers.
ESMA plans to conduct a common supervisory action (CSA) focused on the operational resilience of crypto-asset service providers (CASPs), with a specific emphasis on custody services, accordingly to an official announcement on Wednesday.
“The CSA will assess the maturity of CASPs’ digital operational resilience frameworks in relation to custody activities,” ESMA said, adding that the reviews will focus on areas including key and storage management, alongside other operational risks.
The move comes shortly after the end of MiCA’s transition phase on July 1, prompting increased attention to how EU authorities will supervise compliance with the new framework, including potential enforcement questions.
National regulators to conduct custody reviews
ESMA said the supervisory action will be conducted by national competent authorities (NCAs) across the EU, which will assess a risk-based sample of authorized CASPs.
The reviews will run from now through the first half of 2027, with regulators examining how companies handle custody-related operational risks.
In addition to reviewing key and storage management, NCAs are expected to assess areas such as governance structures, transaction controls, incident detection and response, and dependencies on external service providers.
Related: Belgian regulator flags 6 unauthorized crypto providers after MiCA deadline
ESMA will later consolidate the findings into a final report to be submitted to its Board of Supervisors after the exercise concludes in the second half of 2027.
The review comes as some custody providers have stepped in to support crypto platforms adapting to Europe’s new regulatory environment.
Last month, crypto custody company BitGo launched a Europe-focused crypto-as-a-service platform aimed at helping platforms maintain access to the market while working through MiCA-related compliance requirements.
Magazine: How crypto laws changed in 2025 — and how they’ll change in 2026
