The European Securities and Markets Authority (ESMA) has issued a sharp warning to Malta’s Financial Services Authority (MFSA) over its handling of crypto license approvals under the new MiCA (Markets in Crypto-Assets) regulation.
According to an official ESMA communication dated July 10, 2025, the regulator claims that Malta may have granted multiple MiCA licenses prematurely, without ensuring the applicants met the EU-wide standards for consumer protection, risk management, and operational transparency.
What Is MiCA and Why It Matters
The MiCA regulation, which officially came into effect in June 2025, aims to standardize crypto regulation across the European Union. A key feature of MiCA is passporting rights—meaning once a crypto company is licensed in one EU country, it can operate across the entire EU single market.
This makes the initial licensing process absolutely critical. Any regulatory gaps in one member state could compromise the credibility and security of the entire bloc.
ESMA’s Main Concerns
According to ESMA’s findings:
- Malta may have issued licenses before fully assessing applicants’ internal controls and risk frameworks.
- Some licensed platforms were reportedly offering services that fall outside MiCA’s scope, misleading customers into thinking they were fully regulated.
- This poses a serious risk to retail investors across the EU—especially those using the services through passporting rights.
What Malta Says
In response, the MFSA insists that all approvals were given “in line with national and EU standards.” However, ESMA is requesting a formal review of Malta’s licensing processes and may consider further oversight or intervention if risks are not addressed.
A spokesperson for the MFSA noted:
“Malta remains committed to aligning fully with the MiCA framework. We welcome feedback from ESMA and will continue to strengthen our supervisory role.”
Why European Users Should Care
For investors and crypto users in Europe, this issue goes far beyond Malta. If passporting rights are abused, retail users in Germany, France, the Netherlands, or elsewhere could be exposed to underregulated platforms.
It also raises questions about how MiCA will be enforced uniformly across all 27 EU member states, and whether the “light-touch” reputations of smaller jurisdictions could undermine broader investor confidence.
What’s Next?
ESMA has not announced any sanctions yet, but it is closely monitoring licensed Crypto-Asset Service Providers (CASPs) across the EU.
In the coming months, we can expect:
- A deeper audit of license approvals in smaller EU states
- New clarifications from the European Commission on what qualifies as a compliant MiCA license
- Increased scrutiny on crypto companies using EU-wide passporting rights
Conclusion
The clash between ESMA and Malta is a wake-up call for the EU crypto sector. As MiCA reshapes Europe’s digital asset landscape, regulatory consistency and investor trust must remain top priorities.
Stay informed. If you’re using a licensed crypto platform in Europe, make sure it’s fully compliant under MiCA—not just on paper, but in practice.
