Regulatory Blog

On 18 November 2025, the European Supervisory Authorities officially designated critical Information & Communication Technology third-party providers under the Digital Operational Resilience Act. This milestone strengthens the EU's financial sector's operational resilience by ensuring robust oversight of key ICT service providers.

On 6 October 2025, the European Supervisory Authorities issued a warning about the risks of crypto-assets. While the EU's new Markets in Crypto-Assets Regulation provides some safeguards, the crypto market encompasses a wide range of assets that remain volatile, complex and prone to scams.

On 11 July 2025, the European Securities and Markets Authority issued a warning to investors about the risks associated with unregulated products offered by regulated crypto-asset service providers. This "halo effect" can lead to confusion, as clients may mistakenly believe that all products and services offered by a regulated CASP are protected under the Markets in Crypto-Assets Regulation.

On 10 July 2025, the European Securities and Markets Authority published a peer review on the Malta Financial Services Authority's authorisation of Crypto Asset Service Providers under the Markets in Crypto-Assets Regulation.

On 3 June 2025, the Cyprus Securities and Exchange Commission issued Circular C709 informing Regulated Entities that the European Securities and Markets Authority’s has launched a survey to evaluate Artificial Intelligence adoption by financial entities within the Securities Sector. This survey is voluntary and open for entities regulated by national competent authorities or directly supervised by ESMA.

On 28 March 2025, the Cyprus Securities and Exchange Commission (CySEC) announced the adoption of the joint guidelines issued by the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) on the suitability assessments of members of the management body of issuers of asset-referenced tokens (ARTs) and crypto-asset service providers (CASPs).

On 15 April 2025, the European Securities and Markets Authority published significant updates to the regulatory landscape with the release of draft Regulatory Technical Standards and a final report on Guidelines addressing Liquidity Management Tools. These measures represent a pivotal step toward strengthening the ability of EU fund managers to skilfully manage fund liquidity, particularly during periods of market stress.

On 22 January 2025, the European Supervisory Authorities released a Q&A guidance prepared by the European Commission, clarifying the definition of information and communication technology services under the Digital Operational Resilience Act.

On 21 January 2025, the European Commission sent a letter to the Chair of the Joint Committee of the Supervisory Authorities addressing the draft Regulatory Technical Standards under the Digital Operational Resilience Act.

On 31 January 2025, the Cyprus Securities and Exchange Commission announced that the European Securities and Markets Authority has introduced the Common Supervisory Approach 2024-25 with respect to the integration of sustainability in firms’ suitability assessment as well as product governance processes and procedures in 2024.

On 31 January 2025, the European Securities and Markets Authority released a supervisory briefing to guide National Competent Authorities with respect to the authorisation of crypto asset service providers under the EU Regulation 2023/1114 on markets in crypto assets.

On 17 January 2025, the European Securities and Markets Authority (ESMA) issued a statement on providing crypto-asset services related to Asset-Referenced Tokens (ARTs) and Electronic Money Tokens (EMTs) which are not compliant with EU Regulation 1114/2023 on markets in crypto-assets (MiCA).