August 2025 Regulatory Roundup

INVESTMENT SERVICES & CAPITAL MARKETS

MIFID and MIFIR 

ESMA identifies future and potential data contributors for the equity CTP

On 10 July 2025, ESMA published the list of data contributors to the equity Consolidated Tape Provider (CTP), based on the transaction reporting data collected.

The list also includes trading venues that can choose to transmit data to the equity CTP and opt-in to the mandatory data contribution regime. As specified in MIFIR the trading venues opting-in will need to contribute data to the CTP within 30 days from the notification to ESMA.  ESMA will immediately update the list once a trading venue starts or ends operations and when a trading venue decides to voluntary opt-in.

The entities that decide to opt-in will communicate their decision to ESMA. Additionally, they will notify to their National Competent Authority (NCA).

The next publication of the list will be in January 2026.

ESMA prepares for switch toward single volume cap in October 2025

On 24 July 2025, ESMA announced the update of the volume cap system, that will pass from the previous double volume cap mechanism (DVCM) to a “single” volume cap mechanism (VCM) in October, according to the changes introduced by the MIFIR Review.

The new VCM limits at 7% the trading volume under the reference price waiver in the EU, compared to the total aggregated trading volume in the EU over the last 12 months for each equity and equity-like financial instrument. If the limit is exceeded, trading venues will need to suspend the use of the waiver for the concerned instrument for a period of three months.

Trading venues must base their decision to suspend the waiver use on the data published by ESMA under the dedicated VCM webpage.

ESMA encourages all interested parties to prepare for the change in requirements in line with the new VCM becoming active in Q4 2025. The first publication of the calculation results is expected for 9 October 2025.

ESMA publishes data for quarterly bond liquidity assessment

On 1 August 2025, ESMA published the new quarterly liquidity assessment of bonds.

Bonds quarterly liquidity assessment

ESMA has published the latest quarterly liquidity assessment for bonds available for trading on EU trading venues. For this period, there are currently 1,346 liquid bonds subject to MIFID II transparency requirements.

ESMA’s liquidity assessment for bonds is based on a quarterly assessment of quantitative liquidity criteria, which includes the daily average trading activity (trades and notional amount) and the percentage of days traded per quarter. ESMA updates the bond market liquidity assessments quarterly. However, additional data and corrections submitted to ESMA may result in further updates within each quarter, published in ESMA’s Financial Instruments Transparency System (FITRS), which shall be applicable the day following publication.  

The full list of assessed bonds is now available through FITRS in the XML files with publication date from 1 August 2025 (see here) and through the Register web interface (see here). 

The transparency requirements for bonds deemed liquid today will apply from 18 August to 16 November 2025. [/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

OPERATIONAL RESILIENCE

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Digital Operational Resilience Act (DORA)

ESMA Final Report on the revised Guidelines on outsourcing to cloud service providers

On 11 July 2025, ESMA published a Final Report on the revised Guidelines on outsourcing to cloud service providers (CSPs), updating the 2020 guidelines on outsourcing to cloud service providers in line with the Digital Operational Resilience Act (DORA).

ESMA had published a Final Report on guidelines on outsourcing to CSPs in December 2020 (the “2021 guidelines”). The 2021 guidelines were designed to assist firms in identifying, managing and monitoring risks associated with cloud outsourcing. However, since the implementation of DORA on 17 January 2025, which covers the same scope including ICT third-party risks, these guidelines are no longer needed for most financial entities. However, DORA does not apply to certain depositories under the Alternative Investment Fund Managers Directive (AIFMD) and the Undertakings for Collective Investment in Transferable Securities Directive (UCITSD). Therefore, ESMA revises the scope of the 2021 guidelines to apply only to these specific depositaries that fall outside DORA’s coverage.

The revised guidelines will be translated into the official EU languages and published on ESMA’s website. The publication of the translations in all official languages of the EU will trigger a two-month period during which Member State competent authorities must notify ESMA whether they comply or intend to comply with the revised guidelines.

ESAs publish a guide on DORA Oversight activities

On 15 July 2025, the European Supervisory Authorities (EBA, EIOPA, ESMA – the ESAs) published a guide on oversight activities under the Digital Operational Resilience Act (DORA).

The aim of this guide is to provide an overview of the processes used by the ESAs through the Joint Examination Teams (JET) to oversee critical Information and communication technology (ICT) third party service providers (CTPPs).

This guide provides high-level explanations to external stakeholders regarding the CTPP Oversight framework. Furthermore, it provides an overview of the governance structure, the oversight processes, the founding principles and the tools available to the overseers.

However, the guide is not a legally binding document and does not replace the legal requirements laid down in the relevant applicable EU law.

The ESAs invite the public, financial entities and, crucially, third-party providers to use this document to prepare for the oversight implementation.

ECB finalises Guide on outsourcing cloud services

On 16 July 2025, the ECB published its final Guide on outsourcing cloud services to cloud service providers. This follows a public consultation, which ended in July 2024.

Similar to other ECB Guides, this Guide does not lay down legally binding requirements, practices, or rules. It also does not introduce new rules or requirements over and above those currently imposed by the Digital Operational Resilience Act (DORA). Instead, it clarifies the expectations the ECB has for banks to comply with DORA requirements. It also provides good practices on effective outsourcing risk management for banks under ECB supervision that use third-party cloud services, based on observed industry practices.

The final Guide more clearly differentiates the requirements set out in DORA from the good practices recommended by the ECB. It also clarifies the way in which the principle of proportionality is applied. An overview of the comments received and the ECB’s assessment of them is available in a feedback statement.

In publishing the Guide, the ECB will make supervision more consistent and help ensure a level playing field for the banks it supervises by outlining its expectations transparently and recommending good practices. The Guide emphasises the importance of maintaining a risk-based approach and applying proportionality to outsourcing cloud services, while accounting for the various organisational set-ups, areas of activity and risk profiles of the banks that the ECB supervises.[/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

FINANCIAL CRIME

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Anti-money laundering

European Commission adopts delegated regulation requiring a review of countries that may pose a threat to the EU financial system

On 8 July 2025, the European Commission adopted a Delegated Regulation amending a Delegated Regulation it adopted on 10 June 2025, to introduce a review clause requiring the European Commission to independently assess countries that may pose a threat to the EU financial system, even if they are not publicly identified by the Financial Action Task Force (FATF).

The Delegated Regulation adopted on 10 June 2025 amended the list of high-risk third countries laid down in Commission Delegated Regulation 2016/1675. Please see July issue of MAP S Platis Regulatory Updater. The European Commission states that countries that are not publicly identified as being subject to calls for action or increased monitoring by the FATF might still pose a threat to the integrity of the EU financial system. Where membership of such countries to the FATF is suspended because of gross violations of core principles upon which that standard-setter is built, the threat to the EU financial system is likely to increase. The proposed review clause would require the European Commission to complete an autonomous assessment of whether such countries are high-risk third countries as referred to in Article 9 of Directive 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, by 31 December 2025. 

EBA publishes its 2025 Opinion on money laundering  

On 28 July 2025, the European Banking Authority (EBA) published its 2025 opinion on money laundering and terrorist financing (ML/TF) risks affecting the EU’s financial sector.

2025 marks a significant change in the ML/TF risk landscape. In the context of important geopolitical developments, growth of technologies, new financial products such as crypto assets, new ML/TF vulnerabilities are emerging. The consistent application of the new EU legal framework will be key to addressing these risks. At the same time, thanks to greater supervisory commitment, some sectors are now better equipped to tackle financial crime.

The EBA’s assessment has highlighted the following observations:

• FinTech: 70% of competent authorities report high or rising ML/TF risks in the financial sector. They point to weak AML/CFT controls and poor governance, as firms appear to prioritise growth over compliance.
• RegTech: over half of serious compliance failures reported to the EBA’s EuReCA database involved the improper use of RegTech tools. Despite its potential to enhance compliance, RegTech is often poorly implemented due to lack of expertise and oversight.
• Crypto Assets: this remains a high-risk sector, with a 2.5-fold increase in authorised crypto-asset service providers (CASPs) between 2022 and 2024. Many CASPs lack effective AML/CFT systems, and some attempt to bypass regulatory oversight.
• Fraud and AI: criminals are increasingly using AI to automate laundering schemes, forge documents, and evade detection. Financial institutions struggle to keep pace with these sophisticated threats, highlighting the need for responsible AI use and robust monitoring.
• Restrictive Measures: the complexity of EU sanctions regimes poses compliance challenges. Institutions often lack adequate systems to implement sanctions effectively. The EBA’s new Guidelines, applicable from end-2025, aim to harmonise standards across the EU.

[/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

FUND REGULATION

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]UCITS

ESMA updates its UCITS Q&As

On 15 July 2025, ESMA updated its UCITS Q&As in relation to  whether a manager of a feeder fund within the meaning of Article 58 of the UCITS Directive charge a performance fee (2609).[/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

SUSTAINABLE FINANCE

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]EU Green Bonds

Technical standards supplementing the EU Green Bonds Regulation and guidelines published in the Official Journal

On 25 July 2025, three Commission Delegated Regulations supplementing the EU Green Bonds Regulation (Regulation (EU) 2023/2631) were published in the Official Journal of the European Union, namely:

• Commission Delegated Regulation 2025/753 establishing the content, methodologies and presentation of the information to be voluntarily disclosed by issuers of bonds marketed as environmentally sustainable or of sustainability-linked bonds in the templates for periodic post-issuance disclosures
• Commission Delegated Regulation 2025/754 specifying rules of procedure for the exercise of the power to impose fines or periodic penalty payments by the European Securities and Markets Authority on external reviewers
• Commission Delegated Regulation 2025/755 specifying the type of fees to be charged by ESMA to external reviewers of European Green Bonds, the matters in respect of which fees are due, the amount of the fees, and the manner in which those fees are to be paid.

In addition, a Communication from the European Commission establishing non-binding guidelines for pre-issuance disclosure templates for issuers of bonds marketed as environmentally sustainable or of sustainability-linked bonds, has also been published in the Official Journal. The Communication is effective immediately upon its publication in the Official Journal, while the Delegated Regulations will enter into force on the twentieth day following publication, which will be on 14 August 2025.

Sustainable Finance

Commission to cut EU Taxonomy red tape for companies

On 4 July 2025, the European Commission  adopted a set of measures to simplify the application of EU Taxonomy. This will reduce the administrative burden for EU companies, thus enhancing EU competitiveness while preserving core climate and environmental goals.

The Taxonomy Regulation entered into force in 2020, and its reporting requirements apply since 2022. By providing a common sustainability reference point for financial and non-financial companies, the Taxonomy supports investments that contribute to a sustainable transition of the EU economy, in line with European Green Deal goals.

The main simplification measures include: 

• Financial and non-financial companies are exempt from assessing Taxonomy-eligibility and alignment for economic activities that are not financially material for their business. For non-financial companies, activities are considered non-material if they account for less than 10% of a company’s total revenue, capital expenditure (CapEx) or operational expenditure (OpEx). Reducing this administrative burden will benefit companies, allowing them to focus on reporting and financing of their core business activities, and how this contributes to their transition efforts.
• In addition, non-financial companies are exempt from assessing Taxonomy alignment for their entire operational expenditure when it is considered non-material for their business model.
• For financial companies, key performance indicators like the green asset ratio (GAR) for banks are simplified, and they are granted an option not to report detailed Taxonomy KPIs for two years.
• Taxonomy reporting templates are streamlined by cutting the number of reported data points by 64% for non-financial companies and by 89% for financial companies.
• The criteria for ‘do no significant harm’ to pollution prevention and control related to the use and presence of chemicals are simplified.

The changes are adopted in the form of a Delegated Act amending the Taxonomy Disclosures, Climate and Environmental Delegated Acts. The Commission published the draft of this Delegated Act in February 2025 as part of ‘Omnibus I’ package, allowing stakeholders to provide feedback on the draft measures.

The Delegated Act will now be transmitted to the European Parliament and the Council for their scrutiny. The changes will apply once the scrutiny period of 4 months, which can be prolonged by another 2-month period, is over. The simplification measures laid out in this Delegated Act will apply as of 1 January 2026 and will cover the 2025 financial year. However, undertakings are given the option to apply the measures starting with the 2026 financial year if they find this more convenient.

Sustainable Finance Disclosure Regulation (SFDR)

ESMA publishes consolidated Q&A

On 4 August 2025, ESMA published consolidated Q&A on the SFDR.

Omnibus I package

ECON adopts opinion on Omnibus I sustainability package

On 22 July 2025, the European Parliament’s Committee on Economic and Monetary Affairs (ECON) adopted its Opinion which proposes targeted amendments to key directives on corporate sustainability reporting and due diligence.

The opinion recommends significantly narrowing the scope of reporting obligations by raising the applicability thresholds from 1000 to over 5000 employees and a net worldwide turnover exceeding EUR 450 million. ECON also proposes aligning reporting standards with international frameworks such as those of the International Sustainability Standards Board. It also calls for the deletion of certain due diligence obligations, including the requirement to implement climate transition plans and suggests capping financial penalties at 5% of net profits.

The Council of European Union has already adopted its negotiating mandate.  Please see July issue of MAP S Platis Regulatory Updater. Trilogue negotiations between the Council of the EU and European Parliament will begin once the latter has adopted its own formal negotiating position.

European Sustainability Reporting Standards

Commission adopts “quick fix” for companies already conducting corporate sustainability reporting

On 11 July 2025, the Commission adopted targeted “quick fix” amendments – Commission Delegated Regulation amending Delegated Regulation (EU) 2023/2772 as regards the postponement of the date of application of the disclosure requirements for certain undertakings (not in force until it is published in the Official Journal) to the first set of European Sustainability Reporting Standards (ESRS).

This will reduce burden and increase certainty for companies that had to start reporting for financial year 2024 (commonly referred to as “wave one” companies).

According to the current ESRS, companies reporting on financial year 2024 can omit information on, amongst other things, the anticipated financial effects of certain sustainability‑related risks. The “quick fix” amendment, which applies from financial year 2025, will allow them to omit that same information for financial years 2025 and 2026.

This means wave one companies will not have to report additional information compared to financial year 2024. Moreover, for financial years 2025 and 2026, wave one companies with more than 750 employees will benefit from most of the same phase‑in provisions that currently apply to companies with up to 750 employees. You can find here a summary of the modifications.

This quick fix was necessary because wave one companies were not captured by the “stop‑the‑clock” Directive, which delayed by two years the sustainability reporting requirements for companies that report from financial year 2025 and 2026 (so‑called “wave two” and “wave three” companies). This Directive was part of the Omnibus I package adopted by the Commission at the end of February 2025.

Meanwhile, the Commission is working on a broader revision of the European Sustainability Reporting standards (ESRS), with the aim of substantially reducing the number of data requirements, clarifying provisions deemed unclear and improving consistency with other pieces of legislation. It is expected that this review will be completed by financial year 2027.

ESMA Climate Transition Plan

ESMA publishes its first Climate Transition Plan

On 8 July 2025, ESMA published its first Climate Transition Plan, an important milestone in aligning ESMA’s own operations with the European Union climate objectives.

Under this plan, and in line with the Paris Agreement, ESMA commits to reducing its gross greenhouse gas (GHG) emissions by 15.4% in 2027 and 31.4% in 2030, compared to 2023.  Through the implementation of the Climate Transition Plan, ESMA aims to reduce the carbon footprint of its operations, particularly in relation to staff business travel, energy use, and food consumption. 

In the short term, progress towards this goal will be achieved through:  

– introduction of an annual GHG budget to manage emissions from air travel,

– optimising floor occupancy during certain periods of the year to reduce energy consumption, and

– implementing incentives to shift to lower-carbon practices in the purchase of goods and services.

This first plan has been put in place with the data currently available. It will be regularly reviewed, adapted, and improved.

ESMA will implement decarbonisation levers and measures identified under this Climate Transition Plan and will report on the progress achieved annually, via its Annual Report and its Environmental Statement.[/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

MiCA

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]ESMA identifies opportunities to strengthen MiCA authorisations

On 10 July 2025, ESMA published the results of a peer review on the authorisation and early supervision of a crypto-asset service provider (CASP) by the Malta Financial Services Authority (MFSA) under the Markets in Crypto-Assets Regulation (MiCA).

The peer review analyses the approaches adopted by the Malta Financial Services Authority (MFSA) in the authorisation and early supervision of a CASP and provides recommendations to strengthen these processes. It identifies overall a good level of resources and supervisory engagement within the authority, with some areas for improvement related to the assessment of authorisations.

The peer review also recommends to all National Competent Authorities (NCAs) currently in the process of authorising CASPs to pay particular attention to certain areas of risk, including business growth, conflicts of interests, governance and intragroup arrangements, ICT architecture, Web3, decentralised products, and the promotion of unregulated services.

While focused on an individual case, the review aims to foster the sound authorisation of CASPs by all NCAs in the EU. Its conclusions should be on-boarded by all NCAs to ensure that the authorisations they grant are well assessed in this new and high-risk sector, where supervisory knowledge is still being built.

The review aims to support a harmonised supervisory approach and reinforce NCAs’ role as gatekeepers of the EU single market in the evolving crypto-asset sector.

ESMA Guidelines on Knowledge and competence of staff providing information on crypto-assets – ESMA criteria published

On 11 July 2025, ESMA published the guidelines specifying the criteria for assessing the knowledge and competence of staff at crypto-asset service providers (CASPs) who provide information or advice under the Markets in Crypto-Assets Regulation (MiCA).

The guidelines:

• provides guidance on the minimum level of knowledge and competence of staff through examples (including on professional qualification and appropriate experience for the provision of information or advice); and
• addresses specific features and risks of crypto-assets markets and services (e.g. high volatility of crypto-assets and cyber security risks) through the criteria for the assessment of the relevant staff’s knowledge and competence.

The guidelines will help CASPs to meet their obligations and act in the best interest of their clients. They also support competent authorities in adequately assessing how CASPs meet these obligations. The objective is to enhance investor protection and trust in the crypto-asset markets.

The guidelines will be translated into all EU languages and published on ESMA’s website. They will start applying six months after that publication.

Within two months of the date of publication of the guidelines on ESMA’s website in all EU official languages, competent authorities to which these guidelines apply must notify ESMA whether they comply, do not comply, but intend to comply, or do not comply and do not intend to comply with the guidelines.

ESMA Warns of Investor Risks from Unregulated Products Offered by Regulated CASPs

On 11 July 2025, ESMA issued a public statement warning investors of the ‘halo effect’ that can lead to overlooking risk when authorised crypto-asset service providers (CASP’s) offer both regulated and unregulated products and/or services.

The statement also reminds CASPs of the issues that they should consider when providing unregulated products and services, recommending that they should be particularly vigilant about avoiding any client confusion regarding the protections attached to unregulated products and/or services.

To avoid any misunderstanding CASPs should clearly communicate the regulatory status of each product or service in all client interactions and at every stage of the sales process. In addition, ESMA reminds crypto-assets entities of their obligation to act fairly, professionally and in the best interests of their clients, ensuring that all information, including marketing communications, is fair, clear and not misleading.

Overview of Level 2 and Level 3 measures related to Regulation (EU) 2023/1114 Markets in Crypto-Assets (MiCA)

On 16 July 2025, ESMA issued an overview of Level 2 and Level 3 measures related to MiCA. MiCA entered into force in June 2023. The regulation includes a substantial number of Level 2 and Level 3 measures that should be developed before the entry into application of the new regime (within a 12-to-18-month deadline depending on the mandate).

ESMA updates its MiCA Q&As

In July 2025, ESMA updated its MICA Q&As in relation to the following:

• Whether the Markets in Crypto-Assets Regulation (MiCA) permit the staking of clients’ crypto-assets by crypto-asset service providers (CASPs) for their own account (Q&A 2607);
• Whether the Markets in Crypto-Assets Regulation (MiCA) allows crypto-asset service providers (CASPs) to use clients’ crypto-assets for pre-funding client orders (Q&A 2608).

[/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

CySEC DEVELOPMENTS

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_single_image image=”8217″ img_size=”full” alignment=”center”][vc_column_text]Circular C721: Application of section 62(2) of the Prevention and Suppression of Money Laundering Activities Law of 2007 (L. 188(I)/2007)

On 09 July 2025, CySEC issued Circular C721 (the ‘Circular’), which replaces Circular C367, to remind all Regulated Entities about the provisions of Section 62 of the Prevention and Suppression of Money Laundering Activities Law 188(I)/2007 (the ‘AML Law’), regarding the obligation to verify the identity of the customer and the beneficial owner, respectively, before establishing a business relationship.

With the Circular, CySEC draws the attention of Regulated Entities on the requirement to include the creation of the customer’s economic profile in the process of identifying the customer and the beneficial owner, along with other applicable regulatory requirements.

Additionally, it reminds Regulated Entities of the exception to the general rule where the verification of the identity of the customer and the beneficial owner may be completed during the establishment of a business relationship, as per Section 62(2) of the AML Law, provided that certain conditions are satisfied. Please refer to the Circular for more information.

Furthermore, as per the Circular, the Regulated Entities are obliged to appropriately, adequately and timely warn the clients about the relevant procedures when applying the derogation of Section 62(2) of the AML Law, for example how open positions and possible refunds will be handled, and obtain their explicit consent regarding the said procedures before initiating a business relationship.

Lastly, CySEC urges Regulated Entities to proceed with the verification of the identity of customers and beneficial owners before entering into a business relationship, and in the exceptional cases where the verification takes place during the establishment of the business relationship, to at least take into account the provisions of the Circular.

Administrative Service Providers (the ‘ASPs’):

The Circular explains that the derogation of Section 62 of the Law, does not apply in the case of ASPs and they must comply at all times with the provisions of this section due to the nature of their activities.

In the exceptional case where an ASP intends to complete the verification of the identity of the customer and the beneficial owner during the conclusion of the business relationship (and not before), it must fully justify such action and record such justification.

Circular C722: EBA’s No Action letter on the interplay between Payment Services Directive (PSD2/3) and Markets in Crypto-Assets Regulation (MiCA)

On 11 July 2025, CySEC issued Circular C722 to inform crypto-asset service providers (CASPs) and applicant CASPs that the European Banking Authority (EBA) published an opinion on 10 June 2025 regarding the interaction between Directive (EU) 2015/2366 (PSD2) and Regulation (EU) 2023/1114 (MiCA), focusing on electronic money tokens (EMTs).

The opinion responds to a European Commission request and provides both long-term legislative and short-term supervisory guidance.

For the long term, the EBA advises EU authorities (the EU Commission, Council and Parliament) to either:

• amend MiCA to fully include payment-related obligations for EMTs (e.g. consumer protection, payment security, capital requirements), or
• use the legislative process of PSD3/PSR to include rules for EMTs without imposing a second authorisation for CASPs.

In the short term, the EBA recommends NCAs s to regard the transfer of EMTs on behalf of clients and the custody and administration of EMTs as payment services under PSD2, and the custodial wallets as payment accounts under PSD2. By contrast, the exchange of crypto-asset for funds and exchange of crypto-assets for other crypto-asset services of MiCA Regulation are not deemed to be payment services under PSD2 and this not subject to authorisation.

Regarding the services which requires an authorisation under PSD2, NCAs are advised to allow CASPs a transitional period until March 1, 2026 to seek authorisation under PSD2 or partner with a payment service provider (“PSP”). Furthermore, once authorisation as PSP is granted or for those entities that already hold a PSP license or a partnership with a PSP, NCAs are advised to de-prioritise enforcement of certain PSD2 rules such as on safeguarding, the disclosure of information to consumers pertaining to the level of applicable charges, the maximum execution time of payment transactions, and the unique identifier; while insisting on others, such as the application of strong customer authentication to the accessing of custodial wallets and the initiation of EMT transfers, the fraud reporting and the cumulative Calculation of own funds.

CySEC encourages interested parties to consult the full document of the EBA’s opinion for the legal basis and the specific comments and advice given on each of the key areas of interplay between PSD2 and MICA Regulation as identified by the EBA.

CySEC Consultation Paper on amending the Law regulating Companies providing administrative services and related matters

On 30 July 2025, CySEC issued a Consultation Paper proposing amendments to the Law Regulating Companies Providing Administrative Services and Related Matters (L. 196(I)/2012), concerning the treatment of express waivers of authorisation.

The proposed amendment clarifies that a licensed person’s authorisation for the provision of administrative services does not automatically lapse upon the submission of an express waiver under Article 16 of the Law. Instead, the authorisation ceases only following a formal withdrawal decision by CySEC.

This change aims to allow CySEC to assess the circumstances of the waiver request and, where necessary, require the ASP to take appropriate steps to ensure orderly cessation of operations and enable CySEC to evaluate the rationale behind the waiver and consider any potential impact on third parties.

The Consultation Paper is addressed to Administrative Service Providers (ASPs) authorised under L. 196(I)/2012. Interested parties are invited to submit their comments and responses to the Question listed in the Consultation Paper by no later than 22nd August 2025.[/vc_column_text][/vc_column][/vc_row][/vc_section]