As the European Union begins implementing the Markets in Crypto-Assets Regulation (MiCA), a debate has emerged around who should supervise crypto-asset service providers (CASPs). Some Member States, led by France, Italy, and Austria, have called for the European Securities and Markets Authority (ESMA) to take on direct supervisory powers over significant CASPs. Malta, however, has taken a firm stance against this push toward centralisation. In a statement published on the 17 September 2025, the Malta Financial Services Authority (MFSA) argued that it is too premature to make such a dramatic shift so soon after the recent introduction of MICA, urging the EU to prioritise collaboration over control.

---

The push for centralised supervision is largely driven by concerns over regulatory fragmentation and inconsistent application of MiCA across Member States. In a joint position paper, regulators from France (AMF), Italy (CONSOB), and Austria (FMA) warned that diverging national practices:

• Weaken investor protection;
• Create opportunities for regulatory arbitrage; and
• Undermine market confidence and competitiveness.

To address these risks, France, Italy and Austria propose a supervisory model akin to that already in place with the Single Supervisory Mechanism (SSM) for banks and the European Banking Authority’s (EBA) oversight of major stablecoin issuers. They argue that such a centralised framework would eliminate fragmentation, reduce supervisory costs, and ensure a level playing field across the EU.

At the heart of these concerns is the risk of regulatory arbitrage and jurisdiction-shopping that would undermine MiCA’s passporting regime. Since firms licensed in one Member State can operate across all 27, there is a fear that some may strategically establish themselves in jurisdictions with less stringent enforcement, potentially undermining the regulation’s objectives.

---

Malta has firmly rejected calls for centralised oversight of CASPs under MiCA. According to the MFSA, it is far too early to assess the regulation’s effectiveness. MiCA has only been in force for nine months and its effects are still unfolding. Premature centralisation risks introducing unnecessary bureaucracy, stifling innovation and damaging the EU’s appeal as a crypto-friendly jurisdiction.

Importantly, Malta is not advocating for regulatory divergence. On the contrary, the MFSA strongly supports supervisory convergence and enhanced cooperation among Member States. It is actively participating in ESMA-led initiatives, including:

• The Digital Finance Standing Committee;
• Peer reviews on CASP authorisation and supervision; and
• Enhanced coordination with other national competent authorities.

---

MiCA was deliberately adopted as a regulation, not a directive, to ensure legal uniformity across all the EU. However, this choice does not imply that Member States were meant to relinquish their supervisory roles. On the contrary, Recital 76 of MiCA explicitly affirms the importance of national oversight:

‘‘(76) Given the relatively small scale to date of crypto-asset service providers, the power to authorise and supervise such service providers should be conferred upon national competent authorities. Authorisation as a crypto-asset service provider should be granted, refused or withdrawn by the competent authority of the Member State where the entity has its registered office. Where an authorisation is granted, it should indicate the crypto-asset services for which the crypto-asset service provider is authorised and should be valid for the entire Union.’’

This language confirms that MiCA was designed to harmonise rules while preserving decentralised supervision.

More fundamentally, Malta’s stance is grounded in the EU’s own constitutional principles of subsidiarity and proportionality, enshrined in Articles 5(1) and 5(3) of the Treaty on European Union. These principles require that EU-level action must satisfy two tests:

1. The objectives cannot be sufficiently achieved by Member States acting alone; and
2. Centralised action must provide clear, added and measurable value.

In the case of CASP supervision, neither test appears to be satisfied. There is currently no evidence that national regulators are failing to enforce MiCA, nor has centralisation been shown to offer improvements in efficiency, consistency or investor-protection.

Passporting rights are not simply a loophole. They are a core tenet of EU law, grounded in the principles of the single market. After all, if we begin to restrict cross-border rights merely because they might be misused, are we not undermining the very foundation of the EU’s legal and economic integration? Such reasoning would set a dangerous precedent.

---

Drawing parallels between the supervision of CASPs and the regulatory framework applied to traditional banks under the Single Supervisory Mechanism (SSM) overlooks fundamental differences between the two sectors. Large banks could be systemically important institutions, whose failure can trigger widespread economic disruption. CASPs, on the other hand, typically operate on much smaller scale and pose far less systemic risk. It is absurd to assume that all CASPs are inherently systematically important. Moreover, the crypto-asset industry is defined by rapid innovation, diverse business models, and unique risk profiles that differ significantly from those associated with traditional banking. Applying a one-size-fits-all supervisory model risks undermining the flexibility and responsiveness needed to regulate this dynamic sector effectively.

---

Centralising supervision could erode the strengths that make the EU’s regulatory system resilient. National regulators bring essential local insight, agility and established relationships with market participants. In rapidly evolving sectors like crypto, where innovation often outpaces regulation, proximity to the market is a necessity.

Replacing national frameworks with a distant central authority risks creating a rigid, standardised approach that fails to reflect the realities on the ground. Malta’s own experience demonstrates the value of local innovation: MiCA closely mirrors principles already embedded in Malta’s Virtual Financial Assets Act, showing that national leadership can shape EU-wide regulation.

MiCA was never intended to erase national discretion. It was designed to provide legal certainty while preserving Member State autonomy where appropriate.

Calls for centralisation may sound efficient on paper, but in practice, they risk imposing a one-size-fits-all model on a diverse and evolving market. The EU should resist the temptation to centralise for the sake of perceived uniformity. Instead, it should empower national regulators to collaborate, share best practices, and coordinate supervision, without dismantling the local expertise that forms the backbone of effective governance.

---