The European Securities and Markets Authority (ESMA) said on Wednesday that crypto players operating across the EU will now be subject to a multi-layer risk-lated assessment. The Paris-based European financial watchdog is looking to run thorough checks on the digital operational resilience of Crypto-Asset Service Providers (CASPs), especially those offering custody services.
ESMA outlined the provisions of this Common Supervisory Action (CSA) initiative through an official blog on Wednesday. The aim is to ensure high-level measures are put in place by CASPs to protect their digital systems so that the user funds kept under their oversight are protected against mishaps and subsequent losses.
The assessment will target the organizational structures of CASPs and keep an eye on how these companies store sensitive cryptographic keys. The way platforms monitor and approve transactions will also be under the scanner with the CSA coming into action.
Smart contracts make for crucial parts of crypto platforms and services. The European regulators will soon start combing through the automated codes making for the smart contracts to identify any risks or potentially exploitable loopholes.
Exposing internal operations to third-parties for outsourcing requirements could also bring CASPs face-to-face with security challenges. The ESMA said moving forward the reliance of CASPs on outside tech providers will be constantly screened to flag any imminent risk before time.
“This initiative responds to ESMA’s risk-based supervisory priorities, which identify both digital operational resilience and CASPs as key areas of risk. ESMA has developed this CSA to enhance supervisory convergence in a rapidly evolving segment of the market,” ESMA said.
The assessment excercises will be carried out by National Competent Authorities (NCAs) between H2 2026 and H1 2027.
“The findings collected from NCAs will be consolidated into a final report, which will be submitted to ESMA’s Board of Supervisors following the conclusion of the exercise in the second half of 2027,” the ESMA added.
This development comes just days after the deadline for crypto firms to comply with EU’s MiCA laws ended on July 1. While Binance has had to halt its operations across the EU for failing to align with the region’s crypto laws, Ripple won a full MiCA license in Luxembourg.
The ESMA has been maintaining a public register of all MiCA-compliant crypto firms operating in the region. The index presently lists a total of 284 registered entities including Standard Chartered, Kraken, BitStamp, Circle, Bitpanda, ByBit, and KuCoin among others.
The Markets in Crypto-Assets (MiCA) Regulation is a comprehensive crypto-focussed regulations enforced by the EU to bring bank-like laws for the crypto businesses. It includes mandates like reserve maintainence and fund separation to focus heavily on consumer protection against the risks of engaging with volatile assets.



