Crypto players who did manage to secure their MiCA licences before the July 1 deadline are not entirely out of the woods in the EU now that ESMA has decided to run assessments on existing platforms. In conversation with The Coin Headlines, ESMA said the consequences of crypto firms failing in risk assessments would be decided by the countries they are based in in the EU.
ESMA or the European Securities and Markets Authority unveiled a Common Supervisory Action (CSA) initiative this week. The aim of this CSA is to ensure that crypto assets service providers (CASPs) hold onto the best practices to ensure user funds in their custodies are safeguarded.
The supervisory action will be conducted independently for all crypto players operating across the 27 EU member nations. As per ESMA’s list, a total of 284 companies are MiCA- licensed to offer crypto services in the EU.
These assessment excercises will be carried out by National Competent Authorities (NCAs) between H2 2026 and H1 2027. The Coin Headlines had asked ESMA to clarify the possible nature of regulatory actions or enforcement penalties that CASPs could face in the EU for failing their CSA examination.
“This is a matter of national competence,” ESMA said in a written response. “It depends on the national regulation of the related country and the nature of the issues identified.”
It, however, still remains unclear whether NCAs could revoke licenses or what degree of financial penalties they might impose on CASPs with inadequate operational resilience frameworks.
Potential lapses in governance arrangements and transaction controls could create operational issues for CASPs in the EU.
Speaking to The Coin Headlines, ESMA reiterated that risks inherent to blockchain, “including governance arrangements, key and storage management, transaction controls, incident detection and response,” will be areas of focus for the CSA assessment.
The European regulators will also be screening the automated codes of smart contracts to try and flag any risks or potentially exploitable loopholes for related CASPs and their offerings.
High dependencies on third-party tech providers will also be thoroughly examined under the CSA assessment as it could also expose crypto platforms to unforseen risks.
The findings collected from NCAs will be consolidated into a final report, which will be submitted to ESMA’s Board of Supervisors sometime in the second half of 2027.
Standard Chartered, Kraken, BitStamp, Circle, Bitpanda, ByBit, and KuCoin among others are among the 284 MiCA-registered firms offering crypto services in the EU.
ESMA, meanwhile, is constantly updating the community of European investors to steer clear from suspicious crypto-related messages that could suspicious or be impersonating ESMA officials.



