ESMA 2025 Annual Report: MiCA, Supervision and Simplification
ESMA's 2025 annual report, published by the European Securities and Markets Authority, confirms that the EU's regulatory agenda has moved decisively from policy design into execution. For accounting firms, auditors and CFOs with EU-facing crypto or capital-markets exposure, the report sets out three interlocking themes: sharper supervisory convergence, a leaner compliance rulebook, and accelerating work on digital innovation including crypto-asset oversight under MiCA.
MiCA and CASP Authorisation: Where Things Stand
MiCA dominated ESMA's supervisory workload in 2025. The authority worked alongside national competent authorities (NCAs) to advance the authorisation pipeline for crypto-asset service providers, pushing for consistent application of licensing criteria across member states.
Supervisory convergence in practice
ESMA's coordination role is not ceremonial. Where NCAs apply MiCA criteria inconsistently, cross-border arbitrage becomes a live risk. The 2025 report signals that ESMA actively supported NCAs through convergence tools, meaning a CASP authorised in one jurisdiction should face genuinely equivalent scrutiny to one authorised in another. Firms that assumed lighter-touch member states would offer a permanent shortcut should recalibrate that assumption.
This connects directly to enforcement pressure already visible at the national level. ESMA had previously instructed unauthorised CASPs to wind down as the MiCA transitional period closed, and the 2025 workstream built on that baseline. Accounting teams advising CASP clients on crypto compliance and reporting obligations need to treat authorisation status as a live audit point, not a one-time checkbox.
Spain's regulators have made clear there will be no deadline extensions for MiCA compliance, and what Spain's refusal to grant MiCA extensions means for EU firms illustrates how the supervisory tone set at ESMA level translates into hard national deadlines.
DORA, EMIR 3 and Clearing Infrastructure
Beyond crypto, ESMA's 2025 workload covered two other frameworks with direct operational implications.
DORA: digital resilience now a supervisory priority
The Digital Operational Resilience Act entered ESMA's active supervisory scope in 2025. The authority strengthened digital resilience requirements across the financial sector, with a particular focus on ICT risk management and third-party dependencies. For firms holding or servicing crypto assets, DORA and MiCA now overlap: a firm can be MiCA-authorised but still fall short of DORA's operational standards.
EMIR 3 and third-country CCPs
ESMA also progressed work under EMIR 3, including recognition and risk assessment of third-country central counterparties. Firms with derivatives or clearing activity that intersects with tokenised or crypto-adjacent instruments should flag this as a monitoring item for their compliance calendars.
Regulatory Simplification: A Genuine Shift
One of the report's more striking themes is simplification. ESMA describes a strategic effort to reduce unnecessary compliance burden, including flagship projects to streamline transaction reporting and fund reporting under AIFMD and UCITS. The retail investor journey initiative, aimed at making investment processes clearer and more transparent, sits alongside these structural changes.
What simplification means for reporting teams
Simplification does not mean reduced scrutiny. It means that reporting obligations are being rationalised so that the data regulators actually need arrives more cleanly and efficiently. For finance teams managing crypto disclosures alongside traditional fund reporting, this is relevant: the direction of travel is toward fewer but higher-quality data submissions, not toward lighter oversight. Firms that invest in robust reconciliation and data infrastructure now will be better positioned as revised reporting templates roll out.
The earlier article on ESMA's order for unauthorised CASPs to wind down provides useful context on how quickly the authority moves from policy to enforcement action when deadlines pass.
Market Infrastructure Milestones: CTPs and T+1
Two capital-markets milestones from 2025 deserve attention even for firms primarily focused on digital assets.
First, ESMA selected the first consolidated tape providers under MiFIR. This is a structural change to how market data flows across the EU, improving price transparency for equities and bonds. As tokenised securities move closer to mainstream adoption, the consolidated tape infrastructure will eventually become relevant to digital asset pricing and disclosure as well.
Second, ESMA advanced preparatory work for a shorter T+1 settlement cycle. Faster settlement reduces counterparty risk but compresses the operational window for reconciliation and reporting. Finance teams should begin assessing whether their current workflows, including any crypto or tokenised-asset positions, can support T+1 timelines without material error rates.
Innovation, AI and DLT: ESMA's Emerging Focus
The report notes that ESMA intensified its work on digitalisation during 2025, covering artificial intelligence, distributed ledger technology and decentralised finance. The framing is explicitly about harnessing innovation while protecting market integrity, not about restricting it.
For accounting and audit professionals, this means ESMA is building the supervisory vocabulary and tooling to examine DLT-based structures more rigorously. Firms that treat on-chain activity as outside the regulatory perimeter are operating on an assumption that ESMA's 2025 work is actively eroding.
Frequently Asked Questions
What did ESMA's 2025 annual report say about MiCA implementation?
The report confirms that ESMA worked with national competent authorities throughout 2025 to advance CASP authorisation and promote consistent application of MiCA across member states. Supervisory convergence was a central priority, aimed at preventing regulatory arbitrage between jurisdictions.
Does the ESMA 2025 report affect firms already authorised under MiCA?
Yes. Authorisation is a threshold condition, not a permanent safe harbour. The report signals that ESMA is building more intelligence-led, data-driven oversight. Authorised CASPs should expect ongoing supervisory engagement, not a reduced compliance burden after initial licensing.
How does DORA interact with MiCA for crypto-asset service providers?
DORA establishes ICT risk management and digital resilience requirements that apply across the financial sector, including to MiCA-authorised entities. A firm can meet MiCA's market conduct and capital requirements but still fall short of DORA's operational resilience standards. Both frameworks are now active supervisory priorities for ESMA.
What is the significance of ESMA selecting consolidated tape providers?
Consolidated tape providers aggregate and distribute market data across the EU under a standardised format. The 2025 selection marks a structural improvement in price transparency for traditional securities. As tokenised financial instruments grow in relevance, this infrastructure is likely to extend to digital asset markets over time.
What should accounting firms do now in response to the ESMA 2025 report?
Three immediate steps are worth taking: review whether any CASP clients have outstanding authorisation gaps or transitional arrangements that are no longer valid; assess DORA readiness for any entities within scope; and begin evaluating whether transaction and fund reporting workflows are aligned with ESMA's simplification direction, which favours cleaner, higher-quality data over volume.
Source: ESMA
FAQ
The report confirms that ESMA worked with national competent authorities throughout 2025 to advance CASP authorisation and promote consistent application of MiCA across member states. Supervisory convergence was a central priority, aimed at preventing regulatory arbitrage between jurisdictions.
Yes. Authorisation is a threshold condition, not a permanent safe harbour. The report signals that ESMA is building more intelligence-led, data-driven oversight. Authorised CASPs should expect ongoing supervisory engagement, not a reduced compliance burden after initial licensing.
DORA establishes ICT risk management and digital resilience requirements that apply across the financial sector, including to MiCA-authorised entities. A firm can meet MiCA's market conduct and capital requirements but still fall short of DORA's operational resilience standards. Both frameworks are now active supervisory priorities for ESMA.
Consolidated tape providers aggregate and distribute market data across the EU under a standardised format. The 2025 selection marks a structural improvement in price transparency for traditional securities. As tokenised financial instruments grow in relevance, this infrastructure is likely to extend to digital asset markets over time.
Three immediate steps are worth taking: review whether any CASP clients have outstanding authorisation gaps or transitional arrangements that are no longer valid; assess DORA readiness for any entities within scope; and begin evaluating whether transaction and fund reporting workflows are aligned with ESMA's simplification direction, which favours cleaner, higher-quality data over volume.
