ESMA’s June Q&A Session on MiCAR

The European Securities and Markets Authority (ESMA) has released a new set of answers in its June Q&A session, addressing selected aspects of providing services related to crypto-assets under the Markets in Crypto-Assets Regulation (MiCAR).

This session focused on two critical types of services:

• custody and administration of crypto-assets,
• operation of crypto-asset trading platforms.

What questions were asked to ESMA?

ESMA addressed three key questions:

1. Custody Agreements
   Can the terms of service or any non-negotiated standard user agreement for custody of crypto-assets qualify as a “valid agreement” that “expressly provides otherwise” under Article 75(4) MiCAR, in the event of changes to Distributed Ledger Technology (DLT) or any other occurrence that could alter clients’ rights to their crypto-assets?
2. Combining Client Wallets with Group Entities
   Can a CASP providing custody and administration of crypto-assets store clients’ assets in the same wallets as those of other entities within the same corporate group?
3. Shared Order Books
   Is it permissible for a CASP operating a trading platform to pool its order book with those managed under legal frameworks other than MiCAR, including platforms outside the EU?

Are Terms of Service Enough? ESMA on “Valid Agreements” under MiCAR

On the first question, ESMA emphasized that under Article 75(4) MiCAR, CASPs must ensure clients can exercise their rights related to crypto-assets. Any event – including changes in Distributed Ledger Technology (DLT) or other developments that create or modify such rights – must be immediately recorded in the client position register.

This guarantees that clients retain the right to any newly created crypto-assets.

However, ESMA clarified that a non-negotiated terms of service or standard user agreement is insufficient to demonstrate explicit client consent to such deviations. Instead, CASPs should obtain separate, unambiguous consent, for example via a dialog box presented when accepting the terms and conditions.

Shared Wallets – Opportunity or Risk? ESMA’s Position

In response to the second question, ESMA noted that CASPs should not hold client crypto-assets in the same wallet as assets belonging to entities in the same corporate group.

Such a practice could:

• create a conflict of interest,
• expose clients to heightened risk of loss.

ESMA stressed that CASPs must implement measures to eliminate or adequately mitigate risks that could harm client interests or those of the provider itself. If effective safeguards cannot be achieved, the CASP should refrain from storing group entities’ assets together with client funds.

One Order Book for Many Platforms? Why ESMA Says “No”

Regarding the third question, ESMA concluded that a model in which multiple crypto-asset platforms combine their individual order books into a single shared order book is incompatible with Article 59 of MiCAR.

The reason: at least one operator of such a shared order book would lack CASP authorization.

Although an integrated liquidity pool – combining buy and sell orders from multiple platforms, including non-EU entities – could theoretically enhance liquidity, ESMA clarified that each operator of a shared order book must hold CASP authorization. Therefore, pooling order books with non-CASP entities is not permitted under MiCAR.

Greater Client Protection, New Challenges for CASPs

ESMA’s responses reinforce its consistent regulatory approach of prioritizing client protection, albeit by imposing additional obligations and costs on CASPs.

While these measures strengthen client security, they may also increase operating expenses and compliance burdens, potentially reducing the competitiveness of smaller CASPs.

Want to receive the latest insights and practical guidance on crypto-asset regulation? Join our newsletter and stay ahead of key legal updates.