ESMA (European Securities and Markets Authority)

The European Securities and Markets Authority is the EU’s independent securities markets regulator, established in January 2011 under the European Supervisory Authorities (ESA) framework to contribute to the stability and orderly functioning of European financial markets. ESMA plays a central role in implementing the Markets in Crypto-Assets Regulation (MiCA), serving as the coordinator of the EU-wide CASP authorization and passport framework and as the sole authorization authority for the DLT Pilot Regime.

Institutional Structure and Mandate

ESMA was created to replace the Committee of European Securities Regulators (CESR) and given stronger powers including binding technical standard-setting, supervisory convergence tools, and in limited cases direct supervisory authority. Its governance structure includes a Board of Supervisors comprising the heads of all 27 EU national competent authorities (NCAs), a Management Board for operational matters, and an Executive Director. ESMA’s headquarters are in Paris.

ESMA’s core mandate covers three areas: completing the single rulebook for EU financial markets through technical standards, promoting convergent supervisory practices through guidelines, recommendations, and supervisory peer reviews, and directly supervising certain entities including credit rating agencies, trade repositories, and specific categories of third-country market participants.

MiCA Level 2: The Technical Standards Program

MiCA, which entered full application in December 2024, delegated to ESMA the task of developing over 30 regulatory technical standards (RTS) and implementing technical standards (ITS) that specify the detailed requirements for crypto-asset service providers, issuers of asset-referenced tokens, and issuers of e-money tokens. These Level 2 measures translate MiCA’s high-level requirements into precise compliance obligations.

The RTS program covers a wide range of subjects including: the content and format of white papers for different categories of crypto assets; governance arrangements and internal controls for CASPs; complaints handling procedures; conflicts of interest management; safeguarding of client assets; continuity plans; and the data standards for regulatory reporting. The ITS program specifies machine-readable formats and templates for regulatory filings. ESMA developed these standards through a public consultation process and submitted them to the European Commission for endorsement, with most entering into force during 2025.

CASP Authorization and the EU Passport

Under MiCA, Crypto-Asset Service Providers seeking to operate in the EU must obtain authorization from the NCA in their home member state. Once authorized, a CASP receives an EU passport that permits it to offer services across all 27 member states either through a branch or on a cross-border services basis — a structure directly analogous to the MiFID II passport for investment firms.

ESMA’s role in the CASP framework is primarily one of coordination and convergence rather than direct authorization. ESMA maintains the public register of authorized CASPs accessible across member states, publishes guidelines on the authorization process to promote consistent application of MiCA’s requirements, and conducts peer reviews of NCAs’ supervisory practices. When an NCA proposes to refuse authorization, it must consult ESMA’s Board of Supervisors through a defined escalation process. ESMA can also intervene in cases of systemic risk or supervisory failure under emergency powers, though this tool is intended as a backstop rather than a routine mechanism.

DLT Pilot Regime: Direct Authorization Authority

In contrast to its coordination role under MiCA, ESMA has direct authorization authority under the DLT Pilot Regime (Regulation EU 2022/858), which entered application in March 2023. The DLT Pilot permits market infrastructure operators — DLT Multilateral Trading Facilities (DLT MTFs), DLT Settlement Systems (DLT SSs), and DLT Trading and Settlement Systems (DLT TSSs) — to operate under relaxed requirements compared to standard MiFID II and CSDR rules, allowing experimentation with tokenized securities settlement.

Operators of DLT market infrastructure must obtain specific permission from their national competent authority and, for DLT TSSs and in certain other circumstances, must also obtain permission from ESMA. ESMA maintains a register of all DLT Pilot permissions, publishes regular reports on the Pilot’s operation, and coordinates between NCAs when cross-border issues arise. The Pilot is designed as a time-limited sandbox with a maximum duration of six years per operator, providing ESMA and NCAs with real-world data to inform potential permanent legislation.

Comparison with Single-Regulator Models

ESMA’s multi-layered structure — setting standards, coordinating NCAs, and directly supervising only specific categories — differs fundamentally from the SEC’s single-regulator model in the United States. Under the SEC framework, one federal agency both sets rules and enforces them nationally, creating consistency at the cost of a single point of failure or policy capture. ESMA’s model distributes day-to-day supervision across 27 NCAs applying common standards, theoretically combining regulatory diversity with market integration. Critics argue that this structure produces supervisory arbitrage — firms authorizing in less stringent member states while operating primarily in stricter ones — a dynamic that ESMA’s convergence tools are designed to counter.