The European Securities and Markets Authority has launched a Common Supervisory Action to examine the digital operational resilience of crypto-asset service providers, with a specific focus on custody services. The exercise will assess how mature authorised providers’ resilience frameworks are in relation to custody activities, reflecting ESMA’s view that both digital operational resilience and crypto-asset service providers are priority risk areas. National Competent Authorities will conduct the review on a risk-based sample of authorised crypto-asset service providers from the second half of 2026 to the first half of 2027. The assessment will focus on risks linked to distributed ledger technology, including governance arrangements, key and storage management, transaction controls, incident detection and response, smart contract risks, and reliance on third-party providers. ESMA said the action is intended to strengthen supervisory convergence in a fast-evolving market segment. Findings gathered by National Competent Authorities will be consolidated into a final report for submission to ESMA’s Board of Supervisors after the exercise ends in the second half of 2027.
European Securities and Markets Authority2026-07-08
European Securities and Markets Authority launches supervisory review of crypto custody providers digital operational resilience
The European Securities and Markets Authority has launched a Common Supervisory Action on the digital operational resilience of crypto-asset service providers, centred on custody services. National Competent Authorities will review a risk-based sample of authorised firms from the second half of 2026 to the first half of 2027, focusing on distributed ledger technology risks such as key management, transaction controls, incident response, smart contracts and third-party dependencies. ESMA will compile the findings into a final report for its Board of Supervisors in the second half of 2027.