Malta’s Crypto-Licensing is Not Compatible with MiCA, Says the EU
Malta is facing criticism from the European Union’s most powerful financial regulator over how it issued crypto licenses under the EU’s Markets in Crypto-Assets Regulation (MiCA). The European Securities and Markets Authority (ESMA) said that the Malta Financial Services Authority (MFSA) only partially met regulatory standards when it authorized a crypto-asset service provider (CASP). ESMA also revealed that a firm in Malta operated without a license.
On July 10, 2025, ESMA published a detailed review of Malta’s fast-tracking approach, which, according to the watchdog, failed to conduct essential risk assessments. Due to the identified gaps, ESMA highlighted concerns about uneven MiCA enforcement and weak investor protection across the EU.
Gaps Found in Malta’s MiCA Authorization Process
The review uncovered specific shortcomings in the MFSA’s processes, particularly in areas such as:
Although Malta had access to professionals in commodities and crypto, the licensing process lacked the depth required to properly assess these risks.
According to ESMA, essential concerns were either ignored or inadequately resolved before licenses were granted. The process also neglected a thorough review of the company’s supervisory record and technology readiness.
Let’s Make Oversight European-Wide
Though the review focused on Malta, ESMA noted that these shortcomings apply to all National Competent Authorities (NCAs) in the EU. It advised regulators to increase inspections in key areas like:
- IT and blockchain systems
- Cross-border operations
- Unregulated service promotion
- Conflict of interest management
- Corporate governance structures
The goal is to enforce a consistent and robust licensing regime across the EU for companies seeking MiCA approval.
An ESMA official emphasized that uniform oversight is essential to close regulatory loopholes and maintain confidence in the EU’s crypto market.
Malta Responds, But Questions Remain
The MFSA defended its position by stating that Malta was an early adopter of digital asset regulation. It claimed that since January 2025, it had already approved five crypto licenses under MiCA. However, it did not respond to the specific deficiencies pointed out by ESMA.
Malta’s crypto policies have raised concerns in the past. Some EU regulators have privately questioned the speed and flexibility of its approval process. Notably, once granted, MiCA licenses enable firms to operate across all 27 EU member states under passporting rights.
What’s Next for EU Crypto Firms?
This review could reshape crypto regulation across the EU. Regulators may now:
- Extend approval timelines for crypto licenses
- Apply stricter scrutiny to firms with complex operations
- Enhance coordination among member states to ensure compliance
The review also strengthens ESMA’s role as a central supervisory authority under MiCA. As the digital asset market continues to grow, ESMA plans to conduct more cross-border peer reviews to avoid regulatory weak spots within the EU.
Bottom Line
The EU has serious concerns about Malta’s crypto licensing under MiCA. Though Malta remains a key hub for crypto, this development signals a clear shift toward stricter, more consistent, and transparent oversight across Europe.
With MiCA now active, crypto firms seeking licenses must prepare for deeper scrutiny, enhanced compliance, and zero tolerance for regulatory shortcuts.
