Following his recent commentary on LinkedIn, Dr Ian Gauci shared his analysis on the potential implications of the proposed EU Market Infrastructure Package and its amendments to Regulation (EU) 2023/1114 (MiCA).
The proposal has sparked widespread discussion across Europe’s regulatory and fintech communities. According to Dr Gauci, contrary to media interpretations suggesting that the European Securities and Markets Authority (ESMA) would oversee only “significant” crypto-asset service providers (CASPs), the proposal indicates a far broader mandate.
“It’s not true that ESMA wants to regulate only significant CASPs as portrayed in the media,” Dr Gauci stated. “Should this package go through, ESMA shall be responsible for the supervision and enforcement of this Regulation with respect to all crypto-asset service providers.”
Under the proposed framework, ESMA would become the default supervisor of all CASPs, while national authorities would act mainly through delegation - powers that are temporary, optional, and revocable at ESMA’s discretion.
This, Dr Gauci explains, would mark a fundamental shift in the supervisory balance between EU and national authorities:
“Every MiCAR authorisation, supervisory file, and inspection could now sit under ESMA’s roof. National authorities such as the MFSA, AMF, BaFin, and CNMV would become executors of ESMA mandates - potentially erasing years of national investment in capacity, staff, licensing, and governance.”
Describing the proposal as “worse than the SSM under banking,” he warns that this move risks undermining Member State sovereignty and the principle of subsidiarity, setting a precedent that could extend beyond the crypto sphere into other EU-regulated sectors.
This leads to a deeper structural concern — one that touches the foundations of the EU’s broader digital regulatory architecture.
Dr Gauci now raises a further, fundamental question - one that goes beyond MiCAR and directly challenges the coherence of the EU’s digital-finance oversight model:
“If ESMA becomes the sole licensing and supervisory authority for all CASPs under the new Market Infrastructure Package, how does the rest of the EU’s digital oversight system survive in its current form?”
Under the Digital Operational Resilience Act (DORA), national regulators are intended to be the first line of supervision. They understand the full institution:
• ICT risks
• business continuity
• incident patterns
• local operational realities
The TLPT framework also relies on this local proximity - the authority leading a threat-led penetration test must understand the national ecosystem.
Even ESMA’s role under DORA is limited: it steps in only for the oversight of critical third-party ICT providers, and even there, national authorities remain deeply involved.
But if all crypto firms fall entirely under ESMA for MiCAR purposes, the regulatory picture splits in two:
ESMA supervises the activity.
The national authority supervises ICT risk.
This creates a fragmented oversight landscape - two supervisors, different information, different priorities.
In a crisis, neither sees the full institution. The integrated, holistic view disappears.
“And TLPT becomes even harder to justify. Will ESMA run TLPT for crypto firms from a distance? Or will national authorities test institutions they no longer supervise? Both options are flawed, and neither fits the logic of DORA.”
Dr Gauci cautions that the implications of this proposal extend far beyond crypto markets:
“If this proposal goes through, the rest of the EU’s digital regulatory architecture will not stay untouched. It cannot. Once you centralise one pillar of financial oversight, the neighbouring pillars start to tilt with it.”
This raises a provocative but realistic question:
“Is ESMA also planning that once it owns MiCAR licensing, it will argue that DORA supervision should be harmonised ‘to ensure coherence’? And push for TLPT authority to be centralised as well?”
If so, the shift would not be confined to crypto - it would reshape the entire architecture of digital finance supervision across the European Union.
“This is why the proposal is not simply about crypto. It touches the entire architecture of digital finance. If the centre takes one piece, the rest of the structure cannot hold its shape.”
GTG will continue to monitor and analyse the evolution of the EU Market Infrastructure Package, its interaction with DORA and TLPT, and its wider implications for MiCA implementation and national supervisory authorities.