France’s financial regulator, the Autorité des marchés financiers (AMF), has warned that it may crack down on crypto firms licensed in other EU countries. This would be a breach of the EU’s “passporting” regulations under the bloc’s new Markets in Crypto-Assets (MiCA) regulation, but France has stated that the risks of not doing so could be bigger.
The AMF is now calling for a review of the current regulations, stating that the first months have shown that there are many differences in how national regulators supervise Crypto Asset Service Providers (CASPs). It then warns that if the rules aren’t revised, the situation could cause national authorities to take precautionary measures to protect their investors.
France is not alone in this. The AMF is joined by the Austrian Finanzmarktaufsichtsbehörde (FMA) and the Italian Commissione Nazionale per le Società e la Borsa (CONSOB) in pushing for a review of the new MiCA regulations.
EU’s “Passporting” MiCA policy
When the EU unveiled its long-awaited Markets in Crypto-Assets (MiCA) framework in June 2024, the goal was to unify crypto regulations in the region. The framework would serve as a single rulebook, ensuring proper regulation across the bloc and protecting European investors.
One of MiCA’s key features is “passporting”. Once a company is licensed in one EU country, it can use that authorisation to operate legally in all 27 member states.This would make it easy for firms to enter the EU market, reduce costs, and offer consistency for both investors and companies alike.
European nations welcomed the approach, as it mirrors the EU’s long-standing rules on traditional finance, and crypto firms largely appreciated the fact that they only need a single licence.
France’s regulatory concerns
However, the rollout has exposed some deep inconsistencies, particularly what the AMF refers to as “regulatory shopping”. It alleges that crypto firms are analysing national regulatory measures to find a weak link that allows them to get an EU licence with fewer requirements than others.
This, in turn, means that a crypto platform with minimal KYC processes or a history of suspicious activities could obtain a licence that allows it to operate in countries with stricter requirements, such as France or Germany.
This is in line with the trend among major firms that have acquired MiCA licences so far. Coinbase (Luxembourg), Gemini (Malta), Bitstamp (Luxembourg), Kraken (Ireland), and Bitvavo (the Netherlands) have all avoided the tough restrictions in countries like France.
On top of that, the statement by France, Italy, and Austria comes just a month after ESMA criticised Malta’s crypto authorisation in its July peer review report. ESMA raised concerns about the overall authorisation process, stating that it wasn’t thorough enough and was conducted in too short a timeframe for the MFSA to properly assess compliance with the MiCA framework.
It also stated that there were some important issues that were yet to be resolved before a particular, unnamed licence was issued, mostly relating to governance, business growth, ICT architecture, and anti-money laundering (AML) controls. It then recommended certain risk areas that needed to be adequately evaluated before a licence is granted.
In response to the publication, the MFSA acknowledged there’s room for improvement, but it was also keen to point out its 7-year experience in crypto regulation and the fact that its framework was already similar to MiCA’s. It notes that it’s this experience that has put the country ahead of the rest, having already issued 5 licences since January.
A shift to ESMA supervision
The AMF, along with its Italian and Austrian counterparts, has gone further to propose several measures that could have a significant impact on the current MiCA regulations.
The main one is a call for the transfer of supervisory responsibilities from national regulators to ESMA. The three argue that this is the only way the entire region can ensure uniform application of rules and level the playing field. It would eliminate opportunistic choices between countries and possibly lead to reduced supervision costs.
ESMA itself has signalled a need for a more unified approach to prevent regulatory arbitrage, which is when firms take advantage of differences in regulations between jurisdictions. This was in a January 2025 supervisory briefing, where it provided concrete guidance on how National Competent Authorities (NCAs) and prospective Crypto-Asset Service Providers (CASPs) should handle the authorisation process.
However, the statement by France and its allies calls for a complete move from National Competent Authorities (NCAs) to ESMA itself.
Calls for stronger AML & cybersecurity safeguards in MiCA
Besides licensing practices, France, Italy, and Austria are also pushing for broader strengthening of the MiCA framework, mostly related to AML safeguards.
The first of these is a proposal for stronger oversight of crypto platforms that are not licensed in the EU but target EU customers through licensed intermediaries. The three are calling for a policy that ensures all intermediaries in the EU only provide services to platforms that comply with MiCA or equivalent regulations.
There’s also a call to heighten cybersecurity requirements in MiCA. In the statement, they propose an independent cybersecurity audit for market participants before the granting of a MiCA authorisation or licence renewal. The audit would cover critical areas like asset protection, resilience to cyberattacks and incident management. In the justification, they state that, “This measure would ensure greater security for crypto-asset markets and boost investor confidence.”
The last proposal is for tighter control on token issuance, as these can be used to convert illegal funds into tokens and then pass them to the mainstream financial system through crypto exchanges. It aims to add legal certainty to the analysis of whitepapers by creating a single access point for the filing and management of token offerings.
The industry impact
For crypto firms, this regulatory standoff comes at a time when many are still trying to adjust to MiCA’s baseline requirements. Those that have already gained their MiCA passports, such as Gemini, Kraken, Bitvavo, and Coinbase, expected a smooth path into the entire market, but they now face more uncertainty.
France’s proposals will be tricky to implement, given that MiCA’s framework is already in effect, but their statement also hints at banning crypto firms without national licences.
Critics have argued that this is simply a foul cry after crypto firms have shown a preference for smaller jurisdictions, citing that countries like Malta have actually been used as a benchmark by France when draughting their national regulations.
If France, Italy, and Austria go ahead with their threat, it will mark the first crack in the EU’s vision for unified crypto regulation.
