EU Crypto Regulators: Who Are the National Competent Authorities Under MiCA?

by Connor Hubbard, 31 May 2026, Cryptocurrency Education

13 Comments

For years, navigating cryptocurrency regulations in Europe felt like walking through a maze with shifting walls. But since December 30, 2024, the path has become significantly clearer thanks to the Markets in Crypto-Assets Regulation (MiCA is a comprehensive regulatory framework for crypto-assets in the European Union that establishes uniform rules for issuance and supervision). At the heart of this new system are the National Competent Authorities (NCAs), the specific financial regulators in each of the 27 EU member states responsible for licensing and supervising crypto firms.

If you are a crypto company looking to operate legally in the EU, or an investor trying to understand who watches over your assets, knowing which NCA handles what is critical. This guide breaks down exactly who these authorities are, how they function under MiCA, and why the entire landscape might shift toward centralization soon.

Who Are the National Competent Authorities?

Under MiCA, every EU country designates one primary regulator as its National Competent Authority. These aren't new agencies created from scratch; instead, existing financial watchdogs have taken on these additional responsibilities. This means the NCAs bring decades of experience in banking, securities, and insurance oversight to the world of digital assets.

The role of an NCA is straightforward but powerful. They are the first point of contact for any Cryptoasset Service Provider (CASP is a licensed entity authorized to provide services such as exchange, custody, or trading of crypto-assets within the EU) seeking authorization. Once a firm gets its license, the NCA monitors its compliance, conducts audits, and enforces penalties if rules are broken.

Here are the key NCAs in major EU jurisdictions:

Germany: The BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht) serves as Germany's NCA. Known for its rigorous approach to traditional finance, BaFin began issuing MiCA licenses in mid-January 2025, demonstrating a methodical but steady implementation process.
France: The AMF (Autorité des Marchés Financiers) oversees crypto activities. France has long been proactive in fintech regulation, and the AMF leverages sophisticated market surveillance tools to monitor crypto markets.
Spain: The CNMV (Comisión Nacional del Mercado de Valores) acts as the competent authority, focusing heavily on investor protection and market integrity.
Italy: CONSOB (Commissione Nazionale per le Società e la Borsa) handles supervision, ensuring that Italian crypto firms adhere to strict disclosure and governance standards.
Netherlands: The Dutch Authority for the Financial Markets (AFM) has been particularly active. The Netherlands issued some of the very first MiCA licenses on December 30, 2024, right when the regulation came into full force.
Malta: The Malta Financial Services Authority (MFSA) also issued initial licenses immediately upon MiCA's launch, reflecting the island nation's historical reputation as a crypto-friendly hub.

How the Licensing Process Works

Getting approved by an NCA isn't just about filling out a form. It’s a comprehensive vetting process designed to ensure stability and consumer safety. When you apply for a MiCA license is the official authorization required to operate as a Cryptoasset Service Provider in the European Union, you are essentially proving to your chosen NCA that your business is robust enough to handle real money and digital risks.

The application requires detailed documentation covering several areas:

Governance Structure: You must show who runs the company, their qualifications, and how decisions are made. The NCA wants to know there is clear accountability.
Risk Management Framework: Detailed plans for handling cyber threats, operational failures, and market volatility are mandatory.
Capital Adequacy: Firms must demonstrate they have enough capital to absorb losses without collapsing. This varies based on the type of tokens handled.
Consumer Protection Protocols: Clear procedures for handling client complaints, safeguarding assets, and providing transparent information to users.

Once licensed, the relationship doesn't end. NCAs require regular reporting, external audits, and immediate notification of any significant incidents, such as hacks or liquidity crises. For example, if a stablecoin issuer faces reserve issues, the NCA steps in quickly to assess the risk.

The Fragmentation Problem: Why One Size Doesn't Fit All

While having 27 different NCAs provides local expertise, it creates a patchwork of enforcement styles. Some authorities move fast; others take months to review applications. This fragmentation was evident in the first six months of MiCA implementation. According to data from the European Securities and Markets Authority (ESMA) public register, over 40 CASP licenses were issued initially. However, the Netherlands and Germany dominated these approvals.

This concentration raises concerns. If most licenses come from just two countries, does that mean other NCAs are too slow? Or do companies simply prefer those jurisdictions because of better legal infrastructure? Either way, it highlights the inefficiency of building specialized crypto regulatory teams in 27 separate nations. As Verena Ross, chair of ESMA, noted, duplicating resources across all member states is costly and slow.

Design sketch of crypto licensing pillars and audit components

Centralization Looms: The Shift Toward ESMA

Perhaps the biggest news for anyone dealing with EU crypto regulation isn't just who the current NCAs are, but who might replace them-or at least take over the heavy lifting. In late 2024, EU leaders signaled a major shift toward centralized supervision.

Verena Ross confirmed that the European Commission is preparing rules to transfer supervision of significant cross-border crypto entities directly to ESMA is the European Union's financial regulatory agency responsible for ensuring orderly and transparent financial markets. Maria Luís Albuquerque, the EU commissioner for financial services, explicitly stated that proposals are being considered to give ESMA direct supervisory powers over the largest players.

Why the change? Efficiency and consistency. Currently, a large crypto exchange operating in five countries might face slightly different interpretations of MiCA from five different NCAs. Centralizing supervision under ESMA would create a single rulebook applied uniformly. It would also reduce the burden on smaller national regulators who may lack the technical expertise to audit complex DeFi protocols or algorithmic stablecoins.

This doesn't mean NCAs will disappear overnight. Smaller, domestic-only firms will likely still report to their local NCA. But the "significant" entities-those with massive user bases or cross-border reach-could soon answer directly to Brussels.

Other Key Players in the Regulatory Ecosystem

While NCAs are the frontline supervisors, they don't work alone. The EU has built a multi-layered defense system involving several other bodies:

Key EU Regulatory Bodies in Crypto Oversight
Entity	Primary Role in Crypto Regulation	Focus Area
ESMA	Coordinates NCAs, develops technical standards, maintains blacklists	Market abuse prevention, general supervision coordination
EBA (European Banking Authority)	Oversees prudential standards for stablecoin issuers	Asset reserves, liquidity frameworks, governance of 'significant' tokens
ECB (European Central Bank)	Monitors systemic financial stability risks	Impact on monetary policy, payment system integrity
AMLA (Anti-Money Laundering Authority)	Direct supervision of AML/CFT compliance for large firms	Money laundering prevention, counter-terrorism financing

Notably, AMLA is the new EU body launching in 2026 to centralize anti-money laundering supervision represents another step toward centralization. Starting in 2026, AMLA will directly supervise the largest cross-border crypto firms for money laundering compliance, bypassing national authorities entirely for this specific function.

Sketch showing ESMA centralization over national regulators

Recent Developments: Market Abuse Rules

In April 2025, the European Commission adopted new Delegated Regulations strengthening how NCAs detect market abuse. These rules require firms professionally arranging transactions (PPAETs) to implement robust systems for detecting suspicious trading patterns, such as wash trading or spoofing.

This gives NCAs sharper teeth. Previously, definitions of market manipulation in crypto were vague. Now, NCAs can enforce specific technical standards derived from ESMA’s consultation process, which included feedback from nearly 30 industry stakeholders. If your platform allows high-frequency trading, expect your NCA to scrutinize your monitoring algorithms closely.

Strategic Advice for Crypto Companies

So, what should you do if you're planning to enter the EU market? First, choose your NCA wisely. While the passporting rights under MiCA allow you to operate across the EU once licensed, your home NCA remains your primary supervisor. Factors to consider include:

Processing Speed: Look at recent approval timelines. The Netherlands and Germany have shown faster turnaround times compared to some southern European jurisdictions.
Regulatory Philosophy: Some NCAs are more open to innovation, while others prioritize caution. Read their published guidance documents.
Cost Structure: Supervisory fees vary by member state. Factor this into your budget.

Second, prepare for centralization. Even if you get a license today, be ready for potential shifts in supervisory focus. Building a compliance culture that meets the highest ESMA standards now will future-proof your business against stricter centralized oversight later.

Frequently Asked Questions

What exactly is a National Competent Authority (NCA)?

An NCA is the designated financial regulator in each EU member state responsible for licensing and supervising Cryptoasset Service Providers (CASPs) under the MiCA regulation. Examples include BaFin in Germany and AMF in France.

When did MiCA fully come into effect?

MiCA entered full effect on December 30, 2024. From this date onwards, CASPs could apply for licenses and begin operations under the unified EU framework.

Will ESMA replace the National Competent Authorities?

Not entirely, but ESMA is expected to take over direct supervision of the most significant cross-border crypto entities. Smaller, domestic firms will likely continue to be supervised by their local NCAs. This centralization aims to improve efficiency and consistency.

Which EU countries issued the first MiCA licenses?

The Netherlands and Malta were among the first to issue licenses on December 30, 2024. Germany followed shortly after in January 2025. These countries have emerged as early leaders in MiCA implementation.

What is the role of AMLA in crypto regulation?

The Anti-Money Laundering Authority (AMLA), launching in 2026, will directly supervise the largest cross-border crypto firms for compliance with anti-money laundering and counter-terrorism financing (AML/CFT) rules, adding a layer of centralized oversight beyond the NCAs.

Do I need a different license for each EU country?

No. MiCA introduces a "passporting" system. Once you obtain a license from your home member state's NCA, you can provide services across all other EU member states without needing separate licenses, provided you notify the relevant host authorities.

stalin brian 31 May

so basically the whole point of this is that we are just moving the goalposts again? i mean look at how germany and netherlands are rushing to issue licenses while everyone else is still figuring out what a blockchain even is. it feels like they are trying to corner the market on compliance before the rest of europe can catch up. but then you read about esma taking over and its like wait a minute why did we bother with all these national authorities in the first place if they are just going to be bypassed by brussels anyway. it seems like a massive waste of resources to set up all these local teams only to have them sidelined for the big players. maybe the small guys will stay under local supervision but who really cares about the small guys in crypto? its always about the whales and the exchanges. i guess we will see if the centralized approach actually works or if it just creates another bottleneck in brussels. either way its gonna be interesting to watch the chaos unfold.

kamal ifrani 31 May

absolute disaster waiting to happen. these regulators have no idea what they are talking about. they think they can regulate innovation with paperwork and committees. it is pathetic. the entire system is rigged against actual progress. they want to stifle growth and protect their own failing institutions. shame on them for trying to control something that was designed to be free from such bureaucratic nonsense. truly disgusting behavior by people who should know better. they are killing the spirit of decentralization with their red tape and fear mongering. do not trust any of these so called competent authorities. they are incompetent at best and malicious at worst. stay away from anything regulated by these clowns.

saradee dee 31 May

oh my gosh this is such a huge deal! i was so confused before reading this but now it makes so much sense. thank you for explaining it so clearly. it is amazing how complicated things can get when governments try to step in. i hope everything goes well for the companies trying to navigate this. it must be so stressful for them. but hey at least there is some structure now right? fingers crossed that it helps everyone feel safer. i am just happy to understand a little bit more about how it all works. lets hope for the best!

Craig Swanson 31 May

listen up because i am only going to say this once. you need to pay attention to which nca you choose because it matters more than you think. if you pick a slow one you are dead in the water. germany and netherlands are winning right now because they actually moved fast. do not be an idiot and pick a jurisdiction that takes six months to review your application while your competitors are already live. you have to be smart about this. build your compliance framework now or get crushed later. stop complaining and start working. the market does not care about your feelings it cares about speed and efficiency. adapt or die.

Bill Gunn 31 May

hey folks 👋 just wanted to drop some thoughts here. this miCA stuff is pretty wild when you break it down 🤯. having a single passporting license is a game changer for sure. no more jumping through hoops in every single country. imagine being able to operate across the whole eu with just one approval. that is huge for scalability 🚀. but yeah the centralization trend towards esma is definitely something to keep an eye on. it might make things smoother but also adds a layer of bureaucracy that we did not really need 😬. still better than the wild west though. lets see how it plays out! ✨

Dana Rapoport 31 May

it is interesting to consider the philosophical implications of centralizing financial oversight. does uniformity breed stability or does it stifle the organic evolution of markets? perhaps there is a middle ground where local nuance is respected but systemic risks are managed centrally. silence often speaks louder than words in these debates. let us observe.

Hadleigh Edwards 31 May

i think what we are seeing here is a natural progression of regulatory frameworks adapting to new technologies, and while it may seem cumbersome at first glance, the long-term benefits of having a standardized approach across the european union cannot be overstated, especially when considering the potential for cross-border fraud and money laundering, which has been a persistent issue in the unregulated crypto space, and by establishing clear lines of authority and accountability, we are laying the groundwork for a more robust and trustworthy financial ecosystem that can eventually compete with traditional banking systems on a global scale, provided that the implementation is handled with care and precision by all parties involved.

mark valmart 31 May

man this is a lot to take in. i just want to know if my coins are safe. sounds like they are trying to make it safer though. good luck to everyone dealing with this.

Christina Pearce 31 May

i appreciate the detailed breakdown of the different authorities. it is helpful to see exactly who is responsible for what. i wonder if the smaller countries will struggle to keep up with the technical expertise required. it seems like a heavy burden for some of the smaller ncas. hopefully the collaboration with esma will help level the playing field. thanks for sharing this info.

Joshua Alcover 31 May

the epistemological framework underlying the current regulatory paradigm suggests a fundamental misalignment between the decentralized ethos of cryptographic assets and the hierarchical imposition of state-centric supervisory mechanisms. furthermore, the purported efficiency gains derived from centralizing oversight within esma are predicated on a flawed assumption that bureaucratic consolidation inherently correlates with operational efficacy, thereby ignoring the inherent complexities and nuances of distributed ledger technology. consequently, this regulatory overreach constitutes a significant impediment to technological sovereignty and market autonomy.

Diana Morris 31 May

wake up people. this is control. pure and simple. they want to track every transaction. every move. do not let them win. fight back. use privacy coins. stay off grid. they are watching. always watching. resist.

Dianne Wright 31 May

i knew all this already obviously. you guys are behind. the shift to esma was inevitable. anyone with half a brain could see it coming. the national authorities were always too weak and fragmented. it is sad that some of you are surprised. educate yourselves next time instead of relying on basic summaries. typical.

trisya hazriyana 31 May

lol yeah sure. another layer of bureaucracy. great. just what we needed. more jargon. more acronyms. who is going to explain this to the average joe? nobody. because it is designed to confuse. typical regulatory speak. boring and useless. move along citizens.