28/07/25
The evolving European crypto regulatory framework has reached a pivotal junction: Crypto-Asset Service Providers (CASPs) dealing with e-money tokens (EMTs) are now caught between the Markets in Crypto-Assets Regulation (MiCA) and the Second Payment Services Directive (PSD2). The European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) have clarified this dual regime, and the transitional clock is ticking toward 1 March 2026.
CASPs that issue, store, or transfer EMTs must now comply with two overlapping legal frameworks. EMTs qualify as both crypto-assets under MiCA and as e-money under PSD2. This classification means that service providers engaging with EMTs may be required to obtain a Payment Institution (PI) or Electronic Money Institution (EMI) licence. The EBA, in its 2025 Opinion, has issued guidance for national competent authorities (NCAs) to provide a transitional window for CASPs, during which full PSD2 compliance is not enforced. However, one aspect is non-negotiable: fraud liability. The obligation to implement Strong Customer Authentication (SCA) under PSD2 applies immediately.
📘 Regulatory Landscape: MiCA and PSD2 Interplay
The ESMA’s recent publication of Level 2 and Level 3 measures under MiCA (Regulation (EU) 2023/1114) outlines more than 100 articles aimed at supplementing and operationalising the framework. When it comes to EMTs, the interplay with PSD2 is now explicit. According to the EBA, if a CASP is involved in the execution of payment transactions involving EMTs on behalf of clients – including sending, receiving, or holding EMTs – the activity constitutes a regulated payment service under PSD2.
Conversely, mere exchange of EMTs for other crypto-assets or fiat currencies does not, on its own, amount to payment services. Nor does using EMTs directly for purchases. However, wallet services that enable users to send or receive EMTs to and from third parties do fall under the scope of PSD2. In response, the EBA advises NCAs not to enforce certain PSD2 obligations – such as safeguarding rules and access to account requirements – until the transitional period ends on 1 March 2026.
This dual framework raises a number of compliance questions. Should a CASP seek a full PI licence or enter a partnership with a licensed PSP? Is the MiCA-authorised CASP permitted to continue facilitating EMT transactions without PSD2 registration in the interim? The answer lies in careful legal characterisation of the services provided and the volume and nature of user transactions.
🔍 Analysis: Legal Risk and Strategic Positioning
CASPs now face both a regulatory burden and a strategic decision: restructure services, obtain new licensing, or partner with compliant institutions. While MiCA provides a harmonised regime for crypto-assets across the EU, it does not displace sectoral regulation such as PSD2. EMTs are considered a subtype of crypto-asset under MiCA, but under PSD2 they continue to be treated as electronic money – triggering all related obligations for payment service providers.
This duality is not merely academic. It imposes different capital requirements, safeguarding obligations, and conduct rules. For example, Article 60 of MiCA outlines the obligation of EMT issuers to ensure redemption at par value. Under PSD2, however, the rules governing user authentication, liability for unauthorised transactions, and access to accounts (open banking) come into play. CASPs that fail to implement Strong Customer Authentication may be held liable for unauthorised use – and this obligation applies now, not in 2026.
In addition, the reform of PSD2 into PSD3 and the new Payment Services Regulation (PSR) is likely to consolidate some of these rules. The EBA has recommended that instead of layering a full PSD2 licence onto MiCA-authorised CASPs, the upcoming reform should embed relevant PSD2 elements directly into MiCA. Until then, however, CASPs are well advised to adopt a conservative compliance posture.
📎 Case Application and Market Examples
A CASP offering custodial wallets enabling users to send EMTs to other users is likely providing payment services under PSD2. For instance, a MiCA-licensed exchange that also provides EMT wallets with peer-to-peer transfer functions will need to reassess whether it requires authorisation as a PI or EMI. Similarly, stablecoin issuers who allow redemption and fund transfers between users will be subject to PSD2 if the operations resemble classic e-money movements.
One prominent case concerns CASPs operating EMT settlement layers for decentralised finance applications. If the CASP is facilitating movement of EMTs on behalf of others, even in a semi-automated or algorithmic environment, PSD2 may apply. The EBA’s guidance does not offer exemptions for technological neutrality – the functional activity remains the key trigger.
In contrast, a CASP that solely offers exchange between EMTs and other crypto-assets (e.g., EMT-to-BTC or EMT-to-ETH) without handling user funds or facilitating peer transfers, may avoid PSD2 obligations. However, even such CASPs must ensure they are not indirectly enabling payment-type transactions without adequate safeguards.
Recent supervisory actions in some Member States indicate that NCAs are beginning to apply these principles pragmatically. CASPs are being asked to demonstrate the legal boundaries of their service offerings, contractual architecture with users, and their technological setups. Early legal audit and licensing strategy is therefore critical.
Conclusion: Strategic Licensing and Legal Clarity Are Essential
The European regulatory environment for CASPs dealing with EMTs has shifted from uncertainty to clarity – albeit a complex one. Dual regulation under MiCA and PSD2 is now the rule, not the exception. CASPs must audit their services, classify their activities, and decide whether to license, partner, or restructure before the transitional deadline of 1 March 2026.
Strong Customer Authentication obligations are already in force. NCAs will expect demonstrable compliance. As ESMA and the EBA continue to refine MiCA implementation and PSD2 reform, legal strategy will become central to operational survival.
NUR Legal is actively advising CASPs and stablecoin issuers on MiCA authorisation, PSD2 classification, and EMI/PI licensing options. If your firm operates in this space or seeks clarity on its obligations, contact us today.
#MiCA #PSD2 #CASPs #EMTs #CryptoRegulation #PaymentServices #SCA #Stablecoins #EBA #ESMA #CryptoCompliance #FintechLaw #FinancialLicensing #DigitalAssets
Kätrin Särap