The Cyprus Securities and Exchange Commission (CySEC) has formally updated cryptoasset service providers (CASPs) and prospective applicants regarding new guidelines from the European Banking Authority (EBA). The update follows the EBA’s June 10, 2025 opinion, which addresses the regulatory treatment of electronic money tokens (EMTs) under both the Markets in Crypto-Assets (MiCA) Regulation and the existing Payment Services Directive (PSD2).
Background And Context
Triggered by the European Commission’s December 2024 request, the EBA provided both short- and long-term recommendations to manage the inherent dual nature of EMTs as regulated under MiCA (Regulation (EU) 2023/1114) and as electronic money under Directive (EU) 2015/2366 (PSD2). The authority’s opinion forms part of a strategic effort to enhance consumer protection and ensure the stability of digital payment systems across the European Union.
Follow THE FUTURE on LinkedIn, Facebook, Instagram, X and Telegram
Eba’s Long-Term Recommendations
In its long-term strategy, the EBA advised EU policymakers to amend the MiCA Regulation to incorporate payment-related obligations for EMTs. These amendments would enhance consumer protection, enforce robust security measures for payments, and introduce capital requirements. As an alternative, the EBA proposed integrating rules for EMTs into the forthcoming legislative processes for PSD3 and Payment Services Regulation (PSR), thereby alleviating the need for CASPs to secure a separate authorisation.
Short-Term Guidance Under The Existing Regulatory Framework
In the interim, as PSD2 remains active, the EBA issued practical guidance to National Competent Authorities (NCAs) to ease the regulatory load on CASPs. Key recommendations include:
- Considering the transfer, custody, and administration of EMTs as payment services under PSD2;
- Classifying custodial wallets as payment accounts;
- Excluding the exchange of crypto-assets for funds or other crypto-assets—as defined by MiCA—from being regarded as payment services, thus avoiding unnecessary secondary authorisation.
Furthermore, a transitional period until March 1, 2026, has been advised for those CASP activities that require PSD2 authorisation. During this phase, entities may either apply for authorisation or collaborate with an existing payment service provider (PSP). For authorised entities or those holding a PSP licence, NCAs are expected to temporarily de-prioritise enforcement of select PSD2 provisions, such as safeguarding requirements and disclosure obligations, while maintaining critical measures like strong customer authentication and fraud reporting.
Implications And Next Steps
CySEC has urged all relevant stakeholders to consult the full EBA opinion to fully understand the legal basis and detailed advice on navigating the complex interplay between MiCA and PSD2. The clarity provided in this guidance underscores the EU’s commitment to a balanced regulatory approach that mitigates risk without stifling innovation in the cryptoasset sector.
Signed by George Theocharides, chairman of the Cyprus Securities and Exchange Commission, this update marks a significant milestone in regulatory convergence for digital finance across Europe.
