ESMA guidelines on maintenance of systems and security access protocols under MiCAR

The European Securities and Markets Authority (ESMA) has published official translations of the guidelines on the maintenance of systems and security access protocols for offerors and persons seeking admission to trading of cryptoassets other than asset referenced tokens (ARTs) and e-money tokens (EMTs). The guidelines apply to competent authorities and to 'offerors' as defined in Article 3(1)(13) of the Markets in Crypto-Assets Regulation (MiCAR) and persons seeking admission to trading of cryptoassets other than ARTs or EMTs in relation to Article 14(1), point (d), of MiCAR.

The purpose of these guidelines is to specify the appropriate standards for offerors and persons seeking admission to trading who are not subject to the same operational resilience under MiCAR and the Digital Operational Resilience Regulation as their cryptoasset service provider and issuer counterparts. The guidelines include discussion of: (i) the general principle on proportionality; (ii) administrative arrangements and roles and responsibilities concerning systems and security access protocols; (iii) physical security access protocols; (iv) security access protocols for network and information systems; and (v) cryptographic key management.

The guidelines will apply from 27 April. National competent authorities must notify ESMA by 26 April whether they comply, do not comply but intend to comply or do not intend to comply with the guidelines. Offerors and persons seeking admission to trading are not required to report whether they comply with the guidelines.

Return to main website.