February 8, 2024

ESMA Seeks to Curb Non-EU Crypto Firms' EU Presence

ESMA Seeks to Curb Non-EU Crypto Firms' EU Presence
  • ESMA's latest guidelines clarify that non-EU crypto firms can only serve EU residents when they request it first. 
  • It prohibits crypto firms from providing any additional services unrelated to the initial request from their EU clients.
  • The draft guidelines seek to thwart any attempts by third-country firms to bypass the rules while also encouraging stakeholders to provide feedback to improve ESMA's approach.

Recently, the European Securities and Markets Authority published a consultation paper discussing the draft guidelines on reverse solicitation under MiCA. Here, reverse solicitation refers to a situation where third-country firms solicit clients in the European Union, directly or indirectly.

The ESMA's main purpose with these guidelines is to specify when third-country firms can offer crypto services to EU clients and to prevent firms from circumventing the reverse solicitation rule.

The agency also aims for these guidelines to be consistent, efficient, and effective when rolled out for implementation. For that, ESMA has urged all stakeholders, including crypto-asset service providers (including from third countries) and financial entities dealing with crypto-assets, to respond to this consultation paper.

Responses should address the questions asked, provide explanations, and suggest alternative options for the ESMA to consider.

When are Non-EU Crypto Firms Allowed to Offer Services to EU Residents?

The latest ESMA guidelines say that non-EU crypto firms can provide their services to EU residents only when they request it. However, after the initial contact, the firm can't offer more cryptocurrencies or related services unless they are related to what the client asked for in the first place.

Instructions for Relevant National Regulators

To ensure an interaction is genuinely initiated by the EU-based client, the guideline suggests regulators look at how and when the client approached the firm. Was it truly on their own, without any nudges from ads or emails? 

The draft guidelines also provide instructions to national agencies on how to decide if a third-country firm is marketing a new kind of crypto asset or service. They suggest that national authorities look at two things:

  • The type of crypto asset or service being offered.
  • The risks involved with the new crypto asset or service.

It also notes that MiCA only mentions three crypto asset types (asset-referenced tokens, electronic money tokens, and tokens that don't fall into these categories), and such broad categories might enable third-country firms to circumvent the rules. So, ESMA urges relevant national authorities through these guidelines to:

  • Monitor the marketing efforts that third-country firms deploy in targeting EU-based clients.
  • Conduct relevant consumer surveys.
  • Keep a tab on clients’ complaints and whistleblowing. 
  • Cooperate with authorities, including law enforcement, as and when required.

Concluding Thoughts

Overall, the draft guidelines offer insights and guidance on when third-country firms can approach clients in the EU and provide strategies for detecting any attempts to bypass these rules. And since it's a consultation paper, stakeholders are invited to share their feedback on ESMA's approach, identifying any potential gaps or effectiveness concerns. Responses are accepted until April 29, 2024.


Shyft Network powers trust on the blockchain and economies of trust. It is a public protocol designed to drive data discoverability and compliance into blockchain while preserving privacy and sovereignty. SHFT is its native token and fuel of the network.

Shyft Network facilitates the transfer of verifiable data between centralized and decentralized ecosystems. It sets the highest crypto compliance standard and provides the only frictionless Crypto Travel Rule compliance solution while protecting user data.

Visit our website to read more, and follow us on X (Formerly Twitter), GitHub, LinkedIn, Telegram, Medium, and YouTube. Sign up for our newsletter to keep up-to-date on all things privacy and compliance.