From Experimental to Established: Breaking Down the UK’s New Cryptoasset Regime

Digital assets and blockchain technology have undergone a remarkable evolution. What began as a niche movement on the fringes of the internet has now captured the attention of governments and regulators the world over, all grappling with how this rapidly evolving industry should be governed. In 2020, it was estimated that at least 100 million people owned cryptocurrency globally. As of 2025, ownership had grown exponentially to a figure estimated to be in excess of 700 million users globally. This expansion has been driven in part by institutional adoption, stablecoin utility and the approvals of crypto-related exchange-traded funds.

With the Markets in Crypto-Assets (Regulation) (MiCA) entering into force on 29 June 2023 in the EU, and the US’s Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act being signed into law on 18 July 2025, the UK has been playing catch-up in its efforts to establish itself as a hub for cryptoasset innovation.

After several years of consultations, the UK financial services regulator, the Financial Conduct Authority (FCA), has put in place a comprehensive regime for the regulatory treatment of cryptoassets and related activities. These new rules take effect on 25 October 2027, and until then, existing rules will continue to apply to cryptoasset service providers operating or selling to customers in the UK.

The Current UK Cryptoasset Regime

The current regime is piecemeal. Cryptoassets that amount to tokenised securities, such as equity tokens, debt tokens or fund units, have long fallen within the UK’s Financial Services and Markets Act (FSMA) perimeter as specified investments and firms offering these services are required to apply for FCA authorisation under the FSMA. In contrast, cryptoassets structured as e-money like USDC (USD Coin – a stablecoin pegged to USD reserves) are not typically specified investments under FSMA. Additionally, exchange tokens like Bitcoin and Ethereum, and utility tokens that provide access to a product or service like Chainlink, have historically also fallen outside of the FSMA remit.

Anti-Money Laundering (AML) Framework UK

Although cryptoasset businesses offering services related to e-money, exchange tokens and utility tokens might not have required FCA authorisation, these firms have still been subject to the anti-money laundering restrictions under the Money Laundering Regulations (MLRs) and financial promotions restrictions.

The MLRs have applied to

  1. Cryptoasset exchange providers, being a firm or sole practitioner that, by way of conducting business in the UK, provides one or more of the following services: Exchanging, arranging, or making arrangements with a view to the exchange of cryptoassets for money or money for cryptoassets, or cryptoassets for other cryptoassets; and
  2. Custodian wallet providers are firms or sole practitioners who, by way of conducting business in the UK, provide services to safeguard and/or administer crypto on behalf of their customers, or private cryptographic keys (wallet addresses) on behalf of their customers to hold, store and transfer cryptoassets.

Firms within the scope of the MLRs have to register with the FCA.

Financial Promotions Framework for Cryptoassets in the UK

The other existing regulation is the Financial Promotion Order (FPO). It is a marketing and consumer protection framework that regulates how cryptoassets can be promoted to UK consumers, requiring that promotions are lawfully communicated and comply with FCA conduct rules. The regime captures promotions relating to “qualifying cryptoassets”, defined within the FPO as a cryptoasset which is fungible, transferable and not solely a record of value or contractual rights. In practice, most mainstream cryptoassets fall within this definition for marketing purposes.

There are three routes cryptoasset firms can take to lawfully communicate cryptoasset promotions:

  1. An FCA-authorised firm communicates the promotion;
  2. An FCA-authorised firm approves the promotion; or
  3. The promotion complies with an exemption in the FPO.

There are also various financial promotion rules outlined under PS23/6 that need to be followed, depending on the type of financial promotion and its content. These include risk warnings and summaries, 24-hour cooling-off periods, banning incentives to invest, and record-keeping requirements.

The Incoming UK Cryptoasset Regulation Regime  

The new Financial Services Markets Act 2000 (Cryptoassets) Regulations 2026 (the Cryptoassets Regulations) will come into force on 25 October 2027. At the foundation of the regime is the statutory definition of a “cryptoasset” in section 417 FSMA, which captures any cryptographically secured digital representation of value or contractual rights that can be transferred, stored or traded electronically using distributed ledger or similar technology. This deliberately broad definition is intended to encompass the full spectrum of digital assets, including exchange tokens, utility tokens, stablecoins and tokenised securities. The regime centres on the concept of a “qualifying cryptoasset” (fungible and transferable), which narrows the section 417 FSMA definition and serves as the primary gateway for determining the scope of regulatory activities.

The UK is not adopting a standalone, comprehensive cryptoasset rulebook akin to the EU’s MiCA framework. Instead, it extends the existing FSMA architecture by amending the Regulated Activities Order (RAO) to bring specified cryptoasset activities within the regulatory perimeter. Under this approach, a range of activities carried on in relation to “qualifying cryptoassets” will require FCA authorisation. These include:

  • issuance of stablecoins;
  • the safeguarding (custody) of cryptoassets;
  • the operation of cryptoasset trading platforms;
  • cryptoasset staking;
  • dealing in cryptoassets as principal or agent; and
  • arranging transactions in cryptoassets.

It is also important to recognise that the new regime does not operate in isolation. Existing frameworks continue to apply alongside it. Firms that fall outside the scope of FCA authorisation may nonetheless be required to obtain AML registration, depending on the nature of their activities. In addition, the financial promotions regime is expected to expand to reflect the newly specified cryptoasset activities, ensuring that marketing and consumer protection requirements evolve in parallel with the broader regulatory perimeter.

Territorial Scope of UK Crypto Regulation

The new regime will have a significant impact on existing cryptoasset businesses, including those that have customers in the UK, even where such businesses operate from outside the UK and have no physical presence or other direct nexus to the jurisdiction. Where businesses are involved in the sale or subscription of a cryptoasset to or by a consumer in the UK, safeguarding cryptoassets on behalf of a consumer in the UK or staking cryptoassets (the use of qualifying cryptoassets in blockchain validation which includes managing the staking lifecycle, pooling customer assets, and distributing rewards) on behalf of a consumer in the UK, they are deemed to be carrying on a regulated activity “in the UK” even though they are not physically present.

As a result, firms engaging in these activities will be required to obtain FCA authorisation notwithstanding their offshore status. In practice, this is likely to necessitate establishing an appropriate UK presence to comply with the authorisation and ongoing regulatory requirements under the regime.

FSMA Requirements for FCA Authorisation

Authorisation under the new regime will subject cryptoasset firms to the full breadth of the FCA’s supervisory framework, representing a material uplift in regulatory expectations. In practice, the most significant impacts are likely to arise in three areas.

First, custody and client asset protection will be a central focus, requiring firms to implement robust safeguarding, segregation and reconciliation arrangements akin to the FCA’s CASS regime.

Secondly, governance and accountability will be transformed through the application of the Senior Managers and Certification Regime, imposing clear individual responsibility on senior personnel and requiring formalised risk management and oversight structures.

Thirdly, prudential and operational resilience requirements will require firms to hold appropriate capital, manage liquidity, and demonstrate resilience to operational and cyber risks, particularly in relation to trading platforms and staking services.

Overlaying these core obligations, firms will also need to comply with ongoing conduct of business rules, financial crime controls, and reporting requirements, bringing them into alignment with traditional financial services firms. For many cryptoasset businesses, particularly those that have grown in relatively unregulated environments, this will necessitate substantial enhancements to internal controls, governance frameworks and compliance infrastructure.

How Should Crypto Firms Prepare for FCA Authorisation in the UK

As the UK moves into the implementation phase, cryptoasset firms should focus on identifying which of their activities fall within the scope of the new regulated and designated activities, and mapping how these interact with their broader business models. Firms will also need to consider the territorial reach of the regime, assess their readiness for authorisation, including governance, systems and controls, and review their financial promotions to ensure compliance with the expanded regulatory framework.

The FCA will open its Pre‑Application Support Service (PASS) from 1 July 2026, enabling firms to request pre‑application meetings to support their readiness ahead of submitting a formal application. This informal engagement provides an opportunity for firms to discuss their business models, governance arrangements, compliance preparedness and regulatory expectations with the FCA. While not mandatory, participation can be useful, particularly for firms that are new to the FSMA authorisation framework. Formal authorisation gateway opens on 30 September 2026 and closes on 28 February 2027, after which the FCA will assess applications ahead of the regime’s commencement on 25 October 2027. When the full regime comes into force on 25 October 2027, carrying on regulated cryptoasset activities without authorisation becomes a breach of the FSMA section 19 (general prohibition), and consequently a criminal offence.

Preparing an FCA authorisation application is a substantial undertaking, requiring significant time and resources for most firms. The review and determination process will also involve considerable time on the part of the FCA. Accordingly, in‑scope businesses are encouraged to commence preparations at the earliest opportunity.

To understand how the incoming UK cryptoasset regulations may apply to your business, or to get expert legal advice on FCA authorisation for cryptoasset firms, please contact us.

Shennind Awat-Ranai
Solicitor, Commercial and Regulatory
<script>
document.addEventListener('DOMContentLoaded', function () {
  const deptEl = document.getElementById('acf-author-department');
  const department = deptEl?.dataset?.department;

  if (typeof gtag === 'function' && department) {
    gtag('set', { author_department: department });
  }
});


  window.dataLayer = window.dataLayer || [];
  const dept = document.getElementById("author-department")?.textContent?.trim();
  if (dept) {
    window.dataLayer.push({
      event: "authorDataReady",
      author_department: dept
    });
  }

</script>
View profileContact Us

This reflects the law and market position at the date of publication and is written as a general guide. It does not contain definitive legal advice, which should be sought in relation to a specific matter.

Latest Legal Insights