The UK regime for cryptoassets: draft rules and legislation

What will the new regime look like?

The UK is taking a different approach to the EU, expanding the scope of its existing framework to include cryptoassets rather than creating a standalone regime. Under the draft legislation, new regulated activities will be created that are similar to existing ones for traditional assets but that relate instead to qualifying cryptoassets – including, for example, operating a cryptoasset trading platform and stablecoin issuance. 

Cryptoasset firms with UK customers will also be required to meet clear standards on transparency, consumer protection, and operational resilience in the same way as firms in traditional finance. This is broadly in line with HMT’s 2023 consultation feedback, which was updated in November 2024, although there are some important changes and clarifications (many of which reflect industry feedback).

There will also be market abuse and admissions and disclosures regimes for cryptoassets, details of which will be published “in due course” following the FCA’s publication of a discussion paper on the proposed regime in December 2024.

Which cryptoassets are in scope?

The draft legislation amends the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO) to add definitions of “qualifying cryptoassets” and “qualifying stablecoin” – the principal classes of cryptoassets to which the regime will apply – and to classify those as specified investments under the Financial Services and Markets Act 2000 (FSMA). 

There is already a definition of “cryptoassets” in FSMA, which covers “any cryptographically secured digital representation of value or contractual rights that— (a) can be transferred, stored or traded electronically, and (b) that uses technology supporting the recording or storage of data (which may include distributed ledger technology).”  HMT has previously stated its intention to avoid regulating cryptoassets that are not used like investments, and the draft legislation seeks to achieve that through its definition of qualifying cryptoassets – a subcategory of “cryptoassets” which are fungible and transferable. They do not include “specified investment cryptoassets” or other instruments that could meet the definition of “cryptoasset” under FSMA, such as tokenised securities, e-money or tokenised deposits. Qualifying stablecoins are a sub-set of qualifying cryptoassets and are stablecoins that reference one or more fiat currencies and seek to hold those fiat currencies (or fiat currencies and other assets) as backing assets to maintain a stable value. It remains to be seen whether this will succeed in ensuring only cryptoassets that are used like investments fall in scope of regulation.

Which cryptoasset activities will be regulated?

The proposed amendments to the RAO create new specified activities for certain types of cryptoassets, meaning that persons carrying on those activities will need to be authorised by the FCA for those purposes. These new activities will be quite familiar to those already operating in the UK financial services space and include:

• Issuing qualifying stablecoin: Doing any of the three components of this activity – offering, undertaking to redeem, or maintaining the value of the qualifying stablecoin or arranging for another person to do so – from an establishment in the UK will bring firms within the regulatory perimeter for issuance.

• Safeguarding: This involves safeguarding qualifying cryptoassets or specified investment cryptoassets on behalf of another. “Safeguarding” means having control of the cryptoaset through any means that enable the “custodian” to bring about a transfer of the benefit of the cryptoasset to another person and “on behalf of another” means where the other person has beneficial title only, legal and beneficial title or a right for the return of the relevant cryptoasset. “Specified investment cryptoassets” are cryptoassets that are specified investments that are securities or contractually based investments. However, qualifying cryptoassets that are held on behalf of another temporarily and specifically for the purpose of settling trades are excluded.

• Operating a qualifying cryptoasset trading platform: The scope of this activity covers systems bringing together or facilitating the bringing together of multiple third party buying and selling interests in a way that results in contracts where qualifying cryptoassets are exchanged either with other qualifying cryptoassets or with money (including e-money).

• Dealing in qualifying cryptoassets as principal (which also captures cryptoasset lending and borrowing services) or as agent.

• Arranging deals in qualifying cryptoassets, which also captures operating a cryptoasset lending platform.

• Making arrangements for qualifying cryptoasset staking: This is the use of a qualifying cryptoasset in blockchain validation, which means the validation of transactions on a blockchain or network that uses distributed ledger technology or similar technology. The activity is intended to include liquid staking, although the issuance of liquid staking tokens is covered by the dealing activity so a person engaging in that activity will require the necessary separate or additional permission.

Compared to HMT’s previous proposals, these activities have been defined a little further in some cases with relevant exclusions, although there is likely to be some debate over the exact scope of several of these. 

Territorial scope

In terms of territorial scope, the draft legislation makes amendments to FSMA to set the geographic perimeter for the new regulated activities. It means that not only firms carrying on the activities from the UK but also, in some cases, those carrying on activities from elsewhere will require authorisation. 

Overseas firms that deal directly or indirectly with a UK consumer will need to be authorised in the UK in order to operate a qualifying cryptoasset trading platform, deal in qualifying cryptoassets as principal or agent, or arrange deals in qualifying cryptoassets, unless they are dealing with that consumer through a UK authorised intermediary with the necessary permissions. A consumer for these purposes is an individual who is acting for purposes outside those of any trade, business or profession carried on by the individual. 

Overseas firms that safeguard qualifying cryptoassets and relevant specified investment cryptoassets, or arrange qualifying cryptoasset staking, will need to be authorised in the UK if they are doing so directly or indirectly on behalf of a consumer in the UK (subject to a limited exception for safeguarding). However, firms issuing qualifying stablecoins will only need to be authorised if they do so from an establishment in the UK.

The overseas person exclusion has not been extended to these new activities so the elaboration on territorial scope is helpful and provides some flexibility for non-UK firms, but more so for those dealing with only institutional clients in the UK.

Other changes – financial promotions and MLRs

Changes to the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 will apply FSMA’s financial promotion regime to the new cryptoasset-related regulated activities, as well as removing the current (temporary) provisions that allow crypto firms registered with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) to communicate their own financial promotions. 

The draft legislation also makes amendments to the MLRs themselves to reflect the new regulatory perimeter. Authorised firms with the requisite new permissions will no longer need to register with the FCA for anti-money laundering purposes but they will need to notify the FCA that they intend (or have within the past 28 days begun) to act as a cryptoasset exchange provider or a custodian wallet provider, and they must also continue to comply with the requirements in the MLRs.

FCA proposals for the future regulatory regime

Whilst HMT has set out the draft legislative framework, there is still a lot of work to be done before this becomes a fully fleshed-out regime. The FCA’s publication of DP25/1 is a further step towards establishing that detail, as it opens a discussion on certain features of the future regime for cryptoassets. The discussion paper, open for comment until 13 June 2025, seeks views on how the FCA should regulate trading platforms, intermediaries, staking, lending and borrowing, and decentralised finance (DeFi), as well as the use of credit to purchase cryptoassets.

In particular, the FCA sets out its policy proposals on:

• Cryptoasset trading platforms (CATPs): The FCA’s proposed policy, which has been informed by the current rules and obligations applied to trading venues in traditional financial instruments, addresses key areas including: the location, incorporation and authorisation of CATPs; access to CATPs and provision of trading services; systems and controls and participation in trading arrangements; trading and execution on CATPs; pre- and post-trade considerations; and transparency and reporting requirements. For a summary of the key policy proposals, see paragraph 2.6 of DP25/1.
• Cryptoasset intermediaries: The FCA says it is considering rules to regulate the conduct of intermediaries in line with the principle of ‘same risk, same regulatory outcome’ wherever possible, considering the specific features of the crypto market as well as the differences between retail-facing and wholesale-only businesses. A summary of the key policy proposals is set out at paragraph 3.10 of DP25/1, and these relate to: order handling and execution; conflicts of interest during order execution (including functional separation between principal trading and client order execution); pre- and post-trade transparency (including whether pre-trade transparency is necessary and what post-trade transparency rules should entail); and opting up for client categorisation.
• Cryptoasset lending and borrowing: Chapter 4 of DP25/1 outlines two categories of business model that the FCA has identified in the current market: ‘cryptoasset lending’ and ‘cryptoasset borrowing’. Among other proposals (set out from paragraph 4.12 onwards), the FCA proposes to restrict firms from offering these products to retail consumers in their current structure, although it welcomes feedback on this position. It also invites discussion on whether risk mitigation proposals could effectively reduce the risk profile of these products to the point that they could be appropriate for retail consumers.  
• Restricting the use of credit to purchase cryptoassets: Due to concerns that consumers buying cryptoassets with credit may take on unsustainable debt, the FCA is exploring whether it would be appropriate to restrict firms from accepting credit as a means for consumers to buy cryptoassets, for example by restricting the use of credit cards to directly buy cryptoassets or using a credit line provided by an e-money firm to do so. Its initial expectation is that qualifying stablecoins issued by an FCA authorised stablecoin issuer would be exempt from those restrictions. 
• Staking: In chapter 6 of DP25/1, the FCA flags various risks arising from the staking process including technological risks, risks around consumer understanding, and safeguarding risks. It sets out proposals to address these (summarised at paragraph 6.8), which include requiring retail consumers’ explicit consent to various details before the firm stakes their cryptoassets, providing retail consumers with a key features document for staking products, implementing robust arrangements to ensure sufficient capital is held to absorb losses arising from staking, and maintaining separate wallets for consumers’ staked cryptoassets.
• DeFi: DeFi activities that are truly decentralised will not be covered by the regime (in line with HMT’s intention in the draft legislation), whereas DeFi that involves the proposed regulated activities, and where there is a clear controlling person(s) carrying on an activity, will be covered. The FCA proposes to apply the same set of requirements outlined in DP25/1 to those DeFi activities, to achieve the same regulatory outcomes for the same activity, and it also plans to introduce guidance to help firms understand their regulatory obligations. The FCA also notes that it plans to host a stakeholder forum on DeFi.

FCA proposals on issuing stablecoins, crypto custody and prudential requirements

The FCA has also set out its proposals for rules and guidance on stablecoin issuance and cryptoasset custody, in CP25/14, and a proposed prudential regime for cryptoasset firms in CP25/15, both published on 28 May 2025. 

Stablecoin issuance and cryptoasset custody

The FCA’s proposals in CP25/14 relate to the activities of issuing a qualifying stablecoin and safeguarding qualifying cryptoassets (including qualifying stablecoins). As HMT has previously confirmed that it does not intend to bring stablecoins into UK payments regulation at this time, the proposals do not include requirements for firms carrying out payments using qualifying stablecoins.

The proposed requirements for qualifying stablecoin issuers including backing qualifying stablecoins with secure, liquid assets in a statutory trust for qualifying stablecoin holders (held with a third-party custodian); offering redemption of qualifying stablecoins in exchange for money to all holders; and clearly disclosing their policy for redemption and the composition of backing assets to consumers.

Custodians of qualifying cryptoassets would be required to segregate client cryptoassets from their own; hold them on behalf of clients in a trust; keep accurate books and records of clients’ cryptoassets holdings; and have adequate controls and governance to protect clients’ cryptoassets holdings.

Proposed prudential regime

The prudential rules and guidance proposed in CP25/15 will apply to the issuing of qualifying stablecoins and the safeguarding of qualifying cryptoassets. Parts of the proposed prudential regime will be placed in the FCA’s proposed new integrated prudential sourcebook (COREPRU) while the sector specific requirements for firms doing regulated cryptoasset activities will be set out in a new sourcebook known as CRYPTOPRU, and these firms will be referred to as CRYPTOPRU firms.

Areas covered by the proposals include:

• The definition and composition of capital for own funds purposes – including the definition and ‘tiers’ of capital that are eligible as regulatory capital, prior permissions that are required from the FCA to count certain items as regulatory capital and to reduce regulatory capital, and the minimum proportions in which own funds must be held.
• Own funds requirements – including adding an own funds requirement, a permanent minimum capital requirement for issuers of qualifying stablecoin and for qualifying cryptoasset custodians, a cross-sector fixed overheads requirements, and a ‘K-factor’ requirement.
• Liquid assets requirements – the FCA sets out the proposed minimum liquidity requirements for CRYPTOPRU firms and the type of assets the firm can hold to meet them.
• Concentration risk – the FCA explains its proposals for monitoring requirements to address concentration risk, which will apply to all CRYPTOPRU firms.

Next steps / what to expect

HMT has sought technical comments on the draft legislation and now plans to publish its final legislation “at the earliest opportunity”. HMT has also confirmed that statutory provisions for the market abuse and the admissions and disclosures regimes will be published “in due course”.

In terms of establishing the detail of the FCA regulatory regime, the deadline for comments on DP25/1 is 13 June 2025 and the FCA is seeking feedback on its proposed approach to regulation and whether there is a need for greater, or less, regulatory intervention in the market. It has said it will then consider the feedback and decide on its next steps. Any proposals from DP25/1 that the FCA plans to adopt as part of its final rules will be consulted on first. 

The deadline for responses to CP25/14 and CP25/15 is 31 July 2025, and the FCA plans to consider responses to both CPs and to set out final rules and guidance in policy statement(s) ahead of implementation. As CP25/15 focuses only on certain aspects of the prudential regime for CRYPTOPRU firms, other areas will be covered in future consultations.

A further FCA consultation paper is planned for Q3 2025 on wider conduct and firm standards for RAO activities. According to the FCA’s crypto roadmap published in November 2024, looking further ahead we can also expect to see:

• A consultation paper on trading platforms, intermediation, lending and staking, as well as the remaining material for the prudential sourcebook (in Q4 2025 or Q1 2026).
• The publication of all policy statement and final rules in 2026, with a period allowed after that for firms to prepare before the application gateway opens and the regime goes live.

We do not therefore think it will be necessary or possible to apply for authorisation until some time in 2026 but firms will want to be preparing their plans and making sure they have all the information they need well in advance of that.