The Cyprus Securities and Exchange Commission (CySEC) on Friday issued a formal update to cryptoasset service providers (CASPs) and applicant CASPs regarding new regulatory guidance from the European Banking Authority (EBA).

The update concerns an opinion published by the EBA on June 10, 2025, addressing the regulatory treatment of electronic money tokens (EMTs) under both the MiCA Regulation and the existing PSD2 Directive.

The EBA issued its opinion in response to a request from the European Commission in December 2024.

The commission had asked the EBA to provide both short-term and long-term recommendations on how to address the dual nature of EMTs as crypto-assets under Regulation (EU) 2023/1114 (MiCA) and as electronic money under Directive (EU) 2015/2366 (PSD2).

In the long term, the EBA advised the European Commission, the council, and the European parliament to amend the MiCA Regulation to include payment-related obligations for EMTs.

These would cover consumer protection, security of payments, and capital requirements.

Alternatively, the EBA suggested incorporating rules for EMTs into the legislative process for the upcoming PSD3 and Payment Services Regulation (PSR), in a way that would not require CASPs to obtain a second authorisation.

The EBA opposed the option of excluding EMTs entirely from PSD3 and PSR, warning that such an approach could result in regulatory arbitrage and a reduction in consumer protection.

In the short term, while PSD2 remains in force, the EBA offered guidance to National Competent Authorities (NCAs) to ease the regulatory burden on CASPs.

Specifically, the EBA advised NCAs to consider the transfer of EMTs on behalf of clients and the custody and administration of EMTs as payment services under PSD2.

It also recommended that custodial wallets be regarded as payment accounts under PSD2.

In contrast, the EBA clarified that the exchange of crypto-assets for funds and the exchange of crypto-assets for other crypto-assets, as defined in the MiCA Regulation, should not be considered payment services under PSD2.

These services, the EBA explained, would therefore not require additional authorisation.

For those CASP activities that do require authorisation under PSD2, the EBA recommended that NCAs allow a transitional period until March 1, 2026.

During this time, CASPs can either apply for PSD2 authorisation or form a partnership with an existing payment service provider (PSP).

Furthermore, for entities that obtain authorisation, already hold a PSP licence, or have established such a partnership, the EBA advised NCAs to de-prioritise enforcement of certain PSD2 rules.

These include safeguarding requirements, disclosure of information related to applicable charges, the maximum execution time of payment transactions, and the obligation to use a unique identifier.

However, the EBA insisted that some PSD2 provisions must continue to be enforced.

These include the application of strong customer authentication for access to custodial wallets and the initiation of EMT transfers, fraud reporting obligations, and the cumulative calculation of own funds.

CySEC has encouraged all interested parties to consult the full EBA opinion to review the legal basis and the specific advice provided on each key area of interplay between the MiCA Regulation and PSD2.

Finally, it should be noted that the statement was signed by George Theocharides, chairman of the Cyprus Securities and Exchange Commission.