For years, if you were running a crypto business in the UK or just holding digital assets, the rules felt like a shifting maze. One day you were told to register with the Financial Conduct Authority (FCA) for anti-money laundering checks; the next, you weren’t sure if your activity was even legal. That uncertainty ends now. As of mid-2026, HM Treasury has laid out a clear, hard-line path for how cryptocurrency is regulated in the United Kingdom.
This isn't just another press release. It’s a fundamental rewrite of the financial landscape. The core of this change is the Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025, often called the "Cryptoassets Order". This legislation brings specific crypto activities inside the UK's strict financial regulatory perimeter. If you are a firm, this means you need authorization. If you are an investor, it means your money is protected by standards similar to those for traditional banks. But there are catches, especially regarding decentralized finance and stablecoins.
The Core Framework: Bringing Crypto into the Fold
To understand where we stand today, we have to look at what changed in April 2025. HM Treasury published the draft Cryptoassets Order, which amended the long-standing Financial Services and Markets Act 2000 (Regulated Activities) Order 2001, known as RAO. Before this, cryptoassets were largely outside the definition of "specified investments." Now, they are not.
The government didn't create a brand-new, separate system for crypto. Instead, they extended existing rules. This is a crucial distinction. It means that if you already run a bank or an investment firm, you know the playbook. For crypto-native companies, however, this is a steep learning curve. The goal is parity. A crypto exchange must now meet the same standards for transparency, consumer protection, and operational resilience as a stockbroker.
The framework focuses on two main types of digital assets:
- Qualifying Cryptoassets: These are cryptocurrencies that can be used to acquire goods or services or as a unit of account. Think Bitcoin or Ethereum.
- Qualifying Stablecoins: These are tokens pegged to a reference asset, like the British Pound or US Dollar, designed to maintain a stable value.
If your business touches these assets in specific ways, you are now playing by the FCA's rules.
Five Activities That Require Authorization
You don't need to get authorized just for holding Bitcoin in your personal wallet. The regulations target professional activities. HM Treasury identified five distinct regulated activities. If you do any of these for clients in the UK, you need FCA approval.
- Operating a Cryptoasset Trading Exchange: Running a platform where people buy and sell qualifying cryptoassets.
- Stablecoin Issuance: Creating and issuing qualifying stablecoins. Note that this applies strictly to UK issuers.
- Dealing in Qualifying Cryptoassets: Buying or selling these assets as principal (for your own account) or as agent (for clients).
- Custody Arrangements: Holding cryptoassets on behalf of others. This is huge for exchanges and custodial services.
- Arranging Transactions: Acting as an intermediary to bring buyers and sellers together.
Law firms like Reed Smith and Hogan Lovells have pointed out that market participants must carefully map their operations against these definitions. Many firms thought they were exempt because they only did one part of the chain, but the new definitions are broad. For example, if you provide a wallet service that holds keys for users, you might fall under custody arrangements.
The Territorial Twist: Who Does This Apply To?
Here is where it gets tricky for international players. The regime uses a territorial scope distinction. For most cryptoactivities-like trading or custody-the rules apply to non-UK firms if they are conducting business with UK customers. So, if you are a US-based exchange serving British residents, you still need to comply.
However, stablecoin issuance is different. The regulation specifically targets UK issuers. If a company based in Switzerland issues a stablecoin, they are not subject to the UK’s issuance rules. But, if that stablecoin is traded or held in custody within the UK, those downstream activities are regulated. This creates a competitive advantage for UK-based stablecoin projects while still protecting consumers from foreign risks through other channels.
Decentralized Finance (DeFi): The Big Exception
One of the most debated aspects of the policy is its stance on DeFi. HM Treasury explicitly excludes truly decentralized finance models from authorization requirements. Why? Because you cannot regulate a protocol that has no central controlling party. There is no CEO to fine, no board to sue, and no headquarters to raid.
The FCA is responsible for assessing whether a "sufficiently controlling party" exists. If a project claims to be decentralized but has a foundation or a developer group that effectively controls upgrades and funds, the FCA may decide it is centralized enough to require regulation. This is a case-by-case judgment call. For now, pure algorithmic protocols without human controllers sit outside the perimeter. This signals that the UK wants to encourage innovation in DeFi while cracking down on entities that hide behind decentralization to avoid oversight.
Comparison: UK vs. EU MiCA
Many people ask how this compares to the European Union’s Markets in Crypto-Assets Regulation (MiCA). The approaches are cousins, not twins. Both aim to bring clarity and consumer protection. However, the UK’s method is more integrated into its existing financial law structure. MiCA created a standalone horizontal framework. The UK amended the RAO, weaving crypto into the fabric of traditional finance regulation.
| Feature | UK (Cryptoassets Order 2025) | EU (MiCA) |
|---|---|---|
| Legal Basis | Amendment to FSMA 2000 / RAO 2001 | Standalone Regulation |
| Stablecoin Scope | Focuses on UK issuers | Covers all issuers operating in EU |
| DeFi Approach | Excludes truly decentralized protocols | Complex jurisdictional tests |
| Market Abuse Rules | To be published "in due course" | Included in MiCA text |
This difference matters for firms choosing where to base their operations. The UK’s approach might feel more familiar to traditional bankers, while MiCA offers a single passport for the entire EU market. However, the UK’s exclusion of true DeFi could make London a safer haven for experimental blockchain projects that don’t want to deal with heavy-handed compliance immediately.
Anti-Money Laundering Updates
Regulation isn't just about market conduct; it's also about crime prevention. In September 2025, HM Treasury published draft amendments to the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. These updates specifically address cryptoasset firms.
The key changes include stricter customer due diligence (KYC) requirements, rules for pooled client accounts, and trust registration. The goal is a risk-based approach. Not every small transaction needs the same level of scrutiny as a large institutional transfer, but the baseline for identity verification is higher than before. Stakeholders had until late September 2025 to provide feedback, ensuring that the final rules are practical for businesses to implement.
What Comes Next for Market Participants?
If you are in the industry, you can't wait for the perfect rulebook. The FCA published a discussion paper in May 2025 seeking input on its specific regulatory approach. This indicates that detailed guidance is coming soon. Firms currently operating should start preparing their applications for authorization now. The process will mirror traditional financial services: you’ll need to prove you have robust IT systems, adequate capital, and strong governance.
Traditional financial institutions likely find this transition easier. They already have compliance departments and legal teams. Crypto-native startups face a heavier burden. They need to build regulatory infrastructure from scratch. Skadden noted that this is a significant step, but the implementation complexity varies wildly depending on your starting point.
Looking ahead, the government has confirmed that market abuse regimes and admissions/disclosures frameworks will follow "in due course." This suggests that throughout 2026, we will see more layers added to the framework. The FCA will also publish detailed rulebooks. Until then, firms should operate under the assumption that the current draft order represents the near-final state of play.
Do I need FCA authorization to hold Bitcoin personally?
No. The regulations target professional activities such as trading, custody, and issuance. Personal holding of cryptoassets does not require authorization. However, if you use a service provider to hold your assets, that provider must be authorized.
How does the UK regulate Decentralized Finance (DeFi)?
Truly decentralized protocols with no controlling party are excluded from authorization requirements. However, if a DeFi project has a foundation or developers that exert control, the FCA may classify it as centralized and require regulation. This is assessed on a case-by-case basis.
Are foreign crypto exchanges allowed to serve UK customers?
Are foreign crypto exchanges allowed to serve UK customers?
Yes, but they must comply with UK regulations. If a non-UK firm conducts regulated activities (like trading or custody) with UK customers, they are subject to the same rules as domestic firms. They may need to establish a local presence or obtain specific permissions.
What is the difference between the UK approach and EU MiCA?
The UK integrates crypto rules into existing financial laws (FSMA), while the EU created a standalone regulation (MiCA). The UK focuses stablecoin rules on domestic issuers, whereas MiCA covers all issuers in the EU. The UK also explicitly excludes truly decentralized protocols, offering a clearer path for some DeFi projects.
When will market abuse rules for crypto take effect?
The government has stated that market abuse and admissions/disclosures regimes will be published "in due course." While the core activities order is near-final, these additional layers are expected to roll out throughout 2026, following further consultation and drafting.
I'm a blockchain analyst and crypto educator who builds research-backed content for traders and newcomers. I publish deep dives on emerging coins, dissect exchange mechanics, and curate legitimate airdrop opportunities. Previously I led token economics at a fintech startup and now consult for Web3 projects. I turn complex on-chain data into clear, actionable insights.