Understanding the UK Regulatory Framework for Cryptoasset Businesses

The UK is in the final stages of designing and implementing a comprehensive regulatory framework for cryptoassets. Long viewed as sitting uncomfortably outside the traditional financial services perimeter, cryptoassets are now set to be brought within a bespoke regime under the oversight of the Financial Conduct Authority (FCA). This framework seeks to strike a balance among consumer protection, financial stability, and innovation, positioning the UK as an attractive and credible jurisdiction for cryptoasset businesses.

The new regime marks a decisive shift away from reliance on anti‑money-laundering supervision alone and reflects HM Treasury’s (HMT’s) view that cryptoassets warrant a distinct regulatory architecture reflecting their particular characteristics.

 

Why the UK Historically Avoided Regulating Cryptoassets

For much of their history, cryptoassets were unregulated in the UK because they fell outside the scope of the Financial Services and Markets Act 2000 (FSMA) and the Regulated Activities Order (RAO). They were not treated as “specified investments,” and activities relating to them did not generally constitute regulated activities.

Deliberate policy choices were also at play. Regulators were concerned about “moral hazard” and the risk of creating a misleading sense of legitimacy for highly volatile and speculative products by regulating them alongside traditional financial instruments such as listed equities or bonds.

That position began to shift as cryptoassets grew in scale and popularity, particularly among retail investors, and as they became increasingly associated with money laundering and other financial crime risks. As a result, certain cryptoasset activities were brought within the scope of the Money Laundering Regulations (MLRs), requiring firms to register with the FCA for anti‑money-laundering supervision. However, MLR registration was never intended to address wider conduct, prudential, governance, or consumer protection concerns.

 

The Case for a New Regulatory Regime

Developments in other jurisdictions intensified the pressure for a fuller regulatory response. The U.S. approach has often been characterized as fragmented and enforcement‑led, while the EU’s Markets in Crypto‑Assets Regulation (MiCA) has been seen by some as comprehensive but heavy‑handed.

Against this background, HMT concluded that the UK had an opportunity to design a regime that offered greater legal certainty, appropriate consumer protections, and market integrity, without stifling innovation. The result is a standalone cryptoasset regulatory regime, sitting alongside—but distinct from—the existing regime for designated investment business.

 

Legislative Framework

 

How the UK Cryptoasset Regime Is Being Implemented

The UK’s cryptoasset regulatory framework is being introduced through a staged legislative and regulatory process, reflecting the division of responsibilities among Parliament, HMT and the FCA.

 

Policy Development and Consultation

In 2019 the FCA issued its initial Guidance on cryptoasset business and where this sat within the UK regulatory perimeter. In February 2023 HMT published its Future financial services regulatory regime for cryptoassets: Consultation and call for evidence, which explained that cryptoassets had evolved into a complex and fast growing ecosystem, presenting both significant opportunities and material risks. In the consultation and call for evidence, HMT recognized that the underlying technology could deliver meaningful benefits for financial services, but only if adoption is supported by appropriate regulation and safeguards. HMT’s objective was to apply the principle of “same risk, same regulatory outcome,” providing regulatory certainty to support innovation and investment, protect consumers, and encourage responsible market participation. HMT followed up the consultation and call for evidence in October 2023 with the publication of its Response, confirming its proposal to bring some cryptoasset activities into the regulatory perimeter for financial services for the first time, creating a bespoke regulatory regime for cryptoassets rather than treating them as traditional specified investments.

 

Primary Legislation: Enabling Powers

Using the post-BREXIT legislative structure created by the Future Regulatory Framework—which restored and expanded the FSMA 2000 model of regulation under which Parliament sets the policy framework and objectives and the regulators, the Prudential Regulation Authority (PRA) and FCA, make the detailed technical rules—HMT gave legal force to the cryptoasset regulatory regime with the coming into effect of the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 (Cryptoasset Regulations). In this way, HMT avoided setting out detailed cryptoasset rules in primary legislation, instead bringing cryptoasset activities within the regulatory perimeter through secondary legislation. This will allow the regime to evolve more flexibly without necessarily requiring further parliamentary time to pass primary legislation,¹  an important feature of the UK financial services regulatory landscape that contrasts with the longer process of most financial services rulemaking in the EU. It is likely to be especially important when dealing with developments in the fast-moving cryptoassets market.

 

Secondary Legislation: Amending the RAO

HMT implemented the regime primarily through statutory instruments that amend the RAO. These instruments:

• Define “qualifying cryptoassets”
• Create the nine new cryptoasset‑specific regulated activities
• Determine which activities require FCA authorisation

 

FCA Rulemaking and Supervisory Framework

With the legislative framework in place, responsibility has largely shifted to the FCA to design and implement the detailed regulatory rules. These include:

• The regime for the authorisation of firms, and the variation of firms’ scope of permission, to allow them to carry on regulated cryptoasset activities
• The establishment of prudential, conduct, governance and systems and controls obligations similar to its regulation of traditional investment business, but differentiated where necessary to reflect the particular characteristics of cryptoassets and the market in which they operate
• The establishment of distinct regimes for the admission of cryptoassets to a trading platform, the prevention of market abuse and the custody of cryptoassets
• The supervisory arrangements for FCA-regulated firms when carrying on cryptoasset business

The FCA is deep into its consultation process in order to establish its regulatory regime with, currently,²  the following discussion papers, consultation papers and guidance:

• CP19/3: Guidance on Cryptoassets
• PS19/22: Guidance on Cryptoassets
• DP23/4: Regulating cryptoassets Phase 1: Stablecoins
• Discussion Paper DP24/4 Regulating cryptoassets: Admissions & Disclosures and Market Abuse Regime for Cryptoassets
• DP25/1: Regulating cryptoasset activities
• CP25/14: Stablecoin issuance and cryptoasset custody
• CP25/15: A prudential regime for cryptoasset firms
• CP25/16: Quarterly Consultation Paper³
• CP25/25: Application of FCA Handbook for Regulated Cryptoasset Activities
• CP25/40: Regulating Cryptoasset Activities
• CP25/41: Regulating Cryptoassets: Admissions & Disclosures and Market Abuse Regime for Cryptoassets
• CP25/42: A prudential regime for cryptoasset firms
• CP26/4: Application of FCA Handbook for regulated cryptoasset activities II
• GC26/2: Application of the Consumer Duty to cryptoasset firms
• CP26/13: Cryptoasset perimeter guidance

These are accompanied by a raft of FCA webpages and webinars and industry briefings.

 

Transitional Arrangements and Implementation

To avoid market disruption, the regime includes the following phased implementation:

• An Authorisation Gateway, during which existing cryptoasset firms must apply for FCA authorisation or variation of permission
• A Saving Provision, allowing firms with pending applications to continue operating until their application for authorisation or variation of permission is determined
• A Transitional Provision, enabling firms that fail or decline to become authorised to wind down their UK business in an orderly manner

Only once this process is complete does the regime move into a steady‑state supervisory model.

 

Ongoing Evolution

As with other areas of UK financial regulation, the cryptoasset regime is expected to evolve. Future changes will likely be made through further secondary legislation and FCA rule changes, allowing the framework to respond to market innovation, international developments and emerging risks.

 

A Distinct Set of Regulated Activities

At the heart of the new framework is the creation of nine new regulated activities, each applying specifically to “qualifying cryptoassets.” Cryptoassets will not simply be added to existing permissions; instead, they form a discrete regulatory category under FSMA.

The cryptoasset regulated activities are:

• Issuing qualifying stablecoins in the UK
• Safeguarding qualifying cryptoassets and certain specified investment cryptoassets
• Arranging for the safeguarding of qualifying cryptoassets
• Operating a qualifying cryptoasset trading platform
• Dealing in qualifying cryptoassets as principal
• Dealing in qualifying cryptoassets as agent
• Arranging (bringing about) deals in qualifying cryptoassets
• Making arrangements with a view to transactions in qualifying cryptoassets
• Qualifying cryptoasset staking

This structure reflects the regulator’s view that cryptoasset markets raise distinct risks and therefore warrant tailored regulatory treatment.

 

What Is a Qualifying Cryptoasset?

A qualifying cryptoasset is a cryptoasset that is fungible and transferable and that is not itself already classified as a specified investment. Certain assets are excluded, such as loyalty tokens and cryptoassets that merely record contractual rights in another cryptoasset.⁴

 

Who Will Need FCA Authorisation?

Any firm wishing to carry on one or more of the new cryptoasset regulated activities will need FCA authorisation under FSMA. This requirement applies not only to new market entrants but also to:

• Cryptoasset firms currently registered under the MLRs⁵
• Payment institutions and e‑money institutions offering crypto‑related services
• Firms already authorised under FSMA for other regulated activities
• Overseas firms dealing with UK consumers

MLR registration is not a shortcut. Firms registered only for anti-money-laundering supervision are not authorised under FSMA and will need to apply for full authorisation if they wish to continue operating after the new regime comes into force.

 

Key Dates and the FCA Authorisation Gateway

The regime commences on 25 October 2027⁶  (Commencement Date). The FCA’s Cryptoasset Authorisation Gateway will open on 30 September 2026 and firms will have until 28 February 2027, (this period is known as the Cryptoasset Application Window) to submit their application for authorisation, or for variation of permission where they are already authorised, by the Commencement Date so they may carry on cryptoasset Regulated Activities. The FCA expects to be able to authorise many, if not all, firms applying during the window at the Commencement Date. Firms that apply during the Cryptoasset Application Window but have not yet received a decision by the Commencement Date may continue operating under a statutory Saving Provision (see the following section).

Firms that do not apply during the Gateway, or whose applications are ultimately refused, will fall into a Transitional Provision regime, allowing only the orderly wind-down of existing UK business under strict constraints.

 

Notable Exclusions: Advising and Managing

Neither advising⁷  on qualifying cryptoassets nor managing investments in qualifying cryptoassets falls within the cryptoasset Regulated Activities. By deliberately choosing not to regulate advice or discretionary management relating to qualifying cryptoassets, the HMT aims to avoid certain moral-hazard concerns. The decision also places greater weight on disclosures, platform governance and promotional controls as mechanisms for protecting retail investors.

 

The Operation of the Saving Provision

 

The Saving Provision: Continuity During the Transition to Full Regulation

A central feature of the UK’s cryptoasset regulatory framework is the Saving Provision, which is designed to ensure continuity of legitimate cryptoasset business during the transition to the new regime and to avoid unnecessary market disruption at commencement.

 

Purpose of the Saving Provision

The Saving Provision operates as a form of temporary permission. Its purpose is to allow firms already carrying on cryptoasset business in the UK to continue operating lawfully after the regime comes into force while the FCA completes its assessment of their applications.

Without such a mechanism, firms could be forced to cease operations abruptly on the Commencement Date, even when they have engaged constructively with the regulator and submitted timely applications. The Saving Provision therefore balances regulatory certainty with operational stability.

 

Who Can Rely on the Saving Provision?

Only firms that have submitted a valid application during the Cryptoasset Application Window may rely on the Saving Provision. These include:

• Cryptoasset firms currently registered under the MLRs
• Payment institutions or e‑money institutions undertaking newly regulated cryptoasset activities
• Firms already authorised under FSMA that have applied for a variation of permission to include cryptoasset business

Firms that do not apply during the window—or that first seek to commence cryptoasset business after it closes—cannot rely on the Saving Provision.

 

How the Saving Provision Operates

The Saving Provision remains in effect until one of the following occurs:

• The FCA grants authorisation, at which point the firm transitions into full authorised status.
• The FCA grants the relevant variation of permission.
• The FCA refuses the application, in which case the firm exits the Saving Provision and becomes subject to the Transitional Provision.
• Where a refusal is appealed, the Upper Tribunal has issued its final determination upholding the FCA’s decision.

The Saving Provision therefore bridges the gap between the commencement of the regime and the completion of the FCA’s authorisation process.

 

Regulatory Obligations During the Saving Period

Crucially, firms operating under the Saving Provision are not lightly supervised. They are required to comply with the FCA’s rules as if they were authorised firms, including obligations relating to:

• Governance
• Systems and controls
• Financial crime prevention
• Consumer protection and financial promotions
• Prudential expectations and operational resilience

The Saving Provision does not permit firms to expand or materially change their activities simply because their application is pending. The FCA retains full supervisory and enforcement powers during this period.

 

Distinction from the Transitional Provision

The Saving Provision should be clearly distinguished from the Transitional Provision. The former applies to firms actively seeking authorisation and allows ongoing business continuity; the latter applies to firms exiting the market and is designed solely to facilitate an orderly wind‑down of existing UK business.

In policy terms, the Saving Provision reflects regulatory tolerance for firms that engage early and transparently with the new regime, while the Transitional Provision reflects a more restrictive posture toward firms that do not.

 

Practical Significance

Notwithstanding the FCA’s desire to determine all applications made during the Cryptoasset Application Window, many firms may need to rely on the Saving Provision, given the scale and complexity of cryptoasset authorisation applications and the volume of submissions the FCA is expected to receive during the Gateway period. For those firms, timely application submission will be critical. Failure to apply within the Cryptoasset Application Window will result in automatically moving into the Transitional Provision that represents a significant break on the firm’s cryptoasset activities.

 

The Operation of the Transitional Provision

 

The Transitional Provision: Managing Exit from the UK Cryptoasset Market

Alongside the authorisation gateway and the Saving Provision, the UK’s cryptoasset regulatory framework includes a Transitional Provision designed to manage firms that do not, or cannot, move into full FCA authorisation. Unlike the Saving Provision—which supports continuity for firms actively seeking authorisation—the Transitional Provision is expressly concerned with market exit and orderly wind‑down.

It reflects a clear policy choice: firms that fall outside the authorised perimeter after commencement should not be permitted to continue doing business in the UK indefinitely, but neither should they be forced into uncontrolled or disruptive cessation of activity.

 

Purpose and Policy Rationale

The Transitional Provision exists to achieve two principal objectives:

• Consumer and market protection: Ensuring that firms unable or unwilling to become authorised do not continue onboarding new UK customers or expanding activity outside regulatory oversight
• Orderly wind‑down: Allowing firms to service existing contractual obligations so that customers are not exposed to sudden service termination or disorderly failures

 

Which Firms Fall Within the Transitional Provision?

A firm will fall into the Transitional Provision if, at the commencement of the cryptoasset regime, it:

• Has not submitted an application for FCA authorisation (or variation of permission, where applicable) during the Authorisation Gateway
• Has had an application refused by the FCA, including where that refusal has been appealed to the Upper Tribunal and ultimately upheld

This can apply to:

• Cryptoasset firms previously registered only under the MLRs
• Payment institutions or e‑money institutions carrying on newly regulated cryptoasset activities
• Firms already authorised under FSMA that do not secure the necessary new permissions

 

Scope of Permitted Activities

Firms operating under the Transitional Provision are subject to significant and deliberate restrictions. They may continue to carry on cryptoasset business only to the extent necessary to perform pre‑existing contracts entered into before the firm entered the Transitional Provision. In practical terms, this means that a firm:

• May service existing UK customers under existing contractual arrangements
• May not onboard new UK customers
• May not enter into new contracts with existing UK customers
• May not expand, vary or materially change its cryptoasset business model

The Transitional Provision therefore supports fulfilment and closure of existing obligations, not ongoing commercial operations.

 

Supervision and Regulatory Obligations

Despite its limited scope, the Transitional Provision does not place firms outside the regulatory framework. Firms operating within it are required to comply with the FCA’s applicable rules in much the same way as authorised firms or firms operating under the Saving Provision.

This includes obligations relating to:

• Systems and controls
• Financial crime prevention
• Consumer protection requirements
• Governance and record‑keeping

The FCA retains full supervisory and enforcement powers throughout the transitional period.

 

Duration and End State

The Transitional Provision is, by design, temporary and finite. It does not provide an open‑ended ability to remain in the UK cryptoasset market. A firm operating under the Transitional Provision will ultimately face one of two outcomes:

• Orderly exit from the UK market once all relevant pre‑existing contracts have been performed or terminated
• Cessation of activity following FCA intervention if the firm fails to comply with the conditions or restrictions of the regime

Unlike firms operating under the Saving Provision, there is no automatic route from the Transitional Provision into authorised status without a fresh and successful authorisation application.

Accordingly, the Saving Provision supports continuity for firms that apply on time and engage with the authorisation process, allowing them to operate pending regulatory determination. In contrast, the Transitional Provision applies to firms that do not secure a place within the authorised perimeter and is focused on limiting risk during market exit.

Together, the two mechanisms reinforce the FCA’s broader supervisory objective: encouraging early compliance and engagement while maintaining firm boundaries around who may participate in the regulated cryptoasset market.

 

Practical Implications for the Market

From a market perspective, the existence of the Transitional Provision underscores the importance of the Authorisation Gateway. Firms that miss the Gateway or underestimate the rigor of the FCA’s authorisation standards face a hard limitation on their UK business.

The regime creates a clear regulatory hierarchy:

• Authorised firms, operating on a steady‑state basis
• Saving Provision firms, operating temporarily while applications are assessed
• Transitional Provision firms, operating under constraint solely to wind down

In this way, the Transitional Provision plays a critical but deliberately narrow role in the UK’s cryptoasset regulatory architecture, ensuring that the transition to full authorisation occurs in an orderly, controlled and consumer‑focused manner.

 

Conclusion and Next Steps

The UK’s cryptoasset regulatory regime represents a significant expansion of the financial services perimeter and a clear signal that cryptoassets have moved from the margins into the regulatory mainstream. By creating a bespoke framework rather than analogizing cryptoassets to traditional investments, the UK aims to provide legal certainty, strengthen consumer protection and support sustainable innovation.

For firms active in or considering entry into the UK cryptoasset market, early engagement with the new regime will be essential. The Authorisation Gateway provides a limited window in which existing players must act, and the FCA’s scrutiny of cryptoasset business models, governance and controls is expected to be rigorous. The coming years will determine whether the UK succeeds in its ambition to become a credible and competitive global hub for regulated cryptoasset activity.

While the FCA has yet to publish the application forms for firms seeking authorisation to carry on cryptoasset business⁸  or where they are already authorised, apply to vary their existing permission, firms engaging in cryptoasset business or wishing to do so should be making plans now to prepare to file a suitably complete application during the Cryptoasset Application Window.

 

How Kroll can Help

Kroll’s specialist team has supported firms in successfully obtaining UK authorisation for over 25 years. We currently assist firms preparing to seek FCA authorisation for the first time to undertake regulated cryptoasset business, as well as FCA-authorised firms seeking a variation of permissions to carry on regulated cryptoasset activities alongside their existing regulated activities.

 

Sources
¹Though further secondary legislation may be necessary as the cryptoasset market develops, the parliamentary time needed for such secondary legislation will be minimal compared to that required for primary legislation.
²As of 23 April, 2026.
³In which the FCA removed the prohibition on the retail sale, marketing and distribution of cryptoasset exchange traded notes (cETNs) where those instruments are admitted to trading on a UK recognised investment exchange, and clarified cETNs as Restricted Mass Market Investments, bringing them within the scope of the FCA’s existing protections and distribution restrictions for higher risk investments.
⁴For the precise definition of “qualifying cryptoasset,” see Article 88F of the RAO as amended by the Cryptoasset Regulations.
⁵The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
⁶Art. 1(2) Cryptoasset Regulations.
⁷Though advising on specified investments referencing cryptoassets (e.g., derivatives, cETNs) remains regulated.
⁸As of April 2026.