For years, the UK crypto scene felt like the Wild West-plenty of innovation, but very little clear guidance on what was actually legal. That changed when HM Treasury is the UK government's economic and finance ministry responsible for developing the regulatory framework for digital assets decided to stop the guesswork and bring cryptoassets into the official regulatory perimeter. If you're running a business or investing in the UK, you've likely noticed that the rules are finally catching up to the tech.
The goal here isn't to kill the industry, but to make it act more like the traditional financial world. By treating HM Treasury crypto policy as an extension of existing laws rather than a brand-new system, the government is trying to balance consumer safety with the ambition of making London a global crypto hub. But what does this actually mean for the people on the ground?
The Core of the New Regulatory Framework
The real shift happened with the introduction of the Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025. Essentially, the government stopped treating crypto as a niche curiosity and started treating it as a "specified investment." This means if you provide certain services, you can't just operate from a laptop in a coffee shop; you need official backing.
The framework splits assets into two main buckets: qualifying cryptoassets Digital assets that meet specific criteria to be regulated as investments under UK law and qualifying stablecoins Cryptoassets designed to maintain a stable value, specifically regulated when issued within the UK . This distinction is huge because it changes who is regulated and how. While most crypto activities are regulated regardless of where the firm is based (as long as they serve UK customers), stablecoin rules are primarily focused on UK-based issuers.
Five Activities That Now Require FCA Authorization
If your business does any of the following, you'll need to get on the right side of the Financial Conduct Authority The regulatory body responsible for overseeing financial firms and ensuring market integrity in the UK (FCA). It's no longer a suggestion; it's a legal requirement.
- Operating a cryptoasset trading exchange: If you run the platform where people buy and sell, you're in the spotlight.
- Stablecoin issuance: Creating and managing stablecoins for the UK market.
- Dealing in qualifying cryptoassets: Acting as a broker or dealer.
- Custody arrangements: Holding the private keys for other people's assets.
- Arranging transactions: Helping others set up deals in qualifying cryptoassets.
The FCA expects these firms to meet the same standards as a traditional bank-meaning high levels of transparency, operational resilience, and a serious commitment to protecting the consumer. If you're a "crypto-native" startup, this means you'll need to build a whole compliance department from scratch.
How the UK Approach Differs from Global Trends
You might have heard about MiCA The Markets in Crypto-Assets Regulation, a comprehensive EU-wide framework for cryptoasset regulation in Europe. The UK's approach is a bit of a hybrid. While it mirrors many of MiCA's goals, it doesn't create a standalone "crypto law." Instead, it plugs crypto into the existing Financial Services and Markets Act. This is a smart move for traditional banks already regulated by the FCA, as they don't have to learn an entirely new set of rules.
| Feature | UK Approach (HM Treasury) | EU (MiCA) | Other Jurisdictions |
|---|---|---|---|
| Legal Structure | Extension of existing FSMA laws | Standalone dedicated regulation | Varied (often fragmented) |
| DeFi Treatment | Explicit exclusions for true DeFi | Less clear on full decentralization | Often attempts to regulate all |
| Stablecoin Scope | Focused on UK issuers | Broad EU-wide requirements | Varies by country |
| Entry Path | FCA Authorization | Passporting across EU states | Varies locally |
The DeFi Loophole: Is it Really Decentralized?
One of the most interesting parts of the HM Treasury policy is how it handles Decentralized Finance A blockchain-based form of finance that does not rely on central intermediaries (DeFi). The government knows that you can't really "authorize" a piece of code that lives on a thousand different servers globally. Because of this, truly decentralized models are excluded from the authorization requirements.
However, don't think this is a free pass. The FCA is tasked with playing detective. If they find that a project claims to be decentralized but actually has a small group of people controlling everything behind the scenes, they'll treat it as a regulated entity. In short: if there's a "neck to wring," the FCA will find it.
Cleaning Up the Money: AML and Counter-Terrorism
Regulation isn't just about who has a license; it's about where the money comes from. In late 2025, HM Treasury pushed for updates to the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. They're moving toward a more "risk-based" approach. Instead of a one-size-fits-all checklist, firms are expected to apply more scrutiny to high-risk transactions and less to low-risk ones.
This includes tighter rules on customer due diligence and how pooled client accounts are managed. For the average user, this means more "Know Your Customer" (KYC) prompts when moving funds. For the firms, it means better information sharing with authorities to stop illicit flows of capital.
What to Expect in the Near Future
We're currently in a transition phase. While the core activities are defined, we're still waiting on the full details for market abuse and disclosure regimes. Think of this as the first floor of a building; the foundation is laid, but the walls and roof (the specific rules on how to report trades and prevent market manipulation) are still being constructed.
Firms that are already in the UK should be doing a gap analysis right now. If you're providing custody or operating an exchange, you need to see where your current operations fall short of FCA standards. The window for providing technical feedback to the Treasury has largely closed, meaning the implementation phase is now the priority.
Do I need FCA authorization if my company is based outside the UK?
Yes, if you are conducting business with UK customers. The territorial scope for most cryptoasset activities extends to non-UK firms serving the UK market. The main exception is qualifying stablecoins, where regulation focuses more heavily on UK-based issuers.
What happens to truly decentralized projects under these rules?
Truly decentralized finance (DeFi) models are explicitly excluded from the authorization requirements. However, the FCA will investigate whether a project is truly decentralized or if there is a controlling party that should be subject to oversight.
What is the difference between a qualifying cryptoasset and a qualifying stablecoin?
A qualifying cryptoasset is a broad category of digital assets treated as specified investments. A qualifying stablecoin is a specific type of cryptoasset designed to maintain a stable value, and its regulation is more tightly linked to the location of the issuer (specifically UK issuers).
Are there any specific rules for crypto custody?
Yes. Custody arrangements for cryptoassets are one of the five regulated activities. This means firms holding assets for clients must meet strict prudential and operational resilience standards to ensure client funds are safe.
How is the UK approach different from the US or EU?
Unlike the EU's MiCA, which is a standalone regulation, the UK is integrating crypto into its existing Financial Services and Markets Act. This provides more consistency for traditional financial institutions transitioning into the crypto space compared to entirely new frameworks.
Next Steps for Industry Players
If you're a crypto-native founder, your first move should be a legal audit. Check if your service fits into the five regulated activities-especially custody and exchange operations. If it does, start documenting your internal controls and consumer protection measures now, as the FCA's authorization process is rigorous and time-consuming.
For traditional finance firms, the path is smoother, but don't get complacent. The risk-based AML updates mean your old KYC processes might not be enough for the volatility and anonymity of crypto-assets. Update your compliance manuals to reflect the 2025/2026 standards to avoid heavy fines during the first wave of audits.