As we look ahead to 2026, the UK’s cryptoasset landscape is on the cusp of its most significant transformation yet. The past year has seen a flurry of legislative and regulatory activity, culminating in the Financial Services and Markets Act 2000 (Cryptoassets) Regulation 2025 Statutory Instrument (“the SI”) being laid before parliament in December 2025, which will bring cryptoassets squarely within the FSMA perimeter. This comes shortly after the Property (Digital Assets etc) Act 2025 received Royal Assent, which, for the first time, provides statutory recognition of cryptoassets as a form of personal property under UK law. The SI marks a decisive shift: by 25 October 2027, the FCA will oversee a broad suite of cryptoasset activities, fundamentally reshaping the regulatory environment for all market participants.
In December 2025, the FCA published nearly 650 pages of policy across CP25/40, CP25/41, and CP25/42, covering cryptoasset regulated activities (part 1), the admission, disclosure and market abuse regime for cryptoassets, and the prudential regime for cryptoassets, respectively. The deadline for responding to these consultations is 12 February 2026. Subsequently, in January 2026, the FCA followed with the publication of CP26/4, the second consultation addressing the application of the FCA Handbook to regulated cryptoasset activities (part 2), and GC26/2, concerning the application of the Consumer Duty to cryptoasset firms. The deadline for responses to this consultation is 12 March 2026.
These followed earlier consultations by the Treasury, FCA, and the Bank of England. More recently, the FCA has also published new webpages with guidance for cryptoasset firms regarding the new regime. With regard to issuing systemic stablecoins, please see our separate article here.
Key next steps in 2026
1. Completing the Regulatory Puzzle
The SI will extend the FCA’s remit to a wide range of cryptoasset activities, including:
- Issuing qualifying stablecoin
- Safeguarding of qualifying cryptoassets and relevant specified investment cryptoassets
- Operating a qualifying cryptoasset trading platform
- Dealing in cryptoassets as principal
- Dealing in qualifying cryptoassets as agent
- Arranging deals in qualifying cryptoassets
- Qualifying cryptoassets staking
Many of these activities mirror existing FSMA categories but are tailored to cryptoasset activities. There are also new activities. From 25 October 2027, any firm operating “by way of business” in these areas in or into the UK will require FCA authorisation to carry out these activities, subject to any applicable exclusion or exemption.
Authorised cryptoasset firms will be subject to the FCA’s established frameworks, such as the Threshold Conditions, Principles for Businesses, Senior Managers and Certification Regime, Conduct of Business, Regulatory Reporting and so on, which are tailored to this sector. The FCA has published webpage guidance to help firms prepare, including clarifying how existing Handbook provisions apply. There will also be new cryptoasset sourcebooks, such as COREPRU, CRYPTOPRU, CRYPTO and CASS 16 and 17.
2026 will see the regulatory architecture substantially come together, aligning cryptoassets with well-established financial services infrastructure and embedding the principle of “same risk, same regulatory outcome” approach.
2. Who Falls Within Scope? Jurisdictional Boundaries
With the regulatory framework nearing completion, it is essential for firms to assess whether their activities will fall within the scope of the new regime. The SI sets a geographical perimeter for cryptoasset activities: any firm serving UK retail clients (even from overseas) must be authorised in the UK. There are carve-outs for institutional-only businesses which will require assessment. This is intended to protect UK consumers and prevent regulatory arbitrage, but will require overseas firms to reassess their UK strategy, perimeter scope, governance, risk, compliance and operational footprint.
In addition to the geographic scope, the regime’s application to decentralised models raises further questions about who will be subject to authorisation requirements. CP25/40 makes clear that there is no special carve-out in the cryptoasset regime for DeFi activities. In practice, the perimeter is defined by whether there is a sufficiently controlling party carrying on a regulated activity “by way of business.” Where DeFi activities are conducted in a genuinely decentralised manner, with no such controlling person, CP25/40 confirms the authorisation requirements will not apply. The FCA will determine on a case-by-case basis whether a DeFi protocol or service has an identifiable controlling entity. For DeFi projects with a controlling party, the full suite of rules will apply, including those on market abuse, disclosure, safeguarding, and prudential standards.
The FCA has committed to consult separately on guidance to clarify how it will assess degrees of decentralisation and control, and to provide examples of good practice for managing financial crime and operational risks in DeFi.
3. Crypto Authorisation Gateway
From September 2026, the FCA expects to open applications from firms to become authorised under the new regime. Firms who intend to conduct these activities and firms registered with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLRs”) must apply to the FCA for approval. Conversely, firms seeking authorisation under the new regime will no longer be required to register under the MLRs. Existing MLR registered firms who do not meet the new requirements will be subject to transitional arrangements, requiring them to wind down their UK business in an orderly way and exit the UK market before the full UK cryptoasset regime comes into effect.
We expect the FCA will apply the same high standards as with all authorisation assessments to those applying under the new regime. Applicants need to now start reviewing and determining their scope, business models, frameworks, policies, systems and controls, agreements and internal and external arrangements to ensure they are “ready, willing and organised” to comply with all relevant requirements by 27 October 2027. Early engagement with the authorisation process will be critical for new entrants and for firms intending to continue operating in the UK.
Where a firm applies for authorisation (or variation) during the application period, the FCA (and the PRA for dual-regulated firms) expect to determine its application on or before the new regime commences in October 2027, provided applications are submitted before the window closes, the date of which is yet to be confirmed. The FCA has published details on the authorisation gateway.
Ten critical questions to help you assess your readiness for cryptoasset authorisation
1. How does your business model align with the new regulatory perimeter?
The FCA’s proposed regime will apply different requirements to stablecoin issuers, cryptoasset trading platforms (“CATPs”), custodians, intermediaries, and firms engaged in admissions, disclosures, lending, borrowing, staking, and DeFi activities. Have you mapped your business activities against the new regulatory perimeter, identified the permissions you will require, and assessed the impact on your strategy and business model? Early preparation is essential to avoid operational disruption and ensure a smooth authorisation process.
2. Does your group structure require adjustment?
Have you reviewed whether your current product suite and group structure will remain compliant and commercially viable under the new regime? Consider the interaction between UK requirements and your international operations. For CATPs in the UK or those servicing UK consumers, a physical UK presence will be mandatory - have you determined whether the subsidiary only route, or UK branch and separate subsidiary aligns best with your business model?
3. Are your governance and systems and controls arrangements aligned to regulatory expectations?
Cryptoasset firms will be required to meet governance standards that are equivalent to those imposed on other authorised firms. Have you clearly identified the individuals who will hold ultimate responsibility for cryptoasset activities, and are their roles and accountabilities appropriately documented? Consider whether your governance arrangements require enhancement, including a review of committee and forum structures, terms of reference, management information flows, and escalation procedures to ensure effective oversight and decision-making.
In relation to systems and controls, have you established robust risk management frameworks that specifically address the risks associated with cryptoasset activities? Have you conducted a comprehensive review of your existing risk assessments, policies, procedures, and training materials to identify and implement any necessary amendments? Furthermore, have you ensured that cryptoasset activities are fully integrated into your three lines of defence model, with clear delineation of responsibilities for risk identification, management, and assurance?
4. What steps are you taking to meet prudential and capital requirements?
The FCA’s CP25/42 consultation outlines a prudential regime akin to the Investment Firm Prudential Regime. Are your regulatory capital calculations, internal controls, and disclosure processes aligned with these standards? Have you stress-tested your capital adequacy and liquidity to ensure ongoing compliance?
5. How will disclosure and market abuse requirements impact your cryptoasset activities?
The new regime introduces crypto-specific rules on disclosure and market abuse. Have you assessed how these requirements will apply to your operations? Are CATPs prepared to assume a quasi-supervisory role in monitoring and reporting market abuse? Are your wall crossing and personal account dealing arrangements fit for purpose?
6. Is your safeguarding and custody framework sufficiently robust?
Have you conducted a detailed review of your asset segregation, wallet management, outsourcing arrangements, and liability provisions to ensure alignment with regulatory expectations? Are your custody models compliant with regulatory, capital, CASS, and operational requirements?
7. Do your operational resilience and technology controls meet regulatory standards?
Are your IT infrastructure, cyber security measures, outsourcing arrangements, incident management, and business continuity plans sufficiently resilient to satisfy regulatory requirements? Have you tested your systems for vulnerabilities, addressed gaps and ensured sufficient oversight?
8. Are your financial crime and anti-money laundering controls adequate?
With the FCA’s focus on enhanced AML and KYC standards, do you have effective transaction monitoring, sanctions screening, and reporting frameworks in place? Have you reviewed and updated your proliferation financing, sanctions, anti-bribery and corruption, and fraud policies to reflect evolving regulatory expectations?
9. Can you meet the new data and regulatory reporting obligations?
Are your systems and processes capable of delivering the granular and timely reporting required under the new regime? Have you mapped your data flows and implemented controls to ensure data integrity, security, and compliance with FCA reporting standards?
10. Are you demonstrably ready, willing, and organised to operate from day one?
Can you evidence your ability to meet the FCA’s threshold conditions, including governance, systems and controls, and business planning requirements? Are you prepared to engage proactively with the FCA and provide clear, comprehensive documentation to support your application and ongoing compliance?
This enhanced set of questions is designed to help you critically assess your readiness for FCA authorisation and identify areas requiring further attention or remediation.
What should firms do now
As the new regime takes shape, firms must quickly move from planning to implementation in preparation for the authorisation gateway opening in September 2026. At the same time, they should closely monitor ongoing developments and coordinate efforts across both workstreams. This could include:
- Engaging proactively with regulators and industry by responding to open consultations (CP25/40, CP25/41, and CP25/42 are closing on 12 February 2026, and CP26/4 and GC26/2 are closing on 12 March 2026), participating in FCA and Bank of England stablecoin sprints, sandboxes and/or other initiatives.
- Preparing for authorisation by mapping activities to the new FSMA perimeter, establishing a dedicated authorisation steering group and workstream, and ensuring Board level SMF responsibility and management information is in place. Once the application period has closed (exact date to be determined), the FCA will not expedite its assessment of an application for authorisation. On the commencement of the new regime, any firms that are still providing cryptoasset services within scope of the new regime but without the relevant permission, and who are not eligible for the saving provision, will be subject to transitional arrangements until their application is determined.
- Strengthening compliance systems and controls, including, for example, conduct of business, safeguarding, market abuse surveillance, financial promotions, prudential planning and operational resilience.
- Designing for interoperability, ensuring systems can interact with established payment rails and emerging tokenised platforms.
- Relationship to “tradfi” operations: Consider the operational, financial and legal relationships between existing business lines and any new cryptoasset activities.
Two other trends to watch in 2026
A multi-money verse: stablecoins, tokenised deposits, and CBDCs
The UK enters 2026 with a clear ambition: to shape and define the rules of a new multi-money landscape. As stablecoins, tokenised deposits, and central bank digital currencies (“CBDCs”) continue to jostle for relevance and scale, the UK is taking a coordinated, strategic approach to ensure that these innovations develop within a coherent, interoperable framework.
Stablecoins will undergo significant recalibration in 2026 as the Bank of England finalises a regime that raises reserve standards and introduces temporary caps to ensure systemic resilience. Meanwhile, the FCA will host policy sprints in March 2026 to explore practical stablecoin use cases, clarify regulatory boundaries, and direct industry innovation towards public-interest outcomes.
While global headlines spotlight China’s scale and Europe’s acceleration, the UK is continuing to advance its own CBDC exploration. The Bank of England’s Digital Pound Lab is testing models focused on privacy, architecture, and interoperability which has moved into Phase 2. Phase 2 is planned to run from November 2025 to July 2026, and applications are open until March 2026. In contrast, Europe has progressed into a “technical readiness” phase for the digital euro. The ECB has signalled that, subject to legislation expected in 2026, a pilot could begin in 2027, with the Eurosystem ready for first issuance in 2029, supported by a near-complete draft rulebook for a retail digital euro scheme. China remains the global frontrunner, with e-CNY surpassing $2.3 trillion in transaction value by late 2025, deployed across everything from B2B payments to climate-linked subsidies, and dominating Project mBridge – a multi-central-bank cross-border CBDC platform – which processed $55 billion in cross-border CBDC settlements by 2025 [1]. Against this backdrop, the question for the UK is no longer whether it will adopt CBDC at scale, but how quickly it will move from experimentation to implementation.
Tokenised deposits will play an equally important role. UK Finance (“UKF”) is coordinating industry pilots to demonstrate how tokenised commercial bank deposits can function as a bridge asset, combining regulatory protections with programmability and interoperability. In 2025, UKF supported the first live transactions of fungible tokenised sterling deposits (“GBTD”) with six major banks, testing marketplace payments, remortgaging, and on-chain settlement. The GBDT pilot continues through mid-2026, with further tests of programmable payments, fraud reduction, and settlement workflows. UKF will continue industry engagement as the platform develops interoperability with other digital money forms and tokenised securities infrastructures.
The UK is crafting a uniquely pluralistic model – one in which stablecoin, tokenised deposits, and CBDC each serve distinct roles while reinforcing each other. Whether Sarah Breeden’s “multi-money verse” is realised, or if one format becomes first among equals, 2026 will be decisive.
The year ahead will see a significant increase in pilots, policy sprints, industry tests, and sandbox applications, coordinated by the Bank of England and the FCA/PSR, in close collaboration with industry associations and market participants. The objective is to lay the foundations for an interoperable and future-proof digital money ecosystem.
UK and US: a special relationship?
The UK is forging its own regulatory path, but US markets continue to set the global pace. The output of the Transatlantic Taskforce for Markets of the Future (TTMF) will be instructive for the future relationship between UK and US digital asset markets, with potential implications for UK regulation and market access. With global regulatory momentum accelerating, the next 18 months will be critical for firms seeking to remain compliant, credible, and competitive in a rapidly evolving UK cryptoassets market. Proactive preparation and strategic engagement will be essential to navigate the transition and capitalise on emerging opportunities.
[1] https://www.atlanticcouncil.org/blogs/econographics/what-to-watch-as-china-prepares-its-digital-yuan-for-prime-time/
Strategic implications for local and international crypto firms and those entering the UK market
It is important to note that the rules and guidance discussed above are not yet final. The FCA’s consultation papers represent proposals that remain subject to change. The final form of the rules and accompanying regulatory guidance will depend on the responses received to the ongoing consultations and further deliberation by the FCA. Until the final rules and guidance are published, there remains a degree of variation as to the precise requirements and expectations that will apply. Firms should therefore monitor developments closely and be prepared to adapt their approach as the regulatory framework is finalised.
Why act now?
Although September 2026 may seem distant, achieving approval and compliance is a complex process that requires thorough preparation. Firms should view the introduction of the new regime as a strategic inflection point to review their cryptoasset activities. Early action is essential to minimise operational disruption, reduce the risk of submission delays, and ensure your business is positioned to thrive within the UK’s evolving regulatory landscape. UK regulatory approval will not only demonstrate your commitment to equivalent high standards, but also enhance your credibility as the UK regime becomes a benchmark for other jurisdictions.
The next 18 months will be pivotal for firms operating in the UK cryptoasset sector. Proactive engagement with the evolving regulatory landscape, coupled with expert legal, governance, risk management, and compliance advice, will be essential to ensure readiness and maintain a competitive edge. This will be key to navigating the complexities of the new regime, minimising operational disruption, and capitalising on emerging opportunities to secure long-term success.
The AG Financial Services Regulatory and Compliance team is well-placed to support you through every stage of this transition. Whether you need to clarify your position within the new regulatory perimeter, prepare for authorisation, enhance your risk management and compliance frameworks, or explore innovative business models in the dynamic UK cryptoasset ecosystem, we can provide tailored, practical guidance to help you achieve your objectives.
