MiCA: Market Abuse RTS Published in the OJ

Executive Summary

On 20 August 2025, the European Union published Commission Delegated Regulation 2025/885, establishing the Regulatory Technical Standards (RTS) that operationalise the market abuse framework under the Markets in Crypto-Assets (MiCA) Regulation (EU) 2023/1114. This RTS mandates a comprehensive and technically rigorous compliance framework for all persons professionally arranging or executing transactions in crypto-assets.

The regulation prescribes the specific arrangements, systems, and procedures required for the effective prevention, monitoring, detection, and reporting of potential market abuse. It imposes obligations that align the crypto-asset market with the established standards of traditional financial markets, notably the Market Abuse Regulation (MAR). For firms, this necessitates significant investment in advanced surveillance technology, specialised compliance expertise, and robust internal controls to address both on-chain and off-chain activities, thereby increasing operational costs and regulatory liability.

Core Regulatory Mandates

The RTS articulates several core obligations for market participants to ensure the integrity of crypto-asset markets:

• Surveillance Systems and Procedures: Firms are required to establish and maintain arrangements, systems, and procedures to ensure "effective and ongoing monitoring" of all orders and transactions. This surveillance must be capable of identifying market abuse, including insider dealing and market manipulation. Crucially, the scope extends to both transactions executed "on-chain" and those conducted "off-chain." These systems must be appropriate and proportionate to the firm's business activities and are subject to, at a minimum, an annual audit and internal review.

• Suspicious Transaction and Order Reporting (STOR): Upon the formation of a "reasonable suspicion" that market abuse has occurred, is occurring, or is likely to happen, firms must submit a STOR to the relevant national competent authority "without delay." The submission must be made electronically via a harmonised template (specified in the Annexe), which requires detailed information about the suspected persons, transactions, and the rationale for suspicion.

• DLT and Protocol-Level Monitoring: The regulation expands the surveillance perimeter beyond traditional trade and order book analysis. It explicitly requires the monitoring of "aspects of the functioning of the DLT, including the consensus mechanism." This creates a new obligation to detect potentially manipulative behaviours that occur at the protocol level of the blockchain itself.

• Human Analysis and Staff Competency: The RTS mandates an "appropriate level of human analysis" within the surveillance process, precluding fully automated systems from being sufficient on their own. To support this, firms must provide "effective and comprehensive training" regularly to all staff involved in the monitoring, detection, and processing of transactions.

• Framework for Cross-Border Supervision: The regulation establishes formal coordination procedures for competent authorities to manage the detection and sanctioning of market abuse in cross-border situations. This includes protocols for sharing STORs and coordinating supervisory and enforcement actions to ensure a consistent regulatory approach across the Union.

  
  

Technical and Strategic Implications for Firms

The implementation of this RTS presents significant technical, operational, and strategic challenges that require immediate attention from market participants:

• Investment in Advanced Surveillance Infrastructure: Firms must procure or develop sophisticated surveillance systems capable of ingesting, processing, and analysing heterogeneous data sets, including centralised order book data, on-chain transaction data, and mempool information. These systems must feature robust alerting, case management, and reporting functionalities that align with the STOR requirements.

• Convergence with MAR and Expansion of Scope: The RTS framework is structurally analogous to the EU's Market Abuse Regulation (MAR). Firms with existing MAR compliance programs may leverage their experience, but they must materially adapt their systems and controls to address the unique characteristics of crypto-assets and DLT. The requirement to monitor on-chain data represents a significant expansion of the traditional surveillance mandate.

• Development of Novel Surveillance Methodologies: The obligation to monitor the DLT itself is a novel regulatory requirement that necessitates the development of new compliance capabilities. Firms will need to build or acquire the expertise and tooling to detect complex forms of on-chain manipulation, such as validator front-running, transaction censorship, or other protocol-level exploits that could distort market activity.

• Heightened Regulatory and Legal Liability: The RTS establishes precise technical and procedural benchmarks, creating clear lines for regulatory enforcement. The regulation explicitly states that the delegating firm remains "fully responsible for complying with all of their obligations," even where surveillance functions are outsourced to a third-party provider. This underscores the need for rigorous vendor due diligence and ongoing oversight.

• Market Structure and Competitive Dynamics: The substantial compliance costs associated with the RTS may function as a significant barrier to entry and could prove prohibitive for smaller entities. This is likely to drive market consolidation and foster the emergence of specialised RegTech vendors providing sophisticated, scalable surveillance and reporting solutions tailored to the MiCA framework.