
While European crypto companies scramble in the final days of the transition period to secure licenses and keep operating in the EU market, the very rules they are racing to comply with are already under revision - because the crypto industry has changed dramatically since those rules were written.
On May 20, 2026, the European Commission opened a consultation on the MiCA review, running through August 31, 2026. Its stated goal is to assess whether MiCA remains fit for purpose, given the initial results of implementation, how markets have evolved, and shifts in global regulatory policy. The Commission has left the door open to publishing a legislative proposal alongside the consultation report - which would mean amendments to MiCA. And with 86 questions across four thematic blocks, this looks less like a cosmetic touch-up and more like a conceptual overhaul.
To me, there is something almost absurd about this. The European Union spent years building the world's most comprehensive crypto regulatory regime, pushed it across the finish line, forced exchanges, custodians, token issuers, and payment projects to restructure their business models around it - and is now asking the market: has the whole thing already become obsolete?
Consider how the rollout actually went. The regulation itself was passed in 2023. Rules for stablecoins began applying on June 30, 2024; the remaining provisions followed on December 30, 2024. But firms already operating in crypto were given a transitional window: absent a shorter national deadline, they could continue operating until July 1, 2026, or until their license application was granted or refused - whichever came first.
Before MiCA, over 1,200 VASPs - virtual asset service providers - were registered across EU member states. By June 2026, just 183 companies had received full CASP authorization, the new and more stringent standard for crypto-asset service providers, and of those, only 14 were authorized to operate trading platforms.
So the bottleneck is obvious. Only a small fraction of the old VASP universe has made it through the new authorization regime, yet Brussels is already drafting version two. If that is not absurd, I am not sure what is.
But there is a serious reason behind it: the law was written for the crypto market of 2020 to 2022, but now it has to be applied to the market of 2026.
MiCA's original framework rested on a simple distinction. If a crypto service is provided by an identifiable company or individual, it falls under regulation. If it operates in a fully decentralized manner, without any intermediary, it sits outside MiCA's scope. That carve-out is written directly into the regulation's preamble.
In 2020, this formula seemed reasonable. DeFi could still be described in almost romantic terms: autonomous smart contracts, open blockchains, users interacting directly with code, no intermediary in sight. But since then, the market has learned to perform decentralization rather convincingly.
Today, many "decentralized" protocols feature:
The industry calls this "progressive decentralization." To a regulator, it increasingly looks like a standard financial service that has simply hidden its management layer behind a UI, a governance token, and the aesthetic of a "decentralized protocol."
The European Commission is now trying to translate that suspicion into a legal test. It is asking which characteristics should indicate that a DeFi application is not fully decentralized. The list of red flags includes the presence of an identifiable intermediary or group of persons, administrative keys, control over key protocol functions, the ability to upgrade code, concentration of power, and elements of custodial control where user assets are effectively held under someone's authority.

This is the beginning of a regulatory crackdown on fake decentralization. The crypto community has long had a cutting name for it: DINO - decentralized in name only. That joke may soon become a regulatory category.
What makes this particularly interesting is that the Commission is not stopping at the question of how to identify fake decentralization. It is already probing what tools might be used to address it. Under discussion: whether licensed CASPs should be required to warn clients about the risks of pseudo-decentralized protocols they connect them to; whether CASPs should bear liability for incidents when they have provided a client access to such a protocol; whether CASPs should only connect clients to certified protocols, or refuse to connect them to high-risk ones altogether. There is also a direct question about whether DeFi protocols and smart contracts should be subject to certification.
This represents a significant shift: the Commission is moving from accepting that smart contracts themselves cannot be regulated, toward the idea of regulating the gateways through which users reach those smart contracts. The owners of those gateways become pressure points on "decentralized" infrastructure.
I think this could actually be good for bringing genuine decentralization back to the crypto industry. If a protocol truly has no controlling party, the Commission has no one to address its requirements to. If there is someone to address requirements to, the protocol is not fully decentralized to begin with. The new European approach may therefore push the market in one of two directions: projects either become genuinely autonomous - independent of developers, investors, and token holders - or they honestly acknowledge the existence of a control center and enter the regulated perimeter.
The second major theme of the MiCA review is stablecoins. And here, the market's transformation is even more striking.
When the first version of MiCA was being debated, stablecoins were seen as a technical trading instrument: a way to sit out volatility, move liquidity quickly between exchanges, and avoid having to touch the banking system every time. Over the past few years, however, they have taken on an entirely different function. They have become a genuine means of settlement.
Just the other day I wrote about a telling case on the rabbit.io blog. In December 2025, the Supreme Court of Seychelles resolved a dispute between Swiss investor Didier Rabl and the crypto exchange KuCoin, where Rabl had held around 21 million CoinPoker (CHP) tokens. In 2021, KuCoin stopped trading CHP, notified users by email about the delisting, then declared the uncollected assets abandoned and non-refundable. Rabl never received the emails and took no action. Years later, he tried to recover his tokens; the exchange refused. The court ordered KuCoin to pay Rabl over 2 million USDT plus $10,000 in moral damages. Note the detail: the original harm was done in CHP tokens, but the remedy was denominated in a stablecoin - one the court apparently regarded as a suitable instrument for settling financial obligations between a Seychelles resident entity and a Swiss national. This case has nothing to do with the EU, but it raises serious questions about a future in which USDT becomes a full-fledged instrument of international settlement.
At rabbit.io, we are also seeing growing user interest in swaps into stablecoins. Why are stablecoins becoming so sought after? Because the line between stablecoins and non-tokenized forms of money is blurring more and more with each passing year.
The European Commission is asking market participants whether stablecoins could, within a five-to-ten-year horizon, become a mass payment instrument for retail and wholesale transactions in the EU, a complement to existing payment tools in cross-border settlements, or even a foundational infrastructure layer for the digital economy and tokenized financial markets. The scenarios under consideration include P2P payments, consumer payments to businesses, B2B settlements, settlement of tokenized securities, corporate treasury management, and access to smart-contract financial services.
It is clear that what concerns the Commission here is the question of who will control the payment infrastructure.
The example of card payments is telling. In January 2026, Visa's head of crypto, Cuy Sheffield, told Reuters that Visa is working on integrating stablecoins into existing payment systems and sees demand coming primarily from stablecoin-linked card providers. He noted, however, that large-scale direct merchant acceptance of stablecoins does not yet exist. What this tells us is that the primary demand for stablecoins in payments is coming from buyers - from stablecoin holders themselves. They want to see their tokens function as genuine payment instruments, not just as "cryptocurrencies with a fixed exchange rate."
This detail matters. The merchant receives a familiar payment; the buyer uses a familiar card and terminal - but the payment no longer has to start from a bank account. It can start from a crypto wallet holding stablecoins.

For regulators, this is a concerning scenario, because payment infrastructure is power. Once an asset functions as a means of settlement, it can no longer be treated as just a "crypto-asset." It begins to compete with bank accounts, e-money, international transfers, and, ultimately, with monetary sovereignty.
Hence the EU's interest in global stablecoins and in models that lack a single issuer. The Commission is asking market participants whether MiCA should continue to permit models where the same stablecoin is issued by entities in different jurisdictions. The question sounds technical, but it is fundamentally political: what happens if a token circulates globally, reserves are scattered across different countries, and in a stress scenario, holders rush to exercise their redemption rights specifically under European law?
And here the fundamental conflict between crypto logic and state logic comes into sharp relief. The crypto community was raised on the idea that no one should have a freeze button. States, by contrast, want exactly that button to exist - not necessarily in the hands of a government agency directly, but at least with a licensed issuer, payment intermediary, exchange, bank, or some other entity that can be supervised, pressured, sanctioned, or wound down if necessary.
Centralized stablecoins make far more sense to a regulator. They have an issuer, a legal entity, reserves, redemption obligations, compliance requirements, and the potential for blocking. Tether, for example, told Reuters in February 2026 that it had frozen approximately $4.2 billion in USDT linked to criminal activity, and that the company has the technical ability to remotely freeze tokens in user wallets at the request of law enforcement.
Never mind that this is only half the story - there is one blockchain, Liquid, over which Tether has no such power, and where all USDT circulates freely. But for regulators, the headline matters more than the engineering caveats. Someone is taking responsibility for the token. Someone is promising to cooperate. Someone can later be held to that promise. Sure, the promise may not always be technically enforceable - but if it cannot be fulfilled, there is always the classic regulatory answer: a fine.
That said, Tether is hardly a natural partner for Brussels, however convenient its stated freeze capabilities might be. Its CEO has been openly critical of MiCA-style reserve requirements that would force large amounts of stablecoin backing into European banks.
But at a broader level, the MiCA consultation on stablecoins is a conversation about which forms of digital money Europe is prepared to tolerate. Controllable digital money - yes. Global, liquid, partially ungovernable "digital dollars" that can substitute for a bank account - that is a much harder sell.
MiCA was a significant achievement for states seeking to bring the crypto industry under meaningful oversight. But it is now becoming clear that even a well-drafted crypto law ages faster than a full implementation cycle takes to run.
Fake decentralization breaks down the old distinction between "intermediary" and "protocol." Stablecoins break down the old conception of crypto-assets as purely speculative instruments. And MiCA's intersections with payments regulation reveal that crypto does not fit inside a single regulatory container.
MiCA's core weakness is that it attempted to construct a tidy world of "crypto-assets" - but the market has since generated a proliferation of products and models that do not fit that picture. Payments, banking, tokenized securities, DeFi front-ends, and global settlement are blending together faster than regulators can keep up. And European crypto regulation, which not long ago seemed the most thoughtful and best-organized in the world, turns out to be not a finished architecture but a construction site. I am worried it will become a never-ending one - and that European crypto businesses will find themselves rebuilding their compliance processes again and again to keep pace with ever-shifting rules.
The MiCA transition period is not ending. It is just getting started.