UK’s Digital Assets Regulatory Framework Takes Shape

The close of 2025 underscored the relentless momentum of the digital asset industry, showing no signs of slowing down. In December, the UK government and the Financial Conduct Authority (FCA) unveiled several draft measures and consultation papers that could significantly shape the future of the sector. Specifically, on 15 December 2025, HM Treasury (HMT) released a revised draft of The Financial Services and Markets Act 2000 (Cryptoassets) Order 2025, and on 16 December 2025, the FCA published three Consultation Papers on cryptoasset regulation: (1) CP25/40 Regulating Crypto Activities, (2) CP25/41 Regulating Cryptoassets: Admissions & Disclosures and Market Abuse Regime for Cryptoassets, and (3) CP25/42 A Prudential Regime for Cryptoasset Firms. Furthermore, on 8 January 2026, the FCA outlined details of its upcoming ‘gateway’, the application process for firms seeking to conduct newly regulated cryptoasset activities under the UK’s forthcoming regime.

Background

In December 2025, the FCA released three major consultation papers outlining its proposed rules for the UK’s first comprehensive conduct and prudential regimes for cryptoasset activities and markets. These consultations marked a pivotal step in shaping the UK’s approach to digital asset regulation, setting out frameworks for trading platforms, intermediaries, lending and borrowing, staking services, and decentralised finance (DeFi). The move followed HMT’s announcement just a day earlier of plans to bring cryptoassets within the Financial Services and Markets Act (FSMA) regulatory perimeter by 2027. Furthermore, less than a month later, the FCA provided further clarity by unveiling details of its upcoming gateway, the application process for firms seeking authorisation to conduct newly regulated cryptoasset activities under the forthcoming regime. This legislative shift will subject digital asset firms to similar standards as traditional financial institutions, including transparency, consumer protection, and prudential requirements. Together, these initiatives aim to position the UK as a global leader in innovation-friendly yet robust digital asset regulation.

The Financial Services and Markets Act 2000 (Cryptoassets) Order 2025

In April 2025, HMT published a draft statutory instrument introducing new regulated activities for cryptoassets under the Financial Services and Markets Act 2000. This initiative aimed to create a comprehensive regulatory framework for cryptoasset markets in the UK. In December 2025 HMT provided further clarity and the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 will come fully into force on 25 October 2027, although certain provisions will commence earlier to allow the FCA to issue directions, guidance, and rules in preparation for implementation.

The regulations establish new regulated activities such as operating a cryptoasset trading platform, issuing qualifying stablecoins, safeguarding cryptoassets, dealing in cryptoassets as principal or agent, arranging deals in cryptoassets, and cryptoasset staking. These activities will require FCA authorisation, subject to relevant exclusions. In addition, the regulations introduce two designated activity regimes: one governing public offers of qualifying cryptoassets and admissions to trading on qualifying cryptoasset platforms, and another addressing market abuse, including insider dealing, unlawful disclosure of inside information, and market manipulation. The framework also sets out disclosure requirements, liability for misleading statements, withdrawal rights for purchasers, and obligations for firms to maintain systems and controls to prevent market abuse.

 CP25/40 Regulating Cryptoasset Activities

 Key proposals include:

 Cryptoasset Trading Platforms (CATPs): Firms operating CATPs in the UK or serving UK consumers must obtain FCA authorisation. CATPs must implement fair, transparent, and non-discriminatory rules for platform access and order execution, with robust systems to prevent market abuse. Retail investors can only trade cryptoassets admitted to trading on authorised CATPs with approved disclosure documents.

• Cryptoasset Intermediaries: Firms dealing or arranging deals in qualifying cryptoassets must be authorised and comply with best execution, transparency, and conflict of interest rules. Retail client orders must be executed on UK-authorised venues, ensuring higher consumer safeguards.
• Lending and Borrowing (L&B): FCA proposes allowing retail access to regulated cryptoasset lending and borrowing services with enhanced protections, including express prior consent, prohibition on proprietary tokens, mandatory over-collateralisation, and negative balance protection to limit consumer losses.
• Staking: Firms arranging cryptoasset staking must provide clear information and obtain express prior consent from retail clients. They must maintain records and comply with operational resilience and prudential requirements.
• DeFi approach: Where a controlling person exists, DeFi activities will be subject to the same regulatory requirements as centralised activities, ensuring consistent consumer protection.

CP25/41 Regulating Cryptoassets: Admissions & Disclosures and Market Abuse Regime for CryptoassetS

Admissions & Disclosures (A&D) Regime:

The A&D regime focuses on the public offering and admission to trading qualifying cryptoassets on UK-authorised CATPs. Its primary goal is to improve the quality and accessibility of information available to investors at the point of admission to trading. Under this regime, CATPs must establish and publish clear, risk-based admission criteria to assess whether admitting a cryptoasset would likely harm retail investors which requires conducting due diligence to verify disclosures and ensure that only cryptoassets meeting these standards are admitted. Central to this regime is the requirement for a Qualifying Cryptoasset Disclosure Document (QCDD), which must contain all material information necessary for investors to make informed decisions. These documents, along with any supplementary disclosure documents (SDDs) issued to update material information, must be published on CATP websites and filed with an FCA-owned central repository to ensure transparency and accessibility. The regime also includes provisions for managing conflicts of interest, withdrawal rights for investors if new material information arises, and specific rules for UK-issued qualifying stablecoins, which have a tailored disclosure framework reflecting their unique role in the market.

Market Abuse Regime for Cryptoassets (MARC):

The MARC is designed to prevent and address abusive practices such as insider dealing, unlawful disclosure of inside information, and market manipulation within cryptoasset markets. Recognising the unique features of cryptoassets such as decentralisation, continuous 24/7 trading, and pseudo-anonymity, MARC adapts traditional market abuse principles to this context. It applies to qualifying cryptoassets admitted or seeking admission to trading on CATPs and imposes clear prohibitions on abusive behaviours. Issuers, offerors, and CATPs have responsibilities to disclose inside information promptly and fairly, with allowances for delayed disclosure under strict conditions to protect legitimate interests. CATPs and intermediaries must implement effective systems and controls to detect, prevent, and disrupt market abuse, scaled proportionately to their size and business nature. Large CATPs, defined by revenue thresholds, have additional obligations including on-chain monitoring of blockchain activity and cross-platform information sharing to combat abuse that spans multiple venues. The regime also specifies requirements for maintaining insider lists to track individuals with access to inside information, including wallet addresses where relevant. Furthermore, certain activities, such as coin burning and crypto-stabilisation, are recognised as legitimate market practices and exempt from abuse prohibitions when conducted transparently and for legitimate purposes.

CP25/42 A Prudential Regime for Cryptoasset Firms

The proposed rules in CP25/42 build upon the proposals discussed in CP25/15 and apply to all cryptoasset firms requiring FCA authorisation, covering activities such as operating qualifying cryptoasset trading platforms, staking, arranging deals, and dealing as agent or principal in qualifying cryptoassets.

Cryptoasset firms are required to maintain minimum regulatory capital, known as the Own Funds Requirement (OFR), which is determined as the highest of three components: the Permanent Minimum Requirement (PMR), a fixed amount based on the firm’s activities; the Fixed Overhead Requirement (FOR), equal to one quarter of relevant operating expenses; and the K-factor Requirement (KFR), which addresses operational and exposure risks such as client orders, trading flow, staking, safeguarding, stablecoin issuance, counterparty default, net position risk, and concentration risk. Firms must calculate these based on their scale and activities, applying specific netting and valuation rules. Additionally, they must conduct ongoing overall risk assessments, including business model reviews, capital and liquidity planning, stress testing, recovery planning, and wind-down strategies to prevent material harm. To ensure transparency and market discipline, firms must publicly disclose prudential information at least annually, covering risk management strategies, own funds composition and requirements, threshold levels, group exposures, and, for principal dealers, detailed financial statements and encumbered assets, with disclosures presented clearly and consistently.

FCA UPDATE TO CRYPTOASSET GATEWAY

 On 8 January 2026, the FCA released an update regarding the cryptoasset gateway for firms seeking approval under the forthcoming regulatory framework for cryptoasset activities. All firms, including those already registered under anti-money laundering regulations or authorised to provide payment services, will need to obtain FCA authorisation or vary existing FSMA permissions, as there will be no automatic conversion. The gateway is expected to open in September 2026 for a minimum of 28 days and will close at least 28 days before the regime goes live on 25 October 2027. Firms applying within this window will receive priority review, and if decisions are delayed, a saving provision will allow them to continue operating temporarily. Those applying late will enter a transitional regime, permitting only the run-off of existing contracts without taking on new business until full authorisation is granted.

The FCA intends to host a series of information sessions for cryptoasset firms that may fall under the new regulatory regime. These sessions will help firms and their advisors understand the regime, FCA standards and expectations, and the authorisation process. In addition, firms can request a free, optional pre-application meeting through the FCA’s pre-application support service (PASS). These meetings provide an opportunity to present the business model, discuss the authorisation process, and clarify expectations, helping firms prepare high-quality applications and potentially speed up assessments. However, PASS does not guarantee approval, and the FCA does not provide advice during these meetings. Firms are encouraged to seek independent legal or compliance advice when preparing their applications.

TIMING AND Next Steps

The consultation period for CP25/40, CP25/41, and CP25/42 is open for comments and feedback until 12 February 2026, with final rules expected to be issued in policy statements in 2026. In parallel, the FCA has confirmed that its gateway is expected to open in September 2026 for at least 28 days and close no later than 28 days before the new regime, introduced under the Financial Services and Markets Act 2000 which goes live on 25 October 2027.

For More Information

If you have any questions regarding this subject or related subjects, or if you need assistance, please contact Yulia Makarova (Partner), Rebecca Jack (Partner), or your Winston & Strawn relationship attorney. You can also visit our Cryptocurrencies, Digital Assets & Blockchain Technology page for more information.

Raveen Kumarasinghe, Trainee Solicitor, also co-authored this alert.