Bank of Italy launches new rules for crypto assets

The date of 30 September 2025 marks a crucial step for the Italian crypto-assets market. On that day, the Bank of Italy issued the ‘Supervisory Provisions on Crypto-Activities’, a document that translates the European MiCAR (Markets in Crypto-Assets Regulation, EU Regulation 2023/1114) into Italian law and completes the path started with Legislative Decree No. 129 of 5 September 2024. The measure, published in the Official Gazette and signed by Governor Fabio Panetta, is not a mere technical act, but a regulatory text that establishes who can do what in the new digital ecosystem and under what conditions. The MiCAR represents the European Union’s first attempt to construct a harmonised discipline for issuing, offering and services related to crypto-assets not already covered by other financial regulations. In other words, Europe has chosen to put an end to the ‘no man’s land’ that for years has allowed the proliferation of tokens without guarantees and unsupervised platforms, responsible for scandals and collapses that have burnt billions of euros of savers.

ART, EMT and CASP: who falls within the perimeter

The Italian measure clearly identifies the recipients of the regulation. Asset-referenced tokens (ART) are those that aim to maintain a stable value by pegging to a basket of underlying assets or rights, such as official currencies or other assets. E-money tokens (EMT), on the other hand, are based on a single legal tender and trace, in a digital key, the principles of electronic money. Completing the picture are crypto-asset service providers (CASPs), i.e. intermediaries offering exchange, custody, advice, order transmission, placement or transfer of crypto-assets. For the first time in Italy, these entities are subject to an authorisation, control and liability regime comparable to that of banks and securities brokerage firms. The Banca d’Italia and Consob are designated as the competent national authorities, with distinct tasks: Via Nazionale has exclusive supervision over EMTs, while on ARTs and CASPs supervision is shared with Consob. A memorandum of understanding between the two authorities will regulate the methods of coordination, in line with what already happens in other financial sectors.

Governance, transparency and resilience

The new rules do not merely impose formal authorisations, but intervene on theinternal organisation of operators. ART issuers, for example, must demonstrate that they have a transparent administrative and accounting structure based on a clear risk culture, a code of conduct shared with staff and control systems capable of preventing conflicts of interest. The measure also explicitly refers to the DORA (Digital Operational Resilience Act) regulation, approved by the EU in 2022, requiring operators to be prepared to react to cyber incidents, service disruptions and cyber threats. This means that those offering stablecoin or exchange services will have to demonstrate that they have business continuity plans, independent audit tools and security procedures comparable to those of large banks. The message is clear: it is no longer enough to ‘launch’ a token or a platform with a nice interface and an aggressive marketing campaign. The authorities demand concrete guarantees, documented processes and transparency towards customers and supervisors.

Eligibility and Qualifying Holdings

An important chapter of the provision concerns corporate officers and equity participants. Those who sit on boards of directors or hold significant shareholdings must be assessed with regard to good repute, professional competence and independence. Applications for authorisation to acquire or increase qualifying holdings in ART issuers or CASPs will have to be examined within 60 working days. This measure is intended to prevent improvised operators or individuals with conflicts of interest from taking on key roles. A similar approach had been taken in the past for the banking and insurance sectors, and is now being extended to the world of crypto assets, recognising their potentially systemic impact.

Rehabilitation and Reimbursement Plans

The BoI has placed great emphasis on recovery plans, recalling the EBA’s 2024 guidelines. Issuers of ARTs and EMTs are obliged to prepare detailed documents outlining the measures to be taken in the event of a crisis: risk indicators, alert thresholds, stress scenarios, alternative options to ensure continuity of services. Not only that. Operators must also prepare repayment plans, to be activated in cases of insolvency or business interruption. The aim is to protect token holders and to avoid the recurrence of traumatic episodes such as those linked to the collapse of the Earth-Moon stablecoin in 2022, which had dragged entire ecosystems of unregulated platforms with it.

Clear timeframes and defined procedures

The measure sets precise timeframes for each step. Authorisation for the issuance and public offering of ART by e-money institutions, payment institutions and SIMs must be concluded within 105 working days. Authorisation for the provision of crypto services by the same entities takes 40 days. Class 1 banks and SIMs that want to issue ART or EMT must submit a white paper that will be assessed by the BoI in 50 days. There are similar deadlines for amending recovery plans or approving new versions of policy documents. The intention is to give operators the certainty of defined timeframes, preventing authorisation procedures from dragging on for months, leading to delays in market development.

Italy in the European context

With these provisions, Italy aligns itself fully with the European framework. Other countries, such as Germany and France, had already partly anticipated the implementation of MiCAR by introducing experimental supervisory regimes. Italy has chosen a different path: wait for the completion of the Community framework and then adopt an organic and detailed measure. This could translate into a competitive advantage, because it allows operators to move in a clear regulatory environment without grey areas. It should not be forgotten that the EBA will have direct jurisdiction over ART and EMT issuers classified as ‘significant’, i.e. those with larger volumes or impacts. The Bank of Italy will therefore have to coordinate with the European authorities, in a multi-level game that closely resembles what already happens for systemic banks.

A paradigm shift

The measure of 30 September 2025 is not a technical document for insiders. It is, rather, the symbol of a paradigm shift: the crypto-asset market finally comes under the umbrella of institutional supervision, with clear rules, controls and responsibilities. Those operating in Italy will no longer be able to improvise or rely on opaque practices. For consumers and investors, this is an important guarantee. For operators, however, the impact will be significant: they will have to invest in governance, cybersecurity, risk management and compliance. Not everyone will be able to handle this quantum leap, and many smaller operators may exit the market. But this is exactly the point of MiCAR: to separate those who want to do business transparently from those who aim to exploit regulatory gaps to take advantage of savers’ good faith.