HM Treasury Crypto Regulations 2025-2026: What the New Rules Mean for UK Firms

For years, the UK crypto market operated in a state of limbo. You could trade Bitcoin or Ethereum, but you couldn't bankroll it easily, and regulators watched from the sidelines with crossed arms. That changed dramatically in late 2024 and early 2025. HM Treasury didn't just drop hints; they published a concrete, detailed framework to bring cryptoassets digital assets like cryptocurrencies and tokens that are now subject to specific UK financial regulations firmly into the regulatory perimeter. If you run a crypto business in the UK, or if you're planning to enter the market, the days of ambiguity are over. The new rules aren't coming-they are here, and they require immediate action.

The core of this shift is the draft Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025 a statutory instrument that amends existing laws to include crypto activities under financial regulation, published by HM Treasury on April 29, 2025. This isn't a theoretical paper. It’s the legal scaffolding that forces crypto firms to meet the same standards as banks and traditional investment houses. For many operators, this means applying for authorization from the Financial Conduct Authority (FCA) the UK's primary financial regulator responsible for authorizing and supervising crypto firms. Let’s break down exactly what this means for your operations, your compliance team, and your bottom line.

The Five Regulated Activities You Need to Know

The new framework doesn’t regulate every single thing involving blockchain. Instead, it targets five specific activities. If your business touches any of these, you need to pay attention. These activities define what counts as a "regulated activity" under the updated Financial Services and Markets Act 2000 (FSMA).

1. Operating a Cryptoasset Trading Exchange: If you provide a platform where users can buy, sell, or trade qualifying cryptoassets against each other or against fiat currency, you’re running an exchange. This requires full FCA authorization.
2. Stablecoin Issuance: Creating and issuing stablecoins pegged to fiat currencies or other assets is now strictly regulated. This applies specifically to issuers based in the UK.
3. Dealing in Qualifying Cryptoassets: Buying or selling cryptoassets on your own account (proprietary trading) falls under this category. If you’re a market maker or a proprietary trading firm, this rule applies to you.
4. Custody Arrangements: Holding private keys or controlling access to cryptoassets on behalf of clients is considered custody. This includes cold storage providers and custodial wallet services.
5. Arranging Transactions: If you introduce buyers and sellers to each other, or facilitate the execution of trades without necessarily taking ownership yourself, you are arranging transactions. This covers brokers and certain types of advisory platforms.

The key term here is qualifying cryptoassets specific types of digital assets defined by HM Treasury that fall under the new regulatory regime, excluding truly decentralized tokens. Not every token is included. The definition is precise, designed to capture assets that function similarly to traditional securities or payment instruments while leaving room for experimental technology.

Who Needs Authorization? The Territorial Scope Trap

This is where many non-UK firms get tripped up. The new rules have a nuanced territorial scope. For most activities-like operating an exchange or providing custody-the regulation applies to any firm conducting business with UK customers, regardless of where the firm is headquartered. If you serve British residents, you must comply with UK standards.

However, there is a major exception for stablecoin issuance the creation and management of digital tokens pegged to stable values, which is regulated only for issuers located within the United Kingdom. The current draft order regulates stablecoin issuance only for UK-based issuers. If you are a US or EU company issuing stablecoins, you are not directly subject to this specific part of the Order. But don’t celebrate yet. If you offer those stablecoins to UK consumers through other channels (like exchanges or payments), other parts of the regime still apply. This distinction creates a competitive advantage for UK-based issuers who want to operate domestically, while maintaining consumer protection for those using foreign-issued stablecoins.

Decentralized Finance (DeFi): The Exclusion Clause

One of the most debated aspects of global crypto regulation is how to handle DeFi. HM Treasury has taken a pragmatic approach. The draft legislation explicitly excludes truly decentralized finance models from authorization requirements. Why? Because you can’t authorize a protocol that has no central operator.

The FCA will assess whether a "sufficiently controlling party" exists. If a project has a foundation, a development team, or a board that makes critical decisions about upgrades, fees, or governance, that entity may be deemed controllable and thus regulatable. But if a protocol is fully autonomous, with no identifiable human or corporate entity behind the wheel, it falls outside the perimeter. This is a crucial distinction for developers and investors. It means the UK isn’t trying to ban DeFi; it’s trying to regulate the centralized points of failure within it.

How the UK Approach Compares to MiCA

You’ve likely heard of MiCA (Markets in Crypto-Assets Regulation) the European Union's comprehensive regulatory framework for cryptoassets, which serves as a benchmark for international standards. The UK’s approach mirrors MiCA closely. Both frameworks focus on consumer protection, market integrity, and operational resilience. However, the UK strategy integrates crypto into its existing financial services structure rather than creating a completely separate silo. This provides consistency for firms already operating in traditional finance.

This similarity is intentional. The UK wants to maintain passporting-like compatibility with Europe, ensuring that London remains a viable hub for global crypto business even post-Brexit. For firms operating in both jurisdictions, this reduces compliance friction. You can largely adapt one set of controls to satisfy both regimes.

Anti-Money Laundering (AML) Updates: The Next Layer

Regulation isn’t just about authorization. It’s also about preventing crime. On September 2, 2025, HM Treasury published draft amendments to the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 UK laws governing anti-money laundering compliance, updated to include specific rules for cryptoasset firms. These updates are critical. They address customer due diligence, pooled client accounts, trust registration, and information sharing.

The goal is a risk-based, proportionate AML regime. Small firms won’t face the same bureaucratic burden as large exchanges, but everyone must verify their customers. The stakeholder feedback period for these AML amendments closed on September 30, 2025. Expect final rules to tighten around identity verification and transaction monitoring. If your current KYC (Know Your Customer) processes are weak, now is the time to upgrade. The FCA will not tolerate lax standards.

What Happens Next? Implementation Timeline

The path forward is phased. Here’s what you need to prepare for:

• Core Regulated Activities: The draft Order is "near-final." Once passed, firms engaged in the five regulated activities must apply for FCA authorization. The technical comment period ended May 23, 2025, signaling rapid legislative movement.
• FCA Discussion Paper: Published on May 2, 2025, this document outlines the regulator’s specific expectations. Use it as your playbook. It details prudential requirements, conduct standards, and consumer protection measures.
• Market Abuse and Admissions: These regimes are forthcoming "in due course." This means rules around insider trading, market manipulation, and listing requirements for cryptoassets are still being drafted. Keep an eye on HM Treasury announcements throughout 2026.
• Rulebooks and Guidance: Following the statutory instrument’s passage, the FCA will publish detailed rulebooks. These will provide the granular instructions needed for day-to-day compliance.

For traditional financial services firms, the transition might be smoother. You likely already have compliance infrastructure. For crypto-native startups, the challenge is significant. You need to build governance, risk management, and reporting systems from scratch. The cost of compliance is real, but the cost of exclusion is higher. Without authorization, you cannot legally serve UK customers.

Practical Steps for Compliance

If you’re wondering where to start, here is a checklist based on expert analysis from firms like Reed Smith and Hogan Lovells:

1. Map Your Activities: Do you operate an exchange? Provide custody? Issue stablecoins? Be honest. Misclassification can lead to severe penalties.
2. Assess Territorial Reach: Are you serving UK customers? Even if you’re based overseas, you likely need authorization.
3. Review DeFi Exposure: If you claim to be DeFi, ensure there is truly no controlling party. If there is, prepare for regulation.
4. Upgrade AML/KYC: Align with the updated Money Laundering Regulations. Ensure you can trace funds and verify identities effectively.
5. Engage with the FCA: Don’t wait for enforcement. Start informal discussions with the regulator to understand their expectations for your specific business model.

The UK government is positioning London as a global leader in compliant crypto innovation. They want clarity, safety, and growth. By following these rules, you’re not just avoiding fines; you’re gaining legitimacy. In a market plagued by scams and collapses, regulatory approval is a powerful trust signal for your customers.