Overview
The regulatory landscape for digital assets has shifted more dramatically in the past twelve months than in the preceding decade. In the United States, Congress enacted its first comprehensive crypto legislation, the SEC pivoted from enforcement-first to engagement-first, and states from New York to California continued building their own licensing regimes. Across the Atlantic, the European Union’s Markets in Crypto-Assets Regulation (MiCA) moved from blueprint to enforcement, with over 40 crypto-asset service provider (CASP) licenses issued and a hard deadline of July 1, 2026 approaching for full compliance.
For business leaders and investors navigating this environment, the challenge is not the absence of regulation—it is the sheer volume and fragmentation of it. The United States still has no single legal category called “cryptocurrency.” A digital asset can simultaneously be an investment contract under the Howey test, a commodity under the Commodity Exchange Act, a payment instrument triggering money transmission rules, and property for tax purposes. Layer state licensing requirements on top of federal frameworks, then add the EU’s own comprehensive regime, and the compliance picture becomes formidable.
At Burrell Harper + Co. LLC (“BH+Co”), we believe this patchwork of regulations creates real risk and uncertainty for the businesses and investors we advise. What follows is our assessment of where things stand and what demands attention.
Federal Legislation: The GENIUS Act and the CLARITY Act
The most consequential development of 2025 was the passage of the GENIUS Act (Guiding and Establishing National Innovation for U.S. Stablecoins Act of 2025). Signed into law by President Trump on July 18, 2025, the GENIUS Act represents the first major federal crypto legislation in U.S. history. It establishes a comprehensive regulatory framework for payment stablecoins, requiring issuers to maintain 1:1 reserve backing with high-quality liquid assets, submit to monthly independent attestations, and comply with Bank Secrecy Act anti-money laundering obligations. The Act creates both federal and state regulatory pathways: banks may issue stablecoins through authorized subsidiaries under OCC, Federal Reserve, or FDIC oversight, while state-regulated issuers with under $10 billion in outstanding stablecoins may opt into a state regime—provided that regime is “substantially similar” to the federal framework. (See S.394, 119th Congress; White House Fact Sheet, July 18, 2025.)
The implementing regulations are still being written. The FDIC approved a proposed rulemaking for application procedures in December 2025. The Treasury Department issued an advance notice of proposed rulemaking in September 2025. The OCC conditionally approved five national trust bank charters for digital asset firms—including Circle, Ripple, Paxos, BitGo, and Fidelity Digital Assets—in December 2025. Final implementing regulations are expected by July 2026, with the GENIUS Act provisions taking effect no later than January 2027.
Meanwhile, the House passed the Digital Asset Market Clarity Act of 2025 (the “CLARITY Act,” H.R. 3633) with bipartisan support. The CLARITY Act aims to resolve the long-running jurisdictional friction between the SEC and CFTC by defining when a digital asset is a security versus a commodity and establishing registration and oversight requirements for digital commodity brokers, dealers, and exchanges. The Senate Banking Committee and Agriculture Committee worked on their own drafts through December 2025. White House crypto adviser David Sacks indicated that a Senate markup was expected in early 2026, though the bill has not yet been enacted.
The SEC’s Shift: From Prosecution to “Project Crypto”
The arrival of SEC Chair Paul Atkins in April 2025 brought a decisive philosophical change. The SEC dropped nearly all enforcement actions commenced under the prior administration that were based on unregistered broker-dealer or exchange theories without accompanying fraud allegations. The agency’s internal Crypto Task Force—which met with industry leaders including Strategy’s Michael Saylor in February 2025—began crafting workable registration paths and disclosure models. In November 2025, Chair Atkins announced “Project Crypto,” proposing a taxonomy that distinguishes between digital commodities, collectibles, utility tools, and tokenized securities—and introducing a forthcoming “Regulation Crypto” with anticipated 2026 rulemakings. The Department of Justice, in parallel, issued a memorandum titled “Ending Regulation by Prosecution,” re-scoping enforcement to prioritize fraud, sanctions evasion, and misappropriation of client assets.
State-Level Frameworks: New York and California
While federal legislation advances, state regimes remain critical—and divergent.
New York continues to operate its BitLicense framework (23 NYCRR Part 200), administered by the Department of Financial Services (NYDFS), which has been in effect since 2015. It remains one of the most comprehensive and demanding state-level crypto licensing regimes in the country, requiring extensive documentation, cybersecurity controls, AML programs, and ongoing compliance reporting. New York also continues to charter limited purpose trust companies for digital asset businesses. In 2025, the New York State Legislature introduced S.4728A, establishing a cryptocurrency and blockchain study task force to review the industry’s impact on the state and supplement the BitLicense framework. A separate Assembly bill (A.7788) would authorize state agencies to accept cryptocurrency as a form of payment.
California is the next major state to enter the field. The Digital Financial Assets Law (DFAL), signed into law in 2023 and amended by AB 1934 in 2024, takes effect on July 1, 2026. Beginning on that date, any business engaging in digital financial asset business activity with California residents—including exchange, transfer, custody, or administration of digital assets—must hold a license from the California Department of Financial Protection and Innovation (DFPI) or have a pending application on file. Modeled in part on New York’s BitLicense, California’s DFAL includes stablecoin-specific provisions, enhanced record-keeping requirements, and enforcement penalties of up to $100,000 per day for unlicensed activity. (See AB 39, SB 401, AB 1934; DFPI proposed regulations, April 4, 2025.)
For businesses operating across multiple states, the compliance burden is significant. Each state applies its own licensing, bonding, and reporting requirements. There is no federal preemption, and the GENIUS Act explicitly preserves the state regulatory role for smaller stablecoin issuers.
The European Union: MiCA in Full Force
The EU’s Markets in Crypto-Assets Regulation (MiCA, Regulation (EU) 2023/1114) represents the world’s first comprehensive, harmonized crypto regulatory framework. MiCA entered into force in June 2023, with stablecoin provisions (covering Asset-Referenced Tokens and E-Money Tokens) applicable from June 30, 2024, and the full CASP licensing regime applicable from December 30, 2024.
As of mid-2025, over 40 MiCA licenses had been issued across EU member states. However, implementation has been uneven. National transitional periods vary dramatically—the Netherlands required compliance by July 2025, Germany and Austria by December 2025, while France, Malta, Luxembourg, and Estonia adopted the maximum 18-month grandfathering period, extending until July 1, 2026. After that date, there is no further grace period: CASPs without MiCA authorization must cease operations in the EU.
MiCA requires 1:1 reserve backing for stablecoins, mandatory audits, comprehensive AML/KYC compliance, market abuse prevention, and detailed consumer disclosures. It introduces EU-wide passporting rights, allowing a CASP licensed in one member state to serve clients across all 27. But the regulation also imposes transaction caps on non-euro stablecoins (1 million daily transactions or €200 million in payment value), which has practical consequences for U.S. dollar-denominated stablecoins operating in Europe. Major stablecoins like Tether’s USDT have faced compliance challenges, with several exchanges restricting or delisting non-compliant tokens.
Additional EU frameworks compound the compliance picture. The Digital Operational Resilience Act (DORA), effective January 2025, applies cybersecurity and IT risk management requirements to crypto firms licensed under MiCA. The DAC8 Directive (the EU’s implementation of the OECD’s Crypto-Asset Reporting Framework) took effect on January 1, 2026, requiring crypto service providers to report transaction data to tax authorities. And the EU’s Anti-Money Laundering Authority (AMLA), launching in 2026, will directly supervise the largest cross-border crypto firms. (See ESMA MiCA Register; European Commission DAC8; Regulation (EU) 2023/1114.)
What the Industry Is Saying
The regulatory shift has not gone unnoticed by those shaping the industry.
Michael Saylor, Executive Chairman of Strategy (formerly MicroStrategy), met with the SEC’s Crypto Task Force in February 2025 to advocate for a formal digital asset taxonomy. During Strategy’s Q2 2025 earnings call, Saylor stated that it would be “beneficial to the market if they nail down the digital assets taxonomy”—clarifying what constitutes a digital security, a digital commodity, and a tokenizable asset. Saylor has proposed that 40 million businesses could ideally issue a token in four hours for $40 under a properly defined framework, and he has endorsed the CLARITY Act as creating “a very rich framework” for the industry. (See also Saylor’s White House Digital Assets Summit presentation, March 2025.)
Marco Santori, the attorney widely known as the “Dean of Digital Currency Lawyers” and creator of the SAFT framework, left his role as Chief Legal Officer at Kraken in early 2025 to join Pantera Capital as a General Partner. Santori described the current U.S. policy environment as a historic turning point, crediting the SEC’s shift and Congress’s move toward CFTC-led, principles-based regulation as creating “a better investor environment than I could have sculpted from raw clay.” His move from law to investment speaks to the confidence that the regulatory fog is clearing—at least on the U.S. side.
Vitalik Buterin, co-founder of Ethereum, has been more critical—particularly of Europe. In a December 2025 post on X, Buterin warned that the EU’s Digital Services Act risks creating a digital environment with “no space” for innovation or controversial ideas. He urged European governments to adopt a “user empowerment” approach rather than a surveillance-first philosophy. Buterin has also endorsed privacy-preserving technologies, praising Zcash and its creator Zooko Wilcox, and has called the U.S. crypto regulatory environment a case of “anarcho-tyranny” where projects with vague promises face less scrutiny than those with clear value propositions. At the Ethereum Community Conference in July 2025, Buterin warned that decentralization must evolve from a catchphrase to concrete user guarantees—including meaningful privacy defaults.
Zooko Wilcox-O’Hearn, creator of Zcash, continues to champion privacy as a foundational right in financial technology. As MiCA enforcement and the EU’s Travel Rule push exchanges to delist privacy coins, and as U.S. sanctions enforcement (notably the Tornado Cash case) tests the limits of open-source code liability, Wilcox’s work has become a focal point in the debate between regulatory transparency and individual privacy. Buterin’s public endorsement—”Zcash good, Zooko good”—underscored the growing recognition that privacy-preserving technology and regulatory compliance need not be mutually exclusive. Buterin has also weighed in on Zcash’s governance debate, cautioning that token-weighted voting models could undermine the project’s privacy mission.
Implications for Business Leaders and Investors
The regulatory environment is moving fast, but it is moving unevenly. That unevenness creates both opportunity and risk.
For U.S.-focused businesses: The GENIUS Act is law, but its implementing regulations are still being drafted. The CLARITY Act remains pending in the Senate. State licensing deadlines—particularly California’s July 1, 2026 DFAL deadline—are approaching. Businesses should not wait for federal clarity to begin state-level compliance work. The cost of non-compliance in California alone can reach $100,000 per day.
For businesses with EU exposure: The MiCA grandfathering period ends on July 1, 2026. CASPs that have not obtained authorization must stop providing regulated services in the EU. With ESMA flagging that last-minute applications will face heightened scrutiny, the window for preparation is closing. The layered compliance obligations—MiCA, DORA, DAC8, AMLA—demand coordinated planning, not piecemeal responses.
For investors: Regulatory clarity is, on balance, a positive. The GENIUS Act has already contributed to increased institutional confidence, with global crypto assets briefly surpassing $4 trillion following enactment. The OCC’s charter approvals for major digital asset firms signal that the banking system is integrating with the digital asset ecosystem. But investors should be attentive to the risks created by jurisdictional fragmentation, the still-pending status of market structure legislation, and the potential for the 2026 midterm elections to shift the political landscape in Washington.
Our Perspective
We are at an inflection point. For the first time, major jurisdictions are building purpose-built regulatory frameworks for digital assets rather than trying to force them into existing structures designed for a different era. That is progress.
But progress is not the same as coherence. A business operating a digital asset platform from New York, serving clients in California and the EU, now faces the BitLicense, the forthcoming DFAL, the GENIUS Act’s stablecoin regime, pending CLARITY Act provisions, MiCA licensing, DORA cybersecurity requirements, DAC8 tax reporting, and AMLA oversight—each with different deadlines, different regulators, and different compliance standards. The compliance cost is substantial, and it falls disproportionately on smaller firms and startups that lack the legal infrastructure of a Coinbase or a Kraken.
We must be candid about what this means in practice: the current regulatory architecture, however well-intentioned, functions as a barrier to entry that protects incumbent platforms and entrenches their market power. When a BitLicense application costs upward of $100,000 in legal and consulting fees and takes six to twenty-four months to process, when California’s DFAL imposes fines of $100,000 per day for unlicensed activity, and when MiCA capital requirements start at €50,000 to €150,000 before a single customer is served—the effect is to price out the very startups and innovators that regulation purports to encourage. The five firms that received OCC national trust bank charters in December 2025—Circle, Ripple, Paxos, BitGo, and Fidelity Digital Assets—are not scrappy newcomers. They are billion-dollar incumbents with the resources to navigate a multi-year, multi-jurisdictional licensing process. A two-person team building a novel DeFi protocol or a privacy-preserving wallet does not have those resources, and nothing in the current framework accounts for that asymmetry. If regulators are serious about innovation, they must design compliance pathways that are proportional to firm size and risk profile—not frameworks that inadvertently consolidate market power among the largest players.
We believe the industry needs regulatory clarity, but it also needs regulatory coordination. The GENIUS Act’s provision allowing state regimes that are “substantially similar” to the federal framework is a step in the right direction. The EU’s passporting model under MiCA is another. But the transatlantic gap remains wide, and there is no mechanism for mutual recognition between U.S. and EU frameworks. Until that changes, businesses will continue to navigate a patchwork, and legal counsel will remain not a luxury but a necessity.
What’s Next
Key dates to watch in 2026:
- Early 2026: Senate markup of the CLARITY Act (market structure legislation). If enacted, this would define SEC and CFTC jurisdiction over digital assets.
- First half of 2026: Treasury, OCC, FDIC, and Federal Reserve issue final implementing regulations under the GENIUS Act.
- July 1, 2026: California’s DFAL licensing deadline takes effect. All EU MiCA transitional periods expire.
- July 18, 2026: GENIUS Act directing regulators to issue additional stablecoin regulations.
- November 2026: U.S. midterm elections, which could alter the political dynamics underlying current pro-crypto legislative momentum.
- January 1, 2027: GENIUS Act provisions take full effect (18 months after enactment).
Burrell Harper + Co. LLC advises businesses and investors on cryptocurrency regulatory compliance, digital asset structuring, and blockchain technology law. If you have questions about how these developments affect your operations, contact us.
This content is for informational purposes only and does not constitute legal or investment advice. Cryptocurrency investments carry significant risk. Readers should consult with qualified legal and financial advisors before making decisions based on the information presented here.