The European Union (EU) regulatory framework has redefined Web3’s competitive landscape, unintentionally shifting the advantage of crypto startups directly into the hands of legacy financial institutions, according to Charles Guillemet, chief technology officer (CTO) of wallet maker Ledger.
While the EU’s Markets in Crypto Assets (MiCA) regulation was designed to establish a unified and secure market, industry experts warn that its pronounced financial barriers are stifling innovation in the early stages. Under this framework, crypto companies face strict tiered minimum capital requirements. Costs range from 50,000 euros ($58,000) for advisory services to 150,000 ($174,000) just to operate a trading platform, plus millions of euros in mandatory legal audit, insurance and ongoing compliance infrastructure.
An impact assessment by the EU Commission on MiCA estimated that each white paper could cost issuers between $4,500 and $87,000, depending on the complexity of the regime and the amount of legal advice required.
“I’m not sure that was the initial intention, but this is the result,” Guillemet said. “When implemented, there are two types of companies: those that can afford these compliance overheads and those that cannot. Smaller players cannot access the market, which creates a moat for larger players.”
While cryptocurrency startups see the high costs of MiCA compliance as a barrier to entry into the EU, European regulators have defended the rules, saying they are necessary to protect consumers and build widespread institutional trust.
Institutional security
The growing regulatory gap comes at a critical time as traditional finance (TradFi) moves from piloting blockchain to full-scale adoption. Guillemet recalled the listing of spot crypto ETFs in early 2024 as a major turning point, sparking significant demand from traditional banks for custody and tokenization of enterprise-grade assets.
“Before, banks mainly wanted to carry out small innovation projects,” Guillemet explained. “Now it has really changed. The main departments of the banks really want to build around cryptocurrencies and want to bet on blockchain technology.”
To capture this banking business, Ledger has expanded beyond its retail roots into a dedicated business-to-business (B2B) infrastructure. Building these institutional security structures requires a lot of money; Ledger has spent hundreds of millions of dollars over the years to maintain a huge engineering team.
“First and foremost, Ledger is a security company,” Guillemet said. “We have between 200 and 250 engineers working at Ledger to develop the technology. We have a dedicated security team, who dedicate 100% of their time to improving the security of our product. Security is fundamental to everything we do.”
Real world risks
However, Ledger’s enormous security budget is an indication of the challenges its executive team continually faces: in Web3, even hundreds of millions of dollars in engineering defenses cannot guarantee absolute immunity.
As Guillemet pitches Ledger’s enterprise architecture to traditional banks, the company’s historical vulnerabilities underscore the relentless operational risks facing public blockchains.
Ledger previously reported a cloud breach involving a third-party processor. That incident followed a major data breach in 2020 that affected 270,000 customers and an exploit in 2023 that drained $500,000 from decentralized applications.
As traditional banks rush to add real-world assets to public blockchains, they are turning to native crypto security companies to manage these operational risks. The end result is a changing landscape: while smaller startups are shut out of Europe due to high compliance costs, traditional financial institutions are moving in, using native cryptographic codes to build the new pipelines of global finance.
