Introduction

The digital assets industry has matured and segmented into distinct market verticals. Tokenisation is expanding beyond securities into private credit, real estate, and carbon markets. Prediction markets have become a multi-billion-dollar asset class. AI agents are transacting autonomously on-chain. DeFi strategies are being packaged into regulated fund and ETP structures. And all of it is settling on stablecoin rails. Regulation is catching up – frameworks are taking shape across the EU, UK, and US, bringing both clarity and new compliance demands, though significant uncertainty remains across product categories and jurisdictions.

This report is written by Web3-native legal practitioners – for the teams building and operating in this space. It focuses on the legal and regulatory developments that will matter most to projects based in – or targeting – the EU and UK markets in 2026. Our digital assets team offers this report to map the nine trends that will define the digital asset landscape in 2026 – through the lens of EU and UK regulation.

Executive Summary (2026 in One Page)

2026 is the year digital assets stop being “one industry” and become a stack of distinct, regulated verticals – tokenisation, DeFi strategy products, vault infrastructure, privacy tech, prediction markets, and AI agents – most of them increasingly settling on stablecoin rails. In the EU, MiCA is in active enforcement, tax transparency regimes (DAC8/CARF) begin capturing reportable data from 1 January 2026, and stablecoin distribution faces a live perimeter issue where MiCA (EMTs) intersects with payment services rules. For EU/UK-facing teams, the strategic shift is clear: success in 2026 depends less on “narrative” and more on classification, licensing perimeter, market integrity controls, and accountable operational design.

The 9 Trends at a Glance

• Regulation is arriving (unevenly): MiCA enforcement, AMLA direction of travel, and DAC8/CARF reporting reshape how products onboard, custody, and serve EU/UK users.
• Tokenisation expands beyond securities: private credit, real estate, carbon, revenue streams, and IP tokenisation move from pilots into production use cases.
• DeFi securitisation goes mainstream: on-chain yield and risk are packaged into regulated wrappers (funds, notes, ETPs), pulling DeFi into MiFID/Prospectus/AIFMD-style constraints.
• RWA lending scales via tokenised collateral: tokenised assets become programmable collateral, but enforceability, perfection, and liquidation remain legally architecture-dependent.
• Vault infrastructure becomes the DeFi “operating system”: ERC-4626-era vaults standardise strategy execution, risk limits, fees, and delegated decision-making – raising curator liability questions.
• Privacy splits into “compliant” vs “anonymous”: selective disclosure and audit-friendly privacy gain institutional acceptance, while access to regulated rails narrows for full anonymity.
• Prediction markets become infrastructure: volumes and use cases expand, but classification (derivatives vs gambling vs “information markets”) and integrity risks dominate the legal analysis.
• AI agents transact on-chain: agentic commerce grows, with new identity and payment rails – but liability attribution and contracting assumptions lag behind capabilities.
• Stablecoins become the settlement layer for everything: tokenisation, DeFi, AI agents, and prediction markets increasingly run on stablecoin rails – making stablecoin compliance a distribution bottleneck.

1. The Regulatory Landscape – A Work in Progress

For years, the dominant narrative around crypto regulation was that it was "coming." In 2026, it is arriving – unevenly, across jurisdictions and product categories. The regulation is being built in real time, with different jurisdictions moving at different speeds and the industry itself shaping the outcome.

MiCA is now in active enforcement. The transitional period for existing crypto-asset service providers ends on 1 July 2026 in member states that chose the maximum 18-month window – including France, Luxembourg, and Malta. The European Anti-Money Laundering Authority – operational since July 2025 – assumed the EBA's AML/CFT mandates on 1 January 2026; from 2028 it will begin direct supervision of up to 40 selected high-risk financial institutions/groups, a category that can include CASPs.

A more immediate deadline is the PSD2/MiCA dual licensing requirement for stablecoin services. The European Banking Authority's No Action Letter (Opinion EBA/Op/2025/08) confirmed that e-money tokens have a dual legal nature – they are both crypto-assets under MiCA and electronic money under PSD2. CASPs that provide custody or transfer services for e-money tokens may need PSD2 authorisation where those activities qualify as payment services under PSD2 (in addition to MiCA authorisation). The EBA set 2 March 2026 as the enforcement date, after which national competent authorities should require PSD2 authorisation for these activities. This creates a cumulative capital requirement – a CASP falling under MiCA class 2 must hold EUR 125,000 in initial capital under MiCA, with PSD2 authorisation potentially adding further own-funds/capital requirements depending on the PSD2 permission category and scope. Industry participants, including Circle, have warned that the dual licensing burden risks undermining euro stablecoin competitiveness. The EBA has proposed two long-term fixes: amending MiCA to incorporate key PSD3 payment safeguards directly, or modifying PSD3 to exempt MiCA-authorised entities. Neither is resolved, and the March deadline is now days away.

The European Parliament's February vote backing the digital euro as "essential" for EU monetary sovereignty reinforces the direction. The ECB's "Appia" initiative – launched in 2025 – envisions a public-private partnership spanning CBDC, tokenised deposits, and euro stablecoins. If the digital euro regulation is adopted, the ECB targets first issuance during 2029. The strategic concern is explicit: USD-denominated stablecoins risk displacing euro commercial bank money in cross-border payments.

Tax transparency is equally consequential. CARF and DAC8 are now operational (DAC8 now applies in the EU; CARF implementation is underway in committed jurisdictions). Data collection began on 1 January 2026, with first automatic exchange between tax authorities due in 2027. Forty-eight jurisdictions have committed to implement CARF for the 2026 reporting period, though at least 12 EU member states missed the transposition deadline. Pseudonymity on centralised platforms has ended for tax purposes. Transfers to self-custody wallets are reportable under DAC8/CARF-style rules (subject to final national implementing details). For a detailed breakdown of the reporting obligations and compliance requirements, see our guides on CARF and DAC8 explained and how the OECD's global crypto tax reporting rules affect your project.

In the UK, the Financial Conduct Authority has pencilled in October 2027 as its go-live date for comprehensive crypto-asset regulation, with a consultation framework taking shape through 2026. The approach appears to prioritise investor protection and market integrity, drawing on MiFID-style principles rather than MiCA's bespoke taxonomy.

In the United States, the GENIUS Act was signed into law and the CLARITY Act continues through Congress. The SEC and CFTC operate under the Presidential Working Group's policy direction, with enforcement actions as the de facto regulatory tool. US posture affects token classification and exchange listings globally – but EU and UK frameworks remain the primary compliance obligations for projects serving European users.

We expect that regulation will continue to evolve throughout 2026 and beyond as an ongoing process of rulemaking, consultation, and negotiation between regulators and industry participants on the rules of the game. The direction is toward greater clarity – but the details will be worked out in real time.

2. Tokenisation of Assets – Securities and Beyond

Tokenisation has been discussed for years. In 2026, three things are happening simultaneously: the infrastructure is maturing, the regulatory picture is becoming clearer, and real use cases are appearing at scale.

The SEC's January 2026 statement on tokenised securities – a joint release from the Divisions of Corporation Finance, Investment Management, and Trading and Markets – provides a useful taxonomy. It distinguishes two broad categories: issuer-sponsored (direct) tokenisation, where the issuer itself uses blockchain as the master securityholder record; and third-party tokenisation, which subdivides into custodial models (a third party issues a token representing a security held in custody) and synthetic models (a third party issues its own security providing synthetic exposure to an underlying asset, without conveying voting rights or direct claims on the issuer). Of these, synthetic tokenisation is likely to see the earliest adoption at scale – it avoids restructuring existing issuance and custody arrangements. Custodial and direct models will follow as infrastructure matures.

Along with tokenisation of quoted shares and debt, we expect 2026 to bring a widening variety of tokenised assets and strategies – from private credit and fund interests to real estate, data centre capacity, carbon credits, revenue streams, and intellectual property. The pipeline is no longer limited to proof-of-concept pilots; projects are moving into production across asset classes that were purely theoretical two years ago.

3. Securitisation of On-Chain Strategies – Packaging DeFi For Institutional Allocation

If tokenisation brings real-world assets on-chain, securitisation of DeFi assets and strategies does the reverse – packaging on-chain value, yield and risk into conventional, regulated financial products.

MiFID II, the EU Prospectus Regulation, and MiCA all intersect when a DeFi strategy is packaged into a listed security. Which regulator has jurisdiction depends on whether the underlying token is classified as a crypto-asset under MiCA or a financial instrument under MiFID II – and ESMA's MiCA classification guidelines are intended to promote consistent approaches across NCAs, but in practice there may still be member-state differences in interpretation and application. AIFMD 2 is due to start applying from 16 April 2026 (and Member States must transpose it by that date), introducing enhanced liquidity management and safekeeping requirements that directly affect fund vehicles investing in DeFi protocols. For fund managers and structured product issuers, the legal architecture for DeFi securitisation must be built now.

In 2025 the milestone product was WisdomTree's Physical Lido Staked Ether ETP, launched on Deutsche Börse Xetra, SIX Swiss Exchange, and Euronext. It is Europe's first fully staked Ethereum exchange-traded product – backed entirely by Lido's stETH, with staking rewards flowing to unitholders through NAV growth rather than cash distributions. 21Shares followed with ETPs tracking Ethena and Morpho, expanding the range of DeFi protocols accessible through listed products. We expect 2026 to bring a wave of new ETP launches with DeFi assets and strategies as the underlying – as issuers move beyond single-token exposure toward more complex on-chain yield and risk profiles.

Apart from exchange-traded products, we expect DeFi and yield strategies to be increasingly securitised through traditional hedge fund structures and structured products – wrapping on-chain exposure into vehicles that institutional allocators already understand and can hold within existing mandates.

4. RWA Lending Markets – Tokenised Collateral

Once an asset exists as a token on-chain, it becomes programmable collateral – capable of being locked, liquidated, and transferred through smart contract logic rather than manual processes.

Lien perfection on tokenised collateral sits at the intersection of property law, securities regulation, and smart contract architecture. In the EU, the Financial Collateral Directive provides a framework for collateral arrangements involving "financial instruments", and in the UK the equivalent baseline regime is the Financial Collateral Arrangements (No. 2) Regulations 2003. In both systems, however, how (and whether) tokenised financial instruments can be effectively collateralised, perfected, and enforced when held and liquidated through DeFi protocol mechanics remains fact-specific and unsettled.

For DeFi protocols entering the RWA space, the deeper structural question is whether compliance requirements can coexist with permissionless, non-custodial architecture. Traditional financial regulation assumes the existence of identifiable intermediaries who can identify beneficial owners, freeze assets pursuant to court orders, and transfer collateral to a liquidator in insolvency proceedings. These functions are foundational to securities law, AML frameworks, and creditor protection regimes. Decentralised protocols, by design, lack a central operator capable of performing them. The emerging hybrid models – permissioned on the side of borrowers, permissionless on the side of liquidity providers – are attempts to bridge this gap, but they introduce their own tensions: a protocol that can whitelist, restrict, or freeze positions starts to resemble the regulated intermediary it was designed to displace.

Aave – the largest decentralised lending protocol – has launched a dedicated RWA lending market, Aave Horizon, on Ethereum, where qualified borrowers post tokenised collateral (including Superstate's US Treasury and crypto carry funds, Centrifuge's tokenised Janus Henderson products, and Circle's yield fund) and borrow stablecoins such as USDC, RLUSD, and GHO. The architecture is deliberately dual-sided: the collateral side is permissioned – only allowlisted investors who pass issuer-level KYC can supply RWAs – while the stablecoin lending side is permissionless, open to anyone.

We expect this trend to accelerate in 2026, with RWA-backed collateral appearing on major DeFi lending venues – protocols that already have the lending and risk management infrastructure to support non-native collateral types.

5. Vault Infrastructure (ERC-4626 Era) – The Core DeFi Primitive

ERC-4626 – the tokenised vault standard – has become the foundational architecture of decentralised finance. Extensions like ERC-7540 (asynchronous operations) and ERC-7575 (multi-asset vaults) broaden ERC-4626 beyond simple synchronous yield vaults, and ERC-7887 (2025) further extends the async pattern by adding cancellation mechanics for pending deposit/redemption requests – useful where RWAs introduce settlement delays and long redemption windows.

Vault infrastructure is rapidly evolving across lending, strategy, and institutional wrappers – such as Morpho, Euler, Mellow and Upshift, among many others. Each architecture embodies a different philosophy about centralisation, risk management, and composability – and each creates different legal exposures.

Risk curators such as Gauntlet and Steakhouse Financial define vault parameters – allocating capital, setting risk parameters, and adjusting exposures. Gauntlet alone curates around USD 1.5 billion in TVL. The top curators control the majority of all curated vault assets – a concentration that mirrors traditional asset management and raises the same systemic risk questions. In many cases, curators function as discretionary asset managers – making allocation decisions that directly affect depositor returns and risk exposure.

What happens when those decisions go wrong is legally uncertain. When the Stream Finance vault lost USD 93 million in November 2025 due to a curator-initiated liquidation cascade, the question of who bears responsibility – the curator, the protocol, the depositors who accepted the risk, or the auditors – had no clear legal answer.

Vaults are becoming the "operating system" layer for on-chain asset management: a standardised container for custody, strategy execution, risk limits, fees, reporting, and delegated decision-making. For institutional allocators, the appeal is controllable process – pre-defined mandate constraints, auditable flows, automated rebalancing, and the ability to outsource risk configuration to specialist curators while retaining clear mandate boundaries and governance.

As standards mature, we expect vaults to expand from a DeFi convenience into a default wrapper for on-chain funds, credit products, and structured strategies – while pushing the market to resolve the associated legal perimeter and liability questions.

6. On-Chain Privacy – Compliance vs Anonymity, GDPR, Selective Disclosures

Privacy in blockchain is splitting into two fundamentally different trajectories – and the regulatory system is choosing sides.

Compliant privacy is maturing rapidly. The Ethereum Foundation's "Privacy Stewards" initiative established a roadmap covering private writes, private reads, and private proving. Vitalik Buterin has positioned 2026 as the year Ethereum returns to its "cypherpunk" origins – with Kohaku, a privacy wallet framework designed for "default but compliant" privacy. This is the model regulators may accept: privacy that satisfies AML while preserving confidentiality. Venture capital is also explicitly leaning into this thesis: a16z crypto has framed privacy as the key competitive moat for blockchains in 2026, with “winner-take-most” dynamics around privacy-first chains.

Absolute anonymity is under existential pressure. Seventy-three Monero delistings in 2025 – a 34 percent reduction in exchange availability. EU AML rules (Regulation (EU) 2024/1624) prohibit CASPs from maintaining anonymous crypto-asset accounts or accounts enabling anonymisation/obfuscation (including through anonymity-enhancing coins) from 10 July 2027 – pushing regulated venues toward traceability. Japan and South Korea have long pushed regulated exchanges away from privacy-enhancing coins, and Dubai’s VARA and DIFC has moved to prohibit privacy tokens within its regulatory perimeter. FATF standards continue to push jurisdictions toward traceability controls (CDD/Travel Rule), even if “privacy” remains technically possible at the protocol layer.

Zcash is navigating between these poles – its roadmap and upgrades continue to prioritise usability and deployable privacy features (including institutional-friendly patterns such as ephemeral-address style approaches), and its 2026 roadmap prioritises resilience and better privacy UX. Compliance-compatible privacy, not absolute anonymity.

Privacy-preserving technologies are evolving to bridge the compliance gap. Zero-knowledge proofs have matured beyond conceptual frameworks into production deployments. Protocols like Aztec and Railgun enable transaction privacy while maintaining verifiability, though regulatory acceptance remains uncertain. Selective disclosure protocols and verifiable credentials offer a middle path: users can prove attributes (age, accreditation status, jurisdiction) without revealing full identity, satisfying certain regulatory requirements while preserving confidentiality. However, implementation of the FATF Travel Rule creates immediate friction, requiring originator and beneficiary information for virtual asset transfers conflicts directly with privacy-by-design architectures.

The European Data Protection Board's April 2025 guidelines on blockchain and personal data made clear that on-chain immutability does not exempt organisations from GDPR – including the right to erasure under Article 17. In the UK, the ICO's draft DLT guidance (consultation closed 7 November 2025) reinforces the same direction as the EDPB: privacy-by-design is non-negotiable, and projects that put personal data on-chain must justify the architecture and mitigation controls – not assume decentralisation or immutability is a compliance carve-out.

The direction in 2026 exposes irreconcilable conflicts: blockchain immutability versus GDPR-style erasure rights, and privacy demands versus identification requirements. Right to erasure fundamentally clashes with on-chain permanence, while regulators require CASPs to identify users and maintain comprehensive records, thus imposing surveillance that privacy users reject. Projects face a binary: build genuine privacy and face regulatory exclusion, or deploy "nominal privacy" for market access. Compliance architectures (selective disclosure, zero-knowledge proofs with audit hooks) may satisfy regulators, but meaningful privacy and regulatory approval remain incompatible. Full anonymity persists at protocol level but is excluded from regulated infrastructure; compliant systems sacrifice privacy for legitimacy.

7. Prediction Markets – From Experiment to Infrastructure

Prediction markets were a niche curiosity until the 2024 US presidential election turned them into front-page news. In 2025, they became an asset class. Reported total volume quadrupled from USD 15.8 billion to USD 63.5 billion, driven by Polymarket, Kalshi, and a growing number of protocol-level platforms. In 2026, the legal questions are no longer whether prediction markets will scale, but how they will be regulated across fundamentally different classification frameworks.

The classification problem is the central legal issue. In the United States, the CFTC treats event contracts as commodity derivatives and asserts exclusive federal jurisdiction. Polymarket plans to enter the US market after acquiring the CFTC-licensed exchange QCEX for USD 112 million in December 2025, and Kalshi – already a Designated Contract Market – expanded into sports event contracts in January 2025. But state gaming regulators disagree. Nevada, New Jersey, Connecticut, Tennessee, Massachusetts, and others have sought to restrict prediction market operations under state gambling laws. Federal courts in Nevada and New Jersey have been asked to address whether the Commodity Exchange Act preempts state gaming law, with outcomes that remain mixed and continue to evolve. Maryland denied Kalshi's preliminary injunction in August 2025, leaving the federal-state conflict unresolved and likely headed to higher courts.

In the EU, the picture is more fragmented. MiCA may apply to blockchain-based prediction markets insofar as they involve crypto-asset services – but the regulation does not specifically address event contracts as a product category. Individual member states have taken divergent positions: France's National Gaming Authority has moved to restrict access and require geo-blocking measures, Belgium blacklisted Polymarket, and Romania followed in after the platform hosted presidential election markets. At the beginning of 2026, Portugal also ordered a ban on Polymarket due to alleged insider trading exceeding €4 million during the presidential election, as the odds shifted dramatically two hours before the official results were announced. Across the EU, enforcement posture varies materially by member state, and there is no harmonised position on whether prediction markets constitute gambling, derivatives, or a distinct category of information markets. What is clear, however, is that prediction markets should not be structured as binary options that are available for retail consumers, as these are prohibited in the EU.

The UK’s position is still emerging. The FCA's December 2025 consultation papers on cryptoasset regulation do not specifically address prediction markets, and the new rules are not expected to take effect until October 2027. In the interim, the key constraint is not a bespoke “prediction market” regime but perimeter classification: prediction markets may sit outside the FCA’s crypto-asset perimeter depending on structure, but are not necessarily unregulated—many event-contract models will be treated as gambling (and therefore require UK Gambling Commission licensing as a betting intermediary/betting exchange), while FCA rules apply where products fall within regulated investments (e.g., spread betting). The FCA's 2019 permanent ban on binary options for retail consumers also limits “financialised” event-contract formats for retail distribution.

For a deeper analysis of the legal framework and classification challenges, see our dedicated report on why prediction markets matter in 2026.

Prediction markets are still an emerging industry, and the integrity challenges are substantial: oracle manipulation, insider trading on non-public information, wash trading, and contested market resolution can all translate into real legal and reputational exposure. The March 2025 UMA governance dispute – where concentrated voting power influenced settlement of a ~USD 7 million market in a highly disputed outcome – illustrates the gap between decentralised resolution mechanisms and conventional market integrity expectations.

We expect the use cases for prediction markets to expand beyond speculation and information discovery in 2026. Vitalik Buterin has argued that the more sustainable path lies in repositioning prediction markets as generalised hedging tools – allowing participants to offset real-world risk exposure through event contracts, rather than simply betting on outcomes.

8. AI Agents Transacting On-Chain – Contracting, Liability, and Identity Rails

AI agents on-chain are emerging as a plausible “next big thing” because they combine two forces that are now maturing in parallel: autonomous software that can make decisions and execute tasks, and internet-native payment rails that allow machines to transact without human checkout flows. a16z crypto has framed "agentic commerce" as a 2026 direction – agents paying for data, API calls, or compute through primitives like x402 that make settlement programmable and reactive – signalling that this is no longer a niche builder narrative but an emerging infrastructure thesis. AI agents are already managing wallets, executing DeFi strategies, providing liquidity, and trading autonomously, while legal frameworks remain underdeveloped – a gap that increasingly resembles the early days of crypto.

One of the most significant infrastructure developments are x402 and ERC-8004. x402 is a payment protocol originated by Coinbase and advanced in partnership with Cloudflare through the x402 Foundation. The protocol uses HTTP's 402 status code to enable native internet payments via stablecoins for machine-to-machine transactions. Public reporting on usage varies by source and timeframe (from low-single-digit millions to tens of millions of transactions), but the consistent signal is rapid growth and increasing integration into agent workflows; Stripe has also added x402 support for USDC payments on Base. ERC-8004 is the Trustless Agents standard, live on Ethereum mainnet since January 2026 – establishes on-chain registries for agent identity (ERC-721-based handles), reputation (feedback signals), and validation (independent verifier hooks including zkML provers and TEE oracles). This is the first Ethereum-native attempt to give AI agents a verifiable on-chain identity layer – a prerequisite for any regulatory framework that requires knowing who or what is transacting.

On the legal side of "agentic economy" there are significant challenges. Can an AI agent form a binding contract? Create and own IP rights? Be liable for fraud, defamation, security attack or data breach? The dominant legal position is that AI agents lack legal personhood and cannot be parties to agreements, but they can still create legally binding effects for humans or entities behind; the legal liability for agent actions traces to the operator, the deployer, or potentially the platform – but the allocation framework is undefined.

The European Commission's November 2025 study on novel forms of contracting in the digital economy – a comparative analysis across 20 EU member states – confirmed that existing contract law frameworks are not designed for AI-driven contracting. The study found that attribution of AI actions to a natural or legal person remains the dominant approach, that separate AI personhood has not gained traction, and that the validity and enforceability of contracts formed by non-deterministic AI systems remains uncertain across jurisdictions.

One emerging structuring approach is the "digital cyborg" model – combining an AI system (the decision-making layer), a corporate legal wrapper such as an ownerless foundation or algorithmically-managed DAO LLC (the legal identity layer), and a human execution mechanism (the accountability layer). This framework attempts to bridge the personhood gap before regulators resolve it – giving agents a legally recognisable container while preserving operational autonomy. Jurisdictions like Wyoming, the Cayman Islands, and the Marshall Islands already offer entity structures that can accommodate this architecture, though the approach remains largely untested under enforcement pressure.

As we also explored in our analysis – the attribution of responsibility becomes particularly complex when agents operate without direct human instruction. Compliance obligations in 2026 remain anchored to human responsibility. The gap between what AI agents can technically do and what the law allows them to do is widening.

In 2026, we expect the infrastructure for agentic commerce to mature significantly faster than the legal frameworks governing it. As agent-to-agent transactions scale through protocols like x402 and identity standards like ERC-8004 gain adoption, the first real disputes around agent liability, unauthorised transactions, and regulatory accountability are likely to surface – forcing regulators to address questions they have so far been able to defer.

9. Stablecoin Infrastructure – The Payment Rails For Everything

Stablecoins are the connective tissue of everything else on this list. Tokenised assets settle in stablecoins. Lending markets denominate collateral in stablecoins. AI agents pay for services in stablecoins. Prediction markets resolve in stablecoins. They are not a standalone trend – they are the payment rails on which the other eight trends run.

Stablecoin-as-a-service is emerging as a category. Coinbase's platform enables third parties to issue stablecoins on its infrastructure, reducing the operational and regulatory burden of launching a compliant stablecoin product. Non-financial entities are exploring branded stablecoins for ecosystem-specific use cases – gaming, media, loyalty programmes – where the stablecoin functions as both a payment instrument and a user engagement tool.

When it comes to regulations, MiCA's requirements for e-money tokens are now in effect – specific authorisation, reserve, and redemption obligations for stablecoin issuers serving EU users. Circle's USDC obtained e-money institution authorisation, establishing a compliance template that other issuers will need to match or exceed. A parallel EU constraint is the PSD2/MiCA overlap for e-money token (EMT) services: the EBA set 2 March 2026 as the end of its “no-action” period for EMT-related activities that qualify as payment services, after which NCAs are expected to require PSD2 authorisation where relevant – directly affecting stablecoin distribution, custody/transfer flows, and integration with payment rails.The compliance cost creates a barrier to entry, but it also creates commercial certainty for projects that achieve authorisation.

The US GENIUS Act – signed into law in July 2025 – provides a federal framework for payment stablecoins, establishing reserve requirements and supervisory structures. While this is primarily a US development, it affects EU and UK-based projects that interact with US-regulated stablecoins or serve US-based users.

In the UK, stablecoin regulation is converging via a two-track model. The FCA is consulting on rules for issuing "qualifying stablecoins" and safeguarding qualifying cryptoassets (including stablecoins), with final rules expected in 2026, and the wider cryptoassets regime has an application window from 30 September 2026 to 28 February 2027. In parallel, the Bank of England is consulting on a dedicated regime for sterling-denominated systemic stablecoins, with a view to finalising its rules in 2026.

The next step in 2026 is that stablecoin rails start to look less like “crypto plumbing” and more like internet-native money infrastructure: deeper integration with wallets, cards and merchant acceptance, tighter links to real-time payment systems, and more programmable payment flows that make new business models viable (micropayments, embedded payouts, agent-to-agent commerce).

Disclaimer

This report is provided for informational purposes only and does not constitute legal advice. It is not a comprehensive review of all relevant legal or market developments, and it may not address all aspects of the matters discussed. Readers should not rely on it as a substitute for professional advice and should consult qualified legal counsel before applying any information to specific issues or transactions. References to particular platforms, protocols, products, or services are for analytical purposes only and do not constitute any endorsement, recommendation, or solicitation.

The full report is available in PDF format and can be downloaded via the link.