The European Union’s (EU) regulatory framework has redefined the competitive landscape of Web3, unintentionally shifting the advantage away from crypto startups, directly into the hands of legacy financial institutions, according to Charles Guillemet, chief technology officer (CTO) at wallet maker Ledger.
While the EU’s Markets in Crypto-Assets (MiCA) regulation was designed to establish a unified, secure market, industry insiders warn its steep financial barriers are choking early-stage innovation. Under the framework, crypto companies face strict tiered minimum capital requirements. The costs range from 50,000 euros ($58,000) for advisory services to 150,000 ($174,000)just to operate a trading platform, on top millions of euros in mandatory legal auditing, insurance, and continuous compliance infrastructure.
An impact assessment by the EU Commission on MiCA estimated that each white paper could cost issuers between $4,500 and $87,000, depending on the complexity of the regime and the amount of legal advice required.
“I’m not sure that was the initial intent, but this is the result,” Guillemet said. “When it’s implemented, you have two kinds of companies: those who can pay for this compliance overhead, and the other ones that can’t. Smaller players cannot access the market, which creates a moat for the bigger players.”
While crypto startups view the high costs of MiCA compliance as a barrier to entry in the EU, European regulators have defended the rules, saying they are required to protect consumers and build mainstream institutional trust.
Institutional security
The widening regulatory gap comes at a critical time when traditional finance (TradFi) transitions from testing blockchain to full-scale adoption. Guillemet recalled the listing of spot crypto ETFs in early 2024 as a significant turning point, which sparked significant demand from traditional banks for enterprise-grade custody and asset tokenization.
“Before, banks mostly wanted to do small innovation projects,” Guillemet explained. “Now, it really changed. The main departments of banks really want to build around crypto, and they want to go all-in on blockchain technology.”
To capture this banking business, Ledger has been expanding past its retail roots into a dedicated business-to-business (B2B) infrastructure. Building these institutional security setups requires serious cash; Ledger has spent hundreds of millions of dollars over the years to maintain a massive engineering team.
“First and foremost, Ledger is a security company,” Guillemet said. “We have around 200 to 250 engineers who are working at Ledger to build the technology. We have a dedicated security team, who spend 100% of their time improving the security of our product. Security is front and center in everything we do.”
Real-world risks
However, Ledger’s massive security budget is an indication of the challenges its executive team continuously faces: in Web3, even hundreds of millions of dollars in engineering defenses cannot guarantee absolute immunity.
While Guillemet introduces Ledger’s enterprise architecture to traditional banks, the firm’s historical vulnerabilities underscore the relentless operational risks public blockchains face.
Ledger previously reported a cloud breach involving a third-party processor. That incident followed a major 2020 data breach affecting 270,000 customers, and a 2023 exploit that drained $500,000 from decentralized applications.
As traditional banks rush to bring real-world assets onto public blockchains, they are leaning on native crypto security firms to handle these operational risks. The end result is a shifting landscape: while smaller startups are being priced out of Europe by high compliance costs, traditional financial institutions are moving in, using native crypto code to build the new plumbing of global finance.
