Overview
The focus of enforcement actions against digital asset firms is continuously evolving. 2025 was a year of change in the United States with respect to attitudes towards the crypto industry. We saw in particular, a move away from so-called ‘regulation by enforcement’ and the SEC taking steps to dismiss several high-profile cases. This shift of approach in the United States has however coincided with an uptick in regulator enforcement against digital asset firms elsewhere.
Evidently breaches of AML/CFT legislation continue to be a focal point for regulators but there has also been an increase in warnings, fines and proceedings (including website blackout orders, orders to refrain from making a public offer or to stop conducting certain types of business) against digital asset firms acting without appropriate licences or permissions. In the following article we set out a snapshot of these types of enforcement actions around the world which we track at aosphere as part of our Rulefinder Crypto Assets service.
EU
Following the full entry into force of the European Commission’s Regulation on Markets in Cryptoassets (MiCA) from 30 December 2024, there has been a considerable increase in Member States taking action against digital asset firms that do not have appropriate authorisations including the following:
In January 2026, the AMF and the ACPR issued warnings against several entities in France that are offering investments in the unregulated foreign exchange market and in crypto-assets derivatives without being authorised to do so
In November 2025, the Spanish CNMV fined X, formerly known as Twitter, for failing to prevent unauthorised cryptocurrency advertisements
The Italian regulator (Consob) and the German regulator (BaFin) have been particularly active at issuing warnings and website blackouts against firms that they suspect are offering consumers cryptoasset services without the required authorisation. Both regulators publish regular warnings on their websites
In November 2025, Austria’s FMA ordered a firm to refrain from making a public offer of an asset-referenced token in violation of the MiCA Ordinance Enforcement Act
In May 2025, the DNB of the Netherlands imposed an administrative fine on a fintech firm. The fine was imposed as the firm offered crypto services in the Netherlands without DNB registration
UK
In October 2025, the FCA issued warnings against a number of websites1 for providing or promoting financial services or products without appropriate permissions. In the warnings, the FCA stated that the firms in question were not authorised by the FCA but that they may be targeting people in the UK. As at Q3 2024, the FCA had issued 1,702 consumer alerts about illegal crypto promotions, taken down over 900 scam crypto websites and removed 56 apps from UK apps stores. The warnings relate to firms making crypto promotions without being appropriately authorised or registered with the FCA.
The FCA has also been taking enforcement actions against operators of illegally operated crypto ATMs in the UK. The FCA approach to enforcement more generally has been under scrutiny recently, after initial proposals to ‘name and shame’ persons under investigation were met with industry pushback and in June 2025, the FCA published an updated version of its enforcement guide.
1 See links: FCA Warning | FCA Warning | FCA Warning
Middle East
Regulators in the UAE and ADGM have also been active:
In October 2025, VARA imposed financial penalties on 19 firms for carrying out unlicensed virtual asset activities and for breaches of VARA's marketing regulations. Sanctions included cease and desist orders and fines ranging from AED 100,000 to AED 600,000, calibrated to the seriousness and scope of the violations
ADGM’s FSRA took enforcement action following an investigation into serious regulatory breaches and misconduct related to the a group of companies. Amongst other breaches and misconduct identified by the FSRA, the findings included that significant unlicensed financial services activity had been carried out in relation to virtual assets in ADGM. The enforcement action resulted in the cancellation of the firm’s ADGM financial services permission as well as financial penalties totalling USD 8.85 million being imposed across the four parties involved
APAC
In Australia, ASIC has been pursuing a number of digital asset firms for operating without the appropriate licence or for failure to comply with laws and regulation around promotion including the following:
In January 2026, the Federal Court found that a firm must pay AUD 14 million in pecuniary penalties over its promotion and operation of its crypto wallet product without having the appropriate licence
In December 2025, the Federal Court found that a blockchain mining company had operated a financial services business without an Australian financial services licence. The entities involved have been permanently restrained by the court from operating a financial services business. The court has ordered that the entities be wound up and liquidators appointed
In Japan, in December 2024, the FSA issued a warning to five overseas crypto exchanges2 for operating crypto exchange services targeting Japanese residents without proper registration. According to the FSA all five firms conducted crypto exchange operations on the internet targeting Japanese residents in violation of Japanese law. Warnings issued against entities engaging in crypto-asset exchange services without necessary registration are regularly published.
2 See links: FSA Warning | FSA Warning | FSA Warning | FSA Warning | FSA Warning
United States
In April 2025, the Department of Justice of the United States issued a memorandum entitled “Ending Regulation by Prosecution” stating that the Department of Justice would no longer pursue litigation or enforcement actions that have the effect of superimposing frameworks on digital assets. The SEC has dismissed a number of notable cases stating that they will instead focus on fraud prosecution. It is important to note that state regulators are, however, beginning to actively enforcing digital assets licensing requirements including the following:
In January 2026 the California DFPI announced that a crypto lending platform would pay a USD 500,000 in penalties for violating California financial laws, including making loans to California residents without a licence
The Washington DFI issued a temporary order to cease and desist requiring a money services business to stop conducting money transmitter business for customers in Washington without the prior approval of the DFI
Conclusion
In conclusion, digital asset firms need to continue to ensure that they are in compliance with local law and regulation. Regulators are increasingly pursuing enforcement actions and/or issuing warnings against those firms who breach local licensing requirements or who offer unauthorised products and services. This is combined with an ongoing focus on AML/CTF, fraud and consumer protection. As the developments in digital assets legislation show no signs of letting up, we can only expect this trend to continue.
Tracking change with aosphere
Rulefinder Crypto Assets offers practical analysis of crypto asset regulation in key financial markets, helping you understand the latest positions, tackle regulatory challenges and see what’s coming. The service also includes a horizon-scanning, curated alerts service and an enforcement actions tracker giving a snapshot of global actions taken against firms in relation to crypto asset regulation and activity.
