The European Union’s (EU) regulatory framework has redefined the competitive landscape for Web3, unintentionally shifting the advantage of crypto startups into the hands of traditional financial institutions, according to Charles Guillemet, chief technology officer (CTO) at wallet maker Ledger.
While the EU’s Markets in Crypto Assets (MiCA) regulation was designed to establish a unified and secure market, industry experts warn that its high financial barriers stifle early-stage innovation. Under this framework, crypto companies are subject to strict minimum capital requirements. Costs range from 50,000 euros ($58,000) for consulting services to 150,000 ($174,000) for consulting services. just to operate a trading platform, in addition to millions of euros in mandatory legal auditing, insurance and ongoing compliance infrastructure.
A European Commission impact assessment of MiCA estimated that each white paper could cost issuers between $4,500 and $87,000, depending on the complexity of the regime and the amount of legal advice required.
“I’m not sure if that was the original intention, but here’s the result,” Guillemet said. “When it’s implemented, you have two types of companies: those that can pay for these compliance fees, and others that can’t. Small players can’t access the market, which creates a gap for the bigger players.”
While crypto startups see the high costs of MiCA compliance as a barrier to entry into the EU, European regulators have defended the rules, saying they are necessary to protect consumers and strengthen mainstream institutional trust.
Institutional security
The widening regulatory gap comes at a critical time when traditional finance (TradFi) is moving from testing blockchain to large-scale adoption. Guillemet recalled the listing of spot crypto ETFs in early 2024 as an important turning point, which has driven significant demand from traditional banks for custody and tokenization of enterprise-grade assets.
“Before, banks mainly wanted to do small innovation projects,” explains Guillemet. “Now it’s really changed. The core departments of banks really want to build around crypto, and they want to go all-in on blockchain technology.”
To capture this banking business, Ledger has moved beyond its retail roots to become a dedicated business-to-business (B2B) infrastructure. Building these institutional security arrangements requires a lot of money; Ledger has spent hundreds of millions of dollars over the years maintaining a massive engineering team.
“Ledger is first and foremost a security company,” Guillemet said. “We have approximately 200 to 250 engineers working at Ledger to develop the technology. We have a dedicated security team, which devotes 100% of their time to improving the security of our product. Security is at the center of everything we do.”
Real risks
However, Ledger’s enormous security budget is an indication of the challenges its management team continually faces: in Web3, even hundreds of millions of dollars in defense engineering cannot guarantee absolute immunity.
As Guillemet introduces Ledger’s enterprise architecture to traditional banks, the company’s historical vulnerabilities underscore the relentless operational risks facing public blockchains.
Ledger previously reported a cloud breach involving a third-party processor. This incident follows a major data breach in 2020 affecting 270,000 customers and an exploit in 2023 that drained $500,000 from decentralized applications.
As traditional banks rush to integrate real-world assets onto public blockchains, they rely on native crypto security companies to manage these operational risks. The end result is a changing landscape: while small startups are locked out of Europe due to high compliance costs, traditional financial institutions are moving in, using native crypto code to build the new plumbing of global finance.
