The European Union (EU) regulatory framework has redefined the competitive landscape of Web3, inadvertently shifting the advantage away from crypto startups, directly into the hands of legacy financial institutions, according to Charles Guillemet, Chief Technology Officer (CTO) of wallet maker Ledger.
While the EU’s Markets in Crypto-Assets (MiCA) regulation is designed to establish a unified, secure market, industry insiders warn that its steep financial barriers are stifling early-stage innovation. Under the framework, crypto companies face strict minimum capital requirements. Costs range from 50,000 euros ($58,000) for advisory services to 150,000 ($174,000) just to run a trading platform, on top of millions of euros in mandatory legal audit, insurance and continuous compliance infrastructure.
An EU Commission impact assessment on MiCA estimated that each white paper could cost issuers between $4,500 and $87,000, depending on the complexity of the scheme and the amount of legal advice required.
“I’m not sure that was the original intention, but this is the result,” Guillemet said. “When it’s implemented, you have two kinds of companies: those who can pay for this compliance overhead, and the others who can’t. Smaller players can’t access the market, creating a moat for the bigger players.”
While crypto startups view the high cost of MiCA compliance as a barrier to entry into the EU, European regulators have defended the rules, saying they are committed to protecting consumers and building mainstream institutional trust.
Institutional security
The widening regulatory gap comes at a critical time when traditional finance (TradFi) is moving from testing blockchain to full-scale adoption. Guillemet recalled the listing of spot crypto ETFs in early 2024 as a significant turning point that triggered significant demand from traditional banks for enterprise-grade custody and asset tokenization.
“Before, the banks mostly wanted to do small innovation projects,” explained Guillemet. “Now it’s really changed. Banks’ main branches will really build around crypto and they’ll go all-in on blockchain technology.”
To capture this banking business, Ledger has expanded beyond its retail roots to a dedicated business-to-business (B2B) infrastructure. Building these institutional security setups requires serious cash; Ledger has spent hundreds of millions of dollars over the years maintaining a massive engineering team.
“First and foremost, Ledger is a security company,” Guillemet said. “We have about 200 to 250 engineers working at Ledger to build the technology. We have a dedicated security team who spend 100% of their time improving the security of our product. Security is at the center of everything we do.”
Real risks
However, Ledger’s huge security budget is indicative of the challenges its management constantly faces: in Web3, even hundreds of millions of dollars in engineering defenses cannot guarantee absolute immunity.
While Guillemet introduces Ledger’s enterprise architecture to traditional banks, the firm’s historical vulnerabilities underscore the relentless operational risks public blockchains face.
Ledger previously reported a cloud breach involving a third-party processor. This incident followed a major data breach in 2020 that affected 270,000 customers and an exploit in 2023 that drained $500,000 from decentralized applications.
As traditional banks rush to bring real assets to public blockchains, they are leaning on native crypto security firms to manage these operational risks. The end result is a changing landscape: while smaller startups are being priced out of Europe due to high compliance costs, traditional financial institutions are moving in and using native crypto to build the new plumbing of global finance.
