MiDA: What Europe
Should Build

01 — The Question the Consultation Doesn't Ask

On 15 May 2026 — three days before the Commission's consultation launched — the FCA and the Bank of England published a joint vision for tokenisation in UK wholesale markets. Two regulators, one document, naming infrastructure and regulation as co-equal questions requiring a shared institutional answer. They did not wait for a consultation to tell them these were the same question. They published a coordinated position and opened industry dialogue simultaneously. (FCA and Bank of England, Joint call for input on tokenisation in UK wholesale markets, 15 May 2026)

The EU's 86-question consultation asks one of those two things. Appia — the ECB's tokenised wholesale ecosystem — and MiDA are being developed in parallel by different institutions on different governance timescales. A joint ECB/Commission equivalent of the FCA/BoE document does not exist. That gap is structural, not incidental.

MiDA cannot wait for it to be resolved before being designed. The architecture that follows is built to function whether or not the ECB/Commission coordination document materialises. Where coordination arrives, it strengthens the framework. Where it does not, mandatory interoperability written into Layer 2 as primary law — not as a contingency, but as a design element — ensures that no single institution, public or private, can capture the infrastructure in its absence. The GSM standard did not require a joint BT/Deutsche Telekom document to work. It required primary law specifying the protocol every operator had to meet.

02 — Regulate the Service, Not the Asset

The MiCA/MiFID boundary is the consultation's most technically complex problem. ESMA's own Final Report on crypto-asset classification acknowledges the difficulty: MiFID II does not define financial instruments through a set of criteria but through a list in Annex I Section C. Twelve member states transposed that list differently. The same token can be a financial instrument in Frankfurt and a MiCA crypto-asset in Tallinn.

The EU has spent twenty years trying to harmonise the definition of a transferable security. It has not succeeded. Building MiDA on the same foundation repeats the error with blockchain on top.

The way out is to stop regulating the asset and start regulating the service. Custody is custody whether the underlying is a utility token or a tokenised bond. Execution is execution in Frankfurt and Warsaw. The obligation flows from what the provider does to the client, not from what the underlying asset is called in national law. A service-based framework dissolves the classification boundary problem because it does not depend on the classification. This is not a novel idea — it is how most of the rest of financial services law works. Applying it to digital assets is the reorientation that distinguishes MiDA as architecture from MiCA 2 as patch.

03 — DeFi: The Right Threshold Question

The consultation frames DeFi regulation around decentralisation degree — how distributed is the protocol — as if that were the relevant criterion for regulatory treatment. It is not. The relevant criterion is liability capacity.

Every participant in a financial market is subject to liability. DeFi is not an exception to this principle. It is an incomplete implementation of it. Legal personality is one mechanism for bearing liability — not the only one. A DAO treasury locked in a smart contract, designated as a liability reserve and inaccessible to unilateral governance votes, satisfies the same requirement. An on-chain insurance pool maintained at a minimum level relative to TVL does too. Admiralty law has regulated ships as defendants — not their owners — for centuries.

Every participant in a financial market is subject to liability. DeFi is not an exception. It is an incomplete implementation of the rule. The question is not whether a protocol has a legal person behind it. The question is whether there are assets a court can reach.

The practical implication: regulated intermediaries — CASPs, banks, investment firms — may connect clients to DeFi protocols only where addressable assets exist that a court can reach. Protocols without such assets remain accessible to sophisticated users acting on their own account. Liability capacity is the threshold. On certification proposals: certification and liability capacity are complementary instruments, not substitutes. A certified protocol that holds no addressable assets provides no recourse to a harmed client.

04 — Token Property Law — and a Gap No Member State Has Solved

The consultation presents five ownership models for tokenised assets and asks respondents to rank them. The right answer — stated plainly — is Model 3 as the framework architecture and Model 4 as the instrument layer for non-native tokens. Model 3, the functional approach, specifies the legal consequences of ledger entries without requiring harmonisation of underlying national property law. Model 4, the container model, treats the token as a legal vessel for rights stemming from an underlying asset — transfer of the token legally transfers the rights it carries.

The proof of concept has been operating since 2020. Liechtenstein's TVTG uses precisely this combination — Model 4 logic for the token definition, Model 3 logic for the legal consequences of holding. The EU has an EEA member state running the regime it claims it cannot build. A 28th regime — an EU-level rule operating alongside national property law, specifically governing the issuance, holding, and transfer of tokens — is the instrument that produces cross-border enforceability. Without it, institutional markets for tokenised instruments cannot scale on the legal uncertainty that remains. (TVTG, LGBl. 2019 Nr. 301; BuA Nr. 54/2019)

There is a further gap that the consultation has not identified and that no EU member state's law currently addresses: the irrecoverable token position.

Current squeezeout provisions — compulsory acquisition under the Takeover Directive, equivalent procedures across member states — assume traceable minority shareholders who can be served notice and compensated. Tokenised equity introduces a category of position these procedures cannot reach: permanently lost tokens, where the private key is inaccessible, the holder deceased without estate documentation, or the wallet destroyed. A majority acquirer holding 98% of a tokenised company cannot achieve clean title if 2% of tokens are permanently inaccessible. That position is held by nobody. It cannot be bought out. It cannot be voted. It cannot be extinguished under existing law. The acquirer is frozen at 98% by a ghost position, indefinitely. The same logic applies to bond series retirement, fund wind-ups, and any asset where consolidated or single ownership is commercially or legally necessary.

Liechtenstein addressed this directly in 2020. Art. 10 TVTG — the Kraftloserklärung — provides that where a private key is lost or a token is otherwise dysfunctional, the person who held the right of disposal at the time of loss may apply to the court in non-contentious proceedings for the token to be declared invalid. Once declared invalid, the applicant may assert their right without the token or demand generation of a replacement. (TVTG, Art. 10, LGBl. 2019 Nr. 301) Germany's eWpG (Electronic Securities Act, 2021), which introduced crypto securities, contains no equivalent provision. Neither does MiCA. Neither does the DLT Pilot Regime.

Recommendation: MiDA should incorporate an EU-level Kraftloserklärung equivalent applicable to all tokenised instruments, extended explicitly to the squeezeout context. Where a majority acquirer has reached a defined threshold and faces demonstrably irrecoverable minority positions — provable by the inability to generate a valid transaction signature from those addresses over a defined dormancy period, with ten years as a defensible starting point — the acquirer may apply to the competent court for those positions to be declared invalid. The rights represented are transferred at a fair price held in permanent escrow, accessible to any claimant who subsequently proves original ownership within a defined limitation period. This mechanism applies regardless of token type. It closes the gap that will materialise as a live legal crisis the moment the first tokenised squeezeout transaction is attempted.

05 — Disintermediation — the Missed Opportunity

The CSD membership model is being replicated in tokenised form. DTCC's no-action letter governing its Canton Network tokenisation services requires all participants to be registered broker-dealers or DTCC member firms. Clearstream's Eurobond dematerialisation programme operates on the same principle. New technology, same gatekeepers. The paying agent and listing agent layer survives intact.

MiDA has the opportunity to answer this differently. An issuer with a smart contract can, in principle, manage its own cap table, run its own creation and redemption process, distribute payments directly to token holders, and eliminate the paying agent fee entirely. That disintermediation is technically possible but legally impermissible under current frameworks, which require CSD membership as the condition for securities settlement participation.

Recommendation: MiDA should establish a direct issuer-operator category — an entity meeting defined AML, KYC, capital adequacy, and operational resilience requirements — that may create, redeem, and manage tokenised securities without CSD membership. The paying agent and listing agent layer should be optional for issuers meeting those requirements directly, not a structural requirement of the framework. Liechtenstein's TVTG permits exactly this: a token issuer can be its own register holder, taking on the obligations the CSD currently holds without becoming a CSD member. The legal architecture exists. The question is whether MiDA imports it or ignores it.

06 — A Framework That Lasts: Five Layers

The five design principles below are not sufficient without an implementation architecture that assigns each element a different amendment cadence — allowing MiDA to remain valid as technology changes beneath it. The five-layer structure proposed here runs from primary law that changes rarely to technical standards that update continuously.

Layer 1 — The Civil Law Foundation (Primary law, amend rarely)

Define once, in primary law, with no technology-specific language. A token is a digital object capable of representing any right. Attachment of a right to a token produces the same legal consequences as any other legally recognised method of creating, transferring, or encumbering that right. Registration of a token holder in the applicable distributed ledger is constitutive — it creates the right, it does not merely evidence it. The lex situs of a token follows the jurisdiction of the licensed custodian or registry operator. Possession transfer is not required for pledge — registration substitutes. Where a token represents rights in a physical object, a Physical Validator certifies correspondence between on-chain representation and physical reality. No technology is named. Ethereum, its successor, and technologies not yet invented all qualify. Liechtenstein enacted this layer in 2020. The proof of concept is sufficient.

Layer 2 — The Service Obligation Layer (Primary law, amend rarely)

Five service categories with defined obligations regardless of what the token underneath represents: custody, issuance, trading, settlement, and advice. The obligation flows from the service relationship, not the asset classification. This dissolves the MiCA/MiFID boundary problem at the root. DeFi: regulated intermediaries may connect clients to any protocol where addressable assets exist that a court can reach — no addressable assets means no access for intermediaries. Infrastructure: any entity providing settlement services must connect to Eurosystem settlement where available, publish open APIs on non-discriminatory terms, and not restrict access to competing platforms.

Layer 3 — The Delegated Acts Layer (Commission, update by delegated regulation)

Within the mandate Parliament defines: eligibility criteria for each token type, capital thresholds calibrated to risk, disclosure formats, collateral eligibility, equivalence determinations for third-country frameworks. The Commission acts without returning to Parliament. When a new token category emerges, the Commission issues an eligibility determination. The primary law does not change. The adaptive layer does. This is the mechanism that allows MiDA to outlast the technology cycle it is designed for.

Layer 4 — The Technical Standards Layer (ESAs, update annually)

ESMA, EBA, and EIOPA publish binding technical standards on smart contract audit requirements, key management and custody architecture, interoperability specifications — token identification under ISO 24165 DTI, settlement messaging under ISO 20022, open API specifications — and Physical Validator accreditation. Technical standards are reviewed annually. They follow technology; they do not lead it. The legal consequence of a token registration stays constant under Layer 1. The technical requirements evolve continuously under Layer 4. The two layers are deliberately decoupled so that a change in one does not force a change in the other.

Layer 5 — The Safe Harbour Sandbox (Administrative, notification-based)

Any entity operating a novel token model that does not fit within Layers 2 and 3 may notify ESMA for safe harbour status. Regulatory obligations suspended for defined token types and volume thresholds, in exchange for direct supervisory dialogue and structured data sharing. Graduation to the full framework is triggered — not merely permitted — when defined thresholds are breached: ESMA issues a binding determination within 90 days of threshold breach, which in turn triggers a mandatory delegated act under Layer 3 within a further 180 days. No passport — domestic only. Annual ESMA review with mandatory assessment of whether new delegated act categories are warranted. The DLT Pilot Regime is this concept in embryonic form — the difference is that the exit trigger is institutional and binding, not advisory. The Pilot Regime's failure is precisely that nobody pulls the exit. The 90-day ESMA determination removes that discretion.

Five layers. One civil law foundation that never changes. One service obligation layer that dissolves the classification problem. One delegated acts layer that adapts without Parliament. One technical standards layer that follows technology. One sandbox that generates evidence before rules are written. This is the design that makes obsolescence structurally difficult.

These five layers implement five design principles. Service regulation as the organising logic — the obligation follows the service relationship. Liability capacity as the DeFi threshold — no addressable assets means no access for intermediaries. EU-level token property law — Model 3 framework, Model 4 instrument layer, erga omnes effect, Kraftloserklärung procedure. A genuine equivalence regime — third-country frameworks meeting EU standards in substance produce passportable access; MiCA passporting does not currently extend to EEA non-EU members and that gap should be closed. Integration incentives from day one — automatic passporting for instruments issued on the EU sovereign DLT layer; EIB first-loss support for cross-border retail products; tax neutrality for cross-border tokenised transactions; a pan-European sandbox with primary law effect.

07 — Infrastructure — the Sovereignty Decision

Von der Leyen named technological sovereignty as the central pillar of the EU's competitiveness agenda in her 2025 State of the Union address. The Commission has a tech sovereignty package arriving this summer — the same summer the MiCA consultation closes. The EU currently relies on non-EU countries for over 80% of key digital products, services, and infrastructure. It has applied the sovereignty logic to cloud computing, AI, and semiconductors. The MiCA consultation does not mention it once in the context of financial market infrastructure. (European Commission, EU Tech Sovereignty Strategy, 2025)

A dominant provider of pan-European digital asset infrastructure holds, in a tokenised world: real-time ownership data on European securities, trading flows mapping institutional positioning, settlement data revealing corporate treasury behaviour, and the on-chain record of every transfer. That is strategic intelligence. The Commission cannot credibly claim to pursue digital sovereignty in AI and cloud while being silent on financial market infrastructure in the same summer it closes this consultation.

The ECB is moving — but on a separate track from the Commission. Pontes launches September 2026, connecting market DLT platforms to TARGET Services to enable central bank money settlement for tokenised transactions. On June 1 — the same day this consultation opened — the ECB published a call for financial market stakeholders to join the Appia contact group, with applications due by June 19. (ECB, Call for expressions of interest: Appia contact group, 1 June 2026) The Appia blueprint for a fully integrated tokenised wholesale financial ecosystem is due 2028. The ECB is not absent. It is moving on a parallel governance timeline, without a joint document with the Commission of the kind the FCA and Bank of England published three days before this consultation launched. That coordination gap — two institutions building the same ecosystem on different timescales without a shared founding document — is the structural risk MiDA must address before the architecture is set by others.

The ECB's role is not to compete with private infrastructure on product delivery speed. It is to define the protocol that determines what operating in the EU market requires. GSM did not compete with Nokia. It set the standard Nokia had to meet. Private platforms — including the Canton Network, Deutsche Börse's D7, Clearstream's tokenised platform — can compete on product quality. Connection to the sovereign layer must be the condition for EU regulatory privileges, not an optional feature.

Mandatory interoperability is not a fallback for Appia delay — it is already specified in Layer 2 of the framework as primary law: any DLT infrastructure operating in the EU market connects to Eurosystem settlement where available, publishes open APIs on non-discriminatory terms, and cannot restrict access to competing platforms. Appia is the ECB's preferred implementation of that Layer 2 requirement. If Appia is delayed — and the Giovannini Group's 2001 recommendations counsel humility about institutional delivery timelines — the Layer 2 obligation remains in force regardless. The ECB does not need to run the infrastructure. The primary law ensures nobody else captures it. (ECB Appia roadmap consultation paper, March 2026; Giovannini Group reports, 2001, 2003)

The consolidation happening now — DTCC, Euroclear, and Clearstream co-authoring interoperability standards, Euroclear co-chairing the Canton Foundation — is not inherently damaging. The specific vulnerability is the absence of a European public institution at the governance table where protocol architecture is being decided. That absence is what MiDA must address — not by building competing infrastructure, but by establishing the conditions under which any infrastructure, private or public, may operate within the EU regulated perimeter.

The architecture being built is more complex than a single chain. DTCC is deploying three parallel rails with different governance properties for different asset classes: Canton Network (permissioned) for institutional treasury collateral movement, with live repo trades already executed atomically on a Saturday in August 2025; Stellar (public) for broadly-held assets — Russell 1000, major ETFs, US Treasuries — going live H1 2027; and a Collateral AppChain on Hyperledger Besu launching Q4 2026 for 24/7 cross-border margin, tokenised money market funds, stablecoins, and crypto. Each chain answers the governance question differently. Canton is permissioned — incumbents govern the validator set. Stellar is public — open protocol governance at the base layer, concentration reasserting above it. The Collateral AppChain is a consortium architecture. None of the three satisfies the constitutional clauses developed in Article II of the companion Architecture series. The EU is being handed a fait accompli: three governance architectures, set by private actors, which MiDA will either ratify or be built around.

08 — The August Deadline

The consultation closes on 31 August. Most respondents will work through the tick-box questions — capital threshold calibration, significance criteria, RTS proportionality. Useful input. Not what the Commission most needs.

What the process needs is respondents willing to engage with the architecture questions the consultation has opened but not quite asked: whether service regulation can replace asset classification as the organising logic; whether liability capacity is the right DeFi threshold; whether a 28th token property law regime with a Kraftloserklärung procedure is feasible and necessary; whether direct issuer access should displace mandatory CSD membership; whether the five-layer architecture described here makes MiDA more durable than MiCA; and whether infrastructure governance is a sovereignty question that belongs in a financial regulation.

The EU has spent twenty years writing rules that member states interpret differently and courts enforce slowly. MiDA does not need to repeat it. The question worth asking is not what the new rules should say. It is what infrastructure would make fragmentation structurally impossible — and on whose terms that infrastructure operates.

The Giovannini Group made the case for integrated EU clearing and settlement infrastructure in 2001. The Draghi report made it again in 2024. The FCA and Bank of England published a joint tokenisation vision three days before this consultation launched — because they did not wait for a policy process to tell them that infrastructure and regulation are the same question. The window in which MiDA can be designed with integration as the starting condition rather than the aspiration is the window of this consultation. It is open. The deadline compresses the summer. That is, on this occasion, a feature.

The author has prepared a formal response to the targeted consultation (deadline 31 August 2026) drawing on the positions developed in this two-part analysis — available at Formal Consultation Response. The 2020 MiCA consultation response — Contribution ID: 03a8d562-ea17-4120-a92a-ef1781e99f06 — is available as PDF and annotated HTML.