Ledger CTO Critiques EU Compliance Costs Harming Web3 Startups

Industry experts caution that MiCA's high financial demands are stifling early-stage innovation.

By Olivier Acuna|Edited by Jamie Crawley Jun 8, 2026, 3:38 p.m. 3 min read

Charles Guillemet, Ledger's CTO, highlighted that MiCA's unintended consequences are impacting crypto startups within the EU. (Olivier Acuna/CoinDesk)

Key Points:

• The European Union's MiCA regulations impose significant capital, legal, and compliance expenses that industry leaders argue effectively exclude smaller crypto startups, favoring larger financial entities.
• Regulators maintain that the stringent MiCA requirements are essential for consumer protection and fostering trust, even as traditional banks ramp up their engagement with blockchain and crypto services.
• Despite previous security incidents, banks increasingly rely on specialized firms like Ledger for enterprise-level custody and asset tokenization, while crypto companies provide the infrastructure for mainstream finance in Europe.

According to Charles Guillemet, CTO of Ledger, the EU's regulatory framework has inadvertently reshaped the competitive environment for Web3 by shifting the advantage away from crypto startups and towards established financial institutions.

While MiCA was intended to create a unified and secure market, industry insiders express concerns that its hefty financial requirements are hindering early-stage innovation. Under this framework, crypto firms encounter strict tiered minimum capital requirements. The costs range from 50,000 euros ($58,000) for advisory services to 150,000 euros ($174,000) necessary to operate a trading platform, in addition to millions of euros in mandatory legal audits, insurance, and ongoing compliance systems.

A report by the EU Commission on MiCA estimated that the cost for each white paper could be between $4,500 and $87,000, influenced by the complexity of the regulatory environment and the level of legal advice needed.

Guillemet remarked, "I’m not sure that was the initial intent, but this is the result. When it’s implemented, you have two kinds of companies: those who can afford this compliance burden and those who cannot. Smaller entities find it hard to enter the market, creating a barrier for larger players."

While crypto startups perceive the high compliance costs of MiCA as a significant barrier in the EU, European regulators argue that these rules are essential for consumer protection and to establish trust in mainstream institutions.

Institutional Security

The growing regulatory divide is emerging at a pivotal moment as traditional finance transitions from experimenting with blockchain to widespread adoption. Guillemet noted that the early 2024 launch of spot crypto ETFs marked a turning point, generating considerable interest from traditional banks for enterprise-grade custody and asset tokenization.

"Previously, banks were mainly interested in small-scale innovation projects," Guillemet explained. "Now, there has been a shift. Major departments within banks are eager to develop around crypto and are fully committed to blockchain technology."

To seize this banking opportunity, Ledger is expanding beyond its consumer-focused roots into a dedicated business-to-business (B2B) infrastructure. Establishing these institutional security frameworks requires substantial investment; Ledger has invested hundreds of millions over the years to support a large engineering workforce.

"First and foremost, Ledger is a security company," Guillemet stated. "We employ around 200 to 250 engineers dedicated to developing our technology. Our specialized security team focuses entirely on enhancing the safety of our products. Security is central to all our operations."

Real-World Risks

However, the extensive security budget at Ledger highlights the ongoing challenges its leadership faces: in the Web3 space, even substantial engineering investments cannot guarantee total security.

As Guillemet introduces Ledger's enterprise solutions to traditional banks, the company’s past vulnerabilities illustrate the persistent operational risks associated with public blockchains.

Ledger previously experienced a cloud breach involving a third-party service. This incident followed a significant 2020 data breach affecting 270,000 customers and a 2023 exploit that resulted in a loss of $500,000 from decentralized applications.

As traditional banks rush to integrate real-world assets onto public blockchains, they are increasingly depending on native crypto security firms to manage these operational risks. Consequently, the landscape is evolving: while smaller startups are being pushed out of Europe due to high compliance costs, established financial institutions are entering the space, utilizing native crypto technology to construct the new infrastructure of global finance.

LedgerMiCA