Three regulatory frameworks are landing simultaneously — namely MiCA, DORA and the EU AI Act, but there is no shared governance architecture that covers all three. Compliance leader and consultant Natalia Taft explores what this means for financial services firms.
I recently looked at an institution that spent 18 months stacking smart contract settlement, DeFi protocols and AI risk models on top of each other. From the outside, it was a success: Systems were running and revenue was climbing. But when a supervisor asked a simple question — which legal entity was actually responsible for an AI model routing assets through an unaudited protocol — nobody could answer cleanly.
Three different teams held pieces of the puzzle, but no one owned the end-to-end logic. The AI model had been validated at launch, but the underlying protocols had already been updated twice. Because the client-facing entity and the AI engine sat in different jurisdictions, visibility evaporated. This is the hidden cost of convergence: Everything looks under control until you realize your innovation speed has completely outrun your ability to govern it.
The regulatory collision
The frameworks are arriving, but they are arriving separately. MiCA now applies to crypto asset service providers (CASPs) across the EU, establishing…
