Public Sector

CNMV 2026: new AI and crypto assets department, what changes for supervised entities

E
Equipo Editorial CambiosLegales
03 Jul 2026 7 min 1 views

Key data

RegulationResolution of June 25, 2026, of the CNMV Council, which modifies the Internal Rules Regulation
PublicationJuly 3, 2026
Entry into forceJuly 3, 2026
Affected partiesEntities supervised by the CNMV, crypto asset operators and CNMV staff
CategoryPublic Sector
Year2026
Reference European regulationsMiCA (crypto assets), DORA (digital operational resilience), DLT Regulation
Official sourceBOE-A-2026-14432
Impact analysis reserved for PRO
The detailed impact analysis of this regulation is available for users with a PRO plan or higher. Access the full content and receive personalized alerts.
From €9.99/month · Cancel anytime

Financial entities supervised by the CNMV and crypto asset operators have, as of July 3, 2026, a new institutional contact: the Department of Technology and Digital Innovation, created specifically to assume competencies in artificial intelligence and emerging technologies. The Resolution of June 25, 2026 of the CNMV Council modifies the Internal Rules Regulation of the supervisor to align its structure with the European regulations MiCA, DORA and DLT, and with its digitalization roadmap towards 2030.

This change is not cosmetic: it means that the CNMV will have specific organizational capacity to supervise MiCA compliance by crypto asset service providers (CASP), and DORA by obligated financial entities. If your company operates in any of these areas, the regulator already has the structure to monitor you.

What does this regulation establish?

The resolution introduces five specific structural changes in the internal functioning of the CNMV:

ChangePrevious situationSituation after the resolution
New technology departmentThere was no specific department for AI and emerging technologiesThe Department of Technology and Digital Innovation is created with competencies in AI and emerging technologies
Studies DepartmentCalled "Studies Department"Becomes Department of Analysis, Financial Stability and Data, assuming strategic data governance
Communications DirectoratePrevious communications structureReinforced; the presidency assumes direct supervision of communications policy
Personnel authorization regimeRestrictions on securities operations for CNMV employeesPortfolio management contracts are allowed for staff
Regulatory framework of referenceInternal regulation without adaptation to European digital regulationExplicit alignment with MiCA, DORA and DLT Regulation

All these changes respond to the CNMV's strategic digitalization roadmap towards 2030, which makes technological supervision a central axis of the regulator for the coming years.

Economic and operational impact

The direct impact of this resolution is not economic in terms of new fees or fines, but operational and strategic: the CNMV strengthens its supervisory capacity in three areas that until now lacked their own department.

  • Crypto assets (MiCA): Crypto asset service providers (CASP) that operate or want to operate in Spain will now have a specific CNMV department as their contact. This accelerates authorization procedures and, at the same time, intensifies ongoing supervision.
  • Digital resilience (DORA): Financial entities obligated by DORA—banks, asset managers, insurers, investment platforms—will see how the CNMV gains technical muscle to review their digital operational resilience plans. The new department will be able to demand and evaluate these plans with greater technical depth.
  • Artificial intelligence: The new department assumes competencies over AI. This anticipates that the CNMV will begin to supervise the use of AI models in investment decision-making, in automated portfolio management and in risk detection.
  • Data governance: The renamed Department of Analysis, Financial Stability and Data assumes strategic data governance, which can translate into new reporting or data quality requirements for supervised entities.

Who does it affect?

  • Crypto asset service providers (CASP) that operate under the MiCA Regulation in Spain or that are in the process of authorization before the CNMV.
  • Financial entities subject to DORA: banks, fund managers, investment services companies (ISC), participatory financing platforms and insurers with activity in securities markets.
  • Entities that use distributed ledger technology (DLT) for issuance or trading of financial instruments.
  • Companies that use AI in investment or portfolio management processes, which will come under the radar of the new department.
  • CNMV staff, whose authorization regime for securities operations is updated, now including the possibility of contracting portfolio management.

Practical example

A Spanish fintech operating as a crypto asset service provider and processing its authorization under MiCA before the CNMV will find, as of July 3, 2026, that its file is managed by the new Department of Technology and Digital Innovation, rather than by a generalist unit.

This has two immediate practical consequences: on one hand, the technicians reviewing its application will have a more specialized profile in blockchain technology and crypto assets; on the other, the questions and information requests it receives will be more detailed and technical. The company must ensure that its technical documentation—system architecture, cybersecurity controls, asset custody policies—is up to the level of more specialized scrutiny.

Similarly, a fund manager subject to DORA that until now had not received specific requirements about its digital resilience plan can anticipate that the new department will begin to include this aspect in its supervisory reviews.

Do you need to track this and other regulations?

Consult the full details in CambiosLegales

What should companies do now?

  1. Identify if you are subject to MiCA, DORA or the DLT Regulation. If your company operates with crypto assets, manages critical digital infrastructures or uses distributed ledger technology, you are already within the perimeter of the CNMV's new department.
  2. Review the status of your digital resilience plan (DORA). With the new department operational, the CNMV has the technical capacity to demand and audit these plans. If you don't have it updated, now is the time to do so.
  3. Update the technical documentation of your MiCA application. If you are in the process of authorization as a CASP, anticipate more technical and detailed questions from the new specialized department.
  4. Map the use of AI in your investment or management processes. The new department assumes competencies over AI. Document what models you use, for what decisions and with what controls, before they ask you.
  5. Monitor CNMV communications. With the strengthening of the Communications Directorate and the presidency's direct supervision of communications policy, it is foreseeable that the regulator will issue more guides, criteria and technical communications in these areas. Subscribe to their alerts.

Frequently asked questions

What is the CNMV's new Department of Technology and Digital Innovation?

It is a new department created by the Resolution of June 25, 2026 within the internal structure of the CNMV. It assumes competencies in artificial intelligence and emerging technologies, and will be the main contact for the supervision of crypto assets (MiCA), digital resilience (DORA) and distributed ledger technology (DLT).

What changes for crypto asset operators with this resolution?

Crypto asset service providers (CASP) that process or maintain their authorization under MiCA before the CNMV will have the new Department of Technology and Digital Innovation as their contact. This implies more specialized and technical supervision, with greater capacity for the regulator to review aspects of technological architecture, cybersecurity and asset custody.

When does this modification of the CNMV's Internal Rules Regulation come into force?

The resolution was published on July 3, 2026 and came into force on that same day, without a transitional period.

What is the Department of Analysis, Financial Stability and Data?

It is the new name of the CNMV's former Studies Department. In addition to the name change, it assumes the institution's strategic data governance, which can translate into new data quality and reporting requirements for supervised entities.

Does this resolution affect non-financial companies?

Directly, no. The resolution modifies the internal structure of the CNMV. It mainly affects entities supervised by the CNMV (asset managers, ISC, investment platforms), crypto asset operators under MiCA and entities subject to DORA. Non-financial companies without activity in securities markets are not directly affected.

Official source

Consult complete regulation at official source

Notice: This article is purely informational in nature and does not constitute legal advice. For specific decisions, consult a qualified professional. Source: https://www.boe.es/diario_boe/txt.php?id=BOE-A-2026-14432



Share:
E
Equipo Editorial CambiosLegales

El equipo editorial de CambiosLegales analiza diariamente los cambios normativos que afectan a empresas y autónomos en España, ofreciendo análisis pro...

Comments

No comments yet. Be the first to comment!

Leave a comment
Get free alerts