Key data
| Regulation | Resolution of June 25, 2026, of the CNMV Council, which modifies the Internal Rules Regulation |
|---|---|
| Publication | July 3, 2026 |
| Entry into force | July 3, 2026 |
| Affected parties | Entities supervised by the CNMV, crypto asset operators and CNMV staff |
| Category | Public Sector |
| Year | 2026 |
| Reference European regulations | MiCA (crypto assets), DORA (digital operational resilience), DLT Regulation |
| Official source | BOE-A-2026-14432 |
Financial entities supervised by the CNMV and crypto asset operators have, as of July 3, 2026, a new institutional contact: the Department of Technology and Digital Innovation, created specifically to assume competencies in artificial intelligence and emerging technologies. The Resolution of June 25, 2026 of the CNMV Council modifies the Internal Rules Regulation of the supervisor to align its structure with the European regulations MiCA, DORA and DLT, and with its digitalization roadmap towards 2030.
This change is not cosmetic: it means that the CNMV will have specific organizational capacity to supervise MiCA compliance by crypto asset service providers (CASP), and DORA by obligated financial entities. If your company operates in any of these areas, the regulator already has the structure to monitor you.
What does this regulation establish?
The resolution introduces five specific structural changes in the internal functioning of the CNMV:
| Change | Previous situation | Situation after the resolution |
|---|---|---|
| New technology department | There was no specific department for AI and emerging technologies | The Department of Technology and Digital Innovation is created with competencies in AI and emerging technologies |
| Studies Department | Called "Studies Department" | Becomes Department of Analysis, Financial Stability and Data, assuming strategic data governance |
| Communications Directorate | Previous communications structure | Reinforced; the presidency assumes direct supervision of communications policy |
| Personnel authorization regime | Restrictions on securities operations for CNMV employees | Portfolio management contracts are allowed for staff |
| Regulatory framework of reference | Internal regulation without adaptation to European digital regulation | Explicit alignment with MiCA, DORA and DLT Regulation |
All these changes respond to the CNMV's strategic digitalization roadmap towards 2030, which makes technological supervision a central axis of the regulator for the coming years.
Economic and operational impact
The direct impact of this resolution is not economic in terms of new fees or fines, but operational and strategic: the CNMV strengthens its supervisory capacity in three areas that until now lacked their own department.
- Crypto assets (MiCA): Crypto asset service providers (CASP) that operate or want to operate in Spain will now have a specific CNMV department as their contact. This accelerates authorization procedures and, at the same time, intensifies ongoing supervision.
- Digital resilience (DORA): Financial entities obligated by DORA—banks, asset managers, insurers, investment platforms—will see how the CNMV gains technical muscle to review their digital operational resilience plans. The new department will be able to demand and evaluate these plans with greater technical depth.
- Artificial intelligence: The new department assumes competencies over AI. This anticipates that the CNMV will begin to supervise the use of AI models in investment decision-making, in automated portfolio management and in risk detection.
- Data governance: The renamed Department of Analysis, Financial Stability and Data assumes strategic data governance, which can translate into new reporting or data quality requirements for supervised entities.
Who does it affect?
- Crypto asset service providers (CASP) that operate under the MiCA Regulation in Spain or that are in the process of authorization before the CNMV.
- Financial entities subject to DORA: banks, fund managers, investment services companies (ISC), participatory financing platforms and insurers with activity in securities markets.
- Entities that use distributed ledger technology (DLT) for issuance or trading of financial instruments.
- Companies that use AI in investment or portfolio management processes, which will come under the radar of the new department.
- CNMV staff, whose authorization regime for securities operations is updated, now including the possibility of contracting portfolio management.
Practical example
A Spanish fintech operating as a crypto asset service provider and processing its authorization under MiCA before the CNMV will find, as of July 3, 2026, that its file is managed by the new Department of Technology and Digital Innovation, rather than by a generalist unit.
This has two immediate practical consequences: on one hand, the technicians reviewing its application will have a more specialized profile in blockchain technology and crypto assets; on the other, the questions and information requests it receives will be more detailed and technical. The company must ensure that its technical documentation—system architecture, cybersecurity controls, asset custody policies—is up to the level of more specialized scrutiny.
Similarly, a fund manager subject to DORA that until now had not received specific requirements about its digital resilience plan can anticipate that the new department will begin to include this aspect in its supervisory reviews.
What should companies do now?
- Identify if you are subject to MiCA, DORA or the DLT Regulation. If your company operates with crypto assets, manages critical digital infrastructures or uses distributed ledger technology, you are already within the perimeter of the CNMV's new department.
- Review the status of your digital resilience plan (DORA). With the new department operational, the CNMV has the technical capacity to demand and audit these plans. If you don't have it updated, now is the time to do so.
- Update the technical documentation of your MiCA application. If you are in the process of authorization as a CASP, anticipate more technical and detailed questions from the new specialized department.
- Map the use of AI in your investment or management processes. The new department assumes competencies over AI. Document what models you use, for what decisions and with what controls, before they ask you.
- Monitor CNMV communications. With the strengthening of the Communications Directorate and the presidency's direct supervision of communications policy, it is foreseeable that the regulator will issue more guides, criteria and technical communications in these areas. Subscribe to their alerts.
Frequently asked questions
What is the CNMV's new Department of Technology and Digital Innovation?
It is a new department created by the Resolution of June 25, 2026 within the internal structure of the CNMV. It assumes competencies in artificial intelligence and emerging technologies, and will be the main contact for the supervision of crypto assets (MiCA), digital resilience (DORA) and distributed ledger technology (DLT).
What changes for crypto asset operators with this resolution?
Crypto asset service providers (CASP) that process or maintain their authorization under MiCA before the CNMV will have the new Department of Technology and Digital Innovation as their contact. This implies more specialized and technical supervision, with greater capacity for the regulator to review aspects of technological architecture, cybersecurity and asset custody.
When does this modification of the CNMV's Internal Rules Regulation come into force?
The resolution was published on July 3, 2026 and came into force on that same day, without a transitional period.
What is the Department of Analysis, Financial Stability and Data?
It is the new name of the CNMV's former Studies Department. In addition to the name change, it assumes the institution's strategic data governance, which can translate into new data quality and reporting requirements for supervised entities.
Does this resolution affect non-financial companies?
Directly, no. The resolution modifies the internal structure of the CNMV. It mainly affects entities supervised by the CNMV (asset managers, ISC, investment platforms), crypto asset operators under MiCA and entities subject to DORA. Non-financial companies without activity in securities markets are not directly affected.
Official source
Consult complete regulation at official source
Notice: This article is purely informational in nature and does not constitute legal advice. For specific decisions, consult a qualified professional. Source: https://www.boe.es/diario_boe/txt.php?id=BOE-A-2026-14432