How the Uk's 2026 Cryptoasset Rules Change M&A, Fundraising and Restructuring, a Practical Guide for Advisers and Investors

The UK cryptoasset regulation 2026 programme has fundamentally altered the due diligence landscape for every M&A transaction, fundraising round and restructuring involving digital assets. In February 2026 the government passed the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, creating an entirely new category of regulated activities under the FCA’s supervision. Crypto firms will be able to start applying for FCA authorisation from September 2026, with the wider regime expected to come into force on 25 October 2027. Separately, the Crypto-Asset Reporting Framework (CARF) took effect on 1 January 2026, requiring reporting cryptoasset service providers to collect and share user and transaction data with HMRC.

For corporate CFOs, PE and VC investors, in-house counsel and turnaround specialists, these overlapping reforms demand an immediate overhaul of deal processes, contractual protections and operational checklists.

This guide provides the practical playbook. It covers the regulatory timeline, a structured crypto M&A due diligence checklist, investor protection frameworks for fundraising crypto companies in the UK, restructuring crypto businesses in distress, and contract drafting tips that reflect the 2026 changes. Every recommendation is grounded in the primary legislative and regulatory sources, the GOV.UK policy note, FCA consultation papers and the relevant statutory instruments, and is designed for immediate use by transaction teams. Advisers requiring specialist support can connect with experienced practitioners through the Financial Advisory practice area or the United Kingdom lawyer directory.

Last updated: 4 May 2026. This article is for general guidance only and does not constitute legal or financial advice. Readers should obtain professional advice before acting on any matter discussed below.

Quick Regulatory Primer, What Changed in the UK Cryptoasset Regulation 2026 Framework

What the Statute and Statutory Instrument Do

The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 bring cryptoasset activities within the UK financial services regulatory perimeter for the first time. The legislation creates new regulated activities, including operating a cryptoasset trading platform (CATP), dealing in cryptoassets as principal or agent, arranging deals, safeguarding (custody), and issuing UK qualifying stablecoins (UKQS). A subsequent draft statutory instrument published on 21 April 2026 amends and extends the scope, clarifying which activities fall within or outside the perimeter and addressing the treatment of stablecoin issuance by FCA-authorised firms.

FCA Programme and Authorisation Timeline

The FCA’s consultation paper CP26/13, published on 15 April 2026, sets out draft perimeter guidance explaining when a firm will need authorisation. According to the FCA, crypto firms will be able to start applying for authorisation from September 2026. The new cryptoasset regime is expected to come into force on 25 October 2027. Between those dates, the FCA is providing firms with pre-application support. For transaction advisers, this creates a window where targets may be mid-application, a status that demands bespoke conditionality in deal documentation.

CARF and Tax Reporting Implications

The Crypto-Asset Reporting Framework (CARF) obligations became effective in the UK on 1 January 2026. Under the Reporting Cryptoasset Service Providers regulations, UK reporting cryptoasset service providers must collect user details and transaction data and share them with HMRC, with the first reports due in 2027. For deal teams conducting crypto M&A due diligence, confirming CARF readiness is now a mandatory tax and compliance workstream.

M&A Due Diligence Checklist for UK Crypto Deals

The 2026 changes mean that crypto M&A due diligence must now cover regulatory authorisation status, token classification, custody infrastructure, AML/KYC compliance and CARF tax readiness, in addition to standard commercial and financial checks. The checklist below is organised by workstream and should be adapted to the specific deal structure.

Regulatory and Authorisation Checks

• Perimeter assessment. Determine whether the target’s activities fall within the new regulated activities by mapping them against the FCA’s CP26/13 perimeter guidance. Activities such as operating a CATP, dealing, arranging, custody and stablecoin issuance now require authorisation.
• Licence and application status. Confirm whether the target holds existing FCA registration under the Money Laundering Regulations and whether it has applied for, or intends to apply for, full authorisation from September 2026.
• Transitional provisions. Identify any reliance on transitional arrangements and assess the risk that authorisation may be refused or delayed.
• Regulatory correspondence. Review all FCA correspondence, supervisory letters, skilled persons reports and enforcement notices.
• Cross-border permissions. If the target operates across multiple jurisdictions, assess whether EU MiCA registration, US state licences or other overseas authorisations are in place or pending.

Token Economics and Legal Characterisation

• Token taxonomy. Classify each token the target issues, trades or holds: utility token, exchange token, security token, stablecoin (UKQS or non-qualifying) or NFT. The classification determines the regulatory treatment and affects deal structure.
• Tokenised securities. Where tokens confer rights analogous to shares, debt instruments or collective investment schemes, they are likely to constitute specified investments under the existing FSMA framework. Industry observers expect the FCA to scrutinise economic substance over form, the label attached to a token will not be determinative.
• Smart contract audit. Obtain independent third-party audit reports for all smart contracts governing token issuance, transfer restrictions and governance rights. Review upgrade mechanisms and multi-signature controls.
• Intellectual property. Confirm ownership of or licences to all underlying blockchain protocols, source code repositories and proprietary algorithms.

Custody Verification and Private Key Controls

• Custody architecture. Document the full custody chain: self-custody (cold wallets, hardware security modules), third-party custodians and exchange-held balances. Under the new regime, CATPs must conduct due diligence on cryptoassets before admission to trading and satisfy themselves that qualified cryptoassets meet specified standards.
• Private key management. Verify the existence, security and recoverability of private keys. Confirm multi-signature arrangements, key-shard distribution and disaster recovery procedures.
• On-chain proof. Request on-chain proof-of-reserves or attestation reports from independent auditors confirming that customer and proprietary holdings reconcile to the balance sheet.
• Insurance. Review the scope and limits of custodial insurance, crime insurance and directors’ and officers’ coverage.

AML/KYC and Transaction Monitoring

• AML programme review. Assess the target’s anti-money laundering and counter-terrorist financing policies, procedures and controls against the expanded obligations. Industry commentary indicates these now include expanded Know Your Customer (KYC) requirements, enhanced transaction monitoring and suspicious transaction reporting obligations.
• Sanctions screening. Confirm that real-time sanctions screening is in place for all wallet addresses and counterparties, including use of blockchain analytics tools.
• Travel Rule compliance. Verify compliance with the Travel Rule for cryptoasset transfers, including data transmission to beneficiary institutions.
• Enforcement history. Investigate any past or ongoing enforcement actions, fines or undertakings related to AML/CTF breaches.

Due Diligence Focus by Transaction Type

Risk Matrix, Top Crypto Deal Risks

Fundraising and Investor Protections for Crypto Companies Under the UK Cryptoasset Regulation 2026

Fundraising crypto companies in the UK now operate in a fundamentally different environment. Investors, whether venture capital, private equity or strategic, must recalibrate their legal and commercial checks to reflect the FCA crypto rules 2026 and the expanded regulatory perimeter.

Structuring Tips for Equity vs Tokenised Security Raises

Where a crypto company raises capital through traditional equity (ordinary shares, preference shares or convertible loan notes), the existing FSMA framework and Companies Act mechanics apply. However, where the raise involves tokenised securities, tokens conferring economic rights similar to shares or debt, the new regime brings those instruments squarely within the regulatory perimeter. Advisers should consider the following:

• Regulatory gating. Include a condition precedent requiring the issuer to have applied for (or obtained) FCA authorisation before any tokenised securities are issued. If the issuer is relying on an exclusion or exemption, obtain written confirmation of the legal basis and an independent legal opinion.
• Escrow for token issuance. Where tokens are issued at or after completion, hold investor funds in escrow with a regulated third-party escrow agent. Define clear release triggers: confirmation of token deployment on-chain, successful smart contract audit and regulatory clearance.
• Lock-up and transfer restrictions. Code transfer restrictions directly into the smart contract and mirror them in the subscription agreement. This avoids reliance on contractual remedies alone where tokens are bearer instruments.

Subscription Mechanics and Regulatory Comfort Letters

• Representations and warranties. Require representations covering: regulatory status, AML/CTF compliance, CARF reporting readiness, absence of enforcement action, smart contract audit results, and custody arrangements for investor tokens.
• Investor consent rights. Negotiate consent rights over any change to the target’s regulatory status, custody provider, key-person departure (where relevant to key management) or material change to token economics.
• Regulatory comfort letters. Where the target has engaged with the FCA (for example through pre-application support), request copies of all correspondence and any comfort or no-action positions obtained.
• Anti-dilution and downside protection. In token raises, standard anti-dilution provisions must address token minting (not just share issuance). Draft broad anti-dilution language that captures any increase in total token supply.

Early indications suggest that investors who embed these protections at term-sheet stage significantly reduce the risk of post-completion regulatory surprises. The likely practical effect of the new regime will be to push regulatory diligence earlier in the fundraising timeline, from completion condition to pre-term-sheet gating item.

Restructuring, Insolvency and Turnaround for Crypto Businesses

Restructuring crypto businesses in the UK presents unique operational and legal challenges that traditional insolvency frameworks were not designed to address. The interaction between the 2026 regulatory changes and established insolvency law creates new risks, but also new tools for advisers.

Interaction with Insolvency Law and Treatment of Tokens as Property

The Property (Digital Assets etc) Act 2024 confirms that digital assets are not prevented from being treated as property merely because they are digital. This statutory clarification is critical for insolvency practitioners: it means tokens held by a distressed company can be identified, preserved and distributed as part of the insolvency estate. However, the characterisation of individual tokens, as property of the company, customer property held on trust, or third-party property, will depend on the specific custody arrangements and contractual terms in place.

Practical Steps for Advisers

Advisers engaged in a turnaround or pre-pack sale process involving crypto assets should follow this operational workflow:

1. Freeze and secure keys. Immediately identify all private keys, seed phrases and hardware wallets. Transfer control to a designated insolvency professional or regulated custodian. Implement multi-signature controls requiring at least two authorised signatories for any on-chain transaction.
2. Isolate custodial accounts. Segregate customer-held cryptoassets from proprietary holdings. Where assets are commingled, engage a blockchain forensics firm to trace and attribute holdings.
3. Map stakeholders. Identify all custodians, exchanges, lending counterparties, DeFi protocol positions and smart contract obligations. Notify each counterparty of the insolvency event and any moratorium in place.
4. Gather on-chain evidence. Preserve complete blockchain transaction histories. These records are the equivalent of bank statements and will be required for creditor reporting, regulatory notifications and court proceedings.
5. Regulatory notification. If the company is FCA-registered or has applied for authorisation, notify the FCA immediately. Failure to notify may constitute a regulatory breach that compounds existing liabilities.
6. Distressed-sale mechanics. In a pre-pack or accelerated M&A process, structure the sale to transfer crypto assets via on-chain transactions that complete simultaneously with the legal transfer. Use an escrow mechanism where the buyer deposits fiat consideration and the administrator executes the on-chain transfer upon confirmation of receipt.

Industry observers expect that the volume of crypto insolvencies requiring these procedures will increase as the October 2027 enforcement date approaches, with firms unable or unwilling to obtain FCA authorisation exiting the market through managed wind-downs or distressed sales.

Practical Negotiation Points and Contract Drafting Tips

The UK cryptoasset regulation 2026 changes require specific adaptations to standard transaction documentation. The following drafting priorities reflect emerging market practice for SPAs, shareholders’ agreements and financing documents in crypto deals.

• Regulatory condition precedent. Include a condition precedent stating that completion is conditional upon the target (a) having submitted an FCA authorisation application or (b) having received written confirmation from the FCA that its activities fall outside the regulatory perimeter. Pair this with a long-stop date and a reverse break fee payable if the condition is not satisfied.
• Representations that matter. At a minimum, require seller representations covering: (i) compliance with the Money Laundering Regulations, (ii) compliance with all FCA rules applicable to the business, (iii) CARF reporting readiness and accuracy of historic filings, (iv) accuracy of the token taxonomy and absence of reclassification risk, (v) adequacy of custody arrangements and absence of private key compromise, and (vi) absence of pending or threatened enforcement action.
• Escrow for private keys. Where crypto assets form part of the consideration or are material to the target’s value, require the seller to deposit private keys (or key shards) with a regulated third-party escrow agent. Draft the escrow release mechanism to require multi-party confirmation, buyer, seller and escrow agent, before any keys are transferred.
• Indemnity scope and survival. Negotiate specific indemnities for regulatory non-compliance, AML/CTF breaches, CARF reporting failures and token misclassification. These indemnities should survive for a minimum of 36 months post-completion, longer than the standard 18–24-month warranty period, given the extended regulatory implementation timeline to October 2027.
• Earn-out and deferred consideration. Where the target’s value depends on obtaining FCA authorisation, structure deferred consideration or an earn-out linked to authorisation milestones. Define clearly what constitutes “authorisation” and provide for valuation adjustments if only partial authorisation is obtained.
• Material adverse change clause. Expand the standard MAC clause to expressly capture: revocation or refusal of FCA authorisation, material change to the regulatory perimeter that brings additional target activities within scope, and any change in law that materially increases the cost of compliance.

Action Checklist and Downloadable Resources

Transaction teams should compile the following deliverables before signing any deal involving UK cryptoassets:

• Regulatory checklist crypto UK (PDF). A comprehensive, UK-specific crypto due diligence checklist covering regulatory, technical, AML, tax and commercial workstreams. A downloadable version is available for practitioners.
• Token taxonomy decision tree. A flowchart for classifying each token as utility, exchange, security or stablecoin under the 2026 framework, with regulatory consequences mapped to each classification.
• Sample SPA clauses. Template regulatory condition precedent, crypto-specific representations and warranties, private key escrow provisions and enhanced indemnity language.
• CARF readiness assessment template. A checklist for verifying that the target’s systems, data-collection processes and reporting infrastructure comply with CARF obligations effective from 1 January 2026.
• Custody verification protocol. Step-by-step guide for conducting pre-completion custody audits, including on-chain verification procedures and third-party attestation requirements.

Advisers and investors seeking tailored support with any of the above workstreams can connect with experienced transaction specialists through the Financial Advisory practice area or browse the United Kingdom lawyer directory.

Conclusion

The UK cryptoasset regulation 2026 framework has elevated crypto M&A due diligence from a specialist footnote to a core transaction workstream. Advisers and investors who integrate the regulatory timeline, the structured checklists and the contract drafting adaptations outlined in this guide will be materially better positioned to identify risks, negotiate appropriate protections and close deals with confidence.

Sources

1. GOV.UK, Draft Statutory Instrument Amending the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 (Policy Note)
2. Financial Conduct Authority, CP26/13: Cryptoasset Perimeter Guidance
3. Financial Conduct Authority, A New Regime for Cryptoasset Regulation
4. Legislation.gov.uk, The Reporting Cryptoasset Service Providers Regulations
5. Freshfields, Crypto, Regulated: Unpacking the UK’s New Cryptoasset Statutory Instrument
6. Skadden, Final UK Crypto Rules Are Expected in 2026
7. Latham & Watkins, UK Cryptoasset Regulatory Tracker
8. Eversheds Sutherland, UK: FCA Consults on Cryptoasset Perimeter Guidance
9. Linklaters, FCA Drafts More UK Crypto Regulation
10. Grant Thornton, Crypto Compliance in 2026: AML, Sanctions