Now Europe Is Saying It Too

The EU's securities regulator just published 96 responses confirming that the compliance infrastructure Bessent described to Congress is equally overdue on this side of the Atlantic.

Last week, this blog analysed the US Treasury's report to Congress under the GENIUS Act and identified a structural convergence: Secretary Scott Bessent's team had described, with unusual technical specificity, the compliance architecture that Concordium has already built.

That was Washington. Three days later, Brussels said something remarkably similar, though it arrived through an entirely different institutional channel and addressed an entirely different set of problems.

What ESMA Published

On 12 March 2026, the European Securities and Markets Authority released its Report on Call for Evidence on the retail investor journey. The document synthesises 96 formal responses from firms, trade associations, consumer groups, and the Securities and Markets Stakeholder Group to a consultation launched in May 2025. Its scope is MiFID II, the regulatory architecture governing how retail investors access capital markets across the European Union.

The report mentions neither blockchain nor digital assets. And that is precisely what makes it interesting.

The Friction They Described

The consultation asked a specific question about AML and counter-terrorism financing requirements. The consensus was clear: customer due diligence is broadly functional but operationally broken. Firms apply identity requirements inconsistently. Clients are asked for the same information multiple times by different service providers. Retail investors lack clarity on why they must provide certain data and how their information is used.

The proposed remedies are equally telling. Respondents called for harmonised AML/CFT standards across EU Member States, reduction of duplicate onboarding processes, and streamlined digital identity verification.

Read that list again. Harmonised identity standards. Elimination of redundant verification. Streamlined digital onboarding. This is the same requirements document, written in regulatory European rather than legislative American, pointing toward the same architectural conclusion through entirely independent institutional processes.

The Tax Wall

The ESMA report surfaces a second friction point that deserves attention. Cross-border taxation within the EU creates what respondents described as a "home bias," where firms predominantly offer domestic products and retail investors overwhelmingly invest within their own jurisdiction.

At first glance this appears to be a tax policy issue. It is actually a verification problem.

The numbers confirm it. Roughly 70% of European investors abandon cross-border withholding tax reclaim processes because the procedures are too cumbersome. In Germany, the average processing time for capital gains tax refunds at the Federal Central Tax Office was 615 days. Over 30% of investors indicated they intend to stop purchasing foreign EU shares entirely because of withholding tax friction.

If a verified investor's jurisdiction, tax residency, and eligibility for treaty relief were cryptographically and privately attestable through zero-knowledge verification at the point of transaction, the entire reclaim process would collapse into automated verification. The 615-day queue in Germany is the cost of financial regulation that still relies on documentation rather than verifiable credentials.

The Disclosure Paradox

ESMA's findings on disclosure requirements reveal a deeper structural lesson. The problem is not simply the volume of information investors receive. It is that the current regulatory model assumes trust can be built through documentation alone.

The evidence suggests otherwise. Between 1% and 10% of clients open Key Information Documents when investing online. Some firms reported sending clients pre-contractual information packages exceeding 200 pages. Product-specific sales brochures of over 70 pages per product. Annual reports of at least 40 pages.

The consultation concluded that information overload does not primarily cause disengagement, but it reinforces every other barrier simultaneously. Complex disclosures amplify risk aversion. Opaque fee structures erode trust. The sheer volume of documentation transforms a regulatory safeguard into a participation deterrent.

ESMA's proposed remedy is a shift toward layered, digital-first disclosure, where essential information is presented concisely upfront and detailed breakdowns are accessible on demand. The principle embedded in that proposal is the same one that governs privacy-preserving credential design: reveal only what is necessary at the point of decision, with full granularity available when requested but never imposed by default.

What Both Reports Share

Each of these frictions appears unrelated at first glance: onboarding duplication, cross-border tax bureaucracy, and disclosure overload. They share the same structural cause. Financial regulation still relies on documentation rather than verifiable credentials.

The Bessent report and the ESMA report arrive from different directions, address different markets, and serve different regulatory mandates. One is concerned with illicit finance in digital asset markets. The other is concerned with retail investor participation in traditional capital markets.

Yet both converge on the same architectural failure. Identity verification today is redundant, fragmented, jurisdiction-locked, and imposed as a procedural burden rather than embedded as infrastructure. Both documents describe systems where compliance requirements generate friction that suppresses the very participation those requirements were designed to protect.

And both documents, read carefully, describe a world in which protocol-level identity, portable across jurisdictions and privacy-preserving by design, resolves the core structural problem they have identified.

Concordium's architecture was designed for precisely this convergence. Identity verification at the protocol layer. Zero-knowledge proofs enabling selective disclosure. Credentials that travel with the user rather than being re-collected by every counterparty. Compliance that operates as infrastructure rather than as bureaucracy.

The US Treasury is asking Congress to fund the development of this architecture. The EU's securities regulator is documenting the cost of its absence. The infrastructure already exists. The question is whether regulators will recognise it before building it again from scratch.

Based on: ESMA Report on Call for Evidence, "On the retail investor journey: understanding retail participation in capital markets," ESMA35-243228190-7410, 12 March 2026.

Previous: Scott Bessent Just Told Congress What to Build. Someone Already Built It.