PSAN (Prestataire de Services sur Actifs Numériques) is France's pre-MiCA regulated status for crypto-asset service providers. It was created by the PACTE law in 2019 and supervised by the AMF (Autorité des Marchés Financiers).
There were two regimes:
- Mandatory registration for custody, fiat-crypto trading, crypto-crypto trading, and crypto-trading-platform activities.
- Optional approval (agrément) for the same activities plus advisory and portfolio management, with much stricter requirements on capital, governance, and security.
Security requirements are aligned with ANSSI guidance (the French national cybersecurity agency). For PSAN-approved firms in particular, the AMF expects:
- Documented information-system security policy.
- Periodic penetration testing by independent providers.
- Incident reporting to the supervisor.
- Strict separation between client assets and proprietary assets.
- Audited custody procedures (cold/hot wallet architecture).
PSAN is being progressively replaced by MiCA authorisation as the EU regulation takes effect, but PSAN registration / agrément is still the operative status for many French CASPs in transition. The pentest expectations carry over: MiCA does not lower the bar.