As use of blockchain technologies, digital assets, and cryptocurrencies has steadily risen in the past decade, regulators around the globe have been forced to make a choice. To regulate, or not to regulate, that is the question. Lack of regulation is thought to contribute to some of the greatest cryptocurrency scandals of our time (like FTX or Terra Luna), and there are also plenty of other intertwining factors, such as anti-money laundering laws and tax opportunities, that have resulted in a growth in regulation of crypto-related activities and assets.
At the forefront of the change is the European Union. The EU unveiled its proposed framework, The Markets in Crypto-Assets Act, called both ‘MiCA’ and ‘MiCAR’ for short, back in September 2020. In under three years, the details of the new regulation were largely agreed upon, and in April 2023, the European Parliament approved the act. The date of enactment was set for December 30, 2024.
But what is MiCA? What does it mean to be governed by MiCA? And how will this shape the industry?
This article aims to answer these questions and more, delving into key aspects of the MiCA framework to provide a comprehensive guide that covers:
- What activities MiCA applies to
- Who is impacted by MiCA
- What businesses and European governments are doing in light of MiCA
What is Markets in Crypto-Assets (MiCA) Regulation?
The Markets in Crypto-Assets Act is a comprehensive regulatory framework established by the European Union to govern crypto assets in Europe. The act is part of a broader European strategy (the European Commission’s Digital Finance Strategy) and applies to crypto assets that fall outside the scope of traditional EU financial regulations.
MiCA's framework encompasses all crypto assets—including securities and e-money—and regulates crypto-asset service providers (CASPs) operating within the European crypto industry. Importantly, MiCA applies to any CASP serving European interests, regardless of where the provider is registered or established.
MiCA aims to create an all-encompassing legal framework that gives consistency in regulatory approach for all 27 countries affected. Prior to MiCA, crypto firms operating in the EU would have to comply with various different regulations, and apply for multiple licenses. MiCA provides a unified EU licensing structure that is inspired by some of the better practices found in the financial market regulations.
This should result in both legal clarity and legal certainty for businesses operating in the EU crypto market. MiCA should help protect investors, protect against market manipulation and abuse, and prevent and reduce crypto asset misuse. The framework enables crypto firms to comply with Counter-Terrorist Financing and Anti-Money Laundering regulations.
At Legal Nodes, we monitor developments in global crypto regulations closely to provide ongoing insights about regulatory effects, including MiCA’s impact, on the crypto world. Subscribe to our newsletter, the Web3Blast, for monthly updates delivered directly to your inbox.
What will MiCA apply to?
MiCA generally states that a crypto asset is a digital representation of a value or right that can be transferred and stored electronically using distributed ledger technology or similar technology. To govern crypto assets, MiCA classifies them into three groups:
- EMTs, which are electronic or e-money tokens
- ARTs, which are asset-referenced tokens
- Any other crypto asset tokens not covered in the first two groups
EMTs are crypto assets that are backed by a single official (fiat) currency. EMTs are subject to very strict regulatory requirements. MiCA’s EMT rules are set out under Title IV and have applied since 30 June 2024.
Asset-referenced tokens may represent a value, a right, or a mix of both, stabilizing their value by using one or more official currencies. MiCA’s ART rules are set out under Title III and have applied since 30 June 2024.
The last group of assets outlined by MiCA provides a ‘catch-all’ for any assets that aren’t EMTs or asset-referenced. Rules for this group of assets are set out under Title II of MiCA. A common example of a token asset that falls into this group is the utility token, which is not classified as a financial instrument according The Markets in Financial Instruments Directive (MiFID II). Learn more about which popular tokens will fall under the scope of MiCA.
MiCA does not automatically apply to NFTs (non-fungible tokens). The only instances in which MiCA will apply is if the NFT has characteristics that make it similar to one of the assets that MiCA governs. For example, MiCA rules might apply to an NFT that is like a utility token or a financial instrument. When working on NFT’s token legal design, it will also be important to remember that simply assigning a unique identifier to a token is not an indicator of non-fungibility. Under MiCA, non-fungible tokens issued in large series could be considered fungible and therefore require an authorization. It is mostly expected that this will influence projects that fractionalize NFTs.
MiCA also does not cover DAOs, DeFIs or dApps (any other decentralized applications) that are fully or truly decentralized. But as decentralization is quite a debatable concept and there are levels to it, we highly recommend to projects operating decentralized appliactions (especially, if you offer an inferface for the EU-based users) to obtain qualified legal advice regarding MiCA applicability. Learn more about progressive decentralization, how to apply 'decentralization test' to your project and how does the governance minimization works to achieve full or sufficient decentralization.
Who will have to comply with MiCA?
Businesses that will be regulated under MiCA and that fall in the category of crypto-asset service providers (CASPs), include:
- Custodial wallets
- Exchanges for crypto to crypto transactions or crypto to fiat transactions
- EMT or ART issuers
- Crypto-trading platforms
- Crypto-asset advising firms and crypto-portfolio managers
Who will enforce MiCA?
At the EU level, there are two main regulatory bodies responsible for MiCA enforcement:
Additionally, each EU member state will designate its own national agency to implement the EU law within their jurisdiction.
In cases of MiCA violations, national bodies have the authority to impose appropriate penalties and administrative measures. This enforcement power exists even in member states that currently have criminal sanctions in place for similar violations, encouraging regulatory bodies to work together with EBA and ESMA.
What are the key points of MiCA Regulation?
MiCA introduces critical new rules that will impact both existing and planned Web3 projects. Here’s what Web3 lawyers and project founders need to know.
Projects operating in the EU will need fewer licenses
With MiCA, individual national Web3 permit regimes will no longer exist. Instead, MiCA introduces one authorization system that will be used by all 27 EU countries. Once authorized in their country of registration, CASPs will be able to provide their services across all EU member states. MiCA regulation will allow regional Web3 businesses to operate in the EU market without needing to attain a license from each EU country.
CASPs will have more obligations and disclosures
Under MiCA, crypto-asset service providers—legal persons or organizations whose primary business is providing professional crypto asset services—must obtain authorization to operate in the EU. These services include custody and administration of crypto assets on behalf of third parties, operating trading platforms, executing orders, and providing exchange services between crypto assets and fiat currencies.
MiCA also prescribes comprehensive rules for crypto asset services, covering everything from governance and capital requirements to custody and administration. To obtain authorization, CASPs must have at least one EU-based director and maintain a registered office within the EU. Once authorized, CASPs can passport their services across all EU member states, though non-EU providers are limited to reverse solicitation to offer their crypto services to EU residents.
CASPs that have an average annual number of active EU users surpass 15 million will be automatically classified as sCASPS (significant CASPs). sCASPs will face heightened supervision and monitoring from relevant National Competent Authorities.
In summary, the key new requirements for CASPs under MiCA will include:
- Having an office in an EU country and having at least one director-resident of the EU country.
- Implementing anti-money laundering (AML), continuity of services, and data security policies and procedures.
- Following rules on marketing communication and informational activities and performing these activities in a fair way that is not misleading.
- Adopting certain practices to help prevent market abuse and handle complaints correctly (this is to avoid more cases like Terra Luna and FTX). An example of a new practice is that CASPs will need to warn both their clients and their users about any risks of the transactions they make.
- Acting honestly, fairly and professionally and in their clients’ best interests.
- Publicly sharing pricing, cost, and fee policies along with information on the environmental impact of the crypto-asset activities.
More rules for token issuance processes
Web3 founders planning to issue tokens (crypto assets that do not fall within the scope of EMTs or ARTs) will be required to publish a whitepaper and have a legal entity that issues tokens and operates them in accordance with the whitepaper. The project won’t need authorization to issue their assets, as their published whitepaper will serve as prospectuses that offer prospective buyers more details on the asset’s characteristics.
This means that it won’t be possible to anonymously issue tokens through decentralized token generation events (TGEs) with non-custodial treasuries or Initial Exchange Offerings (IEOs) or Initial DEX Offerings (IDOs). However, token offerings to fewer than 150 people, or that has a total consideration over a 12-month period that doesn’t exceed EUR 1 million, or that are addressed to qualified investors only may be exempt from this requirement. If a token doesn’t have an issuer, such as BTC, the whitepaper prepared by the exchange must warn users of the potential risks of the token and the exchange will bear all the responsibility for this token. To help issuers and exchanges, MiCA outlines what the whitepapers should look like (find the full guidance in Title II, Article 6 of MiCA). This has helped clarify existing rules that were somewhat vague and unclear. MiCA also provides retail holders a 14-day withdrawal window for assets not yet traded on platforms at the time of purchase.
📚 Learn more: How to Build a Legal Strategy for a Token Project
Algorithmic stablecoins are banned and asset-backed stablecoins must comply with strict rules
Say goodbye to algorithmic stablecoins (at least, in the EU)! MiCA does not consider algorithmic stablecoins as asset-referenced tokens as they don’t have explicit reserves that are tied to any traditional type of asset. This effectively means algorithmic stablecoins are banned under MiCA. For stablecoins recognized by MiCA, the new rules will require fiat-backed stablecoins to be backed by a liquid reserve that has a 1:1 ratio.
A clear aim of MiCA is to protect monetary sovereignty and financial stability of the EU market. Consequently, the regulations on stablecoins, particularly on issuers of variants, are quite tight. Anyone planning to issue EMTs and ARTs will need to obtain authorization before listing or publicly offering their assets in the EU. This authorization must come from the issuer themselves, unless they explicitly grant written consent to another party to do so.
For EMTs specifically, authorized credit institutions can offer or list them after notifying their supervisory authority and publishing a whitepaper. ART issuers face additional requirements: they must be EU-based and get their whitepaper approved before publication.
While MiCA doesn't use the term "stablecoin", both ARTs and EMTs are both considered to be types of stablecoins. More importantly, they both may be classified as "significant" by the European Banking Authority based on specific criteria, which subjects them to enhanced regulatory policy and oversight.
The full scope and definitions are set out in Title 1, Articles 2 and 3 respectively, which can be found here.
What is the timeline for MiCA implementation?
The deadline of December 30, 2024 is recognised as a key implementation date for MiCA, however, in practice, implementation of MiCA is set to happen in phases. Businesses should not mistake the phased implementation for leniency from regulators—non-compliance could lead to penalties and service disruptions until proper authorizations are obtained. Let’s take a look at each phase in turn.
1. Initial approval and adoption (April-June 2023)
This first phase began when MiCA was approved by the European Parliament on April 20, 2023, marking the ‘birthday’ of the regulatory framework. MiCA was then signed into law on May 31, 2023, and published in the Official Journal of the European Union (OJEU) on June 9, 2023. The regulation officially came into force 20 days later, on June 29, 2023.
2. Stablecoin regulation (June 30, 2024)
By June 30, 2024, MiCA’s rules on issuing asset-referenced tokens (ARTs) and e-money tokens (EMTs) were enforced, and all businesses subject to these rules should now be in full compliance with them. This includes maintaining full liquid asset backing, submitting regular transparency reports, meeting capital requirements, preparing detailed whitepapers according to Article 6 of MiCA, and undergoing mandatory regular audits of reserves. Issuers must maintain sufficient reserves to cover all issued tokens and provide detailed information about token functionality, associated risks, and underlying technology.
3. Licensing and authorization phase (January 2025)
Starting January 2025, Crypto Asset Service Providers (CASPs) must begin applying for licenses to operate within the EU. A grandfathering period of up to 18 months allows existing providers to continue operations while transitioning to full compliance. This provision permits EU member states to let existing crypto service providers operate from December 30, 2024, up to July 1, 2026, depending on each state's chosen duration. However, this grandfathering period is not mandatory for all jurisdictions, meaning some EU member states may offer a shorter period.
During this transitional period, crypto holders may have limited protections under MiCA, and National Competent Authorities will primarily focus on existing local Anti-Money Laundering regulations. To ensure a smooth transition, businesses should start by determining their appropriate license category (e.g., exchange operator, custody service provider). Then, businesses should begin assembling required documentation, including proof of capital adequacy and governance structures and lastly, should make sure that all business processes align with AML and KYC regulations.
Given the complexity of the licensing process, businesses are strongly encouraged to begin preparations well ahead of the January 2025 deadline.
4. TFR compliance (December 30, 2024)
The Transfer of Funds Regulation (TFR) enforcement begins on December 30, 2024. CASPs must implement systems for exchanging personal data of both senders and recipients of crypto asset transfers to ensure transparency and prevent money laundering.
Given the complexity of TFR requirements, implementing all necessary system changes well in advance is crucial. Organizations need to upgrade their infrastructure to properly handle sender and recipient data verification, while ensuring their platforms can seamlessly integrate with inter-CASP data exchange protocols for transaction processing. This compatibility should be determined before executing any transactions.
5. General compliance (July 2026)
By July 2026, all CASPs must achieve comprehensive compliance with MiCA requirements. This includes securing appropriate licenses from their National Competent Authority, implementing robust security protocols, and establishing operational standards that prioritize consumer protection and transparency.
All CASPs must demonstrate proper segregation of customer assets from company funds, maintain stringent data protection measures, and implement thorough AML/KYC procedures. To ensure compliance, businesses should conduct detailed internal assessments of their operational functions, security frameworks, and transparency practices well in advance of this final 2026 deadline.
6. Ongoing reporting and audits (June 2024 onwards)
Once the July 2026 deadline passes, all CASPs must actively maintain ongoing compliance with MiCA requirements. This includes regular submission of detailed transaction and trading volume reports, prompt reporting of security incidents, and maintaining comprehensive documentation of all compliance activities.
Stablecoin issuers must provide frequent transparency reports demonstrating their reserves are fully backed by liquid assets, while custodians must undergo regular audits to verify proper segregation and security of customer assets. To ensure continuous compliance, businesses should consider establishing dedicated compliance teams or partnering with regulatory specialists, and implement robust internal systems for tracking and documenting all compliance-related activities.
Source: ESMA
The official timeline is set out by ESMA, and although it is unlikely to change substantially, businesses should keep an eye on ESMA’s website for updates, including on any consultations or adaptations that may be introduced at the last minute.
MiCA will have big impacts and Web3 businesses should prepare for this regulation
MiCA will provide a long-awaited regulatory framework for crypto companies operating in the EU. While this development benefits many crypto businesses, it also requires significant effort to ensure compliance. Upon successful implementation, MiCA may serve as a model for other regulators worldwide who are considering introducing or adapting laws to address crypto market needs. This could lead to a more unified regulatory landscape for crypto and Web3 projects globally.
In the meantime, all crypto firms should be wary of MiCA’s far-reaching rules. To ensure MiCA compliance, start by assessing the scope and potential impact on your business. If you need assistance with any aspect of MiCA compliance, our legal experts at Legal Nodes are here to help. Contact us today to discuss your specific requirements and how we can support your compliance journey.
Prepare your project for MiCA compliance
