The Markets in Crypto-Assets Regulation — universally referred to as MiCA — entered into force on 30 June 2023 and has been applying in phases since. The stablecoin provisions became effective in June 2024, and the full regime covering crypto-asset service providers (CASPs) applied from 30 December 2024. MiCA establishes, for the first time, a harmonised EU-wide legal framework for the issuance and provision of services related to crypto-assets that do not qualify as financial instruments under existing EU law. It is, by any measure, the most comprehensive crypto-asset framework enacted by any major jurisdiction to date.
Scope and Exclusions
MiCA applies to crypto-assets broadly defined as a digital representation of a value or of a right that can be transferred and stored electronically using distributed ledger technology or similar technology. This is deliberately wide. However, several important categories fall outside MiCA’s scope. Crypto-assets that qualify as financial instruments under MiFID II — including tokenised securities — remain governed by existing financial services law, not MiCA. Central bank digital currencies issued by EU central banks are also excluded. Non-fungible tokens (NFTs) that are truly unique and not fungible with other assets are generally excluded, though the regulation includes anti-fragmentation provisions to prevent fungible assets from being structured as technically non-fungible to evade regulation.
Within scope, MiCA distinguishes three categories of asset. Electronic money tokens (EMTs) are crypto-assets that purport to maintain a stable value by referencing the value of one official currency. Asset-referenced tokens (ARTs) are crypto-assets that maintain a stable value by referencing multiple currencies, commodities, other crypto-assets, or a combination. All other crypto-assets not falling into these two categories are regulated as a residual class simply called crypto-assets under Title III of the regulation, which includes utility tokens and most cryptocurrencies.
Asset-Referenced Tokens and E-Money Tokens: The Stablecoin Framework
The ART and EMT provisions, which apply from June 2024, are the most stringent in MiCA. Issuers of ARTs must be authorised by the competent authority of their EU home member state. The authorisation process requires submission of a detailed whitepaper, an assessment of the issuer’s governance, a reserve asset policy, and ongoing compliance with capital requirements. Issuers must hold own funds of at least EUR 350,000 or, for larger issuers, 2% of the average reserve assets.
The reserve requirements are particularly demanding. ART issuers must hold reserves equal to 100% of the outstanding token value, maintained in specific low-risk assets under the management rules of the regulation. The European Banking Authority (EBA) has supervisory authority over ARTs deemed significant — assessed by reference to criteria including number of holders, market capitalisation, and cross-border use — and can impose additional requirements on significant issuers, including higher own funds and liquidity requirements.
EMT issuers face a further constraint: only credit institutions and electronic money institutions authorised under EU law may issue EMTs. This requirement effectively channels euro-denominated stablecoin issuance into the existing regulated payments sector, restricting entry for pure crypto-native issuers who are not already licensed as payment institutions. For USD-referenced EMTs, the constraint bites less hard in the short term, but the regulatory logic remains: the EU has drawn a firm line between payment instruments and investment instruments, placing EMTs firmly in the former category.
Crypto-Asset Service Providers: Authorisation and Conduct Requirements
CASPs — entities providing services such as custody, exchange, portfolio management, order reception and transmission, and advice in relation to crypto-assets — must be authorised in an EU member state from 30 December 2024. The authorisation covers a specified list of services, and CASPs may passport their authorisation across the EU, a feature that was entirely absent from the fragmented national regimes that previously applied in some member states.
Authorisation requirements include: being a legal entity established in the EU; having adequate organisational arrangements including management body requirements, governance, and internal controls; meeting minimum capital requirements (ranging from EUR 50,000 for advice and reception/transmission services to EUR 150,000 for custody and exchange against fiat); holding professional indemnity insurance or equivalent; and ensuring that management body members have sufficient knowledge, skills, and experience and are of good repute.
In terms of conduct requirements, CASPs operating trading platforms must provide fair and transparent access, publish a non-discriminatory trading policy, have rules governing the admission of crypto-assets to trading, and maintain operational resilience. CASPs providing custody must maintain detailed records, segregate client assets from their own, and have a liability regime for losses caused by malfunctions or hacks. This custody liability framework is one of the most commercially significant conduct provisions for institutional-grade CASP operators.
Whitepapers and Disclosure Obligations
Issuers of crypto-assets that are not ARTs or EMTs must publish a whitepaper before offering tokens to the public in the EU or seeking admission to a trading platform. The whitepaper must contain prescribed information about the issuer, the project, the rights attached to the token, the underlying technology, the risks, and the use of proceeds. Unlike a prospectus under the Prospectus Regulation, there is no pre-approval requirement for most whitepapers, though national competent authorities have powers to require modifications.
Importantly, the whitepaper triggers civil liability: if a whitepaper contains materially misleading or inaccurate information, investors who suffered a loss may claim compensation from the issuer. This is a significant departure from the position that existed before MiCA, where crypto-asset issuers operated largely outside regulated disclosure liability frameworks. The issuer’s management body is jointly and severally responsible for ensuring whitepaper compliance, which focuses board-level attention on disclosure quality.
Market Abuse Provisions
MiCA introduces a market abuse framework for crypto-assets admitted to trading on an EU trading platform. This covers insider dealing, unlawful disclosure of inside information, and market manipulation in the crypto-asset context. The market abuse provisions are modelled on the EU Market Abuse Regulation (MAR) applicable to traditional securities, adapted for the technical characteristics of distributed ledger-based markets.
The practical implication is that insider trading in tokens admitted to a MiCA-regulated venue is now explicitly illegal across the EU, with criminal sanctions available in member states that elect to implement criminal law provisions. This brings crypto market integrity regulation into the mainstream legal framework and creates new compliance obligations for projects whose tokens are listed on licensed trading platforms.
Third-Country CASPs and the Market Access Question
MiCA does not establish a formal equivalence regime for third-country CASPs. Non-EU service providers may only serve EU clients on a reverse solicitation basis — where the client approaches the CASP on their own initiative — but may not actively market services into the EU without EU authorisation. This reverse solicitation limitation is intended to be narrow: if a CASP takes any steps to target or market to EU clients, the reverse solicitation exemption does not apply.
In practice, this creates a significant structural challenge for non-EU crypto platforms that have EU-based users. Major exchanges operating from the US, UK, or other jurisdictions must either obtain EU authorisation through a subsidiary, restrict EU access, or demonstrate that their EU client relationships genuinely arose from unsolicited client approaches. Given the marketing and promotional activity typical in the crypto sector, demonstrating genuine reverse solicitation will be difficult for most platforms.
Interaction with Existing Financial Services Law
MiCA creates a clear boundary at the intersection with financial instruments law, but the boundary is not always easy to identify in practice. Tokenised bonds, tokenised fund interests, and certain DeFi governance tokens may qualify as financial instruments under MiFID II, taking them outside MiCA and into the existing regulatory framework. The Classification is determined by the rights attaching to the token, not by its technical form. Given the ongoing evolution of token design, issuers seeking to avoid MiCA obligations by structuring tokens with certain characteristics should be aware that national competent authorities and ESMA will scrutinise such arrangements.
The interaction with GDPR is also non-trivial. MiCA requires CASPs to maintain detailed records, but the immutable nature of some blockchain architectures creates tension with GDPR’s right to erasure. ESMA has acknowledged this tension but has not resolved it, leaving CASPs to manage the conflict between their MiCA record-keeping obligations and their GDPR data minimisation and erasure obligations on a case-by-case basis.
Strategic Implications for the European Crypto Sector
MiCA represents a major maturation of the European crypto-asset market. For reputable operators, it provides legal certainty and a passport into the world’s largest single market. For investors in crypto infrastructure companies, MiCA-authorised CASPs have a meaningful competitive moat against non-authorised competitors who must restrict EU market access. The compliance cost of authorisation is real but manageable for established operators.
The more significant challenge is for decentralised finance (DeFi) protocols and truly decentralised infrastructure, which MiCA largely does not address because there is no identifiable service provider on whom obligations can be imposed. ESMA has been tasked with assessing whether DeFi requires a bespoke regulatory framework, and a legislative proposal is anticipated in the coming years. In the interim, the legal status of DeFi participation by EU residents remains an area of genuine regulatory uncertainty that founders, developers, and investors in this space must navigate carefully.
Conclusion
MiCA is a major legislative achievement that gives the EU crypto market a regulatory foundation it previously lacked. Its practical implications are far-reaching: stablecoin issuers must hold reserves and obtain authorisation, CASPs must obtain licences and meet conduct standards, issuers must publish regulated whitepapers, and market integrity is now enforceable. For businesses operating in or targeting the EU crypto market, building MiCA compliance into the organisational structure is now a precondition for sustainable commercial operation in the region.