AI Regulation Watch

MiCA Regulation and the EU Crypto-Asset Market: An Analysis of CASP Obligations

The Regulation on Markets in Crypto-Assets — MiCA (Markets in Crypto-Assets, Regulation (EU) 2023/1114) represents one of the most significant […]

The Regulation on Markets in Crypto-Assets — MiCA (Markets in Crypto-Assets, Regulation (EU) 2023/1114) represents one of the most significant regulatory undertakings by the European Union in the field of finance in the past decade. MiCA introduces a unified, harmonised framework for the entire EU crypto sector, replacing a patchwork of national rules and unregulated areas. For all companies operating in the domain of crypto-assets, understanding MiCA obligations is not optional — it is a prerequisite for lawful operation. This text is informational in nature and does not substitute individual legal advice.

What Is MiCA and What Does It Cover

MiCA is a regulation of the European Parliament and of the Council that applies directly in all EU Member States without the need for separate transposition into national law. The Regulation covers three main categories of crypto-assets:

Asset-referenced tokens (ART) — tokens that use a reference basket of assets (currencies, commodities, crypto-assets or a combination thereof) to stabilise their value.

E-money tokens (EMT) — tokens that use a single official currency to stabilise their value.

Other crypto-assets — all tokens that do not fall into either of the preceding two categories, including the vast majority of cryptocurrencies and utility tokens.

MiCA does not apply to crypto-assets that qualify as financial instruments within the meaning of MiFID II (Markets in Financial Instruments Directive II, Directive 2014/65/EU) — tokens that correspond to shares or bonds. Also excluded are NFTs (non-fungible tokens) that are genuinely unique and serve no financial function; however, NFTs issued in large series or collections, or those that carry the same rights and functions or exhibit the characteristics of financial instruments, may fall within the scope of MiCA, and potentially even MiFID II.

Licensing of Crypto-Asset Service Providers (CASPs)

The central element of MiCA is the mandatory licensing of crypto-asset service providers (CASPs). The categories of services subject to licensing include:

  • Custody and administration of crypto-assets on behalf of clients
  • Operation of a trading platform for crypto-assets
  • Exchange of crypto-assets for funds (fiat currency) and vice versa
  • Exchange of crypto-assets for other crypto-assets
  • Execution of orders on behalf of clients
  • Placing of crypto-assets
  • Provision of advice and portfolio management in respect of crypto-assets
  • Provision of transfer services for crypto-assets on behalf of clients

In order to obtain a licence, a CASP must meet a number of organisational requirements: a registered office or branch in the EU, a sound governance structure, appropriate management free of criminal convictions relevant to financial offences, sufficient capital and professional indemnity insurance, and robust operational procedures.

Once obtained, a MiCA licence is valid across the entire EU by virtue of the “passport” principle, allowing a CASP to access the single market of 27 Member States without the need to be re-licensed in each of them.

Transparency Obligations and the White Paper

Before any person issues or offers crypto-assets to the public in the EU, MiCA requires the publication of a white paper. This document must contain detailed information about the issuer, the project, the type of crypto-asset, the rights it confers, its technological features and the risks involved. The white paper is submitted to the competent authority and published on the project’s website.

For ARTs and EMTs, the requirements are considerably stricter — prior authorisation from the competent authority is mandatory before any public offer. This reflects the greater systemic importance and potential impact of these categories of tokens on financial stability.

The white paper must not contain misleading or inaccurate information, and the issuer bears responsibility for its accuracy. This is particularly important given that investors may bring claims for damages in the event of financial losses caused by inaccurate statements in the white paper.

Consumer Protection and Market Integrity

MiCA places particular emphasis on the protection of crypto-service users. Before opening an account, a CASP is required to obtain sufficient information on the client’s knowledge, experience and financial situation. Client funds must be segregated from the CASP’s own assets, with clear rules on safekeeping and oversight.

With regard to market integrity, MiCA introduces prohibitions analogous to the rules applicable to traditional financial markets: the use of inside information, market manipulation and the dissemination of false information about crypto-assets are all prohibited. Prior to MiCA, this area represented a legal vacuum; it now falls under direct regulatory supervision.

Operational Resilience and Cybersecurity

CASPs are required to establish and document comprehensive policies and procedures for managing operational risks, including cybersecurity risks. Particular emphasis is placed on the obligation to maintain business continuity plans and recovery plans for catastrophic events.

Any incident that may materially affect the provision of services must be reported to the competent authority without undue delay. This incident reporting obligation requires CASPs to establish an appropriate system for monitoring and escalating events.

Specifics for Stablecoins: ARTs and EMTs

Issuers of asset-referenced tokens (ARTs) and e-money tokens (EMTs) are subject to the most stringent regulatory treatment within the MiCA framework. Key requirements include:

The obligation to maintain a reserve fund corresponding to the value of tokens in circulation, subject to strict requirements as to the type and liquidity of the reserve assets. The prohibition on using reserves for investment purposes limits the scope for yield-generating activities.

The obligation to grant holders the right to redeem tokens at par value at any time, meaning that the peg to the reference asset or currency is legally binding.

For significant ARTs and EMTs (with a large user base or high transaction volume), the European Banking Authority (EBA) assumes additional, or direct, supervisory powers, alongside the consultative role of the European Central Bank (ECB) and the relevant national competent authorities, raising the compliance bar for issuers.

Frequently Asked Questions (Q&A)

Does MiCA apply to companies based outside the EU that offer services to EU users? Yes. MiCA applies to companies that offer crypto-asset services to EU users regardless of where the company is incorporated, provided they are actively targeting clients in the EU. A company without an EU registered office may provide certain services in limited circumstances (exclusively on the client’s own initiative — the so-called reverse solicitation exception, which is interpreted very narrowly), but active marketing directed at EU users requires MiCA compliance.

What is “passporting” in the context of MiCA and how does it work? Passporting means that a CASP that has obtained a licence in one EU Member State automatically acquires the right to provide those services in all other EU Member States without the need for individual national approvals. It is sufficient to notify the competent authority of the home Member State and the host Member State.

What are the consequences of providing services without a MiCA licence? Providing services that require licensing without holding one is unlawful and may attract administrative sanctions, including fines and a prohibition on carrying on business. The competent authorities have the power to order the cessation of service provision and to inform the public about non-compliant entities.

How are decentralised protocols treated under MiCA? Fully decentralised services without an identifiable intermediary may fall outside the scope of MiCA. In practice, however, many projects that present themselves as decentralised contain elements of centralisation that may bring them within the scope of the regulation. This is a matter that requires careful legal analysis on a case-by-case basis.

Conclusion

The MiCA Regulation fundamentally changes the landscape of the crypto industry in the EU. For companies that have until now operated in a regulatory grey area, MiCA provides legal certainty, but also imposes significant organisational and financial compliance costs. Those that prepare in a timely manner will obtain licensed status giving them access to the entire EU market, while those that fail to do so risk legal sanctions and the loss of user trust.

If your company provides or plans to provide crypto-asset services in the EU and you wish to understand what MiCA means in practice for your business, schedule a consultation with our team specialised in digital finance regulation.

Sources: – https://www.esma.europa.eu/databases-library/esma-library/mica-regulation – https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114 – https://www.ecb.europa.eu/press/blog/date/2023/html/ecb.blog230626~c3830c25d8.en.html – https://www.eba.europa.eu/regulation-and-policy/crypto-assets/ebas-supervisory-role-under-mica

The content of this website is informational and does not constitute legal advice. For specific legal advice, contact a lawyer directly. The firm operates in accordance with the Law on the Legal Profession and the Code of Professional Ethics for Lawyers.

Scroll to Top