MiCA Compliance for Crypto Companies

The Markets in Crypto-Assets Regulation (MiCA) is the European Union’s first unified regulatory framework for crypto-asset markets. MiCA replaces 27 separate national licensing regimes with a single authorization standard, requiring every crypto-asset service provider (CASP) operating in the EU to meet harmonized capital, governance, custody, and consumer protection obligations. A crypto subledger that produces accurate, auditable transaction records forms the operational foundation for satisfying MiCA’s reporting and record-keeping mandates.

What Is the Markets in Crypto-Assets Regulation (MiCA)?

MiCA (Regulation (EU) 2023/1114) is a directly applicable EU regulation that establishes comprehensive rules for the issuance, offering, and provision of services related to crypto-assets across all 27 member states. The European Parliament adopted MiCA on April 20, 2023, and the regulation entered into force on June 29, 2023. Publication in the Official Journal of the European Union followed on June 9, 2023, under document reference L 150/52.

Before MiCA, crypto-asset regulation in Europe was fragmented. France operated the PSAN (Prestataires de Services sur Actifs Numériques) registration regime under the Pacte Law. Germany required a BaFin crypto custody license under the Kreditwesengesetz. Malta enacted the Virtual Financial Assets Act. Each national regime imposed different requirements, creating regulatory arbitrage and compliance complexity for cross-border operators.

MiCA eliminates that fragmentation. A CASP authorized in one EU member state holds a “passport” to offer services across the entire European Economic Area without obtaining additional national licenses. The European Securities and Markets Authority (ESMA) maintains a public register of all authorized CASPs, accessible through the ESMA Financial Instruments Reference Data System.

The regulation classifies crypto-assets into 3 categories: asset-referenced tokens (ARTs), e-money tokens (EMTs), and a residual category covering all other crypto-assets not classified as financial instruments under MiFID II. Each category triggers distinct issuance and disclosure requirements. Crypto-assets already regulated as financial instruments, deposits, securitization positions, or insurance products fall outside MiCA’s scope, as existing EU financial services legislation already governs those instruments.

MiCA represents the most comprehensive crypto-asset regulatory framework enacted by any major jurisdiction. The compliance requirements extend across licensing, prudential standards, conduct of business rules, market abuse prevention, and supervisory cooperation.

Which Crypto Businesses Require MiCA Authorization?

Every entity providing 1 or more of 10 defined crypto-asset services within the EU requires CASP authorization from a national competent authority (NCA). Article 59 of MiCA enumerates these 10 service categories with precise definitions.

The 10 CASP service categories are:

1. Custody and administration of crypto-assets — Safekeeping or controlling crypto-assets or the means of access to those assets on behalf of clients.
2. Operation of a trading platform — Managing a multilateral system that brings together multiple buying and selling interests in crypto-assets.
3. Exchange of crypto-assets for funds — Entering into contracts to buy or sell crypto-assets against fiat currency using proprietary capital.
4. Exchange of crypto-assets for other crypto-assets — Entering into contracts to exchange one crypto-asset for another using proprietary capital.
5. Execution of orders — Concluding agreements to buy or sell crypto-assets on behalf of clients.
6. Placing of crypto-assets — Marketing newly issued crypto-assets to buyers on behalf of the offeror or issuer.
7. Reception and transmission of orders — Receiving and transmitting orders on behalf of clients to a third party for execution.
8. Providing advice on crypto-assets — Offering personalized recommendations to clients regarding crypto-asset transactions.
9. Providing portfolio management — Managing portfolios containing crypto-assets on a discretionary, client-by-client basis.
10. Providing transfer services — Transferring crypto-assets on behalf of a person from one distributed ledger address to another.

Certain entities benefit from exemptions. Credit institutions authorized under the Capital Requirements Regulation (CRR) are permitted to provide crypto-asset services after notifying their NCA, without obtaining a separate CASP license. Investment firms authorized under MiFID II similarly benefit from a notification procedure rather than full CASP authorization for overlapping services. Central securities depositories are exempt when performing custody functions already covered under the CSDR.

Third-country firms face strict limitations. A non-EU entity is not permitted to solicit EU clients or provide crypto-asset services within the EU without establishing an authorized entity in a member state. Reverse solicitation — where an EU client initiates contact with a third-country provider entirely on their own initiative — remains permissible, but ESMA issued guidelines in December 2024 narrowing the circumstances under which reverse solicitation is recognized as genuine.

What Are the MiCA Capital and Prudential Requirements?

MiCA establishes minimum own funds requirements based on the type of crypto-asset service provided. Article 67 and Annex IV define 3 service classes, each reflecting the risk profile of the associated service category.

Class 1 — €50,000 minimum own funds:

• Execution of orders on behalf of clients
• Placing of crypto-assets
• Providing transfer services for crypto-assets on behalf of clients
• Reception and transmission of orders on behalf of clients
• Providing advice on crypto-assets
• Providing portfolio management on crypto-assets

Class 2 — €125,000 minimum own funds:

• Any services included under Class 1, plus:
• Custody and administration of crypto-assets on behalf of clients
• Exchange of crypto-assets for funds
• Exchange of crypto-assets for other crypto-assets

Class 3 — €150,000 minimum own funds:

• Operation of a trading platform for crypto-assets

A CASP providing multiple services meets the highest applicable class. An entity operating both a trading platform (€150,000) and a custody service (€125,000) maintains minimum own funds of €150,000, not a combined total.

Beyond the fixed minimum, Article 67(2) imposes a variable capital requirement: one quarter of the preceding year’s fixed overhead costs. The higher of the fixed minimum and the overhead-based calculation applies. Fixed overhead costs are calculated according to criteria specified in ESMA’s regulatory technical standards (RTS), which align with the methodology used under the Investment Firms Regulation (IFR).

CASPs also maintain professional indemnity insurance or a comparable guarantee. Article 67(5) requires this coverage for CASPs providing advice or portfolio management services. The insurance covers liability arising from breach of professional duty, negligence, or failure to perform obligations. Minimum coverage amounts are specified in ESMA’s delegated acts.

Own funds are composed of Common Equity Tier 1 (CET1) items as defined in the CRR, adjusted for the specific characteristics of crypto-asset service providers. Instruments qualifying as own funds include paid-up share capital, share premium accounts, retained earnings, and other reserves. Intangible assets, deferred tax assets, and holdings of own instruments are deducted.

How Does MiCA Regulate Stablecoins?

MiCA dedicates 2 separate titles to stablecoin regulation, reflecting the systemic importance of tokens designed to maintain a stable value. Title III governs asset-referenced tokens (ARTs), and Title IV governs e-money tokens (EMTs). Each title imposes distinct issuance, reserve, redemption, and supervisory requirements.

Asset-Referenced Tokens (ARTs) maintain their value by referencing multiple assets, including fiat currencies, commodities, or other crypto-assets. ART issuers obtain authorization from their NCA and publish a white paper approved by the NCA before offering tokens to the public. Article 36 requires ART issuers to maintain a reserve of assets backing the token at all times, with the reserve’s composition matching the assets referenced by the token.

Reserve assets are held by authorized credit institutions or custody providers, segregated from the issuer’s own assets. Independent audits of reserve adequacy are conducted every 6 months. ART issuers with more than €5 billion in issued tokens are classified as “significant” by the European Banking Authority (EBA), triggering enhanced prudential requirements including higher capital buffers and liquidity stress testing.

E-Money Tokens (EMTs) reference a single official fiat currency and function as digital representations of that currency. EMT issuers are authorized either as credit institutions under the CRR or as electronic money institutions under the Electronic Money Directive 2 (EMD2). Article 48 requires EMT issuers to invest at least 30% of reserve funds in separate accounts at credit institutions, with the remainder held in secure, low-risk financial instruments.

EMT holders are granted a redemption right at par value at any time. The issuer redeems tokens at face value in the referenced fiat currency, without charging fees for redemption. The European Central Bank (ECB) exercises supervisory authority over significant EMTs — those exceeding €5 billion in issued value or 10 million holders. The ECB issues binding opinions on authorization applications for stablecoin issuers classified as significant.

Article 23 imposes issuance limits on non-euro-denominated ARTs and EMTs. Tokens referencing a non-EU currency face transaction volume caps: no more than 1 million transactions per day and €200 million in daily transaction volume when used as a means of exchange within the EU. Breaching these thresholds triggers a mandatory cessation of issuance until volumes fall below the limits.

What Governance and Custody Obligations Does MiCA Impose?

MiCA establishes detailed governance standards for both CASP management bodies and custody operations. Article 68 requires every CASP to maintain a management body whose members are of sufficiently good repute and possess adequate knowledge, skills, and experience to perform their duties.

Management body composition follows “fit and proper” criteria defined in ESMA’s guidelines. Each member of the management body undergoes an assessment covering criminal record, financial soundness, professional experience, and potential conflicts of interest. At least 1 member of the management body demonstrates specific expertise in crypto-assets or distributed ledger technology. NCAs are empowered to reject authorization applications where management body composition is deemed inadequate.

Internal governance requirements mirror those applicable to investment firms under MiFID II. CASPs establish and maintain clear organizational structures with well-defined, transparent, and consistent lines of responsibility. Internal control functions — compliance, risk management, and internal audit — operate independently from the business lines they oversee. CASPs with more than 50 employees or annual revenue exceeding €5 million appoint a dedicated compliance officer.

Custody and client asset protection under Article 70 imposes strict segregation obligations. Client crypto-assets are held separately from the CASP’s proprietary assets at all times. The CASP maintains an internal register of positions and transactions for each client, reconciled at least daily. In the event of the CASP’s insolvency, client crypto-assets are not treated as part of the CASP’s estate and are returned to clients.

CASPs holding client funds (fiat currency) deposit those funds with a credit institution by the end of the next business day following receipt. Commingling of client funds with the CASP’s own funds is prohibited. The CASP’s custody policy — including the procedure for handling lost private keys, forks, airdrops, and staking rewards — is disclosed to clients before entering into a custody agreement.

Record-keeping obligations require CASPs to retain all records of services, transactions, and orders for a minimum of 5 years. Records are stored in a format permitting regulatory authorities to reconstruct each transaction and verify compliance. The accounting standards governing fair value measurement of crypto-assets apply to the CASP’s own financial statements and to the valuation of client holdings.

What Is the MiCA Authorization Process?

The CASP authorization process follows a structured sequence defined in Articles 59 through 64 of MiCA. Each national competent authority administers the process for entities establishing their registered office in that member state.

Rejection grounds include insufficient capital, inadequate governance, failure to satisfy AML/CTF requirements, or the existence of close links with entities in jurisdictions that obstruct effective supervision. The NCA provides a written statement of reasons for any rejection. Applicants appeal rejections through the administrative and judicial review procedures of the relevant member state.

What Is the MiCA Implementation Timeline?

MiCA’s implementation follows a phased approach, with different provisions taking effect at separate dates. Member states supplemented the EU-level timeline with national transition arrangements.

The European Banking Authority published guidelines on the classification of significant ARTs and EMTs by December 2024. Tokens meeting the significance thresholds — €5 billion in issued value, 10 million holders, or 2.5 million daily transactions — transitioned from NCA supervision to EBA direct supervision.

ESMA established supervisory convergence mechanisms to ensure NCAs apply MiCA consistently. Peer reviews, common supervisory actions, and Q&A publications address divergent interpretations. The ESMA MiCA Q&A, published quarterly, covers 89 questions as of March 2026, addressing topics from white paper content requirements to the treatment of non-fungible tokens (NFTs) at the boundary of MiCA’s scope.

Crypto exchanges and trading platforms operating under national grandfathering provisions maintain existing operations during the transition period, provided an authorization application is submitted to the NCA before the national deadline.

How Does MiCA Interact with DAC8 and Other EU Regulations?

MiCA operates within a broader EU regulatory ecosystem that includes tax reporting, operational resilience, and anti-money laundering frameworks. Authorization under MiCA triggers obligations under several parallel regulations.

DAC8 (Directive on Administrative Cooperation — 8th amendment) requires crypto-asset service providers to report transaction data to tax authorities. Every entity authorized as a CASP under MiCA automatically falls within DAC8’s reporting scope. DAC8 reporting obligations commenced on January 1, 2026, with first reports due by January 31, 2027. The overlap between MiCA authorization and DAC8 reporting is by design — the EU legislature intended MiCA-authorized entities to serve as the primary reporting channel for crypto-asset transaction data.

DORA (Digital Operational Resilience Act — Regulation (EU) 2022/2554) applies to CASPs as financial entities. DORA mandates ICT risk management frameworks, incident reporting procedures, digital operational resilience testing, and third-party ICT risk management. CASPs classify ICT incidents according to DORA’s severity taxonomy and report major incidents to their NCA within 4 hours of classification. DORA became applicable on January 17, 2025, meaning MiCA-authorized CASPs face concurrent compliance obligations.

Transfer of Funds Regulation (TFR — Regulation (EU) 2023/1113) extends the “travel rule” to crypto-asset transfers. CASPs include originator and beneficiary information with every crypto-asset transfer, regardless of amount. The TFR eliminates the de minimis threshold that applies to traditional wire transfers, requiring full identification data for all crypto transactions. The TFR became applicable on December 30, 2024, simultaneously with MiCA Title V.

AMLD6 (6th Anti-Money Laundering Directive) and the proposed AML Regulation establish harmonized AML/CTF requirements across the EU. CASPs conduct customer due diligence, monitor transactions for suspicious activity, file suspicious transaction reports (STRs), and maintain AML records for 5 years. The Anti-Money Laundering Authority (AMLA), headquartered in Frankfurt, assumes direct AML/CTF supervision of selected high-risk CASPs starting in 2028.

MiFID II continues to govern crypto-assets classified as financial instruments. Security tokens representing transferable securities, such as tokenized equity or debt instruments, fall under MiFID II rather than MiCA. The boundary between MiCA and MiFID II depends on whether the crypto-asset qualifies as a “transferable security” under Article 4(1)(44) of MiFID II. ESMA published guidance in 2024 clarifying the classification criteria, though borderline cases remain subject to NCA interpretation.

The cumulative compliance burden is substantial. A CASP operating a trading platform and custody service in the EU simultaneously satisfies requirements under MiCA (authorization, capital, governance), DAC8 (tax reporting), DORA (ICT resilience), TFR (travel rule), and AMLD6 (AML/CTF). Maintaining a unified crypto subledger that captures every transaction with full counterparty data, timestamps, and asset classifications streamlines compliance across all 5 regulatory frameworks.