MiCA compliance monitoring: what tools actually help and what they miss

This article is for informational purposes only and does not constitute legal advice. Consult a qualified legal professional for advice specific to your situation.

MiCA is in force. The implementing layer is still arriving.

The Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, CELEX: 32023R1114) has applied in full since 30 December 2024. The headline framework — authorisation requirements for crypto-asset service providers, the issuance regimes for asset-referenced tokens and e-money tokens, and the conduct obligations for CASPs — is adopted and enforceable.

What is less widely understood is the volume of implementing and delegated acts that sit beneath the framework regulation and specify the actual operational requirements. ESMA has published technical standards covering CASP authorisation documentation, order execution policies, complaints handling procedures, conflicts of interest policies, and information disclosure requirements. EBA has published standards on ART and EMT reserve management, redemption rights, and own funds requirements. These technical standards were published progressively through 2024 and into 2025, many of them close to or after the full application date of the framework regulation.

A compliance team that tracked the framework regulation without tracking the technical standards layer has been working with an incomplete picture of what MiCA actually requires. And a compliance team using a monitoring tool that covers the framework regulation but misses the implementing acts has the same gap, regardless of how the tool markets itself.

This article maps what different types of compliance monitoring tools actually cover for MiCA, identifies the specific gaps that matter, and explains what source-anchored monitoring provides that other approaches cannot.

What MiCA compliance monitoring actually requires

Monitoring MiCA compliance is not a one-time exercise. It is a continuous process across at least three distinct layers.

The framework regulation itself. Regulation (EU) 2023/1114 sets out the authorisation requirements, the conduct obligations, the disclosure requirements, and the enforcement framework. This is the starting point and is well-covered by most monitoring approaches.

The Level 2 technical standards. ESMA and EBA are mandated to develop regulatory technical standards (RTS) and implementing technical standards (ITS) across a large number of areas specified in the framework regulation. These standards fill in the operational detail that the framework regulation deliberately leaves to the supervisory authorities. Whether a CASP’s authorisation application is complete, whether its order execution policy meets the standard, and whether its client asset safeguarding procedures are adequate are determined by the Level 2 standards, not by the framework regulation alone.

NCA guidance and supervisory expectations. National competent authorities across EU member states have issued guidance on how they are applying MiCA in their jurisdictions. Some NCAs have published detailed FAQs and supervisory expectations that go beyond the framework regulation and the ESMA/EBA technical standards. For firms operating across multiple EU jurisdictions or making decisions about which NCA to seek authorisation from, this NCA-level layer is operationally significant.

A monitoring tool that covers only the framework regulation is covering the top layer of a three-layer compliance picture. The technical standards layer is where most of the operational compliance requirements actually live.

Why generic AI tools fail for MiCA monitoring

The failure modes described in the broader article on why generic AI tools are unreliable for regulatory compliance research manifest with particular force for MiCA, for a specific reason: the timeline of MiCA’s development means that the relationship between training data vintage and regulatory accuracy is unusually consequential.

MiCA was proposed in 2020, went through a multi-year legislative process, was published in the Official Journal in June 2023, and began applying in stages from June 2024 through December 2024. The Level 2 technical standards were developed and published through 2023, 2024, and 2025. A language model trained at any point during this period will have a view of MiCA that reflects the state of the regulation at the training cutoff, not the current state of the full framework including its implementing measures.

Specific examples of how this creates compliance risk:

A generic AI tool asked about MiCA authorisation requirements for a CASP may describe the requirements as set out in the framework regulation without incorporating the ESMA technical standards that specify the content and format of the authorisation application. A firm that relies on this answer to prepare its application may submit an incomplete application.

A tool asked about MiCA stablecoin requirements may describe the ART or EMT requirements as they existed in an earlier draft or in the framework regulation alone, without incorporating the EBA technical standards on reserve asset composition, redemption procedures, and own funds requirements that were finalised in 2024.

A tool asked about MiCA conduct obligations may describe the general principles set out in the framework regulation without incorporating the Level 2 standards that specify how those principles translate into operational requirements for order execution, client categorisation, or conflicts of interest management.

In each case, the answer is not fabricated. It reflects what the regulation says at the level the tool has coverage of. The problem is that level is not sufficient for operational compliance decisions.

What enterprise monitoring platforms cover for MiCA

Enterprise platforms such as Wolters Kluwer FRR and Corlytics cover MiCA within their broader EU financial regulation monitoring. Their coverage is generally strong on the framework regulation and on the major Level 2 standards published through their analyst curation processes. The limitations are the same ones that apply to these platforms generally: multi-jurisdiction breadth dilutes EU-specific depth, analyst curation introduces latency between publication and platform delivery, and the absence of a source-anchored query interface means users cannot interrogate specific provisions directly.

For a firm whose primary or sole regulatory exposure is MiCA, an enterprise platform delivers substantially more coverage than it needs, at substantially higher cost, with a UI designed for a compliance team of twenty rather than the two-person team most CASPs are operating with.

What source-anchored monitoring provides

A source-anchored regulatory intelligence system built on EUR-Lex continuous ingestion provides something that neither generic AI tools nor analyst-curated enterprise platforms provide in the same form: the ability to ask a specific compliance question and receive an answer that is demonstrably grounded in the current official text of the specific regulation and technical standard being asked about.

For MiCA specifically, this means:

A compliance professional can ask what the authorisation requirements for a CASP operating a crypto-asset exchange are, and receive an answer sourced from the current text of the framework regulation and the relevant ESMA technical standards, with CELEX citations that allow the underlying documents to be verified independently.

A compliance professional can ask what the reserve asset requirements for an ART issuer are under the EBA technical standards, and receive an answer drawn from the specific standard in force, not from a general characterisation of the MiCA stablecoin regime.

A compliance professional can ask whether a firm’s specific business model brings it within the scope of MiCA’s CASP authorisation requirements, and receive an answer that cites the specific scope provisions and relevant definitions in the regulation text, with a clear indication of what the regulation says and what requires independent legal judgement beyond what the text specifies.

What no monitoring tool covers

Honest coverage of this topic requires acknowledging what monitoring tools, including Forseti, do not provide.

NCA-specific supervisory guidance. The guidance that individual national competent authorities have published on MiCA authorisation processes, supervisory expectations, and local implementation choices is not systematically indexed on EUR-Lex. Monitoring EUR-Lex provides comprehensive coverage of the framework regulation and the Level 2 technical standards, but does not cover the NCA-level layer. For firms making decisions about which NCA to approach for authorisation, or navigating the specific requirements of a particular NCA’s authorisation process, direct engagement with the NCA’s published materials remains necessary.

Legal interpretation of scope and exemptions. Whether a specific firm’s business model brings it within MiCA’s scope, whether an exemption applies, and how to structure a token offering to meet the issuance requirements are questions of legal analysis. Monitoring tools surface the relevant provisions and allow the compliance professional to read what the regulation says. They do not substitute for the legal judgment required to apply those provisions to a specific set of facts.

ESMA Q&A updates and informal supervisory guidance. ESMA periodically publishes Q&A documents that interpret the framework regulation and the technical standards. These are not legislative instruments and are not published on EUR-Lex as CELEX-identified documents. They are important for understanding how ESMA expects firms to apply the regulation in practice and are a gap in any EUR-Lex-anchored monitoring approach.

The monitoring approach that fits the problem

For most CASPs and crypto-asset issuers, the practical monitoring approach combines source-anchored regulatory intelligence for the EUR-Lex layer with direct monitoring of ESMA and EBA publication feeds for Q&A updates and supervisory guidance, and periodic engagement with their NCA’s published materials for jurisdiction-specific requirements.

This is not a one-tool solution. The regulatory landscape for MiCA is deep enough that different parts of it require different monitoring approaches. What source-anchored intelligence provides is reliable, continuously updated coverage of the adopted law layer, which is the foundation everything else builds on.

Using a generic AI tool for any part of this is a structural risk. The MiCA implementing regulation landscape moves faster than training cycles. The confidence signal of generic AI output is not calibrated to its accuracy. The three tests of source transparency, currency, and scope discipline are the right framework for evaluating any tool used for compliance-grade regulatory research, and generic AI tools fail all three.

For a full overview of what MiCA requires for crypto-asset service providers, including the authorisation process and ongoing conduct obligations, see: MiCA for crypto-asset service providers: what authorisation actually requires.

For background on the MiCA framework and who it affects, see: What is MiCA and who does it affect?.

Forseti monitors MiCA via EUR-Lex, delivering personalised alerts and source-anchored answers cited to specific CELEX identifiers. Start for free.

This article is part of a series on the EU regulatory intelligence platform landscape. See also: EU financial regulation software: what firms actually need.