Insights / EU regulation
What is MiCA and who does it affect?

What is MiCA and who does it affect?

The Markets in Crypto-Assets Regulation is the EU's comprehensive framework for crypto-asset oversight. This article explains what MiCA covers, who falls within its scope, and what the key obligations are for issuers, exchanges, and wallet providers.

8 min read
MiCAEU financial regulationCrypto assetsComplianceRegulatory intelligence

The regulation that changed crypto in Europe

The Markets in Crypto-Assets Regulation, known as MiCA, is the EU’s primary legislative framework governing crypto-assets and the firms that issue or provide services around them. It entered into force in June 2023 and became fully applicable in December 2024, making the EU the first major jurisdiction to implement comprehensive, purpose-built crypto regulation at scale.

MiCA matters beyond Europe. Because it establishes a passporting regime, a firm authorised in one EU member state can operate across all 27. For any business with EU customers or EU ambitions, MiCA is now a baseline compliance requirement, not a regional consideration.

This article covers what MiCA regulates, which entities fall within its scope, and what the core obligations look like in practice. For a broader orientation to EU financial regulation, see EU financial regulation in 2026: what it covers, who it affects, and why horizon scanning matters.

What MiCA regulates

MiCA covers three categories of asset and the firms that work with them.

Crypto-assets in general. The regulation applies to any digital representation of value or rights that can be transferred and stored electronically using distributed ledger technology. This is a deliberately broad definition intended to capture the full range of tokens in use, rather than specific technical implementations.

Asset-referenced tokens (ARTs). These are tokens that maintain a stable value by referencing a basket of assets: fiat currencies, commodities, or other crypto-assets. They are subject to the most demanding requirements in MiCA because of their potential systemic relevance.

Electronic money tokens (EMTs). These reference a single fiat currency and function similarly to e-money. EMT issuers must hold reserves equal to the outstanding token value and are subject to rules that closely mirror existing e-money regulation.

MiCA explicitly excludes certain categories. Securities tokens that qualify as financial instruments under MiFID II, central bank digital currencies, and tokens issued as part of a limited network (loyalty schemes, for example) fall outside its scope. NFTs are generally excluded unless they exhibit characteristics of fungibility that bring them back within the definition.

Who MiCA applies to

The regulation draws a distinction between two types of regulated entity: issuers and service providers.

Issuers

Any entity issuing crypto-assets to the public in the EU, or seeking admission of those assets to a trading platform, is subject to MiCA’s issuer requirements. The obligations vary by asset type.

For general crypto-assets, the primary obligation is the publication of a white paper: a standardised disclosure document covering the issuer’s identity, the asset’s technical and economic characteristics, the rights attached to it, and the risks involved. The white paper must be submitted to the relevant national competent authority before publication. The issuer is not required to obtain prior approval for most general crypto-assets, but the white paper is a public document and the issuer bears legal liability for its contents.

For ARTs and EMTs, the requirements are substantially more onerous. Issuers must obtain prior authorisation from their home member state regulator. They are subject to ongoing capital requirements, reserve asset rules, governance standards, and redemption rights for token holders. Significant ARTs and EMTs, determined by the number of holders and the transaction volume they generate, are placed under direct European Banking Authority supervision rather than national oversight.

Crypto-asset service providers

MiCA defines a crypto-asset service provider (CASP) as any entity providing one or more regulated services as a business. The regulated services include:

  • Custody and administration of crypto-assets on behalf of clients
  • Operation of a trading platform for crypto-assets
  • Exchange of crypto-assets for fiat currency or for other crypto-assets
  • Execution of orders on behalf of clients
  • Placing of crypto-assets
  • Reception and transmission of orders
  • Providing advice on crypto-assets
  • Portfolio management in crypto-assets
  • Providing transfer services for crypto-assets

CASPs must be authorised by the national competent authority of their home member state. Authorisation in one member state grants the right to provide services across the EU under the passporting mechanism, which is one of MiCA’s most commercially significant features for firms building European operations.

Authorised entities under existing EU financial regulation, including credit institutions and investment firms, can provide certain CASP services under a notification procedure rather than a full authorisation process.

Key obligations for CASPs

Authorisation is the entry point, not the full picture. Once authorised, CASPs are subject to ongoing requirements across several dimensions.

Capital requirements. CASPs must hold own funds of at least 50,000 euros for the least complex services, rising to 150,000 euros for operators of trading platforms. These are minimum floors; regulators may impose higher requirements based on the firm’s risk profile and scale.

Custody. CASPs providing custody must segregate client assets from their own, maintain detailed records, and have policies in place for the return of client assets in the event of insolvency. The regulation addresses one of the most consequential failure modes seen in unregulated crypto markets.

Conflicts of interest. Firms providing multiple services, such as operating a trading platform while also managing client portfolios, face explicit requirements to identify, disclose, and manage conflicts. Proprietary trading by CASPs on their own platforms is restricted.

Market integrity. MiCA introduces provisions against insider dealing, market manipulation, and unlawful disclosure of inside information, extending the logic of MAR (the Market Abuse Regulation) into crypto markets.

Disclosure and marketing. Marketing communications must be clearly identified as such, must be fair and not misleading, and must be consistent with the published white paper. There are specific requirements around the targeting of retail clients and the prominence of risk warnings.

Complaints handling and dispute resolution. CASPs must maintain accessible complaints procedures and cooperate with alternative dispute resolution schemes.

The passporting mechanism

One of MiCA’s most consequential provisions for firms planning EU operations is the single passport. A CASP authorised in any EU member state can provide its services in all other member states by notifying its home regulator and following a defined process. It does not need separate authorisation in each country where it operates.

This creates a real incentive for regulatory arbitrage: firms may seek authorisation in member states perceived to have more efficient or favourable supervisory environments. Regulators and the European Securities and Markets Authority (ESMA) are aware of this dynamic, and supervisory convergence guidance has been issued to reduce material differences in how member states apply the authorisation criteria.

For non-EU firms serving EU customers, MiCA takes a strict approach. Reverse solicitation, where EU clients independently and on their own initiative approach a non-EU firm, is the primary available exemption. ESMA has issued guidance indicating that this exemption is narrow and that proactive marketing to EU clients by unauthorised non-EU firms falls within MiCA’s scope regardless of where the firm is established.

Deadlines and transitional provisions

MiCA became fully applicable in December 2024, but transitional provisions allow existing service providers operating legally under national regimes to continue doing so for a limited period while seeking MiCA authorisation. The length of the transitional period varies by member state, with a maximum of 18 months from the date of full application. For most member states, transitional provisions expire by mid-2026.

Firms that have not obtained CASP authorisation by the end of the applicable transitional period cannot continue to offer regulated services in the EU.

The timeline for ARTs and EMTs has different characteristics. The ART and EMT provisions became applicable in June 2024, six months ahead of the CASP provisions. Issuers who were already operating significant stablecoin products faced an earlier compliance deadline.

What to watch in 2026

MiCA is not a fixed point. ESMA and EBA have been active in publishing regulatory technical standards, guidelines, and Q and A documents that flesh out the detail of the regulation’s application. Several areas of interpretive uncertainty remain live.

The treatment of DeFi protocols and decentralised governance structures is one. MiCA’s authorisation framework is built around identifiable legal entities, and protocols without a clear operator face genuine ambiguity about whether and how the regulation applies to them.

The AI Act’s intersection with MiCA is another developing area, particularly for firms using AI systems in credit scoring, customer onboarding, or trading functions within crypto-asset services. Both regulations are in scope for financial services firms operating at that intersection.

Enforcement is also developing. National competent authorities are at different stages of readiness to handle CASP authorisation applications and ongoing supervision. The gap between the regulation’s requirements on paper and supervisory practice in any given member state is a practical reality for firms navigating the authorisation process.

For ongoing updates on MiCA and other EU financial regulation, the EU financial regulation overview is the reference hub. The case for a systematic approach to tracking regulatory developments, rather than reacting to them once they are urgent, is the subject of a forthcoming article on regulatory horizon scanning.

Forseti, Citium’s EU regulatory intelligence platform, is in development and will monitor MiCA and the broader EU financial regulatory landscape continuously. If you want to be kept informed ahead of launch, get in touch.

Stay in the know!

Subscribe for news updates.

Next up

EU financial regulation in 2026: what it covers, who it affects, and why horizon scanning matters

EU financial regulation has never moved faster. MiCA, DORA, PSD3, EMIR REFIT, AIFMD II, and the AI Act are reshaping the compliance landscape simultaneously. This article maps the regulatory terrain, identifies who is affected, and explains why tracking what is coming matters as much as managing what is already in force.