back to all posts

MiCA Guide

by Yannis Heyken

Please note that this does not constitute legal advice, and as the devil always lies in the details, we strongly recommend to consult with a lawyer who specializes in crypto regulation.


Alternatively, this guide in slide format

In 2018, the European Commission published its Fintech Action Plan, which aimed to promote a “more competitive and innovative European financial sector”. However, since most regulations were inapplicable to crypto assets, the EU initiated a plan to create a comprehensive legal framework for crypto assets called “MiCA” (Market in Crypto-Assets Regulation).

The legal text, which consists of 250 pages, represents the first overarching crypto regulation for all EU member states. So far, EU member states operated under diverse crypto asset regulations, or in some cases, no regulation at all.

A key driver for this regulation was Facebook’s announcement to launch its stablecoin Diem (previously known as Libra). With MiCA, the EU aims to protect its control over the financial system and mitigate any potential destabilizing influence a stablecoin might have on the Euro.

The regulation is a chance for the EU to become a space of legal certainty for crypto companies as well as crypto users with high standards compared to the regulation of other financial assets including a clear rule set against insider trading and market manipulation.

The intention of this guide is to provide you with a practical overview of MiCA, helping you to understand whether and to what extent it might affect you, and outlining potential next steps.

Therefore, this guide will cover the following areas;

  • MiCA Scope
    Who and what falls under the regulatory umbrella of MiCA?
  • MiCA Requirements
    What are the MiCA requirements that token issuers or CASPs need to comply with?
  • MiCA Timeline
    When does MiCA come into force and how does the application process look like?
  • MiCA Preparation
    What is the best way to prepare for the MiCA regulation.

MiCA Scope

Who and What Falls Under the Regulatory Umbrella of MiCA?

The most important question now is to understand who and what is regulated under MiCA. When reading the legal text of MiCA one of the first answers can be found in the following paragraph:

This Regulation applies to natural, legal persons and other undertakings and the activities and services performed, provided or controlled, directly or indirectly, by them, including when part of such activity or services is performed in a decentralized way. Where crypto-asset services as defined in this Regulation are provided in a fully decentralised manner without any intermediary they do not fall within the scope of this Regulation.

Let’s give it a bit more context and dive into what MiCA does cover and what not.

Who or what falls within the scope of MiCA?

MiCA is targeted towards all crypto companies, projects or protocols based in the EU or serving EU based clients.

It focuses on two main groups: the token issuers / offerors and the crypto asset service providers (CASPs):

  • Token issuers / offerors
    • All entities that issue or list tokens that fall under MiCA (e.g. token launches of protocols, token listings by exchanges, token issuance by stablecoin providers).
    • Token issuers / offerors need to submit and publish a whitepaper prior to the token launch or listing with significantly higher requirements for stablecoin issuers.
  • Crypto asset service providers
    • All entities that generally offer crypto asset services, such as custody, sale of crypto assets against fiat, exchange of crypto assets against crypto assets, asset management of crypto assets, etc.
      • A simplified rule of thumb could also be: All entities that have access or control over digital assets on behalf of third parties (e.g. custodians, brokers, exchanges, protocols with access or control over users funds).
    • CASPs need to obtain a license to continue operating, which comes with various requirements.

What does fall out of scope of MiCA?

There are still many areas that are not covered by the current version of MiCA:

  • NFTs
    • As it stands, NFTs that offer unique utility to their owners fall out of scope of the existing MiCA framework. However, MiCA argues that issuers / offerors of large NFT collections where each token provides the same utility to its owners, do fall under the “token issuer / offeror” category.
  • Financial instruments / securities
    • MiCA does not cover regulation for financial instruments or securities as these areas fall within the scope of MiFID. It will be interesting to see which tokens would be classified as financial instruments by the MiFID. There is a reasonable assumption that any yield baring token could be identified as financial instruments. However, first perspectives suggest that the classification will largely depend on the mechanism of yield distribution.
      • Some legal experts argue that if yield distribution is entirely automated via smart contracts, without any single party controlling the amount or timing, such tokens may not be categorized as financial instruments.
      • Additionally, there is a debate regarding the involvement of the token holder. In case, yield is distributed directly into the token holder’s wallet, without any action required from the token holder, such distributions could be perceived as dividends, potentially classifying the token as a financial instrument. But if the yield is only received through an action from the token holder - such as staking or locking of tokens - it might be closer to rewards / loyalty points, especially if paid in native tokens, and may then not be qualified as a financial instrument.
  • Fully decentralized protocols
    • MiCA clearly states that fully decentralized protocols fall out of scope of MiCA. However, the criteria determining full decentralization remain ambiguous. Inherently, every project gets initiated under the direction of a few people. Over time, it evolves towards full decentralization. A concern of many is that if a centralized protocol will be regulated by MiCA, the associated requirements could make it exceedingly challenging for them to transition towards decentralization. It is this critical, particularly for DAOs and DeFi protocols, to find a good argumentation justifying the decentralized nature of the project and establish safeguards ensuring the project has neither access nor control over user funds.
  • Software firms
    • While it might seem obvious, it is still worth mentioning that software companies operating in the crypto space, which neither issue their own tokens nor have access or control over user funds, fall out of scope for MiCA.

MiCA Requirements

What are the MiCA requirements that token issuers or CASPs need to comply with?

The exact requirements for token issuers / offerors and CASPs are still to be published by the EU, but the current draft of MiCA already gives a good overview of what can be expected.

Token issuers / offerors

  • Token issuers are required to publish a whitepaper to offer their tokens to the public, which serves as a prospectus for the crypto assets and has the purpose to inform potential token holders about the characteristics of the issued crypto asset. The issuer of the whitepaper is fully liable for the information provided.
  • The EU is yet to publish the standardized structure for these whitepapers, but key components that need to be covered include a detailed description of the crypto asset (purpose, functionality, rights), information about the issuer (legal form, address, registration number), disclosure of risks (market, operational, legal), financial information (financial statements, forecast), use of funds, tokenomics, roadmap, team, disclosure of conflict of interest, environmental impact and many more.
  • Utility token issuers will be required to submit a whitepaper to the national financial authority, along with a legal opinion confirming that the token does not qualify as a financial instrument / security. Until the ESMA has published the whitepaper, the issuer is prohibited from any marketing for the token launch, although market sounding will be allowed during that period.
  • Stablecoin issuers (e-money tokens or asset-referenced tokens) will require approval from the national financial authority or even the ESMA, based on whether they are classified as “significant”. The issuance of stablecoins comes with significantly higher compliance requirements (e.g. issuance limits, capital requirements, redemption at any time, etc.).
  • Interestingly, under MiCA token issuers need to grant token purchasers the option to step back from the purchase agreement in the first 14 days. This would imply that token issuer must keep (at least a portion of) the funds from the public offering locked for this duration.
  • Token offerors, like exchanges listing a token, are also required to provide their users with whitepapers of all tokens they offer. If no whitepaper has been published for a token, then the exchange must either delist the token or create a whitepaper itself.

Crypto asset service providers

  • CASPs need to obtain a license from the national authority to offer their services.
  • Companies that are already licensed under current national regulation will be able to passport the existing license to MiCA license in a simplified process.
  • Some key obligations for CASPs to obtain a license include registered office and a director based in the EU, professional risk management & control systems, KYC of users (including AML and CTF measures), disclosure of inside information, prohibition of insider trading, capital requirements, separation of own funds from clients funds, mandatory insurance, periodic reporting and audits and many more.

MiCA Timeline

When does MiCA come into force and how does the application process look like?

The current version of MiCA has had a long journey with years of negotiation and revisions.

Nevertheless, MiCA has successfully passed the vote in both the EU Parliament and the Council of the EU. As a result, MiCA regulation will enter into force in June 2023 with a gradual application of its provisions.

  1. Stablecoin issuers
    → transitional period of 12 month (until June 2024).
  2. CASPs and issuers / offerors of other crypto assets
    → transitional period of 18 month (until December 2024).
  3. Already licensed companies under current regulation
    → have an additional 18 to month to passport the license to a MiCA license (until June 2026).

The application processes will take some time, so plan ahead:

  • Whitepaper
    • The whitepaper must be submitted to the national authority, which subsequently forwards it to the ESMA. The ESMA then proceeds to publish the whitepaper in their register.
    • The entire process can take 25 business days, so be sure to take that into account when you plan your token launch.
  • CASP license
    • To obtain the CASP license, you are required to complete an application form and submit it to the national authority. They will confirm the receipt of the documents and verify them for completeness. If the documents are complete, the national authority will assess your eligibility for the license and subsequently inform you about their decision.
    • The entire procedure, assuming full completeness of the documents, can span 75 business days. Considering the time for preparation and iterations, it is advisable to anticipate a timeline of >8 months from initiation to conclusion of the application process.
  • Passporting a current license to a MiCA CASP license
    • There is a fast track for companies already licensed under current regulation.
    • The process is expected to take 20-40 business days.

MiCA Preparation

What is the best way to prepare for the MiCA regulation?

The initial step for crypto projects is to determine to which extent they are affected by MiCA. The decision tree outlined above might help you to decide which category you might fall into.

If you are based in Europe or actively serving European clients, you should assess whether you are issuing or listing tokens, or if you perform crypto asset services / control assets on the behalf of third parties. If you are issuing or listing stablecoins or utility tokens, taking action becomes necessary (minimum submitting a whitepaper). If you perform crypto asset services / have control over third-party crypto assets, obtaining a license is mandatory unless you plan to become fully decentralized within the next 18 months.

If your operations solely involve providing software or if you are fully decentralized or plan to achieve complete decentralization within the upcoming 18 months, you fall outside the purview of MiCA. However, you will need a robust argumentation detailing why the protocol is fully decentralized.

Consulting a lawyer will be crucial for you to assess the right pathway and to develop the best strategy to prepare for potential MiCA application process. As the devil is often in the details, only a legal professional with expertise on crypto and regulation can provide the necessary guidance.