How-to guide: Understanding the scope of the Markets in Crypto-Assets Regulation (MiCA) (EU)

Introduction

This guide provides a summary of the scope of application of the Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114)(MiCA)) which provides for the establishment of a single rulebook for the regulation of issuing/offering to the public and the admission to trading of crypto-assets, and to the provision of crypto-asset services across the European Union (EU).

This guide covers:

Why was harmonised regulation needed?
Crypto-assets in scope
Public offering and issuance of crypto-assets
Crypto-asset services
Penalties for non-compliance

This guide can be used in conjunction with Panoramic: Cryptoassets and Blockchain.

Section 1 - Why was harmonised regulation needed?

1.1 Background and objectives

Prior to the introduction of MiCA, the crypto industry in the EU was largely unregulated. The absence of regulation posed consumer protection risks and substantial risks to market integrity, including in terms of market abuse and financial crime.

MiCA establishes the first pan-European harmonised regulatory and supervisory framework for issuers and offerors of crypto-assets as well as crypto-asset service providers (CASPs) (eg, wallet providers and crypto-exchanges).

MiCA has several strategic aims. It focuses on enhancing consumer and investor protection by ensuring that customers are well-informed about the risks, costs and charges associated with investing in crypto-assets. Additionally, MiCA aims to promote innovation and fair competition while maintaining market integrity and financial stability by regulating public offers of crypto-assets. It also includes measures to prevent market abuse (such as monitoring for insider dealing/manipulation, use of standardised templates for suspicious activity reporting and staff training to identify market abuse), money laundering, terrorist financing and other criminal activities related to crypto-assets (see section 4.2).

MiCA forms part of the European Commission's wider Digital Finance Package adopted on 24 September 2020 to address the opportunities and risks of digital financial services. The package included a digital finance and retail payments strategy together with other initiatives such as the regulation on a pilot regime for market infrastructures based on distributed ledger technology (DLT) which started applying in March 2023 and the regulation on digital operational resilience for the financial sector (DORA) applicable as of 17 January 2025.

1.2 Timeline

MiCA was published in the Official Journal of the EU on 9 June 2023 and entered into force on 29 June 2023. MiCA has been implemented in two main phases with provisions for issuers of asset-referenced tokens (ARTs) and e-money tokens (EMTs) starting to apply from 30 June 2024. The remaining provisions for CASPs have been in force from 30 December 2024 (subject to transitional measures see 1.3 below).

As a European regulation, MiCA applies directly in all EU member states without any national implementing legislation however member states need to ensure that their existing laws are consistent with MiCA requirements.

On 17 October 2023, European Securities and Markets Authority (ESMA) published a letter and a statement outlining its proposed approach and clarifying the timeline for preparing level 2 (RTS/ITS) and level 3 (guidelines). These will provide detailed guidance on how the new rules will apply to issuers, offerors and service providers.

For more information on the latest developments, refer to the ESMA website which sets out details of the three consultation packages as well as a timeline on the implementation and transitional phases of MiCA.

ESMA has also published Q&A relating to MiCA's application. Regular monitoring of European Banking Authority (EBA), ESMA and European Commission websites for updates is recommended.

1.3 Transitional measures

Member states have the option of implementing transitional measures allowing entities or undertakings already providing crypto-asset services under applicable national law in their jurisdictions more time to comply. This extension can be up to 18 months after the full application of MiCA in December 2024, extending to as late as 1 July 2026, or until a decision is made on their MiCA CASP authorisation application under the grandfathering clause in article 143(3) MiCA. This means that holders of crypto-assets and clients of crypto-asset service providers may not benefit from the full rights and protections afforded to them under MiCA until as late as 1 July 2026. Further, entities providing crypto-asset services who are active in more than one Member State under local applicable laws must continue complying with all applicable local laws until the end of the transitional period.

In an additional letter, ESMA encouraged Member States to consider reducing the transitional period from eighteen to twelve months, especially for entities that have not undergone a comprehensive authorisation process and are not yet subject to effective supervision in the EU.

Under article 143(6), MiCA member states may apply a simplified authorisation procedure for a limited period of 18 months (from 30 December 2024) but only for entities that were authorised and operating under national law as of 30 December 2024, to provide crypto-asset services before that date. The aim is to streamline the transition to MiCA. For clarification regarding the approach particularly with regards to registered entities under national AML/CFT frameworks who do not benefit from the simplified procedure - see the answer provided by the European Commission.

1.4 Who is in scope?

MiCA applies to any natural or legal persons and certain other undertakings engaging in:

the issuance and offer to the public and admission to trading of crypto- assets; and/or
to the provision of certain services performed with respect to crypto-assets in the EU.

Non-EU crypto-asset firms aiming to engage with EU customers or operate within the EU must comply with the MiCA requirements. It is advisable for these firms to conduct a regulatory audit to ensure compliance. Additionally, these firms are not permitted to solicit EU clients without proper authorisation.

MiCA provides for a limited ‘reverse solicitation’ exclusion where a non-EU firm may provide crypto-asset services or activities to EU clients provided the service/activity is requested at the exclusive initiative of the client (article 61). This means the client approaches the firm without any prior solicitation or marketing from the firm.

In the final Report on the guidelines on reverse solicitation under the Markets in Crypto Assets Regulation (MiCA) published on 18 December 2024 ESMA confirmed that ‘solicitation’ should be construed broadly. It includes banner advertisements, sponsorship deals and solicitation by any kind of affiliates such as influencers or celebrities. This broad interpretation reflects the fact that crypto-assets and crypto-asset services are frequently offered online. A similarly broad interpretation should be given to the person soliciting and ESMA clarifies this may be the third-country firm or any entity or person acting on its behalf.

Under the guidelines ESMA gives the regulators powers to monitor and restrict the use of reverse solicitation and sets out examples of supervisory practices for EU member state regulators. These include monitoring marketing activities targeting EU-based clients, consumer surveys, cooperating with other authorities (eg, police) and reacting to clients’ complaints or whistleblowing to protect EU investors.

ESMA noted the reverse solicitation exemption should be understood as very narrowly framed and must be regarded as an exception. Firms cannot use it to bypass MiCA and the misuse of the exemption is likely to attract regulatory scrutiny. Firms should therefore carefully review their marketing strategies and relationships with third parties like affiliates and influencers to ensure compliance with MiCA and not to expose themselves to regulatory sanction or reputational harm. Firms are advised to maintain clear records of all communications and logs to evidence that the client initiated the contact without any prior advertising or marketing, no communications were targeted to EU clients and that any services provided remain strictly limited to what the client had originally requested ie, the firm has not followed up with cross-selling or promotional opportunities.

Section 2 - Which crypto-assets are in scope?

The EU lawmakers decided to provide a broad definition of a crypto-asset (see article 3(1)(5) MiCA), defining it as a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology:

‘a digital representation of a value or of rights that uses cryptography for security and is in the form of a coin or a token or any other digital medium which may be transferred and stored electronically, using distributed ledger technology or similar technology.’

Distributed ledger technology is a type of technology that records and shares encrypted data across a network of multiple users in different locations, and the term is defined in MiCA as ‘an information repository that keeps records of transactions and that is shared across, and synchronised between, a set of DLT network nodes using a consensus mechanism’. See article 3(1)(2) MiCA.

2.1 Three groups of crypto-assets

MiCA applies to three distinct categories of crypto-assets that are not already regulated under financial services laws in the EU. The type of the crypto-asset being offered and the size of the offering will determine which rules apply:

Asset referenced tokens (ARTs) (article 3(6) MiCA) - a token which is not an E-Money token (EMT), and which aims to maintain a stable value by being pegged to several types of assets including one or more official currencies, commodities (eg, oil or gold), other crypto-assets or a combination of all of these. Given the broader range of assets on which they can be pegged, ARTs are considered higher risk.
E-Money tokens (EMTs) (article 3(7) MiCA) - crypto-assets that aim to stabilise their value by referencing only one official currency (eg, the Euro). These could be used as electronic coins or notes (ie, electronic money) and are likely to be used for making payments.
All other crypto-assets - a catch-all covering all other categories that are valued by referencing an asset or asset such as utility tokens which are not ARTs or EMTs. These are subject to a lighter-touch regulatory regime.

See EBA Statement on the application of MiCA to ARTs and EMTs (July 2024) EBA Statement on the supervisory priorities for issuers of ARTs and EMTs 2024/2025 (July 2024) and European Supervisory Authorities (ESAs) guidelines on classification of crypto-assets (July 2025). These provide clarity and guidance on the application of MiCA to specific tokens, the licensing and regulatory framework and supervisory priorities and expectations.

2.2 Significant tokens

MiCA further introduces a designation of some ARTs and/or EMTs as ‘significant’. The categorisation of ARTs and EMTs as significant will be performed by the EBA. The concept of ‘significance’ is classified if certain criteria are met, such as the number of token holders, the value of the issued token, the volume and frequency of transactions as well as systemic risk impact on financial stability. In the interests of consumer protection, the regulatory requirements imposed on significant issuers of ARTs and EMTs are more stringent and the EBA takes over the supervisory role. On 30 May 2024, certain Delegated Regulations were published for issuers of significant ARTs and EMTs including:

2.3 Outside scope

Article 2 of MiCA defines the scope of MiCA (see paragraph 4 for list of excluded crypto-assets and ESMA flowchart which provides useful guidance).

MiCA does not apply to the following:

crypto-assets that qualify as financial instruments for the purposes of MiFID II (as defined under article 4(1)(15) of Directive 2014/65/EU) as these are already regulated under the existing regulatory framework. Where a token is classified as a financial instrument eg, derivatives it will remain subject to the existing EU financial services regime – this requires case-by-case analysis considering the different token features as there is no clear legal distinction between crypto-assets within scope of MiCA and those not in scope. Legal and regulatory expertise may be required to assist when making the determination. (ESMA has issued further guidance on conditions and criteria to be applied*);
deposits (including structured deposits);
funds, except if they qualify as e-money tokens;
securitisation positions;
non-life or life insurance products;
pension products/pension schemes/PEPPs;
social security schemes;
crypto-assets that are unique and not fungible with other crypto-assets are generally excluded, including digital art and collectibles. This should be analysed on a case-by- case basis; and
certain intra-group transactions and some public entities (eg, the European Central Bank and national central banks, the European Investment Bank, the European Financial Stabilisation Mechanism, the European Stability Mechanism and public international organisations such as the International Monetary Fund and Bank for International Settlements).

*Further guidance on the conditions and criteria for the qualification of crypto-assets as financial instruments was published by ESMA on 19 March 2025.

Determining whether MiCA applies to decentralised finance applications (DeFI) is nuanced. Crypto-asset services provided in a fully decentralised manner without any intermediary are generally understood as not in scope however this should be considered on a case-by-case basis. Consideration of the feasibility and necessity of regulating DeFI is currently underway following the publication of a joint report by the ESAs (in particular EBA and ESMA) which covers developments in the crypto-asset markets including the development of the DeFI market as well as regulatory approaches in lending, borrowing and staking of crypto-assets. The European Commission will incorporate this feedback into their report to the European Parliament and Council in accordance with articles 142(1) and (2), MiCA. It would be prudent to keep tracking these developments to consider whether the exemption continues to apply or whether the MiCA provisions apply.

Section 3 - Public offering and issuance of crypto-assets

3.1 Issuers and offerors of crypto-assets

Under MiCA, a legal person who offers any type of crypto-assets to the public or seeks their admission to a trading platform must comply with specific regulations.

MiCA establishes a legal and regulatory framework (including prudential requirements to ensure sufficient liquidity and to meet redemption requests. It also sets out conduct and governance rules for marketing communications, obligations to act honestly, fairly and professionally and to address conflicts of interest).

MiCA provides a framework for licensing and supervision. One key requirement is the publication of a crypto-asset white paper, which serves as an investor information document for the relevant crypto-assets being offered to the public or listed on exchanges. This white paper must be submitted to the national regulatory authority, similar to the prospectus requirement under the EU Prospectus Regulation regime.

The applicable framework will depend on the type of crypto-asset being offered.

3.2 Summary of obligations*

Obligations	ART issuers (Title III, articles 16-47)	EMT issuers (Title IV, articles 48-58)	Other crypto-asset issuers (Title II, articles 4-15)
Authorisation	Offering of ARTs to the public and admission to trading on a trading platform for crypto-assets generally requires authorisation (article 16 MiCA). Only EU credit institutions and EU-based entities authorised under MiCA may publicly offer or seek admission to trading of ARTS in the EU subject to exemptions. Exemptions apply if the average outstanding value of issued ARTs does not exceed 5 million Euros over a 12-month period, and/or if the offer is addressed solely to qualified investors and the ARTs are only held by such qualified investors (article 16 (2) MiCA). Fit and proper requirements apply (article 21, MiCA). Simplified requirements apply to credit institutions (within the meaning of point 28 article 3(1) MiCA) but duty to notify appropriate authorities 90 working days before initial ART issuance (see article 17, MiCA).	Must be authorised as a credit institution or e-money institution under the Second E-Money Directive (EMD2) (article 48 MiCA). Offers of EMTs are subject to certain exemptions in line with EMD2.	The regulation does not provide for an authorisation requirement for the issuance of other crypto-assets.
White paper	ART white papers are subject to prior administrative approvals from the relevant supervisory authority as part of the application for authorisation. If authorisation is granted the white paper is deemed approved (article 21(1) MiCA). *White papers are information documents containing general details on the issuer, offeror or the person seeking admission to trading. It sets details on the project with capital raised, rights and obligations attached to the crypto-assets and related risks. The submission should include an explanation of the token and a list of EU countries where the offer or admission to trading is intended. Content and form requirements apply (including climate requirements) and depend on the type of crypto-asset. (article 19 MiCA – see also chapter 2, article 27 et seq.) Marketing communications must be clearly identifiable as such, fair clear and not misleading, consistent with the white paper, published on the issuer’s website, contain a clear statement that holders have a right to redemption against the issuer at any time. No explicit requirement to notify but implied as part of white paper approval. Notification may be requested (article 29 MiCA). Liability requirements apply for the information provided in the white paper (article 26 MiCA). Additional requirements apply if ARTs are classified as significant (Chapter 5, article 43 et seq.).	No prior approval of the white paper* is required but it has to be notified to the relevant supervisory authority. Content and form requirements apply (including climate requirements) and depend on the type of crypto-asset. (articles 51 & 53 MiCA) Marketing communications must be clearly identifiable as such, fair, clear and not misleading, consistent with the white paper, published on the issuer’s website, contain a clear statement that holders have a right to redemption against the issuer at any time and at par value. No explicit requirement to notify marketing communications unless requested (article 53 MiCA). Liability requirements apply for the information provided in the white paper (article 52 MiCA). Additional requirements apply if EMTs are classified as significant (Chapter 2, article 56 et seq.).	No prior approval of the white paper* is required but it has to be notified to the relevant supervisory authority. Content and form requirements apply (including climate requirements) and depend on the type of crypto-asset (article 6 MiCA). Marketing communications must be clearly identifiable as such, fair, clear and not misleading, consistent with the white paper, published on the offeror or issuer’s trading platform website. Specific disclaimer language is required. No explicit requirement to notify marketing communications unless requested (article 7 MiCA). Liability requirements apply for the information provided in the white paper (article 15 MiCA). Preparation of white paper or publication of marketing communications not required where offer to fewer than 150 natural or legal persons per member state; the total consideration does not exceed 1 million Euros over the last 12 months; offers made to qualified investors (article 4(2) MiCA). This exemption does not however apply if the communications related to the offer mention an intention to seek admission to trading of crypto-assets (see article 4(3) MiCA). See article 3 where Title II does not apply eg, where crypto-assets offered for free, where automatically created in context of consensus mechanism, utility tokens that provide access to an existing good or service or crypto-assets used within a limited merchant network.
Ongoing obligations and requirements	Conduct and governance requirements around marketing communications, complaints handling, disclosures, dealing with conflicts of interest, governance arrangements, and prudential requirements. Issuers must: maintain a minimum level of own funds; develop recovery and redemption plans and notify these plans to the appropriate authority; hold a reserve in the amount of their commitments arising from the issuance of tokens; establish and implement procedures for custody of reserve assets and comply with investment guidelines; comply with issuance reporting and restrictions (Recital 61 MiCA and articles 22 and 23 MiCA); and prohibition of payment of interest or any other benefit in relation to ARTs held (article 40).	Conduct and governance requirements around marketing communications, complaints handling, disclosures, dealing with conflicts of interest, governance arrangements, and prudential requirements. Issuers must: issue tokens at par value and on receipt of funds, with holders having a direct claim for redemption at any time and at par value (article 49 MiCA); comply with safeguarding requirements and rules regarding the investment of funds received in exchange for EMTs apply (article 54); not grant EMT holders interest or any other benefit in relation to EMTs held (article 50 MiCA); and create a recovery plan and maintain a redemption plan and notify these plans to the appropriate authority (article 55, MiCA).	Governance and conduct of business requirements – acting and communicating honestly, fairly and professionally in best interests of holders, to manage conflicts of interest and maintain systems and security access protocols (article 14 MiCA) Note retail holders will have right to withdraw ‘cooling off period’ of 14 days without incurring cost without giving any reasons (article 13)
* The summary provides examples of requirements however the list is not exhaustive and readers are advised to refer to both the MiCA regulation and the ESMA Overview of level 2 and level 3 measures.

Section 4 - Crypto-asset services

4.1 Crypto-asset services in scope

MiCA provides a list of services and activities related to crypto-assets that will become regulated services. This list closely follows the investment services and activities outlined in MiFID II. MiCA sets out specific terms and obligations for providing crypto-asset services. See points 16(a) to (j) and points 17 to 26 of Article 3(1) of MiCA).

Firms will need to review the detailed requirements in MiCA having regard to the type of service they provide to determine whether the MiCA provisions are triggered.

The following crypto-asset services are within scope:

Custody and administration of crypto-assets on behalf of clients – safekeeping or controlling the crypto-assets (or the means of access to them); for example, storage of the private keys that are required to access and transfer the crypto-assets to clients.
Operation of a trading platform for crypto-assets – managing a multilateral system which brings together (or facilitates the bringing together) of multiple third-parties purchasing and selling interests in crypto-assets.
Exchange of crypto-assets for funds or other crypto-assets – the conclusion of purchase or sale contracts concerning crypto-assets against funds or other crypto-assets by using proprietary capital. Firms generally engage in this activity to service clients as opposed to transacting for their own purposes.
Execution of orders for crypto-assets on behalf of clients – often undertaken by broker-dealers to conclude agreements to buy or sell or subscribe crypto-assets on behalf of clients.
Placing of crypto-assets – means the marketing of crypto-assets for purchase, on behalf of or for the account of the offeror or of a party related to the offeror.
Reception and transmission of orders for crypto-assets on behalf of clients – the reception of an order to purchase or sell one or more crypto-assets or to subscribe for one or more crypto-assets and the transmission of that order to a third party for execution.
Providing advice on crypto-assets – providing personalised recommendations (eg, having regard to individualised circumstances, risk appetite and investment objectives) to a client for transactions relating to crypto-assets, or the use of crypto-asset services.
Providing portfolio management of crypto-assets – managing portfolios in accordance with mandates given by clients on a discretionary basis where such portfolios include crypto-assets. In this form of investing, a client’s buying and selling decisions are generally made by the portfolio manager who has the discretion to make changes to the portfolio if deemed appropriate.
Providing transfer services for crypto-assets on behalf of clients – transferring, on behalf of a client, crypto-assets from one distributed ledger address or account to another.

4.2 Requirements for crypto-asset service providers (CASPs)

MiCA defines CASPs as ‘legal persons or other undertakings whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with MiCA’. As above at section 3.2, the summary below provides examples of requirements and is non-exhaustive. It should be read alongside the ESMA overview of level 2 and 3 measures and applicable MiCA provisions.

Registered office

CASPs should be a legal person who has a registered office in an EU member state and have their ‘place of effective of management’ in the EU with at least one of the directors resident there (article 59, MiCA).

Authorisation

The licensing application for authorisation as a CASP is made to the competent authority of the applicant’s home country (article 63, MiCA). For details on the information required in an application, refer to the RTS specifying the information to be included in an application for authorisation as a CASP as supplemented by the ITS on the forms, templates and procedures for submitting applications. See also ESMA Supervisory Briefing on CASP Authorisation and ESMA final guidelines on the assessment of knowledge and competence under MiCA.

Once authorised in one EU member state, CASPs can operate across all EU member states through a process known as ‘passporting’. This means they do not need separate authorisation to operate cross-border within the EU. However, they must file a passport notification with their home authority, detailing the list of crypto-asset services and the member states where they intend to operate.

Under article 60(1) to (6) MiCA, certain institutions already authorised under existing financial services legislation, such as credit institutions, investment firms and e-money institutions, may provide specific crypto-asset services without needing separate authorisation. This is subject to compliance with the notification requirements – see also article 60(7), MiCA.

Senior management and governance

Senior management must ensure that risk management policies and internal control mechanisms (including business continuity policies and procedures) are in place to ensure compliance with regulatory standards. See article 68 MiCA and RTS on continuity and regularity in the performance of crypto-asset services.

Senior managers of CASPs must be of sufficient repute and possess the requisite skills and knowledge to perform their duties effectively. See Joint ESMA/EBA Guidelines on suitability of management body members.

Safeguards

CASPs are subject to specific prudential safeguards to ensure the stability and security of their operations. These safeguards include minimum capital requirements, which vary depending on the type of crypto-asset services provided. See article 67, MiCA.

Conflicts of interest and complaint handling

CASPs must implement effective policies and procedures to manage and disclose conflicts of interest. In addition, they are required to establish effective mechanisms for handling complaints, ensuring that client concerns are addressed promptly and fairly. See articles 71-72 MiCA, RTS specifying requirements on conflicts of interest and RTS specifying requirements on complaint handling.

Conduct of business rules and disclosures

Conduct of business rules such as a duty to act in the best interests of their clients and information disclosure requirements apply. Firms must provide clear, accurate and non-misleading disclosures including in marketing communications and must not imply regulatory approval where none exists. This includes being transparent about pricing policies and the associated risks of crypto-assets. CASPs are also required to publish environmental disclosures regarding their environmental and climate impact, both in white papers and on their website. See articles 59-61 MiCA and RTS specifying the content, methodologies and presentation of information on sustainability indicators.

Specific crypto-asset services

In addition to these general requirements, specific obligations apply to certain crypto-assets services, as outlined in Chapter 3, articles 75-82 MiCA.

Anti-money laundering and counter-terrorism financing

CASPs must also comply with with the EU’s anti-money laundering and counter-terrorism financing (AML/CFT rules) including know your customer and AML protocols, monitoring suspicious transactions and notably the ‘travel rule’ requiring CASPs to share identifying information with counterparties when transferring crypto-assets (which will affect all CASPs wherever located in the EU). These rules follow global standards set by the Financial Action Task Force (FATF) and are reinforced in the EU AML Regulation (formally known as Regulation (EU) 2024/1624) which will replace the Anti-Money Laundering Directive with effect from 10 July 2027. For more details, see EBA guidance to AML/CFT supervisors of CASPs.

Section 5 - Penalties for non-compliance

Under MiCA, non-compliance can lead to substantial penalties including:

Administrative fines and penalties - up to €700,000 for individuals while legal entities may face fines of at least €5 million and from 3% and up to 12.5% of total annual turnover depending on the nature and extent of the violation;
Periodic penalty payments - based on a percentage of average daily turnover or average daily income;
Withdrawal or suspension of CASP authorisation - in event of serious breaches;
Personal sanctions - for senior managers for serious or persistent failings;
Additional risk - public statements identifying the offender and the nature of the infringement, suspension or banning of crypto-asset services, public offers or admission to trading of crypto-assets. These measures risk reputational damage which can damage public trust and confidence. There are also risks of civil lawsuits against crypto-asset issuers or CASPs due to non-compliance or misconduct; and
Criminal penalties - MiCA allows Member States to introduce criminal penalties for serious breaches at a national level.

Additional resources

Text of MiCA regulation (2023/1114/EU)
Delegated and implementing acts to MiCA Regulation
Transposition status of MiCA by EU Member States
ESMA webpage
ESMA Q&A relating to MiCA
EBA approach to policy mandate
European Commission webpage on crypto-assets