MiCA: A Guide for Crypto Business in the EU
MiCA Regulation: A Complete Guide to Preparing for New Rules for Crypto Business in the EU
This article is a practical guide for executives and compliance officers operating with crypto-assets in the EU market. We will break down the key requirements of the MiCA regulation, explain how they will affect different types of businesses, and provide a step-by-step action plan to ensure compliance.
Key Takeaways for Executives: The MiCA regulation comes into full force on December 30, 2024, requiring mandatory licensing for all Crypto-Asset Service Providers (CASP). For stablecoin issuers, the rules have already been in effect since June 30, 2024. Key steps include immediately conducting a legal audit of your services and tokens, choosing a jurisdiction for obtaining a license, and beginning the preparation of documentation, including the White Paper and AML/KYC policies. Non-compliance risks fines of up to 12.5% of annual turnover and a total halt of operations in the EU.
Glossary of Key Abbreviations
- MiCA (Markets in Crypto-Assets Regulation) — Regulation (EU) 2023/1114.
- CASP (Crypto-Asset Service Provider) — Exchanges, brokers, custodians.
- ART (Asset-Referenced Token) — A token linked to assets (e.g., a basket of currencies or commodities).
- EMT (E-Money Token) — Electronic money token (a stablecoin pegged to a single fiat currency, e.g., EUR).
- NCA (National Competent Authority) — The regulator of a specific EU country (e.g., BaFin in Germany).
- ESMA (European Securities and Markets Authority).
- EBA (European Banking Authority).
- DORA (Digital Operational Resilience Act) — Regulation on digital operational resilience for the financial sector.
- AML/CFT (Anti-Money Laundering/Countering the Financing of Terrorism).
- MiFID II (Markets in Financial Instruments Directive II).
What is MiCA?
The Markets in Crypto-Assets Regulation (MiCA) is a unified EU legislative framework created to harmonize rules for the crypto industry. Its goals are investor protection, ensuring financial stability, and creating legal certainty for businesses.
The main advantage of MiCA for companies is the passporting principle. A license obtained in one EU country (e.g., from the AMF in France) allows services to be provided in all 27 member states without additional authorization, opening access to a market of 450 million consumers.
Key Dates and Transition Period
- June 30, 2024 — Start of regulation for stablecoins (ART and EMT).
- What is required: Issuers must obtain authorization, ensure full asset backing, and comply with governance rules. Operating without a license is prohibited.
- December 30, 2024 — Full entry into force of MiCA.
- What is required: All CASPs must obtain a license to operate in the EU. Issuers of other tokens (e.g., utility) must prepare a White Paper and notify the regulator.
- Until July 1, 2026 — Transition period ("Grandfathering Clause," Article 143(3) of MiCA).
- For whom: Companies that provided services before December 30, 2024, in accordance with the current national laws of their country (e.g., had VASP registration).
- What is permitted: To continue operating without a MiCA license until July 1, 2026, or until a license is granted (or refused). Companies operating without national registration must cease activities on December 30, 2024, until a MiCA license is obtained.
Roles of Regulators: ESMA, EBA, and National Authorities
| Regulator | Area of Responsibility |
|---|---|
| NCA (National Competent Authorities) | Primary regulator. Authorization and supervision of most CASPs and token issuers (except significant ones). |
| ESMA | Development of technical standards (RTS/ITS), maintenance of the CASP register, direct supervision of significant ARTs. |
| EBA | Similar to ESMA, but for significant EMTs. Development of prudential supervision standards. |
| ECB (European Central Bank) | Assessment of systemic risks associated with significant stablecoins. |
Key MiCA Requirements for Business
1. Authorization of Service Providers (CASP)
To obtain a license, a company must prove to the NCA its compliance with the requirements set out in Articles 59–84 of MiCA.
- Minimum Capital (Article 67 MiCA): It is necessary to have capital equal to the higher of two amounts:
- Fixed amount depending on the type of services:
- €150,000 for operators of trading platforms.
- €125,000 for custodial services, execution of orders, portfolio management.
- €50,000 for exchange, reception and transmission of orders, advisory.
- One quarter (25%) of fixed overheads for the preceding year.
- Fixed amount depending on the type of services:
- Robust Governance: Executives must have an impeccable reputation, sufficient knowledge, and experience.
- Internal Policies: Mandatory presence of AML/KYC procedures, conflict of interest management, client complaint handling, and data protection.
- Operational Resilience: IT systems and cybersecurity measures must comply with the requirements of the DORA regulation.
2. White Paper Requirements (for Issuers)
A MiCA White Paper is a legally binding document, similar to a securities prospectus. The issuer bears civil liability for investor losses due to incomplete or inaccurate information.
Mini-template of the White Paper structure (based on Annexes I, II, III of MiCA):
-
Information about the Issuer and the Project
- Full name, registered address, LEI code.
- Details of key executives and their experience.
- Financial statements for the last 3 years (if applicable).
-
Description of the Crypto-Asset and Tokenomics
- Rights and obligations associated with the token.
- Total number of tokens, emission protocol, distribution plan.
Tokenomics example: “The total emission is 1,000,000,000 X tokens. 20% is allocated to the team with 4-year vesting and a 1-year cliff. 30% for the ecosystem fund. 50% for public sale.”
-
Technology
- Description of the blockchain used and the consensus protocol.
- Results of an independent audit of smart contracts.
-
Risks
- Detailed and honest description of all potential risks.
Risk disclosure example: “Technological risks: Risk of smart contract hack leading to loss of funds (e.g., The DAO hack). Market risks: High volatility of the asset, lack of liquidity in secondary markets.”
- Detailed and honest description of all potential risks.
-
Statement of Responsibility
- Confirmation that the information is accurate and complete, signed by management.
3. Requirements for Stablecoin Reserves (ART and EMT)
- Composition of Reserves: Highly liquid assets with minimal risk (bank deposits, short-term government bonds).
- Segregation: Reserve assets must be held separately from the issuer's own assets by an independent custodian.
- Audit and Transparency: Issuers of ART publish a monthly report on reserves (Article 36 MiCA). Issuers of EMT conduct an independent audit of reserves quarterly.
Overlaps with Other Regulations: MiFID II, AML/CFT, and DORA
| Regulation | Connection to MiCA | Action Required |
|---|---|---|
| MiFID II | If a crypto-asset is classified as a “financial instrument” (e.g., security token), MiFID II applies instead of MiCA. | Conduct a legal analysis (Howey Test or EU equivalents) to determine token classification. Incorrect classification is a key compliance risk. |
| AML/CFT | MiCA makes all CASPs “obligated entities” under the Fifth and future Sixth EU Anti-Money Laundering Directives. | Implement full AML/KYC procedures: client identification (KYC), transaction monitoring, and reporting suspicious activities (SAR) to the national FIU. |
| DORA | DORA establishes unified digital operational resilience standards for the entire EU financial sector, including companies falling under MiCA. | Audit IT infrastructure for DORA compliance: implement an IT risk management system, an incident response plan, and a penetration testing program. |
Sanctions for Non-Compliance
While fine amounts are set at the national level, Article 111 of MiCA sets maximum thresholds:
- For Legal Entities: Fines up to €5 million or 3% of total annual turnover. For violations related to stablecoins — up to €15 million or 12.5% of turnover.
- For Individuals: Fines up to €700,000.
- Additional Measures: Public warnings, license revocation, ban on holding management positions.
Fine Calculation Examples
- Scenario 1: A CASP with an annual turnover of €100 million committed a serious violation related to ART. The maximum fine will be €12.5 million (12.5% of turnover), as this amount is higher than the fixed threshold of €15 million (the regulator chooses based on severity and turnover percentage).
- Scenario 2: A small utility token issuer with €2 million turnover provided false data in the White Paper. 3% of turnover is €60,000. However, the regulator can impose a fine of up to €5 million, based on the severity of the violation.
Implementation Roadmap: Practical Examples
For a Crypto Exchange (CASP)
| Phase | Key Actions | Timeline | Responsible Party |
|---|---|---|---|
| Phase 1: Analysis (0–2 mos.) | Conduct gap analysis for MiCA, DORA, and AML compliance. Select an EU jurisdiction for licensing. | Q4 2024 | Compliance, Legal |
| Phase 2: Preparation (2–6 mos.) | Prepare documentation package: business plan, AML/KYC policies, IT architecture description. Confirm capital. | Q1–Q2 2025 | CEO, CFO, Compliance |
| Phase 3: Implementation (6–9 mos.) | Implement DORA technical requirements. Conduct staff training. | Q2–Q3 2025 | CTO, CISO |
| Phase 4: Licensing (9+ mos.) | Submit application to NCA and maintain dialogue with the regulator. | Q3 2025 | CEO, Compliance |
For a Stablecoin Issuer (EMT/ART)
| Phase | Key Actions | Timeline | Responsible Party |
|---|---|---|---|
| Phase 1: Preparation (Immediate) | Prepare White Paper and submit for NCA approval. Select custodian and auditor for reserves. | Q3–Q4 2024 | CEO, Legal |
| Phase 2: Authorization (0–6 mos.) | Submit application for ART/EMT issuer authorization. Ensure formation of the reserve portfolio. | Q4 2024 – Q2 2025 | CFO, Compliance |
| Phase 3: Launch (6–9 mos.) | Set up processes for monthly/quarterly reserve reporting. Undergo the first independent audit. | Q2–Q3 2025 | CFO, COO |
Checklist: Your Step-by-Step Preparation Plan
| Task | Priority | Responsible (Role) | Key Documents / Results |
|---|---|---|---|
| 1. Legal Audit and Classification | High | CEO, Compliance, External Legal | Legal opinion on the classification of tokens and services. |
| 2. Jurisdiction Selection and Roadmap Development | High | CEO, Head of Strategy | Comparative analysis of jurisdictions; approved implementation plan. |
| 3. Preparation of Authorization Documents | High | Compliance, Legal, CFO | Business plan, AML/KYC policies, White Paper, proof of capital. |
| 4. Ensuring Operational Compliance (DORA) | Medium | CTO, CISO | DORA compliance report; implemented IT risk management policies. |
| 5. Application Submission and Regulatory Interaction | High | CEO, Compliance | Submitted application to NCA; minutes of meetings with the regulator. |
Conclusion: What to Do Right Now
Implementing MiCA is not just a legal formality, but a strategic necessity for any crypto business targeting the EU market.
- Today: Conduct an internal audit and determine which MiCA requirements apply to your business.
- Within a month: Choose a jurisdiction for licensing and begin preparing key documents.
- Within six months: Develop and implement internal policies, ensure capital availability, and be ready to submit an authorization application.
Useful Resources:
- Official Regulation Text:
Regulation (EU) 2023/1114 (MiCA) - ESMA Clarifications and Standards:
ESMA — Markets in Crypto-Assets Regulation (MiCA) - EBA Standards for Stablecoins:
EBA — Markets in Crypto-Assets Regulation (MiCA)
Important:
This article is for informational purposes and does not constitute legal advice. ESMA and the EBA continue to publish technical standards (RTS/ITS) that detail many aspects of MiCA. Regularly monitor updates and consult with lawyers for the final validation of your compliance strategy.