Markets in Crypto-Assets (MiCA) is the European Union's landmark regulatory framework governing crypto-assets. Adopted in June 2023 and fully implemented by December 2024, MiCA replaces the fragmented patchwork of 27 different national approaches to crypto regulation with a single harmonized ruleset. It is widely regarded as the world's most comprehensive crypto-specific regulatory framework and is already influencing regulatory discussions in the US, UK, Singapore, and beyond.

Scope and Coverage

MiCA regulates three activities: the issuance of crypto-assets, their admission to trading on regulated platforms, and the provision of crypto-asset services. It applies to any entity undertaking these activities within the EU or targeting EU residents, regardless of where the entity is incorporated.

Three Asset Categories

MiCA classifies crypto-assets into distinct regulatory buckets:

Asset-Referenced Tokens (ARTs) are stablecoins backed by multiple assets. They face the most stringent requirements, including reserve management rules, qualified custodian requirements, and minimum capital obligations tied to reserve size.

Electronic Money Tokens (EMTs) are fiat-backed stablecoins pegged to a single official currency. Their issuers must be authorized as credit institutions or Electronic Money Institutions, and holders enjoy statutory redemption rights at par.

All other crypto-assets — utility tokens, governance tokens, and crypto-assets not otherwise categorized under EU financial law — fall into a third category with lighter requirements, primarily focused on whitepaper disclosure obligations.

Crypto-Asset Service Providers (CASPs)

MiCA introduces the concept of Crypto-Asset Service Provider (CASP) as the regulatory designation for entities providing professional crypto services. CASPs must obtain authorization from a National Competent Authority (NCA) in any EU member state. Once authorized, they benefit from EU passporting — a single license grants the right to operate across all 27 member states.

Services requiring CASP authorization include:

• Operating a crypto-asset trading platform
• Exchanging crypto-assets for fiat or other crypto-assets
• Custody and administration of crypto-assets
• Portfolio management and investment advice
• Transfer services for crypto-assets
• Crypto-asset lending and borrowing (depending on structure)

Key Requirements

Organizational Standards: CASPs must maintain robust governance structures, sound risk management frameworks, and documented internal controls. Management bodies must be fit and proper, with adequate professional experience.

Operational Resilience: ICT security, business continuity planning, and incident reporting are mandated. MiCA works in tandem with the Digital Operational Resilience Act (DORA), which imposes detailed technical standards for ICT risk management across the financial sector.

Consumer Protection: CASPs must provide clear, fair, and non-misleading information to clients. Conflicts of interest must be identified and managed. Complaint handling procedures are required with defined resolution timelines.

Market Integrity: MiCA prohibits market manipulation, insider trading, and unlawful disclosure of inside information for crypto-assets admitted to trading on regulated platforms — bringing crypto market integrity rules closer to those governing traditional securities markets.

DeFi and MiCA

MiCA's relationship with decentralized finance is nuanced. The regulation explicitly acknowledges that "fully decentralized" services provided "without any intermediary" may fall outside its scope. However, this exemption is narrow in practice. Protocols with admin keys, centralized frontends, EU-based legal entities, or active marketing to EU retail investors may nonetheless be subject to MiCA obligations.

The European Securities and Markets Authority (ESMA) has indicated that DeFi protocols will receive increasing regulatory attention as the framework matures. Proactive compliance assessment — rather than assumption of exemption — is the prudent approach for any DeFi protocol with material EU user exposure.

Enforcement

National Competent Authorities across EU member states are responsible for MiCA supervision. Penalties can reach €5 million or 3% of annual global turnover for serious violations. Operating as a CASP without authorization can result in license refusal, asset freezes, and public censure. Regulators in Germany (BaFin), France (AMF), and the Netherlands (AFM) have been particularly active in reviewing CASP applications and conducting supervisory inspections.

Related Terms

• Asset-Referenced Tokens
• Electronic Money Tokens
• Operational Resilience
• Qualified Custodian
• Regulatory Decentralization