What Is MiCA? The EU's Crypto Regulation, Explained
The EU's Markets in Crypto-Assets Regulation is the first major attempt to build a comprehensive legal framework for crypto across an entire economic bloc. What it covers — and what it doesn't — determines who can legally operate in Europe.
What MiCA actually is
MiCA — Markets in Crypto-Assets Regulation — is an EU regulation, not a directive. That distinction matters more than it sounds. A directive requires each member state to pass its own implementing legislation, which produces 27 slightly different national laws. A regulation applies directly and uniformly across every EU member state the moment it takes effect. MiCA is the latter. It entered into force in June 2023.
Its provisions rolled out in two tranches. The stablecoin rules — Title III covering Asset-Referenced Tokens (ARTs) and Title IV covering E-Money Tokens (EMTs) — applied from June 2024. The broader rules governing other crypto-assets and the licensing of Crypto-Asset Service Providers (CASPs) followed in December 2024.
Before MiCA, the regulatory map across Europe was a patchwork. France required digital asset service providers to complete basic registration under its PSAN regime, while offering a separate, higher-tier approval on a voluntary basis. Germany required custodians of crypto to hold a licence under the Banking Act. Many member states had nothing coherent at all. Operating across Europe meant navigating conflicting requirements, or simply picking the most permissive jurisdiction and hoping for the best.
MiCA replaces that patchwork with a single passport. Get authorised in one member state, and you can operate across all 27. That is the foundational logic of the regulation — reducing fragmentation and creating a market that can compete on level terms with less regulated jurisdictions, while establishing baseline consumer protections that apply everywhere.
Three asset categories, three different treatments
MiCA draws sharp distinctions between types of crypto-asset, and the rules that apply depend entirely on which category an asset falls into.
Asset-Referenced Tokens (ARTs) are tokens that claim to maintain a stable value by referencing a basket of assets — multiple currencies, commodities, other crypto-assets, or some combination. The canonical model is a token backed by a mixture of fiat currencies and short-dated sovereign debt. This is a deliberately broad category: anything that anchors its value to multiple underlying assets without qualifying as e-money sits here.
ART issuers face the heaviest obligations. They must publish a whitepaper, obtain prior authorisation from their national competent authority, maintain a reserve of liquid assets proportionate to the tokens in circulation, and allow holders to redeem on demand at the reference value. Significant ARTs — those exceeding volume and holder thresholds defined in the regulation — are supervised directly by the European Banking Authority (EBA) rather than the national authority. Below the threshold, the national regulator applies.
E-Money Tokens (EMTs) reference a single official currency. They are, in practical terms, electronic money issued on a blockchain — a euro-pegged token, a dollar-pegged token, a sterling-pegged token. The regulation treats them accordingly: EMT issuers must hold an Electronic Money Institution (EMI) licence under EU e-money law, or be an authorised credit institution.
Two of the largest stablecoins illustrate where this lands in practice. On 1 July 2024, Circle announced that its French entity had obtained an Electronic Money Institution licence from France's ACPR, enabling it to issue USDC and its euro-denominated stablecoin EURC in compliance with MiCA. Tether's USDT, which is dollar-pegged rather than euro-pegged and which Tether chose not to authorise as an EMT, became a contested compliance question. Several exchanges delisted USDT for EU-resident users in the run-up to the deadline; others applied transitional logic and continued serving it while the regulatory position clarified. The underlying question — whether an exchange can offer a non-authorised EMT to EU customers — remains an active area of national supervisor guidance. See our article on stablecoins for treasury teams for a fuller treatment of the practical implications for corporate treasury.
Other crypto-assets is the catch-all: everything that is neither an ART nor an EMT and that is not already caught by existing EU financial instruments regulation under MiFID II. Bitcoin, Ether, most utility tokens, and the vast majority of cryptocurrencies sit here.
The regime for this category is disclosure-based rather than authorisation-based. Issuers must publish a whitepaper — but unlike ARTs and EMTs, they do not need prior regulatory approval; they only need to notify the national competent authority. There is no reserve requirement, no redemption obligation. The whitepaper is a liability document, but the barrier to issuance is lower than for the stabilised-value categories.
Two exemptions narrow the whitepaper requirement further still: offers addressed solely to qualified investors, and offers below a de minimis threshold (€1 million over 12 months, with some variation by national implementation). Truly small-scale token issuance can proceed without a whitepaper at all.
The CASP licensing regime
Separate from the asset categories, MiCA creates a licensing regime for businesses that provide services around crypto-assets. The list of covered services is broad: operating a trading platform, exchanging crypto for fiat, exchanging one crypto for another, custodying and administering crypto-assets, portfolio management, placing crypto-assets, receiving and transmitting orders, providing advice, and providing transfer services. If your business does any of these for EU customers, you are a Crypto-Asset Service Provider and you need authorisation.
The application goes to the national competent authority of the member state where the firm has its registered office. Requirements include minimum capital (ranging from €50,000 to €150,000 depending on the services offered), fitness and propriety checks on management, governance arrangements, safeguarding of client assets, and operational resilience. On the last point, MiCA's resilience requirements for CASPs run alongside — and are broadly consistent with — the Digital Operational Resilience Act (DORA), which applies across the EU financial sector from January 2025. Firms subject to both regimes should approach them together; our guide to DORA compliance covers the operational requirements in detail.
Once authorised, the licence passports. A CASP licensed in, say, the Netherlands can operate in Portugal, Poland, and every other member state without separate national authorisation. This passporting mechanism was one of the primary commercial drivers for crypto firms to establish EU legal entities ahead of the December 2024 deadline. Jurisdictions including Ireland, Lithuania, and the Netherlands positioned themselves as attractive CASP bases — stable regulators, English-language process, existing fintech ecosystems.
Transitional provisions vary by member state. Firms that registered under earlier national regimes (France's PSAN, Germany's crypto custody licence) are generally permitted to continue operating while their MiCA applications are processed, with deadlines typically running to mid-2026. Firms with no prior national registration and no MiCA application by December 2024 are in a more difficult position.
What MiCA does not cover
The carve-outs are as important as the coverage.
DeFi is outside scope where protocols are genuinely decentralised — no identifiable issuer, no controlling service provider, no entity to authorise. This is not an oversight; it reflects the practical impossibility of licensing a smart contract. The EU has signalled that it will review the DeFi question in a future legislative cycle, but as MiCA stands, a protocol with no identifiable legal person behind it falls outside the regulation. What constitutes "sufficient decentralisation" to escape the regime is not defined and will likely be tested case by case.
NFTs are generally excluded. Unique digital assets with genuine collector characteristics fall outside MiCA's scope. The exception is NFTs that function as financial instruments — a collection of identical tokens carrying economic rights, or a large series structured to look like fractionalised securities, could be caught. The line between a collectible NFT and a financial instrument NFT will need case law to settle.
CBDCs are excluded entirely — they are central bank money and sit under separate EU monetary law. The EU's own digital euro project is being developed under a distinct legislative framework. For context, see our overview of central bank digital currencies.
Security tokens — crypto-assets that qualify as financial instruments under MiFID II — remain under MiFID. MiCA is explicitly a lex specialis for crypto-assets that are not already regulated as securities, derivatives, or other financial instruments. If a token passes the MiFID financial instrument test, MiCA does not apply.
Crypto lending and yield arrangements — borrowing against crypto collateral, yield-bearing deposits, liquidity provision — are not directly addressed in MiCA as currently enacted. The Commission has indicated that a separate legislative instrument will tackle this, but no timeline is firm. Firms offering these services should monitor national supervisory guidance carefully; some competent authorities have taken the view that yield-bearing arrangements may trigger existing e-money or deposit-taking rules even before specific crypto legislation addresses them.
The whitepaper regime in practice
The whitepaper is MiCA's primary disclosure mechanism. Any issuer of an ART, EMT, or other crypto-asset above the exemption threshold must publish one. Content requirements are prescribed: identity of the issuer, the nature of the crypto-asset, rights attached to the token, the underlying technology, the risks, and — for ARTs and EMTs — the reserve management arrangements.
For ARTs and EMTs, the whitepaper requires prior approval from the national competent authority before publication. For other crypto-assets, it requires only notification — the issuer must notify the competent authority at least 20 working days before publication. There is no prior approval step; the whitepaper can be published once the notification period has elapsed unless the authority raises specific objections. The difference in process reflects the difference in risk profile.
Liability sits with the issuer. Investors who suffer loss because a whitepaper contained misleading statements or omitted material information can bring civil claims against the issuer. This is a meaningful shift — pre-MiCA, most crypto whitepapers in Europe existed in a legal grey zone with uncertain liability consequences. The regulation imposes the kind of prospectus-style civil liability that applies in securities markets, adapted for the crypto context.
Supervision, enforcement, and the ESMA-EBA architecture
MiCA splits supervisory responsibility along a significance axis. For most ART and EMT issuers, and for all CASPs, the national competent authority supervises and enforces. For significant ARTs and significant EMTs — those exceeding transaction volume and holder number thresholds — the European Banking Authority (EBA) takes on direct supervision of those issuers, given their proximity to e-money and banking products. ESMA plays a coordinating role and maintains supervisory colleges for significant issuers, but direct supervisory responsibility over significant stablecoin issuers sits with the EBA.
ESMA and EBA have published extensive regulatory technical standards (RTS) under MiCA, covering whitepaper templates, reserve asset composition requirements, operational resilience standards, and more. These RTS have the force of law across the EU once adopted by the Commission. They add considerably to the practical compliance burden that the regulation's headline text implies.
Enforcement powers include fines, public censure, withdrawal of authorisation, and — for significant ARTs and EMTs — the ability to cap issuance where a token poses systemic risk. The systemic risk provisions are a direct response to the Diem episode: the EU does not want a private token to achieve scale that could affect monetary sovereignty.
The UK's parallel path
The UK left the EU before MiCA was enacted and is not subject to it. Its own crypto regulatory framework is being built under the Financial Services and Markets Act 2023, which brought crypto-assets into FCA regulation by extending the existing financial promotions and regulated activities regimes.
Cryptoasset promotions regulation came first, in October 2023. Exchange and custody regulation is being developed through consultation, with the FCA publishing discussion papers and policy statements on an iterative basis. The UK approach is outcomes-focused rather than adopting MiCA's structure wholesale — which means the two regimes will share broad objectives (consumer protection, market integrity, financial stability) but differ in their specific requirements.
For firms operating in both jurisdictions, this means dual compliance. A CASP authorised under MiCA cannot passport into the UK. A UK FCA-authorised firm cannot passport into the EU. The mutual recognition arrangement that once existed for financial services under the passporting regime does not extend to crypto under either MiCA or the UK's own framework. Firms with material business on both sides of the Channel will need separate legal entities in both the EU and the UK, each maintaining the regulatory requirements of its own regime.
What crypto firms need to do
The practical compliance checklist for any firm with EU exposure runs roughly as follows. Decide on a home member state — the jurisdiction where you will base your EU legal entity and apply for CASP authorisation. That choice affects which national authority you deal with, and national authorities vary in their crypto experience and processing times. Apply for CASP authorisation before you are operating, or take advantage of transitional provisions if your firm registered under a prior national regime. Prepare a MiCA-compliant whitepaper for any token you issue, and file it with the appropriate authority. If you issue an ART or EMT, establish the reserve infrastructure and redemption mechanisms the regulation requires. Build in DORA-consistent operational resilience controls, which overlap substantially with MiCA's own resilience obligations for CASPs.
The firms that have moved quickly — building EU legal entities, completing national registrations in France, Ireland, Germany, and elsewhere, filing whitepapers ahead of deadlines — are in the strongest position. Those that delayed are operating under transitional provisions of varying generosity, or are not operating in the EU market at all while they catch up.
MiCA is not a ceiling. It is a floor. National competent authorities can impose additional requirements within the bounds the regulation allows. ESMA and EBA will continue issuing guidance and technical standards that flesh out requirements the primary text left open. And the EU has already signalled that MiCA 2.0 — covering DeFi, crypto lending, and NFTs more comprehensively — is on the legislative horizon.
Sources and methodology: This article draws on the text of the EU Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114), ESMA and EBA technical standards published under MiCA, and publicly available regulatory guidance from relevant national competent authorities. No proprietary data is cited.
Frequently asked questions
Does MiCA apply to Bitcoin and Ether?
Yes — both fall into MiCA's 'other crypto-assets' category, which covers cryptocurrencies that are not Asset-Referenced Tokens or E-Money Tokens and are not already regulated as financial instruments under MiFID II. The obligations for this category are lighter than for stablecoins: issuers must publish a whitepaper and notify the national authority, but there is no prior authorisation requirement and no reserve obligation. Holders of Bitcoin and Ether are unaffected; it is issuers and service providers that bear the compliance burden.
Is USDT (Tether) compliant with MiCA?
As of 2026, Tether has not obtained authorisation as an E-Money Token under MiCA, which would be required for USDT to be legally offered to EU retail customers by regulated exchanges. Tether's choice not to seek EMT authorisation placed exchanges in a difficult position ahead of the December 2024 deadline. Several delisted USDT for EU users; others applied national transitional provisions. The regulatory position on exchanges continuing to offer non-authorised stablecoins to EU customers remains subject to national supervisor guidance and is not uniformly resolved.
Can a UK-based firm use a MiCA licence to operate across the EU?
No. The UK is a third country under EU law. MiCA's passport — which allows an authorised CASP to operate across all 27 EU member states — applies only to entities authorised in an EU member state. A UK-domiciled firm that wants to operate in the EU under MiCA must establish a separate legal entity in an EU member state and obtain CASP authorisation for that entity. There is no equivalence or mutual recognition arrangement that extends the UK FCA's authorisation into the EU crypto market.
What is the difference between MiCA and MiFID II?
MiFID II (Markets in Financial Instruments Directive II) covers financial instruments — shares, bonds, derivatives, structured products, and similar assets. MiCA was specifically designed to cover crypto-assets that fall outside the MiFID definition of financial instruments. If a token qualifies as a financial instrument under MiFID II, MiCA does not apply — the existing MiFID regime governs it instead. MiCA fills the gap for crypto-assets that have genuine economic characteristics but do not meet the MiFID financial instrument test.
Does MiCA cover DeFi protocols?
Not directly. MiCA's provisions presuppose an identifiable legal entity — an issuer to publish a whitepaper and face liability for it, a service provider to hold a CASP licence. Fully decentralised protocols with no controlling legal person and no identifiable issuer fall outside the regulation's scope. The EU has acknowledged this gap and signalled that a future legislative review will address DeFi more explicitly. In the interim, the key question for any given protocol is whether it is genuinely decentralised — national authorities may take different views on where the line sits, particularly for protocols with identifiable development teams or foundations.