What is MiCA in the EU?
Quick answer
MiCA (Markets in Crypto-Assets Regulation, EU 2023/1114) is the EU's first binding framework for crypto-asset issuers, stablecoin operators, and service providers. It doesn't cover crypto-assets regulated under MiFID II or most NFTs. Full effect from December 30, 2024. ---
The full answer
MiCA is Regulation (EU) 2023/1114 on Markets in Crypto-Assets, published June 9, 2023 and fully in force from December 30, 2024. It's the first EU-wide framework that regulates crypto-assets as their own asset class, separate from securities, e-money, and deposits.
Three asset categories are in scope:
- Asset-referenced tokens (ARTs): backed by a basket of currencies, commodities, or crypto-assets. Multi-asset stablecoins.
- E-money tokens (EMTs): backed 1:1 by a single fiat currency. USDC, EURC, and most major stablecoins issued in the EU sit here.
- Other crypto-assets: utility tokens, governance tokens, altcoins, exchange tokens. The catch-all category.
MiCA also covers crypto-asset service providers (CASPs): trading platforms, custodians, exchange services, portfolio managers, transfer services, and advisors. If you offer any of these services to EU-based clients, you're in scope regardless of where your firm is incorporated.
Implementation timeline:
| Date | What took effect |
|---|---|
| June 9, 2023 | Regulation published in the Official Journal |
| June 30, 2024 | ART and EMT rules (Titles III and IV) |
| December 30, 2024 | CASP authorization requirements |
| June 30, 2026 | Grandfathering period ends for pre-existing national licenses |
White papers and issuer liability
Any public offering of a non-ART, non-EMT crypto-asset requires a white paper filed with the relevant NCA at least 20 working days before publication. No prior approval is needed for most crypto-assets, but the issuer is strictly liable for the white paper's accuracy. ART and EMT white papers require NCA approval before publication. That's a substantive difference: if an EMT issuer's white paper misrepresents the reserve, holders have a direct claim.
AML, Travel Rule, and CASP obligations
CASPs are obliged entities under EU Anti-Money Laundering law. They must perform customer due diligence and enhanced due diligence for higher-risk clients, verify beneficial ownership for legal entity customers, and run ongoing transaction monitoring.
The FATF Travel Rule applies under the EU Transfer of Funds Regulation (TFR). CASPs must pass originator and beneficiary information on all crypto transfers above 1,000 euros. Below that threshold, they must still collect and retain the data even without transmitting it. That's stricter than the equivalent bank standard.
Given that crypto markets run 24/7 across global venues, AI-based AML transaction monitoring is increasingly how licensed CASPs meet these obligations at practical scale.
Significant stablecoin supervision
Stablecoins crossing either threshold get classified "significant":
- More than 10 million holders
- Average daily transaction volume above 5 billion euros
Significant issuers move from NCA supervision to direct EBA oversight. The EBA can cap issuance. By early 2025, major EU exchanges had delisted Tether's USDT because Tether had not sought EMT authorization from any NCA. That's MiCA operating as intended: if you don't get licensed, you lose EU market access.
What's excluded
MiCA explicitly doesn't cover:
- MiFID II instruments: security tokens stay regulated under MiFID II and related directives
- CBDCs: explicitly out of scope
- Most NFTs: a unique digital asset is excluded; a series of 10,000 near-identical items may not be "unique" in the regulation's sense
- Fully decentralized protocols: no identifiable issuer means no MiCA obligation, but ESMA's technical standards signal scrutiny of governance token arrangements that function like issuer activity
The authoritative text is at EUR-Lex (Regulation EU 2023/1114).
Why this matters
For compliance teams at banks and financial institutions, MiCA creates two distinct pressure points.
If your firm wants to offer crypto services, MiCA is your authorization framework. You must choose a member state of incorporation, apply to that NCA, and once authorized, passport across the EU. Member states vary in their approach: Germany's BaFin, France's AMF, and Ireland's Central Bank have each interpreted the transition rules differently. Picking your home jurisdiction is a real strategic decision.
If you're doing AML oversight, CASPs are now far more visible as counterparties. Licensed CASPs must comply with the Travel Rule, maintain transaction records, and file suspicious activity reports. A bank onboarding a CASP as a customer should verify that the CASP's AML program is actually operational and that its authorization appears in the ESMA register before proceeding.
Sanctions screening obligations for CASPs under MiCA are real-time and explicit. A CASP that can't demonstrate live wallet screening against EU and UN consolidated lists shouldn't pass a bank's due diligence review.
If a CASP routes funds through jurisdictions on the FATF Grey List, that's a separate risk flag. MiCA authorization in the EU doesn't resolve it.
CISOs at crypto-adjacent firms should note that MiCA includes operational resilience requirements that overlap substantially with DORA (Digital Operational Resilience Act). For firms deploying AI tools in compliance functions, EU AI Act obligations may also apply, depending on how the system is classified under that framework.
One practical point for risk teams: perpetual KYC is the natural operating model for CASPs. MiCA expects ongoing monitoring of customer risk across wallet activity, not just a snapshot at onboarding. Banks assessing CASP partners should ask how they do ongoing review, not just initial checks.
Related questions
- What is the FATF Travel Rule? (applies to all crypto transfers above 1,000 euros under the EU Transfer of Funds Regulation)
- Who needs to comply with the EU AI Act? (CASPs using AI in compliance functions may face obligations under both MiCA and the AI Act simultaneously)
- What is the difference between CDD and EDD? (CASPs must meet the same CDD and EDD standards as banks under EU AML rules)
- Can AI be used for AML transaction monitoring? (24/7 crypto markets make automated monitoring a practical necessity for licensed CASPs)
- How does sanctions screening work? (CASPs have explicit real-time wallet screening obligations under MiCA)
Related concepts and regulations
- What is a beneficial owner? (CASPs must verify UBO for all legal entity customers as part of CDD)
- What is perpetual KYC? (ongoing risk monitoring is expected of licensed CASPs, not just at onboarding)
- What is the FATF Grey List? (relevant when assessing CASPs with exposure to grey-listed jurisdictions)
- When does the EU AI Act take effect? (overlapping EU obligations for crypto firms using AI in regulated functions)