The EU's new MiCA framework for crypto-assets - the one regulation to rule them all
2023-05-05 18:00:09 UTC
NFTs, DeFi, ICOs - the crypto space is full of acronyms. One that has made its way into the mainstream crypto parlance recently is MiCA. MiCA stands for the Markets in Crypto-Assets Regulation, the upcoming crypto rulebook for the European Union.
It is today the most comprehensive framework for crypto assets globally, which is why, besides generating fears that it could ban mining & bitcoin trading in Europe, it has garnered worldwide attention from the crypto community.
After years of intense negotiations and a political agreement reached
roughly 10 months ago, MiCA was finally formally voted on and adopted in the plenary of the European Parliament today.
But as there remains significant confusion about what that means for crypto businesses in Europe and elsewhere, this primer will shed light on MiCA’s genesis, goals, main regulatory categories and requirements, and its possible implications for crypto writ large.
MiCA’s genesis - Why did the EU decide to front run the world?
Admittedly, Europe is not home to the largest crypto businesses today. Most of the value creation and capture is happening in the US and Asia. In the 2022 global crypto adoption index, not a single EU country is part of the top 20 countries. This raises the question why the EU decided to move forward with such a comprehensive, region-wide binding set of regulations in the first place?
Four reasons stand out:
- In 2018, the EU Commission instructed the EU financial supervisory authorities to examine the applicability of EU financial law to crypto-assets like Bitcoin. In early 2019, the European Banking Authority (EBA) report was published with clear advice: Since crypto-assets do not fall under EU law to a large extent, while at the same time pose non-negligible consumer protection and money laundering risks, the Commission should take action.
- The 5th Anti-Money Laundering Directive in the EU led to a veritable patchwork of national crypto registration and licenses in early 2020. Some countries like Germany, Austria, Malta, Lithuania or France introduced dedicated crypto licensing regimes, other countries like Ireland created simple AML registrations, and again others didn’t do anything at all. Operating an EU-wide crypto business became a very bureaucratic and burdensome endeavor of knocking at every single national supervisor's door. Calls for regulatory harmonization grew louder, from both the industry, regulators, and policymakers - in part to prevent regulatory arbitrage.
- In June 2019, the (in)famous Diem (formerly Libra) project decided to launch out of Geneva in the heart of Europe (but not the EU). The announcement of Libra/Diem raised the stakes for EU and national government policymakers, who competed with one another to be the strongest public opposer to the concept of global private internet money. The highest levels of governments such as Germany’s current Chancellor (and former Finance Minister) Olaf Scholz called for an outright ban of Diem and the pressure to close any regulatory loopholes in the EU mounted. The focus on Diem and stablecoin projects can be seen in the form and content of the final MiCA legislation, which creates the two token categories of asset-referenced tokens (ART) and e-money tokens (EMT) that correspond to Diem’s first and second iteration of stablecoin token concepts.
- Crypto regulation has to be seen in the context of the EU's ambition to be a global leader in tech regulation more broadly. Recent political initiatives like the GDPR, the Digital Markets Act, or the Digital Services Act aspire to set global tech standards, and a nascent, promising industry like crypto is just another building block to execute on that proactive strategy. As such, shortly before publishing MiCA’s first proposal, former EU Commission executive vice president for financial services, Valdis Dombroskis, stated: “I believe that Europe is in a position to lead the way on crypto regulation”.
The combination of a lack of applicable EU legislation, increasing regulatory fragmentation, the looming mass adoption of cryptocurrencies (like Diem), and the drive to be a leader in regulating technology forced the EU to act - and act decisively.
MiCA’s goals - what is the EU trying to achieve?
Derived from the driving forces mentioned above, the EU’s main goals for MiCA were and still are:
- Protecting consumers who buy crypto or engage with crypto asset services to prevent the worst excesses experienced during the ICO craze in 2017/18 (and more recently in 2022).
- Creating regulatory harmonization, closing regulatory arbitrage loopholes and allowing companies to operate on an EU-wide basis without the need for 27 different licenses & supervisors.
- Creating legal certainty for companies and institutions to enter the space, with a clear rulebook for different services (token issuance, exchange, custody etc.), enabling fair competition and innovation.
- Taking the leading role on how to regulate crypto globally, doubling down on its ambition to affect technological and economic innovation through early and comprehensive policy frameworks.
MiCA’s rules - what does MiCA hold for crypto businesses?
It might be easiest to start by stating what MiCA doesn’t cover.
MiCA does not apply to the European Central Bank (ECB), national central banks, the European Investment Bank, the European Financial Stability Facility, the European Stability Mechanism, and public international organizations.
It doesn’t entail detailed AML rules for crypto businesses that are currently discussed within the AMLR
or that have already been finalized within the TFR
, the EU implementation of the FATF travel rule also formally adopted by the EU Parliament today. Remember the discussions around the de-facto banning of “unhosted wallets”? That was the TFR, not MiCA.
Further, MiCA doesn’t cover crypto-assets (or crypto-asset services) that are deemed to be securities in order to prevent a duplication of frameworks. These services around tokenized securities are covered by MiFID
and for those who want to trial securities trading and settlement on blockchains, the EU adopted a “DLT pilot regime
” that kicked-off officially in March 2023. Finally, MiCA does not cover deposits as defined in the EU Deposit Guarantee Schemes Directive.
That said, MiCA covers basically all forms of token offerings, stablecoin issuance, crypto asset services like exchange and custody, plus new market abuse rules for the entire space. Unlike the US where a stablecoin bill and a bill for centralized market operators are being negotiated separately, the EU decided to put these concepts under the same regulatory umbrella.
Or, to paraphrase Tolkien’s words: “One regulation to rule them all, one regulation to find them, one regulation to bring them all and in the darkness bind them.”
MiCA introduces a taxonomy of assets and services with respective requirements.
- A crypto-asset is a “digital representation of a value or a right, which may be transferred and stored electronically, using distributed ledger or similar technology”. Most crypto-assets should fall under this “catch-all” category, including bitcoin & ether.
- A utility token is a sub-type of crypto-assets “which is only intended to provide access to a good or a service supplied by its issuer”. There are lighter requirements for issuing utility tokens, but I don’t expect many to fall under this category.
- An asset-referenced token (ART) is a token that aims at stabilizing its value by referencing/pegging to a basket of currencies, commodities, crypto-assets or other single non-fiat currency assets. This category was created with the original Libra 1.0 coin in mind that pegged its value to an IMF special-drawing-rights kind of basket of fiat currencies.
- An e-money token (EMT) aims at stabilizing its value by referencing the value of one single fiat currency, for example USDC, USDT, BUSD or EUROC. This concept and most of its requirements stem from the existing regulatory concept of e-money in the EU.
For ARTs and EMTs, MiCA introduces the concept of “significance”. Significant ARTs & EMTs are tokens that reach certain adoption thresholds and have to meet higher prudential, governance, and liquidity requirements. If three of the following criteria (that will further be specified by EU supervisors) are met, ARTs and EMTs are deemed significant:
- > 10 million holders
- > €5 billion market capitalization
- Whether the number and value of transactions per day is higher than 2.5 million and €500 million, respectively
- Whether the issuer is designated a gatekeeper according to the Digital Markets Act
- Whether the issuer is deemed significant on an international scale, including the use of the token for payments and remittances
- The degree to which the token is interconnected with the financial system
- Whether the issuers offer additional ARTs, EMTs, or crypto-asset services
The classification of NFTs within the MiCA legislation is unfortunately not 100% clear. While Art. 2(3) and the related Recital 10 suggest that NFTs should remain outside of the scope of MiCA, Recital 11 states that if NFTs are issued in a “large series or collection” they may be considered to actually NOT be non-fungible, meaning their issuance and other services built on top (e.g. an NFT marketplace) could be subject to MiCA requirements.
The elephant question in the room for all NFT enthusiasts is naturally: Will the standard 10k NFT profile-picture collection be seen by supervisors as issued “in a large series or collection”? It seems reasonable to assume that, which would mean that large parts of the current NFT market would actually end up in MiCA’s scope through this back door.
Issuers of NFT collections would be required to comply with disclosure and compliance requirements intended for issuers of financial instruments (outlined below). The same fate could hit builders of NFT collection marketplaces, custodians, or aggregators who could be deemed MiCA crypto-asset service providers.
Interesting questions of technology neutrality arise, for example when NFT collections representing concert tickets or audio files in an album might be considered regulated financial instruments under MiCA in token form, but not in their analog and existing digital versions.
Looking ahead, future guidelines from the EU supervisors may provide more legal clarity for NFT issuers and businesses around Recital 11, but I fear that diverging interpretations from national supervisors will lead to legal uncertainty for many NFT creators and firms in the near future. While the goal of creating regulatory clarity is well within reach for most areas in the crypto industry, the treatment of NFTs is probably not one of them.
Requirements for issuers of crypto-assets
Issuers (“Offerors”) of crypto-assets (with exemptions for utility tokens and small-scale crypto-assets) have to draft a detailed white paper with all the relevant information about the project, the issuer, the risks involved, the technology used, the economic design of the token, and the environmental impact of the consensus mechanism of the token (this last component is a remnant compromise of the amendment to ban the trading of proof-of-work tokens altogether that was thwarted
by a thin majority in the ECON committee of the EU Parliament).
Crypto-asset issuers need to notify their respective national competent authority (e.g. BaFin in Germany) about their white paper, at least 20 days prior to its publication. MiCA doesn’t require its explicit approval. However, the authority can prohibit the issuance of the crypto-asset. Apart from standard obligations to act honestly, fairly and professionally, to disclose conflicts of interest, or to make marketing communications clearly identifiable, one interesting provision in MiCA offers retail holders that participated in the token offering a right of withdrawal (without incurring fees) within 14 calendar days. It will be interesting to see how this will be managed in practice.
The exact disclosure details and white paper templates to use will be established in the next 12 months by the EU supervisory authorities.
Overall, these primarily information disclosure requirements for issuers of crypto-assets seem reasonable and measured, and won’t pose an insurmountable challenge for most projects. If the regulatory uncertainty in the US continues, particularly with regard to the applicability of securities law to tokens, it is imaginable that many teams decide to launch their tokens according to this new framework out of the EU.
Requirements for issuers of asset-referenced tokens (ARTs)
Unlike for “standard” crypto-assets, publishing an ART white paper requires the explicit prior approval by the national competent authority. The entity issuing ARTs needs to be incorporated in the EU, meet certain prudential “own funds” requirements (2% of ART supply), satisfy reserve management (with regard to segregation, custody, investment etc.) standards and have wind-down and resolution plans in place.
As mentioned earlier, “significant” ART issuers will be held to even higher standards (such as 3% own funds, plus additional interoperability, liquidity and governance requirements). What’s more, the European Banking Authority (EBA), rather than national financial authorities, will be responsible for supervising these entities.
Requirements for issuers of e-money tokens (EMTs)
Only regulated e-money institutions (EMIs) or credit institutions will be allowed to issue e-money tokens in the EU. Unlike ART issuers, the competent authority only needs to be notified about the EMT white paper. E-money tokens have strict redemption obligations, are prohibited from granting interest to EMT-holders (same for existing EMIs), and overall have similar “own fund” (2% of supply) and reserve management requirements (e.g. only investments into high-quality liquid assets are allowed) than ART issuers.
Again, “significant” EMT issuers are overseen by the EBA and must meet higher requirements with respect to own funds (3%), interoperability, liquidity, resolution, and governance.
MiCA’s chapters on ARTs and EMTs make up large parts of MiCA, and not by accident. These rules were designed with a clear political mandate in mind, and have made the MiCA legislation perhaps Libra/Diem’s most far-reaching overall legacy in the crypto space. After Libra/Diem’s termination, there is almost no noteworthy token left that would fit the ART category and I wouldn’t be surprised if we ended up in the odd scenario where there exists no regulated ART in the EU for the foreseeable future.
Final notes on ARTs & EMTs
First, there are no exemptions for decentralized or algorithmic stablecoins. It will be interesting to see how projects behind decentralized or algorithmic stablecoins try to navigate the future EU regulatory landscape.
Second, one very political and much debated provision on ARTs and non-euro EMTs unfortunately made it into the final version: When, for a given ART or non-euro EMT, the number and value of transactions per day associated to “uses as means of exchange” is higher than one million and €200 million respectively within the euro area, the issuer has to stop issuing this token.
EU policymakers, acting mostly out of concerns for the monetary sovereignty of the EU, have since clarified that only real-world payments, and not investment or trading activities shall be in scope of these thresholds which will be further specified by EU supervisors. The real-world consequences of this protectionist measure that raises significant practical questions (how to monitor etc.) will mostly depend on how strict the EBA decides to apply the abstract wording.
Requirements for crypto-asset service providers (CASPs)
The different categories of regulated crypto-asset services that MiCA establishes, as well as the corresponding requirements, are heavily influenced by the EU MiFID (Markets in Financial Instruments Directive) targeted at investment firms, broker dealers or wealth managers, for example. As such, MiFID regulated firms that offer services (e.g. securities broker dealers) for traditional asset classes won’t need another MiCA license for similar crypto services (crypto brokerage). These firms will need to inform competent authorities and prove their technical capabilities.
Other companies that seek to offer one of the following crypto-asset services will need to get licensed as a CASP by one of the EU national competent authorities.
- Custody and administration of crypto-assets
- Operation of a crypto-assets trading platform
- Exchange of crypto-assets against fiat or against other crypto-assets
- Placement of crypto-assets
- Reception and transmission of crypto-asset orders
- Advice and portfolio management of crypto-assets
All of these CASPs will need to comply with minimum requirements with respect to their governance, the safekeeping of the assets, complaint handlings, outsourcing, wind-down plans, information disclosure, and last but not least, prudential requirements - CASPs will need to maintain permanent minimum capital (“own funds”) of:
- €150k for tradings platforms,
- €125k for custodians and exchanges (brokers),
- and €50k for all the others.
On top of that, each CASP function has some specific regulatory requirements to satisfy, for example:
- Custodians need to establish a custody policy, communicate clients' positions regularly, or face liability for clients’ assets lost due to cyber-attacks or malfunctions.
- Trading platforms need to implement market abuse detection and reporting systems or make public the current bid and ask prices and trading depth.
- Exchanges and brokers need to have non-discriminatory policies and execute orders at the best possible result and at the price displayed.
- Advisors and portfolio managers need to assess the suitability of crypto-asset investments for their clients based on risk tolerance and knowledge.
Nota bene: Crypto-assets with inherent anonymisation functions (“privacy coins” like Monero, Zcash etc.) can only be admitted to a trading platform if the token holders and their transaction history can be identified by the CASP or the relevant regulator. As this is de facto impossible to implement, I expect EU regulated crypto exchanges to delist privacy coins from their offering.
CASPs that are already licensed under national frameworks will benefit from an accelerated and simplified MiCA authorization procedure. They will also have up to 18 months after entry into application (meaning until Q2 2026, 18 months after Q4 2024) to receive the final MiCA license.
For instance, regulated crypto custodians in Germany will, in all likelihood, benefit from these simplified procedures and transitional measures. However, only MiCA-licensed CASPs will have the massive benefit of being able to offer their services throughout the EU (the largest single market in the world) via the so-called “passporting” of licenses across the bloc. This is why I expect most crypto businesses to apply for MiCA authorization asap.
One last comment on supervision: CASPs are normally supervised by the national financial supervisors of their home jurisdiction. However, for the largest CASPs with over 15 million active users, the national supervisor will have to notify EU securities supervisor ESMA, which from that point will have a say on key decisions and developments. Based on ECB data
on crypto asset ownership in the EU, one can assume the largest global exchanges are not too far from this threshold.
MiCA applies to businesses - natural & legal persons and “ certain other undertakings”. Other “undertakings” could include entities that are not legally established, but the EU has clarified that decentralized DAOs and protocols are not the target of this recent addition. MiCA recital 22 clarifies that “where crypto-asset services (..) are provided in a fully decentralised manner without any intermediary, they should not fall within the scope of this Regulation”. This core statement is backed up by multiple public statements from key EU officials from the Commission and the Parliament.
However, as always, the devil lies in the details. The same recital states that MiCA applies even “when part of such activities or services is performed in a decentralised manner”.
How much decentralization (technical, governance, legal etc.) is necessary to stay out of scope? It remains hard to tell, but the bar will be high in order to close any possible regulatory loopholes. I expect some enforcement and litigation cases on this question. The EU is generally less keen than the US to enforce its law on a cross-border basis, but especially EU DeFi projects that have a legal entity benefiting financially from the protocol, or that exhibit fake governance decentralization, or have central technical backdoors into the protocol will have a hard time proving why they shouldn’t fall under MiCA.
DeFi projects have two options if they want to stay out of scope.
- Prove full decentralization (high bar).
- Operate on reverse solicitation basis (not targeting EU customers).
The bars for both will be substantial, as both could blow a hole into MiCA’s impact and scope. Those projects operating out of the EU with EU legal entities or offering an euro-referencing stablecoin may have a particularly hard time.
Nevertheless, all in all, the EU is to be praised for its formal exclusion of true DeFi in the scope of a regulation that targets centralized financial companies. If parts of MiCA become a global regulatory standard, this will hopefully be one of them.
Market abuse rules
In addition to rules for crypto-asset issuers and service providers, MiCA also introduces rules against market manipulation and insider trading. Using insider information to benefit from trading activities will be illegal, as will activities that give false or misleading signals to the supply of, demand for, or price of, a crypto-asset.
As one example, voicing an opinion about a crypto-asset in the media (social or otherwise), without disclosing the owner’s position and conflict of interest to the public, while profiting subsequently from the impact of these opinions voiced on the price of a crypto-asset, will be considered market manipulation. Crypto influencers beware!
MiCA’s impact on the crypto industry in the EU and beyond
MiCA’s impact on the EU crypto industry - harmonization, competitiveness, institutionalization, and market share gains for regulated businesses.
For the EU crypto industry, MiCA represents a true game changer. Until now, crypto companies in the EU had to knock at every single national regulator’s door if they wanted to serve the entire EU market.
Some countries like Germany, Austria or France have already dedicated crypto licensing regimes in place, others like Ireland had created simple AML registration obligations, and again others didn’t have any regulatory frameworks in place for crypto businesses. Navigating the complex national regulatory patchwork of 27 different rulebooks became a very costly and burdensome endeavor.
Undoubtedly, this has constrained the growth of EU startups, and limited their competitiveness vis-a-vis their US or Asian counterparts. Under MiCA, the same binding EU requirements will apply to all 27 member countries. Once a company has been granted a MiCA license in one country, it will be able to “passport” it and offer the licensed service throughout the entire EU single market.
With MiCA in force, offshore, unregulated companies will no longer be able to target EU consumers pro-actively. Not least due to the recent FTX meltdown, the reserve solicitation rules, i.e. the rules under which foreign businesses can onboard EU customers that act on their own initiative, can be expected to be stricter than for other financial service providers in traditional markets. This will lead to MiCA-regulated crypto businesses gaining significant EU market share from their offshore, unregulated competitors.
Plus, MiCA will, in all likelihood, lead to more institutional adoption and activity in the EU crypto market. According to Bloomberg
, only 4% of institutional funds in Europe have exposure to crypto-assets. Regulatory uncertainty is one of the, if not the main concern
holding institutions back from entering the space. I expect major European banks will roll-out crypto-asset services in the next 48 months, be it custody, exchange, or also the issuance of e-money tokens or asset-referenced tokens, colloquially referred to as stablecoins.
To sum up, I expect MiCA to increase harmonization, the competitiveness and market share of regulated businesses and the institutional share of activities and services provided.
The creation of regulatory clarity amidst global uncertainties could very well attract capital, talent, and companies, especially those looking to issue tokens, from the rest of the world. In the best case, crypto as an industry could become a huge opportunity
for an economic and technological revival of the EU.
However, much of MiCA’s practical success boils down to the implementation standards and enforcement practices to be developed by the EU supervisory authorities in the next 12-18 months.
Some MiCA passages carry the risk of burdening industry participants, and their full effects will only become apparent once technical implementation standards provide practical operational guidelines.
The worst case scenario is one where only a minority of EU crypto startups manage to shoulder the substantive legal and compliance costs during an ongoing bear market, stablecoin issuers make a big detour around the EU, and exchanges face overly burdensome disclosure requirements and liabilities that don’t benefit consumers and make their offerings uncompetitive compared to their offshore counterparts. EU consumers would either be cut off from innovation or continue to use (and be exposed to) the largest offshore pools of liquidity and utility.
Additionally, supervisors could consider that most NFT and DeFi projects actually fall within the scope of MiCA and need to comply - a door that is still left open to interpretation by current MiCA recitals. This would inevitably lead to teams and resources migrating out of the EU.
MiCA could represent a positive boost for EU crypto businesses and the EU economy overall, but its success is highly dependent on the upcoming development of practical implementation standards.
MiCA’s global impact - will MiCA set global standards?
MiCA’s potential to become for crypto what GDPR is today for privacy, an almost globally adopted regulatory standard, is certainly there, but far from a foregone conclusion.
Undeniably, MiCA will play a huge role in how other jurisdictions, especially those without much experience in financial regulation and supervision, will think about their own crypto-asset framework. A closer look into the recent FSB (Financial Stability Board) recommendations for crypto service providers and so-called “global stablecoin arrangements” is all it takes to realize how many of the MiCA concepts have found their way into global standard setting bodies.
The EU market is the single largest internal market in the world with 450 million relatively wealthy consumers. By the sheer size of its market, MiCA will persuade many companies around the world to adapt MiCA operating standards, possibly even on an international scale in order to maintain globally streamlined operations and products. The global impact of EU regulatory standards has been observed in a number of industries, from the chemical industry to agriculture or tech, and coined as the “Brussels effect
” by Columbia Law School Professor Anu Bradford.
It is not by coincidence that the current U.S. CFTC Commissioner Caroline Pham warned
that “as the U.S. struggles to provide regulatory clarity to the domestic crypto industry, global regulatory frameworks like MiCA could fill the gap.”
The longer the US regulatory vacuum for crypto-assets persists, the greater I expect the global impact of MiCA standards to be.
However, it is only MiCA’s practical success that will matter at the end of the day, and much of the practical implementation work still lies ahead of us. If MiCA proves to be workable for the industry, consumers and regulators alike, it will have a global impact. If not, many jurisdictions will decide to choose an entirely different policy path.
Only time and the market will tell.
Since industry participants can have a lot of impact on making MiCA a success by responding to the upcoming consultations on implementation standards, I encourage all crypto projects and companies to engage closely with EU supervisors - primarily the European Banking Authority and the European Securities and Markets Authority - in the next 12-18 months.
After the complete collapse of FTX, even the most ardent crypto maximalists seem to have conceded that some form of reasonable regulation is needed in order to propel the space forward and prevent the worst excesses of fraud and fraudsters.
So far, MiCA is without any doubt the most comprehensive regulatory framework for crypto-assets we have seen on a global scale. It is an opportunity the industry should seize and build on, not least because if this regulation was being discussed and negotiated today instead of a year ago, believe me, we would be in a whole different situation.
Patrick Hansen is director, EU strategy & policy at Circle.
Any views and opinions expressed are strictly personal and do not necessarily represent the views of my employer. This blog post does not constitute legal or financial advice.