MiCA Compliance Guide — EU Crypto Regulation 2026

TL;DR — MiCA in 60 Seconds

MiCA is the EU's unified crypto regulation, in force from 30 December 2024 across all 27 EU member states
Any company providing crypto-asset services to EU clients must be authorised as a CASP (Crypto-Asset Service Provider)
A single MiCA CASP authorisation allows passporting across all 27 EU markets — no more per-country registrations
Capital requirements range from EUR 50,000 to EUR 150,000 depending on services offered
Existing national VASP registrations (e.g., Poland, Lithuania) benefit from grandfathering until July 2026 at the latest
You choose which EU member state to apply in — choose based on speed, cost, and regulator quality

Overview

What is MiCA?

The Markets in Crypto-Assets Regulation (MiCA), formally Regulation (EU) 2023/1114, is the European Union's comprehensive regulatory framework for crypto-assets. It replaces the patchwork of national regulations that previously governed crypto activities across EU member states — where each country had its own rules, registration requirements, and compliance standards.

MiCA creates a single EU-wide regulatory framework with two key objectives: (1) protect retail investors from risks associated with crypto-assets, and (2) provide legal certainty for crypto businesses operating within the EU. By achieving the latter, MiCA also fulfils an important commercial objective — enabling legitimate crypto businesses to scale across Europe with a single regulatory authorisation.

MiCA covers three categories: utility tokens (previously largely unregulated), asset-referenced tokens (ARTs — stablecoins backed by multiple assets), and e-money tokens (EMTs — stablecoins backed by a single fiat currency). It also establishes the CASP authorisation regime for all businesses providing crypto-asset services to EU clients.

What MiCA Does NOT Cover

MiCA explicitly excludes several categories: fully decentralised protocols with no identifiable issuer, NFTs (unless they qualify as crypto-assets under MiCA's definitions), DeFi (to a limited extent — subject to ongoing review), and central bank digital currencies (CBDCs). Crypto-assets qualifying as financial instruments under MiFID II continue to be regulated under MiFID II, not MiCA.

CASP Services

Which Crypto Services Require MiCA Authorisation?

Article 3 of MiCA defines ten categories of crypto-asset service. Any entity providing one or more of these services to clients in the EU must be authorised as a CASP. A single authorisation can cover multiple service types — you do not need separate licences for each activity.

Service	Description
Custody & administration	Safekeeping and management of crypto-assets or private keys on behalf of clients
Operation of trading platform	Running a multilateral system for buying, selling, or exchanging crypto-assets
Exchange for fiat	Exchanging crypto-assets for fiat currency using own capital
Exchange crypto-to-crypto	Exchanging crypto-assets for other crypto-assets using own capital
Execution of orders	Executing buy/sell orders for crypto-assets on behalf of clients
Placing crypto-assets	Marketing or distributing newly issued crypto-assets on behalf of issuers
Reception & transmission of orders	Receiving orders from clients and routing them to execution venues
Portfolio management	Managing a portfolio of crypto-assets on behalf of clients under discretionary mandate
Advice on crypto-assets	Providing personalised recommendations to clients on crypto-asset transactions
Transfer services	Providing services to transfer crypto-assets on behalf of clients

Capital Requirements

MiCA CASP Capital Requirements

MiCA Article 67 establishes minimum own funds requirements for CASPs based on the services they provide. The requirements are tiered into three classes based on the risk profile of the services. CASPs providing multiple services must hold the highest applicable capital requirement — not the sum of all requirements.

Class	Services Covered	Min. Own Funds
Class 1	Reception & transmission of orders; Execution of orders; Advice; Transfer services	EUR 50,000
Class 2	Exchange (fiat or crypto); Placing crypto-assets; Portfolio management	EUR 125,000
Class 3	Operation of trading platform; Custody & administration	EUR 150,000

Fixed overhead requirement: In addition to the class-based minimum, CASPs must hold own funds equal to at least one quarter of fixed overheads from the preceding year. For growing businesses, this "fixed overhead rule" may require capital well above the stated minimums. Professional insurance may be used as an alternative to part of the capital requirement under certain conditions.

Significant CASP Requirements

CASPs that exceed thresholds for transaction volume (EUR 15 billion in average outstanding crypto-assets), number of clients (over 15 million), or systemic importance face enhanced requirements — including potential oversight by ESMA (European Securities and Markets Authority) rather than national regulators. For most mid-market crypto businesses, these thresholds are not immediately relevant.

Key Dates

MiCA Timeline — What Happened When

Jun 2023

MiCA Published in EU Official Journal

Regulation (EU) 2023/1114 published. 18-month implementation period begins for Title IV/V (CASP rules).

Jun 2024

Title III Applied — ART & EMT Issuers

Rules for Asset-Referenced Token and E-Money Token issuers became effective. Stablecoin issuers (e.g., stablecoins backed by a basket of assets) must comply.

Dec 2024

Title IV & V Applied — Full CASP Regime

All CASP authorisation requirements, consumer protection rules, and market abuse provisions became applicable across all 27 EU member states. New entrants must apply for MiCA authorisation from this date.

Jul 2026

Grandfathering Period Ends

The latest date by which all existing nationally registered VASPs must have obtained MiCA CASP authorisation. Member states may set earlier deadlines. After this date, operating without MiCA authorisation is illegal.

Grandfathering

MiCA Grandfathering — Existing VASPs

MiCA Article 143 provides transitional arrangements — commonly called "grandfathering provisions" — for crypto-asset service providers that were authorised or registered under national law before MiCA's application date of 30 December 2024. These businesses can continue operating under their national authorisation for a transitional period while applying for full MiCA CASP authorisation.

Pre-MiCA Status	Grandfathering Period	Deadline to Obtain MiCA CASP
Nationally registered/authorised VASP (before 30 Dec 2024)	Up to 18 months from MiCA application date	By 1 July 2026 (latest)
Member state opted for shorter period (some did)	Member state may reduce to less than 18 months	Check specific member state deadline
New entrant after 30 Dec 2024	No grandfathering — MiCA applies immediately	Must apply under MiCA from day one
EU Credit Institutions (banks)	Notification regime — no full CASP authorisation required	Notify NCA 40 working days before providing CASP services

Action required now: If you hold a national VASP registration (Poland, Lithuania, Estonia, etc.) and wish to continue operating after July 2026, you must file a MiCA CASP application with your home member state National Competent Authority (NCA) well before the deadline. Applications take 3–6 months to process — do not wait until 2026.

Jurisdiction Selection

Which EU Member State to File In?

MiCA authorisation is granted by the National Competent Authority (NCA) of the EU member state where the CASP has its registered office. You must have genuine substance (registered office, real operations) in the member state where you apply. The choice of member state affects processing time, regulatory style, practical fees, and ongoing supervision quality.

Fast & Low-Cost

Poland, Slovakia, Bulgaria

Light-touch regulators with straightforward CASP processes. Good for smaller exchanges and OTC desks. Processing: 3–5 months expected.

Established & Credible

Lithuania, Ireland, Netherlands

Strong regulator reputation, clear processes, good banking access. Higher fees and longer review. Processing: 4–6 months expected.

Institutional Grade

Germany (BaFin), France (AMF), Luxembourg

Highest regulatory credibility, ideal for institutional operations and ART/EMT issuers. Most rigorous process. Processing: 6–12 months.

Application Process

How to Apply for MiCA CASP Authorisation

The CASP authorisation process follows a standardised procedure set out in MiCA Article 62, though member states have some flexibility in implementation. The NCA has 25 working days to assess completeness of the application and 3 months from acknowledgement of a complete application to grant or refuse authorisation.

Establish a registered office and genuine substance in the chosen EU member state
Identify and appoint management body members (at least 2 directors for MPI-equivalent businesses)
Prepare the programme of operations (business plan) including IT systems, governance, and outsourcing arrangements
Draft comprehensive AML/CFT policies aligned with AMLD6 and MiCA requirements
Prepare client asset safeguarding procedures (segregation, reconciliation)
Develop complaint handling and conflicts of interest policies
Document prudential arrangements (capital adequacy, professional indemnity insurance if applicable)
Prepare KYC packages for all management body members and qualifying shareholders
Submit application to the NCA via the member state's designated portal
Respond to NCA queries within stated deadlines (typically 20 working days)
Receive authorisation decision — NCA must decide within 3 months of complete application

Ongoing Compliance

MiCA CASP Ongoing Obligations

MiCA imposes significant ongoing conduct-of-business requirements on authorised CASPs. These go beyond what most pre-MiCA national VASP registrations required and represent the core of MiCA's investor protection framework.

Client Asset Safeguarding

Client crypto-assets must be held in segregated accounts. Annual reconciliation required. Clear rules on what happens in insolvency.

Conflicts of Interest

Documented conflicts of interest policy. Disclosure to clients. Separation of proprietary trading from client order execution.

Complaint Handling

Free complaint handling system. Response within 15 business days. Record-keeping for 5 years.

Market Abuse Prevention

Market manipulation and insider dealing prohibitions. Suspicious transaction reporting to NCAs.

Periodic Reporting

Regular reports to NCA on financial position, transactions, and compliance. Annual audited accounts.

AML/CFT Travel Rule

Full FATF Travel Rule compliance. Originator and beneficiary data for all transfers above EUR 1,000.

FAQ

MiCA — Common Questions

MiCA became fully applicable across all 27 EU member states on 30 December 2024. Title III rules for ART and EMT issuers (stablecoins) applied from 30 June 2024. Title IV and V — covering CASP authorisation and all the main obligations for crypto service providers — apply from 30 December 2024.

Yes — this is one of MiCA's most significant commercial benefits. A CASP authorisation granted by any one EU member state's NCA allows the CASP to provide services across all 27 EU member states without requiring separate national authorisations. This eliminates the need for multiple country-by-country VASP registrations. Passporting is notified to the home NCA who informs the host NCA.

Non-EU companies (third-country firms) may provide crypto-asset services to EU clients only at the client's own exclusive initiative (the "reverse solicitation" exemption). They cannot actively market or advertise to EU clients without obtaining a MiCA CASP authorisation through a subsidiary established in the EU. The reverse solicitation exemption is narrow and cannot be used as a loophole — regulators are already scrutinising its misuse.

MiCA sets three tiers: Class 1 (custody, advice, transfer, order reception) — EUR 50,000. Class 2 (exchange, brokerage, placement) — EUR 125,000. Class 3 (trading platform operation) — EUR 150,000. CASPs providing multiple services use the highest applicable class. Additionally, CASPs must always hold at least one quarter of their fixed annual overheads in own funds — for businesses with significant operating costs, this "fixed overhead rule" often exceeds the class minimum.

MiCA does not currently apply to fully decentralised protocols with no identifiable issuer or service provider. NFTs are generally excluded unless they have characteristics that make them fungible or qualify as crypto-assets. The European Commission has been mandated to assess DeFi and NFTs for potential future regulation. The practical distinction between a "decentralised" protocol and a centrally managed one is still being worked out — legal advice is essential for DeFi projects.

MiCA Article 62 requires NCAs to make an authorisation decision within 3 months of receiving a complete application. In practice, NCAs first assess application completeness (up to 25 working days) and may request additional information. Well-prepared applications with experienced advisors typically achieve authorisation in 3–5 months; more complex cases or under-resourced NCAs may take longer. Early indications from Poland and Lithuania suggest 3–4 month timelines for straightforward applications.

MiCA authorisation costs vary based on your service scope, but Swiss financial regulators typically charge between CHF 5,000-15,000 for the application review and initial authorisation. Additional ongoing compliance costs include annual supervisory fees (CHF 2,000-8,000 depending on asset volume), legal and consulting expenses (CHF 20,000-50,000 for initial setup), and mandatory audit costs. By 2026, these fees may increase as regulatory oversight intensifies, so budget accordingly for your first three years of operations.

You must provide: a detailed business plan, governance structure, ownership documentation, financial projections for three years, internal control and compliance procedures, AML/KYC policies, IT security assessments, audit reports, and evidence of qualified personnel. The FINMA (Swiss Financial Market Supervisory Authority) requires all documents in English or German, and applications typically include 150-300 pages of supporting materials. Missing or incomplete documentation is the primary reason for application delays beyond the standard 90-day review period.

MiCA authorisation significantly improves banking access, as Swiss and EU banks are more willing to work with regulated CASPs due to reduced AML/CFT risks. However, many traditional banks still maintain restrictive policies toward crypto activities, and you may need to use crypto-friendly banks like Sygnum or Bancrea even after obtaining MiCA status. In 2026, expect continued banking challenges in traditional institutions, though this landscape is gradually improving as regulatory clarity increases.

Non-compliance can result in administrative fines up to EUR 20 million or 10% of annual global revenue (whichever is higher), suspension or revocation of your licence, public censure, and prohibition of certain activities. The FINMA conducts regular on-site inspections and can escalate enforcement actions rapidly if serious breaches are identified. By 2026, regulators are expected to take stricter enforcement stances, so compliance gaps should be remediated immediately upon discovery.

Switzerland's MiCA-aligned regulatory framework is generally faster and less costly than major EU jurisdictions like Germany or France, with Zug offering additional cantonal support for blockchain companies. However, Swiss licencing provides no EU passporting rights—you must still apply separately in each EU member state where you operate. By 2026, Zug remains competitive for headquarters location due to tax efficiency and technical expertise, but the overall licensing timeline across all jurisdictions remains 4-6 months.

MiCA CASP licences require annual renewal with the FINMA, submission of audited financial statements, updated risk assessments, and proof of continued compliance with capital and governance requirements. You must conduct internal audits quarterly, maintain detailed transaction records for five years, and notify regulators of any material changes to business operations within 30 days. In 2026, expect increased reporting requirements around crypto market abuse, transaction monitoring, and customer fund segregation as the regulatory framework matures.

EU Jurisdictions

Top EU Member States for MiCA CASP Applications

🇵🇱

Poland

KNF · Fast & low-cost · 3–5 months

🇱🇹

Lithuania

Bank of Lithuania · Established fintech hub

🇪🇪

Estonia

FIU · Digital-native · Strong history

🇸🇰

Slovakia

NBS · Fast · Lowest capital barrier

View All European Jurisdictions →

How to invest cryptocurrency guide laptop — MiCA Compliance — The Complete Guide for Crypto Businesses

◆ KEY METRICS

MiCA Compliance Requirements at a Glance

€50,000

Minimum Own Funds (Class 1)

4–6 months

Average Authorization Timeline

€5,000–€15,000

Application & Compliance Fees

19–27%

Effective EU Tax Rate (varies by MS)

EBA + NCA

Primary Regulators (2026)

10 Service Categories

Covered Under Single CASP License

◆ PROCESS TIMELINE

MiCA Authorization Journey (2026)

Week 1–2

Pre-Assessment & Documentation Prep

Determine CASP classification, prepare governance framework, AML/CFT policies, and technical infrastructure documentation.

Week 3–6

Formal Application Submission

Submit complete dossier to National Competent Authority (NCA) with evidence of own funds, compliance structures, and operational readiness.

Month 2–3

NCA Initial Review & Clarifications

NCA conducts completeness check; requests supplementary documentation and on-site compliance verification as needed.

Month 4–5

Substantive Assessment & EBA Coordination

Deep-dive review of risk management, governance, and technical safeguards; EBA may request harmonized assessments across jurisdictions.

Month 6

Authorization Decision & Registration

NCA issues formal CASP authorization; entity registered in EU MiCA public register with full operational permissions.

MiCA Compliance —
The Complete Guide for Crypto Businesses