Regulation Guide
MiCA for Token Issuers:
Complete Practical Guide 2026
MiCA is 400+ pages of EU regulation. This guide cuts through the complexity and tells you exactly what applies to your tokenization project β and what doesn’t. Updated for full MiCA enforcement as of December 2024.
Regulation
EU MiCA
In force since Dec 2024
Applies to
ARTs, EMTs, other crypto-assets
Security tokens under MiFID II
Key licence
CASP
Crypto-Asset Service Provider
Passporting
All 27 EU member states
Single licence, EU-wide
What MiCA covers β and what it doesn’t
MiCA creates three token categories. Knowing which one applies to you determines your entire compliance path.
Asset-Referenced Tokens
ART
Tokens that reference multiple assets (currencies, commodities, crypto) to maintain stable value. Highest compliance burden under MiCA.
Examples: Multi-asset backed stablecoins, commodity basket tokens
E-Money Tokens
EMT
Tokens pegged 1:1 to a single fiat currency. Requires e-money institution licence or credit institution authorisation.
Examples: Euro-pegged stablecoins, USD stablecoins issued in EU
Other Crypto-Assets
Other CASPs
All other crypto-assets not qualifying as ARTs or EMTs β utility tokens, governance tokens, etc. Lightest MiCA burden.
Examples: Utility tokens, governance tokens, NFTs (some)
β MiCA applies to your project if…
- You issue tokens to the public in the EU
- You operate a crypto trading platform (exchange) in the EU
- You provide custody services for crypto-assets in the EU
- You issue ARTs or EMTs regardless of where you are based
- You provide crypto-asset advice or portfolio management in the EU
- You operate an EU-based token offering platform
β MiCA does NOT apply if…
- Your tokens qualify as financial instruments (β MiFID II applies instead)
- You only offer tokens to fewer than 150 persons per EU member state
- Total consideration is below β¬1M over 12 months (de-minimis)
- Tokens are offered only to qualified investors (prospectus exemption)
- You issue unique, non-fungible tokens (NFTs) β mostly exempt
- You operate fully decentralised with no identifiable issuer
What MiCA actually requires
Six key compliance areas every token issuer needs to address.
1
Documentation
Crypto-Asset White Paper
Required before any public offer or admission to trading in the EU
What it must contain
- Issuer identity, registered address, legal form
- Description of the project, technology, and consensus mechanism
- Rights and obligations attached to the token
- Token issuance procedure and total supply
- Use of proceeds and project roadmap
- Risk factors β technology, regulatory, market, liquidity
- Principal adverse impacts on climate and environment
Process requirements
- Notified to national competent authority (NCA) at least 20 working days before publication
- Published on issuer’s website β freely accessible
- Must be accurate, fair, clear, and not misleading
- Updated promptly if material changes occur
- Available in official language(s) of the member state
- Mandatory 14-day withdrawal right for retail investors
Checklist
2
Licensing
CASP Authorisation
Required for any entity providing crypto-asset services in the EU
Services requiring CASP licence
- Custody and administration of crypto-assets on behalf of clients
- Operation of a trading platform for crypto-assets
- Exchange of crypto-assets for fiat or other crypto
- Execution of orders for crypto-assets
- Reception and transmission of orders
- Placement of crypto-assets
- Portfolio management and advice on crypto-assets
Authorisation requirements
- Legal entity established in an EU member state
- Fit and proper assessment for management body
- Minimum capital requirements (β¬50kββ¬150k depending on service)
- Prudential safeguards and insurance or guarantee
- Organisational requirements: governance, internal controls, complaints
- Passporting available across all 27 EU states once authorised
Checklist
3
Compliance
AML/CTF & KYC Requirements
MiCA aligns with EU AML Directive β full AMLD compliance required
AML/KYC obligations
- Customer Due Diligence (CDD) for all clients β standard and enhanced
- Enhanced Due Diligence (EDD) for high-risk clients, PEPs, and large transactions
- Travel Rule compliance: originator/beneficiary data for transfers β₯β¬1,000
- Suspicious transaction monitoring and reporting to FIU
- Record-keeping for minimum 5 years
Operational requirements
- Appointed MLRO (Money Laundering Reporting Officer)
- Written AML/CTF policies and procedures
- Sanctions screening (EU, UN, OFAC as relevant)
- Annual AML risk assessment
- Staff training on AML/CTF obligations
- Independent AML audit periodically
Checklist
4
Investor Protection
Consumer & Investor Safeguards
MiCA introduces strong retail investor protections β especially for public offers
Required protections
- 14-day right of withdrawal for retail investors (no-questions-asked)
- Fair, clear, and not misleading marketing communications
- Conflicts of interest policy β disclosed to clients
- Complaints handling procedure β free of charge for clients
- Segregation of client assets from own assets
Marketing restrictions
- Marketing materials must be consistent with white paper
- Must identify clearly as marketing, not information
- No misleading performance claims or guarantees
- Prominent risk warnings required in all communications
- NCA can require pre-approval of marketing in some states
5
Market Integrity
Market Abuse & Insider Rules
MiCA introduces MAR-equivalent rules for crypto markets
Prohibited activities
- Insider dealing β trading on material non-public information
- Market manipulation β wash trading, spoofing, pump and dump
- Unlawful disclosure of inside information
- Front-running client orders
Obligations
- Publish inside information as soon as possible (CASP operators)
- Maintain insider lists β persons with access to inside information
- Market surveillance systems for trading platforms
- Report suspected market abuse to NCA
6
Ongoing
Ongoing Obligations After Authorisation
MiCA compliance is not a one-time exercise β ongoing obligations apply
Reporting obligations
- Regular prudential reporting to NCA
- Immediate notification of material changes to business
- Annual audited financial statements
- Incident reporting for operational or security incidents
- Environmental impact reporting (for proof-of-work mechanisms)
Governance requirements
- Robust internal controls and risk management framework
- Business continuity plan and disaster recovery
- ICT security policies aligned with DORA (from Jan 2025)
- Third-party service provider due diligence
- Regular review of white paper for material changes
MiCA compliance timeline
Realistic timeline for a new token issuer seeking CASP authorisation under MiCA.
| Phase | Duration | Key activities | Status |
|---|---|---|---|
| Legal structure & jurisdiction selection | 4β8 weeks | Choose member state, incorporate EU entity, appoint management | First step |
| White paper drafting | 4β8 weeks | Draft with EU-qualified counsel, internal review, NCA notification | Parallel |
| CASP application preparation | 6β12 weeks | Policies, procedures, governance docs, capital proof, fit & proper | Critical path |
| NCA review period | 3β6 months | NCA reviews application, requests additional info (common) | Waiting |
| AML/KYC infrastructure | 4β8 weeks | KYC provider integration, MLRO appointment, policy implementation | Parallel |
| Total (realistic) | 6β12 months | From decision to authorised CASP | Full path |
Need help with MiCA compliance?
Our advisory team helps issuers navigate MiCA requirements β from white paper drafting to CASP application and ongoing compliance. EU-focused, compliance-first.