MiCA Regulation: 2026 Guide for Licensing & Compliance

What is MiCA: New Regulatory Rules for Crypto Companies in the EU

What is MiCA?

MiCA (Markets in Crypto-Assets Regulation, Regulation (EU) 2023/1114) is the European Union’s new legal framework that harmonises rules for crypto-asset service providers (CASPs) and issuers across all 27 member states. Existing virtual asset service providers may benefit from national transitional regimes until 1 July 2026, after which MiCA authorisation will be required to operate in the EU. Under MiCA, CASPs such as exchanges, custodians, and crypto-brokers must meet strict requirements on governance, safeguarding of client assets, IT security, and disclosure. Authorisation in one EU country gives firms “passporting” rights to serve clients across the entire Union.

Sources: ESMA (European Securities and Markets Authority), Official Journal of the European Union (OJ).

Who and What MiCA Covers

Unlike national VASP registrations, MiCA creates a single authorisation regime across all 27 EU member states. It applies to issuers of Asset-Referenced Tokens (ARTs), issuers of E-Money Tokens (EMTs), and CASPs such as exchanges, custodians, brokers, and trading platforms. Authorisation in one member state gives “passporting” rights to operate throughout the Union.

What MiCA Does Not Cover

MiCA does not apply to financial instruments governed by MiFID II (e.g. securities, shares, derivatives) or to fully decentralised protocols with no identifiable issuer. These fall under other EU or national regulations.

Who will enforce MiCA?

National Competent Authorities (NCAs). Authorise CASPs in their home Member State and supervise ongoing compliance. Scope includes governance, safeguarding of client assets, IT/outsourcing, disclosures, marketing practices, and enforcement (information requests, inspections, sanctions, suspension/withdrawal of authorisation).

ESMA (EU-level coordination and transparency). Promotes supervisory convergence through guidelines and technical standards, coordinates cross-border matters, and maintains the EU public register of authorised CASPs and their passporting notifications.

EBA (stablecoins and prudential focus). Leads on prudential expectations for significant ART/EMT issuers (e.g., reserves, liquidity, recovery/wind-down planning), working with NCAs and ESMA.

ECB and national central banks (financial-stability input). Provide opinions and participate where relevant for significant tokens, focusing on monetary policy and payment-system implications.

What is the timeline for MiCA implementation?

• 9 June 2023 — MiCA published in the Official Journal; 29 June 2023 — enters into force.
• 30 June 2024 — most provisions for stablecoins (ARTs/EMTs) start to apply.
• 30 December 2024 — main CASP authorisation regime applies (MiCA becomes mandatory for service providers).
• Up to 1 July 2026 — possible national transitional regimes for existing providers (subject to each Member State’s decision to shorten or not apply). After this date, MiCA authorisation is required EU-wide.

What are the key points of MiCA Regulation?

One licence, EU‑wide passporting

MiCA replaces fragmented national registrations with a single authorisation. Once your CASP is authorised by its home NCA, you can “passport” services across all 27 EU countries; your authorisation and passporting notices appear in ESMA’s public register (useful for banks and partners).

Governance “substance”: EU presence and fit‑and‑proper management

Regulators expect real decision‑making in the EU (place of effective management) and at least one director resident in the EU—not a letter‑box set‑up. ESMA/EBA guidelines also emphasise time commitment, competence and clear roles for the management body and qualifying shareholders.

Client money & asset protection (hard, testable controls)

If you receive client fiat (other than e‑money tokens), you must place it with an EU credit institution or a central bank by the end of the next business day, and never use client assets for your own account. Expect segregation, daily reconciliation and clear custody contracts—plus liability where a loss is attributable to you.

Trading venues & brokers: surveillance, transparency, records

Trading platforms must monitor market abuse, keep complete order/traceability records, and publish pre‑ and post‑trade data (near real‑time; free after a short delay such as 15 minutes and kept available for 2 years). Keep order‑book data ready for supervisors for years and formalise best‑execution.

Token offers: white papers, limited exemptions, 14‑day retail withdrawal

For tokens other than ARTs/EMTs, the offeror must be a legal person and draw up, notify and publish a crypto‑asset white paper before public offering or admission—unless a narrow exemption applies (<150 persons per Member State, or ≤€1m over 12 months, or qualified‑investor only). Retail buyers get a 14‑day withdrawal right if they purchased before trading starts. If a token has no identifiable issuer (e.g., BTC), the platform/person seeking admission shoulders disclosure and warnings.

Stablecoins: algorithmic out; ART/EMT must meet reserve & redemption rules

“Algorithmic” models do not qualify as ARTs/EMTs under MiCA. Asset‑backed issuers face strict reserve quality, 1:1 backing, liquidity and disclosure requirements; EMTs link to a single fiat and follow an e‑money‑style regime. Only the issuer (or a party with its written consent) may publicly offer or seek admission. Significant tokens trigger stricter EBA‑coordinated oversight.

Which companies already hold a MiCA (CASP) licence?

57 unique CASPs across 11 Member States are in the register.

Top home states: Germany (18) and Netherlands (14) lead; then France (6), Malta (6); Spain (3), Luxembourg (3); Austria (2), Ireland (2); Cyprus (1), Lithuania (1), Finland (1).

First-wave approvals landed on 30 Dec 2024 in the Netherlands (BitStaete, Hidden Road Partners, MoonPay, Zebedee).

Peak months for new entries in 2025: May–July (steady flow of large names and banks).

Infographic: Where companies are getting their CASP licences in 2025 (MiCA)

Where companies are licensing — and why it matters

Germany: a cluster of regulated banks and broker-banks (Commerzbank, flatexDEGIRO Bank, Baader Bank, N26, Trade Republic) plus custodians (BitGo, Tangany) and the Boerse Stuttgart group. If you want bank-grade optics and deep capital‑markets links, Germany is where many incumbents went.

Netherlands: strong crypto‑native and payments mix (Bitvavo, Amdax, MoonPay, Finst, Fiat Republic, Acheron Trading) and several first‑day approvals. Good for on/off‑ramp and brokerage‑style models.

Luxembourg: global brands with rapid passporting (Coinbase, Bitstamp, Clearstream). If you need fast EU‑wide reach with a capital‑markets friendly home, this is the pattern.

Malta: large exchanges (OKX, Crypto.com, Gemini, ZBX, Bitpanda) — a clear “trading/exchange hub” narrative.

Plus France (CACEIS Bank; CoinShares AM), Spain (BBVA, Openbank, Cecabank), Austria (Bybit, Bitpanda), Ireland (Kraken), Cyprus (eToro), Lithuania (Robinhood), Finland (Coinmotion).