MiCA One Year On: Has Europe's Crypto Law Delivered?

The Markets in Crypto-Assets Regulation was conceived as the solution to European regulatory fragmentation — twenty-seven member states with twenty-seven different approaches to crypto assets, none of them providing the certainty that institutional capital required. When MiCA entered full force on December 30, 2024, it became the first comprehensive regulatory framework for crypto assets enacted by a major economy.

One year on, the question is whether it delivered what it promised. The answer, examined carefully, is partially yes, partially no, and partially not yet — with the distribution of outcomes being different from what either side of the debate expected.

What Worked: The Case for MiCA

Regulatory Certainty Is Not Nothing

The single most valuable thing MiCA delivered is something impossible to measure precisely: the removal of regulatory ambiguity for thousands of compliance teams across 27 member states. Before MiCA, a compliance officer at a European asset manager assessing whether to allow a fund to hold tokenized Treasury products needed to navigate a patchwork of German KWG rules, French PACTE law, Luxembourg CSSF guidance, and Netherlands DNB requirements — each different, each subject to interpretation, and none providing clear answers to novel factual situations.

After MiCA, there is a single answer: is this asset a crypto-asset under Article 3(1)(5) of MiCA? If yes, which category? And what obligations flow from that classification? The answer may not always be clear at the margins, but the framework for finding it is now unified across 27 member states. For compliance teams that previously maintained 27 separate regulatory analyses, the operational cost reduction of unification is substantial.

The passporting framework is the other major efficiency gain. A CASP authorisation granted by BaFin in Germany permits services across all EU member states without requiring separate authorisation in each. This replaces a compliance overhead that, for pan-European platforms, was genuinely prohibitive with a single authorisation process and a single competent authority relationship.

Stablecoin Rules That Held

The stablecoin provisions — Title III for e-money tokens (EMTs) and the asset-referenced token (ART) framework — are MiCA’s most technically sophisticated contribution. The framework addresses the principal systemic risk of stablecoins (reserve adequacy and redemption) with specific requirements:

EMT issuers must hold reserves of high-quality liquid assets at least equal to outstanding tokens, maintained in custody with regulated credit institutions. Redemption at par must be available to any holder at any time. Issuers must be either credit institutions or e-money institutions — categories with existing prudential supervision.

These requirements are more stringent than most pre-MiCA national stablecoin frameworks, but they held through the first year in force without producing the market exodus that some issuers threatened. Circle’s USDC maintained its EU market position by ensuring Euro-denominated reserves and obtaining appropriate e-money institution status. Tether’s USDT, which did not obtain EU authorisation, withdrew from EU exchange listings — demonstrating that MiCA’s stablecoin rules have teeth, even if the enforcement mechanism was market exit rather than regulatory action.

Passporting: Theoretical Benefit, Operational Reality

Passporting is theoretically valuable; operationally, it requires a complete CASP authorisation in the home member state before it can be used. In MiCA’s first year, CASP authorisation pipelines at most NCAs were not complete. Firms that expected to begin passporting EU-wide services in Q1 2025 found themselves waiting in BaFin or CSSF queues, with passporting unavailable until the home member state decision was made.

The passporting benefit is real, but its realisation is 12-24 months behind the timeline that firms planning their EU market entry based on the MiCA text expected.

What Didn’t Work: The Case Against

NCA Implementation: The Speed Problem

The most significant gap between MiCA’s promise and its first-year reality is the pace of NCA implementation. MiCA established a framework; the 27 NCAs are implementing it. The quality and speed of implementation vary enormously.

BaFin received the highest volume of CASP applications but has not yet produced proportionate output. As of early 2026, the number of full MiCA CASP authorisations issued across the EU remains small relative to the number of applications submitted. Most entities that applied in Q1-Q2 2025 are still waiting for decisions. Transitional period cover has masked the magnitude of the backlog, but the backlog is real.

Smaller member state NCAs — in Bulgaria, Croatia, Greece, and others — have even more limited capacity. MiCA requires every NCA to receive and process CASP applications; it does not require them to do so with the same speed, depth of review, or market knowledge. The quality of CASP supervision will vary significantly across the EU despite the unified legal framework, creating a race-to-the-bottom risk for regulatory quality that the single rulebook was supposed to eliminate.

ESMA’s role is to produce convergence through binding technical standards, supervisory guidance, and peer reviews. ESMA has been active in this regard — issuing Q&A, beginning peer review programmes, and accelerating RTS publication — but supervisory convergence is a years-long process, not a one-year result.

RTS Delays: The Standards Gap

MiCA Level 1 text delegates significant substantive content to ESMA’s regulatory technical standards. These RTS packages fill in the detail that the Level 1 regulation leaves open — how conflicts of interest are managed, what business continuity requirements look like in practice, how crypto-asset classification is determined at the margin.

Several material RTS packages were not final when MiCA entered full force in December 2024. The RTS on crypto-asset classification criteria — arguably the most practically important package for compliance teams trying to determine whether a specific token is in-scope for MiCA — was still in consultation as of early 2026. Compliance teams have been operating on the Level 1 text and ESMA Q&A rather than binding RTS for this determination.

This is not unusual for EU financial regulation — MiFID II’s technical standards were also delayed — but it means that MiCA’s first year was operating with an incomplete rulebook in several material areas.

The DeFi Gap: MiCA’s Most Consequential Omission

MiCA applies to “crypto-asset service providers” as defined in Article 3 — essentially, centralised entities that provide services relating to crypto assets. It does not apply to decentralised finance protocols: smart contract systems that provide exchange, lending, and yield services without a central legal entity.

This was a deliberate drafting choice. The European Commission acknowledged that DeFi presents distinct regulatory challenges and chose to exclude it from MiCA’s scope rather than produce an ill-fitting regulatory treatment. The DeFi exclusion has a built-in review requirement — the Commission is required to assess DeFi by 2025 and produce a report with potential legislative proposals.

The practical consequence is significant. DeFi protocols — Uniswap, Aave, Compound, and dozens of institutional variants — are entirely outside MiCA’s scope. EU residents can access them freely. Licensed EU CASPs operate alongside unlicensed DeFi protocols in the same market. The competitive neutrality argument that MiCA was supposed to provide — regulated entities competing on a level playing field with unregulated ones — does not hold in the DeFi context.

This gap will not be resolved quickly. DeFi regulation at the EU level requires policy decisions about how to attribute regulatory responsibility in systems with no identifiable legal entity — a difficult question that has not been answered by any jurisdiction globally. The Commission’s 2025 report is likely to produce options, not legislation, in the near term.

NFT Grey Area: Unclear Classification, Real Compliance Risk

MiCA’s treatment of non-fungible tokens (NFTs) is one of its most contested elements. The Level 1 text states that MiCA does not apply to “crypto-assets that are unique and not fungible with other crypto-assets.” This appears to exclude NFTs. But ESMA has issued guidance indicating that NFTs that function economically like fungible assets — fractionalized NFTs, NFT collections where units are interchangeable — may fall within MiCA’s scope despite their technical non-fungibility.

This is not a resolved question. The RTS on crypto-asset classification will address it in more detail, but until that RTS is final, compliance teams at platforms handling NFTs or NFT-adjacent products face genuine uncertainty about their MiCA obligations. The safe approach — treating NFT activities as potentially in-scope and maintaining MiCA-equivalent compliance — creates compliance overhead that may not be legally required. The risky approach — treating all NFTs as categorically outside MiCA — may be incorrect for specific product types.

Reverse Solicitation: ESMA Has Drawn a Narrow Line

MiCA Article 61 permits third-country crypto-asset service providers to service EU clients without authorisation when the client initiates the service at their own exclusive initiative. This “reverse solicitation” exemption was anticipated by global platforms as a basis for continuing to serve EU clients without MiCA authorisation.

ESMA’s opinion on reverse solicitation — published in 2024 — drew the exemption very narrowly. ESMA stated that the exemption cannot be used where the third-country CASP has made any marketing, advertising, or promotional communication directed at EU clients, even if a specific client then initiates contact. The existence of an EU-accessible website, a social media presence visible to EU users, or any other EU-directed commercial communication precludes reverse solicitation for that platform.

This effectively eliminates reverse solicitation as a sustainable market access strategy for any global platform with EU-visible commercial operations. Global platforms must either obtain CASP authorisation for EU operations or establish a genuine EU CASP subsidiary with restricted scope.

Market Impact: Did MiCA Drive Business To or Away from the EU?

The question most frequently asked by regulators and industry is whether MiCA has made the EU more or less attractive for crypto and tokenization business. The answer depends on which category of business is examined.

For large, globally compliant exchanges: MiCA has been net positive. Coinbase, Kraken, Bitstamp, and other globally regulated exchanges were already operating in a way broadly consistent with MiCA requirements. CASP authorisation for these firms is primarily an administrative exercise, not a substantive change to their compliance programmes. They benefit from the passporting framework and from the competitive discipline that MiCA imposes on less compliant rivals.

For mid-size EU-native crypto firms: MiCA’s compliance cost — estimated at €1-5 million for initial authorisation, €500K-€2M annually for ongoing compliance — is substantial relative to the scale of many EU-native crypto businesses. Several EU-native firms have chosen to relocate or restructure rather than incur MiCA compliance costs, particularly where their business models involve DeFi integration (DeFi is outside MiCA scope but may create collateral MiCA compliance issues for adjacent services).

For tokenized asset issuers: MiCA is a net positive for tokenized financial instruments that are not MiCA-regulated — securities tokens regulated under MiFID II, UCITS fund tokens regulated under UCITS IV/V, AIF interests regulated under AIFMD. These instruments benefit from the regulated market infrastructure that CASP-licensed platforms provide without themselves being subject to MiCA. The compliance-grade market infrastructure that MiCA creates is a public good for the entire tokenized asset market.

Compliance Cost Reality

Pre-MiCA estimates of compliance costs ranged widely, from industry lobby groups (who overstated costs to argue against regulation) to academic analysis (which understated implementation complexity). The market reality is settling between the extremes:

Initial authorisation: €1-3 million for a firm with an existing compliance framework, higher for firms building from scratch or with complex group structures. BaFin and CSSF initial authorisation costs are front-loaded; passporting into additional member states thereafter is relatively cheap.

Annual compliance: €500K-€1.5M for ongoing compliance officer capacity, technology systems (AML screening, Travel Rule, reporting), external audit, and regulatory engagement. This cost is lower than initial estimates for large firms (compliance infrastructure is shared with other regulatory requirements) and higher than estimates for small firms (compliance overhead is fixed regardless of scale).

Travel Rule: FATF Travel Rule implementation is the compliance cost most frequently cited as unexpected by EU firms. The technical systems for capturing and transmitting counterparty information at the transaction level are expensive (€100K-€500K in technology investment) and create ongoing operational overhead that many smaller firms had not budgeted for.

What the Next 12 Months Hold

The second year of MiCA full force will be defined by three developments:

CASP authorisation decisions: The applications submitted in early-mid 2025 will begin receiving decisions. The first wave of full MiCA authorisations across BaFin, CSSF, AMF, and DNB will establish the first real passporting network. This is when the passporting benefit becomes real rather than theoretical.

Transitional period expiry: June 30, 2026 ends the transitional period in most member states. Firms that have not received CASP authorisation by then face a legal gap. NCA capacity to process applications ahead of this deadline is the critical constraint.

DeFi regulation signals: The Commission’s DeFi report — due in 2025 — will be published. Whether it proposes legislation, consults further, or defers will shape the next chapter of European crypto regulation. This publication expects the Commission to propose a targeted framework addressing the most systemic DeFi risks (large liquidity pools, algorithmic stablecoins) while leaving smaller protocols outside regulation for the near term.

For the MiCA implementation tracking data underlying this analysis, see /tracker/mica-implementation/. For jurisdiction comparisons, see /jurisdictions/.