MiCA Regulation: The Complete Compliance Guide for Tokenization Platforms (2026)

The Markets in Crypto-Assets Regulation — Regulation (EU) 2023/1114 — represents the most consequential piece of crypto-asset legislation enacted anywhere in the world. Drafted over four years, negotiated through the EU’s ordinary legislative procedure, and published in the Official Journal on June 9, 2023, MiCA establishes a single, harmonized legal framework for crypto-assets and crypto-asset service providers across the European Union. For institutions operating tokenization platforms, managing tokenized funds, or issuing crypto-assets into European markets, MiCA is now the foundational compliance text.

This guide provides a complete analysis of MiCA’s structure, scope, and substantive requirements, updated to reflect the regulatory technical standards finalized by ESMA in 2024 and 2025, national competent authority interpretations, and the first cycle of NCA supervisory activity.

What MiCA Covers: Scope and Asset Classification

MiCA applies to persons and entities that issue, offer to the public, or seek admission to trading of crypto-assets, and to legal entities that provide crypto-asset services in the EU. The Regulation defines “crypto-asset” broadly as a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology.

Within that broad definition, MiCA establishes four primary categories:

Asset-Referenced Tokens (ARTs) are crypto-assets that purport to maintain a stable value by referencing another value or right, or a combination thereof, including one or more official currencies. Multi-currency stablecoins and commodity-backed tokens typically fall into this category.

E-Money Tokens (EMTs) are crypto-assets that purport to maintain a stable value by referencing the value of one official currency. Single-currency stablecoins pegged to EUR, GBP, or USD issued in the EU are EMTs.

Utility Tokens are crypto-assets intended to provide access to a good or service supplied by their issuer. The utility token category carries the lightest regulatory burden under MiCA, but the bar for establishing genuine utility is meaningfully high.

Other Crypto-Assets — a residual category that captures assets not qualifying as ARTs, EMTs, or utility tokens. Bitcoin, Ether, and most non-stablecoin tokens fall here. Issuers must publish a whitepaper but are not subject to the authorization requirements applicable to ART and EMT issuers.

Critical Exclusions: What MiCA Does Not Cover

MiCA explicitly excludes several categories of digital assets from its scope, and these exclusions carry direct compliance implications for tokenization platforms:

Crypto-assets qualifying as financial instruments under MiFID II — including tokenized equities, tokenized bonds, and tokenized fund units — are excluded from MiCA’s scope. These instruments remain subject to MiFID II, the Prospectus Regulation, and, where applicable, the EU DLT Pilot Regime.

Central bank digital currencies (CBDCs) issued by EU central banks are excluded. The digital euro, if and when issued, will not be subject to MiCA.

Deposits, structured deposits, and securitisation positions that happen to use DLT are excluded to the extent they qualify as such instruments under existing financial regulation.

Unique and non-fungible tokens are generally outside MiCA’s scope, though ESMA has signaled that NFT collections with fungible characteristics may fall within MiCA depending on their structure.

For tokenization platforms, the financial instrument exclusion is the most operationally significant. A platform tokenizing real estate through a security token — where token holders receive profit participation rights or equity-like exposure — is issuing a financial instrument. That platform is not a CASP under MiCA; it is a regulated firm under MiFID II, subject to prospectus requirements, investment firm authorization, and, potentially, the DLT Pilot Regime for trading and settlement.

MiCA’s Implementation Timeline

MiCA’s phased rollout was designed to prioritize stablecoin regulation — the area of greatest perceived systemic risk — while giving the broader CASP industry more time to prepare.

June 30, 2024: Title III (ARTs) and Title IV (EMTs) entered into application. From this date, new issuers of asset-referenced tokens and e-money tokens are required to be authorized. Existing issuers operating under prior national frameworks received transitional periods that varied by member state.

December 30, 2024: The full MiCA framework entered into application, including Title V (CASPs). From this date, any entity providing crypto-asset services in the EU on a professional basis requires CASP authorization — or must rely on a transitional arrangement where one is available.

Transitional Arrangements: Member states had discretion to permit existing crypto-asset service providers registered under pre-MiCA national regimes to continue operating during a transitional period of up to 18 months from December 30, 2024 — meaning until June 30, 2026. Not all member states implemented this transitional period. Platforms relying on transitional arrangements must verify whether their host member state has availed of this option and must not assume equivalence across jurisdictions.

See the detailed MiCA implementation timeline for a quarter-by-quarter breakdown of key dates, ESMA RTS packages, and NCA-specific transitional arrangements.

CASP Licensing: Authorization Requirements

Title V of MiCA establishes the authorization regime for crypto-asset service providers. CASPs must obtain authorization from the national competent authority (NCA) of the EU member state where they have their registered office. Once authorized, the CASP passport allows them to provide services across all 27 member states.

Regulated Services

MiCA defines nine categories of crypto-asset services:

1. Custody and administration of crypto-assets on behalf of clients
2. Operation of a trading platform for crypto-assets
3. Exchange of crypto-assets for funds
4. Exchange of crypto-assets for other crypto-assets
5. Execution of orders for crypto-assets on behalf of clients
6. Placing of crypto-assets
7. Reception and transmission of orders for crypto-assets on behalf of clients
8. Providing advice on crypto-assets
9. Providing portfolio management on crypto-assets
10. Providing transfer services for crypto-assets on behalf of clients

Each service category triggers specific organizational, capital, and conduct requirements. A platform offering multiple services must satisfy the cumulative requirements for each.

Capital Requirements

MiCA’s minimum capital requirements are tiered by service type:

These are minimum capital floors. NCAs may impose higher requirements based on risk profile, and CASPs must maintain ongoing own funds equal to the higher of (a) their minimum capital requirement or (b) one quarter of their fixed overheads for the preceding year.

Capital must be held in the form of CET1 instruments, retained earnings, or equivalent instruments — not in crypto-assets.

Governance Requirements

MiCA imposes substantial governance obligations on CASPs:

Management body composition: CASPs must have a management body with at least two members who are of sufficiently good repute and possess adequate knowledge, skills, and experience. Management body members must not have criminal convictions for financial crime, fraud, or dishonesty.

Fit and proper assessments: NCAs assess management body members on appointment. CASPs must notify NCAs of changes in management body composition.

Shareholders and beneficial owners: Holders of qualifying holdings (10% or more of capital or voting rights) must be suitable. NCAs have 60 working days to assess proposed acquisitions of qualifying holdings.

Complaints handling: CASPs must establish and maintain effective procedures for prompt and fair handling of client complaints.

Conflicts of interest: CASPs must identify, manage, and disclose conflicts of interest, and maintain organizational and administrative arrangements sufficient to prevent conflicts from adversely affecting client interests.

Remuneration: MiCA requires CASPs to have remuneration policies consistent with sound and effective risk management.

Marketing and Conduct Rules

MiCA’s conduct obligations are extensive and apply throughout the client relationship:

Communication standards: All marketing communications must be fair, clear, and not misleading. Marketing communications must be clearly identifiable as such and must be consistent with the whitepaper where one has been published.

Client categorization: MiCA does not establish a sophisticated/retail distinction analogous to MiFID II’s professional/retail split for most CASP services, though some protections can be waived by clients who are legal entities.

Best execution: CASPs executing orders must take sufficient steps to obtain the best possible result for clients.

Client asset protection: See the custody requirements section below and the dedicated MiCA custody requirements analysis.

Passporting: The Single EU License

One of MiCA’s most significant commercial provisions is the passporting mechanism. A CASP authorized in one EU member state may provide services across all 27 member states without obtaining additional national authorization. This represents a material advantage over the pre-MiCA landscape, where each member state maintained its own licensing regime.

The passporting process requires the CASP to notify its home NCA of its intention to provide services in other member states. The home NCA transmits the notification to the relevant host NCAs within 10 working days. The CASP may begin providing services in the host member state after 15 working days from notification.

Host NCAs retain supervisory powers over CASPs’ local conduct and can impose additional requirements in limited circumstances (e.g., consumer protection measures). However, they cannot impose capital requirements or governance requirements beyond those applied by the home NCA.

NCA selection strategy — sometimes called “regulatory arbitrage” but more accurately described as legitimate forum selection — is an important compliance decision for new entrants. Member states differ in their NCA staffing, processing timelines, interpretation of MiCA’s requirements, and fee structures. Germany (BaFin), Luxembourg (CSSF), Ireland (Central Bank), Lithuania (Bank of Lithuania), and France (AMF) have been primary destinations. Each has different procedural requirements and supervisory philosophies.

The DLT Pilot Regime: Parallel Track for Tokenized Securities

The EU DLT Pilot Regime (Regulation (EU) 2022/858) operates parallel to MiCA and is specifically designed for tokenized financial instruments — the assets MiCA explicitly excludes from its scope.

The DLT Pilot Regime allows:

• DLT MTFs (Multilateral Trading Facilities): To trade DLT transferable securities, with an exemption from certain MiFID II requirements
• DLT Settlement Systems: To settle DLT financial instruments, with exemptions from CSDR requirements
• DLT TSS (Trading and Settlement Systems): Combined trading and settlement

Each DLT MTF is subject to a €6 billion aggregate market value cap across all DLT financial instruments admitted to trading. This cap has been the primary constraint on institutional adoption.

The DLT Pilot Regime is explicitly a temporary measure. The European Commission committed to reviewing its operation and presenting a report to the European Parliament and Council by March 2026, with options including making the framework permanent, extending it, or revising it.

For tokenization platforms, the key compliance question is: does the asset I am tokenizing qualify as a financial instrument under MiFID II? If yes, the DLT Pilot Regime is the relevant framework — and MiCA does not apply. See MiCA asset classification for the analytical framework.

Stablecoin Compliance: ARTs and EMTs Under MiCA

MiCA’s stablecoin provisions are the most technically demanding component of the Regulation, and they apply to any entity issuing stablecoins into EU markets — regardless of where the issuer is incorporated.

ART Authorization

Issuers of asset-referenced tokens must obtain authorization from the NCA of their home member state (or, for third-country issuers, an EU-established entity must apply). The authorization process requires:

• A detailed whitepaper approved by the NCA
• Business plan and financial projections
• Legal opinion on the nature of the tokens
• Description of the reserve asset composition and custody arrangements
• Governance arrangements for reserve management
• Complaint handling procedures

ART issuers must maintain a reserve of assets that at all times covers the value of tokens in circulation. The reserve must be segregated from the issuer’s own assets and held with credit institutions or, for a limited proportion, in regulated money market funds.

EMT Authorization

E-money token issuers must be either a credit institution or an e-money institution authorized under the Second E-Money Directive (2EMD). This means any entity wishing to issue a single-currency stablecoin pegged to EUR, GBP, or similar must first obtain an EMI license — a significant additional licensing layer.

Significant ART and EMT Designation

The EBA designates ARTs and EMTs as “significant” where they meet two of the following criteria: more than 10 million holders; value exceeding €5 billion; more than 2.5 million transactions per day exceeding €500 million; significance across multiple member states; or interlinkage with the financial system.

Significant issuers face enhanced requirements: higher capital (3% of reserve assets), mandatory liquidity stress testing, interoperability requirements, and direct EBA supervision (supplementing NCA supervision).

Non-EUR Stablecoin Caps

MiCA Article 23 establishes that where a non-EUR stablecoin is used extensively as a means of exchange within the EU, the EBA may require the issuer to limit its use. Specifically, where daily transactions in the EU exceed €200 million, the EBA and relevant NCA can require the issuer to stop issuing further tokens until usage falls below this threshold.

This provision has significant implications for USD-pegged stablecoins. USDC and USDT issuers have had to analyze their EU transaction volumes and exposure to this cap.

For comprehensive analysis, see MiCA stablecoin provisions.

Whitepaper Requirements

MiCA introduces a crypto-asset whitepaper regime that functions similarly to a prospectus, but with important differences. Unlike an EU prospectus, a crypto-asset whitepaper is not pre-approved by the NCA (except for ARTs and EMTs). It must be published, notified to the NCA, and made available on the issuer’s website.

Who Must Publish a Whitepaper

Any person offering crypto-assets to the public in the EU or seeking admission to trading on a crypto-asset trading platform must publish a whitepaper — unless an exemption applies.

Key Exemptions

Small offerings: Offerings below €1 million in aggregate over 12 months are exempt. This exemption is calculated across all offers by the same issuer.

Qualified investors only: Offers made exclusively to qualified investors (as defined under the EU Prospectus Regulation) are exempt.

Fewer than 150 persons per member state: Offers to fewer than 150 natural or legal persons per member state are exempt.

Utility tokens with genuine utility: Utility tokens offered for free, or where the token grants access to an existing service, are exempt — but this exemption is narrowly construed.

Free distributions (airdrops): Tokens offered for free, without any payment of funds or provision of data, are exempt.

For existing tokens with a whitepaper published under pre-MiCA national regimes, transitional recognition applies in some member states.

Whitepaper Content Requirements

MiCA Annex I specifies the mandatory content of whitepapers for general crypto-assets. The whitepaper must include: information about the offeror, the project, the technology, the rights and obligations, the risks, and the principal adverse impacts on climate and the environment.

The whitepaper must not contain any untrue, unclear, or misleading information. Liability for the whitepaper attaches to the offeror and to any person who has requested admission to trading.

See MiCA whitepaper requirements for detailed content requirements by asset category.

Enforcement: NCA Powers and Sanctions

MiCA establishes a minimum enforcement framework that NCAs must implement in national law, while leaving member states to specify exact sanction levels within the EU-wide floors.

NCA Supervisory Powers

NCAs have broad supervisory powers, including:

• On-site inspections
• Access to documents and records
• Interviews with management and staff
• Powers to require cessation of conduct
• Powers to require asset freezes
• Powers to publicly disclose violations

For significant ART and EMT issuers, the EBA holds direct supervisory authority, supported by supervisory colleges comprising the relevant NCAs.

Administrative Sanctions

MiCA requires member states to provide for administrative sanctions of at least:

For legal persons, sanctions must be at least the higher of €5 million or 3% of total annual turnover. For ART and EMT issuers, the turnover-based maximum rises to 12.5% for the most serious violations.

NCAs must report significant enforcement actions to ESMA. ESMA maintains a public register of CASPs and publishes enforcement actions on its website at esma.europa.eu.

Notification to ESMA

CASPs authorized under MiCA are entered into ESMA’s public register. The register is operational and publicly accessible, providing a key compliance verification tool for counterparties and institutional investors conducting due diligence.

Exhibit: MiCA CASP License Categories Compared

MiCA and International Tokenization Markets

MiCA’s extraterritorial reach is more limited than some commentators have suggested. MiCA applies to persons and entities that offer crypto-assets to the public in the EU or that provide crypto-asset services in the EU. Third-country firms soliciting EU clients are subject to MiCA; third-country firms providing services exclusively to non-EU clients are not.

However, the practical extraterritorial pressure is significant. Major tokenization platforms — including those issuing tokenized treasuries, real estate tokens, and private credit instruments — must assess whether their token holders include EU residents, whether their platforms are accessible from EU member states, and whether their marketing materials are directed at EU persons.

For a broader view of how MiCA interacts with other major jurisdictions, see the European Union jurisdiction profile.

Licensing Pathway: How to Obtain a MiCA CASP License

The CASP authorization process varies by NCA but follows a common structure:

1. Pre-application engagement: Most NCAs offer informal pre-application meetings to review the applicant’s business model and planned activities. This step is strongly recommended.

2. Application submission: The formal application must include information on the applicant’s identity, ownership structure, management body members, business plan, governance arrangements, internal control framework, ICT systems, custody arrangements, AML/CFT policies, and complaints handling procedures.

3. NCA completeness review: The NCA has 25 working days to confirm that the application is complete. An incomplete application does not start the assessment clock.

4. Assessment period: NCAs have 40 working days from receipt of a complete application to grant or refuse authorization. This period can be extended by 20 working days in complex cases.

5. Authorization decision: The NCA must provide reasons for any refusal. Applicants may appeal refusals through domestic administrative law procedures.

6. Passporting notifications: Following authorization, the CASP may notify its home NCA of its intention to passport into other member states.

For step-by-step guidance on the EU CASP licensing process, including jurisdiction selection, application preparation, and timeline management, see how to get a MiCA CASP license.

Key Definitions Reference

Crypto-asset: A digital representation of a value or of a right that uses cryptographic techniques and is issued on a distributed ledger.

Crypto-asset service provider (CASP): A legal entity or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis.

Asset-referenced token (ART): A type of crypto-asset that is not an e-money token and that purports to maintain a stable value by referencing another value or right, or a combination thereof.

E-money token (EMT): A type of crypto-asset that purports to maintain a stable value by referencing the value of one official currency.

National competent authority (NCA): The competent authority designated by a member state to carry out the functions and duties provided for in MiCA.

ESMA: European Securities and Markets Authority, responsible for supervisory convergence, technical standards, and supervision of significant crypto-asset entities.

EBA: European Banking Authority, responsible for ART and EMT supervision and the development of prudential standards for significant stablecoin issuers.

The full text of Regulation (EU) 2023/1114 is available at EUR-Lex. ESMA’s MiCA supervisory page, including technical standards and Q&As, is published at esma.europa.eu.

For related compliance analysis: MiCA asset classification | Stablecoin regulation globally | MiCA encyclopedia entry