MiCA Technical Standards: ESMA RTS and ITS for CASPs

MiCA is a framework regulation. Like MiFID II before it, it establishes principles, categories, and obligations at the Level 1 legislative text — and delegates the technical details to regulatory technical standards (RTS) and implementing technical standards (ITS) developed by the European Supervisory Authorities. For CASPs and tokenization platforms, the technical standards are not supplementary documents; they are the operational rulebook that translates MiCA’s high-level requirements into specific compliance obligations.

ESMA is the primary standard-setter under MiCA, with the EBA responsible for standards related to ART and EMT issuers and significant stablecoin oversight. The two authorities have coordinated closely on standards that span both frameworks.

ESMA’s Technical Standard Mandate

MiCA empowers ESMA to develop technical standards across approximately 40 mandates. These cover:

• The content and format of whitepapers
• CASP authorization application requirements
• Organizational requirements for CASPs
• Safeguarding of client assets
• Complaints handling procedures
• Conflicts of interest disclosure and management
• Market abuse detection and reporting
• Cooperation between NCAs
• Passporting notifications
• Operational resilience standards

The EBA holds additional mandates covering ART and EMT reserve requirements, significant issuer capital standards, and the criteria for designating tokens as significant.

Package 1: Stablecoin Standards (June 30, 2024)

The first technical standards package was published to coincide with the application of MiCA’s stablecoin provisions on June 30, 2024. It covered:

RTS on ART whitepaper content and format (ESMA/2024/340) Specifies the precise content requirements for ART whitepapers under MiCA Annex II, including the standardized template for reserve asset disclosure, the required stress test assumptions to be described, and the format for presenting redemption procedures.

RTS on conflicts of interest for ART issuers (ESMA/2024/341) Establishes the disclosure framework for conflicts between ART issuers and reserve asset managers, custodians, and related parties. Requires a conflicts register and periodic board-level review.

ITS on ART authorization applications (EBA/ITS/2024/02) Specifies the documents, information, and forms that constitute a complete ART authorization application. NCAs must use this standard to assess application completeness.

EBA RTS on ART and EMT own funds requirements Establishes the composition and calculation methodology for the minimum capital requirement. Own funds must be composed of Common Equity Tier 1 instruments. A tiered calculation applies based on the value of tokens in circulation and the complexity of the reserve asset structure.

EBA RTS on ART reserve asset composition and custody Specifies the eligible reserve asset classes (sovereign debt instruments, deposits at credit institutions, money market fund units), the maximum proportions of each, and the custody requirements for reserve assets — including the independence requirement for the reserve custodian.

Package 2: CASP Authorization and Operations (December 2024)

The second package covered the operational framework for CASPs, entering into force with the full application of MiCA on December 30, 2024.

RTS on CASP authorization application content (ESMA/2024/892) Specifies the information and documentation required in a CASP authorization application. The RTS distinguishes requirements by service category and provides standardized templates for the business plan, governance documentation, and ICT system descriptions.

Key application components specified:

• Legal analysis of the services to be provided and their classification
• Ownership structure chart with beneficial owners identified to the natural person level
• Management body member CVs, criminal record certificates, and fit-and-proper declarations
• Financial projections for 36 months
• AML/CFT policy and procedures summary
• ICT security framework overview
• Client asset safeguarding policy (for custody service providers)
• Business continuity and operational resilience plan

RTS on CASP organizational requirements (ESMA/2024/893) Establishes the internal governance framework required of authorized CASPs, including:

• Management body responsibilities and meeting frequency
• Internal audit function requirements (independent, with direct board access)
• Compliance function requirements (dedicated, with regulatory oversight mandate)
• Risk management framework (policies, limits, reporting lines)
• Outsourcing governance (due diligence, concentration limits, board approval)
• Record-keeping obligations (minimum 5 years for most records)

RTS on client asset safeguarding (ESMA/2024/894) This is the most operationally detailed standard in Package 2. It specifies:

• The precise segregation methodology for custody wallets
• The frequency and scope of reconciliation procedures
• The format of client statements and disclosures
• The conditions under which sub-custody arrangements are permitted
• The disclosure requirements when client assets are held by sub-custodians

RTS on complaints handling (ESMA/2024/895) Specifies the required elements of a CASP’s complaints handling procedure, including maximum response times (15 business days for standard complaints; 35 for complex cases), escalation requirements, and annual reporting to the NCA.

RTS on conflicts of interest (ESMA/2024/896) Defines the categories of conflicts requiring disclosure (proprietary trading in client-facing assets, cross-selling arrangements, remuneration structures), the disclosure format, and the organizational measures required to manage conflicts.

ITS on passporting notifications (ESMA/2024/897) Specifies the standardized notification form and procedures for CASPs wishing to passport services into other EU member states.

Package 3: Market Abuse and Operational Resilience (Q1–Q2 2025)

The third package covered market integrity and operational resilience, entering into force following publication in the Official Journal in mid-2025.

RTS on market abuse detection and prevention (ESMA/2025/112) MiCA Title VI prohibits insider trading, market manipulation, and unlawful disclosure of inside information. The Package 3 RTS specifies:

• The systems and controls CASPs must deploy to detect market manipulation (wash trading, spoofing, layering, ramping)
• The suspicious transaction reporting (STR) threshold and format for reports to NCAs
• The inside information identification and disclosure procedures
• The market surveillance data that trading platforms must maintain

RTS on operational resilience for CASPs (ESMA/2025/113) Aligned with the Digital Operational Resilience Act (DORA), this RTS specifies:

• ICT risk management framework requirements
• Incident classification and reporting thresholds
• ICT third-party risk management
• Business continuity testing requirements
• Digital operational resilience testing for systemically significant CASPs

ITS on NCA cooperation (ESMA/2025/114) Establishes the cooperation framework between home and host NCAs, including the format and timeline for sharing supervisory information, the handling of cross-border enforcement actions, and the role of ESMA in coordinating NCAs where multiple authorities have supervisory interest.

Using the Technical Standards in Practice

The technical standards are binding. A CASP that meets MiCA’s Level 1 requirements but fails to implement a specific technical standard is in regulatory breach — the same as if it had violated the Level 1 text directly.

For compliance officers, the priority standards for initial implementation are:

1. ESMA/2024/892 (authorization application content) — required before authorization
2. ESMA/2024/893 (organizational requirements) — required from authorization date
3. ESMA/2024/894 (client asset safeguarding) — required from the first day of custody service provision
4. ESMA/2025/112 (market abuse) — required for trading platforms from Package 3 application date

ESMA publishes all technical standards, Q&As, and supervisory guidance on its dedicated MiCA page at esma.europa.eu.

For the full MiCA compliance overview, see MiCA regulation. For the custody-specific requirements under ESMA/2024/894, see MiCA custody requirements. For the market abuse framework, see MiCA market abuse rules.

Regulatory reference: EUR-Lex — Regulation (EU) 2023/1114 | ESMA MiCA technical standards register