MiCA Compliance for Crypto Businesses: Requirements, Licensing & CASP Guide

The EU's MICA (Markets in Crypto-Assets Regulation) is the primary regulatory framework governing blockchain projects and crypto businesses operating in or targeting the European Union. Crypto-asset service providers (CASPs) must obtain authorisation to legally offer services across the EU, with national transition regimes already closed or nearing completion in several jurisdictions.

MiCA is the comprehensive regulatory framework for crypto-assets in the EU member states. It covers token issuance, stablecoin operations, exchange and custody services, portfolio management, and certain other crypto-related services — with requirements that vary significantly depending on what your business actually does. While MiCA is already in force, some jurisdictions applied transitional regimes that have already expired or are nearing expiry, making timely authorisation critical. The maximum EU-wide transition deadline is 1 July 2026. After that date, operating in the EU without the required licence will generally no longer be possible.

This page explains who needs to comply, what the obligations look like for each business type, and how Aurum helps clients get there. If you need MiCA support, schedule a call to discuss your requirements and the right next steps, or visit our contact page for alternative ways to get in touch.

Who Needs MiCA Authorisation?

MiCA applies to any project that issues crypto-assets to EU residents, lists tokens on EU-regulated platforms, or provides crypto-asset services within the EU. In other words, MiCA applies regardless of where your company is incorporated if you provide services to EU residents or access EU markets. The regulation captures a broad range of activities — not just exchanges, but custodians, advisors, portfolio managers, and token issuers.

Simply put, there are two main categories of regulated entities:

• Crypto-asset issuers — projects launching tokens, stablecoins, or asset-referenced tokens), and
• Crypto-asset service providers (CASPs) — platforms offering custody, trading, exchange, order execution, advisory, or transfer services.

If your business falls into either category and touches the EU market, MiCA compliance is mandatory.

In practice, MiCA requirements are far more nuanced and depend on the specific business model, project structure, or type of service provided. Below, we outline the MiCA requirements by business, project, or provider type, explain the main compliance steps each should take and how we can help.

Crypto Asset Issuers

If you are issuing tokens that do not qualify as stablecoins (EMTs) or Tokenised Assets (ARTs), such as utility tokens or governance tokens, MiCA still applies. As a token issuer, you must prepare and publish a MiCA-compliant token white paper that meets Article 6 requirements: issuer identity, technology description, token rights and obligations, risk disclosures, and project financials.

The white paper must be notified to the relevant national regulator at least 20 working days before publication. It is not subject to approval, but the authority can request amendments, and the issuer is liable for content that is incomplete, unfair, or misleading.

Certain exemptions apply: offerings below €1 million over 12 months, offerings limited to fewer than 150 persons per member state, offerings exclusively to qualified investors, and free distributions where no personal data is collected.

What Aurum does: We assess whether your token falls under MiCA or existing financial regulation (MiFID II, AIFMD), draft and file MiCA-compliant token white papers, advise on exemption eligibility, produce token opinions, and coordinate notification timelines so your launch is not delayed.

Stablecoin Issuers (EMT)

MiCA formally refers to stablecoins as e-money tokens (EMTs). We use “stablecoins” throughout for readability.

MiCA imposes strict requirements on issuers of crypto-assets pegged 1:1 to a single fiat currency, such as euro- or dollar-backed crypto tokens. These are treated as a form of electronic money under EU law, meaning issuers must be authorised either as an e-money institution or a credit institution. The licensing obligation applies regardless of the token’s market size.

Issuers must publish a MiCA-compliant white paper, maintain segregated reserve assets, honour redemption rights at par value, and meet ongoing reporting and governance requirements. Tokens designated as “significant” by the European Banking Authority face additional obligations, including enhanced capital buffers and stricter liquidity requirements.

What Aurum does: We advise on token classification, product structuring and compliance, draft MiCA-compliant white papers, structure reserve arrangements, product token opinions, and guide issuers through the authorisation process.

Tokenised Asset Issuers (ARTs)

MiCA formally refers to tokenised assets as asset-referenced tokens (ARTs). We use “tokenised assets” throughout for readability.

MiCA also regulates issuers of crypto-assets that reference a basket of assets, such as multiple currencies, commodities, or other financial instruments, to maintain a stable value. Unlike stablecoins, these tokens require a standalone authorisation from a national competent authority, along with comprehensive reserve management obligations, white paper publication, redemption rights for holders, and EU-standard governance structures.

Issuers with an average outstanding token value below €5 million over 12 months may qualify for a lighter regime: full authorisation is not required, though a white paper notification to the national regulator remains mandatory. Crossing that threshold, or receiving a “significant” designation from the European Banking Authority, triggers substantially higher requirements, including enhanced capital buffers and interoperability obligations.

What Aurum does: We advise on token classification, product structuring and compliance, structure the offering to qualify for the €5 million exemption where possible, draft MiCA-compliant white papers, set up reserve and governance arrangements, produce token opinions, and guide issuers through the national authorisation process where full licensing is required.

DeFi Protocols

MiCA exempts crypto-asset services provided "in a fully decentralised manner without any intermediary." Critically, partial decentralisation does not qualify — if any part of the service involves an intermediary or centralised control, MiCA applies in full. The regulation does not define what "fully decentralised" means, and regulators assess this based on actual control distribution, not branding.

We evaluate decentralisation across four layers: the settlement layer (is the blockchain permissionless?), the architecture layer (can anyone control, pause, or modify smart contracts?), the governance layer (does the DAO exercise real authority, or does the founding team retain effective control?), and the interface layer (is the front-end a practical control point?).

Projects that fail the decentralisation test — and many will, particularly those with admin keys, upgradeable contracts, or concentrated governance token holdings — need a compliance strategy. That may mean CASP licensing, restructuring governance arrangements, or progressively decentralising specific control points.

What Aurum does: We advise on the product structuring and compliance, conduct decentralisation assessments mapping your protocol against MiCA's exemption criteria, identify specific vulnerabilities, and advise on either strengthening your decentralisation position or pursuing authorisation. We also work with DAO governance structures through our sister project, daobox.io.

Custodians and Wallet Providers

Custody and administration of crypto-assets is a regulated CASP service under MiCA. Custodial wallet providers must obtain CASP authorisation, implement asset segregation protocols, maintain adequate insurance or capital buffers, and establish clear liability frameworks for loss or misuse of client assets.

Non-custodial wallet providers — where the user retains sole control of private keys — are generally outside MiCA's scope. However, the line between custodial and non-custodial is not always clear, particularly for smart contract wallets, multi-signature arrangements, and recovery mechanisms. Getting the classification wrong means operating without a licence.

What Aurum does: We assess whether your wallet architecture is custodial or non-custodial under MiCA, advise on CASP licensing where required, advise on legal structuring and compliance, and design custody policies that meet EU standards for asset protection and segregation.

Crypto Exchanges and Trading Platforms

Exchanges face some of the most demanding requirements under MiCA. To operate a trading platform in the EU, you need full CASP authorisation from a national regulator, which requires an EU-registered legal entity with local substance — meaning real offices and qualified personnel, not a shell.

Key obligations include operational resilience standards, client asset segregation, transparent fee disclosures, complaints-handling procedures, and robust AML/KYC frameworks. You must also implement market abuse surveillance systems and report suspicious activity.

What Aurum does: We handle the full CASP licensing process — from jurisdiction selection and entity formation to application drafting, regulatory liaison, and post-authorisation compliance framework design. Aurum may support the process in Lithuania, Poland, Estonia, Malta, Ireland, and certain other EU countries.

Advisors and Portfolio Managers

Providing investment advice on crypto-assets or managing portfolios of crypto-assets are both regulated CASP services under MiCA. This captures crypto-focused funds, managed account services, advisory platforms, and robo-advisors operating in the EU.

What Aurum does: We advise on licensing requirements, structure advisory and portfolio management operations for MiCA compliance, and help firms navigate the overlap between MiCA and MiFID II where crypto-assets may also qualify as financial instruments.

The MiCA Licensing Process: What to Expect

Obtaining CASP authorisation is not a quick process. Based on current timelines, expect approximately three months for licence application preparation (entity formation, documentation, compliance frameworks) and a further three to six months for regulatory review, depending on the jurisdiction and the complexity of your business model.

The key step is selecting the jurisdiction, considering factors like substance requirements, regulatory responsiveness, establishment costs, and language requirements. It is important to demonstrate and ground the choice of jurisdiction with the local regulator to ensure that the application will not be rejected due to the lack of connection with the chosen country.

After the jurisdiction is chosen, the following steps include forming the legal entity in that country, developing local substance, preparing the application package (business plan, governance documents, AML/CFT policies, capital adequacy evidence, IT security documentation), and managing the national regulator dialogue through to authorisation.

One of MiCA's most significant advantages is the EU-wide recognition: a CASP licence obtained in one member state is valid across all 27 EU member states. This eliminates the previous multi-jurisdiction licensing burden that fragmented the European market before the MiCA adoption.

Why Aurum

Aurum has been advising blockchain companies since 2016 and is recognised by the Financial Times Innovative Lawyers Europe, Legal500, and other leading legal directories. Trusted by some of the most ambitious blockchain projects, Aurum combines deep sector expertise, Web3-native counsel, and a practical understanding of how blockchain products are actually built and brought to market.

That background matters as MiCA requires more than procedural compliance. Token classification, filing strategy, regulator engagement, and CASP authorisation all involve legal and strategic judgement. In matters of this kind, clients need advice that is precise, commercially informed, and capable of standing up to regulatory scrutiny.

We provide MiCA advice that:

• is tailored to your operating model;
• reduces liability risk;
• is commercially scoped;
• avoids costly delays; and
• stands up in practice.

If you need MiCA support, schedule a call to discuss your requirements and the right next steps, or visit our contact page for alternative ways to get in touch. Aurum may support the MiCA compliance process in Lithuania, Poland, Estonia, Malta, Ireland, and certain other EU countries.

Frequently Asked Questions

Q: When is the MiCA compliance deadline?

A: MiCA is already in force. The final transition deadline is 1 July 2026 — after that date, CASPs operating in the EU without authorisation will be in breach. Note that transition deadlines in some EU countries have already lapsed.

Q: Does MiCA apply to businesses outside the EU?

A: Yes, if you offer crypto-asset services to EU residents or list tokens on EU-regulated platforms, MiCA applies regardless of where your business is incorporated.

Q: How much does MiCA compliance cost?

A: Costs vary significantly depending on your business type, need, and jurisdictions involved. CASP licensing involves entity formation, legal and compliance documentation, capital requirements, security compliance, and ongoing operational costs. Token offering can require as little as a MiCA white paper, filed with one of the state regulators, which is a fixed price service. We provide tailored cost estimates after assessing your specific situation.

Q: Is DeFi exempt from MiCA?

A: Potentially, but only if the service is provided "in a fully decentralised manner without any intermediary." Regulators assess actual control distribution — admin keys, upgradeable contracts, concentrated governance, and centralised front-ends all weaken the exemption argument. Most DeFi protocols will need a formal assessment to determine their position.

Q: What is the difference between a stablecoin (EMT) and a tokenised asset (ART) under MiCA?

A: An e-money token (EMT) is pegged to a single fiat currency on a 1:1 basis and requires authorisation as an e-money or credit institution. An asset-referenced token (ART) references multiple assets – a currency basket, commodities, or crypto-assets – and requires separate national regulator authorisation. The compliance requirements differ significantly, particularly around reserve management and redemption rights.

Q: Can I operate across the entire EU with one MiCA licence?

A: Yes. MiCA introduces an EU-wide passport – authorisation in one member state permits you to offer services across all 27 EU member states without additional licences.