MiCA & FinProm Compliance for Crypto Founders of Decentralised Projects

MiCA and FinProm Compliance for Crypto Founders: What Decentralisation Does (and Doesn’t) Protect You From

The Decentralisation Myth?

Over the past year, hundreds of crypto projects have tried to launch “compliance-light” models: no marketing, DEX-only listings, airdrops instead of sales, and non-custodial staking. These strategies promise regulatory simplicity — avoiding issuer registration, investor-protection obligations, and collective investment scrutiny. But founders are discovering a harsher truth: decentralisation doesn’t completely neutralise regulatory risk, it shifts it into narrower activity channels. 

The risks related to offers and activity deemed to take place in the USA are also significant and can be difficult to quantify and mitigate for decentralised projects. As full US registration is economically impossible for a decentralised project or startup, proactive, comprehensive, and technical exclusion of US persons from the primary sale and staking mechanism may be required.

A well-structured, decentralised launch can indeed avoid MiCA’s public offer obligations and UK collective investment classification, however founders who rely too heavily on these carve-outs often ignore the residual compliance duties that apply regardless of offer status — duties that carry real enforcement risk.

MiCA: Understanding the Triggers

EU’s Markets in Crypto-Assets Regulation (MiCA), fully effective from December 2024, imposes two major obligations on crypto-asset issuers:

1. Preparing and notifying a white paper if a crypto-asset is offered to the public in the EU; and
2. Complying with conduct and market-abuse rules once that asset is admitted to trading.

What Counts as a Public Offer?

Under Article 4 MiCA, a public offer occurs when any communication presents sufficient information about a crypto-asset to enable an investor to decide to purchase it.

If the founder — or anyone acting on their behalf — makes such a communication, MiCA applies in full. The issuer must file a white paper with the National Competent Authority (NCA) and make prescribed disclosures, including environmental data and governance arrangements.

Avoiding the “Offer” Definition

Founders can avoid triggering this rule by ensuring:

• No public communications invite or induce token purchase;
• Tokens become available only through user-initiated DEX liquidity, not founder-solicited sales; and
• The total proceeds from token sales to EU persons remain under €1 million in any rolling 12-month period (the so-called “€1 million wall”). Exceeding this limit automatically triggers white paper obligations.

To clarify, if there is no public offer (e.g., the token is only made available via a passive DEX listing or an airdrop with no inducement or marketing), the €1 million limit does not automatically trigger white paper obligations, because the threshold is relevant only in the context of a public offer exemption. That said, if a regulator later finds that the distribution effectively constitutes a public offer, then the €1 million limit is critical: exceeding it would mean the issuer must comply with white paper requirements.

Admission to Trading

MiCA also applies when an issuer seeks admission to trading on a platform. If a token simply appears on a DEX — without the issuer requesting or facilitating the listing — the issuer may argue they did not seek admission or that the DEX structure does not constitute admission (given that listing is permissionless).

That defence is valid in principle, but can be fragile in practice. Founders who provide liquidity, pair tokens, or announce exchange availability may be viewed as actively “seeking admission.” The line between being listed and seeking listing is paper-thin.

Residual Obligations Under MiCA

Even projects that stay below the €1 million threshold and make no public offer are still exposed to a second layer of MiCA: Title VI (Market Abuse and Conduct).

Market Abuse Rules Apply to All Traded Assets

Title VI applies automatically to any crypto-asset admitted to trading on a crypto-asset trading platform — centralised or decentralised.

This means that once the token trades anywhere accessible to EU users:

• Founders and developers become “insiders” under MiCA;
• Insider dealing and unlawful disclosure prohibitions apply; and
• Market manipulation rules bind all market participants.

In effect, any token that becomes tradeable within the EU brings its founders within MiCA’s conduct perimeter — regardless of how decentralised the launch was.

Disclosure of Material Information

Projects must publicly disclose any information that could materially affect the token’s price as soon as possible. Examples include:

• Major protocol upgrades or tokenomics changes;
• Treasury operations, burn events, or staking-reward adjustments;
• Key governance or partnership announcements.

These disclosures should be made through verified channels — e.g. the project website, GitHub, or official social media — to ensure simultaneous market access to information.

Environmental Transparency

One of the most overlooked obligations is environmental disclosure. MiCA Article 6 requires issuers to include information on the principal adverse impacts on climate and the environment of their consensus mechanism.

While this is formally a white paper requirement, regulatory interpretation suggests it reflects a general conduct principle — a transparency expectation that may apply even to exempt launches.

Founders should therefore publish a concise sustainability statement, summarising:

• Energy efficiency of the consensus algorithm;
• Estimated energy consumption and offset measures; and
• Any environmental mitigation initiatives.

Neglecting this can expose a project to criticism for failing MiCA’s “spirit of transparency,” even if technically exempt.

The UK FinProm Trap

The UK’s Financial Promotion regime (FinProm) is even more restrictive than MiCA in terms of offering cryptoassets.

Under Section 21 of the Financial Services and Markets Act 2000 (FSMA), no one may communicate an invitation or inducement to engage in investment activity unless that communication is made, or approved, by an authorised person — or an exemption applies.

The Definition of “Inducement”

The UK’s definition is breathtakingly broad. Anything that could reasonably encourage a person to purchase or acquire an investment is an inducement.

That includes:

• Whitepapers and technical documentation;
• Tokenomics explainers and staking guides;
• Blog posts or videos describing potential network rewards or benefits.

If a token must be purchased to access the network’s utility — for example, to stake or participate in governance — then explaining that utility is itself an inducement to acquire the token.

Extraterritorial Reach

The FinProm regime applies even to communications made from outside the UK if they are “capable of having an effect” within the UK. In practice, if a UK resident can access your website or documentation, you are caught.

Simply stating “this is not an offer to UK persons” offers no protection. The only viable defences are:

1. Geoblocking and IP filtering of the UK; or
2. Approval by an FCA-authorised firm under the financial promotion gateway.

Why FinProm Is the Biggest Single European Regulatory Risk

Unlike MiCA, the UK FinProm regime offers no €1 million exemption or “passive listing” defence. It captures communications, not transactions. A project can avoid offering tokens, yet still breach FinProm merely by explaining how those tokens work.

Staking: The Fine Line Between Validation and Regulation

For many decentralised projects, staking is the core economic engine — aligning participants, rewarding validators, and securing the network. But it also represents one of the most misunderstood regulatory frontiers.

The MiCA Perimeter for Staking Services

MiCA defines “crypto-asset services” to include the custody and administration of crypto-assets on behalf of clients. Where staking services are provided through an intermediary who takes possession or control of users’ tokens — such as a custodial exchange or pooling operator — that entity is performing a CASP activity and must be authorised.

A founder avoids this trigger by ensuring that:

• The protocol’s staking mechanism is fully non-custodial, meaning stakers retain control of their private keys at all times;
• Rewards are automatically distributed by smart contract logic, not by a central operator; and
• No single participant exercises discretion over staking pool parameters or reward allocation.

This design keeps staking outside the regulated perimeter because no one “holds” crypto-assets on behalf of others — and no service provider is acting as an intermediary.

Why the Non-Custodial Model Is Fragile

While this architecture mitigates regulatory exposure, it introduces severe operational and scalability constraints. The more control retained by founders or multisig signatories — for example, if they can alter reward rates or pause staking — the more likely the model is to be treated as custodial or managed staking, triggering CASP authorisation or even securities classification.

The non-custodial model also complicates user support, upgrade management, and compliance transparency — making it difficult to evolve the protocol without reintroducing regulatory touchpoints.

UK and Gibraltar Positions

The UK’s recent statutory exemption of crypto-asset staking from collective investment scheme (CIS) rules provides a significant structural safeguard. It confirms that passive, network-level validation is not an “investment arrangement,” removing one of the largest residual risks for decentralised staking models.

Similarly, Gibraltar’s regulatory guidance on DLT activities confirms that transaction validation (staking) falls outside the DLT framework where:

• The activity is not carried on “by way of business,” or
• The operator does not control users’ assets or exercise discretion on their behalf.

This alignment between the UK and Gibraltar approaches reinforces the defensibility of non-custodial staking architectures.

Avoiding Securities Reclassification

The grey zone lies between passive validation and active management. If a founder, foundation, or DAO exercises discretion over reward policies, validator selection, or treasury-staking behaviour, the protocol can cross into “managerial control.” In that case:

• In the US, the staking token may be viewed as an investment contract under the Howey test. The founder’s retention of control over staking reward metrics and smart contract governance parameters is the project’s primary legal vulnerability under the extraterritorial Howey Test. This is easily framed by the SEC as the “managerial efforts” central to stakers’ profit expectation.
• In the EU, the activity may be treated as a regulated investment or CASP service requiring authorisation.

The safest regulatory posture is a passive, algorithmic governance model — one where the code, not the founders, determines reward logic. Founders should refrain from discretionary adjustments and ensure that all staking-related changes are executed through transparent, on-chain governance with clear, public documentation.

Reconciling Decentralisation with Legal Reality

Decentralisation helps avoid direct issuer obligations — but it does not neutralise conduct duties. The real compliance challenge is structural contradiction: every project wants global, open access, yet the legal exemptions rely on geographic and behavioural limitations.

To remain compliant:

• You must not market or induce; yet your project may be known to users.
• You must be open to global liquidity; yet you must consider geoblocking major jurisdictions.
• You must be sufficiently decentralised; yet founders remain responsible for insider conduct.

This paradox is the central tension of modern crypto regulation. The legal framework still assumes a human issuer behind every token, even if the code is autonomous.

The Three-Layer Regulatory Risk Mitigation Framework for Founders

Layer 1 – Legal Structuring

• Avoid “offers to the public” by not marketing tokens or presenting purchase-enabling information.
• Respect the €1 million cap on total consideration from EU persons in any 12-month period.
• Do not seek admission to trading on any exchange or DEX; let trading emerge passively.

Layer 2 – Conduct and Transparency

• Apply MiCA Title VI standards voluntarily, even if not legally triggered.
• Publish environmental impact disclosures (consensus energy use, sustainability measures).
• Disclose material developments promptly through official, verifiable channels.
• Maintain insider-trading safeguards: internal pre-disclosure periods, clear governance logs, and transparent treasury operations.

Layer 3 – Jurisdictional Controls

• Geoblock UK IP addresses for any documentation describing token functionality, staking, or reward mechanics.
• Insert jurisdictional disclaimers in all web interfaces and whitepapers.
• Engage an FCA-authorised firm to review or approve promotional materials if any UK exposure is unavoidable.
• Maintain equivalent compliance mapping for Gibraltar, Singapore, or other jurisdictions that align with MiCA or FSMA frameworks.
  

The Emerging Enforcement Climate

MiCA enforcement focuses heavily on conduct and transparency. National regulators have formed dedicated crypto-supervision units, with the European Securities and Markets Authority (ESMA) coordinating.

Key early targets include:

• Projects that claim exemption but fail to publish basic environmental or governance disclosures;
• Founders who trade or stake their own tokens ahead of major announcements; and
• Token-issuance schemes that disguise structured sales as airdrops. Founders must ensure the airdrop is a true, unconditional gift lacking any form of quid pro quo to maintain its exempt status under MiCA.

In the UK, the FCA’s FinProm supervision centres on unauthorised promotions. In October 2024, the regulator warned that most overseas crypto websites accessible from the UK will fall foul of the new gateway rules. Enforcement may include takedown orders, website blocking, and criminal penalties.

What a “Good” Decentralised Project Looks Like

A legally robust decentralised project should aim to meet the spirit of MiCA and FinProm, not merely the letter of their exemptions.

That means:

• Making public, timestamped disclosures of all governance and treasury activity;
• Operating non-custodial, transparent staking mechanisms;
• Publishing a voluntary “Lite Paper” that covers token functionality, risks, and environmental data — without inducement language; and
• Embedding clear jurisdictional disclaimers and geo-technical controls.

These measures not only mitigate enforcement risk but build long-term reputational capital with regulators and institutional partners. In addition, founder teams should aim to have the governance token widely distributed and any governance decisions subject to auditable on-chain mechanisms.

Conclusion: Compliance as a Structural Feature

Compliance must become a structural feature of protocol design — embedded in governance, code, and communication. In practical terms, that means designing token launches that can withstand legal scrutiny even if regulators later reinterpret the rules. 

By combining decentralised governance and mechanics with proactive transparency, and careful token treasury management projects can align with MiCA’s market-conduct principles and the UK’s investor-protection ethos without undermining their decentralisation thesis.

About Ramparts Law Firm

Ramparts is an international law firm based in Gibraltar, advising technology and financial-services clients on regulatory compliance, governance, and cross-border structuring. The firm specialises in crypto-asset and digital-finance regulation across the EU, UK, and emerging frameworks.

For more information or to discuss compliance options under MiCA or the UK FinProm regime, please contact Peter Howitt in the Ramparts regulatory team.