MiCAR - Implementation Update November 2025

Strategic Overview of MiCAR and Implementation Status

• The Markets in Crypto-Assets Regulation (MiCAR), officially Regulation (EU) 2023/1114, establishes a single, harmonised, and comprehensive regulatory framework for crypto-assets and related services within the European Union (EU).
• Adopted with the overarching goals of ensuring legal clarity, boosting innovation, protecting investors, and maintaining financial stability,
• MiCAR addresses crypto-assets not already covered by existing EU financial services legislation.
• The implementation of MiCAR has been structured as a phased rollout, strategically prioritising risks perceived as systemic.
  • Stablecoins:
    • Obligations concerning Asset-Referenced Tokens (ARTs) and E-Money Tokens (EMTs), contained in Titles III and IV, became applicable first on 30 June 2024.
    • This accelerated timeline for stablecoins reflected a regulatory judgment that the reserve management and systemic risk associated with these tokens pose the most immediate threat to financial stability, demanding swift compliance and heightened scrutiny.
  • The remaining provisions, governing the issuance of non-stable crypto-assets i.e utility tokens (Title II), Crypto-Asset Service Providers (CASPs) authorisation (Title V), and Market Abuse (Title VI), became fully applicable on 30 December 2024.
• Achieving full operational effectiveness relies heavily on the finalisation and adoption of supplementary Level 2 and Level 3 legislative texts—Regulatory Technical Standards (RTS), Implementing Technical Standards (ITS), and Guidelines—developed by the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA).
  • Throughout 2024 and 2025, these technical standards have been critical in specifying the practical requirements for capital, liquidity, governance, and market conduct. Consequently, the compliance demands imposed upon financial institutions and crypto-native firms are not defined solely by the Level 1 text but by the detailed operational requirements outlined in these Level 2 and Level 3 measures.
  • The RTS, ITS and Guidelines cover many specific requirements needed to comply with MiCAR
• Regarding the authorisation (licensing) landscape, the MiCAR regime is proven to be functioning, with over 70 CASP authorisations approved across the EEA as of October 2025. Firms that were providing services in line with national laws before December 30, 2024, may operate under a “grandfathering clause.”
  • However, this transitional period is decided by each Member State and has a final, maximum deadline of July 1, 2026. CASPs operating under these national transitional periods must actively work toward obtaining full MiCAR authorisation or risk being denied continued operation.
• The approval velocity and number of licenses granted show a strong jurisdictional concentration, underscoring the importance of anchoring strategy in proven supervisory capacity.

The jurisdictions currently leading in license issuance are Germany (with 21 CASP licenses as of November 2025) and the Netherlands (14 licenses), followed by France and Poland.

Collectively, these four countries represent approximately 75% of all MiCAR licenses granted, highlighting that while the regulation is harmonised, the practical experience and institutional credibility of individual NCAs vary widely. That said, it is early days and we expect to see countries like Malta also do well once the authorisation regimes are fully operational.

Foundational Principles and Scope (Title I)

MiCAR’s regulatory perimeter is established by its definition of “crypto-asset” and the specific categories created, alongside clearly delineated exclusions.

Definition and Categorisation of Crypto-Assets

MiCAR distinguishes between three primary types of crypto-assets subject to regulation:

• Stablecoins:
  • Asset-Referenced Tokens (ARTs): These tokens purport to maintain a stable value by referencing multiple assets, rights, or a combination thereof, which may include one or more official currencies. ARTs are subject to the comprehensive issuance and prudential requirements laid out in Title III.
  • E-Money Tokens (EMTs): EMTs also purport to maintain a stable value, but specifically by referencing the value of a single official currency. Tokens like USDT and USDC fall within the category.
  • EMTs fall under Title IV and are  required to be issued by authorised Electronic Money Institutions (EMIs) or credit institutions.
• Utility Tokens: Defined as a type of crypto-asset intended to provide access to a good or service supplied by the issuer of that token. Utility tokens and other non-stable crypto-assets are subject to the transparency and disclosure requirements of Title II.

Exclusions and Jurisdictional Boundaries

MiCAR is designed to be a residual regulation, applying only where existing EU financial laws do not already govern the asset. The regulation explicitly excludes several categories of assets, most notably those that qualify as financial instruments, structured deposits, or certain insurance products.

A significant area of ambiguity lies in the treatment of Non-Fungible Tokens (NFTs):

• MiCAR does not apply to crypto-assets that are unique and not fungible with other crypto-assets.
• However, the structure of the exclusion suggests that the regulator’s focus is on the functional characteristics of the token, rather than its mere nomenclature.
• If NFTs are issued in large series or collections, or if their attributes make them fungible in practice (such as fractionalised ownership or interchangeability of rights), MiCAR may still apply.
• The determination of whether a series of tokens operates as interchangeable access rights or securities necessitates a continuous, functional legal assessment of the token design. This interpretive requirement means issuers cannot rely solely on the “NFT” label to avoid MiCAR; rather, they must budget for rigorous and ongoing legal scrutiny of the economic function of every new digital asset offering to ensure regulatory compliance.

Application Timeline and Transitional Measures (Article 143)

The legislative schedule dictates a phased compliance approach:

• Stablecoin Application (Titles III and IV): Became applicable on 30 June 2024. Issuers of ARTs and EMTs were required to be authorised and to publish their White Papers by this date.
• Full Regime Application (Titles II, V, and VI): Became applicable on 30 December 2024, covering CASP authorisation, general issuance requirements, and market abuse rules.

To facilitate the transition for existing market participants, MiCAR includes critical transitional provisions:

• Grandfathering Clause (Article 143(3)): Entities that were already providing crypto-asset services in accordance with applicable national laws before 30 December 2024 are generally permitted to continue operating until 1 July 2026, or until their MiCAR authorisation application is finalised.
• Simplified Authorisation (Article 143(6)): Member States may opt to implement a simplified authorisation procedure for existing CASPs that were authorised under national law before 30 December 2024. This simplified route is limited to an 18-month duration.

It is important to note, however, that the harmonising intent of MiCAR faces potential fragmentation due to discretionary powers granted to National Competent Authorities (NCAs). Member States have the option to notify the Commission and ESMA if they choose not to apply the transitional regime for CASPs or if they decide to reduce its duration, particularly if the prior national regulatory framework was deemed less strict than MiCAR. This discretion means the compliance runway for cross-border CASPs varies significantly across the EU, compelling multinational firms to adopt Member State-specific authorisation strategies rather than relying on a uniform transitional grace period.

Issuance of Crypto-Assets Other than ARTs or EMTs (Title II)

Title II dictates the transparency and disclosure obligations for Utility Tokens and other non-stable crypto-assets. These requirements are primarily centered on the Crypto-Asset White Paper.

White Paper Obligations and Liability

The White Paper requirement applies to any party making a public offer of a crypto-asset or seeking its admission to trading, provided the asset is not an ART or EMT, and no specific exemption applies.

• Content and Transparency: The White Paper must be drawn up in accordance with Article 6 of MiCAR, detailing the material features, rights, obligations, and associated risks of the crypto-asset. Offerors are required to act honestly, fairly, and professionally, ensuring that communication with potential holders is clear, fair, and non-misleading. Issuers must also identify, prevent, manage, and disclose any conflicts of interest.
• Notification Procedure: Unlike the White Papers for ARTs and EMTs, which require prior administrative approval, the White Paper for Title II assets must merely be submitted to the competent NCA at least 20 working days before its intended publication. This notification must include a crucial explanatory note justifying why the crypto-asset does not qualify as a security token, ART, or EMT.
• Public Accessibility and Investor Rights: The White Paper must be published on the issuer’s website and remain readily accessible for as long as the tokens are held by the public. Furthermore, offerors must provide holders with a right of withdrawal.
• Liability Regime: Critically, offerors are liable for damages if the White Paper contains incorrect or misleading information.

Although NCAs do not formally approve the Title II White Paper, the 20-day notification period allows the competent authority time to review the submission and potentially intervene if they disagree with the issuer’s classification (e.g., if they suspect the asset is an undisclosed security or stablecoin). Furthermore, the explicit statutory liability for damages fundamentally transforms the White Paper from a mere informational document into a legally actionable disclosure, imposing due diligence standards traditionally associated with simplified prospectuses. This confirms that the regulatory model for non-stable crypto-assets rests on enforced transparency and legal accountability.

Exemptions

An exemption from the White Paper requirement exists if the crypto-asset has already been admitted to trading on another EU trading platform, provided that the existing White Paper adheres to MiCAR standards and the person responsible for its creation consents in writing to its use.

Regulation of Stablecoins: Asset-Referenced Tokens (ARTs) and E-Money Tokens (EMTs) (Titles III & IV)

Titles III and IV impose a rigorous prudential and governance regime on stablecoin issuers, designed to mitigate liquidity and systemic risk.

Governance and Authorisation

Issuers of ARTs and EMTs are required to obtain authorisation from their NCA, with the issuance function of significant tokens falling under the direct supervision of the EBA. This dual regulatory focus reflects the financial risk associated with stablecoins.

Issuers must maintain robust internal governance arrangements with clear, transparent, and consistent lines of responsibility. These arrangements, specified further by EBA guidelines, must ensure sound management of all associated risks, including operational risks, fraud, cyber threats, and compliance failures.

Furthermore, MiCAR requires issuers to prepare and maintain two essential crisis management documents: a Recovery Plan and a Redemption Plan. These plans detail measures to be taken in the event of non-compliance with reserve requirements or during periods of mass redemptions, ensuring the continuity of operations and the ability to honor redemption obligations.

Identification of “Significant” Tokens

MiCAR mandates enhanced supervisory and prudential requirements for ARTs and EMTs deemed “significant” due to their size and potential systemic footprint.

A token is classified as significant if it meets at least three of the following quantitative thresholds, as stipulated in Article 43(1):

• The number of holders is greater than 10 million.

• The value of the token issued, its market capitalisation, or the size of the reserve of assets exceeds EUR 5 billion.

• The average number and average aggregate value of transactions in that token per day, during the relevant period, exceeds 2.5 million transactions and EUR 500 million, respectively.

The EBA is responsible for specifying the procedural rules for imposing fines on issuers of significant tokens (Delegated Regulation (EU) 2024/1504). Moreover, the EBA specifies certain criteria for classifying tokens as significant (Delegated Regulation (EU) 2024/1506) and collaborates with the ECB to specify the methodology used to estimate the number and value of transactions. The establishment of a clear, quantifiable metric for transaction volume ensures that tokens achieving critical mass are swiftly subjected to the highest level of prudential safety and regulatory oversight, acting as a preventative mechanism against potential systemic risk propagation.

Reserve Management and Liquidity Requirements (EBA RTS)

The most prescriptive requirements relate to the reserve of assets that backs the tokens. This reserve must be equal to the issuer’s commitments and managed under transparent policies covering custody, investment, and valuation. The EBA has published detailed Regulatory Technical Standards (RTS) specifying liquidity requirements to ensure token holders can exercise their redemption rights promptly.

The liquidity framework specifies minimum proportions of the reserve that must be held in highly liquid assets, categorised by maturity buckets.

Liquidity and Deposit Requirements for ART/EMT Reserve Assets (EBA RTS)

The requirement for significant tokens to hold at least 60% of the reserve in weekly liquid instruments, and a high proportion as bank deposits referenced in the official currency, imposes significant constraints on reserve management. These highly quantitative rules compel stablecoin issuers to operate with a conservative investment profile, analogous to traditional money market funds. This restriction effectively prohibits issuers from pursuing high-yield, less liquid, or highly integrated decentralised finance (DeFi) strategies for their reserves. The mandate ensures stability and redeemability at the expense of potential profitability, reflecting a deliberate regulatory choice to mitigate risk in the stablecoin sector.

Furthermore, MiCAR imposes strict rules regarding custody and concentration risk. Prudent diversification of custodians is required to ensure prompt access to reserve assets. Specifically, the RTS imposes an overall concentration limit of 30% of the reserve’s market value on the combined exposure to any single credit institution. This limit covers deposits, highly liquid financial instruments issued or guaranteed by that institution, and risk exposure from unmargined OTC derivatives. Issuers of significant tokens are also required to hold at least 60% of the deposits referenced in each official currency with credit institutions.

Crypto-Asset Service Providers (CASPs) and Authorisation (Title V)

Title V creates a rigorous authorisation framework for firms offering crypto services, standardising operational, governance, and capital requirements across the EU.

Scope of Regulated Crypto-Asset Services

Any entity professionally providing the following ten distinct services within the EU must obtain CASP authorisation from its designated NCA:

1. Providing custody and administration of crypto-assets on behalf of clients.

2. Operation of a trading platform for crypto-assets.

3. Exchange of crypto-assets for funds.

4. Exchange of crypto-assets for other crypto-assets.

5. Execution of orders for crypto-assets on behalf of clients.

6. Placing of crypto-assets.

7. Reception and transmission of orders for crypto-assets on behalf of clients.

8. Providing advice on crypto-assets.

9. Providing portfolio management on crypto-assets.

10. Providing transfer services for crypto-assets on behalf of clients.

Where custody or transfer services involve EMTs, the firm’s activities often qualify as payment services under the Directive (EU) 2015/2366 (PSD2). This overlap necessitates that firms engaging in payment-related functions may require dual authorisation, securing both CASP authorisation under MiCAR and Payment Institution (PI) authorisation under PSD2. This regulatory layering introduces structural and compliance complexities, demanding sophisticated segregation of activities and governance.

Authorisation and Organisational Requirements

The authorisation process requires applicant firms to demonstrate their ability to meet regulatory obligations through detailed submissions covering many aspects of their business including: governance, ownership, capital projections, outsourcing arrangements, operations, prudential requirements, business continuity, AML/CTF prevention, ICT systems and security arrangements, segregation of client assets/funds, complaints handling.

• Governance and Suitability: CASPs must establish appropriate internal controls. Guidance from ESMA and EBA emphasises the importance of management bodies possessing adequate technical knowledge of the crypto ecosystem. ESMA guidelines specify criteria for assessing the knowledge and competence of staff providing advice or information on crypto-assets, covering organisational requirements for assessment, maintenance, and updating of professional qualifications.
• Conduct and Transparency: CASPs are obliged to act honestly, fairly, and professionally, always prioritising the best interests of their clients. All information, including marketing communications, must be clear, fair, and non-misleading, disclosing price policies, associated risks, and the climate or environmental impacts of the assets.
• Client Asset Safeguarding: A cornerstone of the CASP regime is the segregation of client crypto-assets and funds. CASPs must implement adequate organisational arrangements to safeguard clients’ ownership rights, protecting them from potential losses or misuse by the CASP itself.

Prudential Requirements and Own Funds

MiCAR sets minimum capital and prudential safeguard requirements that scale with the complexity and risk profile of the services offered. These requirements can be met by holding Common Equity Tier 1 (CET1) items, as defined by Regulation (EU) No 575/2013 (CRR), or by holding a professional indemnity insurance policy or comparable guarantee.

Prudential Requirements and Capital Alternatives for CASPs

The insurance alternative is a key provision tailored for the fintech sector. The required policy or guarantee must be adequate to cover the EU areas where services are offered and protect the firm against specific operational risks, including negligence, misleading clients, system disruptions, and liability for the loss of client crypto-assets or funds.

Allowing insurance to substitute for internal capital incentivises CASPs to demonstrate high standards of operational security and risk transfer, driving the requirement for sophisticated internal controls even for smaller firms. The practical effect is that achieving the low minimum capital requirement through insurance necessitates rigorous risk management procedures demanded by the insurer.

Market Integrity and Abuse (Title VI)

Title VI of MiCAR establishes a regulatory regime aimed at protecting market integrity and preventing market abuse, drawing heavily on concepts adapted from the EU Market Abuse Regulation (MAR). These rules became applicable on 30 December 2024.

Prohibitions and Scope

MiCAR prohibits three core activities: insider dealing, unlawful disclosure of inside information, and market manipulation. The legislative intent was to adapt the scope of MAR to the specific characteristics of crypto-assets and the predominantly SME nature of market participants.

However, a notable difference from MAR is the omission of certain key exemptions provided under the traditional regime, such as those relating to “legitimate behaviour” and “accepted market practices”. This absence creates regulatory uncertainty regarding activities common in token ecosystems, such as stabilisation mechanisms or certain treasury management operations that could be construed as market manipulation under a literal interpretation of MiCAR. Firms must therefore exercise extreme caution and seek regulatory guidance when engaging in activities near the perimeter of manipulation, relying on conservative legal interpretation until ESMA or EU courts provide definitive clarification.

Disclosure of Inside Information

Issuers of crypto-assets are subject to requirements concerning the handling and disclosure of inside information. They are required to make prompt public disclosure of any inside information that directly concerns the crypto-asset. Issuers may delay public disclosure only if certain strict conditions are met.

The technical specifications for this disclosure process are critical to compliance. Commission Implementing Regulation (EU) 2024/2861 lays down the implementing technical standards (ITS) specifying the technical means for the appropriate public disclosure of inside information and for legitimately delaying such disclosure.

Obligations on PPAETs (Market Monitoring)

The market integrity regime imposes significant surveillance obligations on Persons Professionally Arranging or Executing Transactions (PPAETs), which includes CASPs, particularly those operating trading platforms.

• Surveillance Systems: Pursuant to Article 92(1) of MiCAR, PPAETs must establish and maintain effective arrangements, systems, and procedures designed to prevent, detect, and report market abuse. These systems must be appropriate and proportionate to the scale, size, and nature of the PPAET’s business activity, distinguishing, for instance, between operators of a trading platform and CASPs merely executing orders.
• STOR Reporting: PPAETs are mandated to submit Suspected Transaction and Order Reports (STORs) to the NCA when they suspect that market abuse has occurred or is occurring. The specific templates and coordination procedures for reporting suspected market abuse, including cross-border situations, are detailed in Commission Delegated Regulation (EU) 2025/885.

The imposition of these PPAET obligations effectively institutionalises market supervision in the crypto sector. Because MiCAR Guidance (see ESMA Maximal Extractable Value Implications for crypto markets) addresses concepts such as MEV (Maximal Extractable Value), compliance demands that PPAETs implement sophisticated, algorithmic surveillance technology capable of monitoring high-frequency trading anomalies, order book manipulation, and chain-native manipulation techniques. NCAs are responsible for ensuring these arrangements remain appropriate on an ongoing basis, applying a risk-based approach to supervision.

Supervisory Framework and Implementation Roadmap

The regulatory architecture relies on a clear division of labor among EU and national authorities, coupled with a systematic approach to technical standardisation.

Roles and Responsibilities of EU Authorities

MiCAR specifies distinct but interconnected roles for the regulatory bodies:

• National Competent Authorities (NCAs): Member States must notify the designated competent authorities responsible for MiCAR oversight. NCAs serve as the primary supervisory authority for CASP authorisations and the ongoing compliance of non-significant ART/EMT issuers. They act as the single point of contact within each Member State.
• European Banking Authority (EBA): The EBA holds central supervisory responsibilities related to the prudential issuance function of stablecoins (Titles III and IV). Specifically, the EBA directly supervises issuers of significant ARTs and certain significant EMTs. The EBA develops technical standards relating to own funds, liquidity requirements, reserve asset management, and recovery plans for stablecoin issuers.
• European Securities and Markets Authority (ESMA): ESMA focuses on market conduct, investor protection, and the regulation of CASPs and issuance of non-stable tokens (Titles II, V, and VI). ESMA is responsible for developing technical standards on areas such as governance, suitability of management, market abuse reporting, and organisational requirements for CASPs.

Status of Level 2/Level 3 Technical Standards

The operational requirements of MiCAR are largely enshrined in the Level 2 and Level 3 measures, which were finalised across 2024 and 2025. Key milestones include:

• Prudential Standards: The EBA published final reports on draft RTS concerning own funds, liquidity requirements, and recovery plans for ARTs and EMTs.
• Governance and Suitability: Joint EBA and ESMA Guidelines on the assessment of the suitability of management bodies and qualifying shareholders of ART issuers were published in December 2024 and apply from February 2025.
• Authorisation and Enforcement: The Commission adopted Delegated Regulations specifying procedural rules for EBA penalties (2024/1504) and specifying criteria for classifying tokens as significant (2024/1506). Implementing Technical Standards (ITS) were published establishing standard forms and templates for CASP and ART authorisation applications.
• Market Abuse: Key regulations covering market integrity include Commission Implementing Regulation (EU) 2024/2861 regarding the technical means for public disclosure of inside information and Commission Delegated Regulation (EU) 2025/885 detailing the RTS on arrangements and templates for reporting suspected market abuse (STORs).

Supervisory Convergence and Transparency

ESMA is actively working with NCAs to ensure a convergent approach, particularly regarding the authorisation of CASPs during the transitional phase. The publication of Level 3 Guidelines on areas like suitability and competence compels NCAs to align their interpretations, limiting the potential for jurisdictional variance and regulatory arbitrage that could undermine MiCAR’s goals. NCAs are required to notify ESMA within two months of guideline publication regarding their compliance intentions.

To enhance market transparency, ESMA maintains an Interim MiCA Register, which lists notified white papers and authorised entities. However, the register explicitly states that the white papers listed for non-stable crypto-assets have not been reviewed or approved by any competent authority in any Member State. This crucial disclaimer reinforces the principle that for Title II assets, the regulatory model is fundamentally based on disclosure and issuer liability, rather than pre-market gatekeeping, thus conserving regulatory resources while maximising investor protection through civil remedy mechanisms.

Conclusions

MiCAR represents a paradigm shift in the regulation of digital assets, replacing fragmented national regimes with a harmonised, comprehensive, and highly prescriptive framework across the EU. The analysis confirms several strategic implications for regulated entities:

1. Systemic Risk Prioritisation: The staggered application dates reveal a clear regulatory risk hierarchy, prioritising the immediate and rigorous prudential supervision of stablecoins (ARTs and EMTs). This focus necessitates sophisticated, liquidity-managed reserve structures governed by strict EBA technical standards, fundamentally limiting stablecoin issuers’ ability to engage in high-yield, less liquid on-chain activities.
2. Institutionalisation of CASP Operations: The CASP regime mandates high standards of governance, management suitability, client asset segregation, and operational resilience. The inclusion of insurance as an alternative to CET1 capital incentivises firms to invest heavily in operational risk mitigation and external liability coverage, effectively raising the qualitative bar for market entry beyond the minimal capital figures.
3. Mandatory Market Surveillance: Title VI institutionalises market integrity monitoring by forcing PPAETs (especially trading platform operators) to adopt technology capable of detecting and reporting complex forms of market abuse via STORs. Compliance requires transposing MAR-level surveillance sophistication onto traditionally decentralised markets.
4. Legal Certainty vs. Operational Ambiguity: While MiCAR provides legal certainty by categorising assets and defining scope, ambiguity persists at the boundaries—notably concerning functionally fungible NFTs and the lack of certain MAR exemptions in Title VI. These areas necessitate conservative legal interpretations and continuous monitoring of ESMA and EBA guidance.