MiCA — Markets in Crypto-Assets Regulation, Regulation (EU) 2023/1114 — is the first single licensing framework for crypto activity in the EU. Published on 9 June 2023, its Asset-Referenced Token (ART) and E-Money Token (EMT) provisions became applicable on 30 June 2024; the Crypto-Asset Service Provider (CASP) provisions on 30 December 2024. This article reads MiCA from the perspective of a working operator — an exchange, custodian or issuer — and walks through scope, the authorisation process, white paper rules, capital thresholds, and how MiCA differs from Turkey's KVHS regime.
What Does MiCA Regulate?
MiCA covers three main areas:
- Crypto-asset issuance — a prospectus-style white paper regime for utility tokens, ARTs and EMTs.
- Crypto-Asset Service Providers (CASPs) — authorisation for activities such as exchange operation, custody, transfer service, portfolio management and advice.
- Market abuse and consumer protection — insider dealing and manipulation prohibitions, pre-contractual disclosure.
MiCA deliberately leaves out: NFTs (where genuinely unique and non-fungible), DeFi protocols (if fully decentralised), CBDCs, and financial instruments already covered by MiFID II.
What Is a CASP and Which Services Are In Scope?
CASP — Crypto-Asset Service Provider — is defined in Article 3(15). There are eight service classes:
- Custody and administration of crypto-assets on behalf of clients.
- Operation of a trading platform (exchange).
- Exchange of crypto-assets for funds or other crypto-assets, on own account.
- Execution of orders on behalf of clients.
- Placing — marketing of new issues.
- Reception and transmission of orders.
- Advice.
- Portfolio management.
A firm can provide multiple services, but authorisation and the corresponding capital threshold apply per service class.
The CASP Authorisation Process
Authorisation is granted by the national competent authority (NCA):
- Germany: BaFin
- France: AMF
- Ireland: Central Bank of Ireland (CBI)
- Malta: MFSA
- Lithuania: Lietuvos Bankas
- Netherlands: AFM + DNB
A typical application package includes:
- Governance and compliance structure (org chart, key-person CVs, fit-and-proper assessment of board members).
- Capital and safeguarding plan.
- AML/KYC policy aligned to AMLD5/6 and the forthcoming AMLR.
- Risk management, internal audit, IT security and operational resilience evidence (overlapping with DORA — the Digital Operational Resilience Act).
- ESG reporting plan.
End-to-end timeline varies by NCA between 6 and 12 months. A granted licence can then be passported to other Member States.
Capital Thresholds
Under MiCA Annex IV, minimum initial capital by service class:
| Class | Services | Minimum Capital |
|---|---|---|
| 1 | Advice only, reception and transmission of orders | €50,000 |
| 2 | Placing, portfolio management, crypto-crypto/fiat exchange, custody, order execution | €125,000 |
| 3 | Operation of a trading platform | €150,000 |
In addition, ongoing capital must equal max(initial capital, one quarter of fixed overhead from the previous year).
The White Paper Regime
For issuers, MiCA establishes three regimes:
- Utility token white paper: published + notified to the NCA 20 working days in advance. No prior approval. Content requirements set out in Annex I (18 mandatory sections).
- ART (Asset-Referenced Token): prior approval required. Issuer must be an EU-incorporated entity, subject to EBA supervision, hold adequate capital and reserves.
- EMT (E-Money Token): prior approval + issuer must be a credit institution or e-money institution. EMD2 (and future PSR) provisions apply concurrently.
For ARTs and EMTs there is an additional "significance" threshold: once a token crosses certain size metrics (user count, transaction volume, reserve size), it falls under direct EBA supervision.
Market Abuse and Consumer Protection
MiCA Title VI introduces market abuse prohibitions modelled on MAR (Market Abuse Regulation):
- Insider dealing prohibition.
- Market manipulation prohibition (including pump-and-dump and wash trading).
- Obligation to disclose inside information.
On the consumer protection side: pre-contractual disclosure, complaint-handling procedures, segregation of client assets from firm assets, conflict-of-interest management.
Interaction With DORA
DORA — the Digital Operational Resilience Act — became applicable on 17 January 2025. CASPs are in DORA scope: ICT risk management, third-party (cloud, KYC vendor, etc.) dependency oversight, major incident reporting, threat-led penetration testing. DORA compliance must be evidenced in the MiCA application.
MiCA vs KVHS: Turkey Side-by-Side
| Topic | MiCA (EU) | KVHS (Turkey) |
|---|---|---|
| Competent authority | NCA per Member State + ESMA/EBA | SPK |
| Licence type | CASP authorisation (8 service classes) | KVHS operating permit |
| Passporting | Single licence across the EU | Turkey-only |
| Capital | €50k - €150k initial | TRY-denominated, SPK communiqués |
| White paper | Notification for utility, prior approval for ART/EMT | Prospectus-style for security-type tokens |
| Travel Rule | TFR-mandated | MASAK framework |
| Stablecoin (ART/EMT) | EBA supervision, reserve rules | SPK rules emerging |
For deeper coverage of KVHS see our Turkey crypto VASP regulation article. For a Turkish exchange entering the EU the decision matrix is: KVHS first (TR market), then a MiCA application in an EU host state (EU passport).
Roadmap for a TR Exchange Entering the EU
- Host state selection. Lithuania, Malta and Ireland stand out today on the basis of licensing throughput, NCA interaction quality and tax regime.
- Local subsidiary / restructuring. A CASP application is filed by an EU-incorporated entity.
- Compliance + risk + IT documentation adapted to EU standards. A TR AML policy is insufficient — rewrite against AMLD5/6 + AMLR.
- TFR integration — IVMS 101 messaging, sunrise problem solution.
- Passporting preparation — passport notifications for EU-wide marketing.
In practice the EU-side build runs 9-15 months; for a TR exchange this should be planned as a parallel workstream alongside ongoing TR operations.
Frequently Asked Questions
When did MiCA become binding across all EU Member States?
As a Regulation, MiCA is directly applicable without national transposition. ART/EMT provisions apply from 30 June 2024, CASP provisions from 30 December 2024. In an 18-month transitional period, pre-MiCA nationally licensed CASPs may continue activities; this transition ends on 30 June 2026 for each Member State.
Does a crypto exchange based outside the EU serving EU customers fall under MiCA?
Only if it is actively providing services into the EU (excluding genuine reverse solicitation). Reverse solicitation — where an EU customer approaches a non-EU exchange at their own exclusive initiative — is exempted, but the interpretation is narrow. EU-targeted marketing, EU-language sites or accepting EU payment methods brings the exchange into MiCA scope.
Is a MiCA white paper similar to a securities prospectus?
Structurally similar, content differs. A MiCA white paper has 18 mandatory sections (token description, issuer information, risks, rights and obligations, technological features, environmental impact). For utility tokens no NCA prior approval is required, but the issuer is liable for misleading content. For ARTs and EMTs prior approval is mandatory.
How long does CASP authorisation take?
Article 63 sets a target of 6 months from acceptance of a complete application by the NCA. In practice 9-12 months is more realistic — additional information requests, senior management interviews and compliance documentation iteration extend the timeline. Documentation quality is the single biggest driver of speed.
What is the biggest operational difference between MiCA and KVHS?
Passporting. A single EU licence grants the right to operate in 27 Member States; a KVHS licence is Turkey-only. The second major difference: MiCA's CASP categories (8 service classes) and service-specific capital thresholds define the operator's scope precisely; KVHS takes a more monolithic licence approach.
How Legichain Helps with MiCA
The technical foundation of a CASP application is its AML/KYC stack — the application package details this as the "compliance technology stack." The Legichain AML screening API satisfies AMLD5/6 and the forthcoming AMLR requirements for PEP, sanctions and adverse media, generating evidence documentation suitable for CASP applications. Our Travel Rule module provides TFR-compliant IVMS 101 messaging with sunrise-problem solutions. Our crypto exchange solution covers the end-to-end AML/KYC + Travel Rule infrastructure needed for a MiCA application, and supports TR-to-EU expansion with a dual-market configuration.