The EU's Markets in Crypto-Assets Regulation (MiCA) entered full application on 30 December 2024. For the first time, crypto businesses operating in Europe have a comprehensive regulatory framework covering everything from stablecoins to exchange services.
If you're building a crypto product for the European market, here's what you need to understand.
What MiCA Covers
MiCA applies to Crypto-Asset Service Providers (CASPs) — any entity that provides crypto services in the EU on a professional basis. This includes:
- Crypto exchanges (centralised and some decentralised)
- Custodians
- Crypto payment processors
- NFT marketplaces (with caveats)
- Stablecoin issuers
Purely decentralised protocols with no identifiable issuer or service provider are largely outside MiCA's scope — but this is a moving target as regulators develop interpretations.
The Authorisation Requirement
Under MiCA, any CASP serving EU customers must be authorised by a National Competent Authority (NCA) in an EU member state. The major NCAs are:
- BaFin (Germany)
- AMF (France)
- CBI (Ireland)
- MAS — not EU, but commonly used for comparison
The authorisation process involves:
- Submitting a detailed application covering business model, governance, AML/KYC procedures, and technical infrastructure
- Demonstrating adequate capital reserves (varies by licence type)
- Passing fit-and-proper tests for management
- Approval timeline: typically 3–6 months
Passporting: Once authorised in one EU member state, a CASP can passport the licence to serve customers across all 27 EU member states. This makes the initial jurisdiction choice important — some NCAs are faster and more pragmatic than others.
Capital Requirements
MiCA sets tiered capital requirements based on the type of services offered:
| Service Type | Minimum Capital |
|---|---|
| Basic CASP (advisory, reception/transmission) | €50,000 |
| Portfolio management | €125,000 |
| Exchange or trading platform | €150,000 |
| Custody services | €150,000 |
These are minimum thresholds. NCAs may require higher capital based on operational risk assessment.
AML/KYC Obligations
CASPs under MiCA must comply with the EU's 6th Anti-Money Laundering Directive (6AMLD), which requires:
Customer Due Diligence (CDD):
- Identity verification for all customers
- Enhanced Due Diligence (EDD) for high-risk customers and PEPs
- Ongoing monitoring of business relationships
Travel Rule compliance: For transfers above €1,000, CASPs must collect and transmit originator and beneficiary information. This is enforced via IVMS101 data format and requires integration with a travel rule solution (e.g., Notabene, Sygna, or similar).
Transaction monitoring: Real-time screening against sanctions lists (OFAC, EU, UN) plus blockchain analytics to assess on-chain risk.
Stablecoin-Specific Rules (Title III/IV)
Stablecoins receive special treatment under MiCA, split into two categories:
Asset-Referenced Tokens (ARTs): Pegged to multiple assets (e.g., a basket of currencies). Must be authorised as an ART, maintain a reserve, and comply with strict redemption rules.
E-Money Tokens (EMTs): Pegged to a single fiat currency (e.g., EURC, USDC). Must be issued by an authorised e-money institution or bank. USDC is EURC-qualified; USDT has faced scrutiny.
Importantly, algorithmic stablecoins are effectively banned under MiCA.
What This Means for Infrastructure Providers
If you're using a provider like BroLabel to power your product, the regulatory obligations typically fall on you as the CASP — you're the entity with the customer relationship and the MiCA licence.
However, your infrastructure provider's capabilities directly affect your compliance posture:
- Custody architecture: MiCA requires CASPs to segregate client assets. MPC wallets with per-user segregation (rather than omnibus pools) make this straightforward to demonstrate.
- Audit trails: MiCA requires comprehensive record-keeping. Your infrastructure should produce immutable audit logs of every transaction, access event, and wallet operation.
- Travel rule: Your on-ramp and off-ramp infrastructure needs to collect and transmit IVMS101 data.
At BroLabel, our infrastructure is designed with MiCA compliance in mind — per-user MPC wallets, full audit logs via webhook events, and travel rule metadata fields in our transaction API.
Getting Ready
If you're not yet MiCA-compliant, the path forward:
- Choose your authorisation jurisdiction: Ireland, Luxembourg, and Lithuania have been relatively fast. Germany and France are thorough but slower.
- Engage a RegTech consultant: MiCA applications require detailed technical and legal documentation.
- Audit your infrastructure: Ensure your custody model, AML stack, and travel rule solution are all MiCA-compatible.
- Apply early: The transitional period for firms that were operating pre-MiCA is narrowing. New entrants need a full authorisation.
MiCA is ultimately positive for the industry — it creates a clear, consistent framework that allows compliant crypto businesses to serve 450 million EU consumers with confidence. The compliance cost is real, but the market access it enables is significant.
Note: This article is for informational purposes only and does not constitute legal advice. Consult qualified legal counsel for specific regulatory guidance.