MiCA Regulation: What It Is, How It Works, and How It Affects Your Business in 2026

On April 20, 2023, the European Parliament approved Regulation (EU) 2023/1114 on markets in crypto-assets — known as MiCA (Markets in Crypto-Assets). It was the first comprehensive legislation worldwide to establish unified rules for issuing, public offering, and providing services related to crypto-assets across all 27 EU member states.

This is not a directive that each country transposes in its own way. It is a directly applicable regulation: the same rules apply in Spain, Germany, France, and Ireland. For businesses operating in the European crypto ecosystem, this changes the playing field entirely.

Before MiCA, each country had its own regime. Spain required registration with the Bank of Spain for exchange and custody service providers. France had its PSAN statute. Germany required a BaFin license. This fragmentation created regulatory arbitrage, duplicated legal costs, and entry barriers for startups wanting to operate across multiple markets. MiCA eliminates that fragmentation with a single European passport: one authorization in any member state lets you operate in all 27.

The real challenge isn’t understanding what MiCA is — it’s getting ready to comply before the deadlines expire. And those deadlines are already ticking.

MiCA timeline: the dates your business can’t ignore

MiCA didn’t activate all at once. Implementation follows a staggered calendar designed for gradual market adaptation:

Date	Milestone
June 2023	Publication in the Official Journal of the EU
June 29, 2023	Regulation enters into force
June 30, 2024	Application of Titles III and IV (ARTs and EMTs)
December 30, 2024	Full application of the regulation (all titles)
July 2026	End of transitional period for pre-existing CASPs

The critical date for most businesses is July 2026. Crypto-asset service providers (CASPs) that were already operating under national regimes have until that date to obtain full MiCA authorization. After that, operating without a license is illegal across the entire EU.

For stablecoin issuers, the deadline has already passed: since June 2024, they need to comply with reserve, governance, and redemption requirements. Issuers that didn’t adapt in time have had to cease operations in the EU. Tether, for instance, temporarily lost distribution on European exchanges that chose to proactively delist USDT.

Which businesses must comply with MiCA

MiCA affects two broad categories of actors:

1. Crypto-asset issuers

Any legal entity that issues crypto-assets and offers them to the public in the EU needs to publish a white paper (information document) and notify the competent authority. This includes:

Utility tokens: lighter requirements (white paper + notification, no prior authorization)
Asset-Referenced Tokens (ARTs): stablecoins pegged to multiple assets: require prior authorization from the competent authority, segregated reserves at a 1:1 ratio, specific governance, and regular audits
E-Money Tokens (EMTs): stablecoins pegged to a single fiat currency: require authorization as an electronic money institution, reserves held at credit institutions, permanent redemption rights at par value

The distinction between ARTs and EMTs is key. A token like USDC, backed 1:1 by US dollars, qualifies as an EMT. A token backed by a basket of currencies and gold would be an ART. The obligations differ significantly.

2. Crypto-asset service providers (CASPs)

CASPs are businesses offering professional services related to crypto-assets. MiCA defines 10 categories of services requiring authorization:

Custody and administration of crypto-assets
Operating a trading platform
Exchange of crypto-assets for fiat funds
Exchange of crypto-assets for other crypto-assets
Execution of orders on behalf of third parties
Placement of crypto-assets
Reception and transmission of orders
Advice on crypto-assets
Portfolio management of crypto-assets
Transfer services for crypto-assets

If your business offers any of these services to clients in the EU, you need CASP authorization. The process includes demonstrating financial solvency, adequate governance, compliance systems, and consumer protection protocols.

Financial entities already regulated (banks, investment firms, electronic money institutions) have a simplified path: they can notify their competent authority and provide certain CASP services without full additional authorization, although they must still comply with MiCA-specific obligations.

The 7 key MiCA requirements you need to know

1. Mandatory white paper

Every crypto-asset issuer must publish a white paper with specific information: project description, holder rights and obligations, underlying technology, risks, and issuer details. The structure is standardized by the Regulatory Technical Standards (RTS) that ESMA published throughout 2024 and 2025.

Unlike the white papers of the ICO era (2017-2018), these documents carry legal liability. Misleading or incomplete information can result in sanctions and civil liability toward investors.

2. Reserves and liquidity for stablecoins

ART issuers must maintain an asset reserve covering at least 100% of the circulating value, deposited in authorized credit institutions. EMTs have similar requirements but are regulated under the Electronic Money Directive. In both cases, reserve assets must be segregated from the issuer’s equity and audited periodically.

For ARTs deemed “significant” (more than 5 million holders, more than EUR 5 billion in circulation, or more than EUR 500 million in daily transactions), supervision shifts from the national authority to the European Banking Authority (EBA), with stricter capital requirements.

3. Governance and risk management

CASPs must implement:

A management body with demonstrable knowledge and experience in crypto-assets
Operational risk management policies, including cybersecurity
Business continuity procedures
Conflict of interest policies
Internal control and audit systems

This closely resembles what MiFID II already requires for investment firms. That’s no coincidence: MiCA is designed to gradually equalize the level of supervision of crypto-assets with that of traditional financial instruments.

4. Consumer protection

CASPs must act honestly, fairly, and professionally. In practice, this means:

Suitability assessments for advisory and portfolio management services
Obligation to inform about risks clearly and without misleading
Complaints policy with resolution deadlines
Segregation of client assets from the CASP’s own assets
Prohibition on using client crypto-assets for proprietary account (unless with explicit consent)

5. Market abuse prevention

MiCA introduces a market abuse regime specific to crypto-assets, inspired by the Market Abuse Regulation (MAR). The following are prohibited:

Using insider information to trade crypto-assets
Market manipulation (wash trading, spoofing, pump-and-dump)
Unlawful disclosure of insider information

CASPs must implement surveillance systems to detect suspicious transactions and report them to the competent authority.

6. Capital requirements

CASPs must maintain permanent minimum capital based on the type of services:

Service Type	Minimum Capital
Custody, trading platforms	EUR 150,000
Exchange, order execution	EUR 125,000
Advisory, order reception/transmission	EUR 50,000

Alternatively, the minimum capital can be 25% of the previous year’s fixed overhead expenses, whichever is greater.

7. Technology and cybersecurity requirements

CASPs must maintain resilient technology systems, including:

Business continuity and disaster recovery plans
Periodic security assessments
Incident management protocols
Compliance with the DORA regulation (Digital Operational Resilience Act), which applies in parallel to MiCA since January 2025

For businesses building on smart contracts, this means security audits shift from being a best practice to a regulatory expectation.

MiCA’s impact on tokenization, DeFi, stablecoins, and NFTs

Real-world asset tokenization (RWA)

Tokenization is probably the sector that benefits most from MiCA. Before the regulation, tokenizing a real estate asset in Spain required simultaneously navigating the Securities Market Act, CNMV regulations, and Horizontal Property Law, with no specific framework for the digital representation of rights.

MiCA doesn’t directly regulate security tokens (which remain under MiFID II), but it creates the regulatory environment needed for real estate tokenization and other real-world asset infrastructure to function with greater legal certainty. By regulating the CASPs that custody and trade these tokens, the exchanges where they’re listed, and the stablecoins used to purchase them, MiCA completes the regulatory puzzle.

The ERC-3643 standard, designed specifically for security tokens with on-chain compliance controls, aligns with MiCA requirements by allowing smart contracts to automatically verify investor eligibility, transfer restrictions, and reporting requirements.

DeFi: the major gray area

MiCA explicitly acknowledges that “fully decentralized” DeFi protocols fall outside its scope. Recital 22 of the regulation states that when services are provided in a fully decentralized manner, without an intermediary, MiCA does not apply.

The problem is defining what “fully decentralized” means. Few protocols truly are. If there’s an identifiable development team, a foundation managing the treasury, or a centralized front-end interface, regulators can argue that an intermediary subject to MiCA exists.

ESMA is developing guidelines to clarify this point, but market expectations are that most DeFi protocols with front-end interfaces and identifiable teams will need some form of registration or authorization. DEXes with centralized orderbooks and cross-chain bridges with centralized custody will likely be the first to fall within MiCA’s scope.

Stablecoins: the most immediate impact

Stablecoins have been MiCA’s primary focus since its inception. The TerraUSD collapse in May 2022, which wiped out more than $40 billion, accelerated the regulation’s approval.

Under MiCA, stablecoin rules are strict:

EMTs (like USDC or EURC by Circle) need authorization as electronic money institutions
ARTs need specific authorization and supervised reserves
Any stablecoin exceeding “significance” thresholds falls under direct EBA supervision
There is a daily transaction limit of EUR 200 million for stablecoins not denominated in euro, a measure designed to protect the euro’s monetary sovereignty

This last point generated enormous controversy. A daily transaction limit for USDT or USDC could fragment liquidity in European markets. The exact interpretation of how this limit is measured and enforced remains the subject of regulatory debate.

NFTs: the exclusion with caveats

MiCA expressly excludes NFTs (non-fungible tokens) that are “unique and not fungible.” But it establishes that if an NFT is issued in a “large series or collection,” or if it effectively functions as a means of payment, it may fall within the regulation’s scope.

This creates uncertainty for PFP collections (10,000 units with algorithmic variations), fractionalized NFTs, and gaming tokens with partial fungibility. ESMA has published preliminary guidelines, but the lines remain blurry. Companies in the NFT ticketing sector should evaluate case by case whether their tokens fit the exclusion.

MiCA vs regulation in the US, UK, and LatAm

The fundamental difference between the European approach and the rest of the world is clarity. MiCA defines categories, establishes requirements, and sets deadlines. Other markets continue navigating ambiguity.

United States

The US still lacks a unified federal regulatory framework for crypto-assets. The SEC (Securities and Exchange Commission) applies the 1946 Howey test to determine whether a token is a security, resulting in case-by-case enforcement actions. The CFTC claims jurisdiction over crypto commodities. Various legislative proposals (FIT21, the Stablecoin Trust Act) have advanced in Congress but without definitive approval to date.

The practical result: companies in the US operate in a “regulation by enforcement” environment where rules are discovered when you get fined. MiCA offers the opposite: an instruction manual upfront.

United Kingdom

The UK adopted an incremental post-Brexit approach. The FCA (Financial Conduct Authority) has regulated crypto-asset advertising since October 2023 and is working on a complete framework for stablecoins and CASPs. The timeline is 2025-2026 for regulated stablecoins and 2026-2027 for the full CASP framework.

The British approach is more flexible than MiCA in some respects (less prescriptive on stablecoin reserves) but slower in implementation. Companies operating in both markets will need to comply with both regimes.

Latin America

The regulatory environment in LatAm is fragmented:

Brazil: Law 14,478 establishes a framework for crypto-asset services, but implementation through secondary regulation advances slowly
Argentina: no comprehensive framework, although the CNV has issued specific resolutions for tokens issued as negotiable securities
Mexico: the 2018 Fintech Law was pioneering but has become outdated in the face of DeFi and stablecoins
Colombia: the Financial Superintendency launched regulatory sandboxes but without a definitive framework
El Salvador: unique case with Bitcoin as legal tender, but without specific CASP regulation

For Latin American fintech companies seeking to access the European market, MiCA is the standard they must meet. The MiCA single passport can be an incentive to establish a legal headquarters in the EU.

The role of Spain’s CNMV and Bank of Spain

In Spain, supervisory functions under MiCA are divided between two entities:

CNMV (Comisión Nacional del Mercado de Valores, National Securities Market Commission): authorizes and supervises CASPs, reviews white papers, and monitors compliance with market abuse rules
Bank of Spain: supervises EMT issuers (given their status as electronic money institutions) and prudential aspects related to financial stability

Prior to MiCA, the Bank of Spain managed a simple registry of crypto-asset exchange and custody service providers. That registry now becomes a full authorization regime managed by the CNMV.

The CNMV has published a transition guide for operators registered with the Bank of Spain, detailing the steps to obtain MiCA authorization before July 2026. Key points include:

Formal application submission with governance, capital, systems, and compliance documentation
Estimated evaluation timeline: 25 business days for admission + up to 40 days for resolution
Ability to continue operating under the transitional regime until July 2026 while the application is processed
Cooperation with ESMA to harmonize evaluation criteria with other national authorities

Spanish businesses should note that the CNMV has adopted a proactive approach to MiCA implementation. It has organized informational sessions with the sector, published periodically updated FAQs, and established pre-consultation channels. Leveraging these resources can significantly accelerate the authorization process.

How to prepare: compliance checklist for businesses

If your business operates in the European crypto ecosystem, here are the concrete steps to comply with MiCA:

Step 1: Determine your category

Identify whether your activity fits as a crypto-asset issuer (utility token, ART, or EMT) or as a CASP. If you offer multiple services, you’ll need authorization for each CASP service category.

Step 2: Regulatory gap analysis

Compare your current policies and procedures against MiCA requirements. The most common gaps are:

Absence of formal operational risk management policies
Insufficient segregation of client assets
Lack of suitability assessment procedures
Incomplete governance documentation
Compliance and AML systems not adapted

Step 3: Strengthen governance and compliance

Ensure your management body meets the knowledge and experience requirements. Implement or update:

Conflict of interest policy
Client complaints procedure
Business continuity plan
Security incident reporting protocol

Step 4: Prepare technical documentation

If you’re an issuer, prepare the white paper in compliance with ESMA’s RTS. If you’re a CASP, document your technology systems, security architecture, and custody protocols.

Step 5: Verify capital requirements

Calculate whether you meet the minimum capital required for your category. If you need to capitalize, do it well in advance. Capital increase processes can take months.

Step 6: Apply for authorization

Start the process with the CNMV (in Spain) as soon as possible. Demand for MiCA authorizations will concentrate in the months leading up to July 2026, and evaluation timelines could lengthen.

Step 7: Plan for ongoing compliance

MiCA is not a one-time process. It requires:

Periodic reports to the competent authority
Reserve audits (for stablecoin issuers)
White paper updates for material changes
Ongoing team training in crypto regulation

For businesses needing specialized blockchain consulting and regulatory guidance, working with advisors who understand both the technology and the legal framework is essential. Developing smart contracts compliant with MiCA requires integrating compliance checks directly into contract logic.

What MiCA means for the European crypto market

MiCA generates contradictory effects. On one hand, it raises entry barriers: annual compliance costs for obtaining and maintaining CASP authorization are estimated at EUR 200,000 to 500,000 for mid-sized companies, according to the European Blockchain Association. Early-stage startups may find these costs prohibitive.

On the other hand, legal certainty attracts institutional capital. Financial institutions that avoided the crypto sector due to regulatory risk now have a clear framework to operate within. Deutsche Bank, Société Générale, and Santander have already obtained or applied for crypto-asset custody licenses under MiCA.

The net effect will likely be market consolidation: fewer operators, but larger and more solvent ones. Companies that adapt early will have a competitive advantage over those that wait until the last moment.

For the Spanish market in particular, MiCA can be an opportunity. Spain has a solid fintech ecosystem, competitive operating costs compared to other European markets, and a CNMV that has shown willingness to facilitate the transition. Companies that obtain MiCA authorization in Spain can operate across the entire EU with a single regulatory passport.

Keep exploring

If you want to dive deeper into topics related to MiCA and crypto regulation, these articles give you the full context:

What Is Tokenization: Complete Guide to Tokenized Assets in 2026: how real-world asset tokenization integrates with MiCA
What Is DeFi: Complete Guide to Decentralized Finance: why DeFi sits in a gray area under MiCA and what to expect from regulation
What Is a CBDC: Guide to Central Bank Digital Currencies: the relationship between the digital euro, CBDCs, and MiCA’s regulatory framework
What Is a Fintech Company: How They Work and Why They Matter: how MiCA affects the European and Spanish fintech ecosystem
Real Estate Tokenization: Complete Guide: how tokenized real estate interacts with MiCA compliance requirements

Frequently asked questions about MiCA regulation

What is MiCA in crypto?

MiCA (Markets in Crypto-Assets) is the European Union regulation that establishes a unified regulatory framework for the issuance, public offering, and provision of services related to crypto-assets across all 27 member states. It entered into force in June 2023, with full application since December 2024 and a transitional period for existing CASPs ending in July 2026.

Who does MiCA affect?

MiCA affects two main groups: crypto-asset issuers (utility tokens, ARTs, and EMTs/stablecoins) and crypto-asset service providers (CASPs): exchanges, custodians, advisors, portfolio managers, and trading platforms. Already-regulated financial entities have a simplified path but must also comply with specific obligations.

Does MiCA regulate DeFi?

MiCA explicitly excludes services provided in a “fully decentralized manner, without an intermediary.” However, most DeFi protocols have identifiable teams, foundations, and centralized front-ends, which may place them within the regulatory scope. ESMA is developing guidelines to clarify which protocols are covered.

What happens to NFTs under MiCA?

Unique and non-fungible NFTs are excluded from MiCA. But if an NFT is issued as part of a “large series or collection” (like PFP collections of 10,000 units) or effectively functions as a means of payment, it may fall under the regulation’s scope. ESMA has published preliminary guidelines, but interpretation remains case by case.

How much does MiCA compliance cost?

Costs vary significantly by category. For mid-sized CASPs, annual compliance estimates range from EUR 200,000 to 500,000, including regulatory capital, compliance systems, audits, and legal advisory. For significant stablecoin issuers, costs are substantially higher due to EBA reserve requirements and supervision.

What is the MiCA compliance deadline?

CASPs that were operating under national registration regimes have until July 2026 to obtain full MiCA authorization. It is recommended to start the process as early as possible, as the concentration of applications may extend evaluation timelines.

Does MiCA replace national regulation?

Yes. MiCA is a directly applicable EU regulation: it replaces national crypto-asset registration and authorization regimes. In Spain, the former Bank of Spain registry for exchange and custody providers is replaced by CASP authorization managed by the CNMV.

Need guidance preparing your business for MiCA? At Beltsys Labs, we help you navigate European crypto regulation and implement blockchain solutions compliant with the new regulatory framework. Schedule a consultation with our team.