With the full rollout of the Markets in Crypto-Assets Regulation (MiCA), the European Union has replaced fragmented national rules with a single framework governing crypto activity across all 27 member states. For Crypto-Asset Service Providers (CASPs), this shift removes regulatory arbitrage and replaces it with uniform licensing, capital, and operational requirements. Firms that previously relied on lighter national regimes now face a binary choice: adapt to MiCA or exit the EU market.
What MiCA Means for Crypto Businesses
MiCA, formally Regulation (EU) 2023/1114, is the first EU-wide regime designed specifically for crypto assets and related services. It applies to exchanges, custodians, brokers, portfolio managers, and trading platforms offering services to EU residents.
To operate legally, a CASP must be incorporated in an EU member state and authorised by a national regulator. Once approved, that licence becomes valid across the entire Union.
CASP Licence Categories Under MiCA
MiCA groups CASPs into three licence classes, each with increasing regulatory and capital requirements:
- Class 1 covers advisory services, order transmission, portfolio management, and crypto transfers, with a minimum capital requirement of €50,000.
- Class 2 adds custody and exchange services, raising the capital threshold to €125,000.
- Class 3 includes the operation of a trading platform, requiring at least €150,000 in capital.
The classification determines not only capital but also the depth of governance, risk controls, and reporting obligations.
Core Compliance Obligations
MiCA compliance extends well beyond minimum capital.
Governance and management suitability: Directors and significant shareholders must meet “fit and proper” standards. Regulators assess professional background, reputation, and decision-making capacity, including criminal and financial history checks.
Client asset segregation: Client funds and crypto assets must be strictly separated from company assets. This requirement is designed to protect users in insolvency scenarios and prevent commingling.
Operational resilience and cybersecurity: MiCA aligns closely with the Digital Operational Resilience Act (DORA). CASPs must demonstrate resilient IT systems, incident response capabilities, and continuity planning to withstand outages or cyber incidents.
Prudential safeguards: Firms must maintain their own funds or insurance coverage proportionate to the services offered, ensuring they can absorb operational and legal shocks.
Jurisdictional Focus: Malta
Malta remains a key jurisdiction for crypto firms transitioning into the MiCA framework. Its regulator has supervised digital asset businesses for years under earlier regimes, giving it institutional familiarity with the sector.
According to LegalBison, for firms evaluating a CASP license in Malta, the jurisdiction offers regulatory continuity, established compliance infrastructure, and a predictable authorisation process, provided EU-wide substance and capital standards are met.
Existing operators licensed under Malta’s earlier framework can migrate into MiCA, subject to enhanced governance and financial requirements.
Jurisdictional Focus: Czech Republic
The Czech Republic has emerged as an alternative entry point for firms prioritising cost control and flexibility.
The country allows a longer transition window into MiCA, enabling existing virtual asset service providers to continue operating while adapting their structures. Establishing a local entity, appointing EU-resident management, and implementing compliant AML controls remain mandatory.
Passporting and EU-Wide Access
One of MiCA’s most significant features is passporting.
Once authorised in a single member state, a CASP can offer services across the EU without applying for additional national licences. This single-authorisation model sharply reduces regulatory overhead and enables faster market expansion.
AML, Travel Rule, and Market Abuse Controls
MiCA works alongside updated AML rules and the Transfer of Funds Regulation. CASPs must comply with the crypto “Travel Rule,” requiring originator and beneficiary data to accompany transactions.
Additional obligations include transaction monitoring, sanctions screening, suspicious activity reporting, and disclosure of inside information to prevent market manipulation.
From Application to Authorisation
The MiCA authorisation process typically spans several months and involves operational gap analysis, corporate structuring, policy documentation, regulatory submission, and supervisory review. Approved firms are listed in the EU’s central register of authorised CASPs.
Compliance as a Competitive Filter
MiCA raises the cost of entry, but it also filters out undercapitalised and weakly governed operators. Firms that achieve compliance gain regulatory clarity, EU-wide market access, and improved credibility with banks and institutional partners.
As the transitional period closes, MiCA is reshaping Europe’s crypto sector into a more consolidated and regulated market. CASPs that adapt early are positioned to operate at scale, while late movers face shrinking options.
Owais Sultan
