Dr. Verena Ritter-Döring


Read More

Miroslav Đurić, LL.M.


Read More

Dr. Verena Ritter-Döring


Read More

Miroslav Đurić, LL.M.


Read More

6 June 2023

June 2023 – 5 of 6 Insights

Navigating MiCA (Part 3): Authorization regime for crypto-asset service providers

  • In-depth analysis


This is the third part of our MiCA Series that explores the new Markets in crypto-assets (MiCA) Regulation in which we are focusing on the new authorization regime for crypto-asset service providers operating in the EU. As a recap, in Part 1 of our Series we have provided a general overview of the new regulatory framework, its scope application and the expected timeline and in Part 2 we have focused on the new requirements applicable to public offerings of crypto-assets in the EU.

Last year was everything but an easy one for the crypto-industry: massive implosion of one of the largest crypto-exchanges in the world, FTX, and the collapse of Terra/Luna stablecoin have sent the showcases throughout the world sending the values of major crypto-assets to new lows and weakening the confidence of investors in the industry as a whole. These events brought the question of regulation of crypto-assets on the top of the agenda of regulators around the world that became keener than ever to put the industry under closer regulatory scrutiny.

And while these events have been a wakeup call for some jurisdictions, the EU was at this point already working on a new regulatory framework for crypto-assets aiming to become the first major jurisdiction with a clear set of rules applicable to persons providing crypto-asset related services to its residents such as crypto-exchanges and crypto-custodians.

Scope of the authorization regime

By following basic principles of the existing financial regulation in the EU (especially the MiFID II framework), MiCA introduces common authorization requirements combined with operational, governance and conduct requirements that of crypto-asset service providers operating in the EU will be required to comply with.

Prior to starting with the provision of any of the following of crypto-asset services, prospective crypto-asset service providers (CASPs) will need to apply for authorization with the national competent authority (NCA) in the Member State of their establishment:

  • the custody and administration of crypto-assets on behalf of third parties;
  • the operation of a trading platform for crypto-assets;
  • the exchange of crypto-assets for funds / exchange of crypto-assets for other crypto-assets;
  • the execution of orders for crypto-assets on behalf of third parties;
  • placing of crypto-assets;
  • the reception and transmission of orders for crypto-assets on behalf of third parties;
  • providing advice on crypto-assets;
  • providing portfolio management services in relation to crypto-assets;
  • providing transfer services for crypto-assets on behalf of third parties;

Only legal persons (and other undertakings) that have a registered office, their place of effective management and at least one director in the EU will be able to apply for authorization under MiCA and subsequently provide crypto-asset services to EU residents.

With respect to the latter group of prospective CASPs (other undertakings) they will be able to obtain authorization under MiCA where their legal form ensures a level of protection for third parties’ interests equivalent to that afforded by legal persons and if they are subject to equivalent prudential supervision appropriate to their legal form. Despite the fact that MiCA does not contain clear explanation which types of entities are targeted with this term, it appears that EU lawmakers were keen to extend the scope of application of MiCA to certain types of decentralized autonomous organizations (commonly known as “DAOs”) that may stand behind a platform via which crypto-asset services are being provided to EU residents. See our previous publication for more information on DAOs and possible legal structures that can be used for their efficient funcitoning.

EU Passport

Based on a single license obtained in the home Member State, CASPs will be able to provide services across the EU in accordance with the “passporting” mechanism which is common in other major pieces of the EU financial regulation. This will be possible either through the right of establishment, including through a branch, or based on the freedom of provision of services.

Key requirements

For the purposes of authorisation as well as on an ongoing basis, CASPs will be required to ensure compliance with the following requirements:

Governance: members of the management body will need to be of sufficiently good repute and possess the appropriate knowledge, skills and experience as well as that they have sufficient time to dedicate to manage effectively a CASP. Further, CASPs will need to implement a number of internal processes, procedures and systems and establish effective internal governance structure.

Prudential requirements: CASPs will be required to maintain own capital in the amount of:

  • €150,000 for operators of trading platforms;
  • €125,000 for crypto-custodians and CASPs providing exchange services; and
  • €50,000 for all other CASPs.

Complaints Handling & Conflict of Interest: CASPs will be required to establish and maintain effective and transparent procedures for the handling of complaints received from their clients as well as to establish effective internal framework on management of conflict of interest in a similar way like regulated investment firms under MiFID II framework;

Outsourcing: When entering into outsourcing arrangements with third parties, CASPs will be required to comply with a number of requirements on outsourcing (that follow the main principles from the EBA Guidelines on outsourcing arrangements) that aim to ensure proper management of relevant legal and operational risks related to delegation of performance of CASPs tasks and functions to third parties;

Market Abuse: By mirroring the main principles of the EU regime on prevention of market abuse anchored in the Market Abuse Regulation (MAR), MiCA requires CASPs to ensure compliance with specific requirements that prohibit insider dealing, unlawful disclosure of inside information related to crypto-assets as well as market practices that can give rise to market manipulation.

In addition to the above mentioned, a number of additional requirements will apply for CASPs providing specific crypto-asset services in particular CASPs providing custody services, placement services, operating trading platforms as well as providing advisory and portfolio management services in relation to crypto-assets.

In the light of recent scandals that show how important proper safekeeping of customer’s crypto-assets by crypto custodians is, MiCA introduces strict requirements on CASPs that are looking to obtain authorization for custody and administration of crypto-assets. They will be required to legally segregate holdings of crypto-assets on behalf of their clients from their own holdings in a way that ensures that creditors of the CASP have no recourse to customer’s crypto-assets held in custody, in particular in the event of insolvency of the CASP.

Sustainability in focus

For quite some time now, the EU has been committed to creating the first comprehensive regulatory framework on sustainable finance that aims to enable channeling of more funds from the financial services industry towards financing of sustainable economic activities. This rising sustainability awareness in the EU policy making circles, led EU lawmakers to consider including certain additional requirements into MiCA, that would bring the emerging regulatory framework on crypto-assets in line with the Union’s sustainability policy.

To that end, MiCA requires CASPs to publish on their website, information related to the principal adverse impacts on the climate and other environment-related adverse impacts of the consensus mechanism used to issue each crypto-asset in relation to which they provide services. Given that the issuers of crypto-assets are required to include this information in the crypto-asset whitepaper, CASPs will be able to source this information directly from the offering documentation received from the issuers.

Equivalence regime for regulated institutions

Due to the fact, that the requirements that will apply to CASPs are rather less onerous than the ones that apply to regulated financial institutions in the EU, MiCA provides for an equivalence regime for certain regulated institutions that will be able to provide crypto-asset services based on their existing licenses.

To that end, the following types of regulated entities will be able to provide the following crypto-asset services based on their existing licenses:

MiFID II investment firms: crypto-asset services equivalent to the MiFID investment or ancillary service for the provision of which they are already authorized (e.g. custody and administration of crypto-assets on behalf of third parties if the investment firm is authorized under national law to provide safekeeping and administration of financial instruments for the account of clients);

Credit institutions authorized under CRD/CRR framework: all crypto-asset services;

Electronic money institutions authorized under EMD II: custody and administration of crypto-assets on behalf of third parties and transfer services for crypto-assets on behalf of third parties with regard to the e-money tokens (where they issue any);

UCITS management companies or AIFM: crypto-asset services equivalent to the portfolio management and top-up services for which they are authorized under UCITS/AIFMD framework.

Market operators authorized under MiFID II: operation of a trading platform for crypto-assets.

Central securities depositories: custody and administration of crypto-assets on behalf of third parties.

Fast track procedure for existing crypto-companies?

Bearing in mind that some EU Member States already have in place national regulatory frameworks regulating the crypto-industry, MiCA leaves a possibility for Member States to apply a simplified procedure for applications for an authorization submitted by entities that are already authorized under national law to provide crypto-asset services. In such case, the NCAs will be required to ensure that these applicants comply with key requirements under MiCA.

Further, EU lawmakers have left a possibility for Member States to grandfather the status of authorized CASPs, to entities that provide crypto-asset services in accordance with national frameworks, for up to 18 months after MiCA go live date or until they obtain new MiCA license (whichever sooner).

Reverse Solicitation

By following the old reverse solicitation principle common in the financial services industry, MiCA acknowledges that where a third-country firm provides crypto-asset services at the exclusive initiative of an EU customer, license obligation will not apply. Nonetheless, where a third-country firm solicits clients or potential clients or promotes or advertises crypto-asset services or activities to customers in the EU, the license requirement will be triggered and the firm will be deemed as providing regulated crypto-asset services in the EU without a license.

Where a non-EU firm is relying on this reverse solicitation option, it will be prohibited from marketing new types of crypto-assets or crypto-asset services to the EU customer at whose exclusive initiative the service was provided in the first place. That being said, active provision of regulated crypto-asset services from a non-EU country (e.g. UK, US) to EU residents will not be a feasible option for companies that are looking to establish a footprint in the EU.


By adopting MiCA, EU lawmakers have paved the way for the EU to become the largest jurisdiction with a comprehensive regulatory framework on crypto-assets that shall increase the level of regulatory certainty and investor protection within the EU Single Market. Companies looking to obtain authorization under the new regime will be able to gain access to the lucrative European market based on a single set of rules but will nonetheless need to meet a number of regulatory requirements and meet high regulatory expectations. Whereas some firms that are currently operating under national frameworks in some EU Member State (like Germany or Malta) will likely be able to leverage their existing internal frameworks to obtain MiCA license, non-regulated firms shall be prepared to dedicate sufficient amount of time, financial and human resources in order to meet new regulatory requirements under MiCA.

And while the EU is still at the forefront when it comes to regulation of the crypto-industry, other jurisdictions around the world appear to be catching up: in the UK, the HM Treasury has recently unveiled the plan for a comprehensive regulatory framework on cryptoassets that, indicates that the UK will create dedicated rules on crypto-assets in several phases starting with the rules on stablecoins first and moving to creation of a designated authorisation framework for crypto-asset service providers at a later stage. In Asia, the Emirate of Dubai and Hong Kong are increasingly competing between each other both looking to become a hub for the crypto-industry in Asia by creating designated and crypto-friendly regulatory frameworks aimed at attracting major companies. Nonetheless, with a single market of nearly 450 million people and the new set of clear set of rules applicable to operators in the crypto-sector, the EU will certainly remain top priority for any firm looking to engage in the provision of crypto-asset services at international level.

In this series

Technology, media & communications

Spatial Computing: are IP laws a match for new technology?

30 June 2023

by Multiple authors

Financial services regulatory

IOSCO consults on a global blueprint for crypto regulation

5 June 2023

by Multiple authors


AI and video games: getting the balance right

Erik Steiner looks at the opportunities in the games industry offered by AI, and at how to manage the associated legal risks.

9 May 2023

by Erik Steiner


The latest legal insights and developments on the metaverse, NFTs, Web3, cryptocurrencies and blockchain technology.

Check out now!
Check out now!
Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.


Related Insights

Artificial Intelligence Act

AI in Financial Services: embracing the new reality

19 April 2023

by Dr. Verena Ritter-Döring and Miroslav Đurić, LL.M.

Click here to find out more
Multi Coloured Computer Wafer Macrophotography
Banking & finance

Regulation of NFTs in the EU

With different jurisdictions taking different paths in terms of regulatory classification of NFTs, the question can be raised: where the EU is currently standing, and more importantly, where it is heading when it comes to this topic?

24 October 2022
In-depth analysis

by Miroslav Đurić, LL.M.

Click here to find out more
Open vault door revealing computer servers
Banking & finance

DLT Pilot Regime: the EU opens the door for DLT market infrastructures

7 June 2022

by Miroslav Đurić, LL.M. and Dr. Verena Ritter-Döring

Click here to find out more