verified_user
Standardful
Homechevron_rightStandardschevron_rightMiCA
ActiveInternational Standardupdate Standard Updated: December 2024fact_check Fact checked: Jun 28, 2026

MiCA

Markets in Crypto-assets Regulation — Regulation (EU) 2023/1114

apartmentPublishing Organization:European Union

Standard Introduction

MiCA is an active standard published by European Union. It is commonly used across Finance & Banking, Technology, Services and applies in European Union, European Economic Area.

Use this page to review the official documentation, current status, and the certification or assessment bodies most commonly associated with MiCA.

account_balance_wallet

EU crypto market passport

MiCA creates a harmonised authorisation regime for crypto-asset service providers, allowing authorised firms to operate across the EU subject to regulatory conditions.

currency_exchange

Stablecoin controls

Asset-referenced tokens and e-money tokens face reserve, governance, redemption, white paper, and supervision requirements, with heightened scrutiny for significant tokens.

shield

Operational resilience link

Crypto firms often need to coordinate MiCA licensing with DORA ICT risk management, cybersecurity controls, outsourcing oversight, and incident response.

list_alt MiCA Compliance Themes

  • CASP authorisation and governance arrangements
  • Crypto-asset white papers and marketing communications
  • Stablecoin reserve, redemption, and prudential requirements
  • Market abuse prevention and conflicts management
  • Client asset safeguarding and complaint handling
  • DORA-aligned ICT risk and third-party oversight

Who Needs to Comply?

groups

Crypto-asset service providers, issuers of asset-referenced tokens, issuers of e-money tokens, trading platforms, custodians, exchange services, wallet providers, and fintechs offering crypto services to EU clients.

Key Requirements

1

Authorisation and governance

CASPs must obtain authorisation, maintain fit-and-proper management, implement governance controls, and meet prudential, safeguarding, and complaint-handling obligations.

2

White papers and disclosures

Issuers must publish compliant crypto-asset white papers and ensure marketing communications are fair, clear, and not misleading.

3

Stablecoin reserves and redemption

ART and EMT issuers must maintain reserve assets, redemption rights, governance arrangements, and additional controls for significant tokens.

4

Market abuse and conflicts

Implement controls for inside information, market manipulation, conflicts of interest, order handling, and fair treatment of clients.

Implementation Roadmap

1
Phase 1schedule Duration: 3-6 weeks

Define EU crypto-asset regulation scope

Identify the products, services, systems, entities, jurisdictions, teams, vendors, and stakeholders covered by MiCA. Confirm owners, boundaries, applicable obligations, documentation, and evidence expectations for crypto-asset classification, white papers, issuer obligations, asset-referenced tokens, e-money tokens, CASP authorization, governance, capital, custody, complaints, conflicts of interest, market abuse, ICT resilience, and supervisory reporting.

2
Phase 2schedule Duration: 4-10 weeks

Assess obligations and gaps

Compare current practices with the expected EU crypto-asset regulation approach. Review token classification, white-paper governance, reserve management, custody controls, prudential monitoring, fit-and-proper governance, complaint handling, conflicts management, market-abuse surveillance, outsourcing, ICT controls, and regulatory notifications, then prioritize gaps by legal exposure, financial reporting impact, security or privacy impact, customer commitments, operational dependency, and audit readiness.

3
Phase 3schedule Duration: 8-24 weeks

Implement controls and evidence

Deploy required procedures, technical controls, review gates, training, supplier workflows, reporting paths, and operational records. Maintain classification memos, white papers, authorization files, governance records, reserve reports, custody reconciliations, complaint logs, conflict registers, transaction surveillance alerts, outsourcing files, ICT evidence, and regulator correspondence as traceable evidence.

4
Phase 4schedule Duration: Ongoing

Review, report, and improve

Run management reviews, internal checks, independent assessments where applicable, corrective actions, and change reviews. Refresh the program when products, vendors, laws, incidents, assurance expectations, or stakeholder needs change.

Compliance Checklist

0 / 12

checklist Scope and accountability

checklist Controls and records

checklist Monitoring and assurance

Penalties & Enforcement

warning

MiCA enforcement is handled by national competent authorities with EU-level coordination by ESMA and EBA. Firms risk licence refusal or withdrawal, public enforcement measures, business restrictions, and administrative fines set under the regulation and national implementation rules.

Frequently Asked Questions

Who needs MiCA?

expand_more

MiCA is most relevant to crypto-asset issuers, offerors, trading platforms, custodians, exchanges, and crypto-asset service providers operating in or targeting the EU. The exact scope depends on products, services, jurisdictions, customer commitments, assurance requirements, and the organization's role in the relevant ecosystem.

Is MiCA certifiable?

expand_more

MiCA is an EU legal authorization and compliance regime, not a certification. Firms may need authorization, white papers, governance, prudential safeguards, and ongoing supervision.

What should implementation focus on first?

expand_more

Start by defining scope, obligations, accountable owners, and the evidence expected by regulators, auditors, customers, or governance bodies. Then perform a gap assessment against current controls and prioritize remediation by risk and deadline.

What evidence is useful for MiCA?

expand_more

Useful evidence includes classification memos, white papers, authorization files, governance records, reserve reports, custody reconciliations, complaint logs, conflict registers, transaction surveillance alerts, outsourcing files, ICT evidence, and regulator correspondence. Evidence should be version-controlled, attributable to owners, linked to obligations and controls, and retained for the required review or audit period.

How often should the program be reviewed?

expand_more

Review it at planned intervals and whenever laws, products, vendors, incidents, customer commitments, reporting cycles, or assurance expectations change. Higher-risk obligations should have more frequent monitoring and management reporting.

Official Documentation

View All

Implementation Timeline

gavel
June 2023
MiCA published in the Official Journal
currency_exchange
June 2024
Stablecoin rules for asset-referenced and e-money tokens started applying
account_balance_wallet
Dec 2024
Crypto-asset service provider rules started applying

Related Categories