One Constellation
Book a Demo
Crypto Compliance

MiCA Regulation Explained: Compliance Requirements for Crypto Firms in 2026

The EU's Markets in Crypto-Assets Regulation (MiCA) is the world's first comprehensive crypto framework. It introduces a unified authorisation regime for Crypto-Asset Service Providers, strict rules for stablecoin issuers, and market-conduct standards that apply across all 27 EU member states. This guide covers what MiCA actually requires and how it interacts with the Travel Rule and EU AMLR.

Published: May 2026 Category: Crypto Compliance Read time: ~11 minutes
Quick Answer
MiCA — Regulation (EU) 2023/1114 — is the EU's harmonised framework for crypto-assets. The stablecoin provisions applied from 30 June 2024; the Crypto-Asset Service Provider (CASP) regime applied from 30 December 2024 with a transitional period extending into 2026. MiCA does three things. First, it creates an authorisation regime: any firm providing crypto-asset services to EU customers — exchange, custody, transfer, portfolio management, advice — must be authorised as a CASP in one EU member state and can then passport across the bloc. Second, it imposes specific issuer requirements on stablecoins, distinguishing Asset-Referenced Tokens (ARTs, referenced to multiple assets) and Electronic Money Tokens (EMTs, referenced to a single fiat currency). Third, it sets market-conduct rules: prudential capital, custody segregation, conflict-of-interest controls, insider-dealing prohibitions, and white-paper disclosure for token offers. MiCA sits alongside (not instead of) the EU's AMLD/AMLR and the Travel Rule (TFR / Regulation 2023/1113) — so a CASP is subject to MiCA's authorisation and conduct obligations and to the full AML/CFT framework.

What MiCA Is and Who It Applies To

Before MiCA, crypto firms operating in the EU faced a fragmented patchwork — some member states had bespoke licensing regimes (Germany's BaFin, France's PSAN), others had only AML registration, and several had no specific framework at all. MiCA replaces this patchwork with a single set of rules that applies across the EU's single market.

MiCA distinguishes three categories of crypto-asset, each with different rules:

  • Asset-Referenced Tokens (ARTs) — tokens that aim to maintain a stable value by reference to multiple assets, currencies, or values (basket-referenced stablecoins). Subject to specific issuer authorisation and prudential requirements.
  • Electronic Money Tokens (EMTs) — tokens referenced to a single official currency. Issuers must be authorised as a credit institution or e-money institution.
  • Other crypto-assets — everything else: unbacked tokens such as Bitcoin and Ether, utility tokens, NFTs that are fungible in practice. Subject to white-paper publication requirements for public offerings and admission to trading.

The crypto-asset service providers — exchanges, custodians, broker-dealers, advisers, portfolio managers — fall under the CASP regime regardless of which category of crypto-asset they handle.

The CASP Authorisation Regime

Any firm wishing to provide crypto-asset services to EU customers must obtain CASP authorisation from the competent authority of one EU member state. Article 60 of MiCA lists the ten services covered, including:

  • Custody and administration of crypto-assets on behalf of clients.
  • Operation of a trading platform for crypto-assets.
  • Exchange of crypto-assets for funds or for other crypto-assets.
  • Execution of orders for crypto-assets on behalf of clients.
  • Placing of crypto-assets.
  • Reception and transmission of orders.
  • Advice and portfolio management on crypto-assets.
  • Transfer services for crypto-assets.

The authorisation requirements are substantial: minimum capital (ranging from EUR 50,000 to EUR 150,000 depending on services), a programme of operations, governance arrangements, internal controls, written policies and procedures, business continuity plans, complaints handling, conflict-of-interest management, and detailed disclosure documents. Authorisation decisions are issued within 40 business days following a complete file (extendable by a further 20 days).

Once authorised, the CASP can passport its services across the EU under the freedom-of-services regime — a single authorisation in any one member state grants market access to all 27.

Stablecoin Issuer Requirements

MiCA's stablecoin regime is the most prescriptive part of the regulation. The framework distinguishes between Asset-Referenced Tokens and Electronic Money Tokens, with somewhat different requirements for each.

For both categories, the issuer must:

  • Be authorised — ART issuers under Article 16 MiCA; EMT issuers as credit institutions or electronic-money institutions.
  • Publish a white paper describing the token, the underlying assets, the redemption rights, and the risks. The white paper is notified to the competent authority and made public.
  • Maintain a reserve of assets at all times fully backing the issued tokens, segregated from the issuer's own assets and held with a custodian credit institution, investment firm, or CASP.
  • Provide redemption rights — holders have the right to redeem tokens against the issuer at par value at any time, subject to procedures specified in the white paper.
  • Meet prudential requirements — own funds capital, liquidity buffers (specifically for EMTs), and operational resilience.
  • Submit to ongoing supervision — periodic reporting, audit of reserves, governance assessment by the competent authority.

"Significant" stablecoins — those exceeding defined thresholds for user numbers, transaction volume, or interconnection with the financial system — face additional requirements under the European Banking Authority's direct supervision, including higher capital and more granular reserve composition rules.

Market Conduct and Disclosure Rules

MiCA imports much of the substance of MiFID II's market-conduct framework into the crypto context. Authorised CASPs must:

  • Segregate client crypto-assets from the firm's own holdings, with daily reconciliation.
  • Maintain prudential safeguards covering operational, technological, and cyber-security risks.
  • Manage conflicts of interest with documented policies and disclosure where conflicts cannot be avoided.
  • Comply with market-abuse prohibitions — insider dealing, unlawful disclosure, market manipulation in crypto-asset markets are explicitly prohibited under Articles 86–92.
  • Publish white papers for public offers and admissions to trading of non-stablecoin crypto-assets, with mandatory content and a 12-month liability window for misleading disclosure.
  • Implement complaints handling meeting EU consumer-protection standards.

Enforcement powers and penalty levels mirror MiFID II/MAR — competent authorities can impose administrative fines up to the higher of EUR 5–15 million or a percentage of total turnover, plus criminal prosecution where national law permits.

AML Interaction — MiCA + Travel Rule + AMLR

MiCA is a conduct and authorisation regulation, not an AML regulation. The EU's AML framework continues to apply to crypto firms in parallel through three instruments:

  • The Transfer of Funds Regulation (TFR) — Regulation (EU) 2023/1113 — implements the FATF Travel Rule for crypto-asset transfers in the EU. Both the originating and beneficiary CASPs must collect and transmit specified information about the originator and beneficiary of any transfer.
  • The 6th AMLD (transitional) — the existing AML directive continues to apply until full transition to the AMLR.
  • The new AMLR — Regulation (EU) 2024/1624 — applies from 10 July 2027, will set directly applicable AML rules across all EU obliged entities including CASPs.

For practical purposes, this means a CASP operating in the EU faces three overlapping rulebooks: MiCA for authorisation and conduct, the TFR for crypto-transfer information requirements, and AMLD/AMLR for the full KYC, CDD, monitoring, and reporting stack. See our FATF Travel Rule guide and the EU AMLD page for the underlying frameworks.

Transitional Period
Member states have the option to allow firms that were already providing crypto-asset services under national law before 30 December 2024 to continue doing so under a transitional period until 1 July 2026. Some member states adopted the full 18-month transition; others shortened it. Firms operating under transitional arrangements must still meet MiCA's substantive conduct requirements during the transition — only the authorisation timing is deferred.

What Non-EU Crypto Firms Need to Know

MiCA applies wherever crypto-asset services are provided to EU-resident customers, regardless of where the provider is established. Three structural choices are available to non-EU firms:

  • Authorise in one EU member state and operate across the EU under passporting. The most common choice for firms seeking material EU market presence.
  • Restrict to "reverse solicitation" — providing services only to EU customers who initiated the relationship from their own initiative. The exemption is narrowly construed; passive marketing through EU-targeted advertising, EU localisation, or EU customer-acquisition campaigns destroys the exemption.
  • Withdraw from the EU market — block EU customers from onboarding and from continued service. Several non-EU exchanges have chosen this route rather than absorbing the authorisation cost.

For firms in our crypto industry vertical — including exchanges, custodians, and stablecoin issuers — the operational implications are substantial: a full programme covering MiCA authorisation, MiCA conduct rules, Travel Rule compliance, and the underlying AML/CFT obligations.

MiCA-Ready Compliance for Crypto Firms

One Constellation supports MiCA-regulated CASPs end-to-end — KYC for EU customers, ongoing CDD, Travel Rule compliant counterparty information, transaction monitoring, and full audit trail.

Book a Demo Crypto Industry Solutions
← FATF Travel Rule EU AMLD → All Articles
Scroll to Top