MiCA Regulation for the Crypto-Asset Market

MiCA Regulation for the Crypto-Asset Market

The European Union has adopted the Markets in Crypto-Assets Regulation (MiCA), published as Regulation (EU) 2023/1114. It is the world's first comprehensive regulatory framework governing the issuance, offering and supervision of crypto-assets. Its purpose is to eliminate regulatory fragmentation, which until now allowed regulatory arbitrage between countries.

For Spanish companies already operating, or planning to operate, in the blockchain sector, MiCA establishes specific authorisation, transparency and conduct obligations. The regulation affects both token issuers and crypto-asset service providers. The transitional period in Spain ends on 1 July 2026, after which only entities holding MiCA authorisation will be permitted to operate.

What Is the MiCA Regulation and Why Is It a Historic Milestone for the Crypto Sector?

The MiCA Regulation establishes the world's first unified regulatory framework for crypto-assets. Approved by the European Parliament and the Council, it applies directly across all 27 EU Member States and regulates both the issuance of crypto-assets and the activities of crypto-asset service providers.

Crypto-assets that did not fall within existing financial legislation such as MiFID II, the Electronic Money Directive or the Payment Services Directive previously operated without harmonised rules across Member States. This situation created risks for investor protection and contributed to regulatory fragmentation throughout the European Union.

The regulation adopts a technology-neutral approach and focuses on regulating economic risks rather than the underlying technology. Under the principle of "same activity, same risks, same rules", crypto operators are subject to obligations comparable to those imposed on traditional financial market participants.

MiCA forms part of the Digital Finance Package adopted by the European Commission in September 2020, aimed at reducing legal uncertainty and facilitating the cross-border scalability of blockchain-based business models while strengthening the EU's competitiveness as a leading jurisdiction for the token economy.

Main Objectives of the MiCA Regulation

MiCA pursues five fundamental objectives throughout the European Union. The regulation harmonises crypto-asset rules across Member States, protects retail investors, safeguards market integrity, preserves financial stability in relation to large-scale stablecoins and encourages innovation without imposing disproportionate burdens.

Investor protection is implemented through mandatory white papers that provide impartial information about the issuer, the project, the rights attached to the crypto-asset and the principal risks involved. Retail purchasers acquiring crypto-assets directly from the offeror benefit from a 14-day withdrawal right, while funds raised during an offering must be safeguarded by an independent third party.

Market integrity is protected through specific rules against market manipulation, insider dealing and the dissemination of false or misleading information relating to crypto-assets.

To protect financial stability, MiCA imposes enhanced capital, governance and reserve requirements on issuers of asset-referenced tokens and electronic money tokens that become significant. According to the Spanish National Securities Market Commission (CNMV), these objectives are complemented by anti-money laundering and counter-terrorist financing measures.

Classification of Assets Under MiCA: Which Tokens Are Covered?

MiCA establishes three categories of crypto-assets, each subject to a different regulatory regime.

Electronic Money Tokens (EMTs)

EMTs are crypto-assets designed to maintain a stable value by referencing a single official currency, such as the euro. They function as electronic substitutes for cash and may only be issued by authorised credit institutions or electronic money institutions.

Asset-Referenced Tokens (ARTs)

ARTs maintain a stable value by referencing multiple currencies, commodities or other assets. These tokens are subject to additional prudential requirements, restrictions on their use as a means of payment and enhanced reserve management obligations.

Other Crypto-Assets

Other crypto-assets include utility tokens and general-purpose cryptocurrencies such as Bitcoin and Ether. They are subject to white paper requirements, conduct obligations and market abuse rules, but not to the prudential requirements applicable to EMTs and ARTs.

The tokenisation of assets on permissioned blockchain networks may also create tokens subject to MiCA where they meet the regulation's definition of a crypto-asset.

The regulation excludes financial instruments governed by MiFID II, central bank digital currencies (CBDCs), genuinely unique non-fungible tokens (NFTs) and tokens used within limited networks.

Timeline and Key Dates: When Does MiCA Apply in Spain?

MiCA entered into force on 29 June 2023 through a phased implementation process.

The provisions relating to asset-referenced tokens and electronic money tokens have applied since 30 June 2024.

The remainder of the regulation, including obligations for crypto-asset service providers, has applied since 30 December 2024.

Spain opted for an 18-month transitional period for crypto-asset service providers. According to the CNMV, this period will end on 1 July 2026. From that date onwards, only providers holding MiCA authorisation granted by the CNMV or another competent authority within the European Union will be allowed to operate in the Spanish market.

During the transitional period, entities registered with the Bank of Spain for virtual currency exchange services and custodial wallet services may continue operating without MiCA authorisation. Businesses that were already providing other crypto-asset services, such as investment advice or portfolio management, before 30 December 2024 may also continue operating until the transitional period expires.

Companies intending to apply for MiCA authorisation should begin strengthening their compliance functions and preparing the required documentation well in advance of July 2026.

The Role of the CNMV and the Bank of Spain

Spain has designated the CNMV and the Bank of Spain as the competent authorities for MiCA supervision.

The CNMV supervises issuers of crypto-assets other than ARTs and EMTs, as well as crypto-asset service providers.

The Bank of Spain is responsible for supervising, inspecting and sanctioning issuers of ARTs and EMTs.

This allocation of responsibilities was formalised through the 2023 Securities Markets and Investment Services Act.

At European level, the European Securities and Markets Authority (ESMA) leads supervisory convergence through technical standards and guidelines relating to crypto-asset classification, market abuse and transitional measures.

The European Banking Authority (EBA) directly supervises significant issuers of ARTs and EMTs.

The European passporting mechanism enables a CASP authorised in one Member State to provide services throughout the EU via notification, without requiring additional national licences.

MiCA is complemented by eIDAS2, the European Digital Identity Regulation, and DORA, the Digital Operational Resilience Act. Together, these regulations establish an integrated regulatory ecosystem for digital and financial services across Europe.

Compliance Challenges for Businesses and Financial Institutions

The implementation of MiCA requires businesses and financial institutions to correctly classify their tokens, strengthen governance frameworks, comply with prudential capital requirements and integrate anti-money laundering and counter-terrorist financing obligations into their crypto-asset operations.

Correct asset classification determines the entire regulatory regime that applies. Distinguishing between an ART, an EMT, another crypto-asset regulated under MiCA, a financial instrument governed by MiFID II, or an excluded NFT represents the first major challenge for market participants. Although ESMA publishes guidance on classification, assessments must be conducted on a case-by-case basis, taking into account the economic and legal design of each token.

In addition to classification requirements, organisations must comply with prudential obligations covering initial capital requirements, own funds proportional to risk exposure, secure IT systems, business continuity arrangements and outsourcing policies.

MiCA also requires providers to keep clients’ crypto-assets and funds segregated from their own assets.

European anti-money laundering regulations apply to all Crypto-Asset Service Providers (CASPs), supported by European Banking Authority guidelines on sanctions exposure assessments and customer screening processes. According to industry estimates, compliance costs for crypto start-ups typically range between €50,000 and €100,000.

Organisations seeking to manage this regulatory burden can benefit from document traceability systems and compliance automation tools.

ISBE: A Trusted Infrastructure for MiCA Compliance

ISBE, the Spanish Blockchain Services Infrastructure, incorporates compliance with the GDPR and eIDAS2 by design and integrates the requirements of MiCA, DORA and other European regulations directly into its architecture.

Companies operating with crypto-assets can therefore rely on a technological foundation that embeds regulatory compliance from the outset.

ISBE offers a public-permissioned model consisting of two network types.

Bare Network

The Bare Network provides the highest level of regulatory compliance for use cases requiring legal validity and trusted governance.

Use Case Networks

Use Case Networks provide greater flexibility for applications prioritising performance optimisation or cost efficiency.

This dual-network approach allows organisations to balance compliance, performance and cost according to their specific business requirements.

The infrastructure provides ready-to-use tools, including open-source Smart Contracts, integration APIs and digital identity services.

Companies operating under MiCA can deploy tokenisation, traceability and certification solutions without building their own infrastructure or assuming the full technical complexity associated with regulatory compliance.

ISBE is developed under the Collaboration Agreement between the Community of Madrid and the Alastria Consortium and is funded by the European Union through the Next Generation EU programme.

Its benefits for organisations include European interoperability, decentralised governance and cross-border legal validity under eIDAS2.

Are you operating with crypto-assets, or planning to do so under the new European regulatory framework? Discover how ISBE simplifies regulatory compliance through a secure, interoperable blockchain infrastructure designed specifically for the European regulatory environment.

Frequently Asked Questions About the MiCA Regulation

Are NFTs Regulated Under the MiCA Regulation?

Genuinely unique NFTs are generally excluded from MiCA.

The regulation excludes crypto-assets whose value derives from unique and non-interchangeable characteristics. However, if NFTs are fractionalised or issued in large collections that make them effectively fungible in practice, they may become subject to MiCA obligations.

ESMA consistently emphasises the importance of applying a substance-over-form approach based on the economic characteristics of the asset.

How Does MiCA Affect Decentralised Finance (DeFi) Projects?

MiCA does not regulate decentralised finance as such.

Services provided in a fully decentralised manner, without identifiable intermediaries, generally fall outside the scope of the regulation.

However, where an entity exercises direct or indirect control over a DeFi protocol or interface, authorisation and conduct requirements may apply.

The EBA and ESMA continue to monitor the evolution of DeFi and may propose future regulatory developments.

What Is the European Passport for Crypto-Asset Service Providers?

The European passport allows a crypto-asset service provider authorised in one EU Member State to provide services throughout the European Union through a notification procedure, without obtaining additional national licences.

This mechanism mirrors the passporting frameworks already established under MiFID II and the Payment Services Directive, facilitating the cross-border scalability of authorised operators.

Are There Penalties for Non-Compliance With the MiCA Regulation?

MiCA establishes a minimum framework for administrative sanctions that each Member State must incorporate into its national legal system.

Competent authorities may impose fines, cease-and-desist orders and corrective measures that are required to be effective, proportionate and dissuasive.

Failure to comply with anti-money laundering requirements and financial sanctions regulations may result in additional consequences for crypto-asset service providers.