+357 25340025
Emelle Building, 135 Arch. Makarios III Avenue, Office No.32, 3rd floor 3021 Limassol, Cyprus
23 March
news

MiCA Licensing: A Structural Shift in the Regulation of Crypto-Asset Activities

The introduction of Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA) marks a fundamental transformation in the regulatory treatment of crypto-assets within the European Union. While crypto activities were previously subject to fragmented national frameworks, MiCA establishes, for the first time, a harmonised licensing regime governing both the issuance of crypto-assets and the provision of related services.

This shift reflects a broader regulatory objective: to integrate crypto-assets into the existing financial regulatory architecture, while addressing risks related to investor protection, market integrity, and financial stability.

As with other major EU regulations, MiCA is not simply an additional layer of compliance. It introduces a new operating model, requiring firms to reassess their structure, governance, and service offering in order to continue operating within the EU.

 

A New Licensing Perimeter for Crypto Activities

MiCA introduces a clear distinction between different categories of crypto-assets and activities, each subject to specific requirements.

At its core, the regulation applies to:

  • crypto-assets other than asset-referenced tokens (ARTs) and e-money tokens (EMTs),
  • asset-referenced tokens (commonly referred to as stablecoins), and
  • crypto-asset services provided on a professional basis.

The latter introduces the concept of Crypto-Asset Service Providers (CASPs), which now fall within a formal licensing regime under Title V of MiCA.

 

The scope of regulated services is deliberately broad and mirrors, to a significant extent, the structure of investment services under MiFID II. These include:

  • custody and administration of crypto-assets
  • operation of trading platforms
  • exchange of crypto-assets for funds or other crypto-assets
  • execution, reception and transmission of orders
  • placing of crypto-assets
  • portfolio management and advice and
  • transfer services on behalf of clients

This alignment is not incidental. It signals a regulatory intention to treat crypto-asset services with a level of scrutiny comparable to traditional financial services.

 

Authorisation as a Precondition for Market Access

Under MiCA, the provision of crypto-asset services within the EU is conditional upon authorisation as a CASP, unless the entity already holds a licence under another EU financial services framework and opts to use the notification regime.

This represents a significant departure from existing national regimes. Entities currently registered under local crypto frameworks are required to undergo a full authorisation process in order to continue operating post-MiCA.

Although MiCA provides for a transitional period, this is limited in scope. Importantly, firms operating under transitional arrangements do not benefit from passporting rights and may face restrictions on cross-border activities.

In parallel, MiCA introduces a notification-based regime (Article 60) for already authorised entities, such as investment firms or UCITS management companies. These entities may provide crypto-asset services upon notifying their competent authority, subject to strict procedural requirements.

The notification process itself is structured and time-bound. Firms must submit the required information at least 40 working days prior to commencing services, with the competent authority conducting an initial completeness assessment within 20 working days. Any requests for additional information may temporarily suspend the process.

 

From Licensing to Substance: Governance and Operational Requirements

The MiCA authorisation process is not merely formal. It is designed to assess whether firms are capable of operating in a safe, transparent, and resilient manner.

Applicants are required to provide detailed information covering:

  • their legal structure and organisational setup,
  • governance arrangements and internal control mechanisms,
  • safeguarding of client assets and segregation arrangements,
  • risk management and compliance frameworks, and
  • the suitability and integrity of management and shareholders.

In addition, MiCA introduces specific expectations in relation to operational resilience and ICT risk. CASPs must implement security measures covering access controls, system integrity, and incident management, as well as business continuity arrangements and recovery planning.

The emphasis is clear: licensing is conditional on the existence of an operationally effective framework, not merely documented policies.

 

Ongoing Obligations and Investor Protection

MiCA establishes an extensive set of ongoing obligations that extend well beyond the point of authorisation.

These include requirements relating to:

  • conduct of business, including the obligation to act honestly, fairly, and professionally,
  • management of conflicts of interest,
  • transparent and non-misleading communications, and
  • the maintenance of adequate systems and controls.

Investor protection is a central element of the framework. Where firms provide advice or portfolio management, they are required to conduct suitability assessments, taking into account the client’s knowledge, objectives, and risk tolerance. These assessments must be reviewed on an ongoing basis and supported by periodic reporting to clients.

At the same time, MiCA introduces requirements aimed at preserving market integrity, including the detection and reporting of market abuse and the disclosure of inside information.

 

Passporting and the EU Single Market

One of the most significant features of MiCA is the introduction of passporting rights for authorised CASPs.

Once authorised in one Member State, a CASP may provide services across the EU without the need for additional licences. This creates, for the first time, a truly single market for crypto-asset services.

However, this benefit is conditional upon full MiCA authorisation. Firms operating under transitional regimes or relying on national registrations do not benefit from this passporting framework, which reinforces the importance of timely authorisation.

 

Reverse Solicitation: A Narrow and Controlled Exemption

MiCA also addresses the concept of reverse solicitation, which has historically been used by firms to provide services without local authorisation.

Regulatory guidance makes clear that this exemption is interpreted narrowly. Any form of marketing or communication targeting EU clients, including through digital channels, may be considered solicitation.

In practice:

  • marketing through social media, affiliates, or influencers may fall within the scope of solicitation,
  • the exemption applies only to the initial client request, and
  • firms cannot rely on this exemption to offer additional or different services over time.

This significantly limits the ability of non-EU firms to access the EU market without authorisation.

 

Fees and Supervisory Costs

MiCA introduces a structured fee framework, covering both authorisation and ongoing supervision.

At the authorisation stage, fees vary depending on the type of services provided. For example, operating a trading platform entails higher fees compared to execution or advisory services, reflecting the increased complexity and risk.

On an ongoing basis, CASPs are subject to annual supervisory fees comprising:

  • a fixed component, determined by the services provided, and
  • a variable component, based on the firm’s turnover from crypto-asset services.

The variable component applies progressively, with percentages decreasing as turnover increases, and is capped at €500,000 annually.

This structure introduces a proportional approach, aligning supervisory costs with the scale of the firm’s activities.

 

A Shift from Access to Accountability

MiCA represents more than a licensing exercise. It reflects a broader shift from a relatively open and lightly regulated environment to one characterised by accountability, governance, and operational robustness.

Firms can no longer rely on minimal structures or fragmented compliance approaches. The regulation requires:

  • integration of governance, risk, and compliance functions,
  • clear allocation of responsibilities at management level, and
  • continuous monitoring and adaptation of operational frameworks.

In this sense, MiCA aligns crypto-asset regulation with the broader expectations applied to financial institutions.

 

FiveComply’s Perspective

From an implementation perspective, the main challenge under MiCA is not the interpretation of the regulation, but its practical application within complex and evolving business models.

Firms are often required to reassess fundamental aspects of their operations, including their service classification, outsourcing arrangements, and technological infrastructure.

In particular, the interaction between MiCA requirements and existing regulatory frameworks (such as MiFID II or AML obligations) introduces an additional layer of complexity that must be carefully managed.

Experience shows that the most effective approaches are those that focus not only on regulatory alignment, but on operational readiness, ensuring that governance, systems, and controls are capable of supporting ongoing compliance in practice.

 

Get in touch with our team to discuss your MiCA licensing strategy or CASP authorisation process:
📞 +357 25 34 00 25
📧 regulatory@fivecomply.com

DORA Is More Than a Checklist: Understanding the New Reality of Digital Operational Resilience