MiCA in Germany

MiCA Licence in Germany

On 20 April 2023, the European Parliament adopted Regulation ( EU ) 2023/1114 on the regulation of markets in cryptoassets (MiCA). The Council of the European Union approved it on 16 May 2023. The Regulation was published in the Official Journal of the European Union on 9 June 2023 and entered into force on 29 June 2023.
The European Commission presented a legislative proposal for MiCA on 24 September 2020 as part of the financial sector digitalisation package. In addition to the MiCA proposal, the package includes the Digital Operational Resilience Act (DORA), a proposal for a pilot regime for market infrastructures based on distributed ledger technology (DLT) and a digital finance strategy. MiCA aims to create a harmonised European regulatory framework for cryptoassets that will foster innovation and enable the realisation of the potential of cryptoassets, while ensuring financial stability and investor protection.

MiCA distinguishes between primary market activities, i.e. the issuance of cryptoassets, and secondary market services, so-called cryptoasset-related services. In particular, MiCA regulates transparency and disclosure requirements for the issuance and trading of cryptoassets, licensing and supervision requirements for cryptoasset service providers (CASPs) and cryptoasset issuers, the proper organisation of the business of cryptoasset issuers and service providers, rules to protect investors and consumers in the issuance, trading and custody of cryptoassets, and rules against abuse on crypto trading venues.

Different MiCA rules apply at different times.

The provisions on asset-backed tokens (“ARTs”) and electronic money tokens (“EMTs”) in Title III and Title IV apply from 30 June 2024.

The provisions relating to the authorisation and ongoing supervision of CASPs in Section V apply from 30 December 2024. All other MiCA provisions (in particular Title II and Title VI) that do not apply directly under Article 149(4) MiCA also come into force from 30 December 2024. In addition, certain articles have already entered into force as of 29 June 2023.

The Cryptocurrency Market Surveillance Act, which is a national supplement to the MiCA, was published in the Federal Legislative bulletin on 27 December 2024. In parallel, the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) are developing regulatory and technical standards, implementation standards and guidelines to further clarify the application of MiCA.

Markets in crypto assets regulations from 30 June 2024 in Germany

Part 1: Asset-Related Tokens (ART) and Electronic Money Tokens (EMT)

The responsible authority for the authorisation procedures under Articles 16 et seq. of the MiCA , as well as for the reviews of official documents under Article 17(1)(a) of the MiCA, is Unit ZK 1 of the BaFin Banking Supervision Authority and the relevant regional office of Deutsche Bundesbank, as published in the Federal Gazette on 22 March 2024, with respect to the specific provisions on the ongoing supervision of certain undertakings by the regional offices of Deutsche Bundesbank .

Part 2: Cryptocurrencies other than asset-backed tokens (ART) and electronic money tokens (EMT)

Providers of cryptoassets other than ART or EMT , as well as persons applying for admission to trading in such cryptoassets, must prepare a white paper at least 20 business days before the publication of the white paper of the cryptoasset in accordance with Article 8(5) MiCA and submit it to BaFin as competent authority in accordance with Article 8(1) MiCA . Possible exceptions are governed by Article 4 of the MiCA. At the request of BaFin, marketing communications must be submitted in accordance with Article 8(2). In addition, the submitted white paper must include an explanation in accordance with Article 8(4) MiCA explaining why the cryptoasset is excluded from the scope of Article 2(4) MiCA and why it is not an ART or EMT . In addition, a list of all EU Member States in which the cryptoasset is publicly offered or requested to be admitted to trading must be provided.

Division ZK 1 of the Banking Supervision Department of the Federal Financial Supervisory Authority (BaFin) is responsible for the approval procedures and review of official documents.

Part 3: Crypto Asset Service Provider (CASP)

For institutions already providing cryptoasset-related financial services or for firms planning to provide cryptoasset-related services, the application of MiCA will entail a number of changes. In particular, MiCA authorisation will be required to provide crypto-asset-related services.

Institutions authorised to provide cryptocurrency custody services or other financial services related to cryptoassets

Institutions that held a licence for cryptocustodial business or other financial services related to cryptoassets as at 29 December 2024 and are not CRR credit institutions may use the simplified procedure under Article 143 (6) MiCA in conjunction with section 50 ( 3 ) KMAG – Draft . For these institutions, the procedure is based on a draft regulation implementing the simplified procedure under Article 143(6) of Regulation ( EU ) 2023/1114 . The draft Regulation regulates, inter alia, the content of the application. Until they receive MiCA authorisation, these institutions may continue to provide activities previously covered by a licence under the Banking Act at national level on a temporary basis (i.e. limited to no later than 31 December 2025) under a transitional arrangement.

Existing institutions that intend to make notifications under Article 60 of MiCA

BundesbankExisting institutions that are permitted to provide cryptoasset services under Article 60 MiCA, i.e. CRR credit institutions, authorised central securities depositories, securities institutions, e-money institutions, UCITS management companies, alternative investment fund managers or authorised trading venue market operators, must provide BaFin with the information required by Article 60(7 ) MiCA at least 40 business days before the initial provision of the cryptoasset service. The timing of the notification procedure is governed by Article 60 MiCA. If you are an institution under Articles 60(1) to (6) MiCA and have questions about the notification procedure under Article 60 MiCA, please contact your responsible institution manager at BaFin or the Deutsche Bundesbank regional office responsible for the institution.  If your institution wishes to submit a notification under Article 60 MiCA, please send the template together with information to the Deutsche Bundesbank regional office responsible for the institution in accordance with the information published in the Federal Gazette of 22 March 2024 on the special conditions for the ongoing supervision of certain undertakings by the Deutsche Bundesbank regional offices.

Applicants pending applications under section 32 of the German Banking Act (KWG) relating to cryptoasset services

From 30 December 2024, MiCA authorisation is required for the provision of crypto asset management services. Applicants should therefore adapt their organisation, processes and related documentation to MiCA requirements at an early stage. An application for authorisation must be made in accordance with Article 62 of MiCA. Reference may be made to information or documents already submitted, provided that the information and documents available remain up to date. The timing of the authorisation procedure is governed by Article 63 MiCA. An application for the current authorisation procedure under section 32 of the German Banking Act (KWG) must be withdrawn unless the company intends to provide qualified cryptocurrency custody services in accordance with section 1 ( 1a ) sentence 2 no. 6 KWG. The application procedure for the authorisation itself is subject to a fee and also entails an obligation to pay a fee in case of revocation.

New applicants (non-existing organisations) intending to provide cryptoasset services under MiCA

Companies intending to provide cryptoasset services under MiCA require authorisation under Article 59(1) ( a) in conjunction with Article 63 of MiCA.

ESMA Register

ESMA regularly publishes the following information:

    • Cryptocurrency white papers for cryptocurrencies other than asset-linked tokens or e-money tokens,
    • Issuers of asset-linked tokens,
    • Issuers of e-money tokens and
    • Cryptoasset service provider

Companies that have obtained a MiCA licence in Germany

Company Name Legal Entity Identifier (LEI) Address Company Website Date of licence issuance
Baden-Württemberg Securities Exchange GmbH 529900A0WHA0NVXY0G45 Börsenstraße 4, 70174 Stuttgart https://www.bsdex.de/de/ 07/03/2025
Tradias GmbH 529900FYBTAGIOS54M10 Roßmarkt 21, 60311 Frankfurt am Main www.tradias.de 03/19/2025
EUWAX AG 529900032TYR45XIEW79 Börsenstraße 4, 70174 Stuttgart www.euwax-ag.de 04/01/2025
Commerzbank AG 851WYGNLUQLFZBSYGB56 Kaiserplatz, 60311 Frankfurt am Main https://www.commerzbank.de/ 04/07/2025
Boerse Stuttgart Digital Custody GmbH 529900RC04FR9EHUT228 Börsenstraße 4, 70174 Stuttgart www.bsdigital.com 01/17/2025
flatexDEGIRO Bank AG 529900MKYC1FZ83V3121 Große Gallusstr. 16-18, 60312 Frankfurt am Main www.flatexdegiro.com 04/04/2025
Bitpanda Asset Management GmbH 9845005X9B7N610K0093 Dircksenstraße 4, 10179 Berlin www.bitpanda.com 01/24/2025
BitGo Europe GmbH 391200IJ3B1IP7993O16 Neue Rothofstraße 13-19, 60313 Frankfurt am Main https://www.bitgo.de/ 05/09/2025
Baader Bank AG 529900JFOPPEDUR61H13 Weihenstephaner Str. 4, 85716 Unterschleißheim https://www.baaderbank.de/ 05/16/2025
Trade Republic Bank GmbH 529900JFIX1TKDY4568 Brunnenstraße 19-21, 10119 Berlin https://traderepublic.com/ 04/28/2025
Crypto Finance (Deutschland) GmbH 3912009ZGE8258OMPE28 Bockenheimer Anlage 46, 60322 Frankfurt am Main www.crypto-finance.com 01/24/2025
360 Treasury Systems AG 529900P0204W9HA8JP36 Grüneburgweg 16-18, 60322 Frankfurt am Main www.360t.com 04/02/2025
Traders Place GmbH & Co. KGaA 5299005Y5T6LXFAXDQ78 Sägewerkstraße 3, 83395 Freilassing https://tradersplace.de/ 07/21/2025
N26 Bank SE 529900JB9XYZ8E87N345 Voltairestraße 8, 10179 Berlin https://n26.com/en-eu 05/14/2025

MiCA market in crypto assets in Germany 2025

BaFin declares that the following guidelines of the European Supervisory Authorities (“ESAs”) in relation to MiCA are directly applicable.

Germany is finalising the institutionalisation of the transition to a single European regulatory regime for cryptoassets under Regulation (EU) 2023/1114 (MiCA) through the development of accompanying secondary legislation governing the admission of cryptocurrency service providers. The draft of this transition contains rules to ensure technical and procedural enforcement of MiCA provisions through national legislation Kryptomärkteaufsichtsgesetz (KMAG), which comes into force on 30 December 2024. The main objective of the regulation is to organise a smooth and legally secure integration of existing cryptocurrency market operators into the new EU supervisory framework. In this context, two key tools are envisaged: firstly, the creation of a simplified licensing procedure for companies already holding national authorisations; secondly, the early opening of applications for European licences before the MiCA application date. The simplified licensing procedure is intended for entities which, at the time of the commencement of the MiCA, hold a valid licence to provide cryptocurrency services in accordance with § 1a KWG, but do not have other financial authorisations allowing them to undergo the so-called notification procedure. On the basis of Article 143 paragraph 6 MiCA and § 50 KMAG, a mechanism is being introduced whereby such companies can submit a simplified set of documents and move into the new licence environment without having to undergo a full assessment of all aspects of their business again. The simplified procedure requires the firm to confirm that there are no changes to its business model, submit an updated business plan, documentation on risk management and internal controls, and information on key functions ranging from compliance with cybersecurity and client protection standards to asset handling and order execution rules. It is possible to submit a simplified application until 31 August 2025. However, a licence issued under this procedure may not take effect until 30 December 2024, the MiCA commencement date. Companies that do not fulfil the criteria of the simplified procedure must go through the full authorisation procedure provided for in Articles 62 and 63 of MiCA.

BaFinThe second part of the regulation deals with the submission of applications before MiCA comes into force. This provision has important practical implications as it allows both existing companies and new market entrants to initiate the licensing process in advance. As a result, BaFin and Deutsche Bundesbank will be able to analyse the submitted documents and enter into a dialogue with applicants before MiCA becomes legally enforceable. This decision aims to minimise delays in the start of operations and ensure a smooth launch of cross-border crypto services across the European Union. The draft focuses on the division of competences between BaFin and the Bundesbank, including in terms of data exchange, reporting processing, verification of compliance conditions, internal audit controls and assessing the adequacy of management decisions. It emphasises the need to submit information electronically and in accordance with the procedures approved by the supervisory authorities on their official platforms. The draft also sets out provisions to amend existing regulations governing BaFin’s powers, including the power of to issue by-laws on accounting, notifications, settlement procedures and internal controls. Such changes represent a technical implementation of the legal rules laid down in KMAG and complement the institutional framework for the transition to MiCA.

Notably, the draft law does not imply a significant additional burden for businesses. According to the regulator’s assessment, the administrative costs for companies do not go beyond standard reporting, and the scope of the new duties is in the nature of adjustments to already existing mechanisms. There are also no social, demographic or gender implications, as the regulation regulates only business processes and licensing of crypto market entities. The draft emphasises the role of sustainability and transparency as pillars of the legal and technological development of the sector. In particular, it draws attention to the fact that MiCA establishes preferences for environmentally friendly transaction validation models, which is part of Germany’s sustainability strategy. The legal transformation of the cryptocurrency infrastructure is seen as an opportunity to strengthen investor confidence and enhance systemic stability at the level of the entire EU internal market. The proposed regulations thus ensure legal continuity, transparency and predictability for all participants in the cryptocurrency sector in Germany. They avoid a legal gap when MiCA comes into force and ensure that regulation is not based on a mechanical transposition of provisions, but on adapted procedures that ensure compliance with the specificities of the German legal and financial system. This will further strengthen Germany’s position as one of the key cryptocurrency centres in the EU with a high degree of legal certainty, a developed supervisory system and a favourable environment for technological growth in virtual assets.

Cryptocurrency regulation in Germany 2025

Mica license in GermanyThe German Federal Parliament has approved the Financial Market Digitalisation Act (Finanzmarktdigitalisierungsgesetz – FinmadiG), initiating a structural reform of the supervision of the cryptocurrency sector. The new law establishes a legal framework for the application and integration of European legislation, primarily Regulation (EU) 2023/1114 (MiCA), into the German national regulatory system. In addition to MiCA, the law covers the provisions of Regulation (EU) 2023/1113 on data transfer in cryptocurrency transfers and Regulation (EU) 2022/2554 on digital operational resilience (DORA – Digital Operational Resilience Act), as well as Directive (EU) 2022/2556, to be transposed into national law by the beginning of 2025. The aim of the reform is not only to simplify access to cryptocurrency and tokenised financial products, but also to create uniform and transparent rules for market participants across the EU. Germany, following this course, is introducing a special legal instrument, the Kryptomärkteaufsichtsgesetz (KMAG), which replaces previously fragmented regulation under separate laws, including the credit law (KWG) and financial services regulations. The fundamental difference in the new legislation is the replacement of national licensing of cryptocurrency services with a system of directly applicable European law. The law enshrines BaFin’s legal status as an authorised supervisory authority in relation to the activities of cryptocurrency service providers, trading platforms and issuers of tokens. For the first time, a holistic system of procedures for issuing, revoking and monitoring licences, harmonised with MiCA, is introduced. The federal agency has been given enhanced supervisory powers, including the right to order the immediate cessation of illegal activities, publish information on violators, block domains and restrict access to online platforms if necessary to protect token holders or prevent systemic risks. One of the significant aspects of the law is the redefinition of the role of the traditional concepts of banking and financial activities in relation to cryptoassets. KMAG establishes a special regime for issuers of stablecoins and electronic money tokens and clearly distinguishes their legal position in comparison to classical financial instruments. The law takes into account the cross-border nature of crypto-services and allows for supervision by other authorities, including the Deutsche Bundesbank, market supervisors, competition authorities and cybersecurity services.

The law enshrines the need for digital operational resilience requirements, including obligations on IT risk management, data protection, business continuity, stress testing of digital infrastructure and outsourcing controls. These provisions are in line with the DORA Regulation and affect not only cryptocurrency platforms but all financial institutions providing digital services. An important change is also the inclusion of cryptocurrency service providers among the entities obliged to comply with anti-money laundering (GwG) legislation. This includes customer identification, keeping records of transactions, transferring transaction data in accordance with the updated European mechanism (provisions of Regulation 2023/1113), and controlling transfers involving non-custodial wallets.

The law provides for adaptation mechanisms for existing market participants. The transition period is intended to provide a simplified process for reauthorisation or bringing activities into compliance with the new standards. A temporary exemption from certain restrictions on financial products and services is also provided to ensure business continuity during the period of structural transformation. Additionally, a number of changes are made to existing sector-specific regulations: the Securities Act (WpHG), the Credit Institutions Act (KWG), the Regulation of Investment Funds (KAGB), the Insurance Supervision Regulations (VAG), and the laws governing trading, accounting and crisis management. These changes ensure that KMAG is harmonised with other parts of German financial legislation and eliminate duplication.

In the financial and economic part, the law fixes moderate additional administrative costs for both supervisory authorities and market participants. For businesses, the estimated increase in the costs of complying with the new duties is around EUR 600 thousand per year, of which almost half is related to the fulfilment of the new information duties. For the state, there are also costs for organising supervision, including one-off costs for staff training, IT infrastructure and administrative procedures. Thus, the Financial Act on Market Digitalisation is a systemic legal reform that ensures the transition from partial national regulation to full legal embedding of the crypto-economy in the institutional framework of European Union financial supervision. It aims to increase transparency, legal certainty, operational reliability and investor protection in the face of the rapid growth of transactions in virtual assets. The law strengthens Germany’s position as one of the leading legal centres for crypto regulation in the EU and serves as a model for other jurisdictions in integrating MiCA and related regulations.

Guidance on the content requirements for internal governance mechanisms for issuers of asset-linked tokens in Germany

From 20 December 2024, the European Banking Authority’s binding European Union-wide guidelines governing the internal governance framework for issuers of asset-referenced tokens (asset-referenced tokens, or ARTs) will come into force. These provisions are a development of the provisions of Regulation (EU) 2023/1114 (MiCA) and are aimed at establishing common standards for organisational structure, internal controls, risk management, operational stability and ethical principles of issuers’ activities. The most important basis of the new requirements is the principle of proportionality. It implies that an issuer’s internal procedures should be appropriate to the nature, scale and complexity of its activities, taking into account the volume of assets, number of users, legal form, cross-border operations, participation in secondary markets, and the degree of significance of the ARTs to be issued. Even where the issuer is a legal entity managed by a single individual, a system of mutual restrictions should be in place to avoid concentration of decisions and minimise institutional risks. Critical risk analysis should cover both the risks of the issuer itself and possible consequences for third parties, the environment and the financial system as a whole.

The issuer’s management bodies shall ensure the formation and effective implementation of procedures ensuring reliable corporate governance. The functions of strategic management and control shall be differentiated. The competences of each member of the management body shall be clearly defined and formalised in approved regulations. Internal management cannot be concentrated in the hands of one person or a limited circle of managers. All strategic decisions must be taken collegially and the authority structure must be transparent. The management bodies are required to define the business strategy, internal organisation, risk appetite, reserve asset management system, as well as remuneration policies and procedures for identifying and managing conflicts of interest.

Particular attention is paid to the functioning of the internal control mechanism. It should include an independent compliance function, a risk management system and, where appropriate, an internal audit function. These functions can be implemented either by internal departments or by external specialised counterparties, but the responsibility for their functioning remains with the issuer. Control functions should have the necessary resources, authority and independence. Management bodies should receive regular reports reflecting vulnerabilities and material deviations from established standards and take corrective action. The entire internal control system should be documented, updated and appropriate to the level of regulatory complexity of the issuer’s operations.

The company structure may not be overly convoluted or legally unjustifiable. It is prohibited to use schemes that complicate oversight or could be interpreted as a means of circumventing regulatory requirements. The issuer must have a good understanding of its business structure and be able to justify its economic feasibility. Any structure involving risks must be assessed for compliance with anti-money laundering standards, international tax transparency standards and good business practices. It is unacceptable to create companies or nominal structures without their own substance. All actions must have a transparent legal basis and be understandable both to the company’s employees and external stakeholders.

Outsourcing of certain functions, such as management of reserve assets, their storage or placement, is allowed only under strict control of the issuer itself. All arrangements with third parties must be subject to internal analysis, verification of the counterparty’s reliability, assessment of legal and operational risks, and inclusion in a unified monitoring system. Outsourcing does not relieve the issuer of responsibility for compliance with regulatory requirements. The company must have an exit plan, procedures in case of supplier failure, and clear criteria for assessing the reliability of the outsourcer. The transfer of functions is not allowed if it leads to reduced transparency, increased dependence on geopolitical factors or inability to ensure operational control.

A key element of governance is the creation of a unified risk culture that encompasses the entire organisation. Every employee, regardless of level and position, must understand their responsibility for risk acceptance and control. Risk management can no longer be seen as an auxiliary or technical function. It is integrated into strategy, staff training, recruitment policy, motivation and appraisal systems. The company must establish a clear code of conduct covering compliance, anti-fraud, ethics, anti-corruption, consumer protection and avoidance of manipulation. Not only is formal compliance important, but it is also important to reinforce ethical guidelines within the team.

Given the digital nature of cryptoassets and the high dependence on technological infrastructure, special attention is paid to IT risk management and operational resilience. The issuer is required to have contingency plans, vulnerability analysis systems, regular testing and incident remediation mechanisms in place. All critical functions must be clearly identified, documented and protected against failure. The relationships between key processes, vendors, locations and data should be described within the digital resilience framework envisaged by DORA. Controls should not only be preventive but also adaptive, capable of providing a rapid response to incidents.

For all new products and procedures, the issuer must carry out a risk assessment prior to implementation, including legal, IT and operational risks, the impact on reserve assets, dependencies on third-party suppliers and the potential impact on retail users. New tools cannot be developed and launched without a formalised approval process that must consider not only business objectives, but also regulatory compliance, internal system stability and reputational implications.

The Guidelines require issuers to significantly transform internal processes, strengthen the role of the board of directors, develop internal controls and reject simplistic forms of governance typical of the start-up environment. Operational sustainability, transparency, respect for investor rights and completeness of procedures become a prerequisite for the admission of ARTs to the market. All deviations from standards must be justified, recorded and controlled. These principles create the basis not just for regulatory compliance, but also for the formation of a mature infrastructure in the cryptocurrency segment, integrated into the pan-European financial stability system. Violations of the established requirements, insufficient attention to internal governance or attempts to formally enforce them without substance will be perceived as a threat to market stability and the interests of token holders. Thus, the new standards do not just set a framework, but form a new model of trust in the digital finance ecosystem.

Key requirements for asset-backed token (ART) issuers and electronic money token (EMT) issuers in Germany

From 13 November 2024, European Banking Authority guidelines will come into force requiring ART and EMT issuers to develop and maintain recovery plans compliant with Articles 46 and 55 of the MiCA Regulation. These plans constitute a mandatory part of the issuer’s resilience management system and are a tool for preventive intervention in the event of situations that threaten compliance or token stability. The recovery plan should be drawn up taking into account the principle of proportionality, based on the size, complexity, risks and nature of the issuer’s business. Particular attention is paid to issuers whose tokens are recognised as signifikant in accordance with MiCA criteria. In such cases, the plan must be updated at least annually and its structure must meet higher standards of risk control, monitoring and escalation. In particular, the plan should include a detailed framework of indicators indicating potential threats to asset reserve, liquidity, market confidence and operational resilience.

The plan consists of several key blocks: an executive summary indicating changes from the previous version, a description of governance and escalation arrangements, a list of remediation measures, an information and communication strategy, and crisis scenarios. The management component specifies the personal and functional responsibilities of those responsible for developing, updating, and implementing the plan, and describes procedural aspects, including update timelines, approval procedures, and conditions for activating recovery measures. One of the central elements of the plan is an indicator system (Sanierungsplanindikatoren), which enables the issuer to identify deviations from regulatory parameters in a timely manner and initiate internal response procedures. The indicators are developed at both token and company level and cover the following categories: liquidity, operational risks, credit quality of assets, volatility and reserve structure, concentration risks, market confidence, as well as specific indicators reflecting possible risks of deviation of the token’s market price from its fair value (so-called “Abkopplungsrisiko”). All indicators are calibrated according to the internal risk profile and are reviewed in case of any change in the issuer’s risk appetite.

The recovery plan should contain not only a list of indicators and their thresholds, but also a description of the procedures activated if they are exceeded. This includes internal escalation within 24 hours, notifying the competent supervisory authority, analysing the circumstances and submitting a corrective action plan. The issuer is required to justify the choice of measures and, in the event of failure to implement them, to prove the ability to restore compliance without intervention. In some cases, it is permissible to temporarily suspend token redemption obligations or impose restrictions on token circulation, but only under conditions of extreme necessity and with a pre-approved strategy. Each measure in the plan should be accompanied by an assessment of its feasibility, a description of potential obstacles, application scenarios, foreseeable consequences and interoperability with other functions of the issuer. The impact on service providers involved in the issuance, storage and maintenance of tokens, as well as compliance with digital resilience requirements under DORA, should be considered. If the issuer uses third-party IT solutions, DLT infrastructure or custodial services, the plan must include a mechanism for immediate communication between parties to trigger internal escalation if thresholds are exceeded.

The issuer must model both systemic and individual stress situations, including sudden fluctuations in token redemption demand, failures in key infrastructures, massive technical or legal risks. Scenarios should be relevant to the scale, complexity of the business and type of tokens being issued. The purpose of the modelling is to determine the issuer’s preparedness to manage the consequences and ensure an adequate set of responses to potential challenges. An integral part of the recovery plan is a communications strategy. The issuer must determine how it will communicate to token holders, partners, regulators and the public in the event of a crisis situation. The communication should be differentiated by recipient category and adapted to the stage of the crisis. It should take into account possible negative market effects, ensure transparency of actions and minimise reputational risks. Particular attention shall be paid to notifying clients of the status of their assets, changes in the service regime and prospects for recovery.

Where the same token is issued by multiple issuers or where one issuer issues multiple tokens, the plan must provide for coordinated actions, harmonised indicators, identical thresholds and synchronised measures. It also establishes a rule to avoid situations in which the actions of one issuer could compromise the effectiveness or legal certainty of the recovery strategy of the others. Similarly, issuers combining token issuance with other activities must ensure that their ART and EMT recovery measures are independent of risks in other business segments.

The EBA’s guidance also allows for the possibility of integrating the recovery plan required under MiCA into already existing plans based on the BRRD directive (e.g. for banks and investment firms). This is possible provided that the documents are harmonised with the supervisory authority and fully cover all the components required by these guidelines. The development and maintenance of a recovery plan thus becomes a mandatory and strategically important element of the internal governance system of ART and EMT issuers. This tool not only provides early warning and prompt response in a crisis, but is also a criterion for the maturity of corporate governance and the confidence of regulators and clients. Its untimely activation or formal fulfilment without actual readiness will be regarded as a breach of the issuer’s material obligations and may result in administrative or regulatory liability. Full compliance with these requirements is an integral part of the MiCA legal landscape and a prerequisite for the long-term sustainability of the virtual asset business in the European Union.

Mandatory liquidity stress testing requirements for issuers of asset-backed tokens (ART) and electronic money tokens (EMT) in Germany

From 30 September 2024, guidelines will come into force setting out the general parameters of the stress scenarios to be applied by ART and EMT issuers when conducting mandatory liquidity stress testing. These measures aim to establish a robust mechanism for assessing issuers’ ability to fulfil token redemption obligations under extreme market conditions and prevent systemic risks associated with a sudden decline in investor confidence, denial of access to reserve assets or sharp fluctuations in token values. Liquidity stress tests are mandatory for all issuers of significant ARTs and EMTs, as well as for other issuers if the relevant instruction is issued by the supervisory authority of the home member state. The methodology of stress testing is based on the principle of using unified parameters and assumes adaptation to the issuer’s specifics, issue scale, investor category, reserve asset structure and type of reference property.

One of the key tasks of stress testing is to assess the so-called risk of mass simultaneous redemption of tokens. The issuer must model scenarios in which a significant proportion of token holders initiate a buyback procedure, including scenarios with different reserve maturities. The assessment takes into account the profile of investors (retail or institutional), the type of token (whether significant or not), the structure and liquidity of reserves, the historical repurchase dynamics, and the legal characteristics of the issuer. Based on this data, the issuer is required to apply a confidential 99% level to observed stressed redemptions and estimate the amount of liquidity required. Particular attention is paid to the risk associated with the inability to immediately access deposits placed with credit institutions. The issuer must take into account the credit quality of the counterparty, the degree of concentration of assets with a single bank, the availability of collateral, the term of the placement and territorial risks. This is particularly relevant if funds are held outside the jurisdiction of incorporation or in institutions prone to instability.

In addition to banking risks, the testing covers market and currency fluctuations of reserve assets. If the assets are not denominated in the official EU currency, the issuer must assess the risks of revaluation, volatility, correlation and the need for additional liquidity requirements. The issuer must also consider how possible exchange rate deviations, token price corrections from fair value (depegging) or derivatives disruptions could affect the ability to make timely redemptions. The testing methodology is based on a comparison of the value of reserves under stress to the valuation of redemption liabilities. The value of assets is adjusted by applying stress factors dependent on liquidity, market sensitivity, country risk, consolidation at the issuer and custody. The issuer is required to calibrate the parameters not only based on historical data, but also using stress hypotheses covering both systemic and individual risks. Parameters are adjusted depending on the time horizon: daily, weekly, monthly or annual. If the referenced asset is an unofficial currency or commodity, additional risks related to delivery, physical storage and variability in market conditions need to be considered.

The stress factors applied to the assets in the reserve should be below 100 per cent, while those applied to the referenced assets may exceed 100 per cent, particularly where there is no peg to the euro or other stable currency. This reflects the possibility of underestimating the value of reserves and overestimating liabilities to token holders in a crisis volatility environment. Assets such as deposits, bonds, highly liquid securities, collateralised debt obligations and other financial instruments that meet MiCA criteria are included in the stress analysis. For each asset type, the issuer must consider credit quality, withdrawability, liquidity, systemic importance and concentration risks. It is expected that the data and calculations will be documented, verifiable and justified from an independent audit or peer review perspective.

Thus, stress tests become a mandatory element of operational supervision, forming a continuous process of control over the sustainability of ART and EMT issuers. The results of the tests must be used in strategic management, in adjusting the composition of reserves, in planning redemptions and in preparing recovery plans under Article 46 of MiCA. Failure to conduct or insufficient depth of analysis will be considered a systemic breach with administrative consequences, including restriction of issuance rights or withdrawal of authorisation. Issuers are required to integrate the results of stress tests into their overall risk management system, regularly reviewing the parameters depending on changes in market conditions, updates to regulatory standards and the transformation of their business model. Thus, the liquidity stress testing guidelines form a technical and methodological foundation to ensure the reliability and sustainability of the digital financial ecosystem in the context of the full implementation of MiCA in the European Union.

Assessment of members of governing bodies and holders of qualifying interests in ART and CASP issuers in accordance with MiCA requirements.

On 4 February 2025, joint guidelines of the European Banking Authority and the European Securities and Markets Authority will enter into force in the European Union setting out requirements for assessing the personal and collective suitability of members of governing bodies and for assessing the suitability of holders of qualifying interests in entities acting as asset-backed token issuers (ARTs) or cryptocurrency service providers (CASPs). These principles develop the provisions of Articles 21, 34, 42, 63, 68 and 84 of Regulation (EU) 2023/1114 and set out the minimum standards that both companies themselves and supervisory authorities are required to apply when assessing the compliance of key persons and entities. Both members of the executive and supervisory body and individuals who actually manage the business, as well as legal entities represented in the management body through delegated representatives, are subject to assessment. The evaluation criteria are personal reliability, professional competence, experience, understanding of the business model, and the ability to allocate sufficient time to fulfil management responsibilities. Special attention is paid to individual and collective suitability: the management body as a whole is required to have a sufficient set of competences to manage all aspects of the company’s activities. A key element is security clearance. Members of the governing body must not have been convicted of offences related to money laundering, terrorism, corporate fraud, financial irregularities or breaches of professional ethics. Any other circumstances, including sanctions, embargoes, restrictions by international organisations that may call into question the integrity and reputation of the candidate are also assessed. In case of inclusion in the sanctions lists, the person shall be immediately removed from management. Competences are assessed taking into account education, previous professional experience, management roles and company profile. Knowledge of cryptoeconomics, digital finance, regulatory, accounting, IT security, DLT technology, cyber risk and consumer rights is mandatory. An assessment based solely on formal attributes (diploma, position) without analysing the actual level of participation and content of the candidate’s activities in previous structures is not permitted. Members of governing bodies are required to allocate sufficient time to fulfil their functions, especially in times of change, stress or the introduction of new products. When assessing time availability, the number of mandates, geographical load, other professional or political responsibilities, and participation in committees and meetings are analysed. Each company is required to develop and implement an internal suitability assessment policy. It sets out procedures for selection, reassessment, succession planning, principles of diversification and alignment of the management body with the company’s objectives. The policy should also include provisions for regular suitability verification in the event of changes in structure, strategy or business model, or if there are doubts about the competence of an individual member. Additionally, all individuals and entities holding direct or indirect qualifying equity interests in the issuer or CASP are subject to assessment. The supervisor must be satisfied that they are reliable, that there is no reason to believe that they are involved in money laundering or terrorist financing schemes, and that the ownership and control structure is transparent. Such persons are subject to a methodology similar to that used for the examination of bank shareholders under CRD IV. If the assessment identifies deficiencies in qualifications, knowledge, experience or time availability, companies are required to take corrective measures. This may include internal reshuffles, additional training, recruiting new members or even replacing candidates. If the deficiencies cannot be remedied, the person’s appointment must be rejected. Similarly, in the case of inconclusive documentation on the trustworthiness of a potential shareholder, the supervisory authority may block the transaction or revoke the company’s licence. The assessment procedure is mandatory not only when obtaining a licence, but also during ongoing supervision. The regulator has the right to initiate an unscheduled suitability review in case of significant changes in management, corporate structure or identification of risks of unscrupulous behaviour. In such situations, the assessment period is limited to four months, renewable if additional information is requested. The guidelines thus form a detailed system for the assessment and admission of management in the EU cryptocurrency market, focused on protecting the sustainability of the system, the integrity of participants and respecting the interests of customers. They create a new norm of regulatory responsibility that goes beyond formal licensing and emphasises the institutional maturity of each market participant. Full implementation of these principles will be key to obtaining and maintaining authorisations under MiCA.

Requirements for redemption plans for issuers of asset-backed tokens (ARTs) and electronic money tokens (EMTs) in Germany

The European Banking Authority has approved regulations governing the establishment and application of redemption plans for issuers of cryptocurrency tokens with a redemption obligation in 2024. These regulations apply to all ART and EMT issuers, including in cases where tokens are issued by multiple issuers simultaneously or cover cross-border infrastructure. A redemption plan must be prepared by the issuer in advance under normal conditions (going concern) and is activated by a supervisory decision if the issuer is deemed unable or likely to be unable to fulfil its obligations to token holders. The basis of such a plan is an asset reserve formed by the issuer in accordance with MiCA provisions and placed with custodians.

The document strictly requires the principle of proportionality in the development of the plan. It must take into account the scale of the issue, multiple issues, number of participants, amount and liquidity of reserves, liability structure and type of issuer. If a token is deemed significant, the plan must be reviewed annually, be extremely detailed, include a governance mechanism, a liquidation strategy, a description of critical functions and a mechanism for communicating with stakeholders. EMT issuers that are not legally required to establish an asset reserve are permitted to prepare a plan with a different level of detail, if this is consistent with the decision of the national authority.

The key objective of the plan is to organise a fair, timely and simultaneous settlement of the claims of all token holders without disrupting market stability and without causing economic harm. The plan should provide for the suspension of individual redemption and transition to a collective mechanism based on a procedure approved by the competent authority. The distribution of funds from the liquidation of the reserve shall be made on a pari passu basis, and the costs associated with the implementation of the plan (e.g. consultants’ fees, legal fees, intermediaries’ commissions) may be covered from the reserve only after token holders’ claims have been satisfied.

If an issuer issues several tokens or participates in a joint issuance, the plan should contain a common part agreed upon by all issuers and an individual part for each of them. The common part reflects the key principles, liquidation procedures, communication strategy, internal control system and coordination mechanism. Coordination between issuers is mandatory and involves designating one of them as a coordinator with experience, sufficient infrastructure and access to reserves. The individualised part of the plan should cover internal procedures, personal responsibility, maintenance of critical functions, interaction with custodians and intermediaries, and AML/CFT measures in accordance with the AMLD and Regulation 2023/1113.

In describing the procedure, the plan should cover all steps from the decision to launch to the finalisation of settlement with holders. The issuer must specify how it will identify holders, accept redemption applications, evaluate claims, organise settlements and ensure that tokens are removed from circulation. Standards for processing personal data, a list of required documents, methods of AML checks and the procedure for delivery of funds must be specified.

A communication strategy is a mandatory part of the plan and should include a pre-prepared public notice, contacts for token holders, deadlines for submitting claims and technical means of communication. The communication channels used should be familiar to the issuer’s audience and not discriminate against holders based on territoriality.

The document also establishes the criteria by which the supervisory authority may conclude that the issuer is unable to fulfil its obligations. In addition to formal grounds (bankruptcy, revocation of licence), systemic factors such as insufficient capitalisation, lack of liquidity, reduced value of reserves, deterioration of reputation, market price deviations from the peg, mass withdrawal of tokens or market instability are assessed. The decision is made based on an aggregate assessment of factors using professional judgement, rather than automatically.

Particular attention is paid to harmonising the redemption plan with other documents – in particular recovery plans and, where available, BRRD settlement plans. The issuer must ensure consistency between these documents and, if the implementation of the plan may affect the company’s resolvability, the issuer must inform the resolution authority.

Thus, the redemption plan becomes an essential element of customer protection and financial stability, guaranteeing an orderly exit from the market even in the case of severe crisis scenarios. Its timely compilation, approval and updating is a prerequisite for confidence in the issuer on the part of regulators, clients and financial intermediaries. Failure to comply with the content, timing or execution of the plan may be considered a serious breach of regulatory obligations and may result in sanctions up to and including a ban on operations. Full integration of these procedures into an issuer’s business model confirms the maturity of its internal governance and compliance with MiCA requirements.

Mechanism for assessing the legal status of cryptocurrency tokens in Germany.

As of May 2025, pan-European guidelines will come into force requiring all issuers of cryptoassets and cryptocurrency market participants to use uniform approaches when classifying tokens, providing explanations and preparing legal opinions required as part of procedures related to authorisations, publishing whitepapers and placing tokens on the market. The main objective of these principles is to eliminate legal uncertainty in distinguishing between different categories of digital assets and to avoid the situation where the same assets are differently qualified in different EU Member States.

The Guidelines provide for the mandatory use of harmonised templates in the following cases: when submitting a declaration of exclusion of a token from MiCA regulation, when preparing a legal opinion on the legal status of the issued asset (in particular ART or EMT), as well as when passing a standardised test designed to assess whether a token meets the concept of crypto-asset within the meaning of Article 3 of MiCA.

The standardised approach requires issuers and applicants to demonstrate that the token they issue is not an exempted item, e.g. it does not constitute a financial instrument, electronic money, structured or classic deposit position, insurance or pension product. For this purpose, the legal opinion should provide, for each type of exemption, an analysis of applicable legislation, case law, national or EU-wide regulatory clarifications, as well as a reasoned justification as to why a particular token does not fall under the relevant category.

Where a cryptoasset is not a financial instrument but falls within the definition of a digital representation of a property right or value transferable and stored using distributed ledger technology (DLT), it is recognised as a cryptocurrency asset within the meaning of MiCA. For this purpose, the issuer must provide a full characterisation of the digital code, indicate how the rights are stored and transferred, explain the technology used and confirm that the token is transferable to third parties or, on the contrary, non-transferable according to the technical implementation and terms of circulation.

The form also requires an indication of the regulated jurisdiction, the date and version of the whitepaper, the issuer’s contact details and the legal status of the applicant (e.g. CASP, credit institution, other financial institution). Particular attention is paid to confirming that the persons drafting the legal opinion have no conflicts of interest. Both internal and external counsel may act as legal counsel, but they must be formally registered with the relevant professional organisation and have a demonstrable qualification to prepare such an opinion.

The most significant part of the guidance is the standardised test, a logic model used by both the regulator and the applicant to consistently assess whether a token is subject to MiCA. Three sets of conditions are sequentially tested: the existence of digital asset attributes (value/right), the use of DLT or similar technology, and the absence of indications of exclusion from regulation. The checks relate to the issuer status, the uniqueness of the token (fungibility), the legal nature, the link to the underlying assets and the purpose of the issuance. Exemptions include, for example, NFTs granting individual rights to specific assets (e.g. real estate), as well as tokens representing recognised financial or pension instruments or issued by public authorities and international organisations.

If, after applying the test, it is determined that the crypto-asset is not an exception and meets the criteria of a digital representation of value or a right created using a distributed ledger, it is classified as a crypto-asset under MiCA. Further distinction is made: if the token is linked to the value of a single fiat currency, it is classified as an EMT; if it is linked to multiple currencies, indices or commodities, it is classified as an ART; and if there is no such link, it is classified as a utility-token or other crypto-asset.

The new guidelines thus provide a legal basis for a harmonised and transparent procedure for identifying cryptocurrency assets under MiCA regulation, eliminating the possibility of arbitrary or fragmented interpretation. They introduce mandatory legal discipline in the process of entering the cryptoasset market, establish the liability of both the issuer and its advisers, and promote legal certainty in supervisory practices. This is particularly important for cross-border activity, including as part of applications for admission to trading, listing on platforms or whitepaper registration in multiple jurisdictions simultaneously.

Classification of crypto assets as financial instruments under MiFID II and MiCA

According to the position of the European Securities and Markets Authority, the qualification of cryptocurrency tokens as financial instruments is not based on the technical realisation of the asset, but rather on its economic nature and the set of inherent rights. This means that tokens created using distributed ledger technology (DLT) are subject to the same principles as traditional securities if they confer rights similar to those inherent in shares, bonds, derivatives or shares in investment funds.

First of all, the possibility of qualifying a token as a transferable security is analysed. For this purpose, it is necessary to establish that the token: is not a payment instrument, belongs to a certain class (a class of homogeneous tokens of the same issuer with the same rights), and can be freely traded on the market. It is not required that the asset has an organised market or listing – an abstract transferability between parties is sufficient. Particular attention is paid to the content of the token – if it provides dividend rights, voting on corporate matters or a share in liquidation profits, it can be equated to a share. Similarly, if the token represents a fixed obligation to pay interest or return capital, it may be recognised as a bond.

If a cryptoasset does not fulfil the criteria of a transferable security, it may qualify as another type of financial instrument, such as a money market, a share in a UCITS or AIF, or a derivative contract. A token is recognised as a money market instrument if it is a short-term debt obligation (e.g. commercial paper, certificate of deposit) that has a certain liquidity and tradability. The key criteria are a maturity of up to 397 days and the ability to accurately determine the price.

To be classified as a share in an investment fund, the token must be part of a collective investment scheme, in which the funds of several investors are consolidated and managed according to a predetermined policy in order to obtain a common profit. The management structure may be centralised (through a legal entity) or algorithmically implemented (e.g. through smart contracts), provided that there is no ongoing control by investors.

Tokens structured as derivatives are considered separately. If a token creates an obligation or right to buy/sell an underlying asset in the future, its value depends on the change in the price of the underlying asset (e.g., stock, index, rate, raw materials), and there is a settlement (in cash or cryptocurrency), it can be classified as a derivative. Perpetual futures, synthetic assets, options and swaps fall into this category. The focus here is on the functionality of the contract rather than the name of the instrument.

If a token is linked to an emissions trading system and grants the right to emit a certain amount of CO₂, it can be recognised as a financial instrument as an emissions certificate. The mandatory criterion is compliance with the requirements of Directive 2003/87/EC and recognition of the token as an eligible settlement instrument under the ETS.

Alongside this, ESMA formulates principles for tokens that do not constitute financial instruments to remain within MiCA. In particular, utility-tokens that grant access rights to digital services or discounts do not equate to securities, even if they have speculative appeal. Similarly, NFTs are recognised as exceptions to MiCA provided they are unique and not interchangeable. To assess uniqueness, it is necessary to consider not only technical attributes (ID, metadata) but also the presence of individual economic and functional characteristics. Fractionated NFTs (F-NFTs) are evaluated separately and are not automatically excluded.

Hybrid tokens that combine features of multiple categories (e.g., payment, investment and service functions) are analysed primarily in terms of the predominant function. If a token provides yield, capital protection or other attributes of an investment instrument, it will qualify as a financial instrument regardless of the other components.

ESMA’s guidelines thus provide a unified methodological framework for assessing the legal nature of cryptocurrency tokens and distinguishing between the objects of MiCA and MiFID II regulation. They aim to eliminate fragmentation in asset qualification between EU countries, protect investors’ rights, ensure legal certainty and respect the principle of technological neutrality. Issuers, payment operators, exchanges and custodians are required to take these criteria into account when issuing tokens, drafting whitepapers, obtaining CASP licences, and preparing legal opinions and prospectuses for market entry.

FREQUENTLY ASKED QUESTIONS

A cryptoasset is a digital expression of value or rights that is transferable and electronically stored using distributed ledger technology or comparable technology. Crypto-assets in the context of MiCA are therefore defined as any digital assets that operate on the basis of decentralised electronic solutions and have indications of economic value or legally enforceable rights.

The scope of Regulation (EU) 2023/1114 (MiCA) does not cover certain categories of digital assets that are subject to regulation under other European Union regulations. In particular, MiCA does not apply to the following types of assets:

  1. Financial instruments within the meaning of Article 4(1), paragraph 15 of Directive 2014/65/EC (MiFID II), including, inter alia, tokenised shares, bonds and derivatives;
  2. E-money as defined in Article 2(2) of Directive 2009/110/EC (EMD II), except where such funds are issued in the form of e-money tokens in accordance with MiCA provisions;
  3. Bank deposits covered by Article 2(1), paragraph 3 of Directive 2014/49/EC on deposit guarantee schemes;
  4. Structured deposits covered by the definition of Article 4(1), paragraph 43 of Directive 2014/65/EC (MiFID II);
  5. Assets subject to the securitisation regime under Article 2(1) of Regulation (EU) 2017/2402 (Securitisation Regulation).

Accordingly, these cryptoassets are treated as exemptions and should qualify under Article 2(4) of MiCA.

Regulation (EU) 2023/1114 (MiCA) sets out the legal framework for the issuance, public offering and admission to trading of the following types of cryptoassets:

- Asset-Referenced Tokens (ART) - digital assets whose value references one or more fiat currencies, commodities, crypto-assets or a combination of these, and are designed to maintain a stable value;

- Electronic Money Tokens (EMT) - crypto-assets denominated in an official currency and intended to be used as a means of payment, similar to electronic money provided for in EMD II;

- Other cryptoassets - digital assets that do not fall within the definition of ART or EMT and are not excluded from the scope of MiCA, including utility tokens and other forms of tokens traded on the market and subject to regulation under the general MiCA regime.

Under Article 3(1), paragraph 6 of Regulation (EU) 2023/1114 (MiCA), an Asset-Referenced Token (ART) is a crypto-asset that is not classified as an e-money token and whose stability of value is ensured by being linked to one or more assets, rights or a combination thereof. The underlying assets may be official currencies, commodities, other crypto-assets or financial rights. The main characteristic of ART is its purpose to maintain a stable value through external collateral.

According to Article 3(1), paragraph 7 of Regulation (EU) 2023/1114 (MiCA), an Electronic Money Token (EMT) is a crypto-asset whose value is maintained in a stable ratio to the nominal value of one official currency. The main purpose of such tokens is to function as a means of payment, similar to traditional electronic money, ensuring their parity with fiat currency. EMTs are subject to additional regulation under MiCA and may only be issued by certain authorised entities

Yes, under the provisions of Regulation (EU) 2023/1114 (MiCA), the issuance of asset-linked tokens (ARTs) requires prior authorisation from the competent supervisory authority, unless such tokens qualify as financial instruments under existing regulation. An issuer planning to publicly offer an ART or allow such tokens to be traded on an organised cryptoasset platform must obtain authorisation as well as comply with current regulatory requirements. One of the conditions for obtaining authorisation is that the issuer has a registered office in the European Union. The authorisation application procedure requires the preparation and submission of a technical document containing information on the nature of the token, the mechanisms for securing its value, the risks and procedures for its use. Once authorisation is granted, the technical document becomes officially approved by the regulator.

Yes, Regulation (EU) 2023/1114 (MiCA) provides for a number of exceptions to the general pre-authorisation requirement for the issuance of ARTs. In particular, Article 16 allows for an exemption from authorisation in the following cases:

- if the average outstanding value of all ARTs issued does not exceed €5,000,000 (or equivalent in another currency) calculated at the end of each calendar day during the preceding twelve months;

- if the public offering of ARTs is addressed exclusively to qualified investors, provided that the ownership of these tokens is restricted to this category of persons only. Additionally, credit institutions falling within the definition in Article 3(1), paragraph 28 of MiCA may also benefit from an exemption from the need to obtain a separate authorisation. It is important to note that even if there are grounds for exemption from authorisation, the issuer is obliged to prepare and submit a technical document (the so-called "white paper" on cryptoassets) to the competent authority of the Member State. In doing so, the content and structure of the document must comply with the requirements of Article 19 MiCA, as well as comply with other obligations set out in Section III of the regulation.

Regulation (EU) 2023/1114 (MiCA) provides issuers of asset-linked tokens (ARTs) with a broad list of legal and organisational obligations aimed at ensuring transparency, financial stability and protecting the interests of token holders. In addition to general requirements relating to corporate governance, disclosure, notification procedures, complaint handling and appropriate internal structure, the issuer is required to:

- Maintain an adequate level of equity capital in accordance with established minimum financial strength ratios;
- develop and implement a clear plan of action for token redemption and reimbursement of liabilities to holders;
- establish and maintain at all times a reserve fund equivalent to the sum of all liabilities arising from the issuance of ART to ensure that tokens are redeemed on demand;
- ensure that the assets included in the reserve are properly held, are as liquid as possible and are only invested in low-risk instruments, in accordance with the criteria prescribed by MiCA. ART issuers are thus required to comply not only with procedural but also financial requirements, which aims to minimise risks and build confidence in the cryptoasset market within the European Union.

Yes, Regulation (EU) 2023/1114 (MiCA) establishes a specific regulatory regime for ART tokens recognised as significant. Under Article 43 of MiCA, the European Banking Authority (EBA) may classify an ART as significant if the token meets one or more predetermined criteria, including the amount of outstanding liabilities, the scale of distribution, use in cross-border settlement, the degree of interconnectedness with the financial system, and the potential impact on monetary policy and financial stability.If an ART is recognised as significant, the issuer is subject to additional requirements under Article 45 of MiCA. These include, inter alia, enhanced corporate governance standards, enhanced disclosure obligations, tighter reserve asset requirements and increased supervisory engagement. In addition, the supervision of such issuers moves from the national level to the European Banking Authority (EBA), which centrally oversees compliance with the relevant MiCA provisions.

Regulation (EU) 2023/1114 (MiCA) provides that the issuance of electronic money tokens (EMTs) may only be carried out by entities with the relevant regulatory status. In particular, the right to issue EMTs is only granted to entities that:

  1. are registered and authorised as credit institutions under Regulation (EU) No 575/2013 (CRR) or as e-money institutions under Directive 2009/110/EC (EMD II);
  2. have prepared and submitted the technical documentation for the cryptoasset to the competent supervisory authority and ensured that it is published in accordance with the requirements of Article 51 of MiCA.

Thus, there is no provision for obtaining a separate authorisation for the issuance of EMTs under MiCA. Instead, it is assumed that the existence of a valid licence in accordance with the aforementioned regulations provides a sufficient basis for the issuance, subject to compliance with the procedural part related to the technical documentation. The content and legal nature of EMTs are equated to electronic money, which is confirmed by a direct reference to the applicability of the provisions of Directive 2009/110/EC. EMT issuers are obliged to ensure the right of holders to redeem tokens at any time at their nominal value, as well as to comply with regulations aimed at consumer protection, including rules on provisioning of reserves, limitation of investment activities and application of prudential supervision measures. The issuance of EMTs is therefore subject to both the provisions of MiCA and the requirements of the Second Electronic Money Directive, subject to the features set out in MiCA.

Under Articles 49 and 50 of Regulation (EU) 2023/1114 (MiCA), EMT issuers are subject to a set of obligations aimed at protecting the rights of token holders and ensuring financial stability. Issuers are obliged to issue EMTs exclusively at par value upon receipt of the relevant cash amount, which excludes the possibility of pre-issuance without actual cover. EMT holders have an unconditional right to claim the cash equivalent of the tokens from the issuer at any time, and the refund is made at full par value, without any deductions or limitations. In order to prevent consumer misrepresentation and unfair practices, EMT issuers and cryptocurrency service providers are expressly prohibited from paying interest, bonuses or other forms of remuneration to token holders throughout their holding period. Additionally, MiCA establishes requirements for proper disclosure of information - issuers are responsible for the accuracy and completeness of the technical documentation (the so-called white paper) accompanying the issuance of EMTs. It also regulates the custody and investment of the proceeds of an issue to minimise risk and provide liquidity to meet redemption obligations.

Normal
0

false
false
false

RU
X-NONE
X-NONE

Yes, Regulation (EU) 2023/1114 (MiCA) establishes an enhanced supervisory regime for EMT tokens recognised as significant. Under Article 56 of MiCA, the European Banking Authority (EBA) may classify EMTs as significant if one or more factors are present, such as the volume of outstanding tokens, the scale of distribution, the use in cross-border payment transactions, the level of interconnectedness with the financial system and the potential impact on monetary policy. If an EMT is recognised as significant, the issuer must comply with additional regulatory requirements, including:

- increased equity capital requirements;
- stricter provisioning and liquidity management requirements;
- enhanced internal control and risk management measures;
- enhanced disclosure and reporting obligations.

If the issuance of significant EMTs is carried out by an e-money institution, supervisory responsibilities for MiCA compliance are partially transferred from the national regulator to the European Banking Authority (EBA), which supervises at a pan-European level, ensuring uniformity of enforcement and monitoring compliance with the enhanced standards.

 

Regulation (EU) 2023/1114 (MiCA) provides a simplified issuance procedure for cryptoassets that are not categorised as asset-backed tokens (ARTs) or electronic money tokens (EMTs). Unlike these categories, the issuance of such cryptoassets does not require prior authorisation from supervisory authorities. However, issuers are required to comply with a number of procedural and information requirements. In particular, when issuing or publicly offering these cryptoassets, except as provided for in Article 4(3) of the MiCA, a white paper must be prepared and submitted to the competent authority with subsequent publication. The white paper must contain comprehensive information on the asset's characteristics, risks, operating mechanisms and holders' rights. In addition, the issuer must comply with the requirements to the content and form of marketing materials, ensure the right of token holders to withdraw consent to purchase, as well as adhere to the established rules of behaviour. Persons initiating a public offering or allowing such cryptoassets to be traded are fully responsible for the accuracy and completeness of the information set out in the white paper. The above-mentioned obligations are exempted, in particular, in the case of cryptoassets issued for free or created by mining (Article 4(3), subparagraph b of MiCA). Thus, even in the absence of licensing, the issuance of unclassified cryptoassets is subject to the MiCA's system of supervision and information transparency.

Regulation (EU) 2023/1114 (MiCA) introduces a single list of services qualifying as cryptoasset-related services. These activities are subject to licensing and regulated in a similar way to investment services in the traditional financial sector. The services covered include:

- Storing and managing cryptoassets on behalf of clients - providing services to ensure the secure storage or control of cryptoassets, including control over the means of accessing them (e.g., private cryptographic keys);
- Management of a cryptoasset trading platform - organising or operating one or more multilateral systems to bring together third party interests to transact cryptoassets based on the rules of the platform;
- Exchanging cryptoassets for fiat currencies - entering into transactions to buy or sell cryptoassets for cash on its own behalf;
- Exchanging cryptoassets for other cryptoassets - conducting transactions to exchange digital assets between each other on behalf of the provider;
- Execution of client orders for cryptoassets - carrying out transactions on behalf of a client, including the placement, purchase or sale of cryptoassets, including as part of a public offering or admission to trading;
- Placement of crypto-assets - offering crypto-assets to end buyers on behalf of or for the account of the issuer or a related person;
- Accepting and transmitting client orders for cryptoassets - receiving orders to buy, sell or subscribe for cryptoassets and transmitting them to third parties for execution;
- Crypto-asset advice - providing personalised investment advice on crypto-assets, whether initiated by the client or suggested by the provider;
- Crypto-asset portfolio management - discretionary management of client assets comprising one or more crypto-assets based on the mandate provided;
- Carrying out cryptoasset transfers - transferring cryptoassets between addresses or accounts in a distributed ledger, for the benefit of clients.

All of the above services are subject to mandatory licensing in the EU. Providing at least one of them requires obtaining Crypto Asset Service Provider (CASP) status, subject to all MiCA requirements, including capital, internal controls, disclosure and risk management requirements.

Yes, in accordance with Article 59 of Regulation (EU) 2023/1114 (MiCA), activities related to the provision of cryptoasset services are only permitted if a valid authorisation is in place. Such services may only be provided by legal persons registered in a Member State of the European Union and granted the status of cryptoasset service provider (CASP) on the basis of an authorisation issued by the national competent authority. The procedure for obtaining the relevant licence is governed by the provisions of Article 63 MiCA and involves an assessment of the applicant's compliance with a number of requirements, including the existence of a minimum share capital, a transparent management structure, adequate internal control procedures and compliance with customer protection and abuse prevention requirements. Thus, access to the provision of crypto services in the EU is strictly limited and is only possible for duly authorised entities.

Yes, Regulation (EU) 2023/1114 (MiCA) provides for exceptions to the general licensing requirement for certain categories of financial institutions. In particular, under Article 60, paragraphs 1-6 of MiCA, organisations such as:

- credit institutions operating under Regulation (EU) No 575/2013 (CRR),
- investment firms regulated under Directive 2014/65/EC (MiFID II),
- electronic money institutions subject to Directive 2009/110/EC (EMD II),

are entitled to provide certain or all cryptoasset-related services without obtaining a separate licence under MiCA.

However, these entities must comply with the following conditions:
- notify the competent supervisory authority of their intention to provide cryptoasset-related services;
- provide the regulator with all the information required by Article 60(7), including a description of the planned activities, the list of services, internal procedures, risk management measures and compliance with customer protection requirements.

Thus, the above categories of financial institutions have a simplified procedure for access to the crypto market, based on the principle of regulatory equivalence and reliability of the existing licence.

Under the provisions of Regulation (EU) 2023/1114 (MiCA), supervisory powers are divided between the national competent authorities of EU Member States and European supervisory authorities depending on the nature of the activity and the scale of the issuance. In Germany, the main supervision of issuers of asset-backed tokens (ARTs), electronic money tokens (EMTs) and cryptoasset linked service providers (CASPs) is carried out by the Federal Financial Supervisory Authority (BaFin) in co-operation with the Deutsche Bundesbank - especially with regard to prudential controls and financial system risk assessment. If an ART is classified as a significant ART (in accordance with Article 43 of MiCA), the supervision of the relevant issuer is fully transferred to the European Banking Authority (EBA). In the case of EMTs recognised as significant (Article 56 MiCA), the supervisory functions are shared between national authorities and the EBA, with the latter centrally supervising compliance with the additional requirements provided for significant issuers. Thus, the supervisory structure under the MiCA combines national and pan-European control, ensuring both local enforcement and uniformity in the regulation of significant crypto market participants across the European Union.

Under Article 67 of Regulation (EU) 2023/1114 (MiCA), cryptoasset related service providers (CASPs) are required to comply with certain prudential requirements, including holding minimum capital or appropriate equivalent protection mechanisms. In addition to equity capital, the use of an insurance policy or comparable guarantee is permitted.

Such insurance solutions or guarantees must:

- be valid throughout the European Union;
- provide coverage for risks related to liability for damages caused by due to breach of professional duties, including in the event of technical failures, loss of access to clients' cryptoassets and other incidents;
- provide irrevocable and uninterrupted protection during the entire period of activity;
- in favour of customers or other affected parties who may be harmed as a result of the provider's activities;
- be appropriate to the level of financial risk, the scope of services provided and CASP's business structure.

An insurance policy or bank guarantee is therefore recognised as an acceptable instrument for meeting prudential requirements, provided that it provides an equivalent degree of protection as the equity requirements and fully complies with the parameters set out in MiCA.

Regulation (EU) 2023/1114 (MiCA) allows for the exclusive performance of the functions of a node operator (node) or validator in a distributed ledger network (DLT) to be exempt from licensing, provided that such activities are limited to only the technical operation of the network - i.e. confirming transactions and updating the distributed ledger, without providing regulated services or issuing cryptoassets.
However, the exemption from authorisation requirements is not absolute. If, in addition to basic technical functions, a node or validator:
- provides regulated services related to cryptoassets (e.g. storage, management, exchange, transfer, order taking, etc.);
- participates in organising trades, soliciting customers or processing transactions on behalf of third parties;
- performs other functions subject to licence under MiCA Articles;
- then such activities may qualify as requiring authorisation, in which case the relevant obligations and requirements will apply.
The final decision on whether a licence is required is made by the competent national supervisory authority, based on an analysis of the nature, purpose and commercial context of the activity. It is therefore advisable to carry out a legal assessment of the functions of the node on a case-by-case basis, especially when carrying out transactions on behalf of customers or interacting with tokens subject to MiCA regulation.

Regulation (EU) 2023/1114 (MiCA) provides transitional provisions allowing companies already operating in the cryptoasset sector before MiCA comes into full force to continue providing services on a temporary basis without immediately obtaining a new licence. However, the application of these provisions is strictly limited by a number of conditions.

Under Article 143(3) of the MiCA, the right to use the transitional period is granted exclusively to service providers that have already carried out cryptoasset-related activities lawfully under national law before 30 December 2024. This includes both entities that were not subject to licensing under national law and those that already had a valid authorisation for comparable activities, provided that they actually provided the relevant services.

In other words, a company can benefit from the transitional regime only if there is:

- an actual connection with an activity subject to MiCA regulation (the provision of one or more services related to cryptoassets);
- there is a legal basis for carrying on such activities under the applicable national regulation at the time of the commencement of the application of MiCA.

However, the provisions of Article 143(3) do not apply to supervised institutions, such as BaFin, which do not carry out cryptoasset-related services, even if they are licensed to provide other financial or banking services. Such companies may not start providing crypto services without obtaining a separate authorisation or appropriate notification as of 30 December 2024.

Thus, a key condition for the application of the transitional regime is the existence of actual ongoing cryptoasset-related activities prior to the MiCA provisions coming into force. Otherwise, market access is only possible after going through the full licensing procedure.

Under Article 60 of MiCA, financial institutions holding a valid licence to operate under other EU regulatory regimes (e.g. credit institutions, investment firms or e-money issuers) may provide cryptoasset-related services without obtaining a separate licence, but subject to a specific notification procedure.

Such notification must be submitted at least 40 working days before the expected date of commencement of the relevant services. The notification shall be sent to the competent supervisory authority (in Germany, BaFin) and must contain the full set of information required by Article 60(7) of the MiCA. This includes, among other things, a description of the services planned, internal control measures, risk management systems and MiCA compliance data.

From the receipt of the notification:

- BaFin must check the completeness of the submitted material and notify the European Commission within 20 working days.
- If the documents are incomplete, BaFin has the right to request additional information, setting a deadline of up to 20 working days for their submission, while the main deadline is suspended.
- However, in the case of submission of clarifications on the applicant's own initiative, the deadline is not suspended.
- The maximum duration of the entire procedure is 60 working days, starting from the date of receipt of the full set of documents.

It is important to note that at the end of this period, the applicant does not receive an automatic right to start activities. In accordance with Article 60(8)(3) of the MiCA, an institution may only start providing services related to cryptoassets once the notification is deemed complete and correct, which must be confirmed by the supervisory authority.

Thus, the submission of a notification requires precise compliance with deadlines and formal requirements. Violation of the established rules may result in rejection of the notification or a prohibition to start cryptoasset activities.

Regulation (EU) 2023/1114 (MiCA) sets out clear requirements on the goodwill, qualifications and reliability of persons involved in the management or control of asset-linked token (ART) issuers and cryptoasset-related service providers (CASPs). These requirements aim to ensure the sustainability, legality and integrity of the EU crypto market.

Members of the governing bodies of an ART or CASP issuer are required to:

- have an impeccable business reputation at the time of application for authorisation;
- have an appropriate level of professional knowledge, skills and experience enabling them to perform management functions effectively;
- devote sufficient time to fulfil their job responsibilities;
- demonstrate the ability to make decisions, comply with regulatory requirements and manage risks.

It is emphasised that the future managing directors of the ART Issuer must have not only experience but also proven expertise in a field relevant to the nature of the tokens to be issued.

As regards shareholders and partners holding a qualifying shareholding (typically 10 per cent or more), the following requirements also apply:

- Good business reputation at the time of authorisation;
- proven financial strength, including transparency of sources of funds;
- absence of reasonable suspicion of involvement in money laundering, terrorist financing or other offences;
- no threat to the ability of the ART or CASP issuer to comply with MiCA requirements following the acquisition or increase in shareholding.

If the acquisition of a qualifying stake takes place after a licence has been issued, the potential investor must first undergo a review to ensure that it meets the listed criteria. The regulator has the right to reject a transaction if its implementation may jeopardise the stability, reliability or legality of the licensed structure.

Thus, MiCA introduces a mechanism of preventive control over the ownership structure and management of cryptocurrency companies in order to exclude non-transparent influence, conflicts of interest and possible abuse of regulatory status.

 

RUE customer support team

Milana
Milana

“Hi, if you are looking to start your project, or you still have some concerns, you can definitely reach out to me for comprehensive assistance. Contact me and let’s start your business venture.”

Sheyla

“Hello, I’m Sheyla, ready to help with your business ventures in Europe and beyond. Whether in international markets or exploring opportunities abroad, I offer guidance and support. Feel free to contact me!”

Sheyla
Diana
Diana

“Hello, my name is Diana and I specialise in assisting clients in many questions. Contact me and I will be able to provide you efficient support in your request.”

Polina

“Hello, my name is Polina. I will be happy to provide you with the necessary information to launch your project in the chosen jurisdiction – contact me for more information!”

Polina

CONTACT US

At the moment, the main services of our company are legal and compliance solutions for FinTech projects. Our offices are located in Vilnius, Prague, and Warsaw. The legal team can assist with legal analysis, project structuring, and legal regulation.

Company in Czech Republic s.r.o.

Registration number: 08620563
Anno: 21.10.2019
Phone: +420 775 524 175
Email:  [email protected]
Address: Na Perštýně 342/1, Staré Město, 110 00 Prague

Company in Lithuania UAB

Registration number: 304377400
Anno: 30.08.2016
Phone: +370 6949 5456
Email: [email protected]
Address: Lvovo g. 25 – 702, 7th floor, Vilnius,
09320, Lithuania

Company in Poland
Sp. z o.o

Registration number: 38421992700000
Anno: 28.08.2019
Email: [email protected]
Address: Twarda 18, 15th floor, Warsaw, 00-824, Poland

Regulated United
Europe OÜ

Registration number: 14153440
Anno: 16.11.2016
Phone: +372 56 966 260
Email:  [email protected]
Address: Laeva 2, Tallinn, 10111, Estonia

Please leave your request