The Markets in Crypto-assets Regulation (MiCA) has been released, two years after it was first proposed. MiCA aims to create an EU regulatory framework for the issuance, intermediation, and dealing of cryptoassets. It will introduce licensing, conduct of business requirements, and a market abuse regime, with the parts of the regulation expected to come into force from spring 2024. The goal is to strengthen the confidence of the cryptoasset markets and clarify regulatory obligations, while also providing consumer protection rules for the issuance, trading, exchange, and custody of cryptoassets.

MiCA creates a broad regulatory framework for cryptoassets in the EU, which includes regulating the issuance and admission to trading of cryptoassets, transparency and disclosure requirements, licensing of cryptoasset service providers, issuers of asset-referenced tokens, and issuers of electronic money tokens. It also clarifies the powers available to competent authorities and strengthens market abuse regulations.

Although the requirements under MiCA are similar to existing EU financial services regimes, firms engaged in cryptoasset activities will need to consider the nuances between MiCA and the existing regulatory framework to ensure compliance. Firms need to determine if they fall under the MiCA definition of "cryptoassets" or whether they are subject to another regulation. The regulation does not cover security tokens or other cryptoassets that qualify as financial instruments for the purposes of MiFID II, deposits, securitization positions, insurance, or pension products.

Issuers of cryptoassets need to publish a white paper, describe the project and main participants, blockchain consensus mechanism, the terms of the offer to the public, the rights attaching to the cryptoassets in question, disclose the risks associated with the cryptoassets, and provide a summary. The white paper does not require prior approval, but the relevant competent authority may require amendments or suspend the offer or trading of the cryptoassets.

MiCA forms part of the European Commission's wider digital finance strategy, which includes a Regulation on digital operational resilience and a new Regulation on a distributed ledger technology pilot regime focused on financial market infrastructures based on DLT.

Cryptoasset service providers (CASPs) are required to be authorized by the relevant competent authority and comply with detailed requirements in respect of their governance arrangements and risk management. CASPs must also disclose what type of blockchain consensus mechanism they use and maintain prudential safeguards. It is important for firms to review the requirements they are subject to under MiCA that relate to the particular cryptoasset service they provide. MiCA also introduces specific liability requirements for custodians of cryptoassets in relation to losses, where the custodian must return identical assets or their value to the issuer without undue delay, unless it can prove the loss arose from an external event beyond its reasonable control.

In summary, MiCA introduces a comprehensive regulatory framework for cryptoassets in the EU. The regulation applies to both issuers of stablecoins and providers of cryptoasset services, and imposes requirements related to licensing, governance, risk management, disclosure, prudential safeguards, and market abuse. The competent authorities in each member state will be responsible for supervising and enforcing the requirements, and ESMA and the European Banking Authority will have additional powers over significant cryptoasset service providers and stablecoin issuers, respectively. MiCA is expected to be formally adopted in February 2023, with the provisions on asset-referenced tokens and e-money tokens coming into force in spring 2024 and other provisions coming into force in the second half of 2024. Firms already providing cryptoasset services should undertake a detailed analysis of their activities to see what is caught by MiCA vs other existing legislation and to consider where changes to existing policies are needed or additional requirements might apply accordingly. Firms not currently authorized should act now to establish an undertaking in an appropriate member state and secure the relevant authorization given the time that such processes can take.