MiCA and CASPs: Authorisation, Governance and Liability under the EU Crypto Regulation

19 May 2025

Corporate Clients, AML, Blockchain & Cryptocurrency

Executive Summary

This Note examines the regulatory obligations imposed on Crypto-Asset Service Providers (CASPs) under Regulation (EU) 2023/1114 (the Markets in Crypto-Assets Regulation – “MiCA”). The Regulation establishes a harmonised legal framework for crypto-assets within the European Union, extending consistent licensing and conduct requirements to entities offering crypto-asset services across the single market.

The Note is primarily addressed to:

  • Legal and compliance teams within crypto-asset businesses;
  • Directors and senior management of CASPs;
  • Regulatory, risk and control functions with oversight responsibilities.

MiCA: Scope and Key Definitions

MiCA applies to a broad range of crypto-assets and delineates regulatory responsibilities for both issuers and service providers. Among its core definitional concepts are:

  • Crypto-assets: Digital representations of value or rights, electronically transferable and storable, leveraging distributed ledger or equivalent technologies.
  • Asset-referenced tokens (ARTs): Crypto-assets purporting to maintain a stable value by reference to a basket of assets (e.g., currencies, commodities).
  • E-money tokens (EMTs): Crypto-assets stabilised against a single fiat currency and intended primarily as a payment mechanism.

These classifications are determinative for regulatory purposes, especially in establishing which entities fall within the scope of MiCA’s obligations.

Licensing Obligations and the Passporting Framework

Article 59 MiCA requires that any entity providing crypto-asset services within the EU must be authorised by the competent authority of its home Member State. The authorisation, once granted, confers EU-wide “passporting” rights, obviating the need for separate national approvals.

This regime introduces a unified authorisation mechanism, substantially reducing compliance burdens across jurisdictions and creating a standardised supervisory framework. CASPs not in possession of a valid licence, or those operating outside the terms of such licence, are subject to regulatory enforcement measures.

Minimum Capital Requirements

CASPs are subject to tiered capital thresholds, as set out in Article 67 and Annex IV MiCA. These are designed to provide prudential safeguards proportional to the risk profile of the service offered:

  • €50,000 – applicable to advisory services in relation to crypto-assets;
  • €125,000 – applicable to the operation of trading platforms;
  • €150,000 – applicable to high-impact functions such as custody or exchange services.

These thresholds reflect MiCA’s intention to align the prudential treatment of CASPs with established financial sector norms.

Governance and Internal Control Requirements

Article 72 of MiCA sets out comprehensive governance standards, drawing parallels with internal control frameworks applicable in regulated financial institutions. CASPs must establish:

  • Organisational structures with clearly defined reporting lines and control responsibilities;
  • Policies for identifying and mitigating conflicts of interest;
  • Arrangements for the segregation of client assets from proprietary holdings.

The objective is to protect client assets, promote operational integrity, and avoid potential misconduct or insolvency-related exposures.

Client Communication and Disclosure Standards

Articles 70 and 71 MiCA require CASPs to ensure all communications with clients meet standards of fairness, clarity, and transparency. Obligations include:

  • Disclosure of all applicable fees, product risks, and functional characteristics;
  • Communication in a format that is accessible and not misleading.

These obligations align with the EU’s broader financial consumer protection agenda and are intended to promote informed engagement by users of crypto services.

White Paper Requirements and CASP Responsibilities

Although CASPs are not the primary drafting parties under Article 6(1) MiCA, they assume legal responsibility for ensuring that crypto-assets they offer are accompanied by compliant white papers. These must disclose:

  • The technological foundation (e.g., blockchain protocols);
  • Legal rights associated with the crypto-asset;
  • Economic use cases and material risks.

Failure to ensure white paper compliance may expose CASPs to supervisory actions and penalties, comparable to liability associated with defective financial prospectuses under securities law.

Enforcement and Sanctions for Non-Compliance

Articles 111 to 115 MiCA introduce a graduated penalty structure applicable to breaches of the Regulation:

  • For legal persons: Administrative fines up to €15 million or 10% of annual turnover, whichever is greater;
  • For natural persons: Fines of up to €700,000.

Regulators are further empowered to suspend authorisations, freeze assets, and publish breaches to ensure deterrence and preserve market confidence.

Sanctionable conduct includes, inter alia:

  • Operating without requisite authorisation;
  • Failing to adhere to internal governance obligations;
  • Providing insufficient or misleading disclosures in communications or white papers.

Conclusion: A Compliance Framework with Strategic Implications

MiCA represents a material elevation in the compliance expectations for CASPs. It does not merely codify operational requirements but imposes positive duties across governance, communication, and capital maintenance.

CASPs must take a proactive stance to ensure full alignment with MiCA. Beyond mitigating the risk of regulatory sanction, early and robust compliance positions CASPs to leverage the Regulation’s harmonised passporting regime and compete effectively across the EU’s crypto market.

Recommendation

Given the scope of MiCA and the significance of its implementation deadlines, we recommend that legal, compliance and senior business functions within in-scope entities initiate or accelerate alignment exercises. This should include:

  • A review of capital structures;
  • Evaluation of governance and risk management frameworks;
  • Due diligence on asset-backed disclosures and white paper content;
  • Legal assessment of the firm’s capacity to meet authorisation criteria.

Further regulatory guidance and supervisory practice may continue to evolve. Ongoing monitoring is therefore essential.



© New Balkans Law Office 2025

The Bulgarian and dual-qualified lawyers of New Balkans Law Office are regulated by the respective Bar of their registration. New Balkans Law Office is a brand name of Legal Services EOOD, a company registered under Bulgarian law. Reg’d No. 202331677. Further details are available here.

© New Balkans Law Office 2025