A turning point in crypto regulation


The Council of the European Union has approved the draft Regulation on Markets in Crypto-assets (MiCAR) and has thus taken another decisive step towards creating a harmonised regulatory framework for crypto-assets across Europe. In its meeting on 5 October 2022, the Committee of Permanent Representatives of the Member States (COREPER) approved the draft, which had been materially further developed compared to the original version of 19 November 2021, clearing the way for a final vote by the European Parliament. On 10 October 2022, the Committee on Economic and Monetary Affairs of the European Parliament approved the proposal. A vote in the plenary of the European Parliament (first reading) is expected to take place shortly. The new regulation could become applicable in early to mid-2024, subject to certain transitional provisions.

Objectives of MiCAR and summary of key points

The details of the new regulation were discussed in interinstitutional negotiations between representatives of the European Council, the European Commission and the European Parliament. The initial legislative proposal for MiCAR had been originally prepared and presented by the European Commission on 24 September 2020 as part of the Digital Finance Package. The package included strategies for the digitalisation of the financial sector, a strategy for large-volume payments, as well as drafts of MiCAR and the Digital Operational Resilience Act (DORA).

MiCAR aims to create a uniform EU-wide regulatory framework for crypto-assets, their issuers and certain service providers, as well as measures to protect investors and prevent market abuse. In this respect, MiCAR will regulate both primary market activities (especially issuing crypto-assets) and secondary market services. For these purposes, the current draft of MiCAR contains rules on transparency and disclosure obligations for the issuance of and trading in crypto-assets, an authorisation obligation and regulation of crypto-asset service providers and issuers of crypto-assets, conduct-of-business rules for crypto-asset issuers and crypto-asset service providers, investor and consumer protection regulations for the issuance, trading and custody of crypto-assets, as well as regulations to combat market abuse on crypto trading platforms.

Scope of MiCAR

The scope of MiCAR is primarily intended to cover fungible crypto-assets, which are not covered by currently applicable EU legislation on financial services, such as MiFID II. Therefore, tokens that qualify as securities (security tokens) do not fall under the new regime, but will instead continue to be treated as securities.

MiCAR defines the term crypto-asset as “digital representations of a value or a right which may be transferred and stored electronically, using distributed ledger technology or similar technology”. Unlike the definition of the corresponding term in the German Banking Act (Kreditwesengesetz), it is not necessary that the crypto-asset be accepted as a means of exchange or payment or serve investment purposes. Similarly, it is irrelevant whether the crypto-asset is issued or guaranteed by a central bank or public body and has the legal status of currency or money.

MiCAR further divides the term “crypto-asset” into the following three sub-categories:

  • Asset-referenced tokens, which are tokens other than e-money tokens that purport to have a stable value by referencing another value or a right or a combination of both, including one or more official currencies;
  • Electronic money tokens, which are tokens that purport to have a stable value by referencing the value of an official currency of a country issued by a central bank or other monetary authority. These are tokens that primarily serve as a means of payment. They also include stable coins if their value is linked to a central bank currency such as the US dollar or the euro; and
  • Utility tokens, which are tokens intended to provide access to a good or service supplied by the issuer of these tokens.

Unique and non-fungible crypto-assets, which includes, for example, digital art and collectibles, as well as crypto-assets that represent existing goods and services in the real economy, are to be expressly excluded from the scope of MiCAR. As a consequence, non-fungible tokens (NFTs) or utility tokens are largely excluded from the scope of MiCAR. Although these types of crypto-assets could also be traded in market places and be accumulated speculatively, these crypto-assets are – as stated by the recitals of MiCAR – not readily interchangeable as their relative value cannot be ascertained due to their unique character, so that the risk emanating from these crypto-assets is limited. However, MiCAR specifies an exception for the issuance of fractional parts of unique and non-fungible crypto-assets: The issuance of crypto-assets as non-fungible tokens in a large series or collection shall be considered as an indicator of their fungibility. Thereby, MiCAR qualifies certain NFTs divided into fractional parts as crypto-assets falling in the scope of MiCAR, however, without further defining the terms “series” or “collection”.

In terms of timing, MiCAR will give market participants time to adapt to the new regulations. In principle, MiCAR will not be applicable until 18 months after entering into force, although the provisions on asset-referenced tokens and e-money tokens will already apply 12 months after MiCAR comes into force. In addition, MiCAR stipulates generous transitional provisions that postpone in particular the applicability of the newly introduced authorisation requirements by up to another 18 months. However, Member States can deviate from this timeline and individually provide for an earlier applicability (see Article 123 MiCAR).

New authorisation obligations

The central element of MiCAR is the new authorisation requirement for issuers and offerors of asset-referenced tokens and e-money tokens as well as for offerors of certain crypto-asset-related services. In addition, MiCAR provides for certain conduct-of-business rules for issuers and offerors of crypto-assets as well as for offerors of crypto-asset-related services.

Authorisation requirement for issuers and offerors


For the purpose of the authorisation requirements, MiCAR distinguishes between the issuer of crypto-assets, i.e. the natural or legal person or other undertaking that issues the crypto-assets, and the offeror of crypto-assets, i.e. the natural or legal person, or other undertaking or the issuer, that offers crypto-assets to the public.

Once MiCAR comes into force, asset-referenced tokens and e-money tokens will no longer be allowed to be issued or offered in the EU without the corresponding authorisation of the competent authority.

Requirements for issuing and offering asset-referenced tokens

Issuers of asset-referenced tokens must have been established in the EU and have sufficient own funds and reserve assets. The latter requirements were significantly tightened during the interinstitutional negotiations.

There is an exemption from the authorisation requirement for the issuance of asset-referenced tokens by credit institutions. These issuers are only obliged to prepare and submit a white paper for approval. In addition, MiCAR provides exemptions from the authorisation requirement if a certain outstanding value of the issued asset-referenced tokens is not exceeded or if the offer of crypto-assets is only addressed to qualified investors.

Contrary to all efforts by crypto lobbying organisations, MiCAR introduces a cap on the issuance of asset-referenced tokens by an issuer if trading in the relevant token exceeds 1 million transactions or EUR 200 million in trading volume per day. However, as the cap only applies to asset-referenced tokens, stable coins that are linked to the euro (e-money tokens) are not covered by the provision. This could possibly increase the number of stable coins linked to the euro in the long term.

E-money tokens

E-money tokens can only be issued by credit institutions and e-money institutions. Furthermore, e-money tokens issued by these issuers must meet certain additional requirements regarding the issuance and redeemability of e-money under the E-Money Directive. A new requirement introduced in the course of the interinstitutional negotiations is the obligation of the offeror of e-money tokens to notify the issuance of the e-money tokens to the competent authority 40 working days in advance.

Significant crypto-assets

In addition, EBA may under certain circumstances classify individual asset-referenced tokens and e-money tokens as significant, which results in stricter regulatory requirements applying to such tokens.

For asset-referenced tokens, this is the case, for example, if the number of holders has exceeded the threshold of 10 million, the market capitalisation of the crypto-asset is higher than EUR 5 billion or the number of transactions with this crypto-asset has exceeded 2.5 million or EUR 500 million respectively per day. In addition, certain issuers may voluntarily apply with the competent authority for a classification of their asset-referenced tokens or e-money tokens as significant.

Authorisation requirement for offerors of certain services


In future, offerors of certain services in connection with crypto-assets will also require an authorisation from the competent authority. The relevant crypto-asset services covered by MiCAR are similar to those services that require an authorisation under existing German banking regulatory law, which is in particular due to the broad definition of “financial instruments” there.

The relevant services under MiCAR include:

  • custody and administration of crypto-assets on behalf of third parties,
  • operating a trading platform for crypto-assets,
  • exchanging crypto-assets for funds,
  • exchanging crypto-assets for other crypto-assets,
  • executing crypto-asset orders on behalf of third parties,
  • placing crypto-assets,
  • providing transfer services for crypto-assets on behalf of third parties,
  • receiving and transmitting crypto-asset orders on behalf of third parties,
  • providing advice on crypto-assets; and
  • providing portfolio management on crypto-assets.

Credit institutions are exempt from the authorisation requirement when providing crypto-asset services if they notify their competent national authority of the intended activity in advance. For investment services companies, MiCAR stipulates facilitations with regard to crypto-asset services that correspond to those for which they have already been granted a corresponding authorisation under MiFID II or the respective national regulatory provisions.

EU passporting and reverse solicitation


Comparable with the German Banking Act (Kreditwesengesetz) and the German Securities Institutions Act (Wertpapierinstitutsgesetz), MiCAR allows the provision of cross-border crypto-asset services in other EU Member States, so that the offeror of crypto-asset services does not have to apply for a separate authorisation in each Member State where it offers its services. For this purpose, the offeror must notify the competent authority in its home Member State of the intended activity. Upon entry in a register kept with ESMA and EBA and the notification of the crypto-asset service offeror, the offeror may operate in the respective host Member State. In this context, it is worth mentioning that MiCAR makes no distinction in regulatory requirements between cross-border activities and the establishment of a branch, as is usual for banking and financial services.

Comparable with the currently existing authorisation requirements under German banking regulatory law, offerors of crypto-asset services may make use of the so-called reverse solicitation exception from the authorisation requirement, which allows to provide crypto-asset services in other EU Member States without authorisation if an EU-based client initiates at its own exclusive initiative the provision of a crypto-asset service or activity by a third‐country firm.

Obligation to prepare a white paper

Based on the provisions of the EU Prospectus Regulation with regard to the public offering and admission of securities to the regulated market, MiCAR provides for certain publication obligations. These depend on the type of crypto-asset being offered.

White paper for issuing crypto-assets


For crypto-assets that are not asset-referenced tokens or e-money tokens, there is an obligation to prepare a white paper for a public offering and admission to trading on a trading platform. The white paper must also be registered with the competent national authority and published on the website of the issuer or admission applicant. No approval of the white paper by the national authority is required. The authority of the Member State in which the crypto-assets are to be marketed or admitted to a trading platform is responsible for registering the white papers.

The required content of the white paper has been scaled down considerably in the course of the interinstitutional negotiations. For example, instead of a “detailed description” of the main risks, the white paper now only has to provide “information on risks”, and instead of a “detailed description” of the offeror, the white paper now only has to provide “information on the offeror”. The white paper serves disclosure and information purposes and its content is based on the requirements of the EU Prospectus Regulation and the associated Delegated Regulations.

White paper for issuing asset-referenced tokens and e-money tokens


For asset-referenced tokens, MiCAR stipulates further content requirements for the white paper. Also in this respect, considerable changes were made in the course of the interinstitutional negotiations. As with other crypto-assets, the white paper does not have to be approved by the competent authority. However, it must be submitted as part of the authorisation-granting procedure and will be examined by the competent authority in this context. The white paper is deemed to have been approved once the applicant issuer has been authorised.

In the case of issuances by credit institutions that do not require further authorisation to offer asset-referenced tokens, the white paper must be approved separately by the competent authority.

For e-money tokens, MiCAR stipulates further content requirements for the white paper, which rules once again have been amended during negotiations. In contrast to asset-referenced tokens, the white paper for e-money tokens is not subject to review by the authority. Instead, the white paper is merely registered with the competent authority.

Liability for white papers


As under securities prospectus law, the white paper under MiCAR entails civil liability on the part of the issuer.

In the case of a white paper for crypto-assets that are not asset-referenced tokens or e-money tokens, the offeror, the person seeking admission to trading of crypto-assets for admission and the operator of a trading platform or their respective board members bear civil liability if the required content is not included in the white paper. This also generally applies to asset-referenced tokens and e-money tokens.

In contrast to the previous draft, MiCAR now (irrespective of a possible national civil liability rule) directly provides the normative nexus for civil liability (see Articles 14, 22 and 47 MiCAR).

Protection against market abuse

MiCAR also contains prohibitions and requirements to prevent market abuse in connection with crypto-assets. However, the scope of application of these provisions is limited to crypto-assets admitted to trading on a trading platform for crypto-assets or for which admission to trading has been applied for. Comparable to the provisions of the Market Abuse Regulation, issuers of admitted crypto-assets must disclose inside information. Furthermore, MiCAR includes provisions to prevent insider trading, unlawful disclosure of inside information and market manipulation.


MiCAR will, if passed in the current form by the European Parliament in the near future as is likely, represent a milestone in the regulation of crypto-assets. For Germany, however, this does not follow from the introduction of new authorisation requirements, as German regulatory law – due to the broad definition of “financial instruments” which covers crypto-assets – has already imposed a licensing requirement on essential crypto-asset services. Instead, the special significance is due to the creation of harmonised rules within the EU and the enabling of passporting. This creates a level playing field including the option of passporting, which market participants have been awaiting for some time. Nonetheless, the German legislator will eventually have to adapt the national German regulatory law to the requirements of MiCAR. However, in view of the generous applicability and transitional provisions of MiCAR, there is no immediate time pressure for this. Furthermore, even though MiCAR represents a major step towards a harmonised regulation of crypto-assets, it has to be acknowledged that MiCAR will not solve all legal challenges in the crypto-asset sector in one swoop. Further need for regulation and clarification, especially for NFTs, can already be foreseen. It is therefore likely that the regulatory framework for crypto-assets and related services will continue to evolve dynamically. 

Financial Services Regulation
Capital Markets
Banking & Finance