MiCA Regulation and EU Crypto Rules: What Changes in 2026

The EU’s Markets in Crypto Assets (MiCA) regulation is a huge step for crypto regulations in the EU and beyond. 

On December 30, 2024, MiCA fully came into effect, and the transitional grandfathering period began. This phase, which is soon coming to an end, allows existing crypto-asset service providers (CASPs) that were operating legally before this date to continue their services in the EU without immediate compliance with the new regulations, provided they apply for authorization within the specified deadlines.

Depending on the member state, this grandfathering period can last until July 1, 2026, or until a provider is granted or denied authorization, whichever comes first. That means CASPs must keep July 1, 2026, firmly in mind as an absolute deadline for the EU.

In practice, however, many EU member states have opted for shorter transitional windows. In several jurisdictions, those windows are already closing or have closed altogether, increasing the urgency for crypto businesses to understand their MiCA obligations well ahead of the final EU deadline.

In this article, Sumsub explains what MiCA is, who it applies to, and what crypto businesses need to prepare for as the EU’s new regulatory regime takes full effect.

What is the MiCA regulation?

The Markets in Crypto-Assets Regulation (MiCA) is the European Union’s first comprehensive legal framework for regulating crypto-assets and crypto-asset service providers (CASPs). Formally known as Regulation (EU) 2023/1114, MiCA establishes uniform rules across all EU member states for the issuance, trading, and custody of crypto-assets that were previously governed by fragmented national laws.

The MiCA regulation applies to crypto-assets not already covered by existing EU financial regulations, including many utility tokens and stablecoins. 

By creating a single regulatory regime, the MiCA regulation aims to reduce legal uncertainty, eliminate regulatory arbitrage, and bring European crypto markets closer to traditional financial oversight.

The new system promises to make the crypto industry safer for investors and consumers, while providing a unifying standard for companies operating in the EU.

Suggested read: Global Stablecoin Compliance: GENIUS Act, MiCA, Hong Kong, Singapore, and More Key Rules

The purpose of MiCA in the EU, and its core objectives

The purpose of MiCA is to establish uniform rules for issuers of crypto-assets that have not been regulated by other EU crypto regulations, as well as for providers of services related to such crypto-assets. 

MiCA’s core objectives include:

• Investor protections by ensuring clear disclosures, fair marketing practices, and safeguards for retail users
• Market integrity by reducing fraud, market manipulation, and operational risk
• Innovation support by helping crypto businesses to scale across the EU under one license (i.e., a passporting regime)
• Financial stability through tighter controls on stablecoins (Asset-Referenced Tokens and E-Money Tokens)

In practice, MiCA implements these objectives by introducing detailed transparency and disclosure requirements for the issuance, offering, and admission of crypto-assets to trading platforms. It establishes a harmonized framework for the authorization and ongoing supervision of crypto-asset service providers (CASPs), as well as issuers of asset-referenced tokens and e-money tokens.

MiCA also sets clear standards for the organization, governance, and operational resilience of issuers and service providers, ensuring consistent compliance across the EU. In addition, it defines specific conduct rules and market abuse measures, including prohibitions on insider trading, unlawful disclosure of inside information, and market manipulation, thereby clarifying the responsibilities and liabilities of all regulated participants.

Suggested read: ECB President Lagarde Warns EU to Address Stablecoin Vulnerabilities

MiCA timeline and implementation across Europe

MiCA entered into force in 2023 and has followed a phased rollout, reshaping European crypto regulation:

• On June 30, 2024, rules for ARTs and EMTs became applicable
• On December 30, 2024, the full MiCA framework for CASPs took effect

However, MiCA also includes a grandfathering transitional period for existing crypto businesses. EU member states may allow CASPs that were legally operating under national law before December 30, 2024, to continue operating until July 1, 2026, or until they receive (or are refused) MiCA Europe authorization, whichever comes first.

Some EU countries have chosen to apply the full 18-month grandfathering period allowed under MiCA, giving existing CASPs until July 1, 2026, to continue operating under their national regimes before needing full CASP authorization. EU member states such as France, Malta, Luxembourg, and Estonia have adopted this full 18-month period, providing an extensive runway for firms to prepare and transition to MiCA licensing. To take advantage of this, CASPs must submit their application before the deadline specified in the legislation.

In contrast, other member states have opted for shortened transitional periods. For example, the Netherlands and Poland implemented shorter windows, expiring mid-2025, while Germany, Austria, and Ireland use 12-month periods concluding by the end of 2025.

Suggested read: European Banks Unite to Launch Euro-Backed Stablecoin

Who the MiCA regulation applies to (and who is not affected)

1. The MiCA Regulation introduces a structured regulatory framework covering issuers of ARTs, EMTs, and assets other than ARTs and EMTs:

Asset-referenced tokens (ARTs)

Crypto-assets that aim to maintain a stable value by referencing other assets or a basket of assets, such as currencies or commodities.

E-money tokens (EMTs)

Crypto-assets that are pegged to a single official currency (stablecoins), such as the euro.

Crypto-assets other than ARTs or EMTs

Crypto-assets that are neither ARTs nor EMTs (e.g., utility tokens intended to provide access to a good or service supplied by the issuer).

2. MiCA also covers the offering of crypto-assets to the public in the EU or the seeking of their admission to trading on a trading platform operated in the EU. These activities may be carried out by any person, including issuers or third parties.
   
3. MiCA also applies to CASPs, which are legal entities or other undertakings that professionally provide one or more crypto-asset services to clients as their main occupation or business.

Crypto-asset services include:

1. Providing custody and administration of crypto-assets on behalf of clients
2. Operating a trading platform for crypto-assets
3. Exchanging crypto-assets for funds
4. Exchanging crypto-assets for other crypto-assets
5. Executing orders for crypto-assets on behalf of clients
6. Placing of crypto-assets
7. Reception and transmission of orders for crypto-assets on behalf of clients
8. Providing advice on crypto-assets
9. Providing portfolio management on crypto-assets
10. Providing transfer services for crypto-assets on behalf of clients.

The MiCA regulation does not apply to:

• Crypto-assets that are covered by other EU financial services acts (e.g., those that qualify as financial instruments, pensions, or insurance products)
• Providers of crypto-asset services exclusively for their parent companies or subsidiaries, liquidators, and administrators in insolvency proceedings
• The European Central Bank and national central banks, the European Investment Bank, the European Financial Stabilisation Mechanism, the European Stability Mechanism, and public international organizations
• Crypto assets that are unique and not interchangeable (“fungible”) with others (e.g., non-fungible tokens that represent digital art or collectibles).
• Fully decentralized services without any intermediary or identifiable controller.

Suggested read: EU Crypto Regulations: Complete Guide

How MiCA affects crypto businesses

Under MiCA, many crypto businesses operating in the EU are classified as crypto-asset service providers (CASPs) and must meet licensing and operational requirements similar to those in traditional financial services. This mainly affects exchanges, trading platforms, custodians, wallet providers, and token issuers.

Exchanges and trading platforms must obtain CASP authorization from a national regulator, follow conduct-of-business rules, and put safeguards in place for market integrity, customer disclosures, and complaint handling. Once authorized, they can passport their services across the EU, but only for activities covered by MiCA.

Custodians and wallet providers are subject to stricter rules on protecting client assets, asset segregation, and the use of third-party custodians, including clear disclosure when custody functions are outsourced.

Token issuers must meet transparency and governance requirements, with higher obligations for asset-referenced tokens (ARTs) and e-money tokens (EMTs), such as reserve management and redemption rules.

Overall, MiCA moves crypto firms from lightly regulated operations to supervised, licence-based businesses. Any company offering crypto services or tokens in the EU must comply with these rules.

Compliance requirements under MiCA

Under the Markets in Crypto-Assets framework, CASPs must meet a set of compliance obligations related to authorization, capital, governance, and transparency to operate legally in the EU.

However, MiCA’s scope extends beyond CASPs alone. The regulation also introduces distinct obligations for crypto-asset issuers, including issuers of ARTs and EMTs, as well as offerers seeking admission of crypto-assets to trade on EU platforms.

Key MiCA compliance requirements for CASPs include:

• Authorization and registration
  CASPs must obtain formal authorization from a national competent authority (NCA) and maintain an EU-registered office and responsible management. It should be incorporated as a legal person, and one of the directors must be resident in the EU. Once authorized, firms can passport services across the EU.
• Capital requirements
  MiCA sets tiered minimum capital thresholds based on services provided: €50,000 for lower-risk services such as order execution or advice; €125,000 for exchange or custody services; €150,000 for operating a crypto trading platform. CASPs must also hold their own funds equal to at least one quarter of fixed overheads.
• Governance and internal controls
  Providers must implement formal governance frameworks, risk controls, AML procedures, continuity plans, and data security procedures.
• Transparency and disclosures
  Issuers and firms offering crypto-asset services to the public must prepare and publish a crypto-asset white paper detailing the asset, issuer, risks, and marketing communications in line with MiCA disclosure standards.

Key MiCA compliance requirements for ART issuers include:

• Authorization and EU presence
  ART issuers must be established in the EU and obtain authorization from their home Member State, unless they qualify as a credit institution issuing an approved crypto-asset white paper.
• Reserve and capital requirements
  Issuers must maintain a robust reserve of assets fully covering their liabilities to token holders, alongside their own funds meeting minimum thresholds (at least €350,000) tied to reserves and fixed overheads.
• Redemption and holder rights
  ARTs must be redeemable at any time upon request, either at market value or by delivery of the referenced assets. Issuers must act in the best interests of holders and treat them equally.
• Transparency and liability
  ART issuers must publish a crypto-asset white paper and marketing communications, and are liable for damages arising from inaccurate or misleading disclosures.

Key MiCA compliance requirements for EMT issuers include:

• Authorization and registrations
  EMTs may only be issued by authorized credit institutions or e-money institutions, aligning EMT issuance closely with existing EU payments regulation.
• Issuance and redemption at par value
  EMTs must be issued at par value upon receipt of funds and redeemable at any time, at par, at the request of the holder.
• Safeguarding and asset protection
  Funds received in exchange for EMTs must be invested in secure, low-risk assets and held separately with a credit institution to protect token holders.
• Transparency and marketing controls
  Issuers must publish a crypto-asset white paper and ensure marketing communications are fair, clear, and not misleading, with liability for incorrect disclosures.
• Operational resilience and recovery planning
  EMT issuers must maintain recovery and redemption plans to ensure continuity and orderly wind-down if obligations cannot be met.

Key MiCA compliance requirements for offerers seeking admission of crypto-assets to trade on EU platforms include:

• Legal establishment and accountability
  Offerers or persons seeking admission to trading must be established as a legal person and are legally liable for the accuracy and completeness of information provided to the public in white papers.
• Transparency and disclosures
  They must prepare and publish a crypto-asset white paper, along with related marketing communications, on their website. All disclosures must be fair, clear, and not misleading.
• Conduct and investor protection
  Offerers are required to act honestly, fairly, and professionally, manage and disclose conflicts of interest, and communicate responsibly with actual and potential crypto-asset holders.
• Liability and withdrawal rights
  MiCA introduces explicit civil liability for incorrect or misleading information in white papers and grants retail holders a right of withdrawal within a defined period.

Together, these requirements bring crypto firms closer to traditional financial regulation, making MiCA compliance an ongoing operational obligation rather than a one-time licensing exercise.

MiCA vs other global crypto frameworks

MiCA establishes a single, harmonized EU-wide framework for crypto-assets not already covered by existing financial-services legislation, with EU-wide licensing, passporting, and clearly defined regulatory categories for CASPs and issuers of stablecoins.

Meanwhile, other major jurisdictions are exploring different approaches to crypto frameworks.

United Kingdom

The UK is moving toward a crypto activity framework regulated within its existing financial services architecture. In December 2025, the FCA released a consulting paper on rules for trading platforms, intermediaries, aspects of lending and borrowing, staking, and decentralized finance, indicating there would be new guidance to come in 2026.

United States

The United States, meanwhile, has a more fragmented approach. While there’s still no single federal crypto law, and oversight is split across multiple agencies (e.g., SEC, CFTC, FinCEN), 2025 saw major federal movement on stablecoins (e.g., the GENIUS Act) and market-structure proposals, such as the CLARITY Act.

Suggested read: Crypto Regulations in the US—A Complete Guide

Asia-Pacific

Across the Asia-Pacific, crypto-asset regulatory frameworks are also emerging through formal legislation and licensing regimes, creating a fragmented landscape. In Singapore, crypto-asset activities are regulated under the Monetary Authority of Singapore. The Payment Services Act helps regulate digital payment token services, while digital token service providers (DTSPs) are also subject to a licensing regime. 

Singapore also has a dedicated stablecoin framework for single-currency stablecoins.

Hong Kong has similarly embedded crypto regulation into legislation, including licensing regimes for virtual asset trading platforms and stablecoin issuers.

Suggested read: Breaking News, Explained: Hong Kong’s LEAP and Licensing for Stablecoin Issuers

Latin America

In Latin America, Brazil and Argentina have introduced licensing, AML, and consumer-protection requirements for crypto intermediaries, often tied to existing payments or securities frameworks.

Suggested reads: 
Crypto Compliance in Argentina: What You Need to Know
Stablecoin Payments Classified as Foreign Exchange in Brazil’s New Crypto Rules

Africa

Across Africa, regulatory approaches range from restrictive to enabling, with jurisdictions like Nigeria gradually clarifying the legal status of crypto-assets through central bank guidance, AML rules, and targeted licensing regimes.

2026 MiCA updates and practical implications

As the end of the transitional phase approaches, MiCA is moving from staggered implementation to full EU-wide enforcement ahead of the July 1, 2026, deadline. Throughout 2025, national regulators and ESMA have published clarifications leading into 2026.

The following additional clarifications were published in 2025:

• Transitional period warnings: ESMA has stressed that as national MiCA transitional periods expire across the EU, CASPs operating without authorization must implement orderly wind-down plans to minimize harm to clients. ESMA has also warned that last-minute authorization applications should be subject to heightened regulatory scrutiny and that national regulators are expected to enforce against firms continuing to provide services without approval once the transitional period ends. Investors have been urged to verify providers against the Interim MiCA Register, noting that full MiCA protections apply only to authorized CASPs. ESMA has published a country-by-country list of grandfathering periods. This potentially complicates cross-border operations as one group entity in the EU may face an earlier deadline than another.
• More technical detail: ESMA continued releasing MiCA technical standards and Q&As, reducing interpretation space for CASPs.
• Stronger supervisory tone: ESMA warned CASPs to clearly communicate the regulatory status of their products.

Messaging throughout 2025 has emphasized that many CASPs needed to complete licensing, disclosure, and data retention preparations ahead of the progressive closure of the national transitional period. Regulators expect affected firms to demonstrate active progress toward MiCA authorization, with full MiCA compliance applying once a CASP’s applicable transitional window ends.

Here you can find a full list of the guidelines and technical regulations published in 2025.

MiCA: What to expect in 2026

In mid-2026, MiCA is moving into full EU-wide application. There will be no further grace period beyond the national transitional deadlines. CASPs that have not obtained authorization must stop providing regulated crypto-asset services in the EU. 

Regulators expect all CASPs to achieve full MiCA compliance by the end of the applicable transitional period, including:

• Fully implemented AML/CFT processes, including CDD, transaction monitoring, Travel Rule, and other processes
• Implemented governance, risk, and control structures
• Implemented data retention, reporting, and audit-ready systems

These are core prerequisites for obtaining and maintaining MiCA authorization.

Common compliance challenges under MiCA regulation

Despite its greater clarity, the MiCA Regulation presents several practical compliance challenges for crypto businesses.

At the moment, around 130–140 CASP licenses have been issued EU-wide (mostly in Germany, the Netherlands, France, and Malta), compared to the hundreds of thousands of VASPs that were operating previously. So, what are the problems? 

⚠️The biggest barrier is the authorization process itself. Applying for a CASP license means submitting hundreds of pages of documentation: detailed business plans, governance structures, AML/CFT and IT policies, proof of capital, and exhaustive “fit and proper” checks on management and shareholders. Regulators often go through multiple rounds of questions. 

⚠️Companies spend a lot on consultants, audits, system upgrades, and ongoing reporting. For startups and small platforms, this is often unsustainable. Many are merging with bigger competitors, shutting down EU operations, and relocating to friendlier jurisdictions. For example, the Lithuanian VASP landscape study (though not all names are public) shows specific firms ceasing services or relocating due to MiCA’s compliance regime.

⚠️Technical requirements add another layer of pain. For example, white papers must be filed in machine-readable iXBRL format, while order books are shifting to structured JSON. Integrating these with DORA Resilience rules and the Travel Rule demands significant IT investment and expertise, which most small teams lack.

⚠️Meanwhile, DeFi and NFT projects face ongoing uncertainty. Fully decentralized protocols are mostly exempt, but any centralized element can trigger full MiCA obligations, driving innovation outside the EU.

In short, MiCA’s heavy administrative and financial burden is squeezing out smaller players and concentrating the market in fewer, larger hands.

Suggested read: Regulatory Fragmentation: The Hidden Cost of Compliance in Digital Assets

Expert insight: What’s next for EU crypto regulation

Looking ahead to 2026-2027, one of the most significant developments will be the activation of the Crypto-Asset Reporting Framework (CARF) under DAC8, effective from January 1, 2026. This will require CASPs to start collecting detailed user data on transactions for mandatory tax reporting, with the first automatic cross-border exchanges of information taking place in 2027. In parallel, the Anti-Money Laundering Authority (AMLA) is expected to roll out detailed AML/CFT guidelines and regulatory technical standards over the same period, further harmonizing obligations. By 2028, all these layered reforms, including MiCa,  will position the EU as one of the world’s most comprehensively regulated and transparent crypto markets, yet at the inevitable cost of accelerated market consolidation and a significantly reduced number of participants.

Anastasia Sakharova

Head of Fintech Compliance at Sumsub

MiCA compliance: A smarter way with Sumsub

As the EU’s MiCA regulation moves into full enforcement and the transitional period ends later in 2026, crypto businesses need an automated compliance infrastructure that can adapt to the evolving European regulatory landscape.

Sumsub helps Crypto-Asset Service Providers (CASPs) meet AML/CFT requirements, including the Travel Rule, as established under AMLD5 and relevant national laws (to be replaced by AMLD6 and the AML Regulation (AMLR) from 10 July 2027), as well as the Transfer of Funds Regulation (TFR).

Our Guide for EU CASPs explains both the legal framework and how Sumsub’s solutions support ongoing compliance in the EU. The guide covers:

💡A clear overview of what MiCA does and does not regulate, including the fact that MiCA itself does not introduce AML/CFT or Travel Rule obligations

💡An explanation of how AML/CFT and Travel Rule requirements instead stem from other EU regulations and directives, particularly AMLD and TFR

💡Straightforward explanations and visual diagrams to clarify CASPs’ regulatory responsibilities

_{Check out the Guide for other explanatory tables}

💡An overview of how Sumsub supports compliance with AML/CFT obligations, including the Travel Rule, under AMLD5 and applicable national legislation:

FAQ

• What is the MiCA regulation?

  The Markets in Crypto-Assets Regulation (MiCA) is the European Union’s first comprehensive legal framework for regulating crypto-assets and related services. It establishes uniform rules across all EU member states for the issuance, public offering, admission to trading, and provision of services related to crypto-assets that are not already covered by existing financial services legislation.

• When does the MiCA regulation come into effect?

  MiCA entered into force in 2023, with a phased rollout. Rules for ARTs and EMTs applied from June 30, 2024, while the full framework for crypto-asset service providers became applicable on December 30, 2024, followed by a transitional period with an EU-wide deadline of July 1, 2026.

• What crypto assets are covered by MiCA?

  MiCA covers crypto-assets not already regulated under existing EU financial laws, including asset-referenced tokens (ARTs), e-money tokens (EMTs), and crypto assets other than ARTs and EMTs (e.g., utility tokens). It does not generally apply to traditional financial instruments, deposits, insurance products, or most non-fungible tokens (NFTs).

• Who needs a MiCA license?

  Any business providing crypto-asset services in the EU, such as exchanges, custodians, brokers, and other services listed above, must obtain authorization as a crypto-asset service provider (CASP) from the national regulator. Token issuers offering crypto-assets to the public or seeking admission to trading may also need authorization, depending on the token type.

• How does MiCA affect crypto exchanges?

  MiCA requires crypto exchanges operating in the EU to obtain CASP authorization, meet capital and governance requirements, and follow conduct-of-business and consumer protection rules. Once authorized, exchanges can passport their services across the EU for activities covered under MiCA.

• What are the MiCA updates in 2025?

  In 2025, ESMA and national regulators focused on implementation, publishing technical standards, Q&As, and supervisory guidance to clarify MiCA obligations.

Become a crypto compliance expert!

Join Sumsub’s free crypto Travel Rule course starting on October 3, 2024. Master compliance with practical insights from industry leaders.

Register now