Home > News and events > FinTech Lawyers: 5 Things You Need to Know About the New EU Markets in Crypto-Assets Regulation (MiCAR)

5 Things You Need to Know About the New EU Markets in Crypto-Assets Regulation (MiCAR)
January 20, 2025 News

Related to

On December 30, 2024, a new European Union crypto-asset regulation, known as MiCAR (Markets in Crypto-Assets Regulation), came into effect. This regulation establishes unified rules for the crypto-asset market and imposes stricter requirements on crypto service providers. Additionally, on July 1, 2024, a new crypto-asset market law came into force in Estonia (krüptovaraturu seadus or KrüTS in Estonian).

Here are five key points that every professional in the crypto-asset and fintech sector should know about these new regulations.

1. New License for Providing Crypto-Asset Services

Providing crypto-asset services now requires a new license. In Estonia, licenses are issued by the Financial Supervisory Authority. Existing Virtual Asset Service Provider (VASP) licenses will become invalid. Companies holding these licenses must apply for a new license by July 1, 2026, if they wish to continue offering crypto services. This new license is also referred to as CASP license (Crypto-Asset Service Provider).

Under the new regulation, a license is required for more services. While previously a license was required mainly for crypto exchange, transfer, storage and organizing token offerings, a license is now required for more services. In summary, a CASP license is required for one or more of the following activities:

  • providing custody and administration of crypto-assets on behalf of clients;
  • operation of a trading platform for crypto-assets;
  • exchange of crypto-assets for funds;
  • exchange of crypto-assets for other crypto-assets;
  • execution of orders for crypto-assets on behalf of clients;
  • placing of crypto-assets;
  • reception and transmission of orders for crypto-assets on behalf of clients;
  • providing advice on crypto-assets;
  • providing portfolio management on crypto-assets;
  • providing transfer services for crypto-assets on behalf of clients.

The scope of the regulation has also expanded to include more types of assets. While earlier laws focused on virtual currencies, MiCAR now governs crypto-assets more broadly (e.g., most NFTs and utility tokens).

Before applying for a license, companies must carefully analyze the services they intend to provide, as these must be specified in the application.

2. Documents Required for the New License

To apply for the new license, a CASP must prepare several documents for submission to the Financial Supervisory Authority (FSA), including:

  1. A business plan outlining the types of crypto-asset services to be provided, along with their marketing methods and locations;
  2. Proof of compliance with prudential safeguards as per MiCAR Article 67;
  3. A description of the governance structure;
  4. Poof that members of the management body of are of sufficiently good repute and possess the appropriate knowledge, skills and experience to manage that provider;
  5. Details of direct or indirect shareholders with significant holdings, including proof of their good reputation;
  6. Internal control mechanisms, policies and procedures to identify, assess and manage risks, including money laundering and terrorist financing risks, and business continuity plan;
  7. Technical documentation of ICT systems and security measures, with a non-technical description;
  8. Procedure for the segregation of clients’ crypto-assets and funds;
  9. Complaints-handling procedures;
  10. Where the applicant crypto-asset service provider intends to provide custody and administration of crypto-assets on behalf of clients, a description of the custody and administration policy;
  11. Where the applicant crypto-asset service provider intends to operate a trading platform for crypto-assets, a description of the operating rules of the trading platform and of the procedure and system to detect market abuse;
  12. Where the applicant crypto-asset service provider intends to exchange crypto-assets for funds or other crypto-assets, a description of the commercial policy, which is non-discriminatory, governing the relationship with clients as well as a description of the methodology for determining the price of the crypto-assets that the applicant crypto-asset service provider proposes to exchange for funds or other crypto-assets;
  13. Where the applicant crypto-asset service provider intends to execute orders for crypto-assets on behalf of clients, a description of the execution policy;
  14. Where the applicant crypto-asset service provider intends to provide advice on crypto-assets or portfolio management of crypto-assets, proof that the natural persons giving advice on behalf of the applicant crypto-asset service provider or managing portfolios on behalf of the applicant crypto-asset service provider have the necessary knowledge and expertise to fulfil their obligations;
  15. Where the applicant crypto-asset service provider intends to provide transfer services for crypto-assets on behalf of clients, information on the manner in which such transfer services will be provided.

3. New Crypto-Asset Categories and ICO Requirements

Under MiCAR, crypto-assets are divided into three categories:

  • Asset-Referenced Tokens (ARTs);
  • E-Money Tokens (EMTs);
  • Other Crypto-Assets (services related to which are provided by CASPs).

Initial Coin Offerings (ICOs) are subject to stricter rules. Depending on the type of crypto issued and other circumstances, requirements may include:

  • Preparing a whitepaper that meets specific criteria;
  • Notifying regulatory authorities of ICO plans;
  • Obtaining a separate license for conducting an ICO.

4. New Cybersecurity Requirements Under DORA

Crypto service providers must comply with the cybersecurity requirements set out in the Digital Operational Resilience Act (DORA). This includes:

  • Robust risk management systems;
  • Effective monitoring by security teams;
  • Regular resilience testing.

The goal of DORA is to ensure fintech companies, including crypto service providers, can handle cybersecurity threats.

5. Consequences of Non-Compliance

Violations of the rules carry serious consequences. Offering services without a license is a criminal offense, and financial penalties can reach up to €15 million. Additionally, regulatory breaches may result in reputational damage and suspension of operations.

How WIDEN Can Help?

WIDEN’s experts have extensive experience advising crypto companies. We have assisted over 30 crypto firms in obtaining licenses and supported more than 50 ICOs. WIDEN can guide companies through the license application process under the new MiCAR regulation. WIDEN can help prepare the necessary documents and represent clients during the licensing procedure.

For assistance, contact our experts.

Watch WIDEN’s video lecture on the new requirements (in English)

main Team members

Rauno Kinkarv
Rauno Kinkar
Partner
Henri Ratnik
Henri Ratnik
Senior Associate
Dan-Erik Roosve
Dan-Erik Roosve
Associate

Other

News & Events Click here

Kuidas valmistuda Tööinspektsiooni järelevalveks?

Employment Law
future
Tööinspektsioon avaldas taas valimi ettevõtetest, keda plaanitakse sel aastal ko...
READ MORE

Seminaras internetu. Reikšmingiausi pokyčiai darbo teisėje 2024-2025 m. Ką svarbu žinoti?

Employment Law
future
Seminare aptariami klausimai: Naujieji Darbo kodekso pakeitimai (Mantas Mikalopa...
READ MORE

Catch up on Baltic legal insights. Stay informed with our newsletter.

About WIDEN LEGAL

LEARN MORE

WIDEN is a full-service Baltic law firm that prides itself on providing clients with legal counsel focused on client experience. This means focusing on the client – delivering counsel that is practical and spoken in business terms rather than mere legalese.

Widen consultation

Trusted by

decathlon
Ryanair
delfi
norstat
rietumu_banka
hanza
foxway

© 2024 Widen Legal. All rights reserved

widen logo