MiCA: Cryptocurrency Regulation in Europe
- As of July 1 of this year, all crypto services in the EU are required to hold a CASP license under the MiCA regulation; operating without authorization constitutes a violation of European law, potentially resulting in fines and the suspension of operations.
- A CASP license obtained in one EU country automatically grants the right to operate across all 27 member states via the "passporting" mechanism, providing access to a single market of 450 million consumers.
- Minimum capital requirements vary by service type, ranging from €50,000 for basic services to €150,000 for exchanges and platforms utilizing order books.
- Companies must maintain a genuine physical presence in the EU, including an office and at least one director who is an EU resident; "nominee" structures lacking economic substance will not pass regulatory scrutiny.
- The regulation applies to stablecoin issuers, exchanges, custodial services, brokerage platforms, and any company providing crypto-asset services to EU-based clients.
- For entrepreneurs from Russia and the CIS, Lithuania, Estonia, and Cyprus are emerging as optimal jurisdictions due to their clear procedures, reasonable costs, and welcoming attitude toward international business owners.
What is MiCA regulation and why does it matter?
The Markets in Crypto-Assets Regulation (MiCA) is the world's first comprehensive legislative act establishing unified rules for the cryptocurrency market across an entire continent. It is not merely a set of recommendations but a binding regulation that applies directly in all EU member states, without the need for transposition into national law.
The regulation came into effect in stages. The initial provisions took effect in June of last year, while the core requirements for crypto-asset service providers became mandatory on December 30, 2024. The transition period for existing companies concludes on July 1 of this year; after this date, operating without a license constitutes a direct violation of European law.
Prior to MiCA, each EU country regulated crypto businesses according to its own rules. Estonia had one set of requirements, Malta another, and Cyprus a third. Companies had to obtain separate permits in every jurisdiction where they wished to operate. Now, the system is unified: a single license grants access to the entire European market.
Who is affected by MiCA regulations
The regulation applies to two main categories of participants: crypto-asset issuers and crypto-asset service providers. The first group includes companies that issue tokens, stablecoins, or any other digital assets for public offering. The second group comprises exchanges, custodians, brokers, trading platforms, and trading venue operators.
If your company is registered outside the EU but offers services to clients in European countries, MiCA applies to you as well. Regulators have made it clear: the geographic location of the headquarters does not matter; what counts is where the clients are located. Serving European users without a license is now illegal.
Exceptions are minimal. MiCA does not apply to fully decentralized protocols lacking a central governing body; however, in practice, most projects involve foundations, development companies, or other structures that fall under the regulation. Regulators closely examine a project's actual structure rather than relying solely on formal claims of decentralization.
Main categories of crypto-assets under MiCA
The regulation classifies crypto-assets into three types. The first is utility tokens, which provide access to goods or services within a project's ecosystem. The second is asset-referenced tokens, backed by a basket of assets or other forms of value. The third is e-money tokens—electronic money pegged to a single fiat currency.
Specific requirements apply to each category. E-money tokens are subject to the strictest regulation, as they are treated as electronic money under existing European law. Issuers of such tokens must obtain an EMI license and comply with strict reserve requirements: a minimum of 30% held in deposits with central banks or reliable credit institutions.
Asset-referenced tokens are also subject to strict oversight. The issuer is required to publish a white paper detailing the backing assets, the stabilization mechanism, and associated risks. If such a token becomes significant—meaning the issuance volume exceeds €5 billion or the number of holders surpasses 10 million—regulatory requirements become even more stringent.
CASP License Requirements
The Crypto-Asset Service Provider (CASP) license is the key authorization for operating in the European crypto market. Without this license, it is illegal to provide services to EU clients—such as accepting deposits, exchanging cryptocurrencies, safeguarding client assets, or operating trading platforms.
The licensing process takes between three and nine months, depending on the jurisdiction and the complexity of the business model. Regulators scrutinize everything: founders, directors, sources of funding, the business plan, technological infrastructure, AML and KYC policies, and procedures for safeguarding client assets.
The license is not granted indefinitely. Regulators exercise ongoing supervision, request reports, and may initiate ad-hoc inspections. Non-compliance can lead to fines, as well as the suspension or revocation of the license. Therefore, it is crucial not only to obtain the authorization but also to establish robust compliance processes.
Capital and Financial Stability Requirements
Minimum capital requirements depend on the type of services provided. Basic operations, such as advisory services or order transmission, require €50,000. Safeguarding client assets requires €125,000. Operating an exchange or a platform with an order book requires €150,000.
These funds must be actually deposited and verified via bank statements; nominal capital "on paper" is insufficient. Regulators require proof of the origin of funds, including the source of the money, the identity of the investor, and the legitimacy of funding sources.
In addition to initial capital, the company must maintain operational reserves. The amount is calculated as a percentage of annual operating expenses or the volume of client assets under management. While the formulas are complex and depend on the specific services offered, the underlying principle is simple: the company must always maintain a financial buffer to handle potential issues.
Organizational and Technological Requirements
The company must have a clear management structure with a defined segregation of responsibilities. At least one director must be an EU resident and physically present in the jurisdiction of registration for sufficient time to make management decisions. Nominee directors who merely sign documents do not suffice.
A robust IT infrastructure is required, featuring protection against hacking, backup systems, and disaster recovery plans. Regulators scrutinize technological security with particular care, given the history of crypto exchange hacks and the loss of client funds.
Client assets must be held separately from the company’s own funds. Segregation is mandatory and subject to daily verification. If you accept fiat currency from clients, it must be deposited with a commercial bank or the central bank no later than the next business day. Using client funds for the company's own operations is strictly prohibited.
Choosing a Jurisdiction for a MiCA License
While a license obtained in any EU country technically grants access to the entire market, practice reveals significant differences. Lithuania, Estonia, Cyprus, Ireland, and Malta have emerged as leaders thanks to clear procedures, experience in dealing with crypto businesses, and reasonable licensing costs.
Lithuania has historically been attractive to crypto companies. The local regulator, the Bank of Lithuania, has accumulated extensive industry experience; procedures are well-established, and timelines are predictable. Licensing costs here are lower than in major financial hubs like Germany or France, yet the jurisdiction maintains a strong reputation.
Estonia offers fully digitized processes. Its e-Residency program enables remote company management and online interaction with the regulator. This is a convenient option for IT entrepreneurs from Russia and the CIS, especially considering the country's advanced technology ecosystem.
Cyprus as a Jurisdiction for Crypto Business
Cyprus has long established a strong reputation in the financial sector. The local regulator, CySEC, oversees not only crypto assets but also forex brokers and investment firms, providing it with deep expertise in complex financial products. The licensing process is well-documented, and Russian-speaking specialists and consultants are available.
Cyprus boasts one of the most favorable tax systems in the EU, featuring a 12.5% corporate tax rate, an extensive network of double taxation avoidance treaties, and—under certain conditions—an exemption from dividend tax for non-residents. This offers a significant advantage for crypto businesses with international operations.
The banking infrastructure is well-developed. Although opening a corporate account for a crypto business requires time and rigorous compliance checks, local banks have experience working with the industry. An alternative is to use European fintech platforms and payment institutions, which are more willing to partner with licensed Crypto-Asset Service Providers (CASPs).
Lithuania and Estonia: Rapid Licensing
Lithuania stands out for its speed and predictability. The regulator publishes clear guidelines for each stage, answers questions, and provides consultations to applicants. For companies prioritizing a quick market entry, it is an optimal choice. The total cost of the process—including legal support, document preparation, and government fees—ranges from €25,000 to €40,000.
Estonia attracts businesses with minimal bureaucratic hurdles and full digitalization. Company registration takes just days, and interaction with the regulator occurs via secure electronic portals. The local crypto ecosystem is vibrant, featuring dozens of licensed companies, industry conferences, and professional associations.
Both jurisdictions are part of the Eurozone, simplifying operations with European banks and payment systems. Political stability, NATO and EU membership, and transparent legislation are key factors for long-term business planning.
Expert Opinion:
Dmitry Sokolov, specialist in international licensing for fintech and crypto companies:
"MiCA has fundamentally transformed the European crypto market landscape. The days of serving European clients through an offshore structure devoid of genuine regulation are over. A full license and a tangible presence within the EU are now required.
Many entrepreneurs mistakenly believe that registering a company in the Seychelles or the BVI and using it to operate in Europe is sufficient. That approach no longer works. European regulators are actively blocking unlicensed platforms, banks are closing accounts, and payment systems are refusing service.
The right strategy is to obtain a CASP license in a suitable European jurisdiction and establish high-standard compliance processes." Yes, this is more expensive and complex than a standard offshore registration, but it grants access to a legitimate market of 450 million consumers and enables you to work with banks and attract institutional investors.
It is crucial for Russian entrepreneurs to understand that while owning a crypto business from Russia is not prohibited, the structure must be set up correctly. A European company requires genuine substance—such as an office, a resident director, and local staff. Simple nominee arrangements will not pass regulatory scrutiny.
We often recommend hybrid structures: a European operating company holding a CASP license for EU operations, combined with a holding company in a tax-friendly jurisdiction like the UAE to optimize dividend payouts. This approach is legal, transparent, and tax-efficient".
Stablecoins under MiCA regulation
Stablecoins have come under intense regulatory scrutiny. These tokens, pegged to fiat currencies or baskets of assets, are used for settlements, trading, and fund transfers. Their combined market capitalization exceeds $150 billion, making them systemically important for financial stability.
Under the new rules, issuers of euro-pegged stablecoins must obtain an Electronic Money Institution (EMI) license. The requirements are stringent: reserves must cover the full issuance amount—with at least 30% held in central bank deposits or with reliable credit institutions—and issuers are subject to daily reporting and independent audits.
Circle, the issuer of USDC and EURC, has secured the necessary authorizations and continues to operate in the European market. Tether, however, has faced challenges with its USDT token. The company has criticized the requirement to hold 60% of reserves in bank deposits, viewing it as a concentration risk. Consequently, most European exchanges have delisted USDT for retail users or restricted access to it.
Reserve and transparency requirements
An issuer of e-money tokens is required to maintain reserves equal to the volume of tokens in circulation. These reserves must be segregated from the company’s own assets and remain available for token redemption at any time. Reserve funds may only be invested in highly secure, low-risk instruments.
Transparency is mandatory. Before the offering begins, the issuer must publish a white paper disclosing the token's operational mechanism, reserve structure, holder rights, and redemption procedures. Post-launch, regular reporting is required: quarterly for smaller issuers and monthly for larger ones.
An independent audit of the reserves must be conducted annually, with the results made public. If discrepancies between declared and actual reserves are identified, the regulator may suspend issuance, demand corrective actions, or revoke the license. H3 Restrictions on Significant-Scale Stablecoins
If a stablecoin grows too large—exceeding a market capitalization of €5 billion or 10 million holders—it is classified as "significant." Additional restrictions apply to such tokens, including higher capital requirements for the issuer, more frequent reporting, and the potential for regulatory intervention in the issuance mechanism.
Regulators are concerned that mass redemptions of a large stablecoin could strain the banking system. Consequently, limits on daily transaction volumes within the EU are imposed on significant tokens. If demand exceeds established thresholds, the issuer is required to limit issuance or alter its reserve structure.
In practice, this makes it difficult for one or two stablecoins to dominate the European market. Regulators encourage competition and diversity to mitigate systemic risks. For new projects, this presents an opportunity to carve out a niche by offering a product that meets the transparency and reliability standards expected in a regulated market.
Taxation and Information Exchange
MiCA does not directly regulate taxation; that remains the purview of national laws and other EU directives. However, the regulation establishes an infrastructure for the automatic exchange of tax information between countries. Since the beginning of this year, the DAC8 directive has been in effect, requiring crypto service providers to report client data to tax authorities.
Information is transmitted in accordance with the Crypto-Asset Reporting Framework (CARF) developed by the OECD. Platforms report user balances, transaction volumes, payment recipients, and asset acquisition and sale prices. This data is automatically forwarded to the country of the client's tax residence.
For users, this marks the end of anonymity. If you are a Russian citizen trading cryptocurrency on a European exchange, information regarding your transactions will be transmitted to the Russian tax authorities. Declaring income will become mandatory, and tax evasion will be detected automatically. H3 Taxation of Crypto Businesses Across Jurisdictions
Corporate tax rates vary. In Cyprus and Ireland, the rate is 12.5%, while in Lithuania it is 15%. Estonia employs a unique model: tax is payable not when profit is generated, but upon the distribution of dividends, allowing earnings to be reinvested without immediate taxation.
VAT is generally not applied to crypto services, thanks to a European Court ruling that equated cryptocurrency exchange with currency exchange—a transaction exempt from VAT. However, certain services—such as consulting, software development, and marketing—are subject to VAT at standard rates ranging from 19% to 25%, depending on the country.
For business owners, dividend taxes are just as important as corporate tax rates. Many EU countries levy withholding tax on dividends paid to non-residents. The rate depends on the existence of double taxation avoidance agreements between the company's jurisdiction and the owner's country of residence. Proper structuring using holding companies allows these costs to be legally minimized.
Personal tax obligations of owners
Owning a European crypto company does not exempt you from taxes in your country of personal residence. If you live in Russia for more than 183 days a year, you remain a Russian tax resident and are required to declare your worldwide income, including dividends from the European company.
Some entrepreneurs relocate their tax residence to more favorable jurisdictions. The UAE, Portugal, Georgia, and Montenegro offer residency programs for investors and entrepreneurs featuring low or zero income tax. While this is a legal method of tax optimization, it requires actually moving to and living in the new country.
It is important to understand that obtaining residency on paper without actually living there does not work. Tax authorities examine the "center of vital interests": where your family and real estate are located, where the business is managed, and where you spend the majority of your time. Sham residency is easily challenged and leads to additional tax assessments and penalties.
Practical aspects of operating under MiCA
Obtaining a license is just the beginning. Next comes ongoing compliance maintenance: updating AML policies, transaction monitoring, regulatory reporting, staff training, and security system audits. Many companies underestimate the operational costs of compliance.
A typical compliance budget for a small licensed exchange ranges from €100,000 to €200,000 per year. This covers the salaries of a compliance officer and an AML specialist, subscriptions to transaction monitoring systems, external audit services, legal advice, and liability insurance.
For startups, this represents a significant burden. Consequently, some opt for a white-label model: purchasing a ready-made technology platform from a licensed provider and operating under that provider's license as a partner. This approach is faster and cheaper but limits control over the product and the client base.
Opening bank accounts
Even with a CASP license, opening a corporate bank account remains a challenge. Banks remain cautious about crypto businesses due to money laundering risks. You will be required to provide a detailed business plan, descriptions of client revenue sources, KYC and AML policies, proof of licensure, financial projections, and CVs of key personnel.
The process takes between one and three months. Some banks may refuse without explanation. Alternatives include fintech platforms and payment institutions such as Paysera, Revolut Business, and Wise. While more open to crypto companies, they often impose transaction limits and may not be suitable for high-volume operations.
Having a local resident director and a physical office increases the chances of opening an account. Banks look for "substance": where decisions are made, where staff work, and how processes are organized. A greater physical presence in the jurisdiction fosters greater trust.
Working with clients from third countries
A CASP license authorizes operations with EU clients. Serving users from other countries is not formally prohibited but creates additional compliance risks. A significant client base from Russia, the USA, or China will attract regulatory scrutiny.
Some jurisdictions require a majority of clients to be European; otherwise, the rationale for holding a European license may be questioned. Regulators may suspect the company is using the EU as a front to operate in markets where crypto business is banned or restricted.
The correct approach is to segment the client base and apply enhanced due diligence to users from high-risk jurisdictions. This entails stricter identity verification, source-of-funds checks, and transaction monitoring. Some companies mitigate risk by excluding specific countries from their list of served territories entirely.
Licensing and maintenance costs
The total cost of obtaining a CASP license comprises several components. Government fees are relatively low, ranging from €2,000 to €5,000 depending on the jurisdiction. Key expenses include legal services, the preparation of documentation (such as business plans and compliance policies), and IT system setup.
Engaging professional consultants costs between €20,000 and €50,000. Attempts to cut costs by preparing documents in-house usually fail; regulators often reject applications due to incomplete information, improper document structure, or non-compliance with requirements. The need to redo the work prolongs the process and ultimately results in higher costs.
Share capital ranges from €50,000 to €150,000; the cost for a registered address and office space is €5,000–€15,000 per year; and the salary for a local director is €30,000–€60,000 per year. In total, initial investments amount to €150,000–€300,000, with annual operating expenses of €80,000–€150,000.
Cost Comparison of Jurisdictions
Lithuania is the most cost-effective option. The full licensing cycle, including legal support, costs between €25,000 and €35,000, with annual operating expenses of €60,000–€80,000. Local salaries are lower than in Western Europe and office rent is more affordable, yet the quality of services remains high.
Estonia is slightly more expensive: licensing costs range from €30,000 to €40,000, with annual maintenance at €70,000–€90,000. However, the advantages of digitalization and the ease of remote company management may outweigh the price difference.
Cyprus and Ireland are more expensive: obtaining a license costs €40,000–€60,000, and annual maintenance runs €100,000–€130,000. In return, they offer more developed financial infrastructure, greater experience with institutional clients, and easier access to investment.
Alternative: Purchasing a Ready-Made Licensed Company
Some providers offer ready-made companies that already hold a CASP license. This is faster: instead of a nine-month licensing process, the transfer of ownership takes just one or two months. The cost of such a ready-made structure ranges from €150,000 to €300,000, depending on the jurisdiction and the scope of work already completed.
There are risks involved, however. You must thoroughly vet the company's history for any past violations, client complaints, or regulatory issues. A change of ownership requires regulatory approval, involving a review of the new beneficial owners; if there are concerns regarding reputation, approval may be denied.
Another alternative is partnering with an existing licensed company. You provide the technology, client base, or capital, while the partner provides the license and infrastructure. Such arrangements require clear agreements and proper legal structuring, but they allow for a quick market entry with lower initial investment.
The Future of Regulation: What Awaits the Crypto Market
Regulators are already discussing MiCA 2.0. The initial version of the regulation was drafted several years ago, when the market looked very different. DeFi protocols, NFTs, new types of stablecoins, and algorithmic tokens are all evolving faster than legislation can keep pace.
The European Commission has announced plans to launch public consultations on updating the regulation. The focus is on decentralized finance (DeFi), which currently occupies a regulatory gray area. Regulators want to determine how to apply requirements to protocols that lack a central governing body and how to protect DeFi users from risks.
Another key issue is how these rules interact with regulations in other jurisdictions. The US has adopted its own stablecoin legislation, the UK is developing post-Brexit rules, and Asian countries are moving in various directions. This fragmentation creates challenges for global companies, which must comply with a multitude of different requirements simultaneously.
Impact on decentralized protocols
Technically, MiCA does not apply to fully decentralized systems. In practice, however, the line between centralized and decentralized is blurred. Most DeFi projects have foundations, development teams, and governance tokens. Regulators take the view that if an entity controls a protocol or profits from its operation, that entity should be held accountable.
Some projects have already begun to adapt. They are establishing legal entities within the EU, obtaining licenses, and implementing KYC procedures for users. While this runs counter to the original ethos of decentralization, it enables them to operate legally and attract institutional investors.
Other projects are exiting the European market and blocking access for EU users. Although this is easier than complying with regulations, it means losing access to a major market. The long-term outlook remains unclear: either DeFi will find a way to comply with regulations while maintaining decentralization, or the sector will split into compliant and "shadow" segments.
Global regulatory coordination
The OECD and other international organizations are working on global standards for crypto-assets. The goal is to establish uniform rules that countries can implement domestically, thereby avoiding regulatory arbitrage. If Europe mandates strict KYC procedures while a neighboring jurisdiction permits anonymous transactions, capital will flow to where the regulations are more lenient.
In practice, global coordination is proceeding slowly. Countries have differing priorities: some view cryptocurrencies as a threat to financial stability, while others see an opportunity to attract innovation and investment. China has banned cryptocurrencies entirely, whereas El Salvador has made Bitcoin legal tender.
For businesses, this necessitates flexibility. Corporate structures must adapt to legislative changes, possess the ability to rapidly relocate operations between jurisdictions, and diversify risk. Relying on a single country is risky, as regulations can change at any moment.
Hybrid structures for crypto businesses
An optimal setup often involves multiple tiers. A European operating company holding a CASP license handles client relations, payment processing, and service delivery. Meanwhile, a holding company based in a tax-friendly jurisdiction owns shares in the operating entity and receives dividends.
The UAE has emerged as a popular choice for holding structures, offering zero tax on profits and dividends, no currency controls, a sophisticated banking system, and political stability. Many crypto entrepreneurs are also relocating their personal residency to Dubai to secure additional tax benefits.
Switzerland is an ideal location for companies that prioritize reputation and access to traditional financial markets. Despite their conservative nature, Swiss banks have begun working with licensed crypto firms. Including a Swiss entity in the corporate structure boosts confidence among institutional investors.
Legal aspects of multi-tiered structures
A multi-tiered structure must have a sound economic rationale. Each company in the chain must perform genuine functions—such as providing services, managing assets, or holding intellectual property. Artificial arrangements lacking a legitimate business purpose are easily challenged by tax authorities.
Intra-group pricing (transfer pricing) requires proper documentation. If a European operating company pays royalties to the holding company for technology usage, the payment amounts must align with market rates. Inflated royalties intended to shift profits out of a high-tax jurisdiction will trigger scrutiny.
Beneficial ownership transparency is mandatory. European regulators require the disclosure of a company's ultimate owners; using nominee structures to conceal beneficial owners is no longer effective. Information is automatically exchanged between tax authorities across different countries in compliance with CRS and FATCA standards.
Personal residency and structure management
The business owner's place of residence is a key factor. Managing a company from the country where you are a tax resident can lead to the company being deemed a tax resident of that country, regardless of its place of incorporation. This concept is known as the "place of effective management."
If you reside in Russia and manage a European crypto company from there—making strategic decisions and holding meetings with partners—Russian tax authorities may classify the company as a Russian tax resident. In that case, profits would be taxed under Russian rules, negating the benefits of the European structure.
The right solution is either to appoint independent directors in Europe who have genuine decision-making authority or to relocate yourself to a tax-friendly jurisdiction and manage the business from there. The second option is preferable, as it ensures full control, though it requires a willingness to relocate.