MiCA Compliance Guide: What Crypto Businesses Need to Know in 2026

The Markets in Crypto-Assets Regulation (MiCA) represents the most comprehensive regulatory framework for digital assets ever enacted. Adopted by the European Parliament in April 2023 and now fully in force since December 30, 2024, MiCA establishes a harmonized set of rules across all 27 EU member states for crypto-asset service providers (CASPs), token issuers, and stablecoin operators. For crypto businesses operating in or serving clients within the EU, MiCA compliance is no longer optional — it is a legal requirement.

Unlike the patchwork of national regulations that preceded it, MiCA provides a single EU-wide authorization regime. A CASP licensed in one member state can passport its services across the entire European Economic Area. This is a significant opportunity for compliant businesses, but the requirements are substantial. This guide breaks down what you need to know, from licensing to AML obligations to token issuance rules, and how to operationalize compliance efficiently.

MiCA Timeline and Scope

MiCA was implemented in two phases. Title III and Title IV, covering asset-referenced tokens (ARTs) and e-money tokens (EMTs) — commonly referred to as stablecoins — took effect on June 30, 2024. The remaining provisions, including the CASP licensing regime under Title V, became applicable on December 30, 2024. As of 2026, the regulation is fully enforceable, and national competent authorities (NCAs) across Europe are actively processing applications and conducting supervisory reviews.

The scope of MiCA is broad. It covers:

• Crypto-assets that are not already regulated as financial instruments, deposits, or securitization positions under existing EU law (MiFID II, EMD2, etc.)
• Asset-referenced tokens (ARTs) — tokens that maintain a stable value by referencing multiple currencies, commodities, or other assets (Article 3(1)(6))
• E-money tokens (EMTs) — tokens that reference a single fiat currency (Article 3(1)(7)), essentially crypto-native stablecoins like USDC or EURC
• Utility tokens — tokens that provide access to a good or service on a blockchain network
• Crypto-asset service providers (CASPs) — entities providing custody, exchange, trading, advisory, portfolio management, or transfer services for crypto-assets

Notably, MiCA explicitly excludes NFTs that are truly unique and non-fungible, DeFi protocols that are fully decentralized with no identifiable issuer, and CBDCs. However, the European Securities and Markets Authority (ESMA) has indicated it will assess whether certain NFT collections with fungible characteristics fall within scope.

CASP Licensing Requirements

Under Title V of MiCA (Articles 59–74), any entity providing crypto-asset services within the EU must obtain authorization from the NCA in its home member state. The authorization process is rigorous and designed to ensure that CASPs meet the same governance, capital, and operational standards expected of traditional financial institutions.

What CASPs Must Demonstrate

• Legal entity with EU presence: The applicant must be a legal person established in an EU member state with a registered office and effective management in the EU (Article 59(1)).
• Minimum capital requirements: Depending on the services provided, CASPs must maintain permanent minimum capital ranging from €50,000 (for advisory services) to €150,000 (for exchanges and trading platforms). These are set out in Article 67.
• Governance and fit-and-proper tests: Management body members must demonstrate good repute, sufficient knowledge, and experience. Shareholders with qualifying holdings are subject to assessment (Articles 62–64).
• Operational resilience: CASPs must implement ICT risk management frameworks aligned with DORA (Digital Operational Resilience Act), including business continuity plans, incident reporting, and third-party risk management.
• Client asset segregation: CASPs providing custody must hold client crypto-assets separately from their own, with clear record-keeping of individual entitlements (Article 70).
• Complaint handling procedures: Free, transparent processes for addressing client complaints, with decisions delivered within a reasonable timeframe.

NCAs have up to 40 working days to assess a complete application (Article 63). The transitional period allowed existing nationally-licensed CASPs to continue operating until July 1, 2026, but several member states have opted for shorter transition windows. Firms that have not yet applied should treat licensing as an immediate priority.

AML/KYC Obligations Under MiCA

MiCA operates in conjunction with the EU's Anti-Money Laundering framework, particularly the Transfer of Funds Regulation (TFR) recast (Regulation 2023/1113), which extends the FATF Travel Rule to crypto-asset transfers. Together, these regulations create one of the most demanding AML regimes in the world for crypto businesses.

Customer Due Diligence (CDD)

CASPs must apply customer due diligence measures before establishing a business relationship or carrying out occasional transactions above €1,000. This includes verifying the identity of the customer and, where applicable, the beneficial owner. Enhanced due diligence (EDD) is required for higher-risk scenarios, including transactions involving non-compliant jurisdictions identified by the FATF or the European Commission.

Transaction Monitoring and Suspicious Activity Reporting

CASPs are obliged to implement real-time transaction monitoring systems capable of detecting patterns indicative of money laundering, terrorist financing, or sanctions evasion. This includes monitoring for structuring, rapid movement of funds, interactions with high-risk wallets, and exposure to mixing services or sanctioned addresses. Suspicious transactions must be reported to the relevant Financial Intelligence Unit (FIU) without delay.

The Travel Rule (TFR)

Under the recast TFR, CASPs must collect and transmit originator and beneficiary information for all crypto-asset transfers, regardless of amount. This is stricter than the FATF's recommended €1,000 threshold and applies to both CASP-to-CASP transfers and transfers to/from self-hosted (unhosted) wallets. For transfers exceeding €1,000 involving self-hosted wallets, CASPs must verify the ownership of the wallet through reliable and independent means. This has significant implications for operational workflows and requires robust blockchain analytics capabilities.

Token Issuer Requirements

MiCA introduces detailed requirements for entities issuing crypto-assets to the public or seeking admission to trading. The obligations vary by token type, with the most stringent requirements reserved for stablecoins.

Crypto-Asset Whitepapers

Any issuer offering a crypto-asset to the public must publish a crypto-asset whitepaper (Article 6) containing mandatory disclosures: a description of the project and the issuer, the rights and obligations attached to the token, the underlying technology, the risks involved, and the environmental impact of the consensus mechanism. The whitepaper must be notified to the NCA at least 20 working days before publication. Importantly, the issuer is liable for the completeness and accuracy of the information disclosed.

Stablecoin Reserve Requirements

Issuers of asset-referenced tokens (ARTs) must be authorized by an NCA and maintain a reserve of assets backing the token at all times (Articles 32–36). The reserve must be held in custody by independent third parties, be segregated from the issuer's own assets, and be invested only in highly liquid, low-risk instruments. Issuers must also grant holders a permanent right of redemption at market value.

For e-money tokens (EMTs), issuers must be authorized as either a credit institution or an electronic money institution under EMD2 (Article 48). EMT holders must be granted a claim against the issuer at par value at any time. At least 30% of funds received must be deposited in separate accounts at credit institutions, with the remainder invested in secure, low-risk assets.

Tokens classified as "significant" — those exceeding thresholds for market capitalization, transaction volume, or number of holders — face additional requirements and direct supervision by the European Banking Authority (EBA) rather than the home NCA (Articles 43–44).

How BlockchainAnalysis Helps with MiCA Compliance

Meeting MiCA's requirements demands more than policy documents. Regulators expect CASPs to demonstrate effective, technology-driven compliance programs with real-time monitoring capabilities. BlockchainAnalysis provides the infrastructure to operationalize these requirements.

Wallet Screening and Risk Scoring

Our wallet screening engine analyzes addresses across 52 blockchains against a database of over 621 million labeled entities and 4.2 billion verified addresses. Every wallet is assessed for sanctions exposure, darknet market interactions, mixer usage, fraud associations, and connections to known illicit actors. This directly supports the transaction monitoring and self-hosted wallet verification requirements under MiCA and the TFR.

Sanctions and PEP Screening

Our name screening module checks customers and counterparties against OFAC SDN, EU consolidated sanctions lists, UN sanctions, and PEP databases covering over 44 million screening entities from 297+ global sources. Fuzzy matching algorithms account for transliterations, aliases, and name variations — critical for meeting the CDD and EDD obligations that MiCA and AMLD6 demand.

Corporate Risk and UBO Analysis

MiCA requires CASPs to understand their corporate clients, including identifying ultimate beneficial owners (UBOs) and assessing corporate structures for risk. Our corporate risk engine draws on 59 million company records across 318 jurisdictions, 14.3 million Persons with Significant Control entries, and 467,000 LEI-based ownership relationships to map corporate hierarchies, flag complex or opaque ownership structures, and identify connections to sanctioned or high-risk entities.

Continuous Monitoring and Audit Trails

Compliance is not a one-time check. MiCA expects ongoing monitoring of customer relationships and transaction activity. BlockchainAnalysis provides continuous screening capabilities with detailed audit logs, exportable reports, and timestamped records of every check performed — exactly what regulators and auditors need during supervisory reviews.