Rob Behnke
June 29th, 2023
In 2020, the European Union (EU) created a Digital Finance Package (DFP) designed to mature and enhance the EU’s financial industry. This Digital Finance Package currently consists of a few different documents, including a Digital Finance Strategy, the Digital Operational Resilience Act (DORA), and the Markets in Crypto Assets (MiCA) directive.
MiCA is a relatively new addition to the package and is expected to become law in July 2023. Parts of the law would take effect a year later, in July 2024, with the full regulation going into effect by January 2025.
The primary purpose of MiCA is to clarify how crypto assets will be regulated within the EU. The lack of regulatory clarity is one of the biggest challenges facing the crypto space, and MiCA was intended to make regulatory responsibilities clear in a way that promoted additional innovation in the space.
Prior to the development of MiCA, crypto assets were generally treated as securities under EU law. However, the restrictions that this placed on these assets predated the emergence of the blockchain and crypto assets. To encourage innovation while providing regulatory protection, the EU developed MiCA to tailor laws and requirements to the unique needs of the crypto space.
MiCA will likely be generally applicable to any company that provides services in the crypto asset space. This includes organizations that issue tokens, support trading, or otherwise provide services related to crypto assets.
Affected individuals and companies include:
Exchanges
Trading platforms
Professional traders
Advisors and portfolio managers
Custody providers
Transfer service providers
The overarching goal of MiCA is to allow the space to innovate more than it could under previous rules while still providing protection to investors. For example, MiCA will implement common restrictions against actions that are illegal in traditional finance (TradFi), such as insider trading or frontrunning.
One of the key aspects of MiCA is that it is focused on fungible tokens, not NFTs. In general, if a token is used to track ownership of something on the blockchain rather than acting as a financial instrument, then the law doesn’t apply.
However, the EU has left itself wiggle room to regulate these assets in the future even though they are not covered in the existing law. For example, NFTs issued in large collections — like Bored Apes and similar NFTs — may be treated more like a fungible asset since their presence in the collection indicates some level of interchangeability between them.
The exact requirements of MiCA have not yet been nailed down since the law has not been passed. However, some of the proposed — and likely — requirements that the law may place on crypto asset service providers include:
Increased disclosure obligations
Anti-money laundering (AML) protections
Adequate cyber and data security
Minimum amount of funds held by the business
Creation of a whitepaper for any new crypto asset
Stablecoin issuers must keep reserves matching liabilities
Registration with regulators (in some cases)
MiCA is expected to go into law in July 2023. At this point, the full provisions and requirements of the law will be set, enabling crypto asset service providers to develop strategies for achieving compliance with the new requirements. Since the law is expected to go into full effect 18 months later — and some provisions will be enforced even earlier — crypto asset service providers will need to start working immediately to achieve compliance.
One of the key aspects of MiCA is a requirement that providers protect themselves and their customers against various risks, including those to cybersecurity, data security, and financial security. For help in ensuring that your project’s cyber defenses meet MiCA’s requirements, get in touch with Halborn.