Does MiCA Apply to Your Crypto Project?
Back to blog
MiCA

Does MiCA Apply to Your Crypto Project? Decision Framework

The Markets in Crypto-Assets Regulation (MiCA) is the most ambitious crypto framework ever enacted. But does it actually apply to your project? Most founders don't need to read all 149 articles of Regulation (EU) 2023/1114 to find out. This decision framework gets you to a clear answer in five minutes.

By Compliora AI Team April 04, 2026 12 min read
Contents
  1. What MiCA actually regulates
  2. The three-question applicability test
  3. Question 1 — Is your asset a crypto-asset?
  4. Question 2 — Are you offering to the EU?
  5. Question 3 — Which MiCA regime applies?
  6. Decision matrix for common project types
  7. Common misunderstandings that trip up founders
  8. Consequences of getting MiCA wrong
  9. What to do next

What MiCA actually regulates

MiCA — short for Markets in Crypto-Assets Regulation, formally known as Regulation (EU) 2023/1114 — is the European Union's unified framework for regulating crypto-assets that fall outside traditional financial services law. It entered into full application on 30 December 2024, replacing the patchwork of national crypto regimes that had previously governed crypto activity in the EU.

Before MiCA, each EU Member State had its own approach to crypto regulation. Germany required BaFin registration for custody. France had PSAN registration. Malta had its VFA framework. A crypto exchange operating across Europe had to navigate 27 different regulatory regimes. MiCA replaces all of that with a single rulebook.

But MiCA is not a law about "crypto" in the broad sense. It regulates three specific things:

  • Public offerings of crypto-assets in the EU (Title II and Title III)
  • Issuance of certain categories of stablecoins — asset-referenced tokens (ARTs) and e-money tokens (EMTs) (Title III and Title IV)
  • Provision of crypto-asset services to EU clients — the activities performed by crypto-asset service providers or CASPs (Title V)

If your activity doesn't fit into one of these three buckets, MiCA doesn't apply to you — regardless of how crypto-adjacent your product feels. This is the single most common mistake founders make: assuming that because their project involves blockchain or tokens, MiCA automatically applies.

Context: MiCA is a Regulation, not a Directive. This means it applies directly across all 27 EU Member States without requiring national transposition. A rule in MiCA applies the same way in Berlin, Madrid, Dublin, and Warsaw from day one.

The three-question applicability test

Before diving into article-by-article analysis, every crypto founder should ask three filtering questions. If the answer to any of them is "no," MiCA likely doesn't apply to that specific activity.

  1. Does your project involve a crypto-asset as defined in MiCA?
  2. Are you offering that crypto-asset — or providing related services — to persons in the EU?
  3. Does your activity fall within one of MiCA's three regulated areas (offerings, stablecoin issuance, or crypto-asset services)?

Each question has nuances that we'll unpack below. But this three-step filter eliminates 80% of false alarms: most founders who worry about MiCA find out that either their asset isn't a crypto-asset under MiCA's definition, or they're not offering to EU residents, or their activity isn't a regulated one.

Question 1 — Is your asset a crypto-asset under MiCA?

This is where MiCA's scope actually lives. The definition in Article 3(1)(5) MiCA is deliberately broad:

A 'crypto-asset' means a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology.

— Article 3(1)(5), Regulation (EU) 2023/1114

At first glance this seems to cover everything blockchain-related. And in principle, almost anything on a public ledger would technically fit — Bitcoin, Ethereum, ERC-20 tokens, Solana SPL tokens, NFTs, stablecoins, governance tokens, utility tokens. But MiCA carves out several critical exclusions that shrink the practical scope significantly.

What's excluded from MiCA

Under Article 2 MiCA, the following are outside MiCA's scope:

  • Financial instruments under MiFID II — If your token qualifies as a transferable security, a money-market instrument, or derivatives under MiFID II, MiCA does not apply. Instead, MiFID II and the Prospectus Regulation apply. This is critical for security tokens.
  • Deposits as defined in the Deposit Guarantee Schemes Directive, including structured deposits.
  • Funds within the meaning of PSD2, except when they qualify as e-money tokens.
  • Securitisation positions under the Securitisation Regulation.
  • Non-fungible tokens (NFTs) that are genuinely unique and non-fungible. However, the exemption is narrower than it appears — see below.
  • Fully decentralised crypto-asset services — though the Recital 22 of MiCA makes clear this exemption is meant to be narrow and not abused.

The NFT exemption is narrower than most founders think

The NFT question deserves special attention. Article 2(3) MiCA excludes crypto-assets that are unique and not fungible with other crypto-assets. On its face, this seems to exempt the entire NFT space from MiCA. It doesn't.

Recital 10 of MiCA clarifies that the exemption applies only to NFTs that are genuinely unique. Recital 11 goes further and sets out specific indicators of fungibility: the issuance of crypto-assets as NFTs in large series or collections is considered an indicator of their fungibility, and the mere attribution of a unique identifier to a crypto-asset is not in itself sufficient to classify it as unique and non-fungible. Fractional parts of a unique NFT are also not themselves considered unique.

In practice, this means: a collection of 10,000 PFPs (profile picture NFTs) where the differences between items are cosmetic — different hat colours, background patterns, trait combinations — likely will not qualify as "genuinely unique" in the regulator's eyes. If the NFTs function as fungible in practice (all mint at the same price, all trade interchangeably, all grant the same utility), MiCA can still apply.

In March 2025, ESMA published guidelines on the qualification of crypto-assets as financial instruments that include clarifications on NFTs. The "interdependent value test" is now part of the assessment: competent authorities consider whether the value of a crypto-asset stems primarily from its unique characteristics and utility, or whether it derives from its interconnection with other tokens in a series.

Important: If your NFT grants holders financial rights — revenue share, governance rights with economic consequences, staking rewards — it may be reclassified as a financial instrument under MiFID II or a crypto-asset under MiCA regardless of its "NFT" branding. Label is never determinative in EU financial regulation.

Question 2 — Are you offering to the EU?

MiCA applies only to activities directed at persons within the Union. This is a critical gating question: if you're genuinely not targeting EU users, MiCA does not apply — even if your project fits every other criterion.

The complication is that "offering to the EU" is interpreted broadly. The following activities likely constitute an EU offering:

  • A website accessible in EU languages (English included) with no geoblocking
  • Marketing materials explicitly targeting EU residents — ads on European platforms, partnerships with EU companies, presentations at EU conferences
  • Accepting payments from EU bank accounts or EU-based payment methods without restriction
  • Listing a token on an exchange that serves EU customers without limitation
  • Running a Telegram or Discord community predominantly composed of EU residents

Simply being accessible to EU users via the internet is not automatically sufficient to trigger MiCA. There must be evidence of targeting — what regulators call "active solicitation" of EU customers. But the bar is lower than many founders assume.

What genuine non-EU targeting looks like

If you genuinely don't want MiCA to apply because you're a non-EU project, the steps need to be real and enforced:

  • IP-based geoblocking — Block EU IP addresses at the platform level, not just a disclaimer asking users to confirm they're outside the EU.
  • KYC screening that excludes EU residents — Including passport-level verification.
  • No EU marketing — No ads targeting EU geographies, no MiCA-themed content on the company blog, no partnerships with EU fintechs.
  • Terms of Service exclusion — Explicit contractual prohibition on EU users.
  • Enforcement — When you discover an EU user has bypassed restrictions, you offboard them.

Half-measures don't work. A checkbox on signup asking "Are you outside the EU?" is not geoblocking. It's a fig leaf that regulators will not accept as a genuine exclusion strategy.

Unsure whether MiCA applies to your project?

Run a 5-minute AI assessment covering MiCA, MiFID II, PSD2 and AIFMD. You'll get a professional legal report with article-level citations and a clear action plan for your specific project.

Start Assessment →
€49 · No signup required

Question 3 — Which MiCA regime applies?

Assuming you've passed the first two filters — your asset is a crypto-asset, and you're offering it in the EU — the question becomes which of MiCA's three regimes applies to your activity. MiCA doesn't treat all crypto-assets the same way.

Regime 1 — Offerings of crypto-assets (Title II)

If you're publicly offering a crypto-asset in the EU that isn't an ART or EMT (see below), you're subject to Title II of MiCA. This applies to most utility tokens, governance tokens, and generic crypto-assets that don't peg to fiat or other assets.

Under Title II, you must:

  • Publish a white paper that meets MiCA's content requirements (technical details, rights attached to the token, risk factors, sustainability disclosures, etc.)
  • Notify the relevant national competent authority (NCA) of the white paper before the offering begins
  • Include a clear statement about which persons can buy the token and under what conditions
  • Provide a 14-day right of withdrawal for retail purchasers
  • Conduct marketing communications in line with Article 7 — fair, clear, not misleading

Importantly, Title II does not require authorisation to issue the token. It's a disclosure regime — more akin to the Prospectus Regulation than a licensing framework. The white paper is notified, not approved.

Regime 2 — Asset-referenced tokens and e-money tokens (Title III and IV)

If your token references the value of other assets — a basket of currencies, a commodity, real estate, gold — it's likely an asset-referenced token (ART). If it references the value of a single official currency (like a EUR-pegged stablecoin), it's an e-money token (EMT).

Both ARTs and EMTs require authorisation, not just notification:

  • ART issuers must be authorised as ART issuers under Title III, except where the issuer is already a credit institution
  • EMT issuers must be authorised as either a credit institution or an e-money institution (under the E-Money Directive)
  • Both are subject to ongoing reserve requirements — reserves must be fully backed by high-quality liquid assets
  • Both face governance, capital, and conduct requirements far stricter than Title II offerings
  • "Significant" ARTs and EMTs (based on size thresholds) face additional EBA supervision

The stablecoin regime is the most onerous part of MiCA. If you're issuing a stablecoin, this is not a situation where you can issue first and ask permission later.

Regime 3 — Crypto-asset services (Title V)

If you're providing services related to crypto-assets — rather than issuing them yourself — you're potentially a crypto-asset service provider (CASP). Under Article 3(1)(16) MiCA, crypto-asset services include:

  • Custody and administration of crypto-assets on behalf of clients
  • Operation of a trading platform for crypto-assets
  • Exchange of crypto-assets for funds (fiat on/off-ramps)
  • Exchange of crypto-assets for other crypto-assets
  • Execution of orders for crypto-assets on behalf of clients
  • Placing of crypto-assets
  • Reception and transmission of orders for crypto-assets on behalf of clients
  • Providing advice on crypto-assets
  • Providing portfolio management on crypto-assets
  • Providing transfer services for crypto-assets on behalf of clients

All ten activities require CASP authorisation from a national competent authority. This is a full prudential licence — governance requirements, capital requirements, client asset segregation, business continuity, cybersecurity, and so on. CASP authorisation typically takes six to twelve months and requires substantial documentation.

We cover CASP licensing in detail in our complete guide to CASP requirements.

Decision matrix for common project types

Here's how MiCA applies to typical Web3 and crypto project archetypes:

Project typeMiCA regime that applies
Issuing a utility token for an EU-accessible productTitle II (white paper + notification)
Issuing a EUR-pegged stablecoinTitle IV (EMT authorisation)
Issuing a stablecoin backed by a basket of assetsTitle III (ART authorisation)
Running a centralised crypto exchangeTitle V (CASP — multiple services)
Operating a custodial wallet serviceTitle V (CASP — custody)
Running a DEX frontend accessible from EULikely Title V (CASP — trading platform)
Building infrastructure (node operator, indexer, RPC)Generally outside MiCA
NFT collection of 10,000 PFPsPotentially Title II if not genuinely unique
Fully decentralised protocol without an issuerFact-specific — see Recital 22
Token sold only outside EU with real geoblockingOutside MiCA
Security token (transferable security under MiFID II)Outside MiCA — MiFID II + Prospectus Regulation apply

Common misunderstandings that trip up founders

These are the patterns we see repeatedly when Web3 founders first encounter MiCA:

"It's a utility token, so we're exempt"

Utility tokens are within MiCA scope under Title II. The label "utility token" is not an exemption — it's a specific category of crypto-asset that requires a white paper and notification. The confusion often stems from comparing MiCA to the Howey Test framework in US securities law, where utility can be a defence. MiCA doesn't work that way.

"We're fully decentralised, no issuer exists"

MiCA's Recital 22 carves out fully decentralised crypto-asset services from the scope. But the exemption is meant to be narrow. The regulation considers whether there is an identifiable offeror — a person who offers the crypto-asset, or an operator who runs the service. DAOs with identifiable multisig signers, treasury controllers, or core development teams often fail the "fully decentralised" test.

The key question regulators ask: who benefits economically, and who could stop the activity if required? If there's an identifiable person, MiCA likely applies.

"We haven't launched yet, so rules don't apply"

MiCA applies to offerings and publishing of white papers — not just to live trading. Many Title II obligations trigger at the pre-launch stage: notification of the white paper, marketing communications during fundraising, publication of key information. Starting marketing and pre-sale activity without the MiCA infrastructure in place is a common and expensive mistake.

"We're based in the Cayman Islands, so EU rules don't apply"

MiCA is not about where you're incorporated. It's about where you offer services. A Cayman-incorporated foundation that runs a Telegram group aimed at German crypto users, accepts payments in EUR, and partners with European influencers is offering in the EU — regardless of the entity's jurisdiction. Offshore structures don't automatically place you outside EU regulation.

"Article 143(3) grandfathers our existing project"

Article 143(3) MiCA provides a transitional period for crypto-asset service providers that were lawfully operating before MiCA's application date under national law. It's often misunderstood. The grandfathering is narrower than founders assume:

  • It applies only to entities that were lawfully providing crypto-asset services in compliance with applicable national law before 30 December 2024
  • It doesn't help new entrants
  • It doesn't cover expansion into new services
  • The transitional period ends on 1 July 2026 — or earlier if the entity is granted or refused MiCA authorisation before then
  • Member States may shorten the grandfathering period if they consider their pre-MiCA national framework was less strict than MiCA. Several Member States have already done so — for example, Germany, Spain and Austria end grandfathering on 31 December 2025, the Netherlands and Poland on 30 June 2025, Ireland and Italy on 30 December 2025

We cover the grandfathering provision in detail in our guide to MiCA Article 143(3) grandfathering.

Consequences of getting MiCA wrong

MiCA has real teeth. The consequences of operating without required authorisation — or publishing a non-compliant white paper — are not trivial.

Under Article 111 MiCA, national competent authorities have extensive enforcement powers. The maximum administrative fines vary by the type of breach:

  • For breaches relating to crypto-assets other than ARTs and EMTs (Title II offerings, white paper violations, CASP breaches): up to EUR 5,000,000 for legal persons or 3% of total annual turnover, whichever is higher. For natural persons: up to EUR 700,000.
  • For breaches relating to asset-referenced tokens (ARTs) and e-money tokens (EMTs): higher caps apply, reaching up to 12.5% of total annual turnover for legal persons depending on the nature of the breach.
  • For market abuse breaches (Articles 88-92): up to EUR 15,000,000 or 15% of annual turnover for legal persons, and up to EUR 5,000,000 for natural persons.
  • Suspension or prohibition of marketing, distributing or selling crypto-assets
  • Public statements naming the non-compliant person
  • Withdrawal of CASP authorisation for service providers that breach the regulation
  • Criminal sanctions where Member States apply criminal liability for regulatory breaches

National authorities may also impose fines equal to twice the profits gained or losses avoided as a result of the breach, where quantifiable.

Beyond direct enforcement, the reputational and commercial consequences are often more damaging:

  • Delisting from EU exchanges that only deal with MiCA-compliant tokens
  • Inability to access EU banking — banks increasingly require MiCA documentation for crypto-adjacent clients
  • Loss of payment infrastructure — payment providers deplatform non-compliant projects
  • VC and investor risk — sophisticated investors now ask for MiCA compliance documentation during diligence

Enforcement is accelerating. Throughout 2025, national regulators — including BaFin (Germany), AMF (France), and CONSOB (Italy) — have been actively reviewing crypto projects for MiCA compliance. Early enforcement actions are setting precedent for how the regulation will be applied.

What to do next

If you've worked through the three-question test and you're still uncertain, that uncertainty is itself a signal. MiCA is a technical regulation with substantial Level 2 and Level 3 guidance from ESMA and the EBA. Some of the hardest questions — NFT classification, DeFi scope, grandfathering eligibility — require genuine legal analysis.

Here's a pragmatic approach:

  1. Document your facts clearly — What exactly is the asset? Who issues it? What rights does it grant holders? How is it distributed? Where do your users come from? What services do you provide?
  2. Run through the three-question test carefully — Don't rush past the nuances in the NFT or decentralisation exemptions.
  3. Map your activities to MiCA's three regimes — Offerings, stablecoin issuance, crypto-asset services. Each activity might sit in a different regime.
  4. Check the interaction with MiFID II, PSD2 and AIFMD — Some activities sit at the boundary. A tokenised fund, for example, might fall under AIFMD rather than MiCA.
  5. Get a qualified legal review before publishing or launching — The cost of a legal assessment is a fraction of the cost of a retroactive regulatory remediation.

If you want a structured, AI-assisted first pass across all four major EU frameworks — MiCA, MiFID II, PSD2, and AIFMD — that's exactly what Compliora AI is built to provide. It's not a substitute for a specialist legal opinion, but it gets you from "uncertain about regulation" to "clear on the shape of the problem" in about five minutes.

Get your MiCA assessment in five minutes

Compliora AI uses a 5-agent legal pipeline to assess your project against MiCA, MiFID II, PSD2 and AIFMD simultaneously. Upload your whitepaper or answer a structured questionnaire. Get a professional legal report with article-level citations.

Start Assessment →
€49 · No subscription · No signup required

Disclaimer: This article provides general information about EU financial regulation and does not constitute legal advice. Regulatory positions evolve and national competent authorities may interpret rules differently. Consult qualified EU regulatory counsel before making compliance or business decisions. Article numbers and regulation references are provided for orientation and should be verified against the current consolidated text of Regulation (EU) 2023/1114.

Compliora AI
Compliora AI Team
EU regulatory assessment for Web3, crypto & fintech
← Back to all articles
Link copied to clipboard