What is MiCA 2.0?
MiCA 2.0 is the informal name for the anticipated second phase of EU crypto regulation. On May 20, 2026, the European Commission's Directorate-General for Financial Stability, Financial Services and Capital Markets Union launched a public consultation reviewing whether the original Markets in Crypto-Assets Regulation remains fit for purpose.
The consultation runs until August 31, 2026, and covers two parallel tracks: a public consultation open to individuals, and a targeted technical consultation for industry participants, financial institutions, academics, and regulators. This is the first formal step in the legislative review process required under Article 140 of MiCA.
A formal report to the European Parliament and Council is expected by June 30, 2027. Where the Commission finds gaps, that report will be accompanied by a legislative proposal — what the industry is already calling MiCA 2.
Important: MiCA 2.0 does not change any existing obligations under MiCA. The July 1, 2026 CASP authorisation deadline remains in full force. If your project needed MiCA compliance under the original framework, that requirement has not changed.
Why the review is happening now
The timing reflects how quickly crypto markets have moved since MiCA was designed. The regulation was drafted in 2022–2023, before the current stablecoin, tokenisation, and DeFi markets had fully taken shape. By the time MiCA came into full force in December 2024, significant gaps were already visible.
Three developments accelerated the need for a review:
- DeFi's exclusion created regulatory arbitrage. MiCA explicitly excluded "fully decentralised" services from its scope. As DeFi activity grew, this exclusion created a gap where significant financial activity was happening outside any regulatory framework, raising investor protection concerns.
- Global frameworks caught up. The US, UK, Singapore, and other jurisdictions published their own crypto frameworks in 2024–2025. The Commission wants to ensure MiCA remains competitive and coherent with international standards.
- Market structure changed. Traditional financial institutions — banks, exchanges, custodians — accelerated their entry into crypto. MiCA's original structure did not fully account for this convergence of traditional finance and digital assets.
Key context: The European Commission explicitly acknowledged in the consultation documents that the DeFi exclusion may have driven activity outside the EU — a phenomenon called regulatory arbitrage — and that this is now firmly on regulators' radar.
DeFi: the biggest open question
DeFi is the most consequential topic in the MiCA 2.0 consultation, and the most uncertain. The Commission is asking what it means for a protocol to be "decentralised" and when regulatory obligations should attach.
The consultation proposes a spectrum approach rather than a binary decentralised/centralised classification. It asks about specific factors that determine when oversight applies:
- Admin key control — can an identifiable entity modify or pause the protocol?
- Governance concentration — what percentage of governance tokens does any single entity hold?
- Asset custody — does any entity hold or control user assets?
- Active marketing — is an identifiable entity promoting the protocol in the EU?
- Open-source status — is the codebase publicly verifiable?
Two regulatory models are being actively explored. The first is a certification model — potentially mandatory above a certain Total Value Locked (TVL) threshold — where compliance requirements are embedded directly into protocol design. The second is a full CASP licence requirement for DeFi protocols that have identifiable points of control.
For DeFi projects currently operating under the assumption that they are outside MiCA's scope, this consultation is significant. If your protocol has a centralised front-end, identifiable governance structure, or marketing presence in the EU, you may already be closer to the "regulated" end of the spectrum than you assumed — and MiCA 2.0 could formalise that.
See our earlier analysis of the MiCA scope question for the current framework — the same logic of "points of centralisation" is now being applied to DeFi.
Stablecoins, staking, NFTs, and tokenized assets
Beyond DeFi, the consultation covers several other areas where MiCA's original framework left gaps.
Stablecoins
The consultation revisits MiCA's rules for asset-referenced tokens (ARTs) and e-money tokens (EMTs), focusing on prudential rules, reserve requirements, redemption rights, and crisis management tools. The "multi-issuance" model — where a single global stablecoin is issued by multiple entities across jurisdictions — is a particular area of concern. The review also looks at reserve asset location requirements for euro stablecoins, which have created friction for some issuers.
Staking
Staking is explicitly mentioned in the consultation as an area requiring more legal certainty. Currently, whether staking constitutes a regulated activity under MiCA depends on the specific arrangement — whether an intermediary is involved, whether assets leave user custody, and what returns are promised. MiCA 2.0 may bring clearer rules for both protocol-level and intermediated staking.
NFTs
The original MiCA framework excluded most NFTs on the basis that unique, non-fungible tokens are not crypto-assets in the regulatory sense. The consultation reopens this question, particularly for large collections of functionally interchangeable NFTs and fractionalized NFTs where the underlying economics resemble securities. See our detailed analysis of when NFT projects fall within MiCA scope.
Tokenized assets and on-chain ownership
The consultation addresses the legal uncertainty around tokenized real-world assets — their ownership treatment, transfer finality, and insolvency handling. As tokenized bonds, funds, and real estate grow, the intersection of MiCA and traditional financial regulation (particularly MiFID II) needs clearer rules.
The CASP-as-gatekeeper model
One of the most consequential proposals in the MiCA 2.0 consultation is the CASP-as-gatekeeper model. Under this approach, authorised CASPs would be required to:
- Conduct due diligence on DeFi protocols before connecting clients to them
- Accept liability for incidents on protocols they facilitate access to
- Only provide client access to certified or approved protocols
This model would fundamentally shift accountability in DeFi ecosystems. Rather than attempting to regulate anonymous protocol developers directly, the regulation would hold the regulated intermediaries — exchanges, custodians, and CASP-licensed services — responsible for what their clients can access.
For CASPs, this creates significant new due diligence obligations and potential liability. For DeFi protocols, it means that their access to EU users could depend on whether major CASPs decide to include them in a curated list of approved protocols.
For CASPs: If the gatekeeper model is adopted in MiCA 2.0, your compliance programme will need to include DeFi protocol due diligence as a new category — assessing decentralisation score, governance structure, TVL thresholds, and audit history for each protocol you expose clients to.
Timeline and what to expect
| Date | Event |
|---|---|
| May 20, 2026 | MiCA 2.0 public consultation launched by European Commission |
| July 1, 2026 | MiCA 1.0 hard deadline — all CASPs must hold authorisation or cease EU operations |
| August 31, 2026 | Consultation feedback deadline — industry responses due |
| Late 2026 – early 2027 | Commission analysis of consultation responses |
| June 30, 2027 | Commission report to European Parliament and Council, potentially with legislative proposal |
| 2028–2029 (estimated) | MiCA 2 enters into force (assuming ~18-month legislative process) |
The realistic timeline means MiCA 2.0 will not produce binding obligations before 2028 at the earliest. For most projects, the immediate priority remains MiCA 1.0 compliance — specifically the July 1, 2026 CASP authorisation deadline.
What crypto projects should do now
MiCA 2.0 is a signal, not an immediate obligation. But it is a strong signal — the EU intends to extend regulatory reach significantly. Projects that are currently outside MiCA scope because they are "fully decentralised" should treat the consultation as a warning that this exclusion may not last.
The practical priorities for different project types:
DeFi protocols
Map your actual decentralisation level against the criteria the Commission is proposing — admin key control, governance concentration, custody, and marketing. If you have identifiable points of centralisation, assess what MiCA 2.0 would mean for you under each proposed model. Consider engaging in the consultation process before August 31.
CASPs already authorised under MiCA
Start scoping what DeFi due diligence would look like in your compliance programme. The gatekeeper model may require assessing dozens or hundreds of protocols. Building that capability now — before it is legally required — reduces the operational risk of being caught unprepared.
Projects not yet assessed under MiCA 1.0
If you have not yet determined whether MiCA applies to your project under the current framework, that is the first step — MiCA 2.0 makes this more urgent, not less. The July 1 deadline applies regardless of what MiCA 2 will eventually require.
Not sure where your project stands under MiCA?
Get a preliminary AI-powered regulatory assessment in minutes. Covers MiCA, MiFID II, PSD2, and AIFMD — with article-level legal citations and a professional PDF report.
Start your assessment →Frequently asked questions
What is MiCA 2.0?
MiCA 2.0 is the anticipated second phase of EU crypto regulation, following the public consultation launched by the European Commission on May 20, 2026. The consultation reviews whether the original MiCA framework remains fit for purpose given rapid developments in DeFi, stablecoins, staking, NFTs, and tokenized assets. A formal legislative proposal is expected by June 30, 2027, under Articles 140 and 142 of MiCA.
Does MiCA 2.0 affect DeFi protocols?
Yes — DeFi is the central focus of the MiCA 2.0 consultation. The Commission is exploring a certification model and embedded supervision for DeFi protocols above certain TVL thresholds, and a CASP-as-gatekeeper model where authorised CASPs must conduct due diligence on DeFi protocols they connect clients to. If your protocol has identifiable points of centralisation — admin keys, concentrated governance, active EU marketing — it may fall within scope.
When is the deadline for the MiCA 2.0 consultation?
The public consultation runs from May 20 to August 31, 2026. If you want to influence the outcome, submit your response through the Commission's online questionnaire before August 31. The Commission is expected to report to the European Parliament and Council by June 30, 2027.
Does MiCA 2.0 change my obligations under MiCA 1.0?
No. The MiCA 2.0 consultation does not change any existing obligations under MiCA. The July 1, 2026 CASP authorisation deadline remains in force. MiCA 2.0 is a legislative review process — binding obligations will not arise before 2028 at the earliest.
What topics does the MiCA 2.0 consultation cover?
The consultation covers: DeFi regulation and the decentralisation spectrum; stablecoin reserve rules and the multi-issuance model; staking, lending and borrowing; NFTs and whether they should be brought under MiCA scope; tokenized real-world assets and on-chain ownership rights; and the legal interface between MiCA and MiFID II for tokenized financial instruments.
