Skip Navigation
Understanding MiCA and MiCAR
The European Union’s Markets in Crypto-Assets Regulation (MiCA) introduces a comprehensive regulatory framework for crypto-assets across EU member states. It establishes clear rules for crypto exchanges, tokens, and digital asset services operating within the EU. The MiCA regulation aims to protect investors, encourage responsible innovation, and ensure consistent compliance across the EU crypto market.
Malta adopted MiCA through the Markets in Crypto-Assets Act (MiCAR), which was enacted on 5 November 2024 and entered into application on 30 June 2024. Originally proposed by the European Commission and approved by the European Parliament, MiCA forms part of the EU’s broader digital finance strategy.
MiCAR outlines key requirements for the issuance and trading of crypto-assets, including transparency and disclosure obligations. It sets authorisation standards under the MiCA regulation for the supervision of crypto asset service providers (CASPs) and issuers of crypto-assets, while also defining expectations for their internal governance and operations. The Act further addresses investor protection, the custody of crypto-assets, and measures to detect and prevent market abuse on cryptocurrency exchanges.
At A2CO, we help crypto businesses understand how the MiCA regulation impacts their operations, meet the requirements of the MiCA regulation, and ensure compliance with ongoing obligations.
Who Must Comply with the Markets in Crypto-Assets Regulation
MiCAR applies to two main categories: Crypto-Asset Service Providers (CASPs) and issuers of crypto-assets. The latter includes asset-referenced tokens (ARTs), e-money tokens (EMTs), and other types of crypto-assets that do not fall under the definition of ARTs or EMTs. Both CASPs and issuers of crypto-assets must be authorised under MiCA by the Malta Financial Services Authority (MFSA) to carry out their activities. Issuers of other crypto-assets which are not ARTs or EMTs do not need to be authorised by the MFSA but must still comply with the applicable crypto assets regulation through a notification process.
MiCA Regulation Compliance for Crypto Service Providers and Token Issuers in the EU
Authorisation Requirements for Crypto Asset Service Providers (CASPs)
The following services are considered to fall within the scope of the MiCAR:
-
Custody and administration of crypto-assets on behalf of clients
-
Operation of a trading platform for crypto-assets
-
Exchange of crypto-assets for funds or other crypto-assets
-
Execution of orders for crypto-assets on behalf of clients
-
Placing of crypto-assets
-
Reception and transmission of orders for crypto-assets on behalf of clients
-
Providing advice on crypto-assets
-
Providing portfolio management on crypto-assets
-
Transfer services for crypto-assets on behalf of clients
As such, if you are a service provider offering the services above you will be considered as a CASP under MiCAR.
To operate as a CASP in Malta, you must be established as a legal entity within the EU and apply for authorisation with the MFSA. As part of this MiCA authorisation process, you will be required to demonstrate robust governance arrangements, fit-and-proper management & ownership, internal controls, operational rules depending on the service being provided, capital adequacy, and systems that ensure the safeguarding of client assets are adhered to.
Learn more about authorisation requirements for Crypto Asset Service Providers (CASPs) on our dedicated CASP services page.
Asset-Referenced Tokens (ARTs) under the MiCA Regulation
If you plan to offer ARTs to the public or list them on a trading platform in Malta, you must first obtain authorisation under MiCA from the MFSA. To apply, you must be legally established in the EU and submit a full application, including details of the applicant, a programme of operations, a crypto-asset white paper, a legal opinion, and other supporting documentation.
You must also outline key operational aspects of the ART to the MFSA. This includes your governance structure, reserve management, arrangements with third-party providers, and internal controls. ART issuers are also required to prepare recovery and redemption plans for approval by the MFSA.
Planning to issue a token in Malta? Explore the requirements on our Token Issuers page.
E-Money Tokens (EMTs) and MiCA Compliance Requirements
Issuers of EMT are also subject to regulatory requirements under MiCAR, which reflect aspects of the MiCA framework. If you are planning to offer EMTs to the public or admit them to trading, you must notify the MFSA of your intention at least 40 working days in advance. A crypto-asset white paper must also be submitted no later than 20 working days before publication. This document should explain how the token maintains full 1:1 backing with fiat currency and how it will be redeemed at par value upon request.
EMT issuers are also required to prepare and maintain both recovery and redemption plans to ensure continued financial resilience. While the MFSA does not approve these documents in advance, it retains the power to require amendments and to intervene in cases of risk to holders or financial stability.
Other Crypto-Assets and Their Qualification under MiCA
Tokens that are not ARTs or EMTs (such as utility tokens) do not require prior approval. However, a white paper must be notified to the MFSA at least 20 working days before publication. The white paper must explain why the token does not fall under the ART or EMT category. Issuers must ensure that all information provided to the public is accurate, clear, and not misleading. Although the process is lighter, these offerings still require compliance with MiCA, careful planning, and full transparency.
Prevention of Market Abuse in the EU Crypto Market
One of the priorities under MiCA and MiCAR is to uphold market integrity across the EU financial market. As the crypto-assets sector becomes more institutionalised, the risks of manipulation, insider dealing, and misleading practices must be addressed with the same seriousness as in the broader EU financial regulatory environment.
Part VI of MiCAR sets out the framework for the prevention and prohibition of market abuse under the application of the MiCA regulation. These rules apply to anyone engaging in transactions, orders, or conduct involving crypto-assets that fall within the scope of the Act and the MiCA Regulation.
Under this framework, insider dealing, unlawful disclosure of inside information, and market manipulation are explicitly prohibited by national competent authorities. This includes the use of non-public information to gain unfair advantage, spreading false or misleading information, or using deception to influence the value or volume of a crypto-asset.
Entities involved in trading or issuing crypto-assets are expected to implement effective controls to detect and prevent abusive conduct. This involves:
-
Identifying and handling inside information appropriately
-
Ensuring that communications and disclosures are accurate and timely
-
Monitoring for suspicious trading patterns or behaviours
-
Reporting potential breaches to the competent authority
The MFSA is empowered to investigate suspected abuse, request information, and impose penalties where necessary, in line with guidance and technical standards issued by ESMA. to investigate suspected abuse, request information, and impose penalties where necessary. Sanctions may apply not only to individuals, but also to legal entities that fail to take reasonable steps to prevent misconduct.
Authorisation Requirements for Crypto Asset Service Providers (CASPs)
The following services are considered to fall within the scope of the MiCAR:
-
Custody and administration of crypto-assets on behalf of clients
-
Operation of a trading platform for crypto-assets
-
Exchange of crypto-assets for funds or other crypto-assets
-
Execution of orders for crypto-assets on behalf of clients
-
Placing of crypto-assets
-
Reception and transmission of orders for crypto-assets on behalf of clients
-
Providing advice on crypto-assets
-
Providing portfolio management on crypto-assets
-
Transfer services for crypto-assets on behalf of clients
As such, if you are a service provider offering the services above you will be considered as a CASP under MiCAR.
To operate as a CASP in Malta, you must be established as a legal entity within the EU and apply for authorisation with the MFSA. As part of this MiCA authorisation process, you will be required to demonstrate robust governance arrangements, fit-and-proper management & ownership, internal controls, operational rules depending on the service being provided, capital adequacy, and systems that ensure the safeguarding of client assets are adhered to.
Learn more about authorisation requirements for Crypto Asset Service Providers (CASPs) on our dedicated CASP services page.
Asset-Referenced Tokens (ARTs) under the MiCA Regulation
If you plan to offer ARTs to the public or list them on a trading platform in Malta, you must first obtain authorisation under MiCA from the MFSA. To apply, you must be legally established in the EU and submit a full application, including details of the applicant, a programme of operations, a crypto-asset white paper, a legal opinion, and other supporting documentation.
You must also outline key operational aspects of the ART to the MFSA. This includes your governance structure, reserve management, arrangements with third-party providers, and internal controls. ART issuers are also required to prepare recovery and redemption plans for approval by the MFSA.
Planning to issue a token in Malta? Explore the requirements on our Token Issuers page.
E-Money Tokens (EMTs) and MiCA Compliance Requirements
Issuers of EMT are also subject to regulatory requirements under MiCAR, which reflect aspects of the MiCA framework. If you are planning to offer EMTs to the public or admit them to trading, you must notify the MFSA of your intention at least 40 working days in advance. A crypto-asset white paper must also be submitted no later than 20 working days before publication. This document should explain how the token maintains full 1:1 backing with fiat currency and how it will be redeemed at par value upon request.
EMT issuers are also required to prepare and maintain both recovery and redemption plans to ensure continued financial resilience. While the MFSA does not approve these documents in advance, it retains the power to require amendments and to intervene in cases of risk to holders or financial stability.
Other Crypto-Assets and Their Qualification under MiCA
Tokens that are not ARTs or EMTs (such as utility tokens) do not require prior approval. However, a white paper must be notified to the MFSA at least 20 working days before publication. The white paper must explain why the token does not fall under the ART or EMT category. Issuers must ensure that all information provided to the public is accurate, clear, and not misleading. Although the process is lighter, these offerings still require compliance with MiCA, careful planning, and full transparency.
Prevention of Market Abuse in the EU Crypto Market
One of the priorities under MiCA and MiCAR is to uphold market integrity across the EU financial market. As the crypto-assets sector becomes more institutionalised, the risks of manipulation, insider dealing, and misleading practices must be addressed with the same seriousness as in the broader EU financial regulatory environment.
Part VI of MiCAR sets out the framework for the prevention and prohibition of market abuse under the application of the MiCA regulation. These rules apply to anyone engaging in transactions, orders, or conduct involving crypto-assets that fall within the scope of the Act and the MiCA Regulation.
Under this framework, insider dealing, unlawful disclosure of inside information, and market manipulation are explicitly prohibited by national competent authorities. This includes the use of non-public information to gain unfair advantage, spreading false or misleading information, or using deception to influence the value or volume of a crypto-asset.
Entities involved in trading or issuing crypto-assets are expected to implement effective controls to detect and prevent abusive conduct. This involves:
-
Identifying and handling inside information appropriately
-
Ensuring that communications and disclosures are accurate and timely
-
Monitoring for suspicious trading patterns or behaviours
-
Reporting potential breaches to the competent authority
The MFSA is empowered to investigate suspected abuse, request information, and impose penalties where necessary, in line with guidance and technical standards issued by ESMA. to investigate suspected abuse, request information, and impose penalties where necessary. Sanctions may apply not only to individuals, but also to legal entities that fail to take reasonable steps to prevent misconduct.
Our Services
-
MiCA readiness assessments and gap analysis
-
Regulatory classification of crypto-assets and tokens
-
Guidance on the provision of crypto-asset services under MiCA
-
Preparation and submission of MiCA authorisation applications
-
Ongoing compliance support for crypto service providers
-
Development of internal policies and risk management frameworks
-
Advisory on MiCA implications for stablecoins and digital wallets
Why Choose A2CO
-
Deep expertise in MiCA and EU crypto regulation
-
Based in Malta, with pan-EU regulatory knowledge
-
End-to-end support, from licensing to compliance
-
Clear, actionable advice tailored to your business
-
Trusted by crypto firms across Europe
Frequently Asked Questions
MiCA is the European Union’s regulatory framework for crypto-assets, covering their issuance, offering, and trading where other EU laws do not apply. It promotes investor protection, market integrity, and innovation.
Yes. Malta offers a supportive regulatory environment, experienced authorities, and full EU market access, making it an ideal base for crypto businesses seeking MiCA authorisation.
MiCA applies to crypto-asset service providers and token issuers operating in the EU, including ARTs, EMTs, and other crypto-assets. If your business offers crypto services in the EU, MiCA compliance is required.
