By Anna Carrier, Legal Consultant Norton Rose Fulbright | Brussels
This article discusses the upcoming regulatory changes in the EU concerning crypto-assets, including proposed regulation on markets in crypto-assets (MiCA) and other relevant legislative proposals. It outlines key changes that persons active in the European crypto-asset markets should be aware of, including estimated timelines for their implementation.
On 25 September 2020 the European Commission published its long-awaited draft legislation on markets in crypto-assets – commonly known as the “Markets in Crypto-Assets Act” or MiCA. The proposal is part of the broader Digital Finance Strategy package, the intention of which is to “make Europe fit for the digital age and to build a future-ready economy that works for the people”. To this end, MiCA is the first European-level legislative initiative aiming to introduce a harmonised and comprehensive regulatory framework for crypto-assets, including rules concerning issuance of crypto-assets, as well as provision of services in crypto-assets. As such MiCA is designed to fill a regulatory gap as to date regulating crypto-assets in the European Union (EU) has effectively been subject to fragmented and diversified national regimes, which range from very little regulation in some Member States to a relatively strict set of requirements in others (e.g. Germany). By way of background, currently the only European-level requirements concerning crypto-assets are set out in the Anti-Money Laundering and Counter-Terrorism Financing Directive (MLD), which captures “providers engaged in exchange services between virtual currencies and fiat currencies” and “custodian wallet providers”. This includes an obligation for Member States to ensure that operators of crypto-exchanges and custodian wallet providers are registered and comply with standard customer due diligence requirements. That said, with MLD requiring transposition to national legal systems, even those minimal requirements are subject to diversified implementation.
This article provides an overview of the MiCA proposal and its key provisions, as well as some other legislative initiatives that are relevant for persons active in crypto-asset markets. It also provides an overview of the relevant timelines and estimates regarding formal adoption, entry into force and application of MiCA, and seeks to provide some suggestions regarding practical considerations for in-scope persons.
1. Overview of key provisions
Scope, subject matter, and definitions
Starting with the basics, once formally approved MiCA will set out harmonised EU-level definitions of all key terms relating to activities undertaken in crypto-asset markets. This includes definitions of crypto-assets, various types of tokens (asset-referenced, significant asset-referenced, electronic money, utility), crypto-asset service and service-providers, the operation of a trading platform in crypto-assets, the custody and administration of crypto-assets. It will apply to persons involved in the issuance of crypto-assets, as well as services related to crypto-assets in the EU, which are not regulated by other pieces of European law. That said, MiCA is not intended to apply to “crypto-assets that are unique and not fungible with other crypto-assets”, such as non-fungible tokens. MiCA sets out rules on transparency and disclosure requirements for the issuance and admission to trading of crypto-assets, the authorisation and supervision of crypto-asset services providers and issuers, the operation, organisation and governance of issuers of asset-referenced tokens and electronic money tokens and crypto-asset service providers, consumer protection rules as well as measures to prevent market abuse and to ensure the integrity of markets in crypto-assets.
Regulating offerings of crypto-assets in the EU
Offering crypto-assets to the public in the EU and/or requesting an admission for such crypto-assets to trading on a trading platform for crypto-assets will become subject to a prescribed set of requirements. This includes an obligation to publish a white paper containing a detailed description of the planned crypto-asset offering or admission to trading. MiCA will also set out requirements applicable to marketing communications relating to the offering of crypto-assets or admission of such crypto-assets to trading. It will also set out some conduct rules for crypto-asset issuers, such as an obligation to act honestly, fairly and professionally, coupled with provisions on liability of issuers of crypto-assets.
Stablecoins and e-money tokens
A separate set of MiCA requirements will be applicable to the issuance of asset-referenced tokens (commonly known as “stablecoins”) and e-money tokens or their admission to trading on a trading platform. In respect of asset-referenced tokens, this includes an obligation for the issuer to obtain a prior authorisation by a National Competent Authority (NCA) and an obligation to publish a white paper approved by an NCA. Authorised European credit institutions will not have to obtain additional authorisation to issue asset-referenced tokens. Issuers authorised in accordance with MiCA will also have to comply with bespoke own funds requirements, governance arrangements, disclosure requirements, conflict of interest and complaints handling mechanisms, an obligation to hold reserves of assets, as well as having in place policies and procedures governing custody of the reserve assets, investment of the reserve assets and planning on orderly wind-down. Even more stringent provisions will be applicable to issuers of asset-referenced tokens that will be designated as “significant”. Regarding e-money tokens and subject to some exemptions, MiCA foresees an obligation for the issuer to be authorised as a credit institution or an electronic money institution, and comply with the applicable legislation, as well as publishing a white paper and notifying it to the relevant NCA. Similar as with respect to asset-referenced tokens, MiCA will set out rules for categorisation of certain e-money tokens as “significant”, that will be subject to additional requirements and supervision. Perhaps one of practical points for potential issuers of asset-referenced tokens is whether they should already be thinking about structuring their business as a credit institution, i.e. in an anticipation of the MiCA rules application.
Provision of services in crypto-assets in the EU
Probably one of the biggest impacts of MiCA will be its requirement that the provision of services in crypto-assets can only be performed by legal persons that have a registered office in the EU and which have been duly authorised as crypto-asset service providers in accordance with MiCA. The actual scope of services in crypto-assets will include custody services, operating trading platforms for crypto assets, exchanging services between crypto-assets and fiat currency or other crypto-assets, executing orders for crypto-assets on behalf of third-parties, as well as providing placement services, reception and transmission of orders in crypto-assets and advice on crypto-assets. In order to avoid overlap with an existing regulatory framework, MiCA authorisation requirements will not be applicable to the provision of crypto-asset services by European authorised credit institutions, investment firms, market operators, e-money institutions, management companies of UCITS and alternative investment fund managers.
Authorised crypto-asset service providers will be able to provide their services cross-border in all EU jurisdictions, which is akin to “passport” rights known from other pieces of European financial services legislation. Authorised crypto-asset service providers will be subject to a range of requirements, both general as well as specific ones depending on the type of service provided. The general requirements will cover prescriptive organisational and disclosure rules, rules regarding safekeeping of client’s funds and outsourcing, conduct rules and an obligation to act honestly, fairly and professionally in the best interest of clients, as well as prudential requirements such as an obligation to maintain own funds and an insurance policy.
Finally, it is important to flag that contrary to other pieces of European financial services legislation, MiCA will not include a separate regime for third-country crypto-asset service providers. Instead, persons based in the EU will be able to receive services offered by crypto-asset service providers established in a third-country only on their exclusive initiative, i.e. on a so called “reverse solicitation” basis. If such a third-country firm wants to actively solicit clients based in the EU and/or to promote or advertise its services in the EU, it will need to obtain authorisation as an EU crypto-asset service provider. As mentioned elsewhere in this article, while the authorisations regime is likely to take some time to kick-in, and in practice the process will take time, there are wider structural issues that firms might start considering now, both in terms of opportunities that MiCA offers and prospective challenges.
Prevention of market abuse in crypto-assets
Finally, recognising the need to “ensure confidence in crypto-asset markets and market integrity” and in order to deter market abuse, MiCA will set out a set of rules applicable to crypto-assets that are admitted to trading on a trading platform for crypto-assets, or for which a request for admission to trading on such a trading platform has been made. Not dissimilar from the relevant rules applicable in securities markets, MiCA requirements include provisions concerning disclosure of inside information and prohibitions on insider dealing, unlawful disclosure of inside information and market manipulation.
Interaction with other legislative initiatives
As mentioned earlier in this article, the MiCA proposal was part of a broader Digital Finance Package. It included, among other initiatives, a proposed regulation on digital operational resilience for the EU financial services sector – commonly known as the “Digital Operational Resilience Act” or DORA. DORA is a first European-level legislative initiative aiming to introduce a harmonised and comprehensive framework on digital operational resilience for European financial institutions, including crypto-asset service providers that will have to become authorised in accordance with the MiCA requirements. While we cannot discuss the relevant DORA provisions in any detail this this article, it is important to flag that DORA will set out a very prescriptive set of requirements concerning management of Information and Communication Technologies (ICT) risks, including internal governance and control frameworks, incident management processes, testing as well as management of ICT third-party risks. With DORA’s legislative review process nearing to its end, it is currently expected that it will become binding law in mid-2024.
In addition, on 20 July 2021 the European Commission published a proposed regulation on the transfer of funds and certain crypto-assets. This proposed legislation intends to implement in European law the controversial recommendation of the Financial Action Task Force (FATF) to accompany the transfer of crypto-assets with information on the originator and the beneficiary (the so called “travel rule”). It will introduce an obligation for crypto-asset service providers to collect and make accessible data concerning the originators and beneficiaries of the transfers of crypto-assets they undertake. As such, it sets out details regarding the type of information that the crypto-asset service provider of the originator will have to obtain and verify prior to executing the transfer of crypto-assets. It also obliges the crypto-asset service provider of the beneficiary to have in place effective procedures to detect missing information. While legislative review of the proposal is still ongoing and the final application date is yet to become confirmed, it is currently expected that the application of the “travel rule” requirements will be correlated with the application of MiCA. That said, the complexity and prospective technical challenges that firms are likely to face in adopting suitable compliance measures, as demonstrated by similar experiences in other jurisdictions that implemented the “travel rule”, suggest that they should start preparing well in advance.
2. Formal adoption and application
As mentioned earlier, at the time of writing this article, the legislative review of MiCA is still ongoing and the co-legislators are yet to finalise their negotiations. While Member States, under leadership of the Slovenian Presidency, agreed their negotiating positions (known as a “general approach”), the formal position of the European Parliament’s ECON committee is still pending. Once its adopted, both co-legislators and the European Commission will have to enter into the so-called “trilogue” negotiations, aimed at brokering a final agreement on the content of MiCA. Only then the European Parliament and the Council will be able to formally approve the legislation, which will pave the way for the publication of MiCA in the EU Official Journal, and its subsequent entry into force and application.
Assuming therefore that legislative work will run until Q1/Q2 2022, we might expect MiCA to be published in the EU Official Journal in late Q2 2022. According to the Commission’s proposal, the majority of the provisions should become applicable 18 months following MiCA entry into force, and the provisions concerning asset-referenced tokens and e-money tokens should become applicable with no transition period. That said, the co-legislators are expected to amend the application dates – the Council proposed to extend both dates to 24 months (for the majority of provisions) and 12 months (for provisions regarding asset-referenced tokens and e-money tokens). While the exact dates remain to be confirmed, we can estimate that MiCA will become a binding law in mid-2023/2024. Although this may sound like a long while away, in practice complex strategic and tactical decisions about how to best adapt to the new regime usually take time to consider.
3. Practical considerations for crypto-asset market participants
The upcoming adoption and application of MiCA will mark the beginning of a harmonised European approach to regulating crypto-assets. Ensuring compliance with MiCA and other legislative requirements as discussed above will require significant efforts in a relatively short timeframe. As mentioned above, while the MiCA application may not be immediate, both EU and non-EU firms are well advised to start considering how to adapt to the new regime, given the complexity of issues at stake. This means considering both the opportunities and potential threats stemming from the new regime. First and foremost, compliance with authorisation conditions for those currently non-authorised providers of services in crypto-assets will require many such persons to review and significantly ramp up their internal governance arrangements, policies and procedures. While it might be too early to start putting together authorisation applications, it is arguably the right time to start considering broader strategic structural issues at the firm’s level. It is also important to bear in mind that while MiCA will bring crypto-asset service providers within the European regulatory perimeter, it will ultimately require their compliance with other rules and regulations. As mentioned earlier, DORA is expected to have a significant impact on the in-scope firms’ governance structures and processes. While some of the biggest and most sophisticated crypto-asset service providers are likely to have complex ICT systems and procedures already in place, conducting their review and adaptation to the DORA standards is likely to be a complex task. On the other hand, for particular smaller and less sophisticated crypto-asset service providers, compliance with the DORA requirements might prove to be a challenge. Similarly, ensuring compliance with the “travel rule” requirements will require significant technological and operational adaptions by crypto-asset service providers. To conclude, crypto-asset service providers, as well as those seeking to issue crypto-assets in the EU, should start preparing for the upcoming legislative changes as soon as practicable.
About the Author
Anna Carrier is a lawyer in Norton Rose Fulbright’s financial services regulatory and government relations practices, based in the firm’s Brussels office. She advises clients on a range of European legislative, regulatory and policy matters, with a particular focus on securities and derivatives markets, benchmarks, crypto and prudential regulation, sustainable finance and Fintech.
 Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto-assets, and amending Directive (EU) 2019/1937 (COM/2020/593 final), 24 September 2020.
 Proposal for a Regulation of the European Parliament and of the Council on on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014 (COM(2020) 595 final) (2020/0266 (COD)), 24 September 2020.
 Proposal for a Regulation of the European Parliament and of the Council on information accompanying transfers of funds and certain crypto-assets (recast) (COM(2021) 422 final) (2021/0241(COD)), 20 July 2021.