MiCAR in the making: EU passes milestone on road to crypto regulation

Two years since the draft text was first released, the EU’s flagship Markets in Cryptoassets Regulation has now been finalised and is set to become law. The rules will impact crypto issuers and service providers not only in the EU but around the world, thanks to its extraterritorial effect. Several important aspects will only start to apply after a transitional period, meaning it could take several years before the full impact of MiCAR is felt.

The vision

In September 2020 the European Commission first put forward draft legislation aimed at harmonising the EU’s regulation of cryptoassets. Now, after two years of negotiations between the European Parliament, Council and Commission, the EU’s agreed compromise on MiCAR has arrived.

MiCAR aims to build a single pan-European crypto market by replacing the national regimes that have started to emerge and boosting consumer confidence in compliant crypto. A passporting regime will allow authorised crypto service providers to do business across the EU as part of its single market for digital finance. It also seeks to mitigate risks arising from market abuse and rein in cryptoassets which could have a detrimental effect on financial stability or monetary sovereignty.

The regulation is a keystone of the EU’s Digital Finance Strategy, alongside the EU’s digital operational resilience act (DORA) and DLT pilot regime, and reflects a broader trend as the EU revamps its regulation of the digital economy. Its arrival comes as the international Financial Stability Board opens a consultation on what an effective crypto regulatory framework should look like.

Many market participants will welcome a greater degree of legal clarity, despite the additional regulatory burden that MiCAR ushers in. The hope is also that bringing more legitimacy to crypto markets should lead to more institutional investment and growth. However, some important legal questions remain outstanding and much of the legal framework, in the form of detailed technical standards, is still to be developed. 

Two years on, what has changed?

Scope – what?

The definition of “cryptoassets” remains very broad. Cryptoassets that have the characteristics of a financial instrument and which are therefore already regulated under the existing securities regulatory framework are carved out of scope.

Since MiCAR was first published, interest in non-fungible tokens has increased, which has led to some suggestion they could fall within the regime. In the end, truly “non-fungible” tokens will generally fall outside the scope of the MiCAR framework on the basis that they are not interchangeable and so not the subject of liquid markets. However, fractional parts of an NFT will not be considered “non-fungible”, nor will the issuance of NFTs in a large series or collection.

Under MiCAR, in-scope cryptoassets will be categorised according to their perceived risk as one of:

  • EMTs: e-money tokens, which are broadly stablecoins pegged to one official currency
  • ARTs: asset-referenced tokens, which are broadly stablecoins pegged to more than one official currency or other assets
  • Other: cryptoassets which are not EMTs or ARTs and so are subject to lighter-touch requirements.

Previously the definition of ART referred to specific asset-classes (commodities, cryptoassets and baskets of currencies). Now the concept of an ART has been broadened to cover all cryptoassets, other than EMTs, that aim at maintaining a stable value by reference to any value or rights.

Another area of interest is DeFi. Services provided in a “fully decentralised manner” should not be in the scope of MiCAR (which sidesteps tricky questions about how to regulate DeFi systems in practice). However, MiCAR will apply to intermediaries that perform their services as part of wider DeFi arrangements. For example, if a cryptoasset is issued to the public on a decentralised basis, the operator of the trading platform must produce the white paper for the cryptoasset. Exactly how MiCAR will apply to particular decentralised arrangements will need to be considered on a case-by-case basis.

Scope – who?

The final version of MiCAR applies to both issuers of cryptoassets offering their products into the EU and cryptoasset service providers (CASPs). CASPs must seek authorisation to offer their services in the EU. Having a crypto licence means applying rules on, for example, conduct, capital and safeguarding, as well as service-specific requirements.

The list of cryptoasset services has been extended since the original draft. Alongside activities such as crypto custody and exchange of cryptoassets (see our previous blogpost), the following will also be regulated under MiCAR:

  • providing transfer services for cryptoassets on behalf of third parties
  • providing portfolio management on cryptoassets.

Notably, all CASPs are now required to have their “place of effective management” (i.e. the place where the key management and commercial decisions that are necessary for the conduct of business are taken) in the EU and at least one of the directors must reside in the EU.

The revised version of MiCAR also includes a new concept of a “significant CASP”. CASPs must monitor the number of their users. A CASP with 15m or more active users in the EU is considered “significant” and must notify its regulator and provide it with certain information.

Enhanced requirements for issuers and service providers

The negotiations on MiCAR have led to various requirements for both issuers and service providers being tightened.

Most significantly, new caps on volume have been introduced for ARTs and EMTs used as means of exchange in order to address monetary sovereignty concerns. Where these tokens are used as means of exchange (as opposed to objects of investment, for example) and the volume of transactions reaches certain thresholds (more than a million transactions per day valued at, at least, EUR200m), the issuer must stop issuing the tokens and present a plan to make sure that the number and value remains below the caps. This has raised particular concerns that certain prominent USD-denominated stablecoins could effectively be banned in the EU.

MiCAR also now requires ART issuers to provide a right of redemption to the holders which can be exercised at any time. Previously, this redemption right only applied to EMTs. As expected (see our blogpost: European Parliament pushes for sustainability disclosures in crypto market), the final version of MiCAR introduces ESG disclosure obligations. These have been included to encourage a move away from energy-intensive proof-of-work consensus mechanisms. ESG disclosures are required in white papers and on CASP websites, with European Supervisory Authorities tasked with developing further standards.

Other changes – custodians and oversight

There has been an important development for crypto custodians. The original draft suggested custodians could be liable for the loss of a cryptoasset or means of access to the cryptoasset even if this happened on-chain and outside the custodian’s control. MiCAR now limits this to incidents attributable to the custodian, although the burden is on the custodian to show that the loss happened independently of its services and operations. Their liability is also capped at the market value of the cryptoasset lost at the time the loss occurred.

The European Central Bank and central banks gain additional powers to oversee, and intervene in, crypto markets. For example, the ECB may require a regulator to refuse, withdraw or limit an authorisation to issue ARTs.

What happens next?

The text is due to be formally adopted in the coming months. It is expected to enter into force early in 2023 but not start to apply until 2024. Generally MiCAR will apply from 18 months after entry into force although the rules for stablecoins (i.e. ARTs and EMTs) will start to apply after 12 months.

The impact on existing crypto businesses could be delayed further thanks to transitional regimes. For example, CASPs which are in operation before MiCAR takes effect may continue to provide their services in accordance with national law for an additional 18 months after the rules start to apply. Where necessary, this will allow them time to apply for a licence under MiCAR’s authorisation regime.

Also over the next couple of years several sets of technical rules and guidance will be developed by the European Supervisory Authorities. For example, the European Securities and Markets Association will develop guidelines on the criteria and conditions for cryptoassets (including NFTs) to qualify as financial instruments.

Finally, MiCAR also requires certain EU authorities to deliver an interim review on the application of MiCAR within two years and a full report within four years. This will include assessing whether the regulatory treatment for NFTs and DeFi is adequate. Given the pace of change in the sector, these papers will likely lay the groundwork for a MiCAR 2.0.

While the EU implements MiCAR, other jurisdictions around the world are looking to introduce or enhance their own frameworks for regulating crypto. To promote consistency between these regimes, the FSB has proposed recommendations for the regulation of cryptoasset activities. Its consultation closes on 15 December 2022.