MiCA – the new legal framework in Europe of the blockchain industry.
1. Introduction .
The European Union (EU) Regulation on Markets in Crypto-assets (MiCA) aims to introduce an EU-wide regulatory framework regarding financial, legal and technological processes in the blockchain ecosystem, providing legal clarity and certainty for the European crypto-asset market. The legal framework of MiCA was put on the agenda as a legislative project as early as June 2022, and according to representatives of the crypto industry (for example, Tom Duff Gordon, Vice President of "Coinbase"), the adoption of the Regulation "will be a key moment for the blockchain market".
In his speech - Stefan Berger (EPP, Germany), lead rapporteur and MEP on the MiCA regulation, said: "This regulation is currently being worked on: "This puts the EU at the forefront of the token economy with 10,000 different cryptoassets. Users will be protected from fraud and scams, and the sector that suffered from the collapse of the crypto exchange "FTX" will be able to regain confidence. Users will have all the information they need and all major risks surrounding cryptoassets will need to be monitored. We guarantee that environmental impact disclosure will be taken into account by crypto-asset investors. This regulation brings a competitive advantage to the EU. The European crypto-asset industry has regulatory clarity that doesn't exist in countries like the US."
On the other hand, Ernest Urtasun (Greens/ESA, EU), co-rapporteur of the Commission on Economic and Monetary Affairs on the transfer of crypto-assets expressed the following opinion: "Currently, illicit flows of crypto-assets are moving rapidly around the world, with a high chance of not be discovered. The revised version of MiCA will oblige cryptoasset service providers to detect and stop criminal cryptoflows, and will also ensure that all categories of cryptocompanies are subject to the full set of anti-money laundering obligations. This will fill a major gap in our anti-money laundering framework and implement in the EU the world's most ambitious travel rules legislation to date, in full compliance with international standards."
The co-rapporteur of the Committee on Civil Liberties, Justice and Home Affairs Asita Kanko confirmed the following thesis: "Parliament and the Council have found a fair compromise that will make it safer for people of good will to own and trade crypto-assets. At the same time, it will make it more difficult for criminals, terrorists and sanction evaders to misuse cryptoassets. Any administrative burden on cryptocompanies and innovators will be more than offset by the fact that we are unifying the currently fragmented European market, which has 27 regulatory crypto regimes."
On 18.04.2023 The first part of the MiCA regulation on "electronic money and payments, cross-border transfers, financial surveillance, combating terrorism and money laundering" was adopted in Strasbourg by 517 votes to 38 votes and 18 abstentions. based on the draft law of June 2022, which has been worked on since 2019. Legislative work on MiCA as a comprehensive legal framework for cryptoassets in the EU is expected to be completed by 2025. After being approved by the European Council, the regulation will officially enter into force as EU legislation, while in parallel the European Securities and Markets Authority (ESMA) is expected to issue guidelines for the implementation of the regulation. In July 2024, some provisions regarding the so-called "stable coins" will pass the vacatio legis [1] phase. This phase has a term of 12 months after the vote on the final text of the Regulation. The part of MiCA concerning crypto-assets will come into force 18 months after the final text of the Regulation is voted on - i.e. it will be in force only in the autumn of 2025.
2. Additional regulatory framework, financial and technological regimes.
2.1 The TFR Regulation .
In order to support the MiCA regulation, the European Parliament also adopted the accompanying Transfer of Funds Regulation (TFR). This Regulation requires crypto service providers to clearly identify their customers through the know-your-customer protocol (from English "Know your customer" or KYC) in order to fight money laundering (from "antimony laundering" or AML) and the financing of terrorism. TFR is also based on the protocol "Travel Rule" (TRP) of the international regulatory organization Financial Action Task Force (FATF). The TRP protocol [2] , as a regulatory act at the technological level, requires virtual asset service providers to verify, receive and store information about the originator and beneficiary of transactions. In addition, companies for e-money (operating as crypto exchanges, traders or start-ups) must ensure that crypto transfers can always be traced and that all suspicious transactions can be blocked.
2.1. Financial mechanisms .
In the originally proposed version of the TFR, a threshold of €1,000 was foreseen, and the identification and money laundering requirements would only apply to transfers between service providers above this amount. Here it is striking that this threshold is a much stricter provision compared to that of the traditional financial system, which sets the same requirements for amounts above 10,000 euros. Due to the cross-border nature of cryptocurrency, in the final text the customers must be identified for each amount. The minimum amount of €1,000 still applies to transfers between virtual trading service providers between hosted wallets. There is no provision in the TFR for transfers between two self-custodied wallets.
When an exchange customer sends money to a non-hosted crypto wallet, crypto asset service providers (CASPs) will only collect data when the wallet is at the customer's disposal (i.e. a physical flash-type wallet), by impose the so-called risk-based anti-money laundering approaches. Through as yet undisclosed methods, CASPs will have to verify that the wallet belongs to a specific person, and such verifications will only be required in the case of transactions worth more than 1,000 euros.
Although the legislators in the European Parliament had already signaled that the topic of transfer between hosted and non-hosted wallets was already on the agenda, the protest of the crypto industry, as well as external observers, made them relax their position in this direction. At least for now, transfers between two non-hosted wallets will fall outside the scope of the TFR, although 18 months after the TFR comes into force, the European Commission will reassess whether to strengthen (or reduce) the measures.
2.2. Mechanisms against money laundering and protection of personal data.
It will be the responsibility of the exchange service providers to ensure that they continue to comply with the money laundering sanctions and other restrictions that apply to them. There will be a blacklist for those who violate these rules, but this will be part of the MiCA package and is not directly addressed in the TFR.
On the other hand, one of the main criticisms of the TFR protocol as it applies to cryptocurrency transactions centers on data protection and concerns that because it collects reams of information about cryptocurrency users, governments and other entities will create data "honeyspots" , for hackers to take advantage of by hacking them. Therefore, TFR's approach to data protection will follow the EU's General Data Protection Regulation (GDPR), which is considered one of the most robust personal data regulations worldwide. It is envisaged that the data stored within the TFR will be made available to judicial, prosecutorial and executive authorities upon request, in order to detect crimes and other illegal acts, but they will in no case be transmitted in these hypotheses automatically.
3.O main aspects of the regulatory framework created by MiCA .
If I had to summarize in a few words my opinion about the role of MiCA as a regulatory act, I would say in brief that it was conceived and created with the aim of introducing legal rules, providing legal certainty for crypto-assets in the EU, by building a harmonized regulatory and substantive legal a framework containing guidelines for the operation, structure and issuance of digital assets.
In addition to crypto exchanges, MiCA primarily affects issuers of so-called "stable coins" that are tied to existing assets such as the US dollar or the euro. According to the new rules, stablecoins such as Tether (USDT) [3] must have adequate reserves to meet possible redemption requests in the event of mass withdrawals in the event of a market crash. Cryptoasset issuers are also required to publish detailed information about their business operations and ecosystem design. MiCA will also require crypto companies to report on the environmental impact of their operations. This is a compromise measure after the legislator removed the complete ban on the "Proof of work" mechanism [4] , as a low-level consensus protocol that aims to submit only valid blocks.
The Cryptoasset Markets Regulation is a legislative project that aims to create a comprehensive legal framework for the regulation of the blockchain ecosystem in the EU. In essence, MiCA takes some of the best practices already found in financial market regulation and applies them to the crypto industry. If we have to take a brief look at the main objectives of MiCA, they are:
- to specify and at the same time - to cancel the separate regulations that exist in several of the EU member states (such as Malta and Estonia for example) with a unifying and comprehensive legal framework;
- establish clearer rules for cryptoasset service providers and token issuers at European level;
- to ensure greater certainty in the regulation of crypto-assets as financial instruments, since for the most part, they are not covered by existing financial regulations at the national level.
3.1. Which legal entities and financial instruments does MiCA regulate? The commercial entities covered by MiCA are the cryptoasset service providers (CASP [5] ), which in a relatively comprehensive list include:
- "custodial" or so-called "hosted wallets" (in English "custodial wallets") [6] .
- Exchanges for crypto-to-crypto or crypto-to-fiat transactions;
- Crypto trading platforms;
- Crypto asset consulting firms and crypto portfolio managers
In terms of asset applicability, MiCA covers three types of assets:
- asset-backed tokens (including stablecoins backed by commodities or one or more currencies). According to Art. 3, para. 3 of MiCA, "asset-backed token" means a type of crypto-asset where there is an aspiration to maintain a stable value by tying it to the value of several fiat currencies representing legal tender, the value of one or more goods, the value of one or more crypto-assets or a combination of assets;
- e-money tokens (stable coins backed by a single fiat currency). Spread art.3, paragraph 4 of MiCA "e-money token" means a type of crypto-asset whose main purpose is to serve as a means of exchange and where there is an effort to maintain a stable value by tying it to the value of a fiat currency representing legal tender;
- tokens for goods or services ("utility tokens"). According to Art. 3, para. 5 of MiCa "token for goods or services" means a type of crypto-asset that is intended to provide digital access to a good or service that is available in blockchain technology, and which is accepted only by the issuer of this token ;
MiCA will also apply as a regulatory framework to the recently very popular NFT (from the English "non fungible tokens"), but only if the specific NFT has characteristics that make it identical to one of the assets to which the MiCA regulation applies. For example, MiCA rules may apply to an NFT that is similar to a "utility token" or a financial instrument. Therefore, when working on the legal mechanism of the NFT token, it is important to assume by the team of lawyers, financial analysts and blockchain programmers that the simple assignment of a unique identifier to the token is not an indicator of its "indispensability", which is a fundamental legal, and technological characteristic of NFT. According to MiCA, non-fungible tokens (NFT) issued in large series can be considered fungible and therefore require authorization and compliance with the regulatory framework for money laundering, which in the future may shake up many projects based on the NFT concept.
The other very interesting question is whether MiCA will apply to decentralized financial applications (from the English "DeFi"). Unfortunately, the answer to this question is "no" - MiCA will not apply to dApps [7] , as they operate without intermediaries, and since the "DeFi" model is a type of dApp, MiCa will not apply to them either. Given the fact that the DeFi market operates without financial intermediaries and by default – completely anonymously, regulatory authorities must radically change their approach to building a legal framework. The MiCA rules clearly impose a number of progressive legal constructions regarding the regulation of the activities of the participants of the centralized crypto market, but the regulation of the DeFi market has been practically ignored.
I believe in this context that the introduction of certain standards by MiCA for the self-regulation of DeFi market participants (dApps developers) is important. Such standards should be introduced primarily to protect market participants such as accredited investors and individuals, but also for regulatory purposes. In my view, MiCa should be revised here right now to include guaranteed capital standards, requirements for integrity and openness of operations, strong regulation of smart contract quality and security, and audit obligations. I build my motivation from the recent negative example with centralized crypto exchanges, namely the collapse of the crypto exchange “FTX”. One of the reasons for the collapse of this project was the use of client funds for risky operations, which undermined trust in centralized exchanges and caused an outflow of funds to DeFi wallets. Other market participants (Binance, KuCoin, OKX, etc.) independently initiated the creation of reserve funds and disclosed information about the formed level of reserves with the possibility of control over them by customers.
On the topic, I believe that in the future MiCA has a chance to increase the trust in DeFi projects by raising the legal standards of the DeFi market, by building desirable regulatory measures. Thus, the developers will independently include in their software programs the need to switch to the Know Your Customer (KYC) and accredited investors (due diligence) models, as well as the possibility of checking compliance with money laundering requirements of dirty money (from the English "AML") and combating terrorism (from the English "CFT"). In addition, the introduction of certain standards in the DeFi market will have a positive effect not only on the developers of DeFi programs, but also on all participants in the Ethereum ecosystem. In the vast majority of cases, a DeFi project will have a better development if it meets the generally accepted, European MiCA legal standards. This will naturally lead to other positive effects – for example, bona fide market participants will not have to worry about their accounts being blocked or technologically compromised.
3.2. What are the highlights of the MiCA regulation and what are the critical new rules that MiCA will introduce?
First of all, I would like to point out that blockchain projects based in the EU will need fewer licenses. Why? With the entry into force of the MiCA regulation, separate national authorization regimes for Web3 will be abolished. Instead, MiCA will introduce a pan-European regulatory regime to be used by all EU member states. What's more, companies providing crypto services that have already received authorization in their countries in this capacity will now be able to provide their services to all EU countries. It is logical to note that today national licenses allow crypto operations only in the country where they are issued, so the MiCA regulation will allow regional Web3 operators of crypto services to operate in the global European market with fewer licenses.
In this regard, companies providing crypto services (CASP) will have more obligations to disclose their legal actions, which will be expressed in the following responsibilities:
- have an office in an EU country and at least one director residing in an EU country;
- to implement anti-money laundering (AML) policies and procedures, service continuity and data security;
- to comply with specific rules for marketing communication - an argument from Article 6 MiCA in connection with Article 25 of MiCA;
- to adopt models for preventing market abuses and proper handling of complaints (this aims to avoid cases like "Terra Luna" and "FTX") - so Art. 27 MiCA. An example in this direction is that companies that operate with crypto assets will have to warn both their investors and their users about the risks of the transactions they carry out;
- to act honestly, fairly and professionally - argument from Art. 13, item 1, letter "a" MiCA in connection with Art. 59 MiCA;
- Public sharing of pricing policies, costs and fees, along with information on the environmental impact of crypto-asset activities.
3.3. MiCA and its Token Issuance Rules .
After the adoption of MiCA, the founders of Web3 projects that plan to issue tokens will have to publish a "white paper" [8] (the so-called "white paper") and create a legal entity [9] (in my opinion a joint stock company ), which will issue tokens and manage them in accordance with an announced "white paper". This means that projects such as the so-called "decentralized generated events" (from the English "Token Generation Events" or TGE" - token generation events) will not be possible with cash registers that are not related to the trust of investors, or projects such as IEO/IDO (from English "Initial Exchange Offerings" - initial offering on the exchange and "Initial Dex Offerings" - initial offering of dex positions) with anonymous issuers. However, smaller token offerings may be exempt from this requirement. If a token has no issuer (e.g. BTC), the exchange's white paper must warn users about the potential risks of the token, and the exchange will bear full responsibility for that token. To help issuers and exchanges, MiCA outlines the regulatory framework that should be strictly followed for each project: how the white paper should look like, how the crypto company should be structured legally, how the project should be structured technologically as program code, etc. .n.
One of the main requirements at the technology level is that MiCA bans algorithmic stablecoins, and asset-backed stablecoins must meet strict rules. Along with banning algorithmic stablecoins, MiCA also requires fiat-backed stablecoins , to be backed by a liquidity reserve that has a ratio of 1:1. The other technological level requirements imposed by MiCA are:
- implementation of concrete procedures for the creation of collateral assets and reserve assets - argument from Art. 32 MiCA;
- establishing procedures for considering complaints and procedures for preventing market abuse and insider trading;
- creation and maintenance of a reserve of assets isolated from other assets that are held by a third party.
To me, as a lawyer and a long-time consultant in the field of the blockchain ecosystem, all these rules sound terribly logical, since their justification is motivated by ensuring the interest of accredited investors in the first place, and secondly - they show a focus on transparency, predictability of legal actions and upholding the interests of every single user of any instrument in the crypto industry.
4. Conclusion :
The European Union (EU) Regulation on Markets in Crypto Assets (MiCA) will prove to be one of the future legal pillars of Web3, and European legal entities preparing to invest in this industry will need to prepare for all the requirements of the regulatory framework.
MiCA will provide a depth of legal regulation for crypto companies operating in the EU, which will provide clarity, technological logic, unlock millions of jobs and an ecosystem of business and consumption of services. Practice shows that all this will instantly affect the market and regulations in the USA (as it happened with the personal data regulation GDPR), and I hope it will also have an international legal and financial effect, including in the banking sector. As I noted, MiCA singleness already needs rethinking, because it does not cover the regulation of blockchain models in decentralized finance (DeFi), which concern a huge market share, as well as the NFT concept, which is largely supported by the creative industry and beyond.
Said rethinking is yet to come and I hope it will lead to new technological and legal realities that push humanity forward in an innovative way.
Author: Mr.Atanas Kostov - attorney at law
[1] "Vacatio legis" is a Latin legal term meaning the time between the passing of a law and its coming into force;
[2] The Travel Rules Protocol (TRP) is a free standard for communication between virtual asset service providers (VASPs). It aims to promote the mass adoption of virtual assets by allowing compliance with anti-money laundering (AML), sanctions and terrorist financing regulations in line with FATF recommendations.A number of compatible point protocol implementations are now available today, and due to their simplicity, customized solutions can be developed, allowing ISPs to build their own TRP solutions and integrate them directly into their existing systems.
[3] Tether (USDT) is a token-based cryptocurrency issued by the company "Tether Limited". Tether (USDT) is traded as the so-called "stable currency" at a 1:1 ratio to the US dollar.
Founded in July 2014 by Brock Pierce, Craig Sellars and Reeve Collins, Tether (USDT), originally known as "Realcoin", is a cryptocurrency known as a "stablecoin" that strives for a fixed 1:1 exchange ratio against the US dollar. Tether is one of the earliest stablecoins and is built on top of Mastercoin (Omni), a protocol layer for Bitcoin that in 2012 introduced the concept of a stablecoin to the world. Tether Limited pioneered the concept now known as the "fiat-backed stablecoin model" and USDT is currently the most widely used stablecoin.
[4] “Proof of Work” is a consensus algorithm for achieving global consensus. The algorithm is used by Bitcoin and some other currencies. Unlike the Proof of Stake approach, miners use a lot of energy to calculate hashes. In the Proof of Work consensus algorithm, computers must solve a certain type of math problem (or millions of them) that takes at least a certain amount of time.
This process is called "mining" or "mining". When a miner submits a block to the blockchain, the solution to the math problem is presented along with the transactions embedded in the proposed block. Invalid solutions (which are hard to calculate but easy to verify) are rejected by the rest of the miners in the network. Thus, the Proof of Work mechanism encourages rational miners to submit only valid blocks, because otherwise they have wasted time and effort.
[5] From the English "crypto asset service providers" or "CASP";
[6] Custodial wallets are typically offered by crypto exchanges or a custodial wallet provider in the form of a mobile or web application. After logging into their wallet account, users use the wallet provider's interface to manage their funds and transact. This means that users must trust the service provider to securely store their tokens and implement strict security measures to prevent unauthorized access. These measures may include two-factor authentication (2FA), email verification, and biometric authentication such as facial recognition or fingerprint verification.
[7] The etymology of the concept "dApp" comes from the English term for "decentralized application" ("decentralized application" or "dApp");
[8] Regarding the comprehensive requirements for the compilation and content of the "white paper", see Art. 5 of MiCA;
[9] I draw my argument from Article 4, Item 1, Letter "a" of the MiCA;