With the long-awaited MiCA Regulation (MiCAR) being approved last month, crypto service providers can expect a clear set of rules governing the provision of crypto-asset services across the EU as well as the ease of passporting which facilitates the provision of EU cross-border services. MiCAR also seeks to provide protection to consumers while ensuring financial stability. The Regulation is expected to come into force in 2024.

Which entities qualify as a CASP?

“Crypto-Asset Service Providers” (CASPs) are defined under MiCAR as an approved “legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis.” In turn, the Regulation defines “crypto-assets” as “a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology”.

The following crypto-asset services fall within the scope of MiCAR:

  1. providing custody and administration of crypto-assets on behalf of clients;
  2. operation of a trading platform for crypto-assets;
  3. exchange of crypto-assets for funds;
  4. exchange of crypto-assets for other crypto-assets;
  5. execution of orders for crypto-assets on behalf of clients;
  6. placing of crypto-assets;
  7. reception and transmission of orders for crypto-assets on behalf of clients;
  8. providing advice on crypto-assets;
  9. providing portfolio management on crypto-assets;
  10. providing transfer services for crypto-assets on behalf of clients.

Thus, any person wishing to provide any of these services in the EU must be authorised under MiCAR.

Regulatory Process

Subject to the possible transitory period under the Regulation, prospective CASPS need to obtain prior authorisation in their home member state before being able to provide such services. If the CASP originates from a third (non-EU) country, this authorisation process should be undertaken in the Member State in which the services are intended to be offered.

CASP licensees are split up into three classes depending on their service type, each with different minimum capital requirements:

CASP Service Type Minimum Capital
Class 1 Crypto-asset service provider authorised for the following crypto-asset services: execution of orders on behalf of clients;placing of crypto-assets;providing transfer services for crypto-assets on behalf of clients;reception and transmission of orders for crypto-assets on behalf of clients;providing advice on crypto-assets; and/orproviding portfolio management on crypto-assets €50,000
Class 2 Crypto-asset service provider authorised for any crypto-asset services under class 1 and: providing custody and administration of crypto-assets on behalf of clients;exchange of crypto-assets for funds; and/orexchange of crypto-assets for other crypto-assets. €125,000
Class 3 Crypto-asset service provider authorised for any crypto-asset services under class 2 and operation of a trading platform for crypto-assets. €150,000


The class system portrays one of the major similarities between the Maltese Virtual Financial Asset (VFA) regime and MiCAR. Under current Maltese legislation, VFA Service Providers are classified into four classes based on the type of services provided and respective minimum capital requirements. This classification has clearly been emulated under MiCAR.

Although further guidelines are expected to be issued by ESMA and respective European Supervisory Authorities, the application process for CASPs is expected to assess numerous aspects of the applicant entity. Applicants must ensure that the members of their management body are of sufficiently good repute, knowledgeable, skilled and experienced. Qualifying shareholders are also individually assessed to ensure they are of sufficiently good repute. Most importantly, regulatory authorities will scrutinise the applicant’s internal control mechanisms and policies and procedures to ensure that crypto-asset services will be offered in full compliance to MiCAR requirements while also ensuring that any customer funds are not placed at risk.

Additional requirements apply to CASPs that are deemed to be “significant” i.e., entities that have a minimum of 15 million daily active users in one calendar year. Such significant CASPs would be subject to added scrutiny and security to reflect their added risk/effect. In such cases, the competent authority of the home Member State of the significant CASP is required to submit an annual update on that CASP to ESMA’s Board of Supervisors.

Specific rules also apply when the following authorised entities seek to offer certain specific crypto-asset services:

  • Credit Institutions
  • Central Securities Depository
  • Investment Firms
  • Market Operators
  • Electronic Money Institutions
  • UCITS Management Company
  • Alternative Investment Fund Manager

In such cases MiCAR offers these authorised entities the possibility to provide specific crypto-asset services, subject to satisfying certain requirements, without having to undertake a new licensing process altogether.


A long-standing principle of the EU’s freedom of establishment and freedom to provide services, MiCAR also establishes the ‘passporting’ mechanism, allowing CASPs to obtain authorisation from a single Member State while still having the possibility to provide services throughout the entire EU. This important advantage will undoubtedly solidify the EU’s position as a leading market for the provision of crypto-asset services.

The Way Forward

Due to the similarities between the current Maltese VFA regime and MiCAR, authorised VFA Service Providers are to expect minimal changes to their regulatory requirements and obligations. The transition from the Maltese VFA regime to MiCAR is thus expected to be a practically seamless one. CASPs seeking to be authorised under MiCAR in Malta thus stand to benefit from interfacing with a well-experienced authority which is already very knowledgeable in the practical workings of MiCAR, having implemented and administered a largely similar process under the VFA framework for these last few years as well as having a hands-on approach to the requirements and challenges faced by operators in the crypto-assets sphere. For more information on MiCAR and the licensing process and requirements for CASPs, kindly contact Dr Ian Gauci and Dr Cherise Abela Grech.

Disclaimer This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.
Skip to content