MiCAR Reporting Obligations for CASPs: Complete Implementation Guide

ByOfficer

Last updated: March 2026

Introduction

MiCAR (Markets in Crypto-Assets Regulation) creates the first comprehensive regulatory framework requiring crypto-asset service providers to implement authorization, prudential reporting, transaction monitoring, and incident notification systems. The Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114) represents the first unified rulebook for crypto-asset activities across the entire European Union. For reporting teams and compliance practitioners, MiCAR introduces reporting obligations that extend beyond traditional financial services requirements, creating operational complexity that many crypto firms underestimated during initial implementation.

Before MiCAR, crypto firms operated in a fragmented regulatory landscape where rules varied dramatically by jurisdiction. MiCAR unified this landscape: as a regulation (not a directive), it applies directly in all EU member states without requiring national transposition. This uniformity brings clarity but also operational demands. Institutions must translate blockchain-based activities into regulatory reporting categories, implement systems that capture on-chain data alongside centralized system records, and meet reporting deadlines aligned with traditional financial services standards.

For crypto firms that are CSSF-regulated in Luxembourg or operating across the EU, MiCAR compliance is non-negotiable. Firms without authorization cannot legally provide crypto-asset services in the EU. Once authorized, firms face multiple reporting obligations covering prudential metrics, transaction records, incident notifications, and market abuse monitoring.

This guide unpacks MiCAR reporting obligations with practitioner focus.

MiCAR Legal Basis and Implementation Timeline

The Regulatory Framework

MiCAR is Regulation (EU) 2023/1114, published in the Official Journal of the EU on 9 June 2023 and entered into force on 29 June 2023.

The regulation contains several structural elements:

  • Title II: Rules on crypto-asset offers (other than ARTs/EMTs) including white paper requirements
  • Title III: Rules on asset-referenced tokens (ARTs) – reserve, governance, and disclosure requirements, supervised by EBA for significant ARTs
  • Title IV: Rules on e-money tokens (EMTs) – must be issued by credit institutions or authorized electronic money institutions
  • Title V: Authorization and operating conditions for CASPs
  • Title VI: Market abuse prevention for crypto-assets traded on CASP platforms
  • Delegation to ESMA and EBA for detailed regulatory technical standards (RTS) and implementing technical standards (ITS)

Implementation Timeline

MiCAR implementation is phased, not all-at-once:

Phase 1 – 30 June 2024: – Titles III and IV became applicable – provisions governing asset-referenced tokens (ARTs) and e-money tokens (EMTs) – Issuers of ARTs and EMTs were required to be authorized and have published compliant white papers by this date – Reserve requirements, governance, and disclosure obligations for stablecoin issuers took effect

Phase 2 – 30 December 2024: – Titles II, V, and VI became applicable – CASP authorization requirements took effect – firms must be authorized to provide crypto-asset services in the EU – White paper requirements for non-ART/non-EMT crypto-assets took effect – Market abuse provisions for crypto-assets became enforceable – The Transfer of Funds Regulation (TFR, Regulation (EU) 2023/1113) also began applying, imposing the Travel Rule on crypto transfers

Transitional provisions (grandfathering): MiCAR Article 143(3) provides a grandfathering clause: entities that were already providing crypto-asset services in accordance with applicable national law before 30 December 2024 may continue to do so until they are granted or refused MiCAR authorization, but no later than 1 July 2026 at the latest. The actual transitional period varies by member state – some have set shorter windows (e.g., the Netherlands set 1 July 2025, Germany and Austria set 31 December 2025).

Level 2 measures: Throughout 2024 and 2025, ESMA and the EBA finalized and published RTS and ITS specifying detailed operational requirements for CASPs, including governance, prudential metrics, reporting formats, and market abuse procedures. Many of these Level 2 measures are critical to understanding the precise reporting obligations.

Who Is Affected by MiCAR Reporting Obligations

Crypto-Asset Service Providers (CASPs)

MiCAR Article 3(1)(16) defines ten categories of crypto-asset services. If your organization provides any of these services, you qualify as a CASP:

  1. Custody and administration of crypto-assets on behalf of clients
  2. Operation of a trading platform for crypto-assets
  3. Exchange of crypto-assets for funds (fiat currency)
  4. Exchange of crypto-assets for other crypto-assets
  5. Execution of orders for crypto-assets on behalf of clients
  6. Placing of crypto-assets (assisting in token distribution)
  7. Reception and transmission of orders for crypto-assets on behalf of clients
  8. Providing advice on crypto-assets
  9. Providing portfolio management of crypto-assets
  10. Providing transfer services for crypto-assets on behalf of clients

Note that staking and lending are not explicitly listed as defined CASP services under MiCAR. Whether a specific staking or lending service falls within MiCAR scope depends on how it is structured – it may qualify as custody, portfolio management, or may fall outside the ten defined services. This is an area where regulatory interpretation is still developing and firms should seek guidance from their competent authority.

Firms already authorized under other EU financial services frameworks (credit institutions, investment firms under MiFID II, electronic money institutions, UCITS managers, AIFMs) may provide certain crypto-asset services without a separate CASP authorization, subject to notification requirements under MiCAR Article 60.

Token Issuers

Token issuers face specific obligations:

  • Crypto-asset white papers must be filed with the competent authority before public offering or admission to trading (Title II for utility tokens, Title III for ARTs, Title IV for EMTs)
  • White papers must conform to MiCAR content requirements and be published on the issuer’s website
  • Material changes to token features or governance trigger white paper amendments
  • ARTs and EMTs face additional authorization requirements beyond white paper notification

Asset-Referenced Tokens (ARTs) and E-Money Tokens (EMTs)

ARTs (tokens referencing a basket of assets, currencies, or commodities): – Must be issued by an entity authorized under MiCAR Title III – Reserve requirements: reserves must back outstanding tokens – Regular reserve reporting to competent authorities – Significant ARTs (determined by EBA based on criteria including market cap and transaction volume) face enhanced requirements and direct EBA supervision

EMTs (tokens referencing a single fiat currency): – Must be issued by a credit institution or an authorized electronic money institution – Holders must have a redemption right at par value at any time – Funds received in exchange for EMTs must be invested in safe, low-risk assets – Significant EMTs face enhanced requirements and EBA supervision

Prudential Reporting for CASPs

Own Funds Requirements

MiCAR Article 67 imposes minimum own funds requirements on CASPs. The requirement is the higher of:

(a) Permanent minimum capital, which varies by service type: – EUR 50,000: For CASPs providing only advice, order reception/transmission – EUR 125,000: For CASPs providing custody, exchange services, execution, transfer, or placing – EUR 150,000: For CASPs operating a trading platform

(b) One quarter (25%) of the previous year’s fixed overheads, calculated according to the applicable accounting framework

The CASP must maintain qualifying own funds at least equal to the higher of these two amounts at all times.

Qualifying own funds are defined by reference to the CRR (Regulation (EU) No 575/2013) and include paid-up capital, share premium accounts, retained earnings, and other reserves. Intangible assets, unrealized losses, and other deductions apply.

Insurance or Comparable Guarantee

MiCAR Article 67(4) requires CASPs providing custody and administration of crypto-assets to hold a prudential safeguard in the form of either:

  • An insurance policy covering the territories where the CASP operates, or
  • A comparable guarantee

The insurance or guarantee must cover the type of events most relevant to crypto custody, including loss of crypto-assets due to hacking, theft, malfunction, or the CASP’s gross negligence. The specific coverage requirements are further specified in ESMA’s RTS. The amount must be proportionate to the custody assets under management.

Reporting Frequency

The precise reporting frequency for prudential metrics (own funds, fixed overheads, insurance coverage) depends on the Level 2 RTS adopted by ESMA and the expectations of your national competent authority. In practice, competent authorities typically expect:

  • Regular own funds reporting (frequency determined by NCA – monthly or quarterly depending on jurisdiction and CASP size)
  • Ongoing compliance monitoring with own funds requirements
  • Notification to the competent authority if own funds fall below the required level

Transaction Record-Keeping

Scope

MiCAR Article 68 requires CASPs to keep records of all crypto-asset services, orders, and transactions. This is primarily a record-keeping and order-keeping obligation rather than a transaction-by-transaction reporting-to-the-regulator obligation (which is distinct from, for example, MiFIR Article 26 transaction reporting).

Records must include: – Orders received and transmitted, with all details including client identity, instrument, quantity, and timing – Transactions executed, including all relevant details – Client information and agreements – Fees and charges

Retention period: Records must be retained for five years and must be provided to the competent authority on request.

Distinction from MiFIR Transaction Reporting

MiCAR does not create a MiFIR-style T+1 transaction reporting obligation to the NCA for all crypto-asset transactions. The obligations are primarily record-keeping and provision on request. However:

  • If a crypto-asset qualifies as a financial instrument under MiFID II, MiFIR Article 26 transaction reporting obligations may apply in addition to MiCAR
  • Competent authorities may request transaction data at any time during supervisory reviews
  • AML/CFT obligations (including the TFR Travel Rule) create separate reporting streams for certain transfers

The boundary between “pure crypto-assets” (MiCAR only) and products that may also qualify as financial instruments (MiCAR + MiFID/MiFIR) is critical. ESMA has published guidelines on the conditions and criteria for qualification of crypto-assets as financial instruments.

White Paper Requirements for Token Issuers

Content and Filing Process

Token issuers must prepare and publish a crypto-asset white paper before making a public offer or seeking admission to trading on a CASP platform. White papers must include:

  • Issuer information: Legal entity, governance structure, management details
  • Technical specifications: Token functionality, underlying technology, consensus mechanisms
  • Rights and obligations: What the token confers on holders
  • Risk factors: Technical, market, regulatory, and operational risks
  • Economic features: Token supply, issuance mechanics, distribution plan

Filing process: – White papers are notified to the competent authority (not “approved”) at least 20 working days before publication – The competent authority does not approve the white paper’s content but may require modifications if it does not meet MiCAR requirements – White papers must be published on the issuer’s website and remain publicly available throughout the token’s lifetime – ARTs and EMTs face additional authorization requirements beyond notification

Ongoing Disclosure

  • Material changes require white paper amendments, notified to the competent authority
  • Issuers must notify the competent authority of any event that could significantly affect the assessment of the crypto-asset
  • Discontinuation requires formal notification

Travel Rule: Transfer of Funds Regulation

The Travel Rule for crypto-asset transfers is established in the Transfer of Funds Regulation (TFR) – Regulation (EU) 2023/1113 – not in MiCAR itself. The TFR was adopted alongside MiCAR as part of the same legislative package and applies from 30 December 2024.

Under the TFR, CASPs must collect and transmit originator and beneficiary information for crypto-asset transfers. Key points:

  • The TFR applies to all crypto-asset transfers where at least one CASP is involved – there is no EUR 3,000 de minimis threshold for the obligation to collect information (unlike the previous wire transfer rules). For transfers below EUR 1,000 where both originator and beneficiary CASPs are in the EU, simplified verification may apply.
  • For transfers to unhosted (self-custody) wallets exceeding EUR 1,000, the originating CASP must take adequate measures to assess whether the wallet is owned or controlled by the customer.
  • CASPs must verify the identity of the originator before the transfer is executed.

Implementation challenges: – Crypto transfers occur across diverse platforms and blockchain networks without built-in information exchange mechanisms – Wallet addresses are pseudonymous; identifying beneficial owners of receiving wallets requires additional verification – Industry solutions (such as IVMS 101 messaging standards, Chainalysis, TRM Labs, and others) are being adopted for inter-CASP information exchange

AML/CFT Obligations

MiCAR operates alongside the EU’s existing AML/CFT framework. CASPs are obliged entities under AML rules and must:

  • Conduct customer due diligence (CDD) and know-your-customer (KYC) procedures
  • File suspicious transaction reports (STRs/SARs) with the national FIU
  • Implement transaction monitoring systems adapted to crypto-asset activities
  • Screen against sanctions lists
  • Identify and verify beneficial ownership

These obligations exist under AML legislation (currently AMLD4/5, transitioning to the new AMLR from July 2027) rather than MiCAR itself, but CASPs must comply with both frameworks simultaneously.

Market Abuse Provisions

MiCAR Title VI extends market abuse provisions to crypto-assets admitted to trading on CASP platforms. This covers:

  • Insider dealing: Using material non-public information about a crypto-asset to trade
  • Market manipulation: Coordinated trading, wash trading, or other practices to artificially affect prices
  • Unlawful disclosure: Sharing inside information

CASPs operating trading platforms must implement systems to detect and report suspected market abuse. When abuse is suspected, the CASP reports to its competent authority without undue delay.

Market abuse detection in crypto markets is harder than in traditional markets due to pseudonymous accounts, 24/7 trading, multiple platforms, and algorithmic activity. CASPs must invest in surveillance technology adapted to these characteristics.

Luxembourg Specifics: CSSF as Competent Authority

Luxembourg’s CSSF supervises MiCAR implementation for CASPs authorized in Luxembourg.

CSSF’s supervisory approach emphasizes:

  • Operational readiness: Applicants must demonstrate robust reporting infrastructure before authorization
  • Data governance: CSSF reviews whether systems ensure data quality and audit trails
  • AML/CFT coordination: CSSF expects integration between MiCAR and AML/CFT procedures
  • Incident management: CSSF closely monitors operational incidents and cybersecurity threats

The CSSF authorization process typically examines:

  • Business plan and governance documentation
  • Technical infrastructure and cybersecurity
  • Own funds calculations and projections
  • Insurance/guarantee documentation
  • Compliance and reporting capability
  • AML/CFT procedures

After authorization, firms must notify the CSSF of material changes to services, systems, governance, or risk profile. Adding new service types may require authorization extension.

Interaction with Other Regulatory Frameworks

MiCAR and MiFID II/MiFIR

Some crypto products may qualify as financial instruments under MiFID II. Tokenized securities, security tokens, and certain structured crypto products may trigger MiFID/MiFIR obligations in addition to or instead of MiCAR.

CASPs must classify crypto-assets correctly: – Pure crypto-assets (utility tokens, Bitcoin, Ethereum, most tokens): MiCAR applies – Financial instruments in crypto form (tokenized securities, security tokens): MiFID/MiFIR applies; MiCAR explicitly excludes financial instruments from its scope – Hybrid cases may require analysis under ESMA guidelines on qualification of crypto-assets as financial instruments

Misclassification creates compliance gaps.

MiCAR and EMIR

For CASPs facilitating crypto-derivative trading, EMIR may apply depending on how derivatives are structured and whether counterparties are financial counterparties subject to EMIR.

MiCAR and DAC8/CARF

CASPs are also subject to the tax reporting obligations under DAC8 (implementing CARF) – see our separate article on CARF Crypto Tax Reporting. These obligations are distinct from MiCAR but overlap in terms of the customer data and transaction records that CASPs must maintain.

Coming Soon: Template-by-Template Deep Dives

We’re building detailed, template-level guides for each reporting framework covered on RegReportingDesk. Whether you need a field-by-field walkthrough of specific templates, field mappings, or reporting requirements, these guides are on the way. Bookmark this page and check back soon.

Frequently Asked Questions

What is MiCAR and when did it take full effect?

MiCAR (Regulation (EU) 2023/1114) is the EU’s comprehensive regulatory framework for crypto-assets. It entered into force on 29 June 2023. Stablecoin provisions (ARTs and EMTs) applied from 30 June 2024. CASP authorization, general token issuance, and market abuse provisions applied from 30 December 2024.

Is there a grandfathering period for existing CASPs?

Yes. MiCAR Article 143(3) allows entities already providing crypto-asset services under applicable national law before 30 December 2024 to continue until they receive or are refused authorization, but no later than 1 July 2026. The actual deadline varies by member state – check your jurisdiction’s transitional provisions.

What are the own funds requirements for CASPs?

CASPs must maintain the higher of: (a) the permanent minimum capital (EUR 50,000 to EUR 150,000 depending on service type), or (b) 25% of the previous year’s fixed overheads. This is specified in MiCAR Article 67.

Does MiCAR require daily transaction reporting to regulators?

MiCAR primarily imposes record-keeping obligations (MiCAR Article 68) rather than MiFIR-style daily transaction reporting to the NCA. CASPs must keep records of all services, orders, and transactions for five years and provide them to the competent authority on request. Separate obligations under the TFR (Travel Rule), AML/CFT, and potentially MiFIR may create additional reporting streams.

Where is the Travel Rule for crypto transfers?

The Travel Rule is in the Transfer of Funds Regulation (TFR, Regulation (EU) 2023/1113), not in MiCAR. The TFR requires CASPs to collect and transmit originator and beneficiary information for crypto-asset transfers. There is no de minimis threshold for the information collection obligation.

Are staking and lending regulated under MiCAR?

Staking and lending are not explicitly listed among the ten defined CASP services in MiCAR Article 3(1)(16). Whether a specific staking or lending service falls under MiCAR depends on how it is structured – it may qualify as custody, portfolio management, or transfer services. This is an evolving area – consult your competent authority.

Key Takeaways

  • MiCAR is fully applicable as of 30 December 2024 for CASPs, with stablecoin provisions in effect since 30 June 2024. Grandfathering applies until at most 1 July 2026 depending on member state.
  • Authorization is a prerequisite to operations. CASPs must be authorized for each service type they offer. Firms already authorized under other EU financial frameworks may notify rather than seek separate CASP authorization.
  • Own funds requirements are the higher of permanent minimum capital (EUR 50,000-150,000) or 25% of fixed overheads – not six months’ operating expenses as sometimes stated. Check the exact calculation under MiCAR Article 67.
  • Record-keeping is the primary obligation, not daily transaction reporting. MiCAR requires five-year record retention and provision to the competent authority on request. Separate obligations under TFR, AML/CFT, and potentially MiFIR create additional reporting streams.
  • The Travel Rule is in the TFR (Regulation (EU) 2023/1113), not MiCAR. The TFR applies to all crypto-asset transfers involving a CASP, with no de minimis threshold for information collection.
  • Market abuse provisions apply to crypto-assets traded on CASP platforms. CASPs must implement detection systems and report suspected abuse to their competent authority.
  • Classification of crypto-assets matters. Products that qualify as financial instruments under MiFID II fall outside MiCAR and under MiFID/MiFIR instead. Misclassification creates compliance gaps.
  • Level 2 measures (RTS/ITS) specify detailed operational requirements. The precise reporting formats, frequencies, and procedures are in ESMA and EBA technical standards, not the Level 1 regulation alone.

Disclaimer: The information on RegReportingDesk.com is for educational and informational purposes only. It does not constitute legal, regulatory, tax, or compliance advice. Always consult your compliance officer, legal counsel, or the relevant supervisory authority for guidance specific to your institution.

Sources and References

Similar Posts