MiCA: the new EU regulation for crypto-assets and what it means for Ukrainian companies | Manimama

Get a free consultation

After filling out the form, we will help you choose a company, licence, account, and legal support. Leave a contact for communication.

We do not share your data with third parties

MiCA: the new EU regulation for crypto-assets and what it means for Ukrainian companies

light

In 2023, the European Union adopted the Markets in Crypto-Assets Regulation (MiCA), the world’s first comprehensive regulation of the crypto-asset market. It covers both token issuers, including stablecoins, and crypto-asset service providers (CASP), such as crypto wallet providers, exchanges, and custodial services. MiCA is being implemented in stages: the regulation was adopted in 2023, requirements for stablecoin issuers came into force in 2024, and on December 30 of the same year, a full regime for CASPs was introduced with transition periods in EU member states.

For Ukrainian companies, MiCA has a dual effect. First, it imposes higher requirements on processes, security, and corporate governance. Second, it presents a market opportunity: after CASP authorization in one EU country, a passporting mechanism comes into effect, enabling services to be provided legally throughout the Union without requiring separate national licenses, through a straightforward notification procedure. In other words, MiCA is a ticket to the “big league” of the European market, provided that the business confirms the maturity of its processes.

Classification of crypto-assets under MiCA

MiCA covers crypto-assets that are not financial instruments under MiFID II, namely:

  • Asset-referenced tokens (tokens linked to assets; crypto-assets that stabilize their value relative to a specific asset or basket of assets);
  • Electronic money tokens (tokens of electronic money; crypto-assets that stabilize their value relative to one official currency);
  • Crypto-assets that are not asset-referenced tokens or electronic money tokens (e.g., utility tokens that represent a type of crypto-asset designed solely to provide access to a good or service provided by its issuer).

Crypto-assets that are already defined as financial instruments, such as security tokens, as well as rare, unique, and non-fungible NFTs, are not covered by MiCA.

MiCA’s main requirements for issuers and service providers

MiCA introduces a single, comprehensive licensing regime for CASPs and token issuers across the EU. The regulation covers a wide range of crypto-asset services, including the provision of custody and administration of crypto-assets on behalf of clients, the operation of a trading platform for crypto-assets, the exchange of crypto-assets for other crypto-assets and funds, and the provision of crypto-asset portfolio management services.

At the same time, CASPs have a number of obligations in several key areas:

  • Behavioral standards and transparency, namely the obligation to act honestly, fairly, and professionally in their relationships with clients.
  • Prudential stability, namely the obligation to comply with minimum capital requirements and maintain ongoing risk coverage.
  • Protection of client assets, segregation, and proper storage of crypto-assets and client funds, as well as compliance with requirements for their accounting and availability.
  • Corporate governance, namely the obligation to implement appropriate management mechanisms, distribution of roles and responsibilities, risk management, and compliance functions.
  • Protection of customer rights, namely the obligation to implement transparent procedures for receiving, reviewing, and resolving complaints, as well as conflicts of interest.
  • Interaction with the regulator and obligations to conduct appropriate checks, monitoring, and communication with competent authorities.
  • Cyber resilience and operational risks, namely the obligation to implement cyber protection mechanisms, incident management, continuity, and recovery plans.

Similarly, MiCA introduces requirements for crypto-asset issuers, including the following key ones:

  • Transparency and disclosure, which consists of the issuer’s obligation to publish a white paper with a clear description of the token and the risks associated with it prior to a public offering or listing. All marketing materials must comply with this document and not be misleading.
  • Governance and control, specifically the issuer’s obligation to maintain a clear governance structure, report significant changes, and manage conflicts of interest (including identifying, preventing, and disclosing them).
  • Financial stability, which consists of the issuer’s obligation to have sufficient equity capital. For stablecoins (asset-referenced and e-money tokens), the issuer must form an asset reserve and keep it in safe, liquid instruments in accordance with the regulator’s rules.
  • Protection of investor interests, which consists of honest risk disclosures, only relevant and verified data in white papers and advertising, understandable support channels, and appeal procedures.

A comprehensive Ukrainian translation of the MiCA regulations was prepared by the Manimama law firm and is now available for review.

Challenges for Ukrainian companies

MiCA is important not only for Ukrainian companies planning to do business in the European Union, but also for those planning to operate in the domestic market. The draft law on the regulation of crypto-assets, recently adopted by the Verkhovna Rada in its first reading, complies with the provisions of MiCA and introduces compatible requirements for issuers and providers of crypto-asset services.

Once the regulatory framework is in place, a license alone is not enough. The regulator wants to see operational maturity, which proves that the business understands and complies with rules on a daily basis.

For example, in France, crypto-asset service providers with different types of activities face the following requirements:

  • A crypto exchange must provide a package of necessary documents. It must confirm that its systems are protected per international standards (ISO/IEC 27001). It must also demonstrate that user data is processed in accordance with the GDPR and ISO/IEC 27701.
  • A custodial service must demonstrate that it has incident response and business continuity plans (ISO 22301).
  • A crypto wallet provider must pass a cyber resilience audit and show that no critical vulnerabilities exist.

Without strong controls and security, regulators may reject applications. France and Germany have already denied applicants due to weak controls and security gaps.

Comprehensive training in partnership: what Manimama and Baltum Bureau can offer

To achieve business success under MiCA, implement a unified mechanism that aligns legal, technical, and organizational elements to ensure seamless integration. Ensure your compliance strategy is both integrated and comprehensive to drive operational value.

That is why Baltum Bureau and Manimama have formed a partnership. By combining our expertise in international certification and legal support, we have developed a unified MiCA preparation program in which both partners play key roles:

  • Manimama provides legal support, analyzes the corporate structure and identifies the optimal jurisdiction, researches specific MiCA requirements, prepares a package of documentation for CASP authorization, and supports interaction with the regulator and subsequent certification.
  • Baltum Bureau controls the technological contour and is responsible for the implementation of international standards and practices:
    • ISO/IEC 27001 – information security management,
    • ISO/IEC 27701 – privacy management and GDPR compliance,
    • ISO 22301 – business continuity,
    • SOC 2 – independent assessment of service reliability, cyber audits, and penetration testing.

Together, this forms a comprehensive MiCA Readiness Program. It is a coordinated roadmap with legal analysis, technical implementation, and independent certification. This enables businesses to expedite the process of obtaining licenses and permits and mitigate regulatory risks.

Why businesses should start preparing now

Preparation for MiCA licensing or authorization typically takes between several months and a year. Given the phased implementation of the requirements, companies that start now will be able to:

  • Obtain authorization on time and avoid penalties.
  • Increase investor and customer confidence;
  • Operate throughout the EU market without additional barriers once they obtain a license.

Those already operating in the EU should also act promptly, as MiCA requirements are equally mandatory, and national transition periods in some countries are gradually coming to a close.

Delaying will cost market share: in a competitive environment, speed and readiness determine who will be the first to gain access to new opportunities.

Conclusion

MiCA establishes a new framework for the European crypto market, setting clear rules for transparency, risk management, and cyber resilience. Ukrainian companies can join the EU financial ecosystem, but only with systematic, thorough preparation.

As part of the partnership between Baltum Bureau and Manimama, we offer an integrated approach that covers legal support, international information security standards, and cybersecurity practices.To request a detailed consultation, submit a request on our website. KProskurnya, an auditor at Baltum Bureau, and a Manimama specialist will contact you to conduct a free preliminary assessment of your company’s MiCA readiness.t to conduct a free preliminary assessment of your company’s readiness for MiCA.

The content of this article is intended to provide a general guide to the subject matter, not to be considered as a legal consultation.

Tags

Chat

Ready to create your future?
Let's begin

Share your vision. We'll create a legal framework tailored to bring it to life

Payment services

Payment services

Crypto licenses

Tokenization

MiCa regulation

Company formation

Send Request
send
Telegram send
Your global legal partner
for crypto & fintech success

Talk to our experts

By clicking the "Submit" button, I confirm that I have read the Privacy Policy and agree to the collection and processing of my personal data in accordance with the General Data Protection Regulation (GDPR).