Crypto Services under MiCA - Guide 2026

Last updated: 29.12.2025

1. Custody and Administration of Crypto-Assets on behalf of clients under MiCAR

The service of custody and administration of crypto-assets on behalf of clients is one of the most commonly selected services by crypto asset service providers (CASPs). Below is a summary of the most important aspects.

Pursuant to Article 3(1)(17) of the MiCAR, custody and administration of crypto-assets on behalf of clients means the safekeeping of crypto-assets or the means of access thereto, where applicable in the form of private cryptographic keys, or the exercise of control over such crypto-assets on behalf of clients.

In other words, the decisive factor for classification is the safekeeping or control of the crypto-assets or the means of access thereto on behalf of clients.

From a formal perspective, the CASP retains the cryptographic keys necessary for access to crypto-assets and also performs their administration, such as the registration in a distributed ledger (DLT) of any events that create or modify rights. Thus, the purpose is not merely the deposit of assets, but their management by the CASP.

What obligations are associated with the provision of this service?

CASPs are subject to several material obligations. The most important obligations under Article 75 MiCAR include:

establishment of custody and administration procedures. Such policy should, inter alia, include rules on the register of client-held crypto-assets, the register of positions, a description of ICT security systems (including safeguards), and procedures for returning the client’s crypto-assets;
entering into a contract with the client setting out the nature and description of the service provided;
assigning to each client an individual register of positions reflecting the client’s rights to the crypto-assets held;
publishing a summary of the custody policy;
providing the client with information on the status of the deposited crypto-assets (at least once every three months and upon request), including the types of crypto-assets, balance and value, as well as the history of transfers for the relevant period;
ensuring a high level of protection against cyber threats.

CASPs providing custody of crypto-assets on behalf of clients are also obliged to:

physically and legally segregate client assets from their own assets;
clearly designate the assets as belonging to clients;
ensure separate storage from own assets – in particular within the distributed ledger.

What CASPs are prohibited from doing when providing this service?

CASPs that hold crypto-assets belonging to clients (or the means of access thereto) are prohibited from using them for their own purposes (e.g. exchanging deposited client crypto-assets into fiat in order to ensure liquidity or to conduct proprietary investments).

Who is entitled to new crypto-assets or rights created in the course of custody?

Where, as a result of a technological change or other event concerning client-held crypto-assets, new crypto-assets (e.g. tokens resulting from a hard fork) or rights (e.g. governance rights in a DAO) are created, the client acquires them automatically. No further confirmation by the client is required.

However, the parties to a custody agreement may agree otherwise. Nevertheless, client consent must be expressed explicitly – e.g. through a separate pop-up box in the course of contract or terms acceptance (pursuant to Article 75(4) MiCAR; see here for more on client consent). A non-negotiated standard form contract (where such clause is included as a sub-point) does not bind the client.

As a rule, new rights or crypto-assets accrue to the client, not the CASP.

Where should CASPs deposit their clients’ funds?

CASPs must deposit received client funds (other than e-money tokens) with a credit institution or central bank no later than by the end of the business day following the day of receipt.

Where should CASPs deposit their clients’ funds? CASPs must deposit received client funds (other than e-money tokens) with a credit institution or central bank no later than by the end of the business day following the day of receipt.

In addition, CASPs are required to take all necessary steps to ensure that client funds – other than e-money tokens – deposited with a credit institution or central bank are held in a segregated account, separate from any other accounts used for the CASP’s own funds.

May CASPs cooperate with another CASP in respect of custody services?

Yes. Where custody or administration services are outsourced, cooperation is permissible only with entities holding a license issued in accordance with Article 59 MiCAR. CASP clients must always be informed about the involvement of such subcontractors.

To which class of CASP license does custody and administration belong?

This service falls under Class II CASP license, which entails the requirement of maintaining own funds in the amount of EUR 125,000 or holding an equivalent insurance policy.

Key obligations related to custody and administration of crypto-assets:

Implementation of a custody and administration policy.
Making available to the client a summary of the custody policy in electronic form.
Conclusion of a custody agreement with the client.
Maintenance of an individual register of the client’s positions, reflecting the client’s rights to the held crypto-assets, with an obligation to record every operation without undue delay.
Provision to the client of information on the status of assets at least once every three months and upon request.
Clear segregation of client-held assets from the CASP’s own assets.

2. Transfer of crypto-assets on behalf of clients under MiCAR- regulatory framework

Pursuant to Article 3(1)(26) of the MiCAR Regulation, the transfer service means the provision, on behalf of a natural or legal person, of the transfer of crypto-assets from one address or account in a distributed ledger to another.

Below are the key obligations related to the provision of this service:

establishment of a crypto-asset transfer policy (in particular, clearly specifying which crypto-assets may be transferred);
provision to the client of information on the conditions for the provision of the service prior to the conclusion of the contract;
conclusion of a contract with the client specifying, inter alia, the conditions for the provision of the transfer service, a description of the applied security systems, and the applicable fees (pursuant to Article 82 MiCAR);
disclosure of the conditions under which the CASP may refuse to execute a transfer order;
indication of the distributed ledger technology (DLT) network supported for the transfer of a given crypto-asset;
determination of the maximum time for executing the transfer of crypto-assets;
full disclosure of all fees and commissions payable by the client;
provision to the client of the reasons for the refusal of a crypto-asset transfer (where applicable, together with information on how to resolve the issue leading to the return or suspension of the transfer), including the refund of paid fees;
the client’s right to terminate the crypto-asset transfer service agreement and the procedures for such termination.

Does a CASP need to apply for a license covering the transfer service where the service provided includes elements of multiple services (such as exchange of crypto-assets, transfer of crypto-assets, and advice on crypto-assets)?

Yes. According to the ESMA Q&A session , it is recommended that in such a case a CASP should also apply for a license covering the transfer of crypto-assets on behalf of clients.

To which class of CASP license does the transfer service belong?

This service falls under Class I CASP license, which entails the requirement of maintaining own funds in the amount of EUR 50,000 or holding an equivalent insurance policy.

To which class of CASP license does the transfer service belong? This service falls under Class I CASP license, which entails the requirement of maintaining own funds in the amount of EUR 50,000 or holding an equivalent insurance policy.

Key obligations of CASPs providing crypto-asset transfer services on behalf of clients:

implementation of a crypto-asset transfer policy;
conclusion of a contract with the client specifying the obligations of the parties;
execution of the transfer of crypto-assets;
indication of the reason for suspension or refusal of a crypto-asset transfer.

3. Exchange of crypto-assets into funds or other crypto-assets under MiCAR

What should you know?

The exchange of funds into crypto-assets and the exchange of crypto-assets into other crypto-assets are two separate services. Their characteristics are presented below.

The exchange of crypto-assets into funds and vice versa, pursuant to Article 3(1)(19) MiCAR, means means the conclusion of purchase or sale contracts concerning crypto-assets with clients for funds by using proprietary capital.

Similarly, the definition of the exchange of crypto-assets into other crypto-assets, under Article 3(1)(20) MiCAR, refers to the conclusion of purchase or sale contracts concerning crypto-assets with clients for other crypto-assets by using proprietary capital.

This means that a CASP must conclude an agreement with the client in each case, while the execution of the transaction must be carried out with the use of the CASP’s own capital.

What are the key obligations related to the provision of this service?

implementation of a non-discriminatory trading policy, specifying, inter alia, the categories of clients with whom the CASP intends to conclude transactions, the types of crypto-assets exchanged, as well as any limitations or exclusions applicable to the execution of transactions;
conclusion of a sale agreement with the client for the purpose of executing the client’s order, which must be carried out using the CASP’s own capital;
publication by the CASP of a binding price for the offered crypto-assets or of the method for determining such price;
publication of information on the executed exchange transactions, including transaction volumes and prices.

What does the use of own capital mean?

MiCAR does not provide an explicit definition. However, by reference to analogous provisions under MiFID, on which the regulation is modelled, own capital should be understood as the crypto-assets or currencies held by the CASP.

Accordingly, the use of funds not belonging to the CASP – for example, where the transaction is financed by a counterparty, and in fact that entity executes the exchange within the meaning of MiCAR – would not satisfy the definitional requirements.

In such cases, the business model (including the flow of funds and information) requires detailed analysis, as it may turn out that the CASP is actually providing a different service, such as the execution of orders for crypto-assets on behalf of clients (Article 3(1)(21) MiCAR).

Does the exchange of funds into crypto-assets and vice versa amount to operating a crypto-asset trading platform?

No. The exchange of funds into crypto-assets and the exchange of crypto-assets into other crypto-assets constitute a service distinct from the operation of a crypto-asset trading platform. Where a CASP merely exchanges crypto-assets for funds, or crypto-assets for other crypto-assets, by entering into separate agreements with each client and executing the transactions with the CASP’s own capital, there are no doubts as to the qualification of the service.

Is a CASP required to create client wallets for storing exchanged crypto-assets?

No. MiCAR does not impose an obligation on CASPs to create wallets for clients in order to exchange crypto-assets into funds or other crypto-assets. The client may choose any address to which the assets are to be transferred.

It should be noted, however, that creating a wallet and depositing funds on behalf of clients may amount to the provision of custody and administration of crypto-assets, while transferring them (offered as a separate service) may constitute a transfer service. Each business model therefore requires separate analysis.

To which class of CASP license do exchange services belong?

Exchange services fall under the Class II CASP license, which requires maintaining own funds in the amount of EUR 125,000 or holding an equivalent insurance policy.

To which class of CASP license do exchange services belong? Exchange services fall under the Class II CASP license, which requires maintaining own funds in the amount of EUR 125,000 or holding an equivalent insurance policy.

Key obligations of CASPs providing exchange of crypto-assets into funds or other crypto-assets:

adoption of a non-discriminatory trading policy, specifying:
- the categories of clients with whom the CASP agrees to transact,
- the conditions such clients must satisfy;
publication of the binding price of the offered crypto-assets or of the method of its determination – together with information on any quantitative limits applicable to exchanges into funds or other crypto-assets;
execution of client orders at the price applicable at the moment they become final – with a clear obligation on the CASP to inform the client of the point in time at which the order is deemed final;
obligation to publish information on executed transactions, including transaction volumes and prices.

4. Crypto-Asset Trading Platform under MiCAR. What Should You Know about a Crypto-Asset Platform?

What is a crypto-asset trading platform?

The concept of a crypto-asset trading platform is defined in Article 3(1)(18) MiCAR. The Regulation describes it – in a rather complex manner – as the operation of a trading platform for crypto-assets of one or more multilateral systems, which bring together or facilitate the bringing together of multiple third-party purchasing and selling interests in crypto-assets, in the system and in accordance with its rules, in a way that results in a contract, either by exchanging crypto-assets for funds or by the exchange of crypto-assets for other crypto-assets.

In other words, operating a crypto-asset trading platform simply means running a crypto exchange where users can meet to buy and sell crypto-assets. Transactions take place under pre-determined rules – crypto can be exchanged for dollars or euros, or one crypto-asset can be swapped for another.

Operating a crypto-asset trading platform is the most demanding service under MiCAR, as it requires a Class III CASP license. This entails holding own funds of at least EUR 150,000 or an equivalent insurance policy.

Operating a crypto-asset trading platform is the most demanding service under MiCAR, as it requires a Class III CASP license. This entails holding own funds of at least EUR 150,000 or an equivalent insurance policy.

Obligations Related to Operating a Trading Platform

The obligations of a CASP in relation to a trading platform may be grouped into five categories:

functioning of the trading platform,
admission of crypto-assets to trading,
disclosure obligations,
record-keeping of executed crypto-asset transactions,
ensuring the security of the trading platform.

Obligations Related to the Functioning of the Trading Platform

CASPs must establish procedures covering:

policies and procedures for admission to trading, including applicable fees,
approval processes, including due diligence requirements proportionate to AML/CFT risk, applied before admitting crypto-assets to trading on the platform. Importantly, no crypto-asset may be admitted to trading without the publication of a proper crypto-asset white paper,
specification of exclusion categories – i.e. identifying which crypto-assets are not eligible for trading,
objective, non-discriminatory, and proportionate participation criteria, ensuring fair and open access to the platform for clients wishing to trade,
non-discretionary rules and procedures to ensure fair and orderly trading and objective criteria for efficient execution of orders,
conditions of availability of crypto-assets, including liquidity thresholds and periodic disclosure obligations,
rules for suspension of trading,
effective settlement procedures for crypto-assets and funds.

Timeframe for Final Settlement of Transactions

CASPs must initiate final settlement of a crypto-asset transaction recorded on a distributed ledger within 24 hours from execution on the trading platform, or – if settlement takes place off-ledger – by the end of the trading day at the latest.

CASPs must initiate final settlement of a crypto-asset transaction recorded on a distributed ledger within 24 hours from execution on the trading platform, or – if settlement takes place off-ledger – by the end of the trading day at the latest.

Shared Order Book Prohibition

The shared order book model, where two or more crypto-asset platforms combine their order books into one common system (one of the trading platform does not operate under a CASP licence), is incompatible with Article 59 MiCAR because at least one participant is not a CASP license-holder. Consequently, each entity operating such an order book must hold a MiCAR license. Running a shared order book with non-licensed entities is therefore prohibited.

More about it here.

Prohibitions Applicable to Trading Platforms

MiCAR establishes two key prohibitions:

Ban on exchange of crypto assets on own account:

A CASP operating a trading platform may not execute transactions on its own account within its own platform. This prohibition also applies to situations where crypto assets are exchanged for cash or other digital assets, even if the platform only acts as an intermediary. In other words:

a CASP as an exchange (trading platform): may only act as a neutral intermediary, matching buy and sell orders of clients.
a CASP as a dealer (own-account exchange): may exchange crypto-assets for funds or other crypto-assets, but only outside its own trading platform, e.g. in an “exchange office” model or as a separate service.

Ban on admission of anonymising crypto-assets:

A CASP must adopt trading rules that prohibit the admission of crypto-assets containing anonymising mechanisms (e.g. privacy coins such as Monero, Zcash, or Dash in private mode).

The only exception is where the CASP has technical means to identify holders of such crypto-assets and their transaction history. In such a case, trading is permissible.

Obligations Regarding Admission of Crypto-Assets

Before admitting any crypto-asset (other than ARTs or EMTs) to trading, CASPs must:

assess compliance with the operational rules of the platform,
conduct a suitability assessment.

Before admitting any crypto-asset (other than ARTs or EMTs) to trading, CASPs must: -assess compliance with the operational rules of the platform, -conduct a suitability assessment.

The review must cover not only technical and operational compliance, but also:

reliability of the applied technological solutions,
reputation of the issuer, assessed in the context of illegal or fraudulent activities, experience, prior business activities of the issuer and its staff (MiCAR expressly refers to the development team).

Disclosure Obligations of Trading Platforms

CASPs must publish:

all bid and offer prices and trading interest at those prices, continuously during trading hours,
price, volume, and time of executed transactions, as close to real time as technically possible.

Data must be:

publicly available on reasonable commercial terms,
free of charge after 15 minutes,
machine-readable,
stored and accessible for at least two years.

They must also ensure that information on prices and fees is presented transparently, fairly, and in a non-discriminatory way, without encouraging manipulative practices. Any actual or attempted market abuse must be reported to the competent authority.

Record-Keeping Obligations

CASPs must retain all data relating to orders advertised through the platform for at least 5 years. Data must allow supervisory authorities to monitor trading and must include order details and their link to executed transactions.

Exception: order matching is allowed only with the client’s explicit consent, and CASPs must notify the supervisory authority to ensure monitoring and conflict-of-interest checks.

Trading Platforms Security Obligations

A CASP must implement effective systems, procedures, and mechanisms to ensure (Article 76(7) MiCAR):

resilience of the trading system,
capacity to process peak volumes and messages,
functionality under extreme market conditions,
rejection of erroneous or manifestly incorrect orders,
comprehensive testing to ensure compliance with the above,
business continuity in case of failure,
prevention of market abuse,
protection against money laundering or terrorist financing.

Summary – 10 Key Obligations of a CASP Operating a Trading Platform

Establish transparent trading rules, including conditions for admission of crypto-assets and criteria for participation.
Conduct suitability assessments of crypto-assets prior to admission to trading.
Exclude crypto-assets with anonymising features, unless identification of holders and transaction history is technically possible.
Comply with the prohibition on proprietary trading within the platform.
Allow order matching only with client consent, while informing supervisory authorities and being subject to ongoing monitoring.
Implement secure, resilient, and comprehensively tested trading systems.
Publish real-time information on prices, volumes, and timing of transactions.
Provide free public access to transaction data after 15 minutes, in machine-readable format.
Ensure settlement of transactions no later than 24 hours after execution.
Retain data on orders and transactions for at least 5 years for supervisory inspection.