Many founders seeking a MiCA license believe it will fully address their EU regulatory needs. While it’s a significant step, complete compliance also depends on the specific services they provide.
MiCA Decoded is a 12-article weekly series for Bitcoin.com News, co-authored by LegalBison’s Co-Founding and Managing Directors: Aaron Glauberman, Viktor Juskin and Sabir Alijev. LegalBison advises crypto and FinTech companies on MiCA licensing, CASP and VASP applications, and regulatory structuring across Europe and beyond.
As a researcher following the MiCA authorization process, I often hear founders describe it as a simple path: apply for a license, wait for approval, and then you’re good to go in the EU. They really see getting that license as the final step – the finish line, so to speak.
That framing misreads what MiCA actually authorizes. A Crypto-Asset Service Provider (CASP) license grants permission to provide specific crypto-asset services, defined in detail in the regulation. It does not grant permission to operate a payment institution, issue electronic money, or run a derivatives trading venue. Those activities sit under entirely different regulatory frameworks. And for many platforms whose commercial model depends on at least one of them, the MiCA license alone leaves a gap that is operationally significant and, if ignored, legally serious.
This tenth installment of MiCA Decoded maps that gap precisely, service by service.
The Myth: MiCA Covers the Full Stack of What a Crypto Exchange Does
The assumption is understandable. MiCA is comprehensive. It covers ten categories of crypto-asset services. Its scope extends to custody, exchange, execution, routing, advice, and portfolio management. For most retail crypto platforms, that covers a substantial portion of their business.
But “substantial” and “complete” are different things. The platforms most likely to discover a significant difference are not marginal operators. They are the ones running derivative products, enabling crypto-funded card payments, offering leveraged perpetual positions, or hosting prediction markets. These prediction markets have become a major trend for centralized exchanges (CEXes), yet they sit at a regulatory boundary that MiCA does not cross. Instead, they often fall under local iGaming regulatory frameworks. These are commercially significant product lines at major exchanges, and each one operates outside MiCA’s scope.
The regulation is specific about what it governs. Article 2(4) of MiCA explicitly excludes from its scope crypto-assets that qualify as financial instruments under Directive 2014/65/EU (MiFID II), deposits, funds as defined under the Payment Services Directive 2 (PSD2), and securitisation positions. These exclusions are not technical footnotes. They define the perimeter of MiCA’s authority. Anything falling on the other side of that perimeter requires authorization under a different framework entirely.
Where the CASP License Stops
Payment Services
MiCA authorizes the transfer of crypto-assets on behalf of clients, defined in Article 3(1)(26) as “providing services of transfer, on behalf of a natural or legal person, of crypto-assets from one distributed ledger address or account to another.” This is a crypto-native transfer service. It is not a payment service in the PSD2 sense.
The distinction matters enormously for platforms that want to offer crypto-funded card programs, fiat on/off-ramp integrations, direct bank transfers, or merchant payment acceptance in euros or other official currencies. Article 2(4)(c) excludes “funds” as defined in PSD2 from MiCA’s scope, except where they qualify as e-money tokens.
Any platform that accepts, stores, and sends traditional money or electronic money tokens (EMTs) is considered a payment service and needs a specific license. This means it requires either a payment institution license or an Electronic Money Institution (EMI) license under European law (PSD2), not just a general crypto license. Since EMTs are legally considered electronic money, standard crypto transfer services aren’t enough unless the platform is simply connecting buyers and sellers.
A crypto asset service provider (CASP) that isn’t an electronic money institution (EMI) can only process orders for electronic money tokens (EMTs) if the transaction stays within its own systems or through an account managed by a permitted partner. If the process involves sending EMTs to a wallet or ledger outside of those systems, it’s considered a payment or money transfer service under PSD2/PSD3 regulations. After March 2026, any CASP enabling these external transfers will need to obtain its own EMI/payment institution license or work with a licensed provider.
MiCA itself acknowledges this boundary. Article 70(4) states that crypto-asset service providers may themselves or through a third party provide payment services related to their crypto-asset service, but only where the provider or the third party is authorized to provide those services under PSD2. The regulation does not grant payment services capability through the back door. It requires that the capability be independently authorized.
If an exchange allows users to deposit funds using SEPA transfers, withdraw money in euros, or offer a custom debit card, a CASP license is required – but it’s not the only thing needed.
Perpetuals and Futures
This is where the exposure tends to be sharpest for derivative-first platforms.
The MiCA regulation focuses on “crypto-assets,” which are digital forms of value or rights exchanged using technologies like blockchain. It governs services like safely storing these assets, buying and selling them on current markets, and executing trades – even simply connecting buyers and sellers. However, it doesn’t cover financial products like options or futures where crypto-assets are used *as* the underlying asset, only the thing being traded.
Article 2(4)(a) removes from MiCA’s scope any crypto-asset that qualifies as a financial instrument under MiFID II. A perpetual futures contract on BTC/USD is not a crypto-asset. It is a derivative. It may settle in cryptocurrency, but the instrument itself, the contractual claim representing a leveraged position on the price of Bitcoin, is a financial instrument in the MiFID II sense. Operating a venue that allows EU clients to trade such instruments requires an investment firm authorization under MiFID II, or at minimum a trading venue authorization depending on the structure, not a CASP license.
Recital 97 of MiCA addresses this directly, noting that derivatives qualifying as financial instruments under MiFID II and whose underlying asset is a crypto-asset are subject to Regulation 596/2014 (the Market Abuse Regulation), not to MiCA. The market abuse provisions still reach the underlying crypto-asset. But the authorization framework for the derivative product itself sits under MiFID II.
Some exchanges attempt to structure perpetuals as crypto-to- crypto swap arrangements that they characterize as exchange services rather than derivatives. Regulators are familiar with this framing, and the classification question is ultimately one of substance over form. An instrument with leverage, a funding rate, and no delivery of the underlying asset is likely to face scrutiny as a derivative regardless of how it is labeled. The legal risk of getting this wrong is the provision of financial services without authorization.
Futures Contracts
The same analysis applies to dated futures. A futures contract obliging a counterparty to buy or sell an asset at a predetermined price on a future date is a financial instrument under MiFID II, specifically within the definitions covering derivatives on commodities, currencies, and other underlyings. Cryptocurrency futures, even where physically settled in BTC or ETH, are treated as financial instruments when they are traded on a multilateral basis.
Running a platform where these types of assets are traded requires a license as a regulated market, multilateral trading facility, or organized trading facility under MiFID II rules. The new CASP authorization specifically covers platforms that trade crypto-assets, as defined in MiCA. According to Article 76 of MiCA, a crypto-asset trading platform is a system that connects multiple buyers and sellers – but it doesn’t include platforms trading crypto-asset derivatives.
As a crypto investor, what this basically means is that these platforms – CASPs – let buyers and sellers connect directly. They set the rules of the game, but they don’t actually *make* the prices. Instead, they bring orders together to help us find fair prices through supply and demand. Importantly, the platform itself doesn’t take on any risk by trading for its own profit. They don’t trade against you. The only time they *can* trade on their own account is if they have my explicit permission and are being watched by regulators. It’s all about transparency and avoiding conflicts of interest.
Both sets of rules heavily restrict how trading can happen. MiFID II completely prohibits trading platforms (MTFs) from using their own funds to trade against client orders or from acting as an intermediary in matched trades. Another type of platform (OTFs) *can* act as an intermediary for certain instruments like bonds and derivatives, but only if the client specifically agrees to it.
The new MiCA regulations impose similar rules on crypto-assets as traditional finance. Specifically, companies offering crypto services aren’t allowed to trade for their own profit on the platforms they run. There’s one exception: they can engage in ‘matched principal trading,’ but only with the customer’s explicit permission. If they do, they must inform the relevant authorities about how they’re using this method. These authorities will then oversee the trading to ensure it stays within the defined rules and doesn’t create conflicts of interest between the company and its customers.
As a crypto investor, I’ve been paying attention to Bitstamp’s licensing. They’ve got authorization under MiCA in Luxembourg, overseen by the CSSF, *and* a MiFID license to run an MTF. It’s not just about checking boxes – this dual setup seems to genuinely match what they’re doing as a platform. They’re clearly covering all their bases and operating within a well-defined regulatory framework.
Why Operators Miss This
Several factors produce the misunderstanding.
Before the MiCA regulation, how national rules for crypto businesses (VASPs) worked in practice differed a lot from country to country, and even changed over time. Some countries started with fairly relaxed requirements, but then regulators began to demand more.
In Estonia, for example, the Financial Intelligence Unit (RAB) actively scrutinized the specific services provided by VASPs and investigated the provision of unlicensed financial services. By 2022, ahead of MiCA’s enactment, Estonia implemented strict amendments that explicitly banned the offering of futures and perpetuals under a VASP license. Operators received a short 60 to 90-day grace period to comply, which ultimately led to the mass revocation of thousands of licenses.
Also, the information listed in the CASP register isn’t always clear for founders looking at it. While an entry stating a firm is authorized for “operating a trading platform” and “executing orders” seems complete, it doesn’t automatically mean they’re authorized to offer services like derivatives – you need to look at other sources to confirm that.
Third, many platforms offer derivatives on crypto-assets to non-EU clients, and EU clients make up a minority of users. The assumption is that the EU exposure is manageable. But the reverse solicitation rules discussed in earlier installments of this series apply equally to unauthorized derivative services. A platform marketing leveraged BTC perpetuals to global clients while simultaneously applying for a CASP license for its EU spot trading product may find that the two activities interact in ways the compliance team did not anticipate.
The Regulatory Junctions
Three regulatory frameworks converge around most full-service crypto exchanges:
MiCA governs spot trading, custody, transfer services, exchange, execution of orders, reception and transmission of orders, advice, and portfolio management on crypto-assets. The CASP license is required and sufficient for these activities when provided to EU clients.
Regulations like PSD2 and the EMI regime oversee traditional payment services. If a platform handles euro or other official currency – receiving it, storing it, or sending it – it generally needs to be authorized as either a payment institution (for starting payments and transferring money) or an EMI (if it holds funds electronically). For example, a cryptocurrency exchange that lets users deposit funds via bank transfer and withdraw euros is involved in payment services and needs to determine if it requires PSD2 authorization. This isn’t something to assume – it needs careful consideration based on how the platform operates.
MiFID II regulations apply to derivatives trading. This includes crypto-assets like futures, perpetual contracts, options, and CFDs, which are considered financial instruments. Any platform facilitating their trading, or offering investment advice or managing portfolios involving them, needs to be authorized under MiFID II. The specific type of authorization – whether as an investment firm, regulated market, or MTF – depends on how the business operates.
Systems handling different types of products need a clear way to connect each product line to the correct set of rules and permissions. This often means managing multiple licenses and working with several different organizations, rather than relying on a single, unified application.
What the Compliance Gap Looks Like in Practice
Consider an exchange that:
- Offers spot BTC/EUR trading (CASP: exchange of crypto-assets for funds)
- Allows SEPA deposits and euro withdrawals (payment service, potentially PSD2)
- Runs BTC perpetual contracts with up to 20x leverage (derivative product, potentially MiFID II)
- Offers a crypto-backed Visa card that spends euro balances (payment institution capability, PSD2/EMI)
A CASP authorization, standing alone, covers the first item with reasonable confidence. The other three sit at the boundary. Whether they require independent authorizations, whether they can be structured as ancillary to the main crypto business, or whether they must be routed through licensed third parties are fact-specific questions. They are not questions the CASP license answers.
This is exactly the type of analysis regulators will apply when reviewing a business model during the authorization process. The application requires a programme of operations under Article 62(2)(d) of MiCA, which must set out the types of crypto-asset services the applicant intends to provide, including where and how those services are to be marketed. A business model that includes derivatives or payment services must address those elements in the application. Operators who treat the CASP application as covering the full scope of their business risk having the NCA identify the gap before they do, at the worst possible moment in the authorization process.
The Operational Consequence
Platforms currently operating in the EU under temporary rules that end on July 1, 2026, face an urgent issue. Simply registering as a VASP or obtaining a CASP license won’t fix problems related to payment services. These issues won’t be resolved by MiCA authorization either; they will continue and become more apparent to regulators who now have the tools to properly oversee these authorized services.
If you’re planning to launch your platform in the EU, the order of steps is crucial. First, determine which regulations apply to each of your products. Only then should you decide which EU country to use for your crypto-asset service provider (CASP) application. Your choice of country impacts your CASP approval, and also affects whether you can easily add authorizations for payment services (PSD2) and investment services (MiFID II) to the same company or group of companies.
Mistakes in a system’s design can be corrected, but doing so becomes costly once a project is approved. These issues usually appear when a platform is scaling rapidly and attracting regulatory scrutiny.
What This Article Decoded
- MiCA’s CASP license authorizes ten specific crypto-asset services. It does not authorize payment services under PSD2, derivative trading under MiFID II, or any activity that falls under the financial instruments exclusion in Article 2(4)(a) of the regulation.
- Perpetuals and futures on crypto-assets are financial instruments in the MiFID II sense when structured as derivative contracts. Operating trading venues for these products, or providing services related to them, requires MiFID II authorization independent of any CASP license.
- Fiat handling triggers PSD2. The receipt, storage, and transmission of euro-denominated or other official currency funds constitutes a payment service. A CASP license does not authorize payment services. This is a structural gap for any exchange offering direct bank funding, fiat withdrawal, or crypto-funded card products.
- Dual and triple licensing architectures are real. Major exchanges with MiCA authorization that also run derivatives and payment products typically hold MiFID II and PSD2/EMI authorizations alongside the CASP. The structure is not exotic; it reflects the actual scope of a full-service crypto exchange operating under EU law.
- The business model assessment happens before the application. NCAs reviewing CASP applications will examine the programme of operations. A business model that includes derivatives or payment services, unaddressed, creates exposure during the authorization review itself.
The CASP license is the necessary foundation for operating a crypto exchange in the EU. It is, in many cases, not sufficient.
This article is based on a study conducted by LegalBison in May 2026. The content is for informational purposes only and does not constitute legal advice.
Read More
- Silver Rate Forecast
- Pi Hotel Vietnam: First to Accept Pi Coin Payments in Real-World Transactions
- Why These 5 Meme Coins Could Crash or Cash Your Crypto Party in May 2025 🚀🐒
- Warsh’s Fed Debut: A June Rate Cut? Don’t Hold Your Breath, Darling
- USD COP PREDICTION
- Digital Rebellion: FET’s 50% Rally Shakes the Market!
- Brent Oil Forecast
- EUR AUD PREDICTION
- The Quiet Rise of Ethereum: Is it Really Gone or Just Getting Started?
- XRP’s Tortured Soul: $1.20 or $1.50 – Which Abyss Awaits?
2026-05-16 13:34