Out of Scope, Out of Mind, and Don’t Say Decentralisation: Brief Remarks on the new MiCA Regulation

Blogpost 25/2023

The views expressed on this post bind the author exclusively.

The Markets in Crypto-assets Regulation (“MiCA”), even though not yet published in the Official Journal of the European Union, is now politically agreed upon and its final text (formal revisions notwithstanding) has been adopted by the European Parliament and the Council of the European Union. The MiCA Regulation is a ground-breaking piece of legislation, as it seeks to create a comprehensive framework applicable to various aspects of crypto-assets issued and traded in the European Union.

The EU is taking the lead in the regulation of crypto-assets, as it tries to strike a middle-ground between a complete absence of rules protecting investors and consumers, and stifling prohibition, trying to make the EU an attractive but safe hub for blockchain-based activity and business. However, leading the field in regulation always implies a certain degree of risk and the new instrument is not without its shortcomings.

This post, after a brief overview of the scope and main features of the MiCA Regulation, will make some remarks on two outstanding issues: the doubtful rationale behind the scope of the Regulation, and its choice not to deal with decentralisation.

Overview of the MiCA Regulation

On 16 May 2023, the Council of the European Union formally adopted the MiCA Regulation, after its final adoption by the Parliament on 20 April 2023, which followed two-and-a-half years of negotiations based on the Commission’s initial proposal from 24 September 2020. At the time of writing (17 May 2023), the text has not yet been published in the Official Journal, which should be the next and final step. Thereafter, it will enter into force 20 days from publication and will be fully applicable within 18 months, which sets the Regulation to enter into force in late 2024 or early 2025. MiCA is a Regulation and, as such, is directly applicable in all Member States and does not require any transposition by national legislators.

A crypto-asset is defined in Article 3(1), fifth subparagraph, as a “a digital representation of a value or a right that is able to be transferred and stored electronically, using distributed ledger technology or similar technology”. This wide definition emphasises two crucial elements of crypto-assets: (i) they are digital representations of value or of a legal situation, without intrinsic value; and (ii) their underlying technology is a distributed ledger technology (blockchain being the most well-known) in which the creation, transfer, and asset ownership of the relevant crypto-asset are defined, with no need of a central authority, and undertaken by cryptographic means. This broad definition is a positive choice, as it aims pre-emptively to bring possible new forms of crypto-assets within its scope.

As we will see below, there are, however, certain types of crypto-assets that are excluded from this broad definition, and thus fall outside the scope of MiCA.

Substantively, the Regulation can be divided into three main frameworks:

  1. Rules on the issuance of crypto-assets (Articles 4 to 58) which impose several requirements on issuers of various categories of crypto-assets, namely the drafting of a white paper (functionally comparable to a prospectus), with previous clearance from the competent authority for utility tokens and crypto-assets that are not asset-referenced tokens or e-money tokens. A more complex set of rules on the issuance, authorisations, governance and prudential requirements applies to asset-referenced tokens and e-money tokens.
  2. Another framework applies to crypto-asset service providers (“CASPs”) (Articles 59 to 75), which includes the need for an authorisation from a competent authority and subjecting them to formal, prudential, and organisational requirements very similar to the ones applicable to financial firms under MiFID II;
  3. Finally, a set of rules designed to prevent market abuse in what concerns crypto-assets (Articles 86 to 92). These rules are materially similar, though a bit more laconic, to the ones foreseen in the Market Abuse Regulation applicable to securities. This last block of rules aims at avoiding Elon Musk-like behaviours, wherein a single statement of a high-profile figure can change the crypto-asset value abruptly and considerably.

Out of Scope, Out of Mind: a Superfluous Division of Crypto-Assets?

Not all crypto-assets come within the scope of application of the proposed Regulation. In fact, the Regulation excludes from its scope, among others: crypto-assets that are unique and non-fungible (commonly known as non-fungible tokens, or “NFTs”) (see Article 2(3)); crypto-assets that are financial instruments (which will be subject to the EU’s financial law instruments, such as MiFID II, the Prospectus Regulation and the Market Abuse Regulation); deposits; funds; securitisation positions (see Article 2(4)(a)-(d)); and a number of insurance and pension products which may take the form of crypto-assets (see Article 2(4)(e)-(j)).

These exclusions do not mean that such crypto-assets do not exist. On the contrary, the explicit exclusions confirm that they do. Nevertheless, for various reasons, they are excluded from the scope of the Regulation.

As such, the two types of crypto-assets that fall with the scope of the Regulation are (i) utility tokens, and (ii) monetary tokens. Utility tokens are defined in the Regulation as crypto-assets intended to provide access to a good or service supplied by the issuer (see Article 3(1)(9)). Monetary tokens are not defined in the Regulation but could be roughly defined as crypto-assets with a primary function to serve as a means of payment, store of value, or unit of account.

Crucially, investment tokens (which allow the tokenholder to participate in a cash flow generated by an underlying asset or bundle of assets) fall outside MiCA and instead are regulated under the EU securities framework (it should be noted that, pursuant to Article 2(5), ESMA will issue, in the 18 months after the entry into force of MiCA, guidelines on the conditions and criteria for the qualification of crypto-assets as financial instruments).[1] The MiCA Regulation itself only mentions the categories of utility tokens, asset-referenced tokens, and e-money tokens. It does not explicitly mention monetary tokens, but they are included in the definition of crypto-asset and thus not excluded from the scope of the Regulation. Asset-referenced tokens and e-money tokens will generally be monetary in nature, but the way their value is determined, with reference to fiat currency and/or other “real-world” assets (which brands them as “stablecoins”) warrants a specialised and complex framework, as laid out in Articles 16 to 58 of the Regulation. Investment tokens, once more, are excluded from its scope.

The framework for CASPs and the rules on market abuse apply to all crypto-assets within the scope of the Regulation. However, a basic issuance framework applicable to all tokens that are not stablecoins (including utility tokens and other monetary tokens that are not qualified as such), whereas a more demanding framework applies the issuance of tokens qualified as stablecoins under the Regulation.

Below is a table summarising the framework applicable to the issuance, provision of services, and market abuse for each of the three classic empirical categories of crypto-assets:

Type of token (empirical categories) Rules applicable to issuance Rules applicable to provision of services and market abuse
Utility token MiCA Basic Framework (Articles 4-15) MiCA Regulation
Monetary token  

Value is determined by referring to the value of one or more “real” underlying assets, such as fiat money or commodities (= stablecoin)



Additional requirements and rules pursuant to the MiCA Regulation, applicable to asset-referenced tokens and e-money tokens (Articles 16-58). MiCA Regulation
Value is not determined by referring to the value of one or more “real” underlying assets, such as fiat money or commodities MiCA Basic Framework (Articles 4-15) MiCA Regulation
Investment token MiFID II / Prospectus Regulation MiFID II / Market Abuse Regulation

Naturally, this table is an over-simplification of the functional content of different crypto-assets. Many (if not all) crypto-assets present characteristics of more than one of the aforementioned categories, warranting a case-by-case analysis of their functional content and determination of their main function.

In theory, the issuance, provision of services, or market abuse infringements of any crypto-asset can be subject to: either (i) the relevant provisions in EU financial law instruments, such as the Prospectus Regulation, MiFID II, or the Market Abuse Regulation; or (ii) the relevant frameworks of the MiCA Regulation, depending on whether it is considered an financial instrument (i.e., if it is an investment token).

However, a quick read of the MiCA Regulation reveals, quite clearly, that its rules have been heavily based on the pre-existing EU financial law instruments (i.e., the Prospectus Regulation, MiFID II, and the Market Abuse Regulation). Therefore, from a substantive point of the view, the rules applicable to utility and monetary tokens within the scope of MiCA, on the one hand, and investment tokens, on the other, which fall within the scope of the pre-existing EU financial law framework, are quite similar, as the former are heavily inspired (if not directly copied, in some instances) by the latter. There are, of course, some differences – while the Prospectus Regulation, applicable to investment tokens, requires prospectuses to be approved by the competent authority in order to be published, the MiCA Regulation does not require such previous clearance for utility tokens and monetary tokens that are not stable coins, just a mere notification.

Since the MiCA Regulation seems to be a light or watered-down version of the Prospectus Regulation, MiFID II, and the Market Abuse Regulation, with specificities applicable to stablecoins (specificities of a more prudential nature), one can pose the following question: why regulate security tokens under one regime, and utility and monetary tokens under a similar but slightly different regime?[2]

The subjection of utility and monetary tokens to these new rules (especially, the rules on issuance, public offering, and market abuse) which are derived from rules applicable to securities, implicitly acknowledges that, even though the contractual relationship or the original function might not be the same as that of securities, they are treated as such. Seemingly, it is acknowledged that utility and monetary tokens always have an element of investment to them. The same concept of “issuance” as the act that creates either a transferable security/financial instrument or a crypto-asset, as well as the subsequent step of a public offering is used for all categories throughout the applicable legislation, which reflects the empirical use of language used for securities for crypto-assets. Prospectuses/white papers are required to have functionally equivalent content, and there are special provisions on civil liability for the content of such prospectuses/white papers. We see similar frameworks applicable to entities providing services with securities and crypto-assets and, of course, parallel market abuse rules.

The law is implicitly hinting at what is widely known: most people buy crypto-assets not because they can use it to purchase a good or service or as medium of exchange (and hence fulfil the objectives of utility and monetary tokens, respectively). Instead, most are seeking to resell the crypto-assets at a higher price later, regardless of the original intent of the issuer or developer. As such, most of the empirical problems associated with securities, which justify the creation of securities law to protect investors and market integrity, extend to crypto-assets.

Two holistic alternatives could have been considered: (i) the subjection of all crypto-assets to EU financial law, recognising that most crypto-assets, even if conceived as monetary or utility tokens, have an important investment dimension which cannot be overlooked, with special exemptions for some proven cases of a lack of investment component, obvious technical adaptations and special provisions on stablecoins; or (ii) the subjection of all crypto-assets to the MiCA Regulation, exceptionally putting the technology neutrality principle aside.

Legally separating crypto-assets which are financial instruments or securities from those which are no, makes perfect sense from a formal and conceptual point of view (and respects the technology neutrality principle). However, there seems to be no material benefit in doing so. A single holistic framework would render the functional classification of crypto-assets irrelevant, align regulatory requirements, and increase legal certainty. We will have to wait and see how the separate frameworks will work in practice, and then re-assess whether the reservations expressed in this text are justified.

Don’t Say Decentralisation: the Omission of Decentralised Arrangements from the Regulation

Another interesting choice by the legislator while drafting the MiCA Regulation was not to address directly decentralised finance arrangements (“DeFi”) and/or the possibility of decentralised autonomous organisations (“DAOs”) issuing crypto-assets or being able to be authorised as CASPs.

First, Article 2(1) indicates that MiCA applies to natural and legal persons and “certain other undertakings”, with a similar wording in the definitions of issuer, offeror, and CASP. Article 4(1)(a) limits the issuance of crypto-assets that are not stablecoins to legal persons.

It is curious that, for the lighter framework of issuance of crypto-assets that are not stablecoins, only legal persons are mentioned, while for the more stringent frameworks on asset-referenced tokens and CASPs, the legislator opens them to “other undertakings”, even if it requires a legal form ensuring an equivalent protection to third parties’ interests.  Thus, Articles 16(1)(a) and 18(1) on the requirements to issue asset-referenced tokens, and Article 59(1)(a) on the requirements for authorisation as a CASP, mention a legal person or “other undertaking”. Articles 16(1) and 59(3) both state that “other undertakings” may issue asset-referenced tokens only if “their legal form ensures a level of protection for third parties’ interests equivalent to that afforded by legal persons and if they are subject to equivalent prudential supervision appropriate to their legal form”.

One can raise the question of whether decentralised arrangements or DAOs could fall within the scope of the Regulation. Indeed, many DeFi projects do not operate in a centralised fashion and will likely fall outside the Regulation’s scope for now. As pointed out already by some authors and organisations, the Regulation focuses too much on legal entities, which can be of dubious compatibility with decentralised protocols, as it will be difficult to identify their constituent actors. By excluding decentralised arrangements from its rules, MiCA falls short of protecting holders of crypto-assets, clients and investors to the extent it claims it does in Article 1 and throughout its Recitals.

DAOs can very well issue tokens and provide DeFi services. Of course, DAOs are complex creatures that have no explicit legal recognition as such in the Member States (though they would be considered general partnerships or “civil companies” in most, if not all, national jurisdictions). However, the EU legislator clearly opted to forgo the opportunity to bring, even if in a very limited fashion, DAOs into the “legal fold”.

Taking into account the characteristics of most DAOs and, crucially, the fact that their absence of legal recognition and subjection to the rules of general partnerships would render them devoid of legal personality or limited liability, it is very unlikely they could pass the test laid out in Articles 16(1) and 59(3) of the MiCA Regulation and thus be allowed to issue asset-referenced tokens or be authorised as CASPs or “other undertakings”.

In any case, the final text was probably not thinking of such levels of decentralisation. One can infer an intentional exclusion from the fact that the final text rejected an amendment suggested by the Parliament on 17 March 2022 in its Report on MiCA, which tried to address decentralisation more openly. Indeed, in its version of Recital 11, the Parliament included the following sentence:

“sometimes the issuance and exchange of crypto-assets may be decentralised, and that should be reflected and considered by the relevant legislation. Such decentralised issuers should not be required to organise as a single legal entity and should not be subject to regulation until the offering of the crypto-assets to the public is centralised”.

Further, it suggested including a new Recital (13a), which foresaw that:

“… some types of crypto-assets are not issued by legal entities, but are instead managed by decentralised autonomous organisations. Provided that such crypto-assets are compatible with the requirements of this Regulation and do not pose a risk to investor protection, market integrity or financial stability, competent authorities should be permitted to admit such crypto-assets to trading on a Union trading platform for crypto-assets”.

The Parliament even included a definition of a decentralised autonomous organisation as “a rule-based organisational system that is not controlled by any central authority and whose rules are entirely routed in its algorithm”. This definition had its shortcomings, e.g., uncertainty around what degree of decentralisation is required for an organisation to be considered a DAO. Regardless, the Parliament’s definition was an interesting start.

The Parliament’s initial version of Articles 4 and 5 allowed DAOs to issue crypto-assets that are not stablecoins, subjected them to the lighter issuance framework foreseen in Articles 4 to 15 of the Regulation, and mandated competent authorities to ensure DAOs which issued such tokens would have to comply with the white paper requirement.

In the subsequent political discussion, however, the inclusion of decentralised arrangements was set aside. While Recital 22 of the final text of the Regulation says that the Regulation should apply to activities performed in a “decentralised manner”, it also states that “where crypto-asset services are provided in a fully decentralised manner without any intermediary, they should not fall within the scope of [the] Regulation”. It is thus clear that where crypto-assets have no identifiable issuer, they fall outside the scope of the Regulation’s rules on issuance. However, the fact that certain crypto-assets have no identifiable issue does not exclude the application of the titles on CASPs and market abuse, as specified by the last sentence of Recital 22, which only excludes such crypto-assets from Title II, III or IV of the Regulation and clarifies that CASPs “providing services in respect of such crypto-assets should (…) be covered by [the] Regulation”.

As such, one can identify a clear intention of not addressing the issue of decentralisation at this stage. This does not mean that the text of the Regulation might not be flexible enough to accommodate some decentralised arrangements (except, in the surprisingly inflexible requirement of Article 4(1)(a) on the issuance of utility tokens and monetary tokens that are not stablecoins, which refers “legal person” but not “other undertakings”), or that the definitions of “other undertakings” could not be bent to accommodate some decentralised structures in the future.

There could be very good reasons for the final text’s “don’t-say-decentralised” policy for this. One might argue that decentralised arrangements such as DAOs are still in an embryonic stage (which is not necessarily true, as the DAO ecosystem has seen considerable growth in the past years) or, more rightly so, that legal thinking on how to address DAO regulation is not mature enough yet to address the liability of a decentralised arrangement for the content of a white paper, for instance. Despite this, the MiCA Regulation could have led the way forward. Granted, the MiCA Regulation might not be the right place to regulate fully DAOs or address DeFi arrangements, however, it could have been an interesting first move to bring decentralised arrangements into the “legal fold”. Only time will tell if this was an opportunity lost.


The adoption of the MiCA Regulation is a significant moment in global crypto-asset regulation. It is remarkable that a key market like the EU (with a population of ca. 450 million people) has been able to adopt a comprehensive framework on the most pressing issues posed by crypto-assets, such as consumer and investor protection, as well as financial and market stability, while simultaneously providing enough clarity to market players to be able know what they can count on. This is a much-needed victory for the EU, and might be a blueprint for similar regulation in other parts of the world. Of course, as any pioneering effort, the Regulation is not perfect, in particular two aspects would merit further reflection in future reviews.

It will be confusing to have crypto-assets separated between the existing financial regulation and MiCA, especially as the latter is a watered-down version of the former. This separation is conceptually justifiable, but materially it will introduce much confusion among market players on what regime is applicable, especially because all crypto-assets have some implicit investment component. Only practice will tell us how this separation will work or if a holistic approach under which all crypto-assets are regulated by the same legislative act is warranted.

Finally, the MiCA Regulation was a chance to address, even if preliminarily, blockchain-based decentralisation in EU law, laying out a path for future regulation or, at least, providing guidance to Member State in how to regulate crucial aspects such as DeFi and DAOs. While this reluctance might have been thought-through to avoid affecting future legislative endeavours, it does leave potential retail holders of crypto-assets issued by DAOs or decentralised arrangements unprotected.

[1]For a pioneering work on the legal relevance of the classification of crypto-assets vis-à-vis EU financial law, see Philipp Hacker / Chris Thomale, “Crypto-Securities Regulation: ICOs, Token Sales and Cryptocurrencies under EU Financial Law”, 15 European Company and Financial Law Review 645-696 (2018), Available at SSRN: https://ssrn.com/abstract=3075820

[2]The author first expressed this view in Portuguese in António Garcia Rolo, “Algumas Notas sobre a Proposta de Regulamento Europeu sobre Mercados de Criptoativos” (October 2020), available at https://governancelab.org/algumas-notas-sobre-a-proposta-de-regulamento-europeu-sobre-mercados-de-criptoativos/; and in “Criptoativo – Conceito, Modalidades, Regime e Distinção de Figuras Afins” (April 28, 2022). Estudos de Direito do Consumo, Vol. VI (coord. Rui Ataíde / Vitor Palmela Fidalgo / Francisco Rocha), AAFDL, Lisbon (forthcoming), Centro de Investigação de Direito Privado (CIDP) Research Paper No. 18, available at SSRN: https://ssrn.com/abstract=4123583, 24-26.