Crypto License MiCA Study

Study: 58% of all tokens registered in the EU under MICA are NOT from the EU

We studied extensively the Markets in Crypto-Assets (MiCA) interim registers held by the European Securities and Market Authority (ESMA). Data showed notable tendencies and a few surprising facts.

Study: 58% of all tokens registered in the EU under MICA are NOT from the EU image
Aaron Glauberman photo
Aaron Glauberman Partner at LegalBison
Viktor Juskin photo
Viktor Juskin Partner at LegalBison
Sabir Alijev photo
Sabir Alijev Partner at LegalBison
Mar, 30 2026 18 minutes

Key findings

  • MiCA (Markets in Crypto Assets) is the EU’s regulatory framework for digital assets. ESMA (the European Securities and Markets Authority) maintains public registers of all authorized entities.
  • Those registers currently contain 795 total records: 697 authorizations/notifications (CASP licenses and white papers) and 98 enforcement flags.
  • White paper notifications (484 records, nearly 69% of the total authorizations) far outnumber operational CASP licenses (174 records).
  • For CASPs, it’s different. It seems that specific business models have a preference to work with specific regulators: TradFi institutions in Germany, centralized exchange platforms going to Malta and Cyprus, stablecoin issuers choosing France and the Netherlands, etc.
  • Of 484 “Other” white papers, 251 were filed by exchanges or third-party compliance providers on behalf of established token networks. The remaining 233 were filed by token projects directly.
  • In the top white paper jurisdictions, a small number of entities dominate volume: Kraken accounts for roughly 104 of Ireland’s 152 records, and LCX AG accounts for 36 of Liechtenstein’s 43.
  • When proxy filings are stripped out, the Netherlands, Ireland, and Malta lead for independent token project submissions. A significant majority of these independent filers remain headquartered outside the EU, predominantly in the British Virgin Islands, Switzerland, and the Cayman Islands.
  • No ART (Asset-Referenced Token) has been publicly registered anywhere in the EU to date.

The registration picture by the numbers

The 697 records in the MiCA public registers break down across four categories.

Register What it covers Records Share
Other crypto-asset white papers Disclosures for tokens other than EMTs and ARTs 484 69.4%
CASP licenses Authorizations to operate as a crypto service provider 174 25.0%
EMT white papers Disclosures for fiat-pegged electronic money tokens 39 5.6%
ART white papers Disclosures for multi-asset-referenced tokens 0 0%

The zero in the ART row reflects the absence of any publicly authorized Asset-Referenced Token issuer in the EU. An ART is a token whose value is pegged to a basket of assets rather than a single currency. Possible explanations for the zero count include:

  • The complexity of ART authorization compared to other MiCA license types
  • Capital requirements, which can reach 2% of the average outstanding reserve asset value
  • A preference by potential issuers for regulatory frameworks outside MiCA’s scope, such as offshore, unregulated jurisdictions

The data does not answer which factor dominates. It only confirms the outcome: zero registered issuers.

Where tokens are registered: the white paper market

Under MiCA, any party seeking to offer a crypto-asset to the public or to have it admitted to trading on an EU exchange must publish a compliant white paper. Think of it as a mandatory disclosure document: it explains what the token is, how it works, and what risks it carries. This obligation falls on the original issuer by default. MiCA also allows the trading platform to take on that responsibility, either when it lists a token on its own initiative or by written agreement with the token’s project team.

That provision is what drives the 484 records in the “other crypto-assets” register.

The full picture: all 484 filings

The filings concentrate in five jurisdictions.

  • Ireland: 152 records (31%)
  • Malta: 96 records (20%)
  • Netherlands: 54 records (11%)
  • Liechtenstein: 43 records (9%)
  • Germany: 37 records (8%)
  • Luxembourg: 30 records (6%)
  • All other jurisdictions: 72 records (15%)

Within the top jurisdictions, one or two entities account for most of the volume.

  • Ireland (152): Kraken (Payward) filed 104 records as the exchange operator taking on the white paper obligation for tokens it lists.
  • Malta (96): OKX and the fan token platform Socios account for a combined 51 records.
  • Netherlands (54): No single dominant filer. Records are distributed across individual token projects.
  • Liechtenstein (43): LCX AG is attributable to 36 records, combining its role as exchange operator and as direct filer.
  • Germany (37): A German compliance service provider filed 26 records on behalf of token projects.
  • Luxembourg (30): Bitstamp accounts for 20 proxy filings.

How MiCA creates the proxy filing model, and what tokens it actually covers

When an exchange wants to offer an existing token to EU customers, MiCA requires a published white paper for that token. Most networks that predate MiCA have no such document. The exchange can either wait for the token team to produce one or take on the obligation itself. Kraken, LCX, and Bitstamp built internal processes to do this at scale, which is why they appear as the named responsible party for dozens of filings each.

The filing jurisdiction maps to where the exchange holds its CASP authorization. Kraken’s EU entity is in Ireland, LCX is in Liechtenstein, and Bitstamp is in Luxembourg.

Looking at the tokens behind these proxy filings reveals something worth noting: the range is wider than most would assume.

  • LCX AG (Liechtenstein) covers established blue-chips alongside meme coins and mid-caps (BTC, ETH, ADA, SOL, PEPE, FLOKI, TRUMP, MOG).
  • Kraken (Ireland) spans multiple token categories, from DeFi protocols (Celo Foundation, Bera Chain) to AI and data (Venice.ai, Bio.xyz) and meme coins.
  • A corporate services provider in Germany covers blue-chips and meme coins with no apparent category filter (Book of Meme, Popcat, Fartcoin, Goatseus Maximus).

This tells us something concrete about how MiCA works in practice. There is no asset-class filter at the point of white paper filing. An exchange must file for every token it lists for EU customers, whether that token is Bitcoin or a meme coin. The register reflects the full range of what European exchanges are currently offering.

Of the 484 records, 251 were filed by exchanges or third-party compliance providers acting as proxies. The remaining 233 came from token projects filing directly.

What founders should know about the proxy model:

Exchanges file white papers for tokens that are already liquid and already generating trading volume. A new token seeking EU market access for the first time is unlikely to find an exchange willing to absorb its white paper filing unless the project has significant commercial traction. For most early-stage projects, MiCA compliance is their own responsibility from day one.

Where independent token projects chose to file

Stripping out exchange-proxy filings and the compliance service providers leaves 233 records attributable to independent token projects. This is the cleaner signal of where founders are actually choosing to engage with MiCA.

  • Netherlands: 54 filings (23%)
  • Ireland: 48 filings (21%)
  • Malta: 45 filings (19%)
  • France: 17 filings (7%)
  • Germany: 11 filings (5%)
  • Liechtenstein: 7 filings (3%)
  • All others: 51 filings (22%)

The Netherlands, Ireland, and Malta together account for nearly two-thirds (63%) of all independent token project filings.

The token categories in each jurisdiction reflect the variety of what independent founders are actually building.

Netherlands filers include:

  • AI and Compute: Gaia Labs Corp, Sahara Company, Great AI Foundation
  • Gaming and Metaverse: Xterio Stiftung, Metacade, Ancient8 (Metaplay8 Limited)
  • Layer-1 / Layer-2 Infrastructure: Sui Foundation, Eclipse OpCo, Bitlayer Foundation
  • DePIN (Decentralized Physical Infrastructure): World Mobile Token

Ireland filers include:

  • Layer-1 networks and Infrastructure: VeChain, Subspace Foundation, Subsquid
  • AI and data protocols: Giza Association, Decentralised Machine Learning Foundation (FLOCK), Zama
  • DePIN: DIMO Network
  • Meme coins and Consumer Apps: $DOGS, BILLION•DOLLAR•CAT (BILLY), Useless (Rachel Wolchin)

Malta filers include:

  • DeFi Infrastructure: WalletConnect, Aerodrome Foundation, Velodrome Foundation
  • AI Tokens: OndoAI, OpenKaito Foundation
  • Layer-1 and Rollup protocols: Nillion, Shardeum, Story Foundation
  • DeSci (Decentralized Science): ResearchHub Foundation

These top jurisdictions function as EU compliance anchors rather than operational homes for most filers. The relevant question for founders is not which jurisdiction hosts more projects similar to yours, but which regulator has more experience processing the type of white paper your token requires.

Where these token projects are actually based

For most of these entities, where they file their white paper and where they are legally incorporated are two different places.

Across all 233 independent filings:

  • Head office within the EU or EEA: 38 entities (16%)
  • Head office outside the EU: 135 entities (58%)
  • No head office data available: 60 entities (26%)

Fewer than one in six independent token projects filing in the EU is actually based in the EU. The breakdown across the top three jurisdictions is revealing.

The Netherlands (54 filings):

  • Head office in the Netherlands: 0 entities
  • Head office elsewhere in the EU/EEA: 0 entities
  • Head office outside the EU: 6 entities (11%)
  • Head office data unavailable: 48 entities (89%)

The Netherlands has emerged as the top destination for independent filings, but the data reveals a stark anomaly: almost 90% of these filings contain no public head office data. Of the few that do report a location, they are entirely offshore, incorporating in the BVI, Switzerland, the Cayman Islands, or Colombia. The Netherlands is functioning strictly as a regulatory filing portal for these projects, none of which claim a Dutch corporate home in the register.

Ireland (48 filings):

  • Head office in Ireland: 1 entity
  • Head office elsewhere in the EU/EEA: 0 entities
  • Head office outside the EU: 38 entities (79%)
  • Head office data unavailable: 9 entities

Top incorporation jurisdictions for Ireland filers (of those with known head offices):

  • British Virgin Islands: 16 entities (41%)
  • Switzerland: 7 entities (18%)
  • Cayman Islands: 6 entities (15%)
  • Panama: 4 entities (10%)
  • United States: 3 entities (8%)

One entity out of 48 (Taker Labs Limited) has an Irish head office. That figure alone tells the story. Ireland is not where token projects incorporate and then comply with MiCA from home. It functions as a regulatory access point: a place where offshore entities file a compliant document with an EU regulator, without needing to move their corporate seat to Europe.

The British Virgin Islands dominance reflects a standard crypto project structure. A BVI foundation or company holds the token and maintains legal control over the protocol, then engages the Irish regulator directly to satisfy the EU white paper requirement. The US presence signals a different approach: US-incorporated teams obtaining an EU regulatory footprint without relocating their legal structure at all. Ireland provides that footprint with minimal structural change on the project’s side.

Malta (45 filings):

  • Head office in Malta: 4 entities (9%)
  • Head office elsewhere in the EU/EEA: 0 entities
  • Head office outside the EU: 39 entities (87%)
  • Head office data unavailable: 2 entities

Top incorporation jurisdictions for Malta filers (of those with known head offices):

  • British Virgin Islands: 18 entities (46%)
  • Cayman Islands: 13 entities (33%)
  • Switzerland: 3 entities (8%)
  • Panama: 3 entities (8%)
  • Singapore: 2 entities (5%)

Malta’s 4 locally incorporated entities (such as Render Network and Progress Malta) stand in contrast to Ireland’s one and the Netherlands’ zero. A decade of crypto-specific regulation has produced a local ecosystem of service providers, legal advisors, and compliance professionals whose practices are built around crypto founders. Projects that want proximity to that ecosystem, rather than just a filing address, tend to incorporate in Malta directly.

However, the vast majority of Malta’s filers still utilize offshore structures. The Cayman Islands and BVI count works on a familiar logic: an offshore foundation holds the token, while a separate legal entity or the foundation itself handles the EU obligations. This split between legal control and regulatory exposure is a deliberate structuring decision, not an accident of geography, and the data confirms it is standard industry practice.

Across all three jurisdictions, the filing destination is rarely where these projects live. It is simply where they have chosen to be visible to European regulators.

Where CASPs are licensed: the operational map

A CASP is any company authorized to offer crypto services in Europe. MiCA defines ten service categories. The table below shows which services the 174 authorized CASPs are permitted to offer, and how many hold each authorization.

Service CASPs MiCA Definition Strategic Examples
Custody & Administration 114 Safekeeping or controlling crypto-assets or the means of access to them (e.g., private keys) on behalf of clients. Commerzbank: First full-service German bank to receive a dedicated crypto custody license.

Coinbase: Operates through major EU hubs (DE, FR, IE) with full custodial infrastructure.
Transfer Services 105 Providing services for the transfer of crypto-assets from one distributed ledger address or account to another on behalf of a client. Kraken (Payward): Licensed in Ireland to provide transfer services for crypto across the EEA.

Revolut: Secured a CySEC MiCA license to facilitate asset transfers for its 40M+ European users.
Exchange (Crypto-to-Fiat) 90 Conclusion of purchase or sale contracts for crypto-assets against “funds” (fiat currency) using proprietary capital. MoonPay: Major on/off-ramp provider for European users to buy crypto with EUR.

Bitvavo: The largest Dutch exchange, providing direct EUR-to-crypto markets.
Execution of Orders 90 Concluding agreements to buy or sell crypto-assets on behalf of clients, including subscriptions at the moment of offer. Trade Republic: A major European neobroker that executes crypto buy/sell orders for retail investors.

Revolut: Uses its CASP status to execute market orders for users directly in-app.
Exchange (Crypto-to-Crypto) 77 Concluding purchase or sale contracts for crypto-assets against other crypto-assets using proprietary capital. Crypto.com: Licensed in Malta and Italy to provide massive cross-token trading pairs.

OKX: Secured Maltese authorization to provide complex token-to-token swap services.
Reception & Transmission 51 Receiving a purchase or sale order from a person and transmitting it to a third party for execution. N26 Bank: Operates a “Reception and Transmission” model where users place orders in the bank app, which are sent to Bitpanda for execution.

eToro: Transmits user orders to major liquid crypto hubs for execution.
Portfolio Management 30 Managing client portfolios on a discretionary, client-by-client basis where portfolios include crypto-assets. AMINA Bank: Provides institutional-grade managed crypto portfolios and discretionary mandates.

Plutos Vermögensverwaltung: Licensed German wealth manager specializing in digital asset portfolios.
Advice on Crypto-assets 21 Providing personalized recommendations to a client regarding transactions in crypto-assets or the use of crypto services. Scalable Capital Bank: Provides regulated investment guidance that can include crypto-asset allocations.

eToro: Offers social trading features that involve investment guidance and asset “copying” advice.
Placing of Crypto-assets 18 Marketing crypto-assets to purchasers on behalf of, or for the account of, an offeror or a party related to the offeror. Bitpanda: Acts as a placement agent for new token projects seeking a European audience.

Kraken: Frequently used for the placement and initial distribution of new crypto-assets.
Operation of a Trading Platform 14 Managing a multilateral system that brings together multiple third-party buying and selling interests to result in a contract. Bitstamp: One of the few platforms with a full multilateral order book authorized in Luxembourg.

OKX: Operates a central matching engine and order book for professional traders in Europe.

Custody and transfer services lead because almost every operator, from a pure custody provider to a full exchange, includes these in their authorization. Operation of a trading platform is the rarest, limited to the 14 entities that run an actual order book or matching engine for EU users.

What these numbers reveal beyond the counts:

Most MiCA-licensed entities so far are brokers and custody providers, not full exchanges. For a founder building an exchange product, very few directly comparable licensed entities currently exist in the EU.

Transfer services have 105 authorized providers despite being a narrower service than full exchange operation. Part of the explanation lies in the German banking cluster, where traditional institutions added transfer services as a natural extension of their existing payment infrastructure.

The 174 authorizations are distributed across Member States as follows:

By country:

  • Germany: 51 CASPs (29%)
  • Netherlands: 23 CASPs (13%)
  • France: 13 CASPs (7%)
  • Malta: 12 CASPs (7%)
  • Ireland: 11 CASPs (6%)
  • Cyprus: 10 CASPs (6%)
  • Austria: 7 CASPs (4%)
  • All others: 47 CASPs (27%)

Major digital-native platforms by jurisdiction:

  • Ireland: Kraken (Payward)
  • Luxembourg: Coinbase, Bitstamp
  • Malta: OKX, Crypto.com, Gemini, Blockchain.com
  • Cyprus: eToro, Revolut
  • Austria: Bybit, KuCoin, Bitpanda
  • Netherlands: Bitvavo, MoonPay
  • Germany: N26 Bank

EMT (Electronic Money Token) issuers are a distinct sub-group. Circle holds its EU authorization in France alongside Societe Generale’s token issuance entities. Paxos operates its European EMT business out of Finland. These entities hold CASP licenses in addition to their EMT issuer status.

What the geographic clustering actually tells us

MiCA is a harmonized regulation. Every Member State offers the same authorization menu (services a through j). A Germany-licensed CASP and a Malta-licensed CASP can apply for identical service codes. The observed clustering reflects something other than what the regulation permits.

Germany’s 51 CASPs are dominated by traditional financial institutions: Commerzbank, DZ BANK, Boerse Stuttgart, and regional Volksbanks. These entities applied predominantly for narrow service codes suited to a broker model serving existing fiat clients. BaFin, Germany’s financial regulator, has deep institutional experience with this type of applicant.

Malta and Cyprus host the Mediterranean retail exchange cluster: OKX, Crypto.com, Gemini, eToro. These platforms applied for broad service code sets covering trading platform operation, exchange, and placement. Their regulators have processed many applications of this kind.

The practical implication for founders: a crypto exchange license application in Germany lands alongside traditional banks seeking narrow authorizations. The same application in Malta lands alongside globally recognized exchanges. Regulator familiarity with the applicant’s business model is a material factor in the licensing process, even when the regulation itself is identical across borders.

Two service categories remain thin across the entire bloc: advice (21 providers) and portfolio management (30 providers). Any business model built around those services will have very few regulatory reference points to work with.

Passporting: one crypto license in Europe for the whole EU market

Once authorized in any Member State, a CASP can extend its services to every other EU Member State through a single administrative notification, a process called passporting. Pan-European platforms (Kraken, Bitvavo, Bitstamp, Bitpanda, Trade Republic) have passported to 29 to 30 countries each, covering the full bloc from a single home authorization.

Traditional institutions in Germany and Spain overwhelmingly list only their home country, confirming that for those entities MiCA serves a domestic compliance function rather than an EU-wide expansion tool.

The EMT market: concentrated and institutional

An EMT (Electronic Money Token) is a token that maintains a stable value by referencing a single official currency, such as the euro or the US dollar. The term “stablecoin” is used informally to describe these assets. Under MiCA the precise category is EMT for single-currency pegged tokens, and ART for tokens referencing a basket of assets or other values.

Issuing an EMT requires prior authorization as an EMI (Electronic Money Institution) or a credit institution. That prerequisite is why the EMT register contains only 38 records.

  • Netherlands: 8 registrations (21%), including Quantoz Payments and Fiat Republic
  • France: 7 registrations (21%), including Circle (EURC, USDC) and Societe Generale (EURCV, USDCV)
  • Germany: 4 registrations (10%)
  • Lithuania: 4 registrations (10%)
  • Malta: 4 registrations (10%)
  • Czech Republic: 3 registrations (8%)
  • Finland: 3 registrations (8%), including Paxos
  • All others: 5 registrations (13%)

The concentration is the result of regulatory design. MiCA structured EMT issuance as an institutional product from the outset. Founders exploring fiat-pegged token issuance under MiCA are entering a market defined by banks and licensed payment institutions, not by startups.

A note on enforcement and National Competent Authority (NCA) coverage

The MiCA non-compliant register currently contains 98 flagged entities. Italy’s CONSOB accounts for an overwhelming 96 of them. The Netherlands flagged MEXC Global, and Slovakia flagged LWEX. Most other Member States have recorded no public enforcement activity.

Under MiCA, each EU and EEA Member State must designate an NCA (National Competent Authority): the national regulator responsible for receiving applications, granting authorizations, and supervising MiCA-regulated entities.

Ten jurisdictions within MiCA’s scope have produced zero public authorization records in the CASP register to date: Croatia, Estonia, Greece, Hungary, Iceland, Italy, Norway, Poland, Portugal, and Romania.

Romania is the only country still literally listed as “to be announced” (TBA) for its NCA designation. Founders considering these jurisdictions as primary licensing bases should factor in that no publicly processed CASP applications exist there yet: no precedent, no reference timeline, and no comparable licensed entities to benchmark against.

What the data tells founders

The MiCA public registers map where the EU crypto market has actually settled after its first year. Three patterns stand out for founders assessing their EU strategy.

The white paper register overstates founder-level engagement with MiCA. Of the 484 records, 251 come from exchanges or compliance providers filing on behalf of existing assets. The count of token projects that independently chose to engage with MiCA is exactly 233. That group skews heavily offshore: 58% are headquartered outside the EU, using the Netherlands, Ireland, and Malta as compliance anchors rather than corporate homes.

Jurisdiction choice shapes the licensing experience, not the legal rights. MiCA grants the same rights everywhere. What differs is the regulator’s familiarity with specific business models, the composition of the existing applicant pool, and the processing environment. Retail exchange founders will find more established reference points in Malta and Cyprus. Custody and broker models have more precedent in Germany and the Netherlands. That difference does not appear in the regulation text. It appears in the register.

The advisory and portfolio management gap is real and data-confirmed. With only 21 and 30 authorized providers respectively, services h and i have almost no established presence in the EU CASP register. For founders building products in those categories, there are very few comparable licensed entities to benchmark against. That gap reflects both the difficulty of those authorizations and the limited competition currently in those segments.

LegalBison works with founders and operators at each of these decision points, from initial jurisdictional strategy through crypto license application (including CASPs), company formation, and ongoing regulatory compliance across the EU and beyond.

Data sourced from the EU MiCA public registers (CASPS, EMTWP, ARTZZ, OTHER, and NCASP datasets) and the ESMA Register Field Definitions document. All figures reflect the state of the registers as of March 23, 2026.

Share this article on