Study: 62% of all tokens registered in the EU under MICA are NOT from the EU

Key findings

• MiCA (Markets in Crypto Assets) is the EU’s regulatory framework for digital assets, in full force since 30 December 2024. ESMA (the European Securities and Markets Authority) maintains public registers of all authorized entities. 
• Those registers currently contain 931 total records: CASP licenses, white paper notifications for token issuances, and enforcement flags.
• White paper notifications (741 records, nearly 80% of the total) far outnumber operational CASP licenses (156 records). 
• For CASPs, it’s different. It seems that specific business models have a preference to work with specific regulators: TradFi institutions in Germany, centralized exchange platforms going to Malta and Cyprus, stablecoins issuers choosing France, etc.
• Of 741 white papers, 230 were filed by exchanges or third-party compliance providers on behalf of established token networks. 
• The remaining 511 were filed by token projects directly. Of those 511 direct filers, 269 (52.6%) are headquartered outside the EU.
• In the top white paper jurisdictions, a small number of entities dominate volume: Kraken accounts for 131 of Ireland’s 282 records, and LCX AG accounts for 63 of Liechtenstein’s 71.
• Ireland (38%), Malta (19%) and Germany (13%) are currently the uncontested jurisdictions to go for a white paper notification.
• When proxy filings are stripped out, Ireland leads for independent token project submissions with 148 filings from 144 distinct entities, followed by Malta at 143 filings from 93 entities. 
• Of the 431 independent filers, only 70 (16%) are EU/EEA-headquartered. 
• 62% (269 filers) are based outside the EU, predominantly in the British Virgin Islands (88 entities), Switzerland (60), and the Cayman Islands (44).
• No ART (Asset-Referenced Token) has been publicly registered anywhere in the EU to date.

The registration picture by the numbers

The 931 records in the MiCA public registers break down across four categories.

The zero in the ART row reflects the absence of any publicly authorized Asset-Referenced Token issuer in the EU. An ART is a token whose value is pegged to a basket of assets rather than a single currency. Possible explanations for the zero count include:

• The complexity of ART authorization compared to other MiCA license types
• Capital requirements, which can reach 2% of the average outstanding reserve asset value
• A preference by potential issuers for regulatory frameworks outside MiCA’s scope, such as offshore, unregulated jurisdictions

The data does not answer which factor dominates. It only confirms the outcome: zero registered issuers.

Where tokens are registered: the white paper market

Under MiCA, any party seeking to offer a crypto-asset to the public or to have it admitted to trading on an EU exchange must publish a compliant white paper. Think of it as a mandatory disclosure document: it explains what the token is, how it works, and what risks it carries. This obligation falls on the original issuer by default. MiCA also allows the trading platform to take on that responsibility, either when it lists a token on its own initiative or by written agreement with the token’s project team.

That provision is what drives the 741 records in the “other crypto-assets” register.

The full picture: all 741 filings

The filings concentrate in five jurisdictions.

• Ireland: 282 records (38%)
• Malta: 143 records (19%)
• Germany: 95 records (13%)
• Liechtenstein: 71 records (10%)
• Netherlands: 46 records (6%)
• All other jurisdictions: 104 records (14%)

Within the top jurisdictions, one or two entities account for most of the volume.

• Ireland (282): Kraken (Payward) filed 131 records as the exchange operator taking on the white paper obligation for tokens it lists.
• Liechtenstein (71): LCX AG is attributable to 63 records, combining its role as exchange operator and as direct filer.
• Germany (95): A German compliance service provider filed 80 records on behalf of token projects. Unlike Kraken or LCX, it does not appear in the CASP register.
• Malta (143): OKX accounts for 28 records (confirmed via white paper URLs). Socios, the fan token platform, accounts for a further 50 records across three registered entities.
• Netherlands (46): No single dominant filer. Records are distributed across individual token projects.

How MiCA creates the proxy filing model, and what tokens it actually covers

When an exchange wants to offer an existing token to EU customers, MiCA requires a published white paper for that token. Most networks that predate MiCA have no such document. The exchange can either wait for the token team to produce one or take on the obligation itself. Kraken and LCX built internal processes to do this at scale, which is why they appear as the named responsible party for dozens of filings each.

The filing jurisdiction maps to where the exchange holds its CASP authorization. Kraken’s EU entity is in Ireland. LCX is in Liechtenstein.

Looking at the tokens behind these proxy filings reveals something worth noting: the range is wider than most would assume.

LCX AG (Liechtenstein, 63 filings) covers established blue-chips alongside meme coins and mid-caps:

• Blue-chips: BTC, ETH, ADA, SOL, XRP, DOGE, DOT, BCH, NEAR
• Mid-caps and ecosystem tokens: UNI, ARB, OP, LDO, TON, AVAX, CELO, EIGEN, JUP
• Meme coins: PEPE, FLOKI, TRUMP, MOG, PENGU, GALA, NOT

Kraken (Ireland, 131 filings) spans multiple token categories:

• DeFi (Decentralized Finance) protocols: Celo Foundation, Bera Chain
• AI and data: Venice.ai, Bio.xyz Association, OpenKaito
• Infrastructure and layer-2 networks: Open Builders, Zora Labs
• Gaming and consumer: Mirror World, Hamster Foundation

German compliance service provider (Germany, 80 filings) covers blue-chips and meme coins with no apparent category filter:

• Blue-chips and established assets: Bitcoin, Ethereum, Litecoin
• Pure meme coins: Book of Meme, Popcat, Fartcoin, Melania Meme, Goatseus Maximus

This tells us something concrete about how MiCA works in practice. There is no asset-class filter at the point of white paper filing. An exchange must file for every token it lists for EU customers, whether that token is Bitcoin or a meme coin. The register reflects the full range of what European exchanges are currently offering.

Of the 741 records, 230 were filed by exchanges or third-party compliance providers acting as proxies. The remaining 511 came from token projects filing directly.

What founders should know about the proxy model:

Exchanges file white papers for tokens that are already liquid and already generating trading volume. A new token seeking EU market access for the first time is unlikely to find an exchange willing to absorb its white paper filing unless the project has significant commercial traction. For most early-stage projects, MiCA compliance is their own responsibility from day one.

Where independent token projects chose to file

Stripping out exchange-proxy filings and the compliance service provider leaves 431 records attributable to independent token projects. This is the cleaner signal of where founders are actually choosing to engage with MiCA.

• Ireland: 148 filings from 144 distinct entities (34%)
• Malta: 143 filings from 93 distinct entities (33%)
• Netherlands: 46 filings from 46 distinct entities (11%)
• Germany: 15 filings from 12 distinct entities (3%)
• Luxembourg: 13 filings from 13 distinct entities (3%)
• France: 12 filings from 9 distinct entities (3%)
• All others: 54 filings (13%)

Ireland and Malta together account for two-thirds of all independent token project filings.

The token categories in each jurisdiction reflect the variety of what independent founders are actually building.

Ireland filers include:

• Layer-1 networks (base blockchain protocols): VeChain
• DePIN (Decentralized Physical Infrastructure Networks): DIMO Network
• AI and data protocols: Giza, Venice.ai
• Cloud and compute infrastructure: Impossible Cloud Network
• DeFi applications: Init Capital, MIRA Network
• Developer tooling: Subsquid, Avail Project
• Wallets and consumer apps: DeFi.app

Malta filers include:

• Fan tokens (tokens tied to sports club membership and rewards): Socios, covering 50 clubs including FC Barcelona, PSG, and AC Milan
• DeFi infrastructure: WalletConnect, KernelDAO
• AI tokens: Ondo AI, Aivalanche
• Layer-1 protocols: Nillion, Shardeum
• Identity and tooling: QuantiID Systems

Both jurisdictions function as EU compliance anchors rather than operational homes for most filers. The relevant question for founders is not which jurisdiction hosts more projects similar to yours, but which regulator has more experience processing the type of white paper your token requires.

Where these token projects are actually based

For most of these entities, where they file their white paper and where they are legally incorporated are two different places.

Across all 431 independent filings:

• Head office within the EU or EEA: 70 entities (16%)
• Head office outside the EU: 269 entities (63%)
• No head office data available: 92 entities (21%)

Fewer than one in six independent token projects filing in the EU is actually based in the EU. The breakdown by jurisdiction is revealing.

Ireland (148 filings, 144 entities):

• Head office in Ireland: 1 entity
• Head office elsewhere in the EU/EEA: 0 entities
• Head office outside the EU: 118 entities (80%)
• Head office data unavailable: 29 entities

Top incorporation jurisdictions for Ireland filers:

• British Virgin Islands: 48 entities (41% of those with known head offices)
• Cayman Islands: 17 entities (14%)
• Switzerland: 13 entities (11%)
• Panama: 11 entities (9%)
• United States: 8 entities (7%)

One entity out of 148 has an Irish head office. That figure alone tells the story. Ireland is not where token projects incorporate and then comply with MiCA from home. It functions as a regulatory access point: a place where offshore entities file a compliant document with an EU regulator, without needing to move their corporate seat to Europe.

The British Virgin Islands dominance (48 entities) reflects a standard crypto project structure. A BVI foundation or company holds the token and maintains legal control over the protocol, then engages the Irish regulator directly to satisfy the EU white paper requirement. The US presence (8 entities) signals a different approach: US-incorporated teams obtaining an EU regulatory footprint without relocating their legal structure at all. Ireland provides that footprint with minimal structural change on the project’s side.

Malta (143 filings, 93 entities):

• Head office in Malta: 20 entities (14%)
• Head office elsewhere in the EU/EEA: 1 entity
• Head office outside the EU: 117 entities (82%)
• Head office data unavailable: 5 entities

Top incorporation jurisdictions for Malta filers:

• Switzerland: 40 entities (34% of those with known head offices)
• British Virgin Islands: 28 entities (24%)
• Cayman Islands: 20 entities (17%)
• Panama: 7 entities (6%)
• United States: 7 entities (6%)

Malta’s 20 locally incorporated entities stand in clear contrast to Ireland’s one. A decade of crypto-specific regulation has produced a local ecosystem of service providers, legal advisors, and compliance professionals whose practices are built around crypto founders. Projects that want proximity to that ecosystem, rather than just a filing address, tend to incorporate in Malta directly.

The Swiss presence (40 entities) follows a pattern that predates MiCA. Swiss foundations have been a standard vehicle for crypto token projects since 2017, and Malta has consistently been their preferred EU gateway. Many Swiss-structured projects run two parallel entities: a Swiss foundation for governance and protocol control, and a Malta-registered entity for EU compliance. The Cayman Islands count (20) works on similar logic: a Cayman foundation holds the token, a Malta entity handles EU obligations. This split between legal control and regulatory exposure is a deliberate structuring decision, not an accident of geography, and the data confirms it is common practice.

Across both jurisdictions, the filing jurisdiction is not where these projects live. It is where they have chosen to be visible to European regulators. Ireland attracts offshore projects that want a familiar English-language regulatory environment with an established tech sector track record. Malta attracts projects that want proximity to a crypto-native regulatory tradition and a support network built specifically for this industry.

Where CASPs are licensed: the operational map

A CASP is any company authorized to offer crypto services in Europe. MiCA defines ten service categories. The table below shows which services the 156 authorized CASPs are permitted to offer, and how many hold each authorization.

Custody (a) and transfer services (j) lead because almost every operator, from a pure custody provider to a full exchange, includes these in their authorization. Trading platform operation (b) is the rarest, limited to the 13 entities that run an actual order book or matching engine for EU users.

What these numbers reveal beyond the counts:

Most MiCA-licensed entities so far are brokers and custody providers, not full exchanges. True exchange operators are a small minority: 13 out of 156. For a founder building an exchange product, very few directly comparable licensed entities currently exist in the EU.

Code j (transfer services) has 96 authorized providers despite being a narrower service than full exchange operation. Part of the explanation lies in the German banking cluster, where traditional institutions added transfer services as a natural extension of their existing payment infrastructure. Whether that authorization scope fully applies to crypto-native transfer models is still being worked out in practice.

The 156 authorizations are distributed across Member States as follows.

By country:

• Germany: 45 CASPs (29%)
• Netherlands: 22 CASPs (14%)
• France: 12 CASPs (8%)
• Malta: 12 CASPs (8%)
• Ireland: 11 CASPs (7%)
• Cyprus: 8 CASPs (5%)
• Austria: 7 CASPs (4%)
• All others: 39 CASPs (25%)

Major digital-native platforms by jurisdiction:

• Ireland: Kraken (Payward)
• Luxembourg: Coinbase, Bitstamp
• Malta: OKX, Crypto.com, Gemini, Blockchain.com
• Cyprus: eToro, Revolut
• Austria: Bybit, KuCoin, Bitpanda
• Netherlands: Bitvavo, MoonPay
• Germany: N26 Bank

EMT (Electronic Money Token) issuers are a distinct sub-group. Circle holds its EU authorization in France alongside Societe Generale’s token issuance entities. Paxos operates its European EMT business out of Finland. These entities hold CASP licenses in addition to their EMT issuer status.

What the geographic clustering actually tells us

MiCA is a harmonized regulation. Every Member State offers the same authorization menu (services a through j). A Germany-licensed CASP and a Malta-licensed CASP can apply for identical service codes. The observed clustering reflects something other than what the regulation permits.

Germany’s 45 CASPs are dominated by traditional financial institutions: Commerzbank, DZ BANK, Boerse Stuttgart, Trade Republic, and dozens of regional Volksbanks. These entities applied predominantly for narrow service codes suited to a broker model serving existing fiat clients. BaFin, Germany’s financial regulator, has deep institutional experience with this type of applicant.

Malta and Cyprus host the Mediterranean retail exchange cluster: OKX, Crypto.com, Gemini, eToro. These platforms applied for broad service code sets covering trading platform operation, exchange, and placement. Their regulators have processed many applications of this kind.

The practical implication for founders: a crypto exchange license application in Germany lands alongside traditional banks seeking narrow authorizations. The same application in Malta lands alongside globally recognized exchanges. Regulator familiarity with the applicant’s business model is a material factor in the licensing process, even when the regulation itself is identical across borders.

Two service categories remain thin across the entire bloc: advice (code h, 17 providers) and portfolio management (code i, 22 providers). Any business model built around those services will have very few regulatory reference points to work with.

Passporting: one crypto license in Europe for the whole EU market

Once authorized in any Member State, a CASP can extend its services to every other EU Member State through a single administrative notification, a process called passporting. Pan-European platforms (Kraken, Bitvavo, Bitstamp, Bitpanda, Trade Republic) have passported to 28 to 31 countries each, covering the full bloc from a single home authorization.

Traditional institutions in Germany and Spain overwhelmingly list only their home country, confirming that for those entities MiCA serves a domestic compliance function rather than an EU-wide expansion tool.

The EMT market: concentrated and institutional

An EMT (Electronic Money Token) is a token that maintains a stable value by referencing a single official currency, such as the euro or the US dollar. The term “stablecoin” is used informally to describe these assets. Under MiCA the precise category is EMT for single-currency pegged tokens, and ART for tokens referencing a basket of assets or other values.

Issuing an EMT requires prior authorization as an EMI (Electronic Money Institution) or a credit institution. That prerequisite is why the EMT register contains only 34 records.

• France: 7 registrations (21%), including Circle (EURC, USDC) and Societe Generale (EURCV, USDCV)
• Netherlands: 6 registrations (18%), including Quantoz Payments and Fiat Republic
• Lithuania: 4 registrations (12%)
• Malta: 4 registrations (12%)
• Czech Republic: 3 registrations (9%)
• Finland: 3 registrations (9%), including Paxos
• All others: 7 registrations (21%)

The concentration is the result of regulatory design. MiCA structured EMT issuance as an institutional product from the outset. Founders exploring fiat-pegged token issuance under MiCA are entering a market defined by banks and licensed payment institutions, not by startups.

A note on enforcement and National Competent Authority (NCA) coverage

The MiCA non-compliant register contains 57 flagged entities. Italy’s CONSOB accounts for 55 of them. The Netherlands flagged MEXC Global. Slovakia flagged LWEX. Most other Member States have recorded no public enforcement activity.

Under MiCA, each EU and EEA Member State must designate an NCA (National Competent Authority): the national regulator responsible for receiving applications, granting authorizations, and supervising MiCA-regulated entities. Without a functioning NCA, the licensing process cannot operate properly from the applicant’s side.

Six jurisdictions within MiCA’s scope have not yet produced a single public authorization record in any register: Greece, Croatia, Hungary, Norway, Portugal, and Romania. Romania is the only country still listed as “to be announced” for its NCA designation. Founders considering these jurisdictions as primary licensing bases should factor in that no publicly processed applications exist there yet: no precedent, no reference timeline, and no comparable licensed entities to benchmark against.

What the data tells founders

The MiCA public registers map where the EU crypto market has actually settled after its first year. Three patterns stand out for founders assessing their EU strategy.

The white paper register overstates founder-level engagement with MiCA. Of the 741 records, 230 come from exchanges or compliance providers filing on behalf of existing assets. The count of token projects that independently chose to engage with MiCA is closer to 431. That group skews heavily offshore: 62% are headquartered outside the EU, using Ireland and Malta as compliance anchors rather than corporate homes.

Jurisdiction choice shapes the licensing experience, not the legal rights. MiCA grants the same rights everywhere. What differs is the regulator’s familiarity with specific business models, the composition of the existing applicant pool, and the processing environment. Retail exchange founders will find more established reference points in Malta and Cyprus. Custody and broker models have more precedent in Germany and the Netherlands. That difference does not appear in the regulation text. It appears in the register.

The advisory and portfolio management gap is real and data-confirmed. With only 17 and 22 authorized providers respectively, services h and i have almost no established presence in the EU CASP register. For founders building products in those categories, there are very few comparable licensed entities to benchmark against. That gap reflects both the difficulty of those authorizations and the limited competition currently in those segments.

LegalBison works with founders and operators at each of these decision points, from initial jurisdictional strategy through crypto license application (including CASPs), company formation, and ongoing regulatory compliance across the EU and beyond.

Data sourced from the EU MiCA public registers (CASPS, EMTWP, ARTZZ, OTHER, and NCASP datasets) and the ESMA Register Field Definitions document. All figures reflect the state of the registers as of February 23, 2026.