MiCA is live. What crypto payment companies actually need to do.

MiCA went live on December 29, 2023. For most crypto payment companies, the scramble to figure out what it actually means is still happening.

It's not just one rule. It's a comprehensive rulebook for anyone in the EU touching crypto-assets or stablecoins. Custody. Disclosure. Operational resilience. Governance. Risk management. For payment service providers specifically, there are new licensing requirements, capital rules, oversight obligations that didn't exist before.

The good news: it's specific enough that you can actually determine if you're in scope and what to do about it. The bad news: most companies haven't done that analysis.

Am I in scope or not?

This is the first real question.

If you're accepting stablecoins or other crypto-assets as payment and holding them—even temporarily, even for a few seconds—before moving them somewhere, you're probably in scope.

MiCA names six types of service providers that need authorization. Custody. Exchange. Transfer services. Portfolio management. Investment advice. Trading platform operation.

The one that catches payment processors is transfer services. If you're facilitating transfers of crypto-assets on behalf of customers, you need a license. Some processors settle immediately and hold nothing. That's a gray area. But if you're touching the asset at all, even briefly, you're probably a transfer service provider.

Custody is the most regulated. Exchange is pretty heavily regulated. Investment advice is obvious. Trading platforms need authorization. Portfolio management. These all require actual licensing.

Capital and custody and everything else

If you need a license, MiCA requires you to be incorporated in an EU member state and hold minimum capital. For most service providers, that's 50,000 euros. Custody providers need more, starting at 150,000 euros.

But the capital amount isn't actually the hard part. The operational burden is.

Custody safeguards. You can't use customer crypto for proprietary trading. Segregated wallets. On-chain cold storage. Or a qualified third-party custodian. Everything documented. Customers must know how you're holding their stuff.

Operational resilience. Incident response plans. Business continuity procedures. You need to recover from a system failure within 24 hours. Regular testing. Detailed logs. Financial institutions have had these requirements forever under BCBS guidelines. MiCA is importing the same expectations to crypto.

AML and KYC. Same anti-money laundering and know-your-customer checks as traditional finance. Verify customer identity. Understand the source of funds. Report suspicious transactions. Inherited from 5AMLD, but MiCA adds specific requirements around on-chain transaction monitoring.

Complaints handling. A process for handling customer complaints, demonstrating how you resolved them. Alternative dispute resolution. Not complicated but mandatory.

Stablecoin issuers have it harder

If you're issuing a stablecoin, MiCA gets restrictive. 100 percent reserve requirement. Every unit must be backed by real money or other assets held in a segregated account. No fractional reserves. Independent audits that verify reserves at least monthly. You must disclose all material risks.

That reserve requirement is the real constraint. For a global issuer like Circle or Tether, issuing on all chains globally while maintaining segregated reserves for EU holders is operationally messy. Some stablecoin issuers have scaled back their EU operations because of this.

Licensing happens at the national level, not through some EU-wide regulator. You apply to the financial regulator in the country where you're incorporated. Malta has the MFSA. Luxembourg has CSSF. Cyprus has CySEC. The application process is slow. Financial regulators typically want 4-6 months to process, assuming you're well-prepared. If there are gaps, they ask for more stuff, which can stretch the timeline another 2-3 months.

Start applying six months before your deadline. Not right at the deadline. There's also a transitional period for existing providers. If you were operating as a crypto-asset service provider before MiCA became applicable, you can keep operating under transitional rules while your application gets processed.

Getting ready

If you're offering payment services in crypto-assets to EU customers, start here. Map your exact service. Write down what you do. Whether you hold customer assets. For how long. What chains. Whether you issue stablecoins. Whether you provide custody to other businesses. That determines your licensing scope using the six categories.

If you're unsure, get a regulatory advisor. Assess your compliance infrastructure. Document your KYC and AML procedures. Evaluate your custody model. Understand how you're holding customer assets right now and whether they're segregated. This often means switching custodians to meet MiCA's requirements.

Plan your capital allocation. Do you have the minimum 50,000 euros? Capital requirements stick around. Choose your jurisdiction. Start engaging with the regulator. You don't need a full application to start dialogue. Most regulators have innovation units that discuss business models and application readiness.

Some services fall outside MiCA or only partially inside. Operating outside the EU? MiCA doesn't apply directly, but it does if you serve EU-based customers. B2B service provider? Some consumer protection rules are lighter, but custody and operational resilience still apply. Merchant accepting stablecoins and immediately converting to fiat without holding them? You might fall outside MiCA entirely, though you'll probably fall under PSD2.

What's actually happening now

MiCA is reshaping European crypto payment infrastructure. Companies that licensed early have a moat. Customers know they're not sitting on regulatory risk.

New entrants face compliance costs that are much higher than the cost of writing code.

Consolidation is coming. Some companies are moving EU operations to non-EU jurisdictions. Others are partnering with licensed operators instead of building in-house. Licensed operators are worth more. The market is figuring that out.

For companies willing to navigate this, MiCA creates opportunity. Regulated payment rails are more trusted by enterprises. Compliance stops being a cost center and becomes a competitive advantage.

But the window is closing. Regulators are processing applications faster. The backlog is shrinking. If you're not filing by mid-2026, expect 8-12 month delays.