MiCA in 2026: The Compliance Checklist for Crypto Exchanger Operators

iEXExchanger
MiCA in 2026: The Compliance Checklist for Crypto Exchanger Operators

MiCA came into full effect in December 2024 and applies to every business serving EU residents, including non-EU exchangers. Here is what operators need to know about CASP licences, Travel Rule, and stablecoin rules.

MiCA is no longer a regulation on the horizon — it is in effect, and its reach is wider than most non-EU exchanger operators realise. If you serve EU clients today, or plan to, here is the practical picture: what you must do, what changes your daily operations, and where you can afford to wait.

Who MiCA applies to — and since when

The Markets in Crypto-Assets regulation came into full force in December 2024. It applies to any company providing crypto services to EU residents, regardless of where that company is incorporated. This extraterritorial reach catches most CIS and Asian exchanger operators off guard.

For an exchanger, the takeaway is simple: to legally serve European clients, you need either a CASP (Crypto-Asset Service Provider) licence in one EU member state, or a partnership with an already-licensed entity. The upside: a CASP licence works as a single passport across all 27 EU countries.

CASP licensing: what it actually takes

An exchanger converting crypto to crypto or crypto to fiat falls under the exchange-of-crypto-assets category — one of the lower-cost CASP classes. The baseline requirements:

  • A legal entity in an EU or EEA country.
  • A physical presence and a director with a clean professional record.
  • A documented AML/CFT programme with a designated MLRO.
  • Technical and organisational safeguards for client assets.
  • Minimum capital of €50,000 for exchange services.

Applications take three to nine months depending on the jurisdiction. Lithuania, the Netherlands, and Germany are the most popular first-CASP destinations for non-EU founders.

Travel Rule: what changed for transfers

Under MiCA, the Travel Rule requires passing originator and beneficiary data on every transfer above €1,000 between two licensed VASPs. In practice this means connecting to a Travel Rule protocol: TRISA, TRP, Notabene, or Sygna.

Standards are not yet unified, so protocol choice depends on your specific counterparties. Direct client payouts to self-hosted wallets fall outside the Travel Rule, but enhanced verification is required for those transfers above €1,000.

KYC/AML: what changes for your clients

MiCA does not prescribe KYC procedures — that sits in AMLD6, which runs in parallel. For exchangers serving EU clients the baseline is: identity verification on transactions above €1,000, Enhanced Due Diligence for PEPs and high-risk operations, and ongoing transaction monitoring.

Exchangers without a CASP licence that still accept EU clients are in a grey zone. A national regulator can demand they stop serving EU residents — that is a concrete operational risk, not a distant hypothetical.

USDT and stablecoins: the cautious zone

MiCA splits stablecoins into EMTs (Electronic Money Tokens, fiat-pegged) and ARTs (Asset-Referenced Tokens). USDT is formally an ART — and Tether has not obtained EU authorisation. That does not make USDT illegal to hold, but CASP-licensed entities cannot actively market it as their primary product.

USDC (Circle received EMT authorisation in France) and EURe are the safer options for CASP-licensed operations. If your business relies on USDT liquidity and you are planning a CASP licence, resolve this before you apply.

Conclusion

MiCA does not kill crypto business in the EU — it structures it. For an exchanger that wants to operate sustainably with European clients, the path is one: CASP licence, Travel Rule integration, and a built-out KYC process. Expensive and slow, yes. But it opens a market of 450 million people with full legal standing on both sides.

If you are building or scaling your own exchanger and want infrastructure designed for compliance from day one, explore iEXExchanger — a platform purpose-built for launching and running a crypto exchanger business.

Questions and answers

Frequently asked questions about this article

What is MiCA and who does it affect?

MiCA (Markets in Crypto-Assets) is an EU regulation in full force since December 2024. It governs all companies providing crypto services to EU residents, including those incorporated outside Europe. For exchangers, the key consequence is that a CASP licence is required to legally serve European clients.

Does a non-EU exchanger need a CASP licence to serve European clients?

Yes. MiCA applies extraterritorially: if you serve EU residents, regardless of where you are incorporated, you fall under its scope. To operate legally you must either establish an EU entity and obtain a CASP licence, or work through a licensed partner. Serving EU clients without a licence creates real regulatory risk.

What is the Travel Rule and how does it affect an exchanger?

The Travel Rule requires passing originator and beneficiary data on transfers above 1,000 euros between two licensed VASPs. For an exchanger this means technical integration with a Travel Rule protocol (TRISA, TRP, Notabene, Sygna) and data-sharing procedures with counterparties. It is a mandatory operating condition in the EU.

Why is USDT problematic for CASP-licensed exchangers?

Under MiCA, USDT is classified as an ART (Asset-Referenced Token), not an EMT. Actively offering an ART in the EU requires separate regulator approval. Tether has not obtained that approval, so CASP-licensed entities cannot actively market USDT as a product. USDC (Circle holds EMT authorisation) and EURe are the safer alternatives.