As the European Union's Markets in Crypto-Assets Regulation (MiCAR) enters full enforcement, the crypto industry faces its most significant regulatory transformation to date. With crypto-asset service providers (CASPs) required to obtain licenses starting January 2025, the promise of harmonized EU-wide regulation is meeting the reality of complex implementation across 27 member states—creating both unprecedented opportunities and formidable compliance challenges.

In this essential Q&A, Renate Prinz, Partner at McDermott Will & Emery, shares critical insights from the regulatory frontlines. As the author of the first comprehensive commentary on MiCAR's licensing provisions for crypto service providers, Prinz brings unparalleled expertise to the practical realities of compliance implementation. Her unique perspective, combining deep knowledge of German financial regulatory law with extensive international M&A experience, provides invaluable guidance for firms navigating this new landscape.

The stakes could not be higher. While recent calls from French, Austrian, and Italian financial authorities for stronger centralized oversight signal ongoing regulatory evolution, firms must act decisively now to secure their position in the EU market. From understanding the nuanced differences in national supervisory approaches to structuring cross-border operations that satisfy multiple regulatory frameworks, the decisions made today will determine which companies thrive in Europe's regulated crypto ecosystem.

This discussion explores the critical compliance challenges emerging across EU member states, strategic approaches for global crypto firms managing multi-jurisdictional operations, and how MiCAR is fundamentally reshaping merger and acquisition activity in the European crypto space. For legal professionals, compliance officers, and business leaders in the digital asset sector, understanding these regulatory dynamics has become essential for competitive success.

Key Areas Covered:

• Practical MiCAR implementation challenges and licensing strategies
• Cross-border compliance frameworks for global crypto operations
• Due diligence evolution and regulatory approval processes in crypto M&A
• Strategic positioning in the new EU regulatory environment

Expert analysis from the author of the definitive MiCAR licensing commentary, providing essential guidance for the regulated crypto era.

Question 1: MiCAR Implementation and Practical Compliance‍

"As the author of the first commentary on the MiCA Regulation regarding licensing crypto service providers, how are you seeing the practical implementation of MiCAR unfold across EU member states? With the regulation now in force and crypto-asset service providers (CASPs) needing to apply for licenses starting January 2025, what are the most critical compliance challenges you're observing, and how can firms best prepare for the licensing process?"

MiCAR is a landmark regulation that promises harmonization and legal certainty for the crypto industry in the EU. However, its implementation is far from uniform, and the licensing process is demanding. CASPs that prepare strategically, engage early with regulators, and invest in robust compliance frameworks will be best positioned to thrive in the new regulatory landscape.

While MiCAR is directly applicable EU-wide, its national implementation and supervisory practices vary significantly. Member states still vary greatly in their approach to regulation. While some countries are still considered relatively “easy” in terms of regulation, others are viewed with caution due to the expected strictness of national supervision and lengthy procedures. I think this will continue to even out, partly due to EU supervisory requirements. However, we are not yet at that point. Just a few days ago (15. September; cf. https://www.amf-france.org/en/news-publications/news-releases/amf-news-releases/french-austrian-and-italian-markets-authorities-call-stronger-european-framework-crypto-asset), the French, Austrian, and Italian financial market authorities proposed key amendments to MiCAR to address fragmented implementation and regulatory gaps, including centralized ESMA supervision of major crypto-asset service providers, stricter oversight of non-EU platforms, mandatory cybersecurity audits, and a one-stop shop for token offerings. These changes shall aim to enhance investor protection, ensure uniform rule application, and strengthen the competitiveness of European crypto markets.

CASPs face several critical hurdles: Licensing procedures under MICAR are complex and requirements for governance, ICT security, business continuity and AML are high. Applications are extensive and very detailed. Depending on the services offered, capital requirements must be met and CASPs need “people on the ground” in the EU with significant knowledge in the market (“fit and proper”).

Firms can best prepare for the licensing process when they start early preparing and, in countries where this is possible, get in touch with the competent national supervisory authority prior to applying to get an understanding of the envisaged procedure for both sides. This should be well prepared with some key facts on the envisaged business model, governance etc. Leveraging legal and regulatory expertise is key in these procedures so companies are best prepared when they work with advisors who are familiar with MICARs nuances, national interpretations and the administration. Preparation and knowledge is key to avoid missteps and delays.

Question 2: Cross-Border Regulatory Navigation for Crypto Firms‍

"Given your expertise in both German financial regulatory law and international M&A, how should crypto firms with global operations approach the intersection of MiCAR with other regulatory frameworks, particularly when dealing with cross-border transactions? What strategic considerations should companies prioritize when structuring operations to comply with both EU crypto regulations and other jurisdictions like the US or UK?"

Crypto firms with global operations face a complex regulatory landscape as they navigate the intersection of the EU’s MiCAR with completely different regulatory frameworks in other jurisdictions like the US and UK. Philosophical differences in these regulations mean that compliance strategies cannot be one-size-fits-all. Firms must tailor their approach to each jurisdiction’s expectations and enforcement culture. In any case, for an EU MICAR license an EU company with a EU seat is required. Such EU company must have a certain degree of independence e.g. from a US parent company, otherwise it might be difficult to pass regulation. As separate legal entities are obligatory in each different regulation (EU / UK / US or elsewhere), regulatory obligations and cross-border risks are ring-fenced. However, within the EU, one license can be passported across all EU countries, in contrast to the US, where a state-by-state review is necessary.

While regulatory arbitrage may seem tempting, it’s increasingly risky. Authorities are cooperating across borders, and reverse solicitation loopholes are being closed. Firms should prioritize regulatory alignment over short-term cost savings to avoid enforcement actions and reputational damage.

Question 3: The Future of Crypto M&A Under MiCAR‍

"With your background in corporate M&A and crypto regulation, how is MiCAR reshaping merger and acquisition activity in the European crypto space? What new due diligence considerations and regulatory approval processes are emerging for crypto-related transactions, and how should acquirers and targets structure deals to navigate the evolving compliance landscape effectively?"

As in other areas of M&A in the regulated sector, it is now crucial that well-considered due diligence with a high level of technical expertise is carried out for M&A transactions in the crypto sector. It would be fatal to take regulation in this area lightly and expose oneself to considerable liability risks, including criminal proceedings for board members or the cessation of business operations by administrative order. Here, the business model and a comprehensive compliance review must be carried out. Which business requiring a license does the target company carry out, are white paper requirements met for token offerings, what regulations do they fall under, does a business model match the existing license? To make matters more difficult, financial market regulation is not limited to a single law; e.g. AML or DORA compliance must also be examined. Entities should also have an eye on the usage of the reverse solicitation exemption. If services have been provided in the EU without having a license under the usage of the reverse solicitation exemption, special care must also be taken as this is subject to stricter rules under MiCAR.

Also, of course, M&A procedures in the regulated sector take longer. In case the target is an EU licensed entity, any party acquiring a significant stake (> 10%) in a CASP or ART issuer must notify the competent authority and undergo a fit-and-proper assessment. Depending on country and complexity of the deal and group structures, this may take a few months. Here again, a specialized advisor and good and early preparation is key.

However, I see MiCAR not only as a compliance framework but also as a strategic enabler—and a gatekeeper—for deal-making in the sector. Once you have a license (or your target has), the license is a sign of quality and security for customers in a very strong economic market. This is a huge selling point, especially in the crypto business. The key is to treat compliance as a value driver, not just a cost center. Firms that understand its implications and integrate regulatory strategy into deal structuring will be best positioned to capitalize on the opportunities it creates.

Want to contribute to our Q&A series? If you're a legal expert in the web3/AI space and would like to share your expertise by joining our Q&A series, please reach out to hi@databirdjournal.com