Regulation (EU) 2023/1114 (MiCA) was published in the Official Journal on 9 June 2023 and applies in stages: the stablecoin titles, covering asset-referenced tokens and e-money tokens, from 30 June 2024, and the remaining titles, including those for Crypto-Asset Service Providers (CASPs), from 30 December 2024. It establishes a single EU framework for issuers of crypto-assets and for service providers, covering authorisation, prudential requirements, governance and conduct rules. The consolidated text sits on EUR-Lex at the citation above.
MiCA is not framed as an AI regulation, but CASPs and issuers using AI inherit the framework by default. Trading systems, customer onboarding, market surveillance, fraud detection and customer-facing chat all sit inside the governance expectations under Article 68 and inside Title VI on market abuse. ESMA and EBA issue Level 2 binding technical standards and Level 3 guidelines that shape the day-to-day supervisory dialogue between firms and their national competent authorities.
The practical effect is layered supervision. NCAs apply MiCA, AMLD obligations, the EU Travel Rule (Regulation (EU) 2023/1113) and the EU AI Act simultaneously. A CASP running an AI fraud detection model is, in a single operational line, subject to MiCA Article 68 governance expectations, AMLD detection effectiveness duties, and where the AI is classified as high-risk under EU AI Act Annex III, the full Article 8 to 27 obligations on top.
CASPs must be authorised in a home member state and may then passport services across the EU. Authorisation requires a programme of operations, governance arrangements, prudential safeguards and a description of IT systems. AI components used inside any of those systems must be documented and supportable on supervisory request.
Article 68 requires sound administrative arrangements, effective internal control mechanisms, robust IT systems and resilient business continuity. AI used in trading, custody, customer service or market surveillance falls squarely inside these expectations and must be documented within the firm's governance framework, with clear ownership and oversight.
MiCA extends market abuse prohibitions to crypto-asset markets, including insider dealing, unlawful disclosure and market manipulation. Firms must detect and report suspected abuse, including by their own customers. AI surveillance models used for this purpose are subject to explainability, false-positive management and audit expectations.
AMLD obligations and the EU Travel Rule (Regulation (EU) 2023/1113) apply alongside MiCA. AI used for customer due diligence, transaction monitoring and sanctions screening operates under both the substantive AML rules and supervisory expectations of effective detection, with evidence available for inspection.
Asset-referenced tokens and e-money tokens carry reserve, prudential and disclosure requirements that applied from 30 June 2024. Significant tokens come under EBA supervision. AI used in reserve management, redemption operations or holder communications sits inside that framework and must support disclosure accuracy.
AI used to assess creditworthiness, evaluate insurance risk or set prices for natural persons remains high-risk under EU AI Act Annex III independently of MiCA. CASPs offering related services pick up Article 8 to 27 obligations on top of MiCA governance, and Article 50 transparency duties apply to customer-facing AI.
Issues binding technical standards and supervisory convergence measures for MiCA, particularly for CASPs and trading provisions, and coordinates NCA practice across the EU.
Issues binding technical standards for stablecoin (ART and EMT) issuers and supervises significant ARTs and EMTs jointly with NCAs and the ECB where relevant.
Authorise CASPs in their home member state, run day-to-day supervision and apply enforcement. The list of MiCA NCAs is maintained on ESMA's website.
Engages on monetary policy and financial stability implications of significant stablecoins, alongside EBA and the relevant NCAs.
The stablecoin titles applied from 30 June 2024; CASP titles from 30 December 2024. National transitional regimes have allowed existing crypto firms time to seek MiCA authorisation, with the length and shape of the regime varying by member state. The EUR-Lex consolidated text and ESMA's MiCA pages are the authoritative references.
ESMA has published Level 2 measures, including Regulatory Technical Standards and Implementing Technical Standards, and Level 3 guidelines covering operational areas such as suitability, complaint handling and conflicts of interest. CASPs should track ESMA's MiCA publications register and EBA's stablecoin standards on a continuous basis.
Enforcement under MiCA is primarily an NCA function in the first instance. Public, firm-specific enforcement actions under MiCA should not be assumed in the early years of the regime; supervisory letters, thematic reviews and routine dialogue are the more common vehicles, with formal action reserved for material breaches.
| Adjacent rule | How it interacts |
|---|---|
| EU AI Act (Regulation 2024/1689) | AI used for creditworthiness, insurance risk assessment or pricing for natural persons is high-risk under Annex III. CASPs operating in those areas pick up Article 8 to 27 obligations independently of MiCA. Article 50 transparency duties apply to customer-facing AI such as chat assistants and synthetic content. |
| AMLD and EU AML package | AML obligations apply to CASPs alongside MiCA. AI transaction monitoring, customer due diligence and sanctions screening must satisfy AML effectiveness expectations and, where they classify natural persons in financial conduct, the EU AI Act's transparency and documentation duties on top. |
| Travel Rule (Regulation (EU) 2023/1113) | The EU Travel Rule applied from 30 December 2024 and requires information accompanying transfers of crypto-assets, including originator and beneficiary data. AI systems used to validate, enrich or screen transfer data must support the Travel Rule operational and record-keeping expectations. |
| DORA (Regulation (EU) 2022/2554) | DORA on digital operational resilience applies to CASPs as financial entities. ICT risk management, third-party arrangements, incident classification and reporting, and resilience testing expectations cover AI components in the firm's stack, including model serving and vendor APIs. |
| GDPR | AI customer-facing systems and AML automation handle personal data extensively. GDPR lawful basis, DPIA, minimisation and automated decision-making obligations apply alongside MiCA conduct rules and AI Act technical documentation duties, and must be reconciled inside one evidence set. |
“Firms treat MiCA as a crypto regulation and the EU AI Act as an AI regulation and never reconcile the two. The CASPs that get this right run one governance framework that satisfies both regimes plus AMLD, DORA and GDPR, with a single evidence set behind it.”
No. MiCA is the EU's crypto-asset framework. AI use inside a CASP is governed by MiCA Article 68 plus adjacent regimes (EU AI Act, AMLD, DORA, GDPR), not by any AI-specific MiCA provision.
Stablecoin titles applied from 30 June 2024; CASP titles from 30 December 2024. Some national transitional regimes give existing firms a further window to seek authorisation, with terms set by each member state.
Yes where they actively solicit EU customers or provide services in the EU. The reverse-solicitation exemption is narrow, applies only where the customer initiates the relationship on a strictly own-initiative basis, and is not a general workaround.
Title VI extends market abuse prohibitions to crypto-asset markets. AI surveillance must support detection effectiveness, explainability and audit, with documented false-positive management and clear escalation into the firm's suspicious transaction and order reporting process.
8 to 16 weeks to a production-ready artefact set: AI inventory, governance design, monitoring plan and audit pack mapped to MiCA, EU AI Act, AMLD and DORA, partner-led and fixed fee.
MiCA (Regulation (EU) 2023/1114) is the EU's crypto-asset framework: stablecoin titles applied from 30 June 2024, CASP titles from 30 December 2024. It is not an AI regulation, but Article 68 governance, Title VI market abuse rules and adjacent AML, Travel Rule and DORA obligations bring AI use in trading, KYC and surveillance into supervisory scope. Moweb builds one Article 68-aligned governance framework that also satisfies the EU AI Act, AMLD, DORA and GDPR, partner-led, fixed fee, 8 to 16 weeks.