With the Markets in Crypto Assets regulation (MiCA) framework launched in the EU and many other regulations spurring around the world, we all see that the pace of crypto regulation is accelerating.
But how do Web3 teams understand which regulations to keep an eye on? How can they stay compliant without throwing their principles of decentralization and privacy under the bus? And how can they adapt if they don’t have a massive budget for legal consultants and a quick tech revamping?
Here’s the TLDR on crypto asset regulation, answering all of these questions.
Some of the most relevant pieces of regulation being currently legislated or already in place include the following:
But if you don’t have time to study all of these, it’s definitely worth focusing on the EU’s Markets in Crypto Assets (MiCA). It has been called a “
In simple terms, the 150-odd pages of MiCA text stipulate:
If you issue crypto assets (other than asset-backed tokens or e-money tokens), you will need to publish a 'crypto asset white paper' describing the project, rights attached to the tokens, risks, etc. There are exemptions for small offers under EUR 1 million.
If you provide services related to crypto-assets, like operating an exchange or custody services, you will need authorization as a crypto-asset service provider. Article 3 defines custody and administration of crypto-assets as "safekeeping or controlling, on behalf of third parties, crypto-assets or controlling the means of access to crypto-assets where the crypto-assets or the means of access are held in a distributed ledger." This suggests browser wallets could fall under custody services if they control crypto-assets or access on behalf of users.
There are bespoke rules on market abuse that apply to crypto assets admitted to trading. For instance, Article 82 defines market manipulation, and Article 83 prohibits insider dealing and unlawful disclosure of insider information. For natural persons, penalties can include fines of at least EUR 500,000 and up to EUR 5 million.
Overall, it will require crypto companies to comply with clear rules and authorization requirements. For instance, Article 54 lists data points that crypto providers must submit as part of the authorization application - including business plans, governance arrangements, capital, infrastructure, policies, and procedures. Article 58 requires them to comply with national laws on anti-money laundering and counter-terrorist financing. This creates centralization risks and increases the burden on internal and on-chain DPR compliance.
There are more rules and regulations around the launch of stablecoins (called e-money tokens) by the paper.
MiCA is also specific on the requirements founders have to pay attention to:
Founders need to have robust governance arrangements: board members and shareholders that are fit and proper, establishing controls and procedures to manage risks, having strong systems security, record keeping, and more.
They need to maintain minimum capital requirements. Exchanges and wallet providers will need to hold a minimum amount of regulatory capital based on their activities to absorb potential losses. This serves as a financial buffer.
Exchanges have to have fair and clear rules on access to the platform, trading rules, and fee structures. They are required to ensure the resilience of trading systems and conduct market surveillance to detect abuse. Article 2(2) excludes fully decentralized services with no intermediary, but centralized and partially decentralized providers seem to be included regardless of technical setup.
Wallet providers have to segregate client assets from their own assets, have adequate custody arrangements like using cold storage, and ensure prompt access to client assets when needed.
Furthermore, there are guidelines regarding the application process, ongoing supervision, and the conduct of business rules.
Many of you may be thinking: if I’m merely a decentralized protocol developer, all these rules are irrelevant to me. But unfortunately, it’s not that easy.
While MiCA recognizes certain entities organized in a decentralized manner, such as DAOs, there are no explicit instructions on how to classify a certain protocol or company. So regulators may have their own opinion on whether you’re decentralized or not. And even if you do get classified as a decentralized entity, some obligations are still imposed on you - such as AML compliance, for instance.
So if now you’re thinking, “Man, this sounds like a pain in the…”, you are right. It is.
But there is a solution to that.
Let’s face it: very few startups have enough resources to meet all these compliance requirements. Even if they have the budget, finding the right lawyers to cover the whole world’s regulations can take forever. And don’t forget about the users: the majority of crypto users hate the traditional KYC & AML checks.
So what can you do then? A Zug-based company called
Swisstronik is a set of chain-agnostic tools that help you become KYC, AML, and DPR compliant across your chosen jurisdictions - while protecting users’ privacy. Think of it as the “compliance layer” of your dApp, which keeps your product compliant at all times on a pay-per-user basis.
The key building block of Swisstronik is its self-regulating network of local compliance service providers who keep the whole system compliant - even as regulations change.
For example, to become KYC & AML compliant, you can just connect the Swisstronik Decentralized Identities module to your (d)App and run KYC & AML verifications without having to deal with users’ data. All you’ll see is the ZK-proof credential that proves that a specific user can (or cannot) access a specific functionality of your dApp. This means no more DPR, KYC, and AML hurdles for you - and no more data security concerns for your user! The only entity who will see the user data is the KYC/AML provider himself (which is a necessary evil that - alas! - cannot be avoided by law). Moreover, your users can then reuse these credentials in other (d)Apps and even monetize them - which is a good reason to stop hating KYC and put up with the new reality.
Does Swisstronik help to adapt to other MiCA implications? Yes. Through Swisstronik tools, you can also launch ZK versions of your tokens to make them compliant in your chosen locations, prove your asset reserves on the chain when it comes to stablecoins, or do many other things that require you to familiarize yourself with local regulations and adapt your products to them with minimum tech revamping.
Just as layer-two chains scale throughput, Swisstronik helps with “scaling compliance.” Outsource the legal hurdle in a decentralized manner and focus on your core business.
Check the Swisstronik