MiCA does not cover DeFi. What does this mean for the crypto asset market in the EU?
24 July 2025 / Articles
On 31 May 2024, Regulation (EU) 2023/1114 (‘MiCA’) entered into force, opening a new chapter in the regulation of the crypto-asset market in the EU. Many observers welcomed this act with enthusiasm, considering it a ‘complete’ code for the industry. However, this enthusiasm proved premature. Even a cursory analysis reveals a significant gap: MiCA does not cover the phenomenon of decentralised finance (DeFi), including decentralised cryptocurrency exchanges (DEXs), where services are provided not by an identifiable operator but by code stored on a blockchain network. In doing so, the EU legislator has left out of the scope of regulation a segment which, from the perspective of technological innovation, best illustrates the revolution brought about by DLT technology.
The illusion of full regulation
MiCA, in Article 2 and the recitals of the preamble, provides for significant exclusions. MiCA does not apply to, among other things:
- deposits, including structured deposits,
- cash (unless they meet the definition of e-money tokens),
- NFT tokens, provided they are ‘unique and non-fungible’;
However, it will be crucial to pay attention to recital 22 of MiCA. In this recital, the legislator stated that ‘where crypto-asset services are provided in a fully decentralised manner, without intermediaries, they should not be covered by this Regulation.’
Therefore, MiCA effectively covers only centralised or hybrid models. Services where there is no operator, provider or controller are not covered by the new rules.
Lack of DeFi regulation: the premise of ‘fully decentralised’
In practice, not all DeFi business models will meet the criterion of full decentralisation.
Recital 22 of MiCA indicates that the regulation does not cover services provided in a ‘fully decentralised manner, without intermediaries’. Although the term ‘intermediary’ is not defined, it can be assumed that it refers to a legal entity that is actively involved in the operation, provision or control of services related to crypto-assets, whether directly or indirectly.
As a result, the assessment of ‘full decentralisation’ may require determining in each case whether any entity influences the functioning of the protocol or interface. Unfortunately, the EU legislator has not provided more detailed criteria or proposed a definition that would make it easier for supervisory authorities and market participants to clearly classify entities, which is likely to cause interpretation complications in the near future.
In practice, therefore, it will be the national supervisory authority – in Poland, the Financial Supervision Authority – that will decide whether a particular DeFi is subject to MiCa and whether it requires a CASP authorisation. For the time being, there are no detailed guidelines to assist in making such a decision, but it is likely that EU authorities will provide guidance on what elements should be taken into account in order to assess whether certain services are provided in a fully decentralised manner without intermediaries or not.
Partial decentralisation remains subject to MiCA
The ‘comfort’ of no regulation is not provided by partial decentralisation. Recital 22 itself stipulates that if ‘part of such activities or services are carried out in a decentralised manner’, MiCA obligations remain in force. Such a modern hybrid could be a DEX with an upgrade key, i.e. a smart contract that can be changed or suspended by the project management. In practice, such a protocol is not fully decentralised, as there is an entity that retains the ability to interfere with its functioning.
In such configurations, it may be possible to identify the controlling entity (even partially), and therefore the competent national authority may consider that such an entity can only operate after obtaining a CASP licence.
Issuance of crypto-assets ‘without an issuer’
The second exception provided for in recital 22 does not concern services but the issuance of crypto-assets. If a crypto asset ‘has no identifiable issuer’, the provisions of Titles II to IV of MiCA (concerning, inter alia, the information document, obligations towards token holders, issuance, offering and admission to trading of crypto assets) do not apply.
This exception may apply to issues made directly by an on-chain protocol launched without a central entity, e.g. through a fair launch or automatic minting mechanism, without the involvement of any managing person.
It is worth noting that MiCA does not specify what specific characteristics should determine whether a particular entity can be considered an issuer. Nevertheless, the degree of control over the issuance process and the possibility of linking specific persons or structures to the management of the issuance or the economic benefits derived from it may be of key importance.
Practical consequences for the market
- The national authority (in Poland – the Polish Financial Supervision Authority) will have to determine whether there is an ‘intermediary’ in a given project model and whether the issuer can be identified. Under the draft Polish law on the cryptoasset market (June 2025), the KNF will gain instruments to restrict access to or block the interface to such a website.
- Entrepreneurs should assess the level of centralisation of their products today. Projects that use multisig to upgrade a contract, charge transaction fees or control issuance revenues, or set rules for service/token management may qualify as CASPs.
- Investors should be aware that the absence of an issuer or CASP also means that there is no European regulatory protection under MiCA.
Conclusions
MiCA is only the first step towards a harmonised crypto-asset market. By drawing a line in recital 22, the European legislator has recognised that DeFi requires a separate – perhaps entirely new – regulatory approach. Until such a framework is developed:
- full decentralisation remains the only way for a service to fall completely outside MiCA;
- any element of centralisation may entail licensing obligations;
- the national authority will have to assess whether it is dealing with DeFi or not.
Need help with this topic?
Write to our expert
Articles in this category
Liability for damage caused by autonomous vehicles – who is legally responsible?
Liability for damage caused by autonomous vehicles – who is legally responsible?Jacek Cieśliński in Puls Biznesu on the correct labelling of promotions
Jacek Cieśliński in Puls Biznesu on the correct labelling of promotionsGreen lies, real consequences – greenwashing in the light of the law
Green lies, real consequences – greenwashing in the light of the lawEuropean Accessibility Act (EAA) – a comprehensive guide for businesses
European Accessibility Act (EAA) – a comprehensive guide for businessesMiCA in Poland – a compendium of knowledge about transition periods and deadlines in the draft law on the crypto-asset market
MiCA in Poland – a compendium of knowledge about transition periods and deadlines in the draft law on the crypto-asset market