MiCA Decoded is a 12-article weekly collection for Bitcoin.com Information, co-authored by LegalBison’s Co-Founding and Managing Administrators: Aaron Glauberman, Viktor Juskin and Sabir Alijev. LegalBison advises crypto and FinTech corporations on MiCA licensing, CASP and VASP purposes, and regulatory structuring throughout Europe and past.
The Delusion: All Main Crypto Frameworks Are Converging Towards the Similar Mannequin
When founders evaluate jurisdictions, the dialog normally goes one among two methods. Both they deal with regulatory regimes as roughly equal, differing solely by price and timeline, or they deal with them as wholly incomparable, every so distinctive that comparability is meaningless. Neither place is correct.
The Markets in Crypto-Property Regulation (MiCA), Dubai’s Digital Property Regulatory Authority (VARA) framework, and Singapore’s licensing regime below the Monetary Providers and Markets Act 2022 (FSM Act) and the Cost Providers Act 2019 (PS Act) share a resemblance from the skin. All three require licensing. All three impose fit-and-proper assessments, capital necessities, and anti-money laundering controls. All three declare to stability innovation with shopper safety.
However past the similarity, every regime displays a particular regulatory philosophy, a particular concept of who crypto danger falls on and why, and a particular reply to the query of what a licensed crypto agency truly is. These variations are usually not procedural particulars. They decide whether or not a particular enterprise mannequin is licensable in any respect, how a lot substance an entity wants to hold, and what a founder is committing to once they apply.
What the Regulation Truly Says: Scope and Providers
The three regimes begin from totally different definitions of regulated exercise, and people definitional selections carry vital penalties.
MiCA defines ten classes of crypto-asset companies, starting from custody and buying and selling platform operation by portfolio administration and funding recommendation on crypto-assets. The framework creates a single authorization, a Crypto-Asset Service Supplier (CASP) license, that covers whichever subset of these ten companies the applicant intends to offer. The scope is EU-wide, that means a single CASP license passports throughout all 27 EU member states and the three EEA nations (Norway, Iceland, Liechtenstein) with out secondary purposes in every.
VARA organizes regulated exercise into distinct classes together with Dealer-Seller Providers, Custody Providers, Alternate Providers, Lending and Borrowing Providers, and Advisory Providers, amongst others. Every class carries its personal rulebook necessities and its personal paid-up capital threshold. A agency holding a VARA license for Alternate Providers carries totally different ongoing obligations from one licensed for Advisory Providers alone.
Singapore operates throughout two statutory frameworks relying on the character of the exercise. Crypto exchanges and custody suppliers dealing in digital cost tokens function below the PS Act as Main Cost Establishments (MPI). Corporations offering digital token companies outdoors Singapore, which is the FSM Act’s outlined scope, are regulated as Digital Token Service Suppliers (DTSPs) below Half 9 of the FSM Act. The FSM Act covers ten distinct service varieties inside its First Schedule, together with dealing in digital tokens, facilitating the alternate of digital tokens, and safeguarding digital tokens with management over shopper property.
The sensible consequence of those totally different scoping approaches turns into seen when a founder tries to map their enterprise mannequin onto the regulatory structure. That is significantly difficult for border-case platforms like prediction markets that sit on the intersection of Web3 and speculative gaming, the place founders should fastidiously assess whether or not they require a crypto authorization or a standalone playing license.
As we noticed in a earlier entry, a DeFi protocol may very effectively be banned below MiCA. Beneath VARA, the identical protocol should assess whether or not any identifiable entity workout routines management over the platform, which VARA evaluates utilizing a substance-over-form method. Beneath Singapore’s framework, the FSM Act focuses on service supply from or by Singapore-connected entities, that means offshore protocol operators structured outdoors Singapore could fall outdoors the licensing perimeter completely, however provided that they genuinely keep away from the prescribed nexus factors.
Why the Confusion Exists: Passporting, Geographic Attain, and Regulatory Intent
Essentially the most consequential structural distinction between the three frameworks is passporting. MiCA creates it. VARA and Singapore don’t.
A CASP approved in Estonia can notify the related house member state authority and start providing companies to shoppers throughout all the EU and EEA with out further licensing. The authorization travels with the entity. This Europe-wide passporting is a significant catalyst for complicated Web3 fashions like on-line video games making use of crypto-assets, which incessantly look to enrich their crypto structure with, for instance, a web-based playing license in Estonia. For a enterprise focusing on EU retail prospects throughout a number of nations, this isn’t a comfort function, it’s the central business argument for MiCA authorization. One compliance infrastructure serves 450 million potential prospects.
VARA licensing is Dubai-specific. It governs digital asset exercise performed in, or focusing on, the Emirate of Dubai, as established below Dubai Legislation No. 4 of 2022. A VARA-licensed alternate serving shoppers throughout the GCC or internationally does so on the premise of different jurisdictions’ frameworks, or on the premise that it’s not triggering native licensing necessities in these markets. The VARA license itself offers no cross-border passporting mechanism.
Singapore’s FSM Act DTSP license applies to entities that function from Singapore or are Singapore-incorporated however conduct digital token companies outdoors Singapore. That’s the meant scope. Singapore doesn’t declare to control offshore exercise by international companies on the retail shopper degree by the FSM Act, although MAS does impose restrictions on what licensed and unlicensed DTSPs could do in relation to Singapore residents.
These variations replicate genuinely totally different regulatory theories. MiCA’s passporting design displays the EU’s single market logic, the place fragmentation of economic service entry is handled as a regulatory failure. VARA’s Dubai-specific scope displays a jurisdiction-building technique, the place the target is making Dubai a hub, not regulating world crypto exercise. Singapore’s FSM Act framework displays a reputational risk-management method, the place MAS has been specific that licensing is granted in extraordinarily restricted circumstances and that the regime is designed to anchor high-quality gamers quite than accommodate broad market entry.
Capital Necessities: Three Totally different Solutions to the Similar Query
All three regimes impose capital necessities. The numbers and the logic behind them are usually not the identical.
Beneath MiCA, minimal capital for a CASP ranges from EUR 50,000 (Class 1), to EUR 125,000 (Class 2), to EUR 150,000 (Class 3). The MiCA regime additionally applies an ongoing fastened overheads requirement, that means a agency should maintain the upper of the fastened minimal or one quarter of its previous yr’s fastened overheads. A CASP with EUR 10 million in annual working bills faces a EUR 2.5 million efficient capital ground, no matter which service class applies.
VARA applies a paid-up capital mannequin that’s activity-specific and has increased absolute minimums. Advisory Providers require AED 100,000. Suppliers of Custody Providers require base capital equal to the upper of AED 600,000 or 25% of fastened annual overheads. For Dealer-Seller Providers, the capital requirement is determined by their custody preparations: these utilizing a VARA-licensed custodian require the upper of AED 400,000 or 15% of fastened annual overheads, whereas these that don’t use a VARA-licensed custodian require the upper of AED 600,000 or 25% of fastened annual overheads.
Equally, the capital requirement for Alternate Providers, probably the most capital-intensive class, is the upper of AED 800,000 or 15% of fastened annual overheads if the VASP makes use of a VARA-licensed custodian, and the upper of AED 1,500,000 or 25% of fastened annual overheads in all different situations.VARA additionally imposes a separate Internet Liquid Property requirement, requiring VASPs to carry present liquid property such that their surplus over present liabilities equals at the least 1.2 occasions their month-to-month working bills, reconciled day by day, and reported to VARA month-to-month with quarterly aggregation. VARA additionally requires skilled indemnity insurance coverage, administrators and officers insurance coverage, and business crime insurance coverage for property saved in scorching wallets.
Singapore’s FSM Act DTSP framework units a base capital ground of SGD 250,000, relevant uniformly to firms, partnerships, and sole proprietors, with the expectation said in MAS pointers that the capital buffer ought to realistically cowl six to 12 months of working bills. MAS has been specific that DTSPs are usually not topic to the identical prudential regulation as deposit-taking establishments and shouldn’t have security nets like deposit insurance coverage. The SGD 250,000 ground is a market entry threshold, not a risk-calibrated prudential buffer within the MiCA or VARA sense.
The sensible distinction isn’t solely the numbers. VARA’s Internet Liquid Property and insurance coverage necessities create a multi-layered monetary soundness obligation that MiCA and the FSM Act tackle in a different way or much less prescriptively. A agency calculating its VARA compliance publicity must work by paid-up capital, web liquid property, and insurance coverage adequacy concurrently, and reconcile all three on particular frequencies, with VARA as a said beneficiary of the capital belief account or surety bond.
Shopper Safety Philosophy: Threat Disclosure, Suitability, and Entry Limits
The place shopper safety is anxious, MiCA, VARA, and Singapore have totally different intuitions about what regulators ought to truly stop.
MiCA treats crypto-asset service suppliers as monetary companies operators topic to conduct obligations, suitability assessments for portfolio administration and recommendation, greatest execution necessities, and ongoing disclosure duties. For retail holders, the regulation requires significant danger disclosures in white papers and advertising communications, however the particular mechanisms for holder safety depend upon the kind of token. For retail holders buying crypto-assets apart from asset-referenced tokens (ARTs) and e-money tokens (EMTs) instantly from an offeror, MiCA imposes a 14-day withdrawal proper. Nevertheless, this withdrawal proper doesn’t apply to ARTs and EMTs; as an alternative, holders of those tokens are protected by a everlasting proper of redemption at any time towards the issuer.
However MiCA doesn’t limit entry to crypto buying and selling by retail individuals. It assumes that knowledgeable retail participation is respectable and buildings its conduct guidelines accordingly.
VARA’s Market Conduct Rulebook requires shopper agreements, complaints dealing with, and investor classification. VARA classifies traders into three classes: Retail Buyers, Certified Buyers, and Institutional Buyers, with service parameters adjusting by classification. The advertising laws VARA issued in 2024 are among the many most detailed in any crypto jurisdiction, offering particular steering and illustrative case research on what constitutes prohibited advertising, together with in depth therapy of social media posts, influencer preparations, and academic content material that will cross into promotion.
Singapore’s method is probably the most restrictive of the three towards retail participation. MAS has persistently warned the general public towards cryptocurrency hypothesis since 2017 and has restricted promoting of DPT companies in public areas. The 2022 session paper on proposed measures for Digital Cost Token Providers launched the preliminary proposals requiring DPTSPs to evaluate retail buyer data earlier than offering any DPT service, apply shopper entry restrictions, and keep away from providing incentives for retail buying and selling.
MAS’s said place is that regulation can’t and shouldn’t give retail prospects the impression that licensed platforms are secure funding venues. The DTSP licensing pointers describe admission as occurring in extraordinarily restricted circumstances, reinforcing that the Singapore framework isn’t designed for broad retail market entry by licensed suppliers.
Operational Substance: What Residing Contained in the Regime Appears to be like Like
The continuing compliance burden throughout all three regimes is substantial. However the character of that burden differs.
MiCA imposes governance necessities, enterprise continuity obligations aligned with the Digital Operational Resilience Act (DORA), AML/CTF frameworks aligned with EU Directives, ongoing reporting, and a compulsory fit-and-proper evaluation for administration and qualifying shareholders. The regime requires a spot of efficient administration within the EU and at the least one EU-resident director. Authorization is service-specific, that means every CASP license specifies which of the ten service classes the holder is permitted to offer.
VARA operates by a rulebook system the place a number of books apply to all VASPs concurrently: the Firm Rulebook, Compliance and Threat Administration Rulebook, Know-how and Data Rulebook, and Market Conduct Rulebook, alongside the precise exercise rulebook for every licensed VA Exercise. The Know-how and Data Rulebook requires a Chief Data Safety Officer, a cybersecurity coverage submitted to VARA, and a know-how governance and danger evaluation framework overlaying 5 outlined danger classes. VARA requires a authorized entity in Dubai, clear chain of possession with identifiable final useful house owners, and written approval for any materials change to firm construction.
Singapore‘s FSM Act framework requires a everlasting administrative center or registered workplace in Singapore with a consultant current at the least ten days monthly for no less than eight hours every day. The DTSP licensing pointers require a penetration take a look at of proposed companies earlier than the licence is granted, unbiased exterior auditor evaluation on know-how and cybersecurity as a situation of in-principle approval, and compliance preparations proportionate to the dimensions and nature of the enterprise. MAS conducts interviews with key administration personnel as a regular a part of the assessment, and consultants and exterior authorized counsel are explicitly not permitted to attend these interviews.
Every of those substance necessities means one thing for a agency that has by no means constructed inside that regulatory setting earlier than. VARA’s requirement that paid-up capital be secured, whether or not held in a belief account with a UAE financial institution naming VARA as beneficiary or assured by a surety bond by a licensed UAE surety firm, is a structural dependency that should be established earlier than authorization. Singapore’s interview requirement means the CEO and compliance officer should be capable of clarify the enterprise mannequin, its danger controls, and its compliance method with out referential assist from advisors. These are usually not obstacles within the summary, they’re operational circumstances.
What We Decoded: Jurisdictional Technique Implications
The three frameworks don’t compete with one another in any easy sense. A agency selecting between them is normally making a call about what market it’s truly attempting to serve and what sort of regulatory relationship it’s ready to take care of.
- MiCA is the one one of many three that gives direct entry to a unified retail market of continental scale by a single authorization. For any crypto-asset service supplier whose major enterprise includes EU retail shoppers, MiCA isn’t optionally available, it’s the framework that determines whether or not that enterprise can function legally within the EU in any respect. The transitional interval ends on July 1, 2026.
- VARA is a Dubai-specific license that serves companies whose business technique is anchored within the UAE and MENA markets, or whose branding advantages from a Dubai-based licensed presence. The capital necessities are increased than MiCA in absolute phrases, the advertising laws are among the many most detailed globally, and the multi-book compliance structure is substantive. A VARA license doesn’t carry into different jurisdictions, however for companies focusing on the Gulf area or searching for to function a compliant alternate in Dubai particularly, there isn’t a equal various.
- Singapore‘s DTSP license is probably the most restrictive of the three to acquire and is explicitly designed for a slim class of candidates: companies which might be Singapore-connected however conduct digital token companies outdoors Singapore, and that may exhibit they’re already regulated to worldwide requirements elsewhere, that their enterprise mannequin makes financial sense, and that MAS doesn’t have issues about their construction. Acquiring this license isn’t a simple market entry pathway. It’s nearer to a regulatory endorsement, accessible to a small variety of operators that meet a excessive threshold.
The regimes are usually not functionally interchangeable, they usually weren’t designed to be. A agency making use of to all three concurrently as a result of it desires world protection is making three totally different commitments to a few totally different regulators with three totally different theories of what a licensed crypto agency ought to seem like. Getting that coordination proper requires greater than a parallel software course of. It requires understanding what every regulator is definitely attempting to perform and whether or not the enterprise can credibly decide to it.
This text is predicated on a examine performed by LegalBison in Could 2026. The content material is for informational functions solely and doesn’t represent authorized recommendation.
