MiCA Decoded is a 12-article weekly sequence for Bitcoin.com Information, co-authored by LegalBison’s Co-Founding and Managing Administrators: Aaron Glauberman, Viktor Juskin and Sabir Alijev. LegalBison advises crypto and FinTech corporations on MiCA licensing, CASP and VASP functions, and regulatory structuring throughout Europe and past.
The Fantasy: All Main Crypto Frameworks Are Converging Towards the Similar Mannequin
When founders examine jurisdictions, the dialog often goes one among two methods. Both they deal with regulatory regimes as roughly equal, differing solely by price and timeline, or they deal with them as wholly incomparable, every so distinctive that comparability is meaningless. Neither place is correct.
The Markets in Crypto-Property Regulation (MiCA), Dubai’s Digital Property Regulatory Authority (VARA) framework, and Singapore’s licensing regime underneath the Monetary Companies and Markets Act 2022 (FSM Act) and the Cost Companies Act 2019 (PS Act) share a resemblance from the surface. All three require licensing. All three impose fit-and-proper assessments, capital necessities, and anti-money laundering controls. All three declare to steadiness innovation with client safety.
However past the similarity, every regime displays a selected regulatory philosophy, a selected principle of who crypto threat falls on and why, and a selected reply to the query of what a licensed crypto agency truly is. These variations will not be procedural particulars. They decide whether or not a selected enterprise mannequin is licensable in any respect, how a lot substance an entity wants to hold, and what a founder is committing to after they apply.
What the Regulation Truly Says: Scope and Companies
The three regimes begin from totally different definitions of regulated exercise, and people definitional decisions carry vital penalties.
MiCA defines ten classes of crypto-asset companies, starting from custody and buying and selling platform operation by way of portfolio administration and funding recommendation on crypto-assets. The framework creates a single authorization, a Crypto-Asset Service Supplier (CASP) license, that covers whichever subset of these ten companies the applicant intends to offer. The scope is EU-wide, that means a single CASP license passports throughout all 27 EU member states and the three EEA nations (Norway, Iceland, Liechtenstein) with out secondary functions in every.
VARA organizes regulated exercise into distinct classes together with Dealer-Seller Companies, Custody Companies, Change Companies, Lending and Borrowing Companies, and Advisory Companies, amongst others. Every class carries its personal rulebook necessities and its personal paid-up capital threshold. A agency holding a VARA license for Change Companies carries totally different ongoing obligations from one licensed for Advisory Companies alone.
Singapore operates throughout two statutory frameworks relying on the character of the exercise. Crypto exchanges and custody suppliers dealing in digital cost tokens function underneath the PS Act as Main Cost Establishments (MPI). Companies offering digital token companies exterior Singapore, which is the FSM Act’s outlined scope, are regulated as Digital Token Service Suppliers (DTSPs) underneath Half 9 of the FSM Act. The FSM Act covers ten distinct service sorts inside its First Schedule, together with dealing in digital tokens, facilitating the change of digital tokens, and safeguarding digital tokens with management over shopper belongings.
The sensible consequence of those totally different scoping approaches turns into seen when a founder tries to map their enterprise mannequin onto the regulatory structure. That is significantly difficult for border-case platforms like prediction markets that sit on the intersection of Web3 and speculative gaming, the place founders should rigorously assess whether or not they require a crypto authorization or a standalone playing license.
As we noticed in a earlier entry, a DeFi protocol might very nicely be banned underneath MiCA. Below VARA, the identical protocol should assess whether or not any identifiable entity workouts management over the platform, which VARA evaluates utilizing a substance-over-form method. Below Singapore’s framework, the FSM Act focuses on service supply from or by Singapore-connected entities, that means offshore protocol operators structured exterior Singapore could fall exterior the licensing perimeter completely, however provided that they genuinely keep away from the prescribed nexus factors.
Why the Confusion Exists: Passporting, Geographic Attain, and Regulatory Intent
Probably the most consequential structural distinction between the three frameworks is passporting. MiCA creates it. VARA and Singapore don’t.
A CASP licensed in Estonia can notify the related residence member state authority and start providing companies to shoppers throughout all the EU and EEA with out extra licensing. The authorization travels with the entity. This Europe-wide passporting is a serious catalyst for complicated Web3 fashions like on-line video games making use of crypto-assets, which ceaselessly look to enhance their crypto structure with, for instance, a web-based playing license in Estonia. For a enterprise concentrating on EU retail prospects throughout a number of nations, this isn’t a comfort function, it’s the central industrial argument for MiCA authorization. One compliance infrastructure serves 450 million potential prospects.
VARA licensing is Dubai-specific. It governs digital asset exercise carried out in, or concentrating on, the Emirate of Dubai, as established underneath Dubai Legislation No. 4 of 2022. A VARA-licensed change serving shoppers throughout the GCC or internationally does so on the idea of different jurisdictions’ frameworks, or on the idea that it’s not triggering native licensing necessities in these markets. The VARA license itself offers no cross-border passporting mechanism.
Singapore’s FSM Act DTSP license applies to entities that function from Singapore or are Singapore-incorporated however conduct digital token companies exterior Singapore. That’s the meant scope. Singapore doesn’t declare to manage offshore exercise by international corporations on the retail client degree by way of the FSM Act, although MAS does impose restrictions on what licensed and unlicensed DTSPs could do in relation to Singapore residents.
These variations replicate genuinely totally different regulatory theories. MiCA’s passporting design displays the EU’s single market logic, the place fragmentation of economic service entry is handled as a regulatory failure. VARA’s Dubai-specific scope displays a jurisdiction-building technique, the place the target is making Dubai a hub, not regulating international crypto exercise. Singapore’s FSM Act framework displays a reputational risk-management method, the place MAS has been specific that licensing is granted in extraordinarily restricted circumstances and that the regime is designed to anchor high-quality gamers relatively than accommodate broad market entry.
Capital Necessities: Three Totally different Solutions to the Similar Query
All three regimes impose capital necessities. The numbers and the logic behind them will not be the identical.
Below MiCA, minimal capital for a CASP ranges from EUR 50,000 (Class 1), to EUR 125,000 (Class 2), to EUR 150,000 (Class 3). The MiCA regime additionally applies an ongoing fastened overheads requirement, that means a agency should maintain the upper of the fastened minimal or one quarter of its previous yr’s fastened overheads. A CASP with EUR 10 million in annual working bills faces a EUR 2.5 million efficient capital flooring, no matter which service class applies.
VARA applies a paid-up capital mannequin that’s activity-specific and has larger absolute minimums. Advisory Companies require AED 100,000. Suppliers of Custody Companies require base capital equal to the upper of AED 600,000 or 25% of fastened annual overheads. For Dealer-Seller Companies, the capital requirement is determined by their custody preparations: these utilizing a VARA-licensed custodian require the upper of AED 400,000 or 15% of fastened annual overheads, whereas these that don’t use a VARA-licensed custodian require the upper of AED 600,000 or 25% of fastened annual overheads.
Equally, the capital requirement for Change Companies, probably the most capital-intensive class, is the upper of AED 800,000 or 15% of fastened annual overheads if the VASP makes use of a VARA-licensed custodian, and the upper of AED 1,500,000 or 25% of fastened annual overheads in all different situations.VARA additionally imposes a separate Web Liquid Property requirement, requiring VASPs to carry present liquid belongings such that their surplus over present liabilities equals not less than 1.2 instances their month-to-month working bills, reconciled every day, and reported to VARA month-to-month with quarterly aggregation. VARA additionally requires skilled indemnity insurance coverage, administrators and officers insurance coverage, and industrial crime insurance coverage for belongings saved in sizzling wallets.
Singapore’s FSM Act DTSP framework units a base capital flooring of SGD 250,000, relevant uniformly to firms, partnerships, and sole proprietors, with the expectation said in MAS pointers that the capital buffer ought to realistically cowl six to 12 months of working bills. MAS has been specific that DTSPs will not be topic to the identical prudential regulation as deposit-taking establishments and do not need security nets like deposit insurance coverage. The SGD 250,000 flooring is a market entry threshold, not a risk-calibrated prudential buffer within the MiCA or VARA sense.
The sensible distinction is just not solely the numbers. VARA’s Web Liquid Property and insurance coverage necessities create a multi-layered monetary soundness obligation that MiCA and the FSM Act deal with otherwise or much less prescriptively. A agency calculating its VARA compliance publicity must work by way of paid-up capital, internet liquid belongings, and insurance coverage adequacy concurrently, and reconcile all three on particular frequencies, with VARA as a said beneficiary of the capital belief account or surety bond.
Shopper Safety Philosophy: Danger Disclosure, Suitability, and Entry Limits
The place client safety is anxious, MiCA, VARA, and Singapore have totally different intuitions about what regulators ought to truly stop.
MiCA treats crypto-asset service suppliers as monetary companies operators topic to conduct obligations, suitability assessments for portfolio administration and recommendation, finest execution necessities, and ongoing disclosure duties. For retail holders, the regulation requires significant threat disclosures in white papers and advertising and marketing communications, however the particular mechanisms for holder safety rely on the kind of token. For retail holders buying crypto-assets apart from asset-referenced tokens (ARTs) and e-money tokens (EMTs) instantly from an offeror, MiCA imposes a 14-day withdrawal proper. Nonetheless, this withdrawal proper doesn’t apply to ARTs and EMTs; as an alternative, holders of those tokens are protected by a everlasting proper of redemption at any time towards the issuer.
However MiCA doesn’t prohibit entry to crypto buying and selling by retail individuals. It assumes that knowledgeable retail participation is professional and constructions its conduct guidelines accordingly.
VARA’s Market Conduct Rulebook requires shopper agreements, complaints dealing with, and investor classification. VARA classifies traders into three classes: Retail Traders, Certified Traders, and Institutional Traders, with service parameters adjusting by classification. The advertising and marketing laws VARA issued in 2024 are among the many most detailed in any crypto jurisdiction, offering particular steering and illustrative case research on what constitutes prohibited advertising and marketing, together with intensive remedy of social media posts, influencer preparations, and academic content material that will cross into promotion.
Singapore’s method is probably the most restrictive of the three towards retail participation. MAS has persistently warned the general public towards cryptocurrency hypothesis since 2017 and has restricted promoting of DPT companies in public areas. The 2022 session paper on proposed measures for Digital Cost Token Companies launched the preliminary proposals requiring DPTSPs to evaluate retail buyer data earlier than offering any DPT service, apply client entry restrictions, and keep away from providing incentives for retail buying and selling.
MAS’s said place is that regulation can’t and mustn’t give retail prospects the impression that licensed platforms are secure funding venues. The DTSP licensing pointers describe admission as occurring in extraordinarily restricted circumstances, reinforcing that the Singapore framework is just not designed for broad retail market entry by licensed suppliers.
Operational Substance: What Residing Contained in the Regime Seems to be Like
The continued compliance burden throughout all three regimes is substantial. However the character of that burden differs.
MiCA imposes governance necessities, enterprise continuity obligations aligned with the Digital Operational Resilience Act (DORA), AML/CTF frameworks aligned with EU Directives, ongoing reporting, and a compulsory fit-and-proper evaluation for administration and qualifying shareholders. The regime requires a spot of efficient administration within the EU and not less than one EU-resident director. Authorization is service-specific, that means every CASP license specifies which of the ten service classes the holder is allowed to offer.
VARA operates by way of a rulebook system the place a number of books apply to all VASPs concurrently: the Firm Rulebook, Compliance and Danger Administration Rulebook, Expertise and Info Rulebook, and Market Conduct Rulebook, alongside the particular exercise rulebook for every licensed VA Exercise. The Expertise and Info Rulebook requires a Chief Info Safety Officer, a cybersecurity coverage submitted to VARA, and a know-how governance and threat evaluation framework overlaying 5 outlined threat classes. VARA requires a authorized entity in Dubai, clear chain of possession with identifiable final useful homeowners, and written approval for any materials change to firm construction.
Singapore‘s FSM Act framework requires a everlasting workplace or registered workplace in Singapore with a consultant current not less than ten days per thirty days for at least eight hours every day. The DTSP licensing pointers require a penetration check of proposed companies earlier than the licence is granted, unbiased exterior auditor evaluation on know-how and cybersecurity as a situation of in-principle approval, and compliance preparations proportionate to the size and nature of the enterprise. MAS conducts interviews with key administration personnel as a normal a part of the evaluation, and consultants and exterior authorized counsel are explicitly not permitted to attend these interviews.
Every of those substance necessities means one thing for a agency that has by no means constructed inside that regulatory setting earlier than. VARA’s requirement that paid-up capital be secured, whether or not held in a belief account with a UAE financial institution naming VARA as beneficiary or assured by way of a surety bond by a licensed UAE surety firm, is a structural dependency that should be established earlier than authorization. Singapore’s interview requirement means the CEO and compliance officer should be capable of clarify the enterprise mannequin, its threat controls, and its compliance method with out referential help from advisors. These will not be obstacles within the summary, they’re operational situations.
What We Decoded: Jurisdictional Technique Implications
The three frameworks don’t compete with one another in any easy sense. A agency selecting between them is often making a choice about what market it’s truly making an attempt to serve and what sort of regulatory relationship it’s ready to keep up.
- MiCA is the one one of many three that gives direct entry to a unified retail market of continental scale by way of a single authorization. For any crypto-asset service supplier whose major enterprise includes EU retail shoppers, MiCA is just not elective, it’s the framework that determines whether or not that enterprise can function legally within the EU in any respect. The transitional interval ends on July 1, 2026.
- VARA is a Dubai-specific license that serves corporations whose industrial technique is anchored within the UAE and MENA markets, or whose branding advantages from a Dubai-based licensed presence. The capital necessities are larger than MiCA in absolute phrases, the advertising and marketing laws are among the many most detailed globally, and the multi-book compliance structure is substantive. A VARA license doesn’t carry into different jurisdictions, however for corporations concentrating on the Gulf area or looking for to function a compliant change in Dubai particularly, there isn’t any equal various.
- Singapore‘s DTSP license is probably the most restrictive of the three to acquire and is explicitly designed for a slim class of candidates: corporations which can be Singapore-connected however conduct digital token companies exterior Singapore, and that may display they’re already regulated to worldwide requirements elsewhere, that their enterprise mannequin makes financial sense, and that MAS doesn’t have considerations about their construction. Acquiring this license is just not an easy market entry pathway. It’s nearer to a regulatory endorsement, out there to a small variety of operators that meet a excessive threshold.
The regimes will not be functionally interchangeable, they usually weren’t designed to be. A agency making use of to all three concurrently as a result of it desires international protection is making three totally different commitments to 3 totally different regulators with three totally different theories of what a licensed crypto agency ought to appear to be. Getting that coordination proper requires greater than a parallel software course of. It requires understanding what every regulator is definitely making an attempt to perform and whether or not the enterprise can credibly decide to it.
This text relies on a examine carried out by LegalBison in Could 2026. The content material is for informational functions solely and doesn’t represent authorized recommendation.
