Performing services in a decentralised manner under MiCAR


At the end of April 2023, the European parliament decided on a uniform regulation of crypto assets across the EU by voting on the MiCA regulation (i.e. markets in crypto-assets). The intended innovations are "explosive" for activities related to crypto assets, in particular if they were not yet regulated in Germany where the legislator had provisions already in place, which are similar to those under MiCAR.

MiCAR regulates a broad range of crypto-asset services and requests providers to obtain a license from the competent authorities (e.g. BaFin in Germany). It is therefore crucial to identify MiCAR's scope of application. According to recital 22 of the MiCAR, crypto-asset services are not covered by the scope of the MiCAR if not even a "part of such activities or services is performed in a decentralised manner". This means: "Where crypto-asset services are provided in a fully decentralised manner without any intermediary, they should not fall within the scope of the MiCAR". It is noteworthy that if only a part of the service is carried out in a decentralised manner, the regulation applies. A project that considers itself decentral (and thus outside the scope of MiCAR) might run into severe difficulties, which is why it is crucial for projects to understand the narrow sense of this term.

This article takes a closer look at when the requirement of decentralisation can be fulfilled or is not fulfilled. To this end, certain criteria are developed that could be taken into account. Since authorities have not yet given any guidance on this question, and since the MiCAR is silent on a clear interpretation of the term "decentralised manner", the aim of this article is to give some food for thought for market participants. Further developments need to be observed carefully. In the interim, this article will contribute to the public debate.

Criterion No. 1: Factual (i.e. writing) access to the technical infrastructure

In case a smart contract or other relevant software used to provide crypto-asset services can be modified by individuals, one can assume that at least a part of the services is not performed in a decentralised manner. By having access to the technical infrastructure, these individuals may even be qualified as crypto-asset service providers (CASPs), even if they only deploy the smart contract without having any technical possibility to change it afterwards. This scenario raises many legal questions (for German laws, see Möslein/Kaulartz/Rennig, RDi 2021, 517), but one can assume that MiCAR applies to many of those structures.

Criterion No. 2: DAOs being qualified as a legal entity

Crypto projects are often governed by DAOs, decentralised autonomous organisations that describe the governance and decision-making by token holders. As this term indicates, the hope of founding teams often is that those "organisations" (MiCAR uses the term "undertaking") are decentralised and could thus not be regulated by MiCAR. This might certainly be the case, but in many jurisdictions including Germany, DAOs may be considered legal entities if the token holders pursue a common purpose, even if the DAO is not registered with an authority. If this criterion is fulfilled, the DAO is necessarily not decentralised, but centralised.

Apart from the legal question around DAOs qualified as legal entities, the conviction has spread that DAOs need a "legal wrapper". This might be necessary to protect the token holders from personal liability (which may exist in the aforementioned case), but token holders may also be able to act in business life, pay suppliers, give grants and rent offices. Some projects are convinced that the Swiss association is the solution for all DAO issues (it is not). While others prefer some sunny islands, often with regrets since those "secret tips" are often not challenged legally and in consideration of tax laws, which is a big problem in this space. Regardless of whether those structures make sense in the individual case, MiCAR brings a new aspect into this discussion: Due to the legal wrapper being a legal entity, the project is no longer decentralised.

Criterion No. 3: DAOs with concentration of voting rights

Now let's assume that the DAO is structured in a way that it is not a legal entity, and a legal wrapper has not been used (see No. 2 above). In this case, one should take a closer look on the DAO governance to answer the question whether the DAO is, nevertheless, at least partly centralised. A key decision criterion may be the concentration of (tokenised) voting rights. Governance tokens convey "voting rights" with which members can, for example, decide on the further development of a smart contract. One could take into account the following aspects:

  • A project is not fully decentralised if the voting power is concentrated in one person.
  • A project is rather not fully decentralised if the voting power is concentrated in the founding team and investors, assuming that those are tied closely together. The reason is that this can easily be qualified as a circumvention of the aforementioned case.
  • A project is likely not fully decentralised if the voting power is not concentrated in the aforementioned sense, but individuals or groups of individuals, which are closely linked to the project (e.g. founders), have sufficiently strong market power that it can be assumed that the majority of other token holders follows their vote.

In all other cases, decentralisation is possible. This includes, in particular, cases where one would not even speak of DAOs (e.g. in the case of the Bitcoin blockchain).

Criterion No. 4: Governance review

Finally, when assessing whether a service is "decentral" or not, one should have lawyers and technical auditors conduct a code review of the underlying smart contracts. This review should, in particular, assess whether individuals may influence the code, whether there are kill switches going beyond what the EU Data Act proposes, whether quorums try to prevent voting concentrations, whether individuals or neutral third parties have a possibility to object against governance decisions, etc. Furthermore, it should be assessed whether or not there are procedures in place to legally protect individuals from legal consequences resulting from voting decisions.

Outlook and upcoming developments

Market participants should not expect that they fall outside of the regulatory umbrella only because they decided on a structure with the term "decentral" in it. Rather, a variety of requirements must be assessed and there are many criterions that will, once fulfilled, close the door for qualifying a service as decentralised.

According to Art. 142 (1) and (2) MiCAR, the EU Commission will, 18 months after the MiCAR comes into force, provide a report including "an assessment of the development of decentralised-finance in the markets in crypto-assets and of the appropriate regulatory treatment of decentralised crypto-asset systems without an issuer or crypto-asset service provider, including an assessment of the necessity and feasibility of regulating decentralised finance". This report will certainly shed some light on the discussion around decentralisation.

For more information and legal support, contact your usual CMS professional or CMS expert Markus Kaulartz, or send an email to [email protected]

For other articles in the series “Legal experts on Markets in Crypto-Assets (MiCA) regulation”, click here: Legal experts on Markets in Crypto-Assets (MiCA) regulation (

For more information on crypto regulation before the introduction of MiCA, please visit CMS Expert Guide to European Crypto Regulation.