Key Contact: Andrew Tzialli – Partner


In our latest briefing on ‘MiCA’ the European Union’s proposed Regulation of Markets in Crypto-Assets, we noted some of the regulatory requirements for firms classified as a crypto-asset service providers (“CASPs”) or crypto-asset issuers under the new legislation.

One such requirement under Title II, III, IV and V of the draft regulations is the obligation to publish a white paper. Many in the crypto community will be familiar with the term ‘white paper’, stemming initially from the now infamous Bitcoin white paper published by Satoshi Nakamoto in late 2008. For those unfamiliar with the term, it is essentially a prospectus of sorts which sets out the aims, purpose and technology behind the cryptocurrency or blockchain project at hand. Whilst many CASPs and crypto-asset issuers have long been issuing white papers in respect of their ICOs/STOs (often without compliance with any regulatory structure – due perhaps to an absence of tailored legislation), MiCA now provides a substantive framework to be adhered to.

Different rules will attach to white papers under the new regulatory package depending on the type of service provided and also the type of token being issued. We explore what this will mean in practice for firms operating in this space.

Classification of tokens

For a number of years now, the idea of ‘tokenisation’ of products and services has been growing in the Blockchain community and at times has been met with opposition by regulators, especially surrounding the security vs utility token divide.

At a basic level, a ‘token’ may share similarities to a ‘coin’ in that it can represent a store of value similar to regular fiat (traditional currency), however ‘tokens’ can represent much more, including for example in a company, voting rights, property rights and access to future products and services. Different categories of tokens have therefore emerged, though they largely fall into two camps – utility and security tokens, with the classification of such having important consequences for both issuers and investors. MiCA expands on existing terminology and defines a number of particular types of token:

  • “Asset-referenced token” means a type of crypto-asset that purports to maintain a stable value by referring to the value of several fiat currencies that are legal tender, one or several commodities or one or several crypto-assets, or a combination of such assets; examples would include Diem (formally known as Libra) which was Facebook’s proposed digital currency.
  • “Electronic money token” or “e-money token” means a type of crypto-asset the main purpose of which is to be used as a means of exchange that purports to maintain a stable value by referring to the value of a fiat currency that is legal tender; examples would include USDC and USDT which are pegged to the value of the US Dollar.
  • “Utility token” means a type of crypto-asset which is intended to provide digital access to a good or service, available on DLT (Digital Ledger Technology), and is only accepted by the issuer of that token; examples would include Binance Coin (BNB), Basic Attention Token (BAT) and Chainlink (LINK).

It is important to note that ‘security’ tokens are not dealt with by MiCA as these tokens are considered financial instruments and are caught be existing legislation such as the Prospectus Directive, Markets in Financial Instruments Directive (MiFID) and the Electronic Money Directive (EMD).

White paper and additional requirements

Firms that issue ‘asset-referenced’, ‘electronic money’ or ‘utility’ tokens must all produce white papers in line with MiCA requirements. In addition, further requirements attaching to these white papers may also apply (depending on the particular token involved) such as prior approval by a competent national authority.

MiCA leaves it up to Member States to designate their own competent national authority, but the legislation provides a list of wide-ranging administrative, supervisory and punitive powers for these competent authorities. The competent authorities will cooperate closely with the EBA (European Banking Authority), ESMA (European Securities and Markets Authority) and the other Member States authorities in their investigation, supervision and enforcement activities.

Crypto/blockchain businesses must be prepared for their reporting and regulatory requirements, as some are more onerous than others. For example:

  1. Issuers of asset-referenced token issuers: under this category a white paper must be published, and it must also be approved by its competent national authority. Moreover, firms in this category must be incorporated in the form of a legal entity and tokens cannot be offered to the public on any platform without the entity being registered. Exemptions do apply for tokens being issued to qualified investors.
  2. Issuers of e-money tokens: e-money tokens are dealt with at Article 46 of MiCA, which lists the specific form and content that must be included in the white paper. Firms must be authorised as a credit institution or an electronic money institution within the meaning of article 2(1) of Directive 2009/110/EC.
  3. Issuers of utility tokens: The obligation to publish a white paper also extends to ‘offerings and marketing to the public of crypto-assets’ other than asset referenced and e-money tokens’, and this will include ‘utility tokens’ as they fall under the definition of a “crypto-asset”. However, exemptions do arise for offerings to qualified investors and also for smaller firms who will not issue crypto assets above €1 million within a one-year period.

Utility v security token

Issuers of utility tokens must also be aware that MiCA states that the white paper must be notified to national competent authorities not less than 20 working days before publication for an assessment whether the crypto-asset in question is in fact a financial instrument, therefore making it a ‘security token’ and subject to MIFID.

In the USA, the SEC has highlighted on a number of occasions, notably in SEC vs KIK, that the distinction between a ‘utility’ and security’ token can often be fine lines. The US Supreme Court’s ‘Howey’ test is often a good starting point to aid interpretation, but it will be interesting to see how this will play out in practice across EU member states and how stringent national authorities will be.

Crypto and blockchain businesses that operate in the ‘utility token’ space, which does make up a sizeable majority of the market, must understand that simply stating that a crypto asset is a ‘utility’ token rather than a ‘security’ token may not suffice. Failing to give proper thought to the tokonomics could cause significant issues and legal advice should always be obtained to clarify whichever camp (utility/security) it falls into.


Regulatory obligations, such as the requirement to register as a VASP in Ireland and FCA registration requirements within the UK if you operate an exchange, already apply to larger and more established crypto/blockchain focused businesses and MiCA should not cause too many issues in terms of further compliance protocols. However, smaller firms that incorporate tokens to access their products and services must be aware of how MiCA (or potentially MIFID) classify and regulate token offerings, particularly if their business grows and the value of their ‘tokens’ grow with it.


For more information in relation to this article please contact partner Andrew Tzialli.​