Given its reputation for being strict, it seems surprising that the MiCA regulation would permit the use of offshore structures. However, evidence suggests this is actually a fairly common practice.
MiCA Decoded is a 12-article weekly series for Bitcoin.com News, co-authored by LegalBison’s Co-Founding and Managing Directors: Aaron Glauberman, Viktor Juskin and Sabir Alijev. LegalBison advises crypto and FinTech companies on MiCA licensing, CASP and VASP applications, and regulatory structuring across Europe and beyond.
Early in 2025, a crypto founder spent six months dismantling their British Virgin Islands group structure, moving IP, redomiciling the treasury, and incorporating a new parent in Ireland. Their lawyers had told them MiCA meant Europe. If you wanted to operate in the EU, you needed a European company. Full stop.
The company officially began operating in early 2026, having secured all necessary licenses, moved its operations to Europe, and established itself as a European entity. After that, they checked the public register maintained by the European Securities and Markets Authority (ESMA).
Bybit’s global parent is incorporated in the British Virgin Islands and headquartered in Dubai. Bybit EU GmbH, its Austrian subsidiary, holds the Markets in Crypto-Assets Regulation (MiCA) license. OKX’s Seychelles entity sits at the top of a structure whose Maltese subsidiary, OKX Europe Limited, was authorized by the Malta Financial Services Authority (MFSA). Crypto.com runs global operations through Singapore, while its EU-facing entity, Foris DAX MT Limited, is a licensed Maltese crypto-asset service provider.
These groups haven’t moved their operations. They all meet the requirements of the MiCA regulation. Since the regulation began, token issuers based in the British Virgin Islands, the Cayman Islands, Panama, and Singapore have been submitting reports that comply with EU standards, all without establishing any official presence within the EU.
So what does MiCA actually require? And who was wrong: the regulation, or the advisors?
The Myth: It’s Impossible to Have an Offshore Structure With a MiCA License or Token
To understand how MiCA works, it’s important to realize it regulates two very different types of participants. Mixing them up is where the confusion started.
Crypto-Asset Service Providers (CASPs) are entities whose business is providing crypto-asset services to clients on a professional basis. MiCA defines ten categories of such services in Article 3(1)(16): custody and administration of crypto-assets, operating a trading platform, exchanging crypto-assets for funds or for other crypto-assets, executing orders, placing crypto-assets, receiving and transmitting orders, providing advice, providing portfolio management, and providing transfer services. If your business model involves any of these activities directed at EU clients, you are a CASP. A centralized exchange, a custody wallet provider, a crypto broker: all CASPs, regulated under Title V of MiCA and requiring authorization under Article 59.
Token issuers and offerors are a different category entirely. These are the entities that create and offer crypto-assets to the public, or seek to have their tokens admitted to trading on an EU platform. A project launching a utility token, a layer-1 network distributing tokens at genesis, a DeFi protocol making its governance token available to European investors. All of these are token issuers or offerors, regulated under Titles II, III, and IV of MiCA, depending on the type of crypto-asset involved.
Each type of entity has different requirements. The rules for CASPs aren’t the same as those for token issuers, and vice versa.
Commentary often asks if MiCA applies to a business as a single question. However, it’s more accurate to ask two separate questions: “Are you a CASP?” and “Are you issuing or offering tokens?” Your answers to these questions determine which part of the MiCA regulation applies to you, and importantly, where you need to be legally registered.
What the Regulation Actually Says
For CASPs: EU presence is mandatory
MiCA’s Article 59(2) clearly states that crypto-asset service providers authorized under Article 63 need to have a registered office within a European Union member state where they provide some of their services. Their main decision-making location must also be within the EU, and at least one member of their leadership team must be a resident of the EU.
Our understanding of the market is accurate: companies registered in the British Virgin Islands can’t get a license to operate as a crypto asset service provider. Similarly, an exchange based in the Seychelles can’t simply start operating in Germany. The new MiCA regulations require authorization to be granted to the specific company itself, and that company needs a substantial presence within the European Union. There are no loopholes or ways to bypass this requirement.
Article 68 establishes requirements for who can lead a CASP (Crypto-Asset Service Provider). Leaders must be trustworthy and have the right skills and experience, as a team, to do their jobs effectively. They also need to be able to dedicate enough time to their responsibilities. Regulators won’t just be checking boxes; they’ll be carefully evaluating whether the real decision-making power is located within the EU-based company, or if it’s being controlled from outside using a front company.
The CASP needs to be based in Europe, but it functions as a single unit. The MiCA regulations don’t specify where the parent company of the CASP needs to be registered.
For token issuers: the picture is different
MiCA’s rules for most cryptocurrencies – those that aren’t stablecoins linked to real-world assets or digital money tokens – are quite different when it comes to requiring a white paper. This broader category includes utility tokens and the majority of tokens traded on the market.
According to Article 4(1), anyone offering crypto-assets to the public within the EU must be a legally registered entity – it doesn’t have to be based in the EU itself. Article 8(1) states that those making offers or seeking to trade must submit their project details (a ‘white paper’) to the relevant authority in their primary EU country. For companies based outside the EU, this ‘primary country’ is defined in Article 3(1)(33)(c) as either the first EU country where the crypto-asset is offered to the public, or, at the company’s choice, the EU country where they first apply to trade it.
A company registered in the British Virgin Islands can submit a white paper to the Central Bank of Ireland and make its token available to investors in Europe without needing to establish a presence in Ireland.
Another option exists under Articles 5(2) and 5(3). A company wanting to trade and the platform it uses can formally agree that the platform will meet the requirements of a white paper. When a crypto asset service provider (CASP) does this, it legally guarantees the information in the white paper is correct and complete. This is how exchanges like Kraken have submitted white papers for tokens that don’t have a central issuer within the EU. They made a formal agreement to take on this responsibility, meaning the project based outside the EU didn’t need to work directly with a European regulator.
However, there’s a key difference for asset-referenced tokens (ARTs) and e-money tokens (EMTs). Regulations require issuers of ARTs to be based and approved within the European Union, as stated in Article 16. Similarly, Article 48 mandates that issuers of EMTs must be authorized as either a bank or an e-money institution. These types of tokens aren’t eligible for the simplified, offshore route available to other crypto assets.
Why Confusion Took Hold
Three things went wrong simultaneously.
The discussion incorrectly combined two distinct questions into a single one: whether MiCA regulations apply to a company, and the specific requirements for CASP (Crypto-Asset Service Providers). Many founders of token projects mistakenly believed Article 59(2) of MiCA applied to them simply because they were issuing tokens. However, this article only applies if they are *also* operating as CASP services.
The requirements for companies wanting to be designated as CASPs are quite strict. A close look at Article 68 reveals demanding criteria – they must demonstrate suitability, have sufficient collective expertise, and commit significant time and resources. It’s no surprise that initial assessments suggested that meeting these requirements would essentially mean transferring the business to Europe. For many applicants, establishing a real EU management structure felt like a complete relocation of their operations.
Finally, the difficulties of putting the initial MiCA rules into practice led to a cautious approach. In late 2024 and early 2025, several national regulators closely examined companies applying for CASP registration, especially those relying heavily on outsourcing. The industry understood this to mean that setting up operations solely to avoid regulations wasn’t allowed. More precisely, the regulators weren’t approving companies that were essentially empty shells within the EU, lacking real local operations. This is different from completely prohibiting companies with parent organizations located outside the EU.
Token Issuers Offshore: What the Register Shows
The ESMA public register of white papers for crypto-assets other than ARTs and EMTs settles the question empirically. Of the 586 token issuers in that register with identifiable Legal Entity Identifier (LEI) country codes, 366 (62%) are domiciled outside the EU or EEA.
The locations of these companies are notable. A significant number – 120 – are registered in the British Virgin Islands. Switzerland hosts 78, while the Cayman Islands have 51. Panama is home to 26, and 35 are incorporated in the United States.
Companies intentionally selected where in the EU to submit their documents. Ireland received notifications of upcoming reports from 180 companies based outside of Europe. Malta received 126 such notifications, while Luxembourg and the Netherlands each received about 13. Companies registered in the British Virgin Islands submitted 68 of those reports in Ireland and 33 in Malta.
The names in the register are not obscure projects. Gensyn Network Ltd, a BVI company, filed its white paper in France. Nexus Sub (BVI) Limited filed in France, with Payward Global Solutions (Kraken’s entity) listed as the CASP taking on the white paper obligation. The Horizen Foundation, incorporated in the Cayman Islands, filed in Germany. zkVerify Foundation, also Cayman-based, similarly filed in Germany. Init Capital Ltd, a BVI entity, filed in Ireland.
None of these required an EU incorporation. The regulation provided the path directly.
The Split-Architecture Model: How It Works in Practice
Major exchanges are built on a straightforward design. It’s helpful to understand how this design works, step by step.
The group’s main holding company is located offshore. This company usually manages the group’s finances worldwide, owns its patents and trademarks, and handles important strategic decisions. Importantly, this company doesn’t offer crypto services to customers in the EU, and therefore doesn’t need a license to do so.
Below it, an EU operational subsidiary is incorporated in a Member State with a functioning MiCA licensing pipeline: Austria, Malta, Ireland, and Lithuania have processed meaningful volumes. This subsidiary is the licensed CASP. It employs local management. It maintains local banking relationships. Its management body meets the Article 68 suitability requirements. Its paid-in capital satisfies the Article 67 thresholds: at minimum EUR 125,000 for entities providing custody or exchange services, or EUR 150,000 if operating a trading platform. The place of effective management is genuinely in the EU, and can withstand regulatory scrutiny, because the EU entity’s management actually runs the EU operations.
As an analyst, I’ve been reviewing the rules around outsourcing for EU CASPs and their relationship with their parent companies. Essentially, Article 73 sets out a framework where a CASP *can* outsource operational functions to its parent or other related companies. However, it’s crucial to understand that the CASP can’t just hand over responsibility. They absolutely *must* keep the expertise in-house to properly assess and oversee the quality of any outsourced services, and they need direct access to all relevant information. The buck stops with the CASP – they remain fully accountable to their National Competent Authority for everything they outsource. This means even if the parent company provides crucial infrastructure like technology, the EU entity can’t simply step back from oversight. Everything needs to be documented in a written agreement, giving the CASP the power to terminate the arrangement, and crucially, ensuring the parent company will cooperate with the NCA’s supervisory functions.
Essentially, an EU company needs more than just a formal address and a figurehead director. It requires a team genuinely running its European operations, capable of providing necessary paperwork to authorities, and understanding the support it receives from its parent company. While legally separate, the EU company must be able to independently demonstrate its responsibility within the larger group.
As a crypto investor, I’ve been looking into how projects are handling the new EU regulations, and it’s interesting. It seems if a project isn’t directly offering crypto asset service provider (CASP) services within the EU, their token-issuing entity based outside the EU can still submit a whitepaper to an EU regulator. But here’s a clever option: if the project *does* have a CASP operating a trading platform within the EU, that EU entity can actually take responsibility for the whitepaper on behalf of the offshore token issuer with a simple written agreement. This means the offshore issuer doesn’t even need a physical presence in the EU – the EU-based platform acts as the point of contact for regulators instead. It’s a neat way to navigate the rules!
What the Architecture Cannot Do
There are three critical areas that offshore structures can’t protect founders from, and overlooking them can lead to significant legal trouble.
EU-based crypto companies need to be genuinely run from within the EU. Several firms applying for licenses under the new MiCA regulations learned this the hard way. Simply having a director in the EU who follows instructions from a parent company located outside the EU isn’t enough to meet the requirements. Regulators are now thoroughly checking if companies have real substance, as outlined in Articles 59(2) and 68. As part of this, national regulators often interview key management to assess their understanding of the company’s governance, risk management, and day-to-day operations. If a director can’t convincingly explain how the EU business actually runs, they won’t be approved.
Companies located outside the EU cannot actively seek clients within the EU. However, there’s an exception: if an EU client reaches out to the company directly on their own, without any prompting, the rules are different. Guidelines from ESMA clarify this exception, and they are quite strict. A company won’t qualify for this exception if it has a website in an EU language, runs online referral programs targeting EU users, or engages in any marketing aimed at EU customers – even if this activity is done by a related company. Furthermore, an EU-licensed crypto asset service provider cannot allow its parent company (based outside the EU) to solicit EU clients while claiming the EU subsidiary is handling the legally regulated parts. Regulators will focus on how clients are *actually* acquired, not just how the company is organized internally.
ARTs and EMTs require EU issuers, full stop. Any project planning to issue a stablecoin or asset-referenced token should treat Articles 16 and 48 as the starting point for their structure, not the CASP regime. The offshore flexibility available for utility tokens and similar assets does not apply here, and attempting to apply it through a proxy structure will not survive regulatory review.
What We Decoded
For companies using Controlled Foreign Company (CFC) structures: your offshore holding company can generally remain offshore. The key issue isn’t moving the parent company, but ensuring your EU subsidiary is genuinely operating with real substance. This means it needs active management running its EU activities, sufficient capital as defined in Article 67, proper governance meeting Article 68 requirements, and an outsourcing agreement with the parent company that doesn’t undermine the EU entity’s responsibilities. Choosing the right EU location for your subsidiary is also important; Austria, Malta, Ireland, and Lithuania all have established licensing processes and different regulatory environments that may be better suited to various business types.
If you issue tokens but don’t offer services as a CASP (Crypto Asset Service Provider), you don’t need a European-based company to create a white paper to offer your token to investors in Europe. Instead, a company registered in places like the British Virgin Islands or the Cayman Islands can notify either the Central Bank of Ireland or the MFSA (Malta Financial Services Authority) and move forward. If your token is already traded on an approved exchange within the EU, that exchange might agree to handle the white paper requirements for you, simplifying the process. Choosing where to officially register still matters, though. Ireland has experience with a wide variety of token types, while Malta has well-developed systems specifically for crypto compliance.
For companies that both issue digital tokens and offer crypto asset services, each activity must comply with its own specific regulations. Even if these functions are handled by different legal entities within the same overall company, they aren’t automatically covered by each other’s rules just because they share a common owner. This separation can actually be beneficial: a token treasury located outside the EU follows token issuance rules, a crypto asset service provider operating within the EU follows Title V regulations, and the parent company can oversee everything without needing its own authorization.
The decision of the founders to move in 2025 wasn’t incorrect. Having a strong, unified presence within the EU offers practical benefits and makes regulatory oversight easier. However, they based their move on an interpretation of MiCA that isn’t entirely accurate, as the official register now shows. MiCA was always designed to allow companies with parent organizations located outside the EU, as long as the part of the company serving EU customers is fully established, managed, and responsible within the EU.
This article is based on a study conducted by LegalBison in May 2026. The content is for informational purposes only and does not constitute legal advice.
Read More
- Gold Rate Forecast
- These Cartoon Reboots Totally Missed the Point of the Originals (& Went Downhill Fast)
- Netflix’s Best Stranger Things Replacement Officially Takes America By Storm
- 6 Animated Movie Trilogies Where Every Entry Is Near-Perfect
- Total Football free codes and how to redeem them (March 2026)
- STARBUCKS STAND by BEAMS Channels Kenyan Coffee Heritage Into Its Latest Spring/Summer Wardrobe
- Maggie Smith’s sons “deeply touched” by huge honour to the late “national treasure”
- Top 5 Best New Mobile Games to play in May 2026
- Clash Royale Season 83 May 2026 Update and Balance Changes
- Clash Royale May 2026 Update to bring Collection Levels, Mastery rework, and progression overhaul
2026-05-30 13:00