MiCA and Czech Compliance: Legal Pitfalls for Crypto Projects

JUDr. Jakub Dohnal, Ph.D., LL.M.
JUDr. Jakub Dohnal, Ph.D., LL.M.
7.5.2026 | ARROWS law firm

Crypto projects face one of the most demanding regulatory realities in the Czech Republic and the EU. The MiCA Regulation (Markets in Crypto-Assets Regulation), local financial rules, and tax laws overlap and are constantly evolving. A seemingly simple decision—what service to launch, how to structure a token issuance, or how to address a stablecoin—can easily turn into a legal time bomb. Attorneys from ARROWS, a Prague-based law firm, help crypto projects navigate these obstacles from the outset and build their operations on a solid legal foundation.

The photo shows a team from a law firm specialising in crypto-asset regulation.

Quick summary:
  • MiCA regulation and local laws create significant complexity: Incorrect compliance may lead to fines in the tens to hundreds of millions of CZK, freezing of accounts, or a ban on operations in the EU.
  • Stablecoins, asset-referenced tokens, and crypto-asset services have different obligations: Confusing their legal status is one of the most common—and most expensive—mistakes.
  • Tax and AML/KYC obligations are just as critical as the technical solution: Many projects ignore them until an inspection occurs, which leads to extensive sanctions.
  • ARROWS attorneys navigate this environment: They ensure compliance from the design stage through to new regulatory adaptations.

Regulatory environment for crypto projects: complexity that differentiates projects

As of 30 December 2024, the MiCA Regulation (Markets in Crypto-Assets Regulation) has been fully effective in the EU, fundamentally changing how crypto-asset service providers (CASPs), issuers of asset-referenced tokens (ARTs), and issuers of e-money tokens (EMTs) are regulated. In the Czech Republic, this regulatory framework is complemented by requirements of the Financial Analytical Office (FAÚ), the Czech National Bank (ČNB), and other relevant banking regulators.

The reality differs sharply from what early-stage crypto entrepreneurs expect. It is not a “peer-to-peer” or fully decentralised environment. 

Anyone who wants to formally engage in providing services related to crypto-assets must meet strict obligations:

  • Hold a licence (authorisation) or be registered with the competent authority.
  • Carry out client due diligence (KYC – Know Your Customer) and monitor business relationships.
  • Report suspicious transactions (AML – Anti-Money Laundering) to the Financial Analytical Office.
  • Document decisions and operations.
  • Keep records for the period required by law.

ARROWS, a Prague-based law firm, sees in practice that companies often underestimate these obligations. The result? Regulatory inspections, bans, fines, or—in the worst cases—criminal prosecution.

Types of crypto projects and their specific obligations

There is no single “crypto compliance”. Legal obligations vary drastically depending on how you structure your project.

Crypto-asset service provider (CASP)

A crypto-asset service provider is someone who provides services such as:

  • Operating a trading platform for crypto-assets.
  • Providing custody and administration of crypto-assets on behalf of third parties.
  • Exchanging crypto-assets for fiat currency or for other crypto-assets.
  • Transferring crypto-assets.
  • Receiving and transmitting orders relating to crypto-assets.
  • Providing advice relating to crypto-assets.
  • Providing crypto-asset portfolio management services.

Obligations:

  • Obtaining a licence (authorisation) from the Czech National Bank (ČNB) to carry out CASP activities.
  • Full KYC and AML systems and processes.
  • Monitoring the sources of clients’ funds.
  • Reporting suspicious transactions to the FAÚ.
  • At least once a year, verifying that you still meet the conditions for the licence.

If a project provides crypto-asset services without the proper licence, it risks:

  • A fine of up to 10% of annual turnover (for legal entities) or up to EUR 5 million for the most serious breaches under MiCA, which can amount to hundreds of millions of CZK when converted. In addition to regulatory sanctions, it is also advisable to take into account the risk of criminal liability of specific individuals, which is also linked to the area of criminal law.
  • An order to immediately cease operations.
  • Blocking of accounts and funds.
  • Criminal liability of the persons responsible for the activity (e.g., for the criminal offence of unauthorised business activity or money laundering).

Token issuer

A token issuer is someone who creates and distributes its own token—whether as part of an ICO, as a utility token, or as a collectible (e.g., an NFT).

MiCA distinguishes between:

  • E-money token (EMT): A crypto-asset whose main purpose is to maintain a stable value by referencing the value of one fiat currency. Its issuers are regulated as electronic money institutions.
  • Asset-referenced token (ART): A crypto-asset that is not primarily intended to maintain a stable value by referencing one fiat currency, but rather another value or right, or a combination of assets. ART issuers must be licensed by the ČNB. For the impacts of loss of funds and management liability in cyber incidents (which may also trigger AML/KYC consequences), see the update When a company loses money due to phishing: legal liability of managers and company leadership.
  • Other crypto-assets: These are crypto-assets that are neither EMTs nor ARTs nor a financial instrument (e.g., certain utility tokens and NFTs, if they do not meet the characteristics of an ART/EMT). For their offering or admission to trading, there is an obligation to publish a white paper (Article 4 et seq. of MiCA), either by the issuer or by the entity applying for admission to trading.

Each category has different obligations:

  • EMT/ART: The issuer must have a specific licence, sufficient reserves, a compliance programme, and is subject to strict supervision by the ČNB.
  • Other crypto-assets: A white paper must be issued and the rules on disclosure obligations towards investors must be complied with.
  • NFTs (Non-fungible tokens): If they meet the conditions of MiCA and are not classified as a financial instrument, they may fall under the white paper obligation; however, many of them are excluded from the scope of MiCA (especially unique and non-tradable digital items). It is crucial to assess each NFT project individually.

An error in classification costs projects months and hundreds of thousands of CZK, and may lead to a suspension of operations.

Practical risk – incorrect token categorisation

Typical scenario: A startup develops a token intended to serve as a “community metric” – users can buy it, but it cannot be used to pay for services. The project owner believes it is neither a stablecoin (EMT) nor a security, so there is no need to register. After the first sale, an email arrives from the regulator: “Your token qualifies as an asset-referenced token (ART) or an e-money token (EMT). You have 30 days to submit an authorisation application; otherwise, we will halt your activities.”

The attorneys at ARROWS, a Prague-based law firm, can help you avoid this mistake already at the whitepaper stage.

Related questions on regulatory classification and authorisations

1. Do we need a special authorisation to issue a token (so-called ICO)?
That depends on how you structure the token and what features it has. If you issue an e-money token (EMT) or an asset-referenced token (ART), the answer is clearly yes – you must obtain authorisation from the Czech National Bank (ČNB). If it is another crypto-asset (e.g., a utility token without a value guarantee), you will most likely need to comply with the rules on publishing a whitepaper. If you offer it publicly in the Czech Republic or the EU, you will most likely need to comply with MiCA rules. The safest approach is to consult the attorneys at ARROWS, a Prague-based law firm, before launch.

2. What specific sanctions apply for breaches of MiCA?
The Czech National Bank (ČNB) and the Financial Analytical Office (FAÚ) may impose administrative fines. For breaches of key MiCA obligations (e.g., operating without authorisation), a legal entity may be fined up to 10% of its annual turnover or EUR 5,000,000 (whichever is higher). For breaches of market abuse rules, the fine may reach up to 15% of annual turnover or EUR 15,000,000. Criminal law then includes offences such as unauthorised business activity, fraud, or money laundering, for which responsible individuals (founders, directors) may be prosecuted personally.

3. What AML and KYC processes do we need to implement?
You must have processes in place. This is not a one-off task – they must be continuously reviewed and updated. The attorneys at ARROWS, a Prague-based law firm, help projects prepare these processes and their documentation.

Tax and accounting obligations – often overlooked, always expensive

In addition to MiCA compliance and authorisations, tax and accounting obligations also apply. Many projects think they only follow “crypto rules”, but that is not true.

Income tax

Income from token sales, staking rewards, mining, or trading in crypto-assets is taxable. The rate varies depending on the legal status of the entity:

  • Individual: Income from crypto-assets is taxable as other income (subject to progressive rates of 15% and 23%, depending on the level of income) or as business income, depending on the nature of the activity.
  • Company: Taxable as ordinary income subject to corporate income tax (currently 19%).

Mistake: The project receives tokens, cannot properly determine their value, fails to report the income in its tax return, and later, during an audit, the tax authority demands underpaid tax for previous years, including penalties and interest.

Accounting

If the project is registered as a crypto-asset service provider or has the form of a legal entity, it is required to keep accounting records.

Holding crypto-assets, transactions between wallets – all of this must be transparent and auditable, in line with Czech accounting standards.

The attorneys at ARROWS, a Prague-based law firm, work with tax advisors and auditors to ensure your project has a consistent and secure tax and accounting system from the outset.

Most common mistakes made by crypto projects

Potential issues

How ARROWS can help (office@arws.cz)

Incorrect classification of tokens and services (EMT/ART vs. utility token vs. financial instrument) – The project is classified by the regulator as an EMT/ART even though that was not the intention. This is followed by an order to cease activities and high fines.

ARROWS attorneys analyse your whitepaper, business model, and token structure. We will ensure the correct legal classification and determine the required authorisation/registration before launch.

Absence of KYC/AML systems and FAÚ reporting – An inspection reveals that the project has no documentation on identity verification or monitoring of suspicious transactions. Sanctions and operational shutdown follow.

We will set up comprehensive KYC and AML processes for you, including procedures for reporting suspicious transactions to the FAÚ. We will ensure their documentation and ongoing updates.

Failure to record income and errors in the tax return – Uncaptured tax on token issuance, undisclosed staking rewards. This is followed by a fine, underpayment, and late-payment interest.

We will advise you on tax obligations, set up income categorisation, and ensure proper accounting in compliance with Czech legislation in cooperation with tax specialists.

Operating without authorisation as a crypto-asset service provider – The project carries out exchanges, manages wallets, or provides custody but does not have the required authorisation. The Czech National Bank (ČNB) initiates an inspection.

We will audit your activities and determine whether you are required to obtain CASP authorisation. If so, we will handle the application filing and communication with the ČNB.

Non-compliance with new rules following changes to MiCA regulation or accompanying acts – Legislation continues to evolve dynamically even after MiCA becomes fully effective. The project is not aligned with the new requirements.

We monitor legislative developments, including accompanying acts and implementing regulations. When new rules are issued, we will help you adapt operations and update compliance manuals.

International element – when the situation is more complex

Many crypto projects have global ambitions. This means you must take into account regulatory requirements in multiple countries.

Typical scenario:

  • The project is registered in the Czech Republic but also sells tokens to investors in Germany, Austria, or the United Kingdom.
  • Each country has its own rules and registration requirements; even within the EU, national implementations or additional requirements may differ.
  • Selling tokens to foreign nationals without registration may breach their local laws.

The attorneys at ARROWS, a Prague-based law firm, work through the ARROWS International network and can arrange advice in individual countries. We will help you determine where registration or authorisation is required and how to complete it correctly.

Related questions on international expansion of a crypto project

1. Can we sell tokens to foreigners without special registration in their countries?
This is complicated. If you actively offer tokens in a particular country (e.g., via a website with a language version, local advertisements, or direct outreach), this is often considered providing services in that country. You must verify local laws. The attorneys at ARROWS, a Prague-based law firm, can provide an analysis of the key markets you are planning to enter (office@arws.cz).

2. What are the differences in regulation between the EU and third countries?
MICA applies to EU Member States and EEA countries. Outside the EU, the situation varies significantly—some countries have stricter regulation (e.g., the USA with the SEC), while others have almost none. However, the absence of regulation does not mean the absence of risk—quite the opposite, it leads to uncertainty. If you want to expand outside the EU, this adds another layer of complexity. Our EU-based attorneys at ARROWS can provide basic legal research for selected markets.

3. What legal risk does my company face if the project is structured in an offshore jurisdiction?
That depends on where the company’s real seat is, where the employees are located, where management decisions are made, and which markets the services are targeted at. A regulator may assert jurisdiction even over an entity domiciled in an offshore zone if its services target EU residents. Have your structure reviewed by our EU-based attorneys at ARROWS to avoid regulatory breaches; email office@arws.cz.

Project development phases: When to start with compliance

Compliance is not a one-off matter. It is an ongoing process that differs substantially depending on the development phase.

Phase 1: Ideation and whitepaper

At this stage, you have an idea for a token or service. You are not launching anything yet. What should you do?

  • Have our EU-based attorneys at ARROWS analyze your idea. Does it involve providing crypto-asset services? Is it an e-money token (EMT) or an asset-referenced token (ART)? Or another crypto-asset?
  • Based on the answer, determine what authorisation (licence) or registration you will need.
  • Surround yourself with a team of tax and accounting advisers.
  • Prepare a whitepaper that is compliant with MICA and relevant legislation from the outset.
Phase 2: Development and testing

You are developing smart contracts, the frontend, and infrastructure. Legal preparation:

  • Drafting terms and conditions that clearly explain the risks to investors and users.
  • Setting up KYC and AML processes (in a test environment).
  • Preparing documentation for regulators for the purposes of an authorisation application.
Phase 3: Launch

This is your critical window:

  • Submitting applications for authorisation or registration (if required) and obtaining a positive decision.
  • Launching KYC/AML monitoring with live data.
  • First transactions with the public in line with the applicable authorisations.
  • Starting tax and accounting monitoring and reporting.

These are the moments when our EU-based attorneys at ARROWS should be “on call”. We can provide representation in communications with regulators (office@arws.cz).

Phase 4: Ongoing compliance

The project is running. Your obligations do not end:

  • Monthly compliance monitoring and adherence to internal policies.
  • Reporting to FAÚ (if suspicious transactions arise).
  • Regular updating of clients’ KYC data.
  • Adapting to new regulations and implementing acts.
  • Regular internal and external audits and process certifications (if required or recommended).

Final summary

Crypto projects do not operate in a legal vacuum. Since the end of 2024, the MICA Regulation and local regulation have been a reality that cannot be ignored without serious consequences.

Fines in the tens to hundreds of millions of Czech crowns, operational blocks, and criminal prosecution are not theoretical—they are a practical part of the regulatory environment. The difference between a successful and a failing crypto project is often not the technology, but the legal and compliance structure.

Projects that address compliance from the outset gain:

  • Clarity and legitimacy with investors and partners.
  • Protection against regulatory disaster and financial penalties.
  • Readiness for future regulatory changes.
  • The ability to integrate smoothly into the traditional financial system.

Our EU-based attorneys at ARROWS have experience with dozens of crypto projects at various stages. We know where legal issues are hidden and how to prevent them. If you want your project to grow without compliance risk, contact us. We will provide you with a proven solution from ideation through ongoing monitoring. Contact us: office@arws.cz

FAQ - Most common compliance questions for crypto projects

1. Do we need to register as a crypto-asset service provider even if we are only issuing a token for our community?
It depends on what your token does and what services are associated with it. If you only issue it and the community holds it, authorisation is generally not required (however, you must still meet the information obligations under MICA). But if, for example, you provide crypto-asset services, authorisation from ČNB is mandatory. Our EU-based attorneys at ARROWS will help you determine which of your services require this (office@arws.cz).

2. What happens if an inspection authority finds that we do not have KYC?
An inspection authority such as FAÚ or ČNB may impose a high fine (usually in the range of single to tens of millions of Czech crowns, depending on the severity), order you to cease operations, and in more serious cases initiate criminal proceedings. Accounts may be frozen. It is far better to have robust KYC from the start. If you discover that you forgot to implement it, consult our EU-based attorneys at ARROWS—they can help you remedy the situation and communicate with the regulator (office@arws.cz).

3. How often does crypto-asset regulation change? Will we constantly be preparing new documents?
Regulation changes relatively often. MICA has been fully applicable since the end of 2024, and further implementing acts and amendments are already being discussed. This means that yes, compliance is an ongoing process. But it is not that bad—once you have the right core processes in place, changes are usually incremental. Our EU-based attorneys at ARROWS will alert you to new obligations and help you adapt (office@arws.cz).

4. What specific documents do we need when applying for authorisation as a crypto-asset service provider?
Typically, this is a comprehensive documentation package that includes: a detailed operating plan, a compliance and AML manual (including risk assessment and control processes), a list of shareholders/owners and controlling persons, the organisational structure, commercial agreements with partners, the company’s annual reports and minutes, and KYC documents for key persons (members of management, the board). The exact list varies depending on the type of service and the scope of activities. Our EU-based attorneys at ARROWS will help you prepare a complete and compliant package (office@arws.cz).

5. What is the difference between an e-money token (EMT) and an asset-referenced token (ART)?
An e-money token (EMT) is a crypto-asset whose main purpose is to maintain a stable value by referencing the value of a single fiat currency (e.g., USD, EUR). EMT issuers must be authorised as electronic money institutions under EU legislation. An asset-referenced token (ART) is a crypto-asset that is not primarily intended to maintain a stable value by referencing a single fiat currency, but rather another value or right, or a combination of assets (e.g., commodities, real estate, other crypto-assets). ART issuers must obtain authorisation from the Czech National Bank (ČNB) as ART issuers. Classification is critical because the obligations differ. If you present your token as stabilised, the regulator will assess you under the rules for EMTs or ARTs. Legal compliance is therefore key.

6. What happens if we sell tokens abroad without authorisation?
You risk fines from regulators in the countries where you have breached local regulations. Even within the EU, if you sell outside the MiCA framework or fail to meet national requirements, you may be in breach of regulations. If, for example, you sell in the USA without registration (which is a complex issue), you may come into conflict with the SEC. In the worst case, tokens may be frozen or the service blocked. International crypto projects must take regulation into account in every country where they operate. Attorneys from ARROWS advokátní kancelář can provide an analysis of key markets - office@arws.cz.

Notice: The information contained in this article is of a general informational nature only and is intended to provide basic guidance on the topic based on the legal status as of 2026. Although we take the utmost care to ensure accuracy, legal regulations and their interpretation evolve over time. We are ARROWS advokátní kancelář, an entity registered with the Czech Bar Association (our supervisory authority), and for maximum client protection we maintain professional liability insurance with a limit of CZK 400,000,000. To verify the current wording of regulations and their application to your specific situation, it is necessary to contact ARROWS advokátní kancelář directly (office@arws.cz). We accept no liability for any damages arising from the independent use of the information in this article without prior individual legal consultation.

Read also: