Guidelines on situations where a third-country entity is deemed to be soliciting clients established or located in the EU and supervisory practices to detect and prevent circumvention of the reverse solicitation exemption under the Markets in Crypto-Assets Regulation (MiCA)

26/02/2025 ESMA35-1872330276-2030 Guidelines on situations where a third-country entity is deemed to be soliciting clients established or located in the EU and supervisory practices to detect and prevent circumvention of the reverse solicitation exemption under the Markets in Crypto-Assets Regulation (MiCA)

ESMA – 201-203 rue de Bercy – CS 80910 – 75589 Paris Cedex 12 – France – www.esma.europa.eu 2

Contents

1. Scope .........................................................................................................................1
2. Legislative references, abbreviations and definitions.................................................1 2.1 Legislative references.............................................................................................1 2.2 Abbreviations...........................................................................................................1 2.3 Definitions ..............................................................................................................2
3. Purpose.......................................................................................................................3
4. Compliance and reporting obligations........................................................................4 4.1 Status of guidelines ................................................................................................4 4.2 Reporting requirements ..........................................................................................4
5. Guidelines on client solicitation by third-country entities ..........................................5 5.1 Methods of solicitation (Guideline 1.) ....................................................................5 5.2 The person soliciting clients (Guideline 2.)............................................................7 5.3 Exclusive initiative of the client (Guideline 3.)........................................................8 5.4 When a crypto-asset or service related to crypto-assets is of the same type as another crypto-asset or service related to crypto-assets (Guideline 4.) ..................................8
6. Guidelines on supervisory practices to detect and prevent circumvention of the reverse solicitation exemption...........................................................................................10 6.1 Monitoring subjects targeting clients established or located in the EU or active in the EU (Guideline 1.) ........................................................................................................10 6.2 Exchange of information with other bodies (Guideline 2.).....................................10 6.3 Response to client complaints or whistleblowers (Guideline 3.) ...........................11 Annex – Non-exhaustive list of examples of circumstances in which a third-country entity will likely be deemed to be soliciting clients in the EU................................................................12

1

1. Scope Who?

2. These guidelines apply to competent authorities, as defined in Article 3(1)(35) of the MiCA Regulation, and, with regard to Section 5, to third-country entities. What?

3. These guidelines apply in relation to Article 61 of the MiCA Regulation. When?

4. These guidelines shall apply 60 calendar days after the date of their publication on the ESMA website in all official EU languages.

5. Legislative references, abbreviations and definitions 2.1 Legislative references MiCA Regulation Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/19371 . ESMA Regulation Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EZ2

2.2 Abbreviations ESFS European System of Financial Supervision ESMA European Securities and Markets Authority

1 OJ L 150, 9.6.2023, p. 40. 2 OJ L 331, 15.12.2010, p. 84.

2 EU European Union

2.3 Definitions Third-country entity An entity that would be subject to Article 59 of the MiCA Regulation if its head office or registered office were located in the EU.

3 3. Purpose 4. These guidelines are based on Article 61(3) of the MiCA Regulation. The purpose of these guidelines is to establish consistent, effective and efficient supervisory practices within the ESFS and to ensure a common, uniform and consistent application of Article 61 of the MiCA Regulation. 5. They specifically aim to promote greater convergence in the interpretation and supervisory approaches to situations where a third-country entity is deemed to be soliciting clients who are established or located in the EU. Furthermore, to encourage convergence and promote consistent supervision regarding the risk of abuse of Article 61 of the MiCA Regulation, these guidelines also aim to promote certain supervisory practices to detect and prevent circumvention of the MiCA Regulation.

4 4. Compliance and reporting obligations 4.1 Status of guidelines 6. In accordance with Article 16(3) of the ESMA Regulation, competent authorities should make efforts to comply with these guidelines. 7. Competent authorities to which these guidelines apply should incorporate them into their national legal and/or supervisory frameworks as appropriate. 4.2 Reporting requirements 8. Within two months of the publication of the guidelines on the ESMA website in all official EU languages, the competent authorities to which these guidelines apply must notify ESMA of i. that they are complying with the guidelines, ii. that they are not complying but intend to comply, or iii. that they are not complying with the guidelines and do not intend to comply. 9. In the event of non-compliance, competent authorities must also notify ESMA of the reasons for non-compliance with the guidelines, within two months of the publication of the guidelines on the ESMA website in all official EU languages. 10. The notification form is available on the ESMA website. Once completed, the form is forwarded to ESMA.

5 5. Guidelines on client solicitation by third-country entities 5.1 Methods of solicitation (Guideline 1.) 11. Client solicitation by third-country entities should be interpreted broadly and in a technologically neutral manner. 12. Solicitation includes promoting, advertising or offering services or activities related to crypto-assets to clients or potential clients in the EU in any way. This may include, without limitation: • internet advertisements • brochures • phone calls • emails • banners, pop-ups and/or similar tools on websites and social media • face-to-face meetings • press releases • other forms of physical or electronic media, including websites, social media platforms, mobile applications • participation in exhibitions and trade fairs • invitations to events • affiliate marketing campaigns • changing the target audience of advertising • calls to fill out a response form or to attend training courses

6 • messaging platforms • sponsorship agreements. 13. Promotions, advertising, marketing and offers of a general nature, such as brand advertising, which are intended for the public (broad and large reach), may also be considered as soliciting clients. 14. National competent authorities should take into account all facts and circumstances of the case to assess whether a third-country entity is soliciting clients who are established or located in the EU. 15. The Annex describes examples of circumstances in which a third-country entity will likely be deemed to be soliciting clients in the EU. 16. ESMA is aware that there are circumstances where third-country entities may be deemed to be soliciting EU clients, although not exclusively3 . In such cases, a third-country entity may take precautionary measures to ensure that it does not breach the authorization requirements under the MiCA Regulation by refraining from providing any services or activities related to crypto-assets to EU clients. To do this, a third-country entity must not, for example, accept new EU clients or must implement geo-blocking4 of access to its services or activities related to crypto-assets. 17. Educational materials, training and sectoral events that are exclusively educational in nature or directed at exchanging knowledge about basic technologies or innovations in the industry should not be considered as soliciting clients. Educational materials, training and sectoral events would be considered to have the effect of direct or indirect promotion of a third-country entity or its services or activities related to crypto-assets if, for example, the audience is directed to the website of the third-country entity, access methods to services offered by the third-country entity are provided, brochures on crypto-asset-related services are shared, the audience is invited to complete a client profile or the services of the third-country entity are promoted in any other way.

3 For example, a third-country entity may sponsor an international sports competition in which teams from Member States or athletes from the EU may participate. The MiCA Regulation does not prohibit such sponsorship agreements. However, as a result, that entity should be considered to be soliciting clients in the EU, and therefore it could not benefit from the reverse solicitation exemption. 4 For example, if access to the website of the third-country entity is geo-blocked for EU clients with an IP address originating from the EU and if the mobile application of the third-country entity was not available in EU Member States in mobile application stores.

7 5.2 The person soliciting clients (Guideline 2.) 18. Competent authorities should take into account that solicitation can occur regardless of the person through whom it is conducted. 19. Solicitation can be conducted by the third-country entity itself or by any person acting on its behalf or closely linked to the third-country entity5 . A person acting on behalf of a third-country entity may do so: i. explicitly based on a contract; or ii. implicitly via an informal agreement. 20. Such persons may include so-called influencers, i.e., media-influential persons. Indications that a person is acting on behalf of a third-country entity may include, for example, directing the audience to the website of the third-country entity, enabling access to services offered by the third-country entity, promotional offers or displaying the logo of the third-country entity. The existence of any form of remuneration or benefit (monetary or non-monetary) provided by the third-country entity to a third party should be a strong indication that the third party is acting on behalf of the third- country entity. However, the absence of remuneration or benefits should not necessarily exclude the fact that a person may be acting on behalf of the third-country entity. 21. On the other hand, reviews of services or activities related to crypto-assets of a third-country entity on their own initiative (i.e., as long as they are not conducted on its behalf) should not be considered as solicitation conducted by or on behalf of the third-country entity. However, such reviews can only be considered as "own initiative" if the third-country entity was not aware of the review, did not agree to it, did not encourage it, or otherwise facilitated it. 22. Providing crypto-asset-related services after soliciting clients on behalf of a third-country entity by a person or entity regulated in the EU should still be considered a breach of the MiCA Regulation. For example, a credit institution, investment firm or payment service provider from the EU must not redirect clients (for example, via their website) to crypto-asset-related services provided by a third-country entity. This applies regardless of whether that third-country entity is part of the same group or not.

5 As defined in Article 3(31) of the MiCA Regulation.

8 5.3 Exclusive initiative of the client (Guideline 3.) 23. A third-country entity should not be deemed to be soliciting clients if a service or activity related to crypto-assets is provided exclusively on the own initiative of the client. The exclusive initiative of the client should be interpreted narrowly. 24. The assessment of whether a crypto-asset service provider solicited a client or if the contact was initiated exclusively by the client should be factual. Contractual arrangements or disclaimers cannot replace facts that state otherwise. 25. The reverse solicitation exemption is based on the assumption that a crypto-asset product, service or activity is provided on the exclusive initiative of the client. Article 61(2) of the MiCA Regulation leaves open the possibility for a third-country entity to advertise crypto-assets or services or activities related to crypto-assets of the same type to that client. However, the requirement that crypto-asset-related services be provided on the exclusive initiative of the client still applies. 26. Therefore, the timing of the client's request and the offer, promotion or advertising of other services or activities related to crypto-assets of the same type is important. This provision should therefore be interpreted such that third-country entities are not allowed to offer additional crypto- assets or services or activities related to crypto-assets to a client, even if such services or activities are of the same type as those originally requested by the client, unless they are offered in the context of the original transaction. 27. For example, if a client contacts a third-country entity to purchase crypto-asset X, the entity may at that time advertise crypto-assets of the same type to the client. However, the third-country entity would not be entitled to advertise additional transactions in crypto-asset X or transactions with similar crypto-assets to the client a month later. 28. Third-country entities should be able to provide evidence of client relationship tracking, and particularly regarding whether the client initiated the request for crypto-asset-related services in relation to a new product.

5.4 When a crypto-asset or service related to crypto-assets is of the same type as another crypto-asset or service related to crypto-assets (Guideline 4.) 29. Within the framework of the reverse solicitation procedure, the possibility remains open for a third-country entity to advertise crypto-assets or services or activities related to crypto-assets of the same type in the context of a relationship initiated on the exclusive initiative of a specific client, provided that the third-country entity also acts in accordance with the previous Guideline 3.

9 30. If a third-country entity wishes to avail itself of this possibility, it must assess in each individual case whether the crypto-assets or services or activities related to crypto-assets belong to the same type, taking into account elements such as i. the category of the offered crypto-asset or service or activity related to crypto-assets and ii. the risks associated with each asset or service or activity related to crypto-assets. 31. The categorization of crypto-assets and services or activities related to crypto-assets used by a third-country entity should be sufficiently detailed to ensure that the reverse solicitation exemption cannot be applied to circumvent the authorization requirements of Article 59 of the MiCA Regulation. 32. Below is a non-exhaustive list of pairs of crypto-assets that should not be considered to belong to the same type of crypto-assets for the purposes of the reverse solicitation exemption: • utility tokens, asset-referenced tokens or e-money tokens • crypto-assets that are not stored or transferred using the same technology • e-money tokens not linked to the same official currency • asset-referenced tokens mainly based on FIAT currencies and asset-referenced tokens that significantly include cryptocurrencies • liquid and illiquid crypto-assets • crypto-assets other than asset-referenced tokens and e-money tokens with an unidentifiable issuer and crypto-assets other than asset-referenced tokens and e-money tokens with an identifiable issuer. 33. Note that the above examples should not be interpreted a contrario. For example, e-money tokens not linked to the same official currency do not belong to the same type. However, the fact that two e-money tokens are linked to the same official currency does not necessarily mean they are of the same type. Similarly, crypto-assets that are not stored or transferred using the same technology do not belong to the same type. However, crypto-assets that are stored or transferred using the same technology are not necessarily of the same type.

10 6. Guidelines on supervisory practices to detect and prevent circumvention of the reverse solicitation exemption 34. Third-country entities may attempt to circumvent the authorization requirements of Article 59 of the MiCA Regulation through various means and practices. Therefore, it is crucial that competent authorities closely monitor the activity, if any, of third-country entities within their jurisdictions. Given that crypto-asset-related services are almost exclusively offered and promoted online, special emphasis should be placed on the online activities of third-country entities. 35. Competent authorities should apply one or more of the supervisory practices listed in the following guidelines. 6.1 Monitoring subjects targeting clients established or located in the EU or active in the EU (Guideline 1.) 36. Competent authorities may search for third-country entities with phone numbers starting with local dialing codes or with postal addresses, email addresses or websites indicating their presence in the EU, at least virtually, or referring to it (e.g., URLs ending in ".lu", ".de", ".fr", etc.). 37. Competent authorities may also conduct consumer surveys to identify entities that consumers use within their jurisdiction for crypto-asset-related services. 38. Competent authorities may use marketing tracking tools, especially those with the ability to track activity on social media, as they may indicate the geographic markets targeted by third-country entities. 6.2 Exchange of information with other bodies (Guideline 2.) 39. Competent authorities may cooperate closely with other bodies (national or foreign) that may have insight into whether third-country entities are offering services in the relevant market. Such bodies may include the police and local tax authorities.

11 6.3 Response to client complaints or whistleblowers (Guideline 3.) 40. Competent authorities should monitor client complaints or whistleblower information indicating that a third-country entity may have been soliciting clients within their jurisdiction.

12 Annex – Non-exhaustive list of examples of circumstances in which a third-country entity will likely be deemed to be soliciting clients in the EU The examples of circumstances listed in the table should be interpreted together with the relevant guidelines. Guideline Description Guideline 1. A third-country entity applies search engine optimization (SEO) strategies at a regional or country-specific level to optimize its online presence and achieve high rankings on search engine results pages (SERPs) of potential EU clients or SERPs of potential clients in specific Member States. The aim of SEO is to improve the ranking of websites in (unpaid) search results. Successful SEO leads to increased internet traffic and brand exposure. Regional or country-specific SEO allows a third-country entity to appear higher on SERPs of potential EU clients. Region- or country-specific SEO may include, for example: 41. use of a country code top-level domain (ccTLD) in the domain name (such as ".fr", ".es", ".at") 42. use of a generic top-level domain (such as ".com" or ".org") with subdirectories specific to individual EU countries (such as ".com/fr", ".org/es") in the domain name 43. use of a generic top-level domain, but setting geographic targeting when setting criteria in SEO tools 44. use of geographically targeted link building6 as part of a marketing strategy to increase traffic from potential clients based in the EU (for example, a third-country entity uses backlinks on websites with a ccTLD or subdirectory specific to a specific EU country).

6 Geographically targeted link building occurs when an entity receives backlinks from other websites within a specific geographic region. A backlink is a link from another website to the entity's website, thereby redirecting or encouraging internet traffic from the original website to the other website.

13 Guideline 1. A third-country entity uses geo-targeting strategies to run digital ads either on SERPs or on social media platforms, targeting potential EU clients or potential clients in specific Member States. Guideline 1. A third-country entity has a website or part of a website in one of the official EU languages, which is not common in the field of international finance, (or integrated translation tools on its website) and there are no indications that such a third-country entity originates from a jurisdiction using the same language or that the third-country entity has a clientele or is targeting potential clients using the same language in a jurisdiction outside the EU. Guideline 1. A third-country entity sponsors a sports event related to the EU or a specific Member State, such as a national championship or a European championship. Guideline 1. A third-country entity redirects potential EU clients to its website by including a link to such website in training or educational materials. Guideline 1. A crypto group (including regulated EU entities and third-country entities) uses strategies that do not sufficiently allow a client to distinguish between the offer of regulated EU entities and the offers of third-country entities. Guideline 1. A third-country entity responds to EU inquiries about services or activities not regulated by the MiCA Regulation and uses its responses to advertise its services or activities related to crypto-assets. Guideline 2. A third-country entity uses the website of an affiliated EU entity or an EU entity, regardless of whether it is regulated or not, to display its logo, backlinks to its website or to promote its services or activities related to crypto-assets. Guideline 2. A third-country entity uses an influencer or content creator from the EU and pays them remuneration to promote its crypto-assets or services or

14 activities related to crypto-assets or to build its profile on social media or in any other way. Guideline 2. A crypto-asset service provider regulated at the EU level redirects EU clients intending to trade an unauthorized asset-referenced token to a trading platform or broker of its group outside the EU. Guideline 3. An EU client wishing to purchase crypto-assets contacts a third-country entity. An EU client installs the third-country entity's mobile application on their mobile phone to trade such crypto-assets