MiCA Reverse Solicitation Guidelines 2025: Complete ESMA Compliance Guide

What Is Reverse Solicitation Under MiCA?

Reverse solicitation is a regulatory concept that applies when an EU-based client independently and on their own exclusive initiative contacts a third-country firm to receive crypto-asset services. Under Article 61 of MiCA, when a service is genuinely initiated by the client, the third-country firm may provide that specific service without holding a MiCA authorisation. This represents a narrow exception to MiCA’s general requirement that any firm providing crypto-asset services to clients in the EU must be properly authorised.

The concept originates from traditional financial services regulation, where it has been applied under the Markets in Financial Instruments Directive (MiFID II) and other EU financial legislation. However, the crypto-asset industry presents unique challenges. Unlike traditional finance, crypto services are overwhelmingly offered online, through mobile applications, and via social media channels — making the boundaries between active solicitation and passive service provision significantly harder to draw.

ESMA’s guidelines explicitly acknowledge this challenge and respond with a broad, technology-neutral approach to what constitutes solicitation. The regulator makes clear that virtually any form of promotion, advertisement, or offer directed at EU clients — through any medium — can constitute solicitation. This includes not only traditional advertising but also SEO strategies, social media campaigns, influencer partnerships, sponsorship deals, and even participation in trade fairs where EU attendees may be present.

The practical consequence for third-country firms is stark: the reverse solicitation exemption is designed to be an exception, not a business model. ESMA’s guidelines close many of the perceived loopholes that some firms had been exploiting to serve EU clients without authorisation, making it substantially harder to rely on the reverse solicitation exemption as a primary market access strategy.

Scope and Applicability of ESMA’s Guidelines

The MiCA reverse solicitation guidelines apply to two distinct audiences. First, they address competent authorities as defined in Article 3(1)(35) of MiCA — the national regulatory bodies responsible for supervising crypto-asset markets in each EU Member State. These authorities are expected to incorporate the guidelines into their supervisory frameworks and use them to detect and prevent circumvention of MiCA’s authorisation requirements.

Second, Section 5 of the guidelines directly addresses third-country firms themselves. A “third-country firm” is defined as any firm that would be subject to Article 59 of MiCA if its head office or registered office were located within the EU. This broad definition captures any entity worldwide that provides or seeks to provide crypto-asset services — including exchanges, custodians, brokers, portfolio managers, and advisory firms — regardless of their home jurisdiction’s regulatory framework.

The guidelines were published under Article 61(3) of MiCA, which mandates ESMA to issue guidance on situations where third-country firms are deemed to solicit EU clients. Their stated objectives are to establish consistent, efficient, and effective supervisory practices within the European System of Financial Supervision (ESFS) and to ensure common, uniform, and consistent application of Article 61 across all Member States.

Under the compliance framework established by the ESMA Regulation (EU) No 1095/2010, competent authorities must notify ESMA within two months of publication whether they comply, intend to comply, or do not comply with the guidelines — and provide reasons for any non-compliance. This “comply or explain” mechanism creates strong incentives for harmonised implementation across the EU.

Guideline 1: Means of Solicitation — A Broad and Technology-Neutral Approach

ESMA’s first guideline establishes that the solicitation of clients by third-country firms should be construed broadly and in a technology-neutral way. This is arguably the most impactful provision of the entire guidance document, as it effectively creates a wide net that captures virtually any form of outreach or marketing directed at EU clients.

The guidelines provide a non-exhaustive list of solicitation methods that includes internet commercials, brochures, telephone calls, emails, banners, pop-ups, social media tools, face-to-face meetings, press releases, websites, mobile applications, road shows, trade fairs, invitations to events, affiliation campaigns, retargeting of advertising, invitations to fill response forms or follow training courses, messaging platforms, and sponsorship deals.

Critically, ESMA clarifies that even promotions, advertisements, and marketing of a general nature — such as brand advertisements addressed to the public with broad and large reach — may constitute solicitation. This means that a global advertising campaign not specifically targeted at EU consumers could still be deemed solicitation if EU consumers are exposed to it and there are insufficient measures to exclude them.

The guidelines also address the specific case of educational materials and industry events. While genuinely educational content focused on technology and innovation should not be considered solicitation, ESMA draws a clear line: if educational materials direct the audience to a firm’s website, provide means of access to its services, distribute service-related brochures, invite attendees to complete client profiles, or in any manner promote the firm’s services, they cross into solicitation territory.

Guideline 2: The Person Soliciting — Beyond the Firm Itself

ESMA’s second guideline extends the solicitation analysis beyond the actions of the third-country firm itself. Competent authorities should consider that solicitation may occur irrespective of the person through whom it is performed. The solicitation can be carried out by the firm directly or by any person acting on its behalf or having close links with the firm — whether through express contractual arrangements or informal agreements.

This guideline has profound implications for the crypto industry’s marketing ecosystem. ESMA specifically identifies influencers as potential agents of solicitation. The guidelines outline several indicators that a person is acting on behalf of a third-country firm: directing audiences to the firm’s website, providing means of access to the firm’s services, offering promotional deals, displaying the firm’s logo, or receiving any form of remuneration or benefit (monetary or non-monetary) from the firm.

Importantly, ESMA notes that the absence of remuneration does not necessarily exclude the possibility that a person is acting on behalf of a third-country firm. This means that even unpaid partnerships, affiliate arrangements, or informal promotional relationships could be considered solicitation if they effectively direct EU clients to the firm’s services.

The guidelines distinguish between solicitation and genuine independent reviews. Own-initiative reviews of a third-country firm’s services should not be regarded as solicitation — but only where the firm does not have knowledge of the review and has not consented, encouraged, or otherwise facilitated it. This creates a high evidentiary bar: any indication that the firm was aware of or facilitated the review could transform it from an independent assessment into an act of solicitation.

Perhaps most significantly, ESMA clarifies that the involvement of EU-regulated entities does not sanitise the solicitation. An EU credit institution, investment firm, or payment service provider that redirects clients to crypto-asset services provided by a third-country firm — whether part of the same group or not — is still engaged in an activity that constitutes solicitation and breach of MiCA. This provision directly targets the practice of using EU-licensed entities as gateways to unregulated third-country services.

Guideline 3: Exclusive Initiative of the Client — A Narrow Construction

The third guideline addresses the core of the reverse solicitation exemption: when can a service be considered to have been initiated exclusively by the client? ESMA’s answer is clear — this criterion should be construed narrowly. The assessment must be factual, and contractual arrangements or disclaimers cannot supersede contrary facts. This means that boilerplate terms of service stating that the client acted on their own initiative will not protect a firm if the surrounding circumstances suggest otherwise.

ESMA introduces a critical temporal dimension to the analysis. While Article 61(2) of MiCA allows a third-country firm to market crypto-assets or services of the same type to a client who initially approached the firm on their own initiative, this permission is strictly limited to the context of the original transaction. A firm cannot use an initial client-initiated contact as a permanent marketing licence.

The guidelines provide a concrete example: if a client contacts a third-country firm to buy crypto-asset X, the firm may at that specific point in time market other crypto-assets of the same type. However, the firm would not be entitled to market further crypto-asset X transactions or transactions in similar crypto-assets to the client a month later. This creates what is effectively a “one-shot” permission tied to the original interaction, not an ongoing marketing relationship.

Third-country firms are expected to maintain detailed records tracking the relationship with each client, particularly documenting whether the client genuinely initiated each request to receive crypto-asset services. This record-keeping requirement places the burden of proof squarely on the firm to demonstrate that the reverse solicitation exemption applies to any given transaction or relationship.

The practical examples in the Annex further illustrate ESMA’s strict approach. Push notifications sent two days after an initial transaction encouraging clients to check trending crypto-assets constitute impermissible solicitation. Similarly, promotional push notifications sent two months after an initial transaction clearly fall outside the exemption. These examples make clear that mobile application features commonly used by crypto platforms — such as push notifications, in-app promotions, and personalised recommendations — can easily violate the reverse solicitation framework.

Guideline 4: Same Type Classification of Crypto-Assets and Services

ESMA’s fourth guideline addresses a technical but crucial question: when is a crypto-asset or crypto-asset service of the “same type” as another? This matters because Article 61(2) of MiCA permits third-country firms to market same-type assets or services in the context of a client-initiated relationship. A broader interpretation of “same type” would expand the exemption; ESMA opts for a narrow, granular approach.

The guidelines establish that the assessment must be conducted on a case-by-case basis, considering both the category of the crypto-asset or service and the risks attached to each. Critically, the categorisation must be granular enough to prevent the reverse solicitation exemption from being used to circumvent MiCA’s authorisation requirements.

ESMA provides a non-exhaustive list of pairs of crypto-assets that should not be considered as belonging to the same type:

• Utility tokens vs. asset-referenced tokens vs. electronic money tokens — These fundamental MiCA categories are distinct types by definition
• Crypto-assets using different technologies — Assets not stored or transferred using the same underlying technology are different types
• Electronic money tokens referencing different currencies — A EUR-backed e-money token is not the same type as a USD-backed one
• Fiat-dominated ARTs vs. crypto-heavy ARTs — Asset-referenced tokens based mostly on fiat currencies differ from those with significant cryptocurrency weightings
• Liquid vs. illiquid crypto-assets — The liquidity profile creates distinct risk categories
• Identifiable vs. non-identifiable offeror tokens — The presence or absence of an identifiable offeror creates different risk profiles

ESMA adds a critical interpretive note: these pairs should not be read as implying that the inverse is true. For example, while electronic money tokens referencing different currencies are definitely not the same type, two tokens referencing the same currency are not necessarily the same type either. This one-directional logic further narrows the scope of the exemption. The Annex reinforces this with examples such as a firm contacted to provide an asset-referenced token that then markets “meme coins” — clearly different types — or offers bundled service packages exceeding the originally requested service.

Supervisory Practices for Detecting Circumvention

Section 6 of the guidelines shifts focus from the conduct of third-country firms to the supervisory tools available to competent authorities. ESMA recognises that circumvention attempts are inevitable, particularly given that crypto-asset services are “almost exclusively offered and promoted online.” The guidelines therefore equip national regulators with a comprehensive monitoring toolkit.

Under Guideline 1 on monitoring, competent authorities are encouraged to search for third-country firms using local telephone numbers, mailing addresses, email addresses, or website URLs that indicate a presence — even a virtual one — in the EU. This includes URLs ending with country-code top-level domains such as “.de”, “.fr”, or “.lu”. Authorities may also conduct consumer surveys to identify which firms consumers use for crypto-asset services and deploy marketing monitoring tools — particularly those capable of tracking social media activity — to identify geographic markets being targeted by third-country firms.

Under Guideline 2 on inter-authority cooperation, competent authorities are encouraged to collaborate with other national and foreign authorities that might have insight into third-country firm activities. This includes law enforcement, tax authorities, and other financial regulators who may encounter evidence of unlicensed crypto-asset service provision in the course of their own supervisory work.

Under Guideline 3 on complaints and whistle-blowers, competent authorities should follow up on complaints from clients or information from whistle-blowers indicating that a third-country firm might have been soliciting clients in their jurisdiction. This creates a multi-layered detection framework combining proactive monitoring, inter-agency intelligence sharing, and reactive complaint handling.

Practical Implications for Third-Country Crypto Service Providers

The MiCA reverse solicitation guidelines create significant practical challenges for third-country crypto-asset service providers that have been serving EU clients. Several immediate compliance actions are necessary for firms that wish to continue relying on the reverse solicitation exemption.

First, firms must conduct a comprehensive audit of all their marketing activities, digital presence, and distribution channels to identify any elements that could be construed as solicitation under ESMA’s broad interpretation. This includes reviewing SEO strategies, advertising campaigns, social media activity, influencer partnerships, event sponsorships, mobile application features, and website language options. Any EU-targeted element must be eliminated or geo-blocked.

Second, firms should implement robust geo-blocking and geo-fencing measures. ESMA explicitly suggests that third-country firms may avoid being considered as soliciting EU clients by not accepting new EU client accounts and by geo-blocking access to their services. This includes blocking IP addresses originating in the EU and removing mobile applications from EU country stores. These measures must be genuinely effective, not merely cosmetic.

Third, client onboarding and record-keeping procedures must be enhanced. Firms must maintain detailed documentation demonstrating that each EU client relationship was initiated exclusively by the client. This includes timestamps, communication records, and evidence that no marketing or promotional contact preceded the client’s initial approach. Given ESMA’s position that contractual disclaimers cannot override contrary facts, these records must reflect genuine reality rather than legal formalities.

Fourth, firms must review their mobile application features. Push notifications, in-app promotions, personalised recommendations, and cross-selling features — standard tools in the crypto industry — can all constitute impermissible solicitation under the guidelines. Any automated communication beyond the immediate context of a client-initiated transaction risks violating the reverse solicitation framework.

Fifth, group structures require particular attention. ESMA’s guidelines make clear that EU-regulated entities within the same group cannot serve as marketing or referral channels for third-country affiliates. Crypto groups operating both EU-licensed and non-EU entities must establish clear information barriers and ensure that clients can clearly distinguish between the offerings of different group entities. Firms should consult the full ESMA guidelines document for the complete non-exhaustive list of solicitation scenarios.

SEO Strategies as Solicitation: A Novel Regulatory Position

One of the most striking and innovative aspects of ESMA’s guidelines is the explicit identification of search engine optimisation (SEO) strategies as a form of solicitation. The Annex to the guidelines provides detailed examples of how regional or country-specific SEO can constitute solicitation of EU clients — a position that is without clear precedent in traditional financial regulation.

ESMA identifies several specific SEO practices that could trigger solicitation:

• Using country-code top-level domains (such as “.fr”, “.es”, “.at”) in the domain name
• Using generic TLDs with EU country-specific subdirectories (such as “.com/fr”, “.org/es”)
• Setting geographic targeting for EU countries in SEO tools
• Employing geo-targeted link building to generate traffic from EU-based potential clients, including obtaining backlinks from websites with EU country-specific TLDs

This position reflects ESMA’s understanding that in the digital age, SEO is not a neutral or passive activity — it is a deliberate strategy to attract traffic from specific geographic markets. A third-country firm that optimises its web presence for EU search results is actively reaching out to EU consumers, even if no traditional advertisement is involved.

The implications extend to geo-targeted digital advertising on both search engine results pages and social media platforms. Any paid advertising that targets EU users — whether through geographic parameters in ad platforms, language targeting, or audience selection criteria — constitutes solicitation. Combined with the broad definition of general advertising as potential solicitation, this creates an environment where third-country firms must be extremely careful about their entire digital marketing footprint.

For the crypto industry, which relies heavily on digital marketing and SEO for customer acquisition, this position represents a fundamental shift. Firms must ensure that their digital marketing strategies actively exclude EU audiences through geographic restrictions, negative keyword targeting, and audience exclusion lists. Failure to implement these measures could result in the firm being deemed to have solicited EU clients, voiding any reliance on the reverse solicitation exemption. This regulatory approach is part of ESMA’s broader MiCA knowledge and competence guidelines framework for ensuring high standards across the crypto-asset sector.

Connection to Broader EU Regulatory Framework

The MiCA reverse solicitation guidelines do not exist in isolation but form part of an increasingly comprehensive EU regulatory architecture for crypto-assets and financial services. Understanding these interconnections is essential for firms navigating the European regulatory landscape.

MiCA itself, Regulation (EU) 2023/1114, establishes the foundational framework for crypto-asset regulation in the EU. The reverse solicitation guidelines interpret a specific provision within this broader regime, but firms must comply with MiCA’s full range of requirements — including authorisation, capital adequacy, governance, consumer protection, and market abuse rules — if they wish to actively serve EU clients.

The European Commission’s Digital Finance Strategy provides the strategic context for MiCA and related legislation. The Commission has consistently emphasised the need for a technology-neutral regulatory framework that supports innovation while protecting consumers and maintaining financial stability. The reverse solicitation guidelines reflect this balance by preserving a narrow exemption for genuinely client-initiated services while closing loopholes that could undermine consumer protection.

The guidelines also align with broader EU efforts to combat financial crime in the crypto sector. The requirements for firm identification, client record-keeping, and supervisory cooperation mirror anti-money laundering principles reflected in the EBA’s analysis of money laundering and terrorist financing risks in the crypto sector. Competent authorities’ collaboration with police and tax authorities under the supervision guidelines further reinforces this connection.

From a financial stability perspective, ESMA’s approach connects to the EBA Risk Assessment Report, which monitors systemic risks across the financial sector including those arising from crypto-asset activities. By restricting unauthorised third-country firm access to EU markets, the reverse solicitation guidelines contribute to the broader goal of ensuring that crypto-asset services in the EU are provided by properly supervised entities.

Enforcement Outlook and National Implementation

While ESMA’s guidelines are not directly binding legislation, their practical impact should not be underestimated. Under the “comply or explain” mechanism, competent authorities face strong incentives to incorporate the guidelines into their supervisory frameworks. Once adopted at the national level, these principles become the standard against which firm conduct is assessed.

National competent authorities across the EU are now equipped with a harmonised toolkit for detecting and sanctioning reverse solicitation violations. The combination of proactive online monitoring, inter-authority cooperation, and whistle-blower-driven investigations creates multiple detection channels. Firms that have been operating in a regulatory grey area will find that area significantly narrowed.

The enforcement landscape is likely to evolve rapidly. As competent authorities deploy the monitoring tools described in the guidelines — particularly social media monitoring and consumer surveys — a clearer picture of the scope of unlicensed third-country activity in EU markets will emerge. This intelligence will inform both individual enforcement actions and potential future regulatory tightening.

For third-country firms, the calculus has changed fundamentally. The cost of maintaining a questionable reverse solicitation strategy now includes not only the risk of enforcement action in any single Member State but the risk of coordinated action across the EU, facilitated by ESMA’s role in promoting supervisory convergence. The more prudent approach for firms serious about serving EU clients is to pursue full MiCA authorisation, establishing a regulated presence in the EU through direct authorisation or through partnerships with EU-authorised entities.

Interactive Experience: ESMA MiCA Reverse Solicitation Guidelines

Explore our interactive analysis of the complete ESMA MiCA reverse solicitation guidelines. Navigate through each guideline, examine practical examples, and understand the compliance requirements through an engaging visual format designed to make complex regulatory content accessible and actionable.

Access the Full Interactive Analysis