The marketing-relevant articles of MiCA, the FCA cryptoasset financial-promotions regime, and GDPR — each with quoted text, what it requires, the common ways companies trip it, and how to fix it. Reference pages, not opinion.
Markets in Crypto-Assets Regulation. Applies to any marketing communication directed at EU consumers by a CASP, issuer, or offeror. In force since 30 December 2024 for stablecoins, 30 June 2024 for other tokens.
Section 21 FSMA, the Financial Promotion Order, and COBS 4.12A. Applies to any cryptoasset promotion communicated to UK consumers — including by overseas firms. October 2023 regime, hardened by 2026 enforcement.
General Data Protection Regulation and ePrivacy Directive. Applies to every marketing email, signup form, cookie banner, and automation flow that touches an EU/EEA resident. The marketing-relevant subset of GDPR is narrower than people think — and most violations cluster in the same five articles.
“Clear, fair, and not misleading.” The headline rule. Most enforcement actions in 2025–2026 trace back to here.
Risk warnings must be balanced with the prominence of the benefit claim. Hero promises without paired warnings fail here.
Every claim in a marketing communication must be consistent with the published whitepaper. The number-one finding on launch audits.
Paid endorsements must be disclosed as marketing communications. The 2026 enforcement vector that caught HTX.
The exact 100-word warning. Wording, prominence, placement. Post-HTX, this is the line FCA examiners start at.
A first-time investor cannot complete a cryptoasset purchase within 24 hours of receiving the direct-offer financial promotion. Funnel design constraint, not a footer note.
Before a first-time investor can transact, the firm must show a personalised risk warning and run an appropriateness assessment. Not a checkbox; a sequenced flow.
Refer-a-friend, sign-up bonus tokens, “trade $X get $Y” promotions are banned in the UK cryptoasset perimeter. Affects every growth team that imported a fintech playbook.
What “freely given, specific, informed, and unambiguous” actually requires in a signup form. The bar is higher than most teams build for.
When your segmentation engine decides who gets the offer, it’s automated decision-making with legal effect. Most growth stacks are inside this article without realising.
Paste any crypto marketing copy or URL. Verdict against the relevant framework in seconds. The fastest way to find out which rules you’ve hit.
A signed compliance audit across MiCA, FCA, and GDPR for a single asset or page. Five business days. From €4,950.
The line item that fails first is marketing. Why most exchanges shipped non-compliant copy through Q1 2026.
Every marketing claim a CASP makes is about to be machine-verifiable. The rules pages are the upstream input.