Tuesday afternoon. The token-launch landing page has been in review for three days. Compliance counsel is on parental leave. The CEO is asking why this is taking so long. Someone has to make a call. Five MiCA checks, in the actual order I run them, on the actual kind of page a crypto company is reviewing on a Tuesday afternoon.
It's Tuesday afternoon. The token-launch landing page has been in review for three days. The design team has shipped two rounds of revisions. Marketing wants to send the campaign emails on Thursday. The CEO is in a Slack thread asking why this is still being argued. Compliance counsel is on parental leave for two more weeks.
Someone has to make a call.
This is the moment, in every crypto company I've worked inside, where the seniority of your marketing function is tested. Not the moment when the strategy is set. Not the moment when the brand book is debated. The moment when a piece of marketing copy is sitting in front of someone, and they have to decide whether shipping it creates more risk than not shipping it. Most companies fail this test invisibly, because the cost of getting it wrong only shows up months later, in a regulator's letter or a Twitter thread or a customer complaint that turns into a class-action.
I want to walk through what the check actually looks like. Not the abstract framework — the actual checks, in the actual order I run them, on the actual kind of page a crypto company is reviewing on a Tuesday afternoon.
The example below is composite — drawn from real assets I've reviewed across two international exchanges, anonymized and recombined. The page describes a token-yield product. It says, roughly:
Earn up to 14% APY on your idle ETH with [Product]. Our institutional-grade yield strategy has delivered consistent returns since launch. Risk-free rewards, automated daily. Get started in under a minute.
Three paragraphs of body copy follow that, plus a CTA, plus the standard footer with an unsubscribe link and the legal disclaimer in 9-point grey type. The product is real. The yield is real. The team is real. The compliance counsel signed off on the underlying tokenomics last quarter. So what's the problem?
There are, in roughly the order I'd surface them, five.
MiCA Article 88 requires that marketing communications for crypto-assets contain clear risk warnings. The word "clear" is doing a lot of work in that sentence. It is not, contrary to common practice, satisfied by a one-line risk disclaimer at the bottom of the page in font size 9, grey on white, below the unsubscribe footer.
The European Securities and Markets Authority has been increasingly explicit about this in its 2025 guidance updates. A risk warning is "clear" when it is in the same visual block as the value proposition. Not in the footer. Not in a footnote. Not behind a "see disclosures →" link. Adjacent to the claim it is qualifying.
The page above has the words "14% APY" in the H1, ~48 pixel font, vibrant against a gradient background. The risk warning, if it exists, is in the boilerplate footer alongside the privacy policy link.
This is the most common MiCA marketing violation I see across the industry, and the cheapest one to fix. The fix is not to remove the yield claim — that's the whole product. The fix is to put a single sentence, in the same visual block as the H1, that says something like: "Crypto-asset yield is highly volatile. Your capital is at risk. Past performance does not guarantee future results." Visible without scrolling. The same font weight as the body copy. Not buried.
A regulator who opens this page on their phone and scrolls to the value proposition before seeing any risk language has all the evidence they need that the marketing communication is not "fair, clear, and not misleading" in the MiCA sense. That is a Tuesday-afternoon problem you don't need to have.
The page uses the phrase "risk-free rewards, automated daily."
Three words to grep before you ship anything: guaranteed, risk-free, passive income. Every single one is a near-automatic flag under MiCA Article 88(1)'s misleading-communications test.
This isn't a regulator-being-pedantic problem. There is a real reason every European financial regulator has, in different language, said versions of: "You may not market a yield-bearing crypto product as risk-free, because no yield-bearing crypto product is risk-free, and the misleading impression you create on a retail consumer who reads that phrase is the harm the regulation exists to prevent." The yield in this product depends on smart contract risk, counterparty risk, oracle risk, depeg risk, withdrawal-pause risk, and the platform's solvency. Even at the platform's best execution, "risk-free" is not a defensible claim.
You have three options. Replace "risk-free" with "automated" (which is actually what the sentence is trying to convey). Or replace the whole sentence with hedged language: "Yield is automated and paid daily, subject to smart-contract performance and market conditions." Or — and I see this surprisingly often — admit that "risk-free" is in the copy because the copywriter pasted it from a competitor's page, and rewrite the sentence from scratch.
The grep is two minutes. The fix is five. The regulatory exposure of leaving the phrase in production is not bounded.
This is the check that distinguishes senior marketers from everyone else. The page above says the strategy is "institutional-grade" and has "delivered consistent returns since launch."
Open the product whitepaper. What does it actually say about the strategy?
In every real-world version of this scenario I've seen, the whitepaper says something more nuanced than "institutional-grade." The whitepaper might describe a specific yield mechanism — collateralized lending, a perpetual basis trade, a market-making strategy. It will describe its risk profile honestly, because the whitepaper has to. The marketing page describes it as "institutional-grade" because the marketing page is selling something.
When the marketing page makes a claim that does not appear in the whitepaper, or makes a claim that the whitepaper qualifies more carefully, that gap is a MiCA Article 88(1) issue waiting to happen. It is also — and this matters more — the gap that creates legal liability when a customer says they were misled.
The check is mechanical: take every load-bearing claim from the marketing page. Find its corresponding language in the whitepaper. If the whitepaper version is more cautious than the marketing version, the marketing version has to match. Not the other way around.
This is the kind of check a junior copywriter literally cannot run, because it requires reading the whitepaper, understanding the strategy, and recognising the difference between "institutional-grade" in marketing-speak and "a delta-neutral basis trade with X% historical drawdown" in whitepaper-speak. It is the cheapest, highest-leverage check a senior marketer brings to the function. It is also the check that compliance counsel, if they are not also a marketer, will not run.
The product page is reachable globally. The button says "Get started in under a minute." The disclaimer at the bottom says "available to verified users in eligible jurisdictions."
Two questions follow.
First: which jurisdictions, exactly? "Eligible" is doing all the legal work but none of the disclosure work. A retail user in the United States — where the SEC has spent five years arguing that crypto-yield products are unregistered securities — sees this page and has no signal that the product is, or is not, available to them. A retail user in the UK sees the same page and is reading it under the FCA's financial promotions regime, which has its own list of things you have to say and things you cannot say. A retail user in Singapore is looking at marketing under the Monetary Authority's restrictions on retail solicitation of digital payment tokens.
The same homepage cannot serve all of these jurisdictions with the same copy. It has to either geo-fence the marketing surface itself, or it has to disclose the jurisdictional limitations prominently enough that a sophisticated user would not be misled.
Second question: what does "in under a minute" mean? KYC processes that take under a minute either skip required identity verification or use the kind of fast-pass flow that creates AML exposure. The phrase is a marketing optimization that creates regulatory exposure on at least three fronts. Either the KYC actually takes longer (in which case the claim is misleading) or the KYC is genuinely sub-minute (in which case there are bigger questions to ask about the underlying compliance posture).
The fix here is harder than the previous three checks because the fix isn't a copy edit. The fix is a structural conversation about whether the marketing surface should be geo-restricted, jurisdictionally-disclosed, or honestly-paced. That conversation has to happen upstream of the marketing review, ideally between the CMO and the compliance lead. If the conversation hasn't happened yet, the marketing page is not the right place to fix the problem, but it is the place where the unfixed problem will most loudly show up to a regulator.
Open the page on a phone. Don't scroll. What do you see in the first viewport?
If the answer is "the yield number, the CTA, and a hero image," the page is failing the prominence test even if all the legal language is technically present further down. MiCA Article 88's fair, clear, and not misleading requirement is, in practice, also a visual requirement. ESMA's marketing-communications guidance is increasingly clear that the prominence of the marketing claim and the prominence of the risk-qualifier should be in proportion.
If your hero number is 48 pixels and your risk warning is 9 pixels, that ratio itself is evidence of misleading prominence. Even if both texts are technically on the page.
The check on this is harder than the previous four because it requires design judgment. The fix is also harder, because design teams are usually reluctant to give up the visual hierarchy that makes the value proposition pop. But the conversation, once made specific — "the risk warning needs to be in this viewport, in this font weight, adjacent to this claim, before this page can ship" — usually resolves quickly. The reluctance is not because design doesn't believe in the goal. The reluctance is because nobody has previously asked them to design for compliance prominence as a constraint, and they default to legal-team-asks-for-fine-print.
There are 35 more rules in the full version of this audit. Token-launch-specific. Stablecoin-specific. KOL-disclosure-specific. ESMA-2025-update-specific. The five above are the ones that catch the most marketing copy on most platforms most of the time, which is why we ship them as the public version of the check at northpoint.fi/check/mica.
What the checklist is not is a substitute for legal review. The check tells you which rules a piece of copy is in tension with. It does not tell you whether the copy is, in your specific business context, defensible to a regulator who opens an inquiry. That conversation involves your compliance counsel, your jurisdictional posture, your business priorities, and a lot of context that no rule engine can know about you.
What the checklist is, properly used, is the layer that runs before legal review — so that legal review is a conversation about the genuinely hard cases instead of a conversation about why the H1 says "risk-free." Legal counsel's time is the most expensive resource in the marketing function. Spending their attention on flagging the word "guaranteed" — a check the AI does in 200 milliseconds — is a category error. Spending their attention on the structural jurisdictional question is what they're for.
When a piece of marketing copy is sitting in front of you on a Tuesday afternoon and you have to decide whether it ships, the question isn't "is this perfect?" The question is: "have we run the cheap checks?"
Five rules. Two minutes per check. Most pages flag at least one. The pages that don't flag anything are the ones the operator can ship with confidence on a Tuesday afternoon while compliance counsel is on leave. The pages that flag three or four of the five are the ones where the operator's job is not to ship them — it is to walk back to design and rewrite them, and to do so without making it a production.
That's the discipline. Not aesthetic, not legal, not strategic. Operational.
If you want to run the same check on your own page right now, the public version is at northpoint.fi/check/mica. It checks five of the forty rules — the ones above, plus a couple of others. It takes about ten seconds. Most pages catch at least one flag, which is approximately the moment people start asking whether the full audit is worth knowing about.
The subscription that productizes the five checks above plus 35 more, an emergency comms hotline, weekly intelligence on competitors and regulators, and a monthly call with an ex-exchange CMO. From €2,500/mo.
The public 5-rule version of the audit. Paste any crypto marketing copy. Get a verdict in seconds.
The strategic counterpart to this tactical piece. Why the marketing function is the line item that fails first when MiCA enforcement starts on July 1.