Reverse solicitation is the most misunderstood concept in MiCA. Founders and offshore operators repeatedly believe it works as a general workaround: incorporate in Dubai or the Cayman Islands, set up a website, and serve EEA customers under a 'they came to us' theory. The Markets in Crypto-Assets Regulation, MiCA Article 61, and MiCA Recital 75, read together with the ESMA Statement on reverse solicitation published in October 2024, leave almost no room for that interpretation. Reverse solicitation is a narrow exemption, the burden of proof sits on the third-country firm, and ESMA has signalled active enforcement against operators that try to stretch it.¹[1]²[2]³[3]⁴[4]
What reverse solicitation does cover: a one-off, fully unsolicited approach by an EEA resident to a non-EU CASP, where the client initiates contact through their own exclusive own initiative without any active marketing, paid promotion, app-store targeting, or affiliate referral pulling them toward the firm. The exemption is consumer-facing and per-service: a reverse-solicited exchange relationship does not authorise the firm to subsequently offer custody, advice, or any new category of crypto-assets to that same client without a CASP authorisation.
This guide explains what reverse solicitation actually is, how ESMA defines 'exclusive initiative' and 'active marketing', the 30-day rule on new product offerings, the practical scenarios that pass and fail the test, what ESMA's October 2024 Statement signals about enforcement, and the operational architecture that minimises risk for non-EEA firms with legitimate inbound EEA demand.
What MiCA Reverse Solicitation Actually Is
Article 61 of the Markets in Crypto-Assets Regulation creates a narrow exemption: a third-country firm may provide a crypto-asset service to an EEA-resident client if and only if that client approached the firm at their exclusive own initiative. Recital 75 explicitly warns that the exemption must not be used to circumvent MiCA — the operating presumption is that any third-country firm with EEA-resident clients is in breach unless it can prove otherwise.
The exemption mirrors the equivalent regime under MiFID II Article 42 for investment services. ESMA has signalled in multiple public statements that it will interpret MiCA reverse solicitation as restrictively as it has interpreted the MiFID II equivalent — and ESMA's MiFID II case law, particularly post-Brexit on UK firms serving EU clients, is among the most restrictive interpretations of any reverse-solicitation regime in EU financial services.⁶[5]
What Counts as 'Active Marketing' Into the EEA
If you do any of the things below, you are not relying on reverse solicitation — you are providing crypto-asset services to EEA residents through active marketing, and you need a CASP authorisation. The list is non-exhaustive but reflects ESMA's stated and inferred position.
Activities ESMA treats as 'active marketing' into the EEA — each defeats the reverse-solicitation defence.
| Activity | Treatment | Notes |
|---|---|---|
| Paid advertising targeting EEA IP addresses or postcodes | Active marketing | Includes Google Ads geo-targeting, Meta location targeting |
| EEA-language website or app interface (German, French, Italian, Spanish) | Active marketing | Even with a 'not for EEA residents' disclaimer |
| App-store listing accessible from EEA storefronts | Active marketing | Even with terms-of-service exclusion |
| Affiliate or referral programme paying for EEA-resident sign-ups | Active marketing | Affiliate compensation = solicitation |
| Influencer or KOL marketing whose audience includes EEA residents | Active marketing | ESMA cites this explicitly in the October 2024 Statement |
| Industry-conference sponsorships or speaker slots in EEA venues | Active marketing | Booth, branded merchandise, lead capture |
| Email campaigns to EEA-resident lists | Active marketing | Cold outreach is unambiguous |
| LinkedIn / X / Telegram targeted advertising in EEA member states | Active marketing | Paid social = solicitation |
| Press releases distributed via wires reaching EEA media | Active marketing | Disseminating via Reuters / Bloomberg = active |
| Blog post translated into EEA languages | Active marketing | Translation suggests intended audience |
| A purely English-language blog post visible globally | Borderline — usually not active marketing | Subject to other indicators |
Geo-blocking is a meaningful defensive control but not a complete defence. ESMA has signalled that geo-blocking lowers risk but does not by itself save a firm whose marketing was demonstrably targeted at EEA audiences in the first place. Deploy geo-blocking and EEA-IP exclusion alongside an active-marketing audit, not as a standalone fix.
The Exclusive Initiative Test
Reverse solicitation only applies when the client approached at their exclusive own initiative. The ESMA Statement on reverse solicitation unpacks this in detail, alongside the EBA Guidelines on AML risk for cross-border services. The client must initiate the contact, the firm must not have communicated with the client beforehand in any way that could have prompted the approach, and the firm bears the burden of demonstrating both.⁵[6]
Cold outbound contact from the firm to the client — automatically defeats reverse solicitation.
Marketing that the client saw before approaching — defeats the test even if the marketing was not directly aimed at EEA. ESMA's standard is causation, not intent.
Affiliate or partner referral — defeats the test because the affiliate is acting on the firm's behalf for compensation.
Search-engine click on the firm's organic website page — borderline. ESMA position appears to be that organic SEO that targets EEA-relevant keywords is itself a form of solicitation.
Word-of-mouth from a non-affiliate user — the cleanest case for reverse solicitation but still requires the firm to evidence that no triggering communication occurred.
The 30-Day Rule on New Services and Asset Categories
Even where a firm has legitimately served an EEA client under reverse solicitation, the exemption does not extend to new services or new categories of crypto-assets offered to that same client more than 30 days after the initial reverse-solicited service began. ESMA's October 2024 Statement reflects the same restrictive reading as the MiFID II case law: every new service requires a fresh own-initiative approach from the client.
In practice, this means a third-country firm cannot use one reverse-solicited exchange relationship as a springboard to upsell custody, advisory, or new asset classes. Each upsell either requires the client's exclusive own initiative for that specific new service or — far more practically — requires the firm to obtain a CASP authorisation and serve the relationship under MiCA.
Scenarios — When Reverse Solicitation Passes and Fails
The table below sets out common scenarios and ESMA's likely treatment. None of these are formal ESMA findings — they reflect the regulator's stated approach and its MiFID II precedent.
Reverse solicitation scenarios — likely ESMA treatment.
| Scenario | Likely outcome | Why |
|---|---|---|
| EEA resident hears about a Cayman exchange from a friend, finds the website organically, signs up to trade BTC | Plausibly compliant | No active marketing, exclusive own initiative; firm must still document the case |
| Same exchange runs YouTube ads geo-blocked from EEA but visible via VPN; an EEA resident watches one and signs up | Likely non-compliant | ESMA treats VPN-bypass as no defence; the ad existed and was solicitation |
| A UAE-licensed CASP runs paid ads targeting MENA. An EU resident in Dubai for work clicks an ad and signs up | Borderline — facts-and-circumstances | Habitual residence vs temporary presence is decisive |
| A Singapore CASP partners with an EEA referral affiliate paid per sign-up | Non-compliant | Affiliate compensation = active marketing through agent |
| A non-EEA exchange has 200 organic EEA-resident customers from pre-MiCA word-of-mouth | Likely non-compliant unless firm proves zero triggering communication for each | Burden of proof per client; impractical at scale |
| A non-EEA institutional desk receives an inbound RFQ from an EEA-resident family office | Plausibly compliant | B2B inbound, sophisticated counterparty, single transaction; document carefully |
| The same desk markets a new structured product to that family office 90 days later | Non-compliant for the new product | 30-day rule; new service requires new own-initiative approach or CASP authorisation |
| A non-EEA firm sponsors a Lisbon crypto conference | Non-compliant | Sponsorship = active marketing into EEA territory |
Penalties for Misuse
Operating in the EEA without a CASP authorisation — including via stretched reverse solicitation — exposes the firm to the full MiCA enforcement perimeter. NCAs can issue cease-and-desist orders, freezes, public censure, and administrative fines up to the higher of €5 million or 12.5% of total annual turnover. Individuals (directors, senior managers) face fines and disqualification.
Beyond MiCA, the operational consequences are usually faster than the regulatory ones. EEA banks decline correspondent relationships with non-CASP firms whose business is plausibly EEA-facing. Payment processors (Stripe, Adyen) terminate merchant relationships. Major counterparties refuse to onboard, citing AML risk. By the time an NCA issues a formal enforcement notice, the firm has often already lost banking and payment access.
Operational Architecture for Non-EEA Firms
If you are a third-country firm with non-EEA primary markets and incidental EEA-resident demand, the right architecture combines five controls.
EEA geo-blocking. IP-based access restrictions, payment-method restrictions (no SEPA inputs), and KYC residence checks at onboarding.
Active-marketing audit. Document every channel, language, geography, and target — ensure none target EEA. Keep advertising metadata (targeting parameters, audience definitions) for 5 years.
Reverse-solicitation case files. For every EEA resident the firm chooses to serve, document the inbound channel, the lack of prior firm-initiated communication, and the client's own-initiative approach. Store contemporaneously.
30-day discipline. No new service offered to an EEA client beyond the original scope without a fresh own-initiative request from that client.
MiCA passport route. If EEA volume is meaningful, obtain a CASP authorisation in a fast jurisdiction (Lithuania, Cyprus, Malta) — usually cheaper than the legal and operational cost of running the reverse-solicitation defence.
Frequently Asked Questions
Can I serve EEA customers from Dubai under reverse solicitation?
Only at the margin and with rigorous documentation. Habitually-EEA-resident customers cannot be your primary or significant customer base. If a meaningful share of your volume comes from the EEA, ESMA will treat the firm as actively marketing into the EEA regardless of where the entity is incorporated. The credible architecture is: VARA-licensed entity for MENA + UAE customers, MiCA CASP-licensed entity (Lithuania, Cyprus or Malta) for EEA customers — not reverse solicitation as a substitute for the EEA licence.
Does an English-language website fail the active-marketing test?
Not by itself. English is a global language and an English-only site is not automatically targeting the EEA. The borderline case becomes problematic when other indicators are present — EUR pricing, SEPA payment options, EEA-relevant SEO content, or material levels of EEA-resident traffic. ESMA looks at the totality of indicators, not any single fact.
What about reverse solicitation under MiFID II — is the MiCA position the same?
Materially yes. ESMA has signalled that its restrictive MiFID II Article 42 interpretation applies analogously to MiCA Article 61. The MiFID II case law since the UK left the EU has consistently rejected reverse-solicitation defences offered by UK firms with EU clients — including where the firm pointed to disclaimers, geo-blocking, or written client representations. The MiCA position will be at least as restrictive.
If a customer signs a written declaration that they approached at their own initiative, does that protect me?
It is necessary but far from sufficient. ESMA Statement October 2024 makes clear that a client's written acknowledgement does not by itself satisfy the firm's burden of proof. The firm must still demonstrate that no firm-initiated communication preceded the approach. Written declarations are best treated as one piece of a documentation package, not the package.
What about institutional clients — is reverse solicitation easier?
Marginally. Sophisticated counterparties (regulated banks, broker-dealers, asset managers) carry less consumer-protection weight in the supervisory analysis, and B2B inbound RFQ-driven flow is the cleanest case for the exemption. But the 30-day rule still applies: a one-off RFQ-driven trade does not authorise the third-country firm to subsequently offer the same client custody, advisory, or new-asset trades without a CASP authorisation or a fresh own-initiative request per service.
Will the 2027 AMLR or AMLA change anything?
Not directly — the AML Package addresses AML obligations, not the licensing perimeter. Reverse solicitation remains governed by MiCA Article 61 and ESMA's interpretation. But AMLA's direct supervision of major obliged entities increases the risk of cross-border investigation: a third-country firm flagged in one member state's FIU is more likely to be investigated by AMLA than by 27 separate national authorities.
Operating from outside the EEA but seeing inbound EU demand? Finconduit can scope whether reverse solicitation is genuinely defensible for your business, or whether a Lithuanian / Cypriot / Maltese CASP authorisation is the better route. Get a free perimeter assessment.
Book AssessmentMiCA Compliance Guide for CASPs: Authorisation walkthrough — capital, governance, supplier stack
EEA vs UK vs Offshore: Where to Incorporate Your Crypto Business: Which jurisdiction maximises regulatory access and tax efficiency
CASP Transitional Period: Country-by-Country Calendar: When each EEA member state's grandfathering window closes
MiCA Travel Rule Providers Compared: Notabene vs Sumsub vs Sygna vs Veriscope
Reverse solicitation under MiCA is real but narrow. It works for a handful of inbound institutional flows, properly documented, with rigorous active-marketing discipline. It does not work as a market-access strategy for a non-EEA firm that wants meaningful EEA business. The economically rational answer for any third-country firm with sustained EEA demand is the same: get a MiCA CASP authorisation. The cost is well below the cost of an ESMA enforcement action — and well below the cost of being de-banked when a regulator flags your traffic patterns to your correspondent banks.
Footnotes & Citations