MiCA License in Germany 2026

Obtain BaFin CASP authorization in Germany under MiCA. RUE supports exchanges, custodians, brokers, and crypto platforms seeking compliant EU market access.

Book BaFin Readiness Call

Regulator

BaFin

Timeframe

3-6+ months

Cost

from €29,900

Capital

€50k-€150k

Depends on CASP scope, governance, substance, and application completeness.

Why Germany for a MiCA Licence

A MiCA license in Germany means BaFin authorization as a crypto-asset service provider under Regulation (EU) 2023/1114. Germany combines strong regulatory credibility, institutional banking optics, and EU passporting, but BaFin expects real substance, robust AML controls, and operational readiness from day one.

Polina Merkulova

Polina Merkulova

Licensing Services Manager

[email protected]

As your point of contact, I help coordinate the licensing process end-to-end, keep communication clear, and move your application forward without unnecessary delays.

Regulated United Europe (RUE) structures Germany MiCA licensing projects end-to-end: perimeter review, company setup, governance design, AML/Travel Rule framework, safeguarding architecture, BaFin-facing dossier drafting, and post-authorization operating model support.

We also coordinate related workstreams that usually delay approval in practice: German company formation, banking strategy, accounting setup, outsourcing documentation, and remediation of MiCA vs MiFID II / KWG perimeter issues.

Contact me

🏛️

BaFin Credibility

BaFin is one of the most respected financial supervisors in Europe. A Germany MiCA license sends a stronger governance signal to banks, payment partners, and institutional counterparties.

🌍

EU Passporting

Once authorized in Germany, a CASP may passport services across the EU, subject to the MiCA notification framework and host-state conduct rules outside the core license.

🛡️

Deep Compliance Environment

Germany offers mature AML, audit, tax, legal, and banking infrastructure. This matters for firms that need sustainable post-license operations, not just a fast filing.

⚙️

Institutional Operating Model

Germany is well suited for custody, brokerage, exchange, and platform models that need bank-grade safeguarding, outsourcing oversight, and DORA-ready ICT governance.

MiCA Licence in Germany

Package includes (8)

Preparation of necessary documents for registration of a new company in Germany 2026
Translation of a certificate of no criminal record through a sworn translator
Payment of state fees related to company registration
Payment of notary fees related to company registration
Preparation of compliance documents for MiCA application
Preparation of a business plan
Submission of the necessary documents to BaFin
Recruitment of local MLRO/Compliance officer

MiCA Class Comparison for MiCA Licence in Germany

Compare MiCA Class 1, Class 2 and Class 3 by permitted activities and baseline requirements.

Mica Class 1 - 50 000 EUR

CapitalFrom EUR 50,000 TimeCountry-specific

Swipe left/right to switch license type

Reception and transmission of client orders

Execution of orders on behalf of clients

Placement and advisory services

Portfolio management

No custody of client crypto-assets

Target Models

Advisory firms Introducing brokers Portfolio advisory setups

Mica Class 2 - 125 000 EUR

CapitalFrom EUR 125,000 TimeCountry-specific

Swipe left/right to switch license type

All Class 1 services

Crypto-fiat and crypto-crypto exchange

Custody and administration of client assets

Transfer services for crypto-assets

Higher organizational and AML requirements

Target Models

Exchanges Custody providers Broker-dealer operations

Mica Class 3 - 150 000 EUR

CapitalFrom EUR 150,000 TimeCountry-specific

Swipe left/right to switch license type

All Class 2 services

Operation of crypto-asset trading platform

Enhanced governance and internal controls

Advanced risk management and reporting

Typical for full-scale marketplace operators

Target Models

Trading venues Multi-service CASP groups Institutional-grade operators

Discuss this license

MiCA Class Comparison (Class 1, Class 2, Class 3)

Activity / Option	Mica Class 1 - 50 000 EUR	Mica Class 2 - 125 000 EUR	Mica Class 3 - 150 000 EUR
Reception and transmission of orders	V	V	V
Execution of orders on behalf of clients	V	V	V
Advisory and portfolio management	V	V	V
Crypto-fiat and crypto-crypto exchange	X	V	V
Custody and administration of crypto-assets	X	V	V
Operation of a trading platform	X	X	V

Comprehensive Requirements for Germany MiCA License

A MiCA license in Germany requires a full CASP authorization file for BaFin as the national competent authority. In market language, MiCA Licence in Germany, Germany MiCA license, BaFin crypto license, and CASP authorization Germany usually refer to the same outcome: authorization to provide regulated crypto-asset services under Regulation (EU) 2023/1114.

Not every crypto business needs authorization. The trigger is whether your company provides regulated crypto-asset services, falls within issuer rules for ARTs or EMTs, or enters another regulated perimeter such as MiFID II, KWG, ZAG, or eWpG. BaFin will assess the actual operating model, control points, custody logic, client journey, outsourcing chain, and token classification—not just the labels used on your website.

Germany-specific friction usually appears in four places: substance, fit-and-proper governance, AML/Travel Rule operating design, and safeguarding architecture. A file that looks acceptable on paper but does not show real decision-making, clear wallet control, reliable client asset segregation, or credible outsourcing oversight will usually generate multiple rounds of information requests.

The core requirements below reflect the 2026 compliance stack for German CASPs under MiCA, with adjacent obligations under GwG, TFR, DORA, GDPR, and applicable German corporate and accounting rules.

Minimum Regulatory Capital and Own Funds +

Minimum capital depends on the CASP service class under MiCA. The headline thresholds are €50,000, €125,000, and €150,000. In practice:

€50,000 applies to lower-risk service categories such as advice, reception/transmission, execution, and portfolio management where applicable;
€125,000 typically applies to custody and exchange services;
€150,000 typically applies to operation of a trading platform and higher-risk combinations.

Important: minimum regulatory capital is not the same as total launch budget and is not the same as German company law share capital. BaFin will also assess whether the applicant maintains adequate own funds, realistic liquidity, and a credible funding runway relative to projected fixed overheads, outsourcing costs, and incident scenarios.

Capital must be demonstrably available, traceable, and legally clean. Source-of-funds evidence, bank confirmations, shareholder funding documents, and consistency with the financial model are standard review points.

German Entity Setup and Real Substance +

You normally need a German legal entity with genuine operational presence. In practice, most applicants use a GmbH; some larger groups use an AG. Corporate law capital for a GmbH is generally €25,000, while an AG generally starts at €50,000, but those figures do not replace MiCA prudential requirements.

BaFin does not license letterbox structures. The application should show:

a real registered office and operational address in Germany;
effective management and decision-making capacity;
documented governance lines and reporting structure;
local access to compliance, AML, and operational control functions;
credible banking and fiat handling arrangements where relevant.

For groups using outsourcing or shared service centers, the file should clearly explain which functions remain in-house, which are delegated, how oversight works, and where key risk decisions are actually taken.

Management Body, Shareholders and Fit-and-Proper +

BaFin assesses the management body, qualifying shareholders, and ultimate beneficial owners on a fit-and-proper basis. The review is not limited to criminal records. It also covers competence, integrity, time commitment, conflicts of interest, financial soundness, and ability to run the proposed model.

Directors should have relevant experience in financial services, crypto operations, risk, technology, or regulated payments;
UBO and shareholder structures must be transparent and fully documented;
source of wealth and source of funds must be explainable for material owners;
multiple overlapping mandates, nominee-style governance, or unclear control arrangements often trigger enhanced scrutiny;
BaFin will look at whether management can challenge outsourced providers rather than merely rely on them.

There is no safe shortcut such as appointing one nominal local director. What matters is effective management, documented responsibility allocation, and the ability to evidence real oversight.

AML/KYC Framework under GwG and TFR +

A Germany CASP must operate an AML/CFT framework aligned with the German AML Act (GwG), the EU Transfer of Funds Regulation (TFR), FATF standards, and BaFin expectations. This is an operating system, not a policy pack.

business-wide ML/TF risk assessment tailored to your services, geographies, clients, and token flows;
CDD and EDD procedures for retail, corporate, high-risk, PEP, and cross-border clients;
sanctions, PEP, and adverse media screening at onboarding and ongoing basis;
blockchain analytics / KYT monitoring for wallet risk, typologies, and exposure tracing;
Travel Rule data collection and transmission for originator and beneficiary information;
escalation and suspicious activity reporting workflow to the competent authorities, including interaction with the German FIU where applicable;
record retention, case management, staff training, and independent testing.

One practical point many applicants miss: unhosted wallet handling should be operationally defined in advance, including ownership verification logic, risk scoring, transaction restrictions, and escalation thresholds.

Safeguarding of Client Crypto-Assets and Funds +

If your model includes custody or client money touchpoints, safeguarding is a core licensing issue. BaFin will expect a clear explanation of how client assets are protected, segregated, recorded, and recoverable.

segregation of client crypto-assets from proprietary assets at wallet and ledger level;
daily reconciliation between on-chain balances, internal ledgers, and client entitlements;
clear wallet governance: hot/cold split, key ceremonies, access rights, approval thresholds;
institutional custody controls such as HSM, MPC, or multi-signature architecture;
documented incident handling for key compromise, chain forks, stuck transactions, and wallet provider outages;
where client funds are received, placement and safeguarding arrangements should be clearly mapped and contractually supported.

A strong file usually includes a safeguarding policy, reconciliation procedure, custody liability map, insolvency treatment logic, and sample client disclosures on asset risks and ownership treatment.

Technology, Security and DORA-Readiness +

By 2026, a Germany MiCA license application must be read together with the broader EU operational resilience environment, especially DORA. Even where DORA scoping nuances depend on the exact entity and implementation layer, BaFin expects bank-grade ICT governance from serious CASPs.

documented ICT governance, asset inventory, and role allocation;
identity and access management, privileged access control, and logging;
security monitoring through SIEM or equivalent alerting stack;
incident response playbooks, escalation matrix, and breach notification workflow;
business continuity and disaster recovery with tested recovery objectives;
vendor due diligence, cloud risk assessment, and outsourcing register;
periodic vulnerability management, penetration testing, and change management;
evidence of security maturity such as ISO 27001, NIST-aligned controls, or independent audits.

For custody-heavy models, BaFin will usually pay particular attention to key management, wallet provider concentration risk, API security, and segregation between development, staging, and production environments.

Business Plan, Program of Operations and Financial Model +

Your application must show that the business is understandable, fundable, and governable. A weak commercial model is a regulatory problem because it undermines prudential stability and client protection.

program of operations describing each service, client type, geography, and process flow;
3-year business plan with realistic assumptions, not growth-story marketing language;
financial projections covering revenue, cost base, own funds, liquidity, and stress scenarios;
organizational chart, outsourcing map, and control function reporting lines;
risk framework covering operational, AML, cyber, legal, concentration, and vendor risks;
wind-down logic showing how clients and assets would be protected if the firm exits the market.

BaFin often tests internal consistency across the file. If the business plan, staffing plan, outsourcing contracts, and safeguarding design do not match each other, the review will slow down materially.

Application Dossier Quality and Regulator Communication +

BaFin review quality depends heavily on dossier quality. A formally complete file can still be substantively weak. The strongest applications are written as regulator-facing operating manuals, not promotional decks.

documents should be consistent across legal, financial, compliance, and technical sections;
ownership charts, CVs, contracts, policies, and financials must reconcile;
German-language capability or regulator-ready documentation quality is a practical advantage;
responses to information requests should be precise, evidenced, and version-controlled;
material changes during review should be disclosed promptly rather than discovered later.

At RUE, we treat the BaFin file as a controlled evidence package. That reduces avoidable RFIs and helps management present a coherent operating model from the first submission.

Jurisdiction Comparison

Compare MiCA Licence in Germany with other jurisdictions by key conditions for obtaining and operating a MiCA/CASP license: regulator, review period, fees, capital, local substance, and passporting.

* This table focuses on MiCA/CASP authorization conditions. Use the settings icon to customize countries and parameters.

💰 Licensing Cost Estimator

Get an approximate cost estimate for your crypto license based on your business needs

Configure Your Licensing Package

Select options below to see estimated costs

License Type

Mica Class 1

Mica Class 2

Mica Class 3

Do you need company registration?

Yes — Register New Company

No — I Have a Company

Additional Services

✓ AML/KYC Package ✓ Bank Account Opening ✓ Physical Office ✓ Compliance Officer

Estimated Cost

€0

Estimated Timeframe

Country-specific

Capital Requirement

€0

📞 Get Exact Quote

* This calculator provides approximate estimates only. Actual costs may vary based on your specific situation. Contact us for a detailed personalized quote.

Taxation and Cost Structure for Crypto Companies in Germany

Germany does not offer a light-touch tax story for licensed crypto firms. A Germany MiCA license should be budgeted as a regulated operating platform with normal German corporate taxation, accounting, payroll, audit, and compliance costs. Tax treatment depends on the legal entity, revenue model, token flows, transfer pricing, and whether the firm performs regulated services, software development, treasury activity, or issuance-related functions.

Legal information only: this section is a high-level overview and should not be treated as legal, tax, or investment advice. Corporate tax analysis for a German CASP should be confirmed with German tax counsel and accountants before launch, especially where the group has foreign founders, IP holding structures, or cross-border service arrangements.

How to think about first-year cost in Germany

The useful formula is:

Year 1 TCO = paid-in capital + incorporation + legal/advisory + office + payroll + AML stack + security stack + audit + banking + regulatory interactions

For many founders, the real cost driver is not the minimum MiCA capital threshold but the operating model needed to satisfy BaFin on substance, AML, safeguarding, and ICT resilience.

Typical first-year budget components

Depending on scope, a realistic first-year budget often includes:

Advisory-only / low-complexity CASP: roughly €180,000-€350,000+ excluding regulatory capital;
Exchange + custody model: roughly €350,000-€900,000+ excluding regulatory capital;
Trading platform / higher-complexity model: roughly €600,000-€1,500,000+ excluding regulatory capital.

These ranges vary with headcount, outsourcing, banking setup, transaction monitoring tooling, and whether the applicant builds proprietary custody infrastructure or relies on third-party providers.

Corporate Income Tax

Federal corporate tax applies to German companies

15% + surcharge

German corporations are generally subject to 15% corporate income tax plus the 5.5% solidarity surcharge on the corporate tax amount. Effective burden increases further once trade tax is added. Exact tax treatment depends on entity type, deductible expenses, transfer pricing, and whether income arises from regulated services, treasury, or licensing structures.

Trade Tax

Municipal business tax varies by location

~7%-17%

Trade tax (Gewerbesteuer) applies at municipal level and varies by city. In practice, the combined effective tax burden for German corporations often lands around the low- to mid-30% range, depending on municipality. Location choice inside Germany therefore has a real budget impact.

VAT

Depends on service type and transaction structure

19% / exempt

German VAT treatment is highly fact-specific. Some crypto exchange services may fall within financial-service style exemptions, while advisory, software, SaaS, white-label, or ancillary services may be taxable at the standard 19% rate. Do not assume that all crypto-related revenue is VAT exempt.

Payroll and Social Charges

Material cost for local substance and staffing

Variable

A Germany MiCA applicant usually needs directors, compliance/AML coverage, finance support, and ICT/security responsibility. Employer payroll cost in Germany is materially higher than gross salary alone due to social contributions, benefits, and employment overhead. This is often one of the largest recurring cost lines in a BaFin-ready setup.

Accounting and Annual Reporting

German bookkeeping and year-end compliance

€12,000-€60,000+

Budget for bookkeeping, annual accounts, tax filings, and year-end support. Costs depend on transaction volume, crypto accounting complexity, reconciliation burden, and whether the company reports under HGB only or also needs group-level IFRS reporting. See also Accounting Services in Germany.

Audit and Assurance

Financial, AML, and systems assurance costs

€20,000-€120,000+

Annual cost may include statutory audit where applicable, AML independent review, cybersecurity testing, and control assurance requested by banks, investors, or group governance. Custody-heavy and platform models usually face higher assurance spend than advisory-only models.

Banking and Payment Infrastructure

Corporate accounts, PSPs, and fiat rails

€10,000-€80,000+

Crypto firms in Germany should budget for enhanced onboarding, higher account maintenance costs, PSP integration, safeguarding-related bank arrangements, and sometimes multiple providers to reduce concentration risk. RUE also supports bank account opening in Germany and crypto business bank account strategies.

Legal, Compliance and RegTech Stack

Policies, monitoring, Travel Rule, sanctions, governance

€40,000-€250,000+

This line usually includes legal drafting, MLRO/compliance support, KYC vendors, sanctions screening, adverse media, blockchain analytics, Travel Rule messaging, outsourcing review, and policy maintenance. For many CASPs, this is the difference between a paper-compliant model and a regulator-ready operating model.

Compliance and Ongoing Obligations for German CASPs

Authorization is only the start. A BaFin-authorized CASP must maintain continuous compliance across MiCA, GwG, TFR, operational resilience, safeguarding, and corporate governance.

📊

Regulatory Reporting and Notifications

Periodic regulatory reporting as required by BaFin and applicable MiCA standards
Prompt notification of material changes in management, ownership, or outsourcing
Incident and breach escalation under the applicable supervisory framework
Maintenance of accurate books, records, and client disclosures
Evidence trail for governance decisions and control testing

🛡️

AML, KYC and Travel Rule Operations

Customer due diligence and enhanced due diligence under GwG
Ongoing transaction monitoring and blockchain analytics review
Sanctions, PEP, and adverse media screening
Travel Rule data exchange for relevant crypto transfers under TFR
Suspicious activity escalation and reporting workflow

🔐

Safeguarding and ICT Controls

Segregation of client assets from proprietary assets
Daily reconciliations of ledgers, wallets, and client entitlements
Access control, logging, incident response, and key management
Business continuity and disaster recovery testing
Outsourcing oversight and vendor risk monitoring

📋

Annual Maintenance and Governance

Annual policy review and control remediation
Staff training on AML, sanctions, market conduct, and security
Board and management review of risk, compliance, and incidents
Audit coordination and accounting/tax compliance
Review of own funds, liquidity, and wind-down readiness

💡

RUE handles compliance for you. Our team provides ongoing compliance support, including AML officer services, regulatory reporting, and policy updates. We ensure your license stays in good standing year after year. Contact us for compliance support →

What a MiCA license in Germany means in practice

What is a MiCA license in Germany in 2026?

A MiCA license in Germany is a market term for BaFin CASP authorization under Regulation (EU) 2023/1114. It allows a company established and authorized in Germany to provide regulated crypto-asset services within the scope approved by BaFin and, after the relevant notification steps, to use EU passporting across the Union.

The legal regime for CASPs became fully applicable from 30 December 2024. In 2026, the practical question is no longer whether MiCA exists, but whether your business model is correctly mapped to the MiCA perimeter, whether Germany is the right home state, and whether your file is strong enough for BaFin review.

Three points remove most market confusion:

BaFin, not ESMA, grants the authorization in Germany. ESMA coordinates at EU level and maintains registers, but it is not the licensing authority for German CASPs.
Not every crypto company needs a license. The trigger depends on the actual service perimeter. Pure software providers, some decentralized arrangements, and certain excluded assets may fall outside MiCA, although they may still raise other regulatory issues.
MiCA does not replace all other regimes. Depending on token classification and service design, the relevant perimeter may shift toward MiFID II, KWG, ZAG, eWpG, or issuer-specific rules for ARTs and EMTs.

RUE treats Germany MiCA licensing as a perimeter + operating model + evidence package project. That is the only reliable way to avoid the common failure mode: a formally complete application that does not prove how the business actually works.

Request Eligibility Review

MiCA vs old German crypto licensing language

MiCA vs old German crypto licensing language

The market still searches for crypto license in Germany because Germany historically regulated certain crypto activities through national concepts, especially under the German Banking Act (KWG) and the well-known crypto custody business perimeter. MiCA did not erase German financial regulation; it changed the primary EU framework for crypto-asset services.

In practice, this means:

older market language such as BaFin crypto license still appears in commercial use;
new CASP applicants generally look to MiCA authorization as the main route for in-scope crypto-asset services;
Germany-specific legal analysis remains necessary where the token or service may qualify as a financial instrument, payment instrument, deposit-like structure, or another regulated product outside MiCA.

A common mistake is to assume that MiCA created a single universal bucket for all tokenized activity. It did not. For example, if the token qualifies as a transferable security or another MiFID II financial instrument, the project may sit outside MiCA entirely. Likewise, tokenized securities or certain electronic securities structures can bring eWpG and capital markets rules into the analysis.

That is why a serious Germany MiCA project starts with a written perimeter memo, not with company formation or policy drafting.

See CASP Licensing Overview

Who needs a Germany MiCA license and who may not

Who needs a Germany MiCA license — and who may not

You need a Germany MiCA license if your company provides one or more regulated crypto-asset services in or from Germany on a professional basis. The analysis turns on what your platform, desk, wallet, app, or API actually does for the client.

Typical activities that often trigger CASP authorization:

custody and administration of crypto-assets on behalf of clients;
operation of a trading platform for crypto-assets;
exchange of crypto-assets for funds;
exchange of crypto-assets for other crypto-assets;
execution of orders on behalf of clients;
placing of crypto-assets;
reception and transmission of orders;
providing advice on crypto-assets;
portfolio management on crypto-assets;
transfer services for crypto-assets on behalf of clients.

Examples that often require deeper perimeter review rather than an automatic yes/no answer:

software-only wallet interfaces where the provider never controls client keys;
DeFi front ends with varying degrees of governance, fee capture, or admin control;
NFT projects where assets may or may not be truly unique and non-fungible in substance;
white-label providers that claim to be “technology only” but still influence onboarding, execution, custody, or client communications;
staking, treasury, or yield features that may create additional regulatory touchpoints.

Activities that may fall outside MiCA or into other regimes:

financial instruments under MiFID II rather than MiCA;
certain EMT or ART issuance structures with separate issuer obligations;
payment services or e-money functions potentially touching ZAG;
fully decentralized arrangements where no identifiable service provider exists, although this is a narrow and fact-sensitive area;
certain pure infrastructure or software vendors that do not intermediate regulated services.

The practical rule is simple: if your company touches client orders, client assets, client funds, execution logic, or transfer flow, assume licensing analysis is needed. RUE usually starts with a business-model decision tree and a token classification memo before recommending Germany as the home state.

Download MiCA Germany Checklist

Regulated CASP services under MiCA and likely license triggers

CASP service	Typical business example	Likely trigger point
Custody and administration	Custodial wallet, omnibus custody, institutional safekeeping	Provider controls or can access client crypto-assets or keys
Exchange for funds	Broker, app, OTC desk with fiat on/off-ramp	Provider intermediates crypto-to-fiat conversion for clients
Exchange for crypto-assets	Swap service, app-based token conversion	Provider executes or arranges crypto-to-crypto conversion
Execution of orders	Broker app, smart order router, dealing desk	Provider executes client instructions in crypto-assets
Reception and transmission	Introducing broker, order-routing interface	Provider receives and forwards client orders to another venue/provider
Placing of crypto-assets	Token placement agent, launch support	Provider markets or places crypto-assets for issuer/offeror
Advice on crypto-assets	Personalized recommendations, investment guidance	Provider gives individualized recommendations to clients
Portfolio management	Managed crypto mandates, discretionary strategies	Provider manages client portfolios on a discretionary basis
Transfer services	Client transfer execution, movement of crypto-assets for clients	Provider transfers crypto-assets from one address/account to another on behalf of clients
Operation of a trading platform	Exchange, order book, matching engine venue	Provider operates a multilateral system bringing together trading interests

Perimeter depends on actual facts, token type, control model, and service design. A written legal analysis remains necessary.

Why founders choose Germany for MiCA authorization

Higher institutional trust

BaFin authorization often carries stronger credibility with banks, auditors, institutional clients, and group investors than lighter-touch jurisdictions.

Strong banking ecosystem

Germany offers access to major banks, PSPs, EMIs, and treasury infrastructure, although onboarding remains selective for crypto businesses.

EU passporting base

A German CASP can scale across the EU after the relevant MiCA notification steps, making Germany a viable home state for pan-European expansion.

Mature legal environment

Germany is well suited for projects that need clean perimeter analysis across MiCA, MiFID II, KWG, eWpG, ZAG, and corporate law.

Better optics for custody models

Custody-heavy businesses often benefit from Germany's reputation for prudential discipline, control culture, and documentation quality.

Not the cheapest route

Germany is usually chosen for credibility and long-term bankability, not for minimal setup cost or the lightest review process.

MiCA plus TFR plus DORA is the real compliance stack

A MiCA license in Germany should not be planned as a standalone license-only project. The real operating model in 2026 is a stack of overlapping regimes:

MiCA governs authorization, conduct, governance, safeguarding, and service-level obligations for CASPs;
TFR governs Travel Rule data for crypto transfers and materially affects onboarding, transfer workflows, and counterparty handling;
GwG governs AML/CFT controls, risk assessment, suspicious activity escalation, and recordkeeping in Germany;
DORA shapes ICT risk, incident handling, resilience testing, and third-party risk management expectations across the financial sector landscape;
GDPR matters because KYC, sanctions screening, blockchain analytics, and Travel Rule operations involve sensitive personal data and cross-border data flows.

Founders who budget only for the MiCA filing usually underestimate the build-out needed for real operations. The regulator, the bank, the auditor, and the payment partner will all test different parts of the same control environment.

RUE therefore builds Germany MiCA projects as an integrated package: licensing, AML/Travel Rule design, ICT governance, outsourcing controls, and banking readiness.

Minimum capital classes for Germany CASP authorization

Capital class	Minimum own funds	Typical service examples	Practical note
Class 1	€50,000	Advice, reception/transmission, execution, portfolio management	Lowest threshold does not mean low total setup cost
Class 2	€125,000	Custody, exchange services	Custody and fiat touchpoints usually raise scrutiny materially
Class 3	€150,000	Operation of a trading platform and higher-risk combinations	Platform models often need the deepest governance and ICT evidence

The applicable threshold depends on service scope and combinations. Minimum capital is separate from German company law share capital and separate from total first-year budget.

What documents BaFin expects in a MiCA application package

What documents BaFin expects in a MiCA application package

BaFin expects a structured dossier that proves the applicant understands its legal perimeter, can operate the proposed services safely, and has the people, controls, systems, and funding to do so. “Prepare documents” is not enough; the file must work as an evidence package.

Core legal and corporate documents usually include:

articles of association and company registration extracts;
ownership chart, shareholder chain, and UBO documentation;
source-of-funds and source-of-wealth evidence for relevant owners;
director and key function holder CVs, questionnaires, references, and integrity evidence;
intragroup agreements, outsourcing contracts, and service-level documentation;
banking evidence or onboarding strategy where client funds or operational funds are relevant.

Operational and control documents usually include:

program of operations for each CASP service;
3-year business plan and financial projections;
AML/CFT framework under GwG;
Travel Rule operating procedure under TFR;
safeguarding policy and reconciliation procedure;
complaints handling, conflicts of interest, and client disclosure set;
outsourcing policy and outsourcing register;
ICT architecture, information security policy, incident response, BCP/DR, and access control framework;
risk management framework and wind-down plan.

One practical nuance: BaFin increasingly tests whether the policy set is actually tied to the service scope. A custody provider and a pure advisory CASP should not submit the same depth of safeguarding, wallet governance, and incident playbooks.

RUE prepares Germany MiCA files with version control, cross-document consistency checks, and regulator-facing drafting. That is especially important where founders, developers, and external vendors describe the model differently.

Prepare MiCA Application Documents

BaFin MiCA application dossier checklist

Document category	Examples	Why BaFin cares
Corporate and ownership	Articles, register extract, ownership chart, UBO pack	Transparency, control, source of funds, group structure
Management and governance	CVs, questionnaires, role allocation, board map	Fit-and-proper, competence, effective management
Program of operations	Service descriptions, client journey, process flows	Perimeter clarity and operating model coherence
Financial model	3-year projections, funding plan, own funds logic	Viability, prudential sustainability, liquidity
AML / CFT	Risk assessment, CDD/EDD, monitoring, SAR workflow	GwG compliance and ML/TF risk control
Travel Rule	Originator/beneficiary data workflow, counterparty handling	TFR operational readiness
Safeguarding	Segregation model, reconciliation, wallet governance	Client asset protection and recoverability
ICT and security	Architecture, IAM, logging, incident response, BCP/DR	Operational resilience and cyber risk management
Outsourcing	Vendor contracts, oversight model, outsourcing register	Control over critical functions and concentration risk
Client conduct	Complaints, conflicts, disclosures, terms	Consumer protection and fair dealing

Timeline and process to obtain a MiCA license in Germany

Step-by-step process to obtain a MiCA license in Germany

The normal path to a MiCA Licence in Germany starts with perimeter review and ends with post-approval operational readiness. A realistic timeline for a well-prepared file is often 3-6+ months, but complex models or weak submissions can take longer.

1. Pre-application perimeter review

Start by defining the exact service scope, token classification, target markets, custody model, and outsourcing structure. This stage usually takes 1-2 weeks for internal scoping and longer if the model touches MiFID II, eWpG, or payment services perimeter questions.

2. Incorporation and substance build-out

Set up the German entity, office, governance structure, key hires, and banking strategy. A GmbH can often be incorporated within 1-4 weeks depending on founder readiness, notarization, and bank/account setup. This is a corporate law step, not the license itself.

3. Dossier preparation

This is usually the most work-intensive phase and often takes 6-10 weeks. The file should include the program of operations, governance map, AML framework, safeguarding design, ICT documentation, financial projections, and all fit-and-proper materials.

4. Filing and completeness review

Once filed, the authority typically performs a completeness check. The legal benchmark under MiCA is commonly referenced as up to 25 working days for completeness review. If the file is incomplete, the clock may not progress cleanly and further requests may follow.

5. Substantive assessment and RFIs

After the file is considered complete, the substantive review period is commonly referenced at up to 40 working days, subject to pauses, extensions, and additional information requests. In practice, this is where most timing variance occurs. BaFin may ask for clarifications on safeguarding, AML design, outsourcing chains, governance, or financial assumptions.

6. Approval and go-live readiness

Authorization is not the same as operational launch. Before go-live, the company should finalize banking, client disclosures, Travel Rule workflow, vendor contracts, reconciliation routines, and incident escalation processes.

What usually delays approval:

weak or inconsistent perimeter memo;
thin local substance or unclear decision-making location;
generic AML documents not tied to actual transaction flows;
unclear safeguarding and wallet governance;
outsourcing of critical functions without credible oversight;
financial projections that do not match staffing and vendor costs;
slow or incomplete responses to BaFin RFIs.

RUE manages the process as a controlled project with legal, compliance, corporate, and banking workstreams running in parallel. That is usually the fastest way to a file BaFin can actually review.

Start Your Germany MiCA Project

Minimum capital is not your real launch budget

Minimum capital vs real launch budget

The headline figures €50,000 / €125,000 / €150,000 are only the entry-level prudential thresholds. They do not cover the actual cost of becoming operational in Germany.

Paid-in regulatory capital is one line item;
German company setup, office, directors, compliance, MLRO support, and accounting are separate costs;
KYC, sanctions, KYT, and Travel Rule tooling are recurring operational expenses;
security architecture, custody infrastructure, penetration testing, and audit are additional layers;
banking and PSP onboarding often require parallel work and additional documentation.

For founders, the useful budgeting question is not “What is the minimum capital?” but “What operating model will BaFin, the bank, and the auditor accept?”

Get Budget Estimate

Sample first-year budget scenarios for Germany MiCA applicants

Business model	Regulatory capital	Estimated Year 1 operating budget	Typical pressure points
Advisory / reception-transmission CASP	€50,000	€180,000-€350,000+	Governance, AML framework, staffing, documentation quality
Exchange + custody	€125,000	€350,000-€900,000+	Safeguarding, wallet controls, Travel Rule, banking, security stack
Trading platform	€150,000	€600,000-€1,500,000+	Market conduct controls, ICT resilience, vendor oversight, scale assumptions

Ranges exclude extraordinary remediation, acquisitions, or cross-border branch build-out. Exact cost depends on service scope, headcount, outsourcing, and technology choices.

MiCA vs other German and EU laws

MiCA vs other German and EU laws: where founders get confused

MiCA is not a universal wrapper for all tokenized business. The first legal question is always: is the token or service actually inside MiCA?

Common perimeter splits in Germany:

MiCA generally covers crypto-assets that are not already excluded and services performed on them by CASPs;
MiFID II may apply if the token is a financial instrument, such as a transferable security or another investment-type instrument;
KWG remains relevant where banking or financial services perimeter issues arise under German law;
eWpG becomes relevant for certain electronic securities and tokenized capital market structures in Germany;
ZAG may become relevant where payment services or e-money style functions are present;
KAGB may matter if the structure resembles a fund or collective investment undertaking;
Prospectus Regulation and related capital markets disclosure rules may apply to public offerings of securities rather than MiCA white-paper logic;
DORA and GDPR sit alongside the licensing perimeter and affect day-to-day operations.

When a token is not under MiCA:

it qualifies as a financial instrument under MiFID II;
it is a structured deposit or another excluded product;
it is a genuinely unique NFT rather than a fungible or fractionalized mass product;
the arrangement is claimed to be decentralized but in fact still has a controllable operator, admin key, fee controller, or governance core—this point often needs close analysis rather than assumptions;
the product is really an EMT, ART, or payment/e-money structure with separate obligations.

One technical nuance often missed in founder decks: token labels do not decide the perimeter. BaFin and EU supervisors look at rights attached to the token, transferability, settlement mechanics, governance rights, redemption rights, and the economic substance of the arrangement.

RUE therefore combines MiCA licensing with token classification, legal perimeter analysis, and where needed coordination with German corporate, tax, and banking counsel. This avoids filing a CASP application for a model that should have been structured differently from the start.

Read MiCA Regulation Guide

Tax and corporate considerations for a licensed crypto company in Germany

A licensed crypto company in Germany should be planned as a normal German regulated business, not as an offshore-style shell. Corporate governance, accounting, payroll, VAT analysis, transfer pricing, and annual reporting matter from the first year.

Practical points founders should address early:

whether the German entity will be the real operating company or only a licensed hub within a wider group;
how technology, IP, and vendor contracts are allocated across the group;
whether intercompany arrangements create transfer pricing or permanent establishment issues;
how crypto-asset positions, fees, and client money flows will be booked and reconciled;
whether the company needs German payroll, local directors, and local accounting support from day one.

For finance setup, RUE can coordinate with Accounting Services in Germany. For tax-specific crypto questions, see also Crypto Taxes in Germany. This page does not provide tax advice and should not be relied on as a substitute for a German tax opinion.

Practical checklist before you apply for a MiCA license in Germany

Use this pre-filing checklist before spending money on a full BaFin application:

confirm whether the business model actually falls within MiCA CASP services;
prepare a written token classification and perimeter memo;
decide whether Germany is the right home Member State for your target clients and banking strategy;
select the legal entity structure and map real substance in Germany;
identify directors, MLRO/compliance coverage, and ICT/security responsibility;
prepare ownership, UBO, source-of-funds, and shareholder evidence;
design the safeguarding model and reconciliation logic before drafting policies;
map fiat flows, banking partners, and payment providers;
build AML/KYC onboarding, sanctions, KYT, and Travel Rule workflow;
create outsourcing inventory and vendor oversight framework;
document ICT architecture, access control, incident response, and BCP/DR;
prepare realistic 3-year financial projections and own-funds logic;
align client terms, disclosures, complaints, and conflicts framework;
test internal consistency across the whole dossier;
plan post-license operations, not just authorization.

Most failed or delayed applications break on one of these points, not on the headline legal theory.

Request BaFin Readiness Review

Legal disclaimer and source standard

Legal disclaimer

This page provides general legal and regulatory information about obtaining a MiCA license in Germany in 2026. It is not legal, tax, investment, or accounting advice. Licensing outcomes depend on the exact business model, token classification, service scope, ownership structure, outsourcing model, and regulator interpretation at the time of filing.

RUE recommends confirming all material points against primary sources and current guidance, including:

EUR-Lex for Regulation (EU) 2023/1114 (MiCA);
BaFin publications and application materials;
ESMA and EBA technical standards and guidance;
TFR, DORA, GwG, KWG, ZAG, eWpG, and related German law where relevant.

Reviewed against 2026 EU and Germany-specific regulatory context. For a transaction-specific assessment, contact RUE or visit our team.

Speak to RUE

📝 Check Your Eligibility

Answer a few quick questions to find out if this jurisdiction suits your crypto business

Step 1 of 5

What type of crypto services will you provide?

Exchange (fiat ↔ crypto)

Custody & Wallet Services

Transfer & Payment Services

Advisory / Portfolio Management

Multiple / All of the Above

Step 2 of 5

What is your target market?

European Union only

EU + Global markets

Global (non-EU priority)

Step 3 of 5

Do you already have a registered company in the EU?

Yes, in this jurisdiction

Yes, in another EU country

No, I need to register one

Step 4 of 5

What is your available budget range?

Under €20,000

€20,000 – €50,000

€50,000 – €100,000

Over €100,000

Step 5 of 5

When do you plan to launch?

As soon as possible (1–3 months)

Within 6 months

Within a year

Just exploring options

✅

This Jurisdiction Is a Great Fit!

Based on your answers, this jurisdiction matches your business requirements well. Here's a quick summary:

Recommended License

CASP License

Estimated Budget

€24,000 – €35,000

Estimated Timeframe

4–6 months

EU Passporting

Available

📞 Get Personalized Assessment

Step-by-Step BaFin Licensing Process

Step 1

Perimeter Review

Define CASP scope, token classification, target markets, custody model, and MiCA vs MiFID II / KWG / ZAG perimeter. This is the highest-value early step. Typical duration: 1-2 weeks.

Step 2

German Company Setup

Incorporate the German entity, prepare shareholder documents, secure office/substance, and align governance. Usually a GmbH or AG depending on structure. Typical duration: 1-4 weeks.

Step 3

Governance Build-Out

Appoint directors and control-function coverage, define reporting lines, prepare fit-and-proper files, and map outsourcing oversight. Typical duration: 2-4 weeks, often overlapping with company setup.

Step 4

Dossier Preparation

Prepare the full BaFin application package: program of operations, AML/TFR framework, safeguarding, ICT/security, business plan, financial projections, and policy suite. Typical duration: 6-10 weeks.

Step 5

Application Filing

Submit the completed file to BaFin, organize annexes, and ensure consistency across legal, compliance, and financial materials. Typical duration: 1 week once the dossier is finalized.

Step 6

Completeness Review

BaFin checks whether the application is complete enough for substantive review. Legal benchmark is commonly referenced at up to 25 working days, but incomplete files trigger delays and follow-up requests.

Step 7

Substantive Assessment

BaFin reviews the file in depth, often issuing RFIs on governance, AML, safeguarding, outsourcing, and financial assumptions. Baseline review window is commonly referenced at up to 40 working days after completeness, but practical timing is often longer.

Step 8

Authorization and Go-Live

After approval, finalize banking, vendor onboarding, client disclosures, Travel Rule operations, reconciliations, and internal controls before commercial launch. Typical final readiness period: 2-6 weeks.

Start Your Application

Frequently Asked Questions

Can a non-EU founder obtain a MiCA license in Germany? +

Yes, a non-EU founder can obtain a MiCA license in Germany through a properly structured legal entity. The key issues are not nationality but ownership transparency, source of funds, fit-and-proper assessment, governance quality, and real substance in Germany. BaFin will expect a credible German operating company, not a remote shell. Foreign-owned structures often face enhanced scrutiny on control, decision-making, and banking readiness.

Does a Germany MiCA license allow EU passporting? +

Yes, a Germany MiCA license can be passported across the EU after the relevant notification process. This allows a BaFin-authorized CASP to provide services in other EU Member States without obtaining a separate full license in each country. However, passporting is not a free pass for all local law issues: consumer, marketing, tax, and data protection rules may still differ by country.

What is the minimum capital for a MiCA license in Germany? +

The minimum capital depends on the service class and is generally €50,000, €125,000, or €150,000. Lower-risk services may fall into the €50,000 bracket, while custody and exchange models often require €125,000, and trading platform models often require €150,000. These thresholds do not include your real operating budget, and they do not replace German company law capital requirements.

How long does it take to get BaFin approval for a MiCA license? +

A realistic timeline is usually 3-6+ months for a well-prepared application. The legal review mechanics are commonly referenced as up to 25 working days for completeness review and up to 40 working days for substantive assessment after completeness, but the real-world timeline depends on RFIs, dossier quality, business-model complexity, and how quickly the applicant answers BaFin questions.

Do software-only or DeFi projects need a MiCA license in Germany? +

Sometimes no, sometimes yes—it depends on control and intermediation. A pure software provider that never controls client assets, orders, or transfer flow may fall outside MiCA. A DeFi front end with admin keys, fee capture, governance control, routing logic, or embedded custody/execution features may still trigger licensing analysis. Do not rely on labels such as “non-custodial” or “decentralized” without a written perimeter review.

Who regulates MiCA licenses in Germany: BaFin, ESMA, EBA, or Bundesbank? +

BaFin is the competent authority for granting CASP authorization in Germany. ESMA and EBA play EU-level coordination, standards, and supervisory convergence roles, while the Deutsche Bundesbank remains an important institutional actor in the broader German financial system. For a Germany CASP application, the licensing interface is with BaFin, not ESMA.

Do I need a physical office in Germany for a MiCA license? +

You need real substance in Germany, and in practice that usually means more than a registered address. BaFin expects effective management, operational presence, and a credible control environment. A virtual office alone is not enough for a serious CASP application. The exact substance model depends on your service scope, outsourcing design, and group structure, but letterbox setups are a common red flag.

Can I use a GmbH for a Germany MiCA license? +

Yes, a GmbH is the most common vehicle for a Germany MiCA license. An AG may also be used, especially for larger or more institutional structures. The legal entity choice should be aligned with ownership, governance, funding, and future scaling plans. Remember that GmbH share capital and MiCA regulatory capital are different concepts and should not be confused.

What are the most common reasons BaFin delays a MiCA application? +

The most common delay reasons are weak perimeter analysis, thin local substance, generic AML documents, unclear safeguarding, and poorly controlled outsourcing. Other frequent issues include inconsistent financial projections, incomplete fit-and-proper files, and slow responses to RFIs. In Germany, many delays are caused not by missing forms but by a file that does not prove how the business will actually operate.

Does MiCA cover security tokens in Germany? +

Not necessarily. If a token qualifies as a financial instrument under MiFID II, it may sit outside MiCA and fall under securities or investment-services regulation instead. This is one of the most important perimeter questions in Germany, especially for tokenization, investment rights, and structured products. A token classification memo should be prepared before any licensing strategy is chosen.

What ongoing obligations apply after getting a Germany MiCA license? +

Ongoing obligations include governance maintenance, AML/KYC operations, Travel Rule compliance, safeguarding, reconciliations, incident handling, outsourcing oversight, accounting, and regulatory reporting. Authorization is not a one-time approval. BaFin expects the CASP to remain operationally compliant, adequately funded, and able to evidence its controls through records, testing, and management oversight.

Can RUE help with banking and accounting after authorization? +

Yes. RUE supports Germany MiCA clients not only with the authorization file but also with related operational tasks such as bank account opening in Germany, crypto business banking, German accounting support, and preparation of MiCA application documents. This matters because most post-license failures happen in operations, not in the approval letter.

Regulated United Europe OÜ

Registration number: 14153440
Anno: 16.11.2016
Phone: +372 56 966 260
Email: [email protected]
Address: Laeva 2, Tallinn, 10111, Estonia

Company in Lithuania UAB

Registration number: 304377400
Anno: 30.08.2016
Phone: +370 6949 5456
Email: [email protected]
Address: Lvovo g. 25-702, Vilnius, 09320, Lithuania

Company in Czech Republic s.r.o.

Registration number: 08620563
Anno: 21.10.2019
Phone: +420 775 524 175
Email: [email protected]
Address: Na Perstyne 342/1, Prague

Company in Poland Sp. z o.o.

Registration number: 38421992700000
Anno: 28.08.2019
Email: [email protected]
Address: Twarda 18, Warsaw, 00-824, Poland

Please leave your request

The RUE team understands the importance of continuous assessment and professional advice from experienced legal experts, as the success and final outcome of your project and business largely depend on informed legal strategy and timely decisions. Please complete the contact form on our website, and we guarantee that a qualified specialist will provide you with professional feedback and initial guidance within 24 hours.

Main Services

Terms of Cooperation

Regulated United Europe