MiCA in the European Union: a full guide to local implementations

Over the past decade, the crypto-asset market has grown rapidly, transforming the financial landscape of Europe and beyond. From the early days of Bitcoin exchanges to the development of complex decentralised finance platforms, the digital asset industry has evolved at a pace that has outstripped the traditional regulatory environment. Until recently, the European Union (EU) lacked a unified legal framework to ensure both innovation and investor protection. Each Member State followed its own rules – some adopted clear licensing regimes, some relied on general financial laws and some remained unregulated altogether.

This fragmented environment created uncertainty for both crypto companies and their clients. Businesses that wanted to operate across multiple EU countries were faced with inconsistent licensing requirements, overlapping obligations and regulatory grey areas. For investors and users, the lack of harmonisation meant inconsistent levels of security, transparency and consumer protection.

Recognising this challenge, the European Union introduced the Markets in Crypto-Assets Regulation (MiCA) – a groundbreaking legislative act establishing the first comprehensive legal framework for crypto-assets across all EU member states and the European Economic Area (EEA). MiCA is a significant step towards regulating the digital economy globally, ensuring that Europe becomes the world’s most transparent, secure and innovation-friendly crypto jurisdiction.

MiCA applies to a broad range of participants in the digital asset ecosystem, including:

• Crypto exchanges and trading platforms
• Custodian wallet providers
• Crypto-asset issuers
• Payment and transfer service providers
• Crypto investment firms
• Other entities that facilitate the issuance, custody or exchange of crypto-assets.

Essentially, any company providing crypto-related services within the EU must now comply with MiCA’s standards and obtain CASP status. Once licensed, a CASP can operate across all EU member states under the passporting principle, eliminating the need for multiple national registrations. This mechanism simplifies market entry and strengthens cross-border supervision and investor trust.

The introduction of MiCA marks the transition from regulatory fragmentation to harmonisation. It provides legal certainty, creates a safer environment for users and establishes a unified standard that other regions may follow. At the same time, it raises the bar for compliance by setting out detailed requirements for governance, risk management, anti-money laundering (AML) and counter-terrorist financing (CFT) measures, and consumer disclosures.

For companies in the digital asset sector, MiCA is not just a new regulation – it signals the start of a new era of accountability, transparency, and opportunity. Firms that adapt early and align their internal frameworks with MiCA will gain a decisive competitive edge when it comes to accessing the EU’s single market of 450 million people.

At Regulated United Europe (RUE), we view MiCA as the next logical step in Europe’s journey towards a secure and inclusive financial ecosystem. With offices and legal teams in several EU countries, including Estonia, Lithuania, Poland, the Czech Republic and Cyprus, RUE is well placed to support both new and established crypto businesses in understanding, preparing for and complying with MiCA’s requirements.

Origins & History of MiCA

Before MiCA was introduced, Europe’s crypto landscape was characterised by uncertainty and fragmentation. Each EU Member State applied its own interpretation of how, or indeed whether, to regulate crypto-related activities. While some countries, such as Estonia, Lithuania and Malta, had already introduced Virtual Asset Service Provider (VASP) registration frameworks, others relied on existing financial and anti-money laundering (AML) laws that were not specifically designed for digital assets.

This inconsistency created significant challenges for regulators and businesses alike. Companies wanting to operate across borders were faced with duplicate registration procedures, different capital requirements and inconsistent definitions of what constituted a crypto-asset or a regulated activity. Investors and users, on the other hand, had no clear assurance that their funds and tokens were protected under comparable standards throughout the EU.

Recognising the need to bring clarity and stability to the market, the European Commission began drafting a unified regulatory framework in 2018 as part of its Digital Finance Strategy. The aim was to create a single, harmonised rulebook for crypto-assets in all EU Member States – a framework that would encourage innovation, improve consumer and investor protection, and ensure financial stability within the EU.

The Legislative Journey

The MiCA proposal was officially presented by the European Commission on 24 September 2020 as part of the Digital Finance Package, alongside the Digital Operational Resilience Act (DORA) and the Pilot Regime for DLT-based Market Infrastructures. The proposal aimed to create legal certainty for crypto-assets not yet covered by existing EU financial legislation, such as MiFID II or the E-Money Directive.

The European Parliament and the Council of the European Union then engaged in extensive negotiations involving multiple stakeholder consultations with industry participants, financial institutions, crypto firms, consumer protection groups and national regulators. These consultations were crucial to ensuring that MiCA balanced two core priorities: supporting innovation and mitigating risks such as money laundering, market abuse and consumer deception.

Throughout 2021 and 2022, the proposal underwent several revisions. These addressed pressing issues such as environmental sustainability (energy use in crypto mining), stablecoin supervision, and anti-money laundering coordination. This process demonstrated the EU’s commitment to listening to market participants and the public, resulting in one of the most carefully balanced financial regulations in modern European history.

After years of discussions, the European Parliament officially adopted the MiCA Regulation (EU) 2023/1114 on 20 April 2023, marking the first comprehensive legal framework for crypto-assets worldwide. It was published in the Official Journal of the European Union on 9 June 2023 and entered into force on 29 June 2023, 20 days later.

Key turning points in MiCA’s development

1. 2018–2019: Initial discussions and market analysis under the European Commission’s FinTech Action Plan.
2. September 2020: Official publication of the MiCA proposal under the Digital Finance Package.
3. 2021–2022: Public and institutional debates, amendments and refinements to address environmental, consumer and anti-money laundering (AML) concerns.
4. April 2023: Final adoption by the European Parliament and the Council.
5. June 2023: Formal publication and entry into force.

MiCA is being implemented in two major stages to allow the industry to adapt smoothly.
From June 2024: Rules for stablecoin issuers (asset-referenced tokens and e-money tokens) will apply.
From December 2024: The rules for crypto-asset service providers (CASPs) will become fully effective across the EU.

This transitional period gives existing VASPs time to align their internal procedures, governance systems and AML frameworks with the new MiCA standards. It also enables national authorities to prepare their supervisory structures and ensure consistency across borders.

MiCA is a milestone in the modernisation of Europe’s financial sector, not merely another piece of regulation. For the first time, all 27 EU member states will be bound by a unified crypto regulatory framework, which will enable fair competition, market stability and greater investor confidence. The regulation paves the way for Europe to become a global leader in transparent and sustainable crypto-asset governance, setting an example for other jurisdictions, including the UK, the US and Singapore.

At Regulated United Europe (RUE), we have been closely monitoring the legislative development of MiCA since its early proposal stages. Our multi-jurisdictional legal team, spanning Estonia, Lithuania, Poland, the Czech Republic and Cyprus, has been assisting clients with preparing for the transition to MiCA, developing compliance roadmaps and communicating with national regulators.

Thanks to our in-depth knowledge of EU financial law, AML/CFT frameworks and licensing procedures, RUE is one of the few consultancies ready to guide crypto companies through the entire MiCA licensing process, ensuring they are compliant and operationally ready for the post-2024 era.

Core Structure & Regulatory Framework of MiCA

The Markets in Crypto-Assets Regulation (MiCA), formally adopted as Regulation (EU) 2023/1114, is a comprehensive legislative framework designed to bring consistency, transparency, and trust to the European crypto-asset market. It introduces harmonised rules for crypto-asset issuance, trading, custody and advisory services throughout the European Union and the European Economic Area (EEA).

At its core, MiCA establishes a single regulatory regime that replaces the patchwork of national laws that previously governed virtual asset services. It defines what qualifies as a crypto-asset, who may issue or provide related services, and the obligations that firms must meet to operate legally within the EU.

MiCA is structured into four main titles, each addressing a specific aspect of crypto-asset activities.

Title I – General Provisions:

It sets out the scope, objectives and definitions of the regulation. It clarifies the categories of crypto-assets covered by MiCA, including utility tokens, asset-referenced tokens (ARTs) and e-money tokens (EMTs). It also defines what constitutes a Crypto-Asset Service Provider (CASP) and who is subject to licensing requirements.

Title II – Issuance of Crypto-Assets (excluding ARTs and EMTs):

It outlines the rules for entities issuing tokens that are not stablecoins. It introduces requirements for white papers, disclosure obligations and ongoing information duties towards investors. Issuers must provide transparent documentation about the function of the token, its associated rights, the underlying technology and the potential risks. These disclosures must be approved by a competent authority before the offering can be made to the public or the tokens admitted to trading on a platform.

Title III – Asset-Referenced Tokens (ARTs):

This section governs stablecoins that are backed by a basket of assets, such as fiat currencies, commodities or other crypto-assets. ART issuers must be authorised by a national competent authority (NCA) and comply with strict reserve, redemption and governance obligations. Due to their potential impact on financial stability, their operations are supervised directly by the European Banking Authority (EBA).

Title IV – E-Money Tokens (EMTs):

EMTs are crypto-assets that reference a single fiat currency and function similarly to electronic money. Issuers of EMTs must hold an Electronic Money Institution (EMI) licence under the E-Money Directive and meet MiCA’s specific requirements relating to safeguarding, capital and redemption rights.

Title V – Crypto-Asset Service Providers (CASPs):

This title establishes a licensing framework for companies offering services such as custody, exchange, trading, portfolio management and advice on crypto-assets. CASPs are subject to authorisation, prudential and conduct-of-business requirements, including proper governance, cybersecurity and internal control mechanisms.

Title VI – Market Abuse and Consumer Protection:

This final part of MiCA mirrors the EU’s Market Abuse Regulation (MAR) by prohibiting insider trading, market manipulation and the unlawful disclosure of inside information in crypto-asset markets. It ensures that crypto-assets traded on platforms are subject to the same integrity standards as traditional financial instruments.

Core Obligations Under MiCA

MiCA introduces a series of operational, prudential and governance obligations for issuers and service providers alike.
1. Authorisation and licensing
Every entity offering crypto-asset services in the EU must obtain a Crypto-Asset Service Provider (CASP) licence from the national competent authority of its home Member State. Once authorised, the CASP benefits from EU-wide passporting rights, enabling it to provide services across all Member States without requiring additional national licences.
2. Governance and Management Standards

MiCA places great emphasis on organisational integrity. Each CASP must have a clearly defined management structure, a compliance function and a risk management framework that is proportionate to the scale and complexity of its business. Senior management and key function holders must meet the ‘fit and proper’ criteria, demonstrating integrity, competence and relevant experience.
3. Prudential Requirements
To ensure financial resilience, CASPs must maintain minimum own funds, which are generally set at between €50,000 and €150,000 depending on the service category. Issuers of ARTs and EMTs are subject to higher capital ratios and reserve asset backing to guarantee stability and redemption capability.
4. Consumer and Investor Protection
Transparency and fairness lie at the heart of MiCA. CASPs are required to:
Publish clear and accurate information about their services and fees.
– ensure clients understand the risks associated with crypto-assets;
– implement complaint-handling and dispute resolution procedures;
– Safeguard client assets through segregated wallets and robust custody systems.
5. Market integrity and abuse prevention
MiCA establishes a legal framework to combat insider trading, price manipulation and misleading transactions. It obliges CASPs operating trading platforms to implement surveillance and reporting mechanisms similar to those used in traditional financial markets.

Prudential and operational requirements

MiCA combines the principles of financial prudence with technological security. Every CASP must demonstrate that its internal systems can protect financial and data integrity.
Key obligations include:

• ICT Risk Management: CASPs must identify, assess and mitigate technology-related risks in accordance with the Digital Operational Resilience Act (DORA).
• Business continuity planning: Firms must maintain contingency and recovery procedures to minimise disruption in the event of cyber incidents or operational failures.
• Outsourcing Controls: When relying on third-party providers (e.g. cloud or IT vendors), CASPs remain fully responsible for ensuring compliance and must maintain oversight of critical functions.
• AML/CFT compliance: MiCA is closely aligned with EU AMLD5/AMLD6 requirements, mandating robust customer due diligence, transaction monitoring and the reporting of suspicious activities.

These provisions ensure that crypto businesses operating in the EU uphold the same security and reliability standards as traditional financial institutions.

Role of Supervisory Authorities

MiCA introduces a multi-layered supervision model involving both EU-level and national regulators:

• The European Securities and Markets Authority (ESMA) is responsible for promoting supervisory convergence, maintaining a public register of authorised CASPs and issuing technical standards to harmonise implementation across Member States.
• The European Banking Authority (EBA) supervises issuers of asset-referenced tokens and e-money tokens, particularly those considered ‘significant’ based on market capitalisation and user base.
• Each National Competent Authority (NCA), such as the FIU in Estonia, the Bank of Lithuania, the Czech National Bank or the Cyprus Securities and Exchange Commission (CySEC), is responsible for licensing and directly overseeing CASPs within its jurisdiction.

This combination of centralised oversight and local enforcement ensures regulatory consistency across the EU while preserving national accountability.

Transitional provisions for existing VASPs

To facilitate a smooth transition from existing frameworks, MiCA provides a grace period for companies already registered as Virtual Asset Service Providers (VASPs) under national laws. These firms can continue operating until the end of 2025, provided they apply for CASP authorisation by the set deadlines.

During this phase, NCAs are encouraged to adopt a ‘proportionality approach’, recognising prior compliance efforts while guiding firms to align with the new MiCA standards. This pragmatic transition period demonstrates the EU’s intention to encourage innovation rather than stifle it, rewarding those firms that adapt early.

A Unified Vision for Europe’s Crypto Future

The core architecture of MiCA represents the EU’s commitment to fostering a stable, competitive and transparent crypto economy. It protects investors, prevents abuse and provides businesses with a predictable legal environment that supports sustainable growth.

For firms seeking to thrive under this new framework, Regulated United Europe (RUE) offers a range of legal services, including CASP licensing applications, white paper preparation, internal policy drafting, and ongoing regulatory liaison.
Our legal experts work directly with national authorities across Europe to help our clients achieve full compliance with MiCA’s prudential, governance and disclosure standards.

Through this hands-on, jurisdiction-specific approach, RUE has become one of Europe’s most trusted advisors in MiCA licensing, crypto-asset regulation and compliance management, guiding businesses through every stage of their regulatory journey.

Pan-EU Mechanisms: Passporting, Supervision & Enforcement

One of the most transformative aspects of the Markets in Crypto-Assets Regulation (MiCA) is the creation of a single European market for crypto-asset services. For the first time in digital finance history, a crypto company authorised in one EU Member State can operate seamlessly across all 27 EU countries without needing additional licences for each jurisdiction. This mechanism, known as passporting, mirrors the model already used in traditional financial services under MiFID II, the Payment Services Directive and the E-Money Directive – now extended to the crypto industry.

The introduction of passporting under MiCA eliminates years of regulatory fragmentation. Previously, companies had to register separately in each country where they wanted to serve clients, which was costly and time-consuming. Under MiCA, once a Crypto-Asset Service Provider (CASP) is authorised by the competent authority of its ‘home’ Member State, that licence automatically grants access to the entire EU and EEA.

This unified approach is particularly beneficial for businesses looking to expand their operations. For instance, a company licensed in Lithuania can provide services to clients in France, Spain or Germany without requiring additional national approvals. The only obligation is to notify the host authority via the home regulator, ensuring transparency and supervision across borders.

The European Securities and Markets Authority (ESMA) plays a central coordinating role in this framework. ESMA maintains a public register of all authorised CASPs and token issuers, which is accessible to both regulators and the public. This register enhances trust by enabling investors, business partners and consumers to verify whether a crypto company operates under legitimate MiCA authorisation. ESMA also issues technical standards and regulatory guidance to ensure that national authorities apply MiCA consistently across Member States.

Although ESMA provides oversight and coordination at the EU level, day-to-day supervision remains the responsibility of each National Competent Authority (NCA). These include bodies such as:

• Austria: Financial Market Authority (FMA)
• Belgium: Financial Services and Markets Authority (FSMA);
• Bulgaria: Financial Supervision Commission (FSC).
• Croatia: Croatian National Bank (HNB)/Croatian Financial Services Supervisory Agency (HANFA)
• Cyprus: Cyprus Securities and Exchange Commission (CySEC)
• Czech Republic: Czech National Bank (Česká národní banka – ČNB)
• Denmark: Danish Financial Supervisory Authority (Finanstilsynet)
• Estonia: Financial Intelligence Unit (Rahapesu Andmebüroo – FIU)
• Finland: Finnish Financial Supervisory Authority ( Finanssivalvonta – FIN-FSA)
• France: Autorité des marchés financiers (AMF) and Autorité de Contrôle Prudentiel et de Résolution (ACPR).
• Germany: Federal Financial Supervisory Authority (BaFin)
• Greece: Hellenic Capital Market Commission (HCMC)
• Hungary: National Bank of Hungary (Magyar Nemzeti Bank – MNB)
• Ireland: Central Bank of Ireland (CBI)
• Italy: Commissione Nazionale per le Società e la Borsa (CONSOB) and the Bank of Italy
• Latvia: Financial and Capital Markets Commission (FCMC)
• Lithuania: Bank of Lithuania (Lietuvos Bankas)
• Luxembourg: Commission de Surveillance du Secteur Financier (CSSF).
• Malta: Malta Financial Services Authority (MFSA)
• Netherlands: Dutch Authority for the Financial Markets (AFM) and De Nederlandsche Bank (DNB).
• Poland: Polish Financial Supervision Authority (Komisja Nadzoru Finansowego – KNF)
• Portugal: Portuguese Securities Market Commission (CMVM) and Banco de Portugal
• Romania: Financial Supervisory Authority (ASF)
• Slovakia: National Bank of Slovakia (Národná banka Slovenska – NBS)
• Slovenia: Securities Market Agency (ATVP) and the Bank of Slovenia.
• Spain: Comisión Nacional del Mercado de Valores (CNMV) and Banco de España
• Sweden: Swedish Financial Supervisory Authority (Finansinspektionen – FI).

Each of these authorities is responsible for licensing CASPs, conducting audits, reviewing compliance documentation and ensuring adherence to governance and capital requirements. Under MiCA, NCAs must also exchange information and coordinate enforcement actions with their counterparts across borders. This ensures that, should a CASP violate MiCA obligations in one Member State, the issue can be swiftly addressed across the EU, thereby protecting consumers and maintaining market integrity.

The European Banking Authority (EBA) complements ESMA’s role by supervising issuers of stablecoins, specifically asset-referenced tokens and e-money tokens. The EBA monitors whether such issuers comply with liquidity, reserve, and redemption rules, particularly for tokens that are considered “significant” due to their size or systemic importance. Close cooperation between ESMA, the EBA and national regulators ensures balanced oversight, with no jurisdiction operating in isolation.

MiCA also introduces a robust enforcement and penalty framework to ensure accountability. National authorities are empowered to impose administrative sanctions, including licence revocation, temporary bans on management and financial penalties of up to 12.5% of annual turnover for severe breaches. These sanctions are proportionate yet strict enough to deter misconduct and create a culture of compliance across the European crypto ecosystem.

Another critical element of MiCA’s enforcement structure is cross-border supervision. Under Article 93 of the Regulation, Member States must cooperate closely to detect, investigate and correct infringements. This may entail information sharing, coordinated inspections and joint investigations when a CASP operates in multiple jurisdictions. Such cooperation mechanisms have already been established through ESMA’s European Forum of Innovation Facilitators (EFIF), and will continue to evolve as MiCA matures.

This harmonised supervision ensures that crypto-asset markets within the EU are competitive, safe, transparent and fair. For clients, this means they can have increased confidence that their chosen service providers operate under a single, enforceable European standard. For companies, it provides long-term stability, legal clarity and smoother operational scalability.

At Regulated United Europe (RUE), we have built our entire legal strategy around the concept of cross-border synergy. With teams in Estonia, Lithuania, Poland, the Czech Republic and Cyprus, RUE assists clients with authorisation and the full passporting of their services across the EU. Our experts coordinate directly with national authorities and maintain active communication with regulators to ensure a smooth notification process and full compliance with the Markets in Crypto-Assets Regulation (MiCA).

Our legal team has successfully helped clients to expand their crypto and fintech businesses across multiple EU jurisdictions, preparing not only the required passporting documentation, but also ensuring that every internal process, from AML controls to client onboarding, meets the expectations of local and European regulators.

In the context of enforcement, we also act as strategic advisors, helping companies to respond to supervisory queries, prepare for inspections and develop internal policies that prevent potential breaches before they occur. This proactive approach ensures that our clients not only obtain MiCA authorisation, but also sustain compliance in the long term, thereby protecting their reputation, clients and business continuity.

Ultimately, the passporting and supervisory framework introduced by MiCA represents the EU’s most ambitious step towards creating a unified digital financial market. It replaces uncertainty with predictability, national borders with cooperation, and fragmented supervision with coordinated oversight.

By aligning innovation with regulation, MiCA creates an ecosystem in which crypto businesses can flourish with confidence – an ecosystem in which trusted legal partners such as Regulated United Europe play a vital role in connecting vision with compliance, innovation with governance and business with trust.

Country-by-Country: MiCA Implementation & Local Authorities

Although MiCA introduces a harmonised licensing framework for the entire European Union, its implementation is carried out by national competent authorities (NCAs) in each Member State. Although every country applies the same EU regulation, each regulator has its own supervisory culture, documentation preferences and procedural style.

This diversity makes understanding the local landscape essential for any business seeking a MiCA licence in Europe. Crypto-asset service providers (CASPs) operating in Estonia, Lithuania, Germany, France or Spain must interact with different regulators, each of which is responsible for authorising, supervising and enforcing MiCA rules within its jurisdiction.

At Regulated United Europe (RUE), our multilingual team works daily with these national authorities to prepare complete CASP authorisation packages, ensure compliance with ESMA and EBA technical standards and guide clients through every stage, from initial application to EU-wide passporting.

The following overview outlines how MiCA is applied in each EU Member State, the key regulators responsible for oversight and what applicants can expect in terms of local procedures, supervisory priorities and documentation requirements.

Austria

Regulator: Financial Market Authority (FMA)

Austria is among the countries best prepared to integrate the Markets in Crypto-Assets Regulation (MiCA) into its national supervisory structure. The FMA, known for its strong record in prudential regulation under MiFID II, the Payment Services Directive and the E-Money Directive, will serve as the National Competent Authority (NCA) responsible for authorising and supervising Crypto-Asset Service Providers (CASPs).

Under MiCA, the FMA will process CASP authorisation applications, assess governance and ensure compliance with capital, organisational and safeguarding requirements. The FMA’s existing expertise in fintech and digital asset oversight, notably its 2018 guidelines on ICOs and virtual assets, provides a strong foundation for the rollout of MiCA. The FMA has already published interpretative notes that align its supervisory practices with forthcoming ESMA and EBA standards, emphasising risk management, anti-money laundering (AML) compliance, and information technology governance. Austria is recognised for its precise, documentation-heavy regulatory approach. The FMA expects applicants to submit comprehensive internal policies covering risk management, AML/CTF controls, ICT security, incident management and outsourcing arrangements, together with clearly defined roles for compliance, internal audit and management functions.

For CASPs seeking authorisation, this means carefully preparing:

• A detailed business plan specifying each crypto-asset service (exchange, custody, portfolio management, advice, or transfer);
• governance charts showing decision-making lines and key function holders;
• ICT and cybersecurity documentation aligned with DORA (Digital Operational Resilience Act),
• AML/CTF frameworks that comply with the Austrian Financial Markets AML Act (FM-GwG).

The FMA also places particular emphasis on outsourcing oversight. If a CASP relies on third-party technology or wallet providers, these relationships must be governed by robust contracts that ensure audit rights, data protection compliance and continuity of service. Additionally, management boards must demonstrate sufficient experience in finance, law or information security, reflecting Austria’s traditional prudential culture.

Once licensed in Austria, a CASP can benefit from MiCA’s EU passporting mechanism and operate across the European Economic Area by notifying host regulators through the FMA. This makes Vienna an attractive base for international crypto companies seeking a MiCA licence in the EU, giving them access to all 27 member states with just one authorisation.

At Regulated United Europe (RUE), our legal team collaborates closely with Austrian legal experts to prepare MiCA-ready applications for clients targeting the FMA. We assist in drafting internal control frameworks, AML documentation and ICT policies that meet both Austrian and EU-level expectations. Our cross-border structure enables clients licensed in Austria to extend their operations efficiently to other EU markets while remaining fully compliant with FMA and ESMA guidance.

Austria’s clear regulatory environment, stable economy and well-established reputation in the financial sector make it an appealing jurisdiction for responsible crypto businesses. As MiCA comes into full effect, the country is set to become one of Central Europe’s most secure and transparent gateways for regulated digital asset activity, and RUE is ready to support clients throughout this process.

Belgium

Regulator: Financial Services and Markets Authority (FSMA).

Belgium is positioning itself as a compliance-first jurisdiction under the Markets in Crypto-Assets Regulation (MiCA). The FSMA will serve as the country’s National Competent Authority (NCA) for crypto-asset service providers (CASPs), while the National Bank of Belgium (NBB) will oversee prudential matters for issuers of e-money and asset-referenced tokens (EMTs/ARTs).

The FSMA already has experience of overseeing the digital asset sector, having introduced regulations in 2022 that require all promotional communications for virtual assets to be fair, clear and not misleading. This early move demonstrated Belgium’s preparedness to adopt MiCA’s investor protection principles and extend comparable standards to all crypto-asset services.

The FSMA is renowned for its commitment to investor protection and expects a high level of transparency in client communications. CASPs applying for authorisation in Belgium must demonstrate:

• Clear, non-misleading information about risks and service conditions;
• Documented governance and control systems;
• Strong AML/CTF procedures that are consistent with Belgium’s implementation of the EU’s 6th AML Directive.

Applicants should be prepared for an in-depth document review process, as the FSMA’s licensing model adheres to the same rigorous standards applied to investment and payment institutions. Board members and senior managers must meet the ‘fit and proper’ criteria, and internal functions (compliance, risk and audit) must be independent and adequately resourced.

The Belgian regulator also coordinates closely with the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) to ensure alignment with pan-EU supervisory practices. Cryptocurrency asset service providers (CASPs) licensed in Belgium will enjoy passporting rights across the EU and EEA, enabling them to provide crypto services to clients in other Member States after notifying the FSMA and the relevant host authorities.

Regulated United Europe (RUE) assists clients entering the Belgian market by preparing full MiCA application packages and drafting disclosure and compliance materials in line with FSMA standards. RUE also ensures that marketing, AML and governance documentation meet national and EU expectations. RUE’s legal team also coordinates cross-border notifications, ensuring seamless access to the entire EU market from a Belgian licence. Thanks to its balanced regulatory environment, combining investor protection with innovation, Belgium is an excellent base for crypto firms that prioritise transparency, consumer confidence and sustainable growth.

Bulgaria

Regulator: Financial Supervision Commission (FSC).

In Bulgaria, the FSC is expected to take the lead as the National Competent Authority (NCA) for MiCA. The FSC will oversee the licensing and ongoing supervision of Crypto-Asset Service Providers (CASPs), while the Bulgarian National Bank (BNB) will likely oversee the prudential regulation of stablecoin issuers.

Although Bulgaria does not yet have a fully developed local crypto regulatory framework, its authorities have already implemented the EU’s Anti-Money Laundering Directives (AMLD5 and AMLD6), which require all virtual asset service providers to register and comply with anti-money laundering (AML) rules. With the entry into force of MiCA, Bulgaria is moving towards a comprehensive and transparent regulatory system that will align its digital asset industry with the broader EU financial ecosystem.

The FSC is known for its methodical and structured approach to authorisation and post-licensing monitoring. CASPs applying in Bulgaria can expect a thorough review of:

• Ownership and shareholding transparency;
• Internal control systems;
• AML/CTF compliance;
• Operational risk management.
• Proof of financial soundness and own-funds adequacy;
• Security measures protecting clients’ funds and crypto-assets.

The Bulgarian authorities emphasise fitness-and-propriety checks for shareholders and senior management. The FSC typically requires evidence of relevant qualifications and prior professional experience in the financial or legal sectors, as well as a clean regulatory record.

One of Bulgaria’s advantages lies in its cost-effective operational environment and growing fintech community. As MiCA is fully implemented, Sofia is expected to attract domestic start-ups and international CASPs seeking an efficient and strategic entry point into the EU market.

Regulated United Europe (RUE) supports clients applying for MiCA licences in Bulgaria by preparing application documentation from start to finish, liaising with the FSC and aligning corporate governance structures with EU and national standards. Our local legal partners facilitate smooth communication with the Bulgarian authorities and provide assistance with notarizations, translations, and local filings. RUE has already helped several EU-based crypto projects transition their operations to Bulgaria thanks to its competitive cost base, highly qualified legal workforce, and favourable regulatory environment under MiCA.

As Bulgaria continues to integrate the MiCA framework, RUE will remain a vital link between innovative crypto projects and regulatory bodies, ensuring that clients receive compliant, sustainable and forward-looking licensing solutions.

Croatia

Regulator: Croatian Financial Services Supervisory Agency (HANFA) for non-banking CASPs and Croatian National Bank (HNB) for e-money tokens and payment-related services.

Croatia is entering the MiCA era with a pragmatic and innovation-friendly mindset. HANFA is expected to serve as the National Competent Authority (NCA) for crypto-asset service providers (CASPs) and the Croatian National Bank (HNB) will oversee e-money and stablecoin issuance.

Prior to MiCA, Croatia’s crypto sector was primarily regulated through AML registration under the Croatian Anti-Money Laundering Act. This legislation required virtual asset providers to notify the relevant authorities and implement basic AML/CTF controls. With the implementation of MiCA, Croatia will transition from registration to full authorisation, aligning crypto activities with EU-level prudential and consumer protection standards.

HANFA has a reputation for being methodical, fair and accessible, emphasising substance and transparency. CASPs applying in Croatia will be expected to maintain a real operational presence in the country, ensuring that governance, compliance and risk management functions are active rather than just formal.

Applications must include:

• A comprehensive business plan describing each crypto service offered;
• Risk and compliance frameworks consistent with EU standards;
• Evidence of own funds proportional to the scope of activity;
• A management and governance map showing the persons responsible for compliance, audit and ICT security.

Regulated United Europe (RUE) assists clients in navigating the Croatian regulatory environment by preparing compliant MiCA documentation, coordinating with HANFA and ensuring that all components, including AML manuals, internal controls, ICT plans and risk procedures, meet local and EU standards.

Thanks to its strategic location, euro adoption and growing fintech ecosystem, Croatia is an attractive jurisdiction for crypto firms seeking stable regulation and access to the broader EU market. RUE’s team supports clients with full CASP licensing, passporting and ongoing compliance management to help them maintain their authorisations successfully.

Cyprus

Regulator: Cyprus Securities and Exchange Commission (CySEC).

Cyprus has long been one of Europe’s most established fintech and investment hubs, so it is well prepared for the MiCA framework. CySEC will continue to serve as the National Competent Authority (NCA) for crypto-asset service providers (CASPs), evolving from its existing VASP registration regime to full MiCA authorisation.

In 2021, CySEC introduced its AML/CFT registration framework for crypto firms, making Cyprus one of the first EU Member States to require compliance with comprehensive anti-money laundering standards. Under MiCA, the regulator will extend its oversight to include governance, capital adequacy, ICT risk management and consumer protection.

The CySEC licensing process is structured, documentation-intensive and interactive. The regulator typically conducts detailed reviews of AML policies, organisational structures, and IT systems, often holding on-site or virtual interviews with key personnel. CASPs applying for authorisation must demonstrate:

• Effective AML/CTF frameworks in line with the 6th EU AML Directive;
• Clear segregation of client assets and operational funds;
• Qualified and experienced management;
• A robust ICT and incident management plan consistent with DORA.

Regulated United Europe (RUE) has a strong track record of assisting clients in obtaining CySEC registration and preparing for MiCA authorisation. Our legal team drafts and reviews all key documentation, from AML procedures and compliance manuals to internal governance policies, and liaises directly with CySEC to address feedback efficiently.

RUE also helps clients establish a local presence in Cyprus, structure EU-based subsidiaries and leverage the jurisdiction’s advantageous tax and regulatory ecosystem. Strategically located at the intersection of Europe, Asia, and the Middle East, Cyprus remains one of the most business-friendly gateways for crypto firms looking to expand internationally under MiCA.

Czech Republic

Regulator: Czech National Bank (Česká národní banka – ČNB).

The Czech Republic is undergoing a significant transformation in its approach to crypto regulation as MiCA comes into effect. Previously, crypto businesses were required to register with the Trade Licensing Office and the Financial Analytical Office (FAÚ) for AML compliance. Under MiCA, the ČNB will assume the role of the National Competent Authority (NCA), introducing a robust prudential framework that aligns with EU-wide standards.

Under MiCA, CASPs operating in the Czech Republic will require authorisation from the ČNB before providing services such as crypto custody, trading or exchange. The regulator’s focus will be on financial soundness, governance, and operational resilience.

The ČNB is recognised for its pragmatic yet precise regulatory culture, applying a risk-based approach similar to that used for financial market supervision. CASPs must demonstrate:

• Adequate own funds and liquidity, proportional to business size;
• A detailed business plan and organisational chart;
• Documented risk management and ICT control systems;
• They must also demonstrate compliance with Czech AML legislation, which is aligned with the EU’s AMLD6.

The regulator’s approach emphasises transparency, accountability and robust governance. Applicants are expected to maintain local representation and ensure that management is available to communicate with the supervisory authorities.

Regulated United Europe (RUE) has deep roots in the Czech market and a local legal team that collaborates closely with the ČNB and FAÚ. We have already submitted dozens of MiCA applications on behalf of clients across the EU seeking authorisation under Czech supervision, establishing the Czech Republic as one of the most active jurisdictions for MiCA filings.

RUE assists clients with the preparation of their full applications, including internal governance manuals, AML documentation, prudential assessments and DORA-compliant ICT frameworks. Thanks to its strong local presence, RUE ensures fast communication with the authorities and smooth approval processes. The Czech Republic’s reputation for legal stability, cost efficiency and strong institutional credibility makes it a strategic choice for companies pursuing a MiCA licence in Central Europe. RUE remains at the forefront of guiding clients through every stage of the process.

Denmark

Regulator: Danish Financial Supervisory Authority (Finanstilsynet).

The Danish regulator is renowned for its systematic, technology-savvy supervision and will act as the National Competent Authority (NCA) for MiCA authorisations. Finanstilsynet’s approach builds on Denmark’s long-standing focus on operational resilience, ICT security, outsourcing control and consumer protection, which are now being applied directly to crypto-asset service providers (CASPs). Firms transitioning from AML-only registrations to full CASP licences should expect bank-grade standards for documentation, governance and testing.

Finanstilsynet places a strong emphasis on ICT governance aligned with the Digital Operational Resilience Act (DORA): incident handling, penetration testing, change management, and third-party/vendor risk. CASPs must demonstrate:

• A complete governance map with independent compliance and risk functions;
• Own funds proportional to the service mix (custody, exchange, dealing on own account, advice, etc.);
• Client-asset safeguarding procedures, segregation and reconciliation routines;
• Outsourcing registers and contracts (audit rights, exit strategy, data location, SLAs);
• AML/CTF frameworks that comply with Denmark’s strict implementation of EU AML rules.

Interactive reviews, follow-up questions and supervisory meetings with key personnel will be conducted where relevant. Denmark values substance and accountability – boards and executives must demonstrate hands-on involvement.

A Danish CASP licence allows for EU/EEA passporting following home-state notification. For firms targeting the Nordics, where there are high expectations regarding IT risk and data protection, Denmark is a credible base that signals maturity to counterparties and institutional clients.

Regulated United Europe (RUE) can help applicants to tailor ICT, outsourcing and resilience packs for the Danish Financial Supervisory Authority (Finanstilsynet), align AML policies with Danish practice and prepare management teams for supervisory interviews. We also manage passporting notifications to help our clients scale up smoothly across the EU.

Estonia

Regulator: The Estonian Financial Supervision and Resolution Authority (Finantsinspektsioon) is responsible for MiCA CASPs, and the Financial Intelligence Unit (FIU) remains pivotal for AML.

Estonia is transitioning from an earlier FIU VASP regime, which was significantly tightened in 2022–2023, to a prudential MiCA framework under the authority of the Estonian Financial Supervision and Resolution Authority (Finantsinspektsioon). This shift increases the requirements relating to governance, own funds, safeguarding and ICT security, thereby aligning crypto supervision with Estonia’s broader financial sector standards.

Estonian authorities expect deep operational substance. Legacy VASPs uplifting to MiCA must demonstrate:

• Experienced, locally engaged management with clear roles for MLRO, compliance and risk;
• Capital adequacy and liquidity planning consistent with MiCA proportionality;
• Client-asset safeguarding, wallet key management and reconciliation controls;
• DORA-ready ICT policies (business continuity, incident response, third-party risk and change control);
• Granular AML: risk scoring, monitoring scenarios, sanctions screening and SAR processes.

Given Estonia’s history as a digital front-runner, close scrutiny is expected of technology stack choices, cloud arrangements and data governance. Finantsinspektsioon and the FIU work closely together on AML supervision and thematic inspections.

A MiCA licence in Estonia signals strength to partners who value technological credibility and regulatory rigour, and offers full EU passporting. Estonia is a strategic hub for firms with engineering teams in the Baltics or Northern Europe.

RUE has long-standing roots in Tallinn. We guide clients through the process of upgrading from FIU registration to MiCA, preparing full CASP packs (governance, ICT, AML and safeguarding) and facilitating communication with the regulator. Our team helps to remediate legacy gaps, ensuring that applications are complete, consistent and inspection-ready.

Finland

Regulator: Finnish Financial Supervisory Authority (FIN-FSA/Finanssivalvonta).

Finland is moving from its virtual currency provider regime to full CASP authorisations under MiCA, overseen by the FIN-FSA. The Finnish model is renowned for its clarity, focus on consumer protection, and robust operational standards, which are now being extended to the crypto sector under a unified EU framework.

The FIN-FSA will expect clear, evidence-based submissions. Core attention points include:

• Client asset segregation (on-chain/off-chain procedures, reconciliation and cold/hot key policies);
• Governance independence (compliance and risk not subordinated to commercial lines);
• Own funds proportional to services;
• Clear ICAAP-style thinking for larger models.
• DORA-aligned ICT: continuity tests, incident thresholds and a register of critical service providers;
• Transparent disclosures and complaints handling that are consistent with the robust consumer protection laws in the Nordic countries.
• Anti-money laundering (AML) and counter-terrorist financing (CTF) measures mapped to Finland’s implementation of EU directives, with documented scenario testing.

The FIN-FSA values precision and completeness, such as well-cross-referenced documents, consistent figures and realistic operational narratives.

A Finnish MiCA authorisation is a strong quality marker for institutional partners and Nordic clients. It enables EU/EEA passporting and naturally aligns with regional expectations regarding data security, privacy and resilience.

RUE supports applicants with policy drafting and remediation of gaps against Finnish practice, prepares ICT/outsourcing documentation to Nordic standards and coordinates Q&A sessions with the FIN-FSA. We also design passporting roadmaps to enable clients to activate services across the EU quickly after approval.

France

Regulator: The Autorité des marchés financiers (AMF), in collaboration with the Autorité de contrôle prudentiel et de résolution (ACPR) for prudential and banking elements.

France is transitioning from its well-known PSAN (Prestataire de Services sur Actifs Numériques) regime to full MiCA CASP authorisation. The AMF will be responsible for conduct and markets supervision (authorisation, disclosures and market integrity), while the ACPR will coordinate prudential aspects and EMT/ART oversight (notably for stablecoins and e-money tokens). France’s early PSAN framework provides applicants with a head start, as many governance, AML and disclosure requirements already closely align with MiCA.

France is driven by investor protection and is documentation-intensive. Expect:

• Rigorous internal control architecture (independent compliance, risk and internal audit);
• Detailed client-asset safeguarding (segregation, reconciliation and wallet key governance);
• Marketing rules will be consistent with AMF guidance, ensuring that they are fair, clear and not misleading, and that risk warnings are prominent.
• ICT/DORA alignment (continuity plans, incident thresholds and outsourcing registers with audit and exit rights);
• Fit-and-proper screening for governing body members and key functions.
• Market integrity controls for platforms (surveillance, abuse prevention and insider information handling).

A French MiCA authorisation signals high compliance quality to institutions and opens up EU/EEA passporting. This is attractive for firms targeting large retail markets and partnerships with European banks and payment providers.

Regulated United Europe (RUE) prepares AMF-ready application packs, aligns PSAN legacies to MiCA, drafts French and English marketing and disclosure materials and calibrates market abuse controls for trading venues. We also coordinate AMF/ACPR interactions and plan passporting notifications, enabling our clients to scale up efficiently across the EU.

Germany

Regulator: Die Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin).

Germany is integrating MiCA into an already mature framework in which crypto custody and certain crypto services have long been supervised by BaFin. Under MiCA, BaFin will authorise and monitor CASPs, placing a strong emphasis on prudential soundness, IT governance and outsourcing control. Germany’s approach tends to mirror bank-grade expectations, particularly with regard to custody and trading venues.

BaFin is exacting and evidence-driven. Applicants should be prepared for:

• Robust own funds and financial projections, and
• Clear liquidity planning.
• Three-lines-of-defence governance with independent and well-resourced control functions;
• IT and cybersecurity deep dives (architecture, key management, change control and penetration testing);
• Outsourcing/third-party risk: granular contracts (service level agreements, data location, limits on sub-outsourcing, audit rights);
• Comprehensive AML/CTF (scenario calibration, name and transaction screening, SAR processes);
• Client asset protection and reconciliation across on-chain and off-chain environments.

Expect iterative Q&A rounds and potential management interviews. Consistency across the business plan, policies and financials is essential.

A German MiCA licence is a gold-standard signal for counterparties, facilitating EU passporting and institutional onboarding. It is well suited to firms aiming to provide regulated custody, exchange, brokerage or prime services.

RUE builds BaFin-grade dossiers comprising governance maps, ICAAP-style capital narratives where proportionate, DORA-aligned ICT packs and detailed outsourcing frameworks. We facilitate iterative dialogue with regulators and design passporting strategies to activate services EU-wide post-authorisation.

Greece

Regulator: The Hellenic Capital Market Commission (HCMC) is responsible for CASPs, while the Bank of Greece is responsible for EMT/e-money aspects.

CASP authorisation in Greece is centralised under the HCMC, evolving from AML-focused oversight to full MiCA prudential and conduct supervision. For EMTs and certain stablecoin elements, the Bank of Greece collaborates on prudential controls and payments interface issues. Greece’s framework closely aligns with ESMA/EBA standards while reflecting national AML transposition.

The HCMC emphasises governance substance and fitness-and-propriety. Applicants should prepare:

• A clear service mapping (custody, exchange, order execution, advice, portfolio management and transfer);
• Own funds proportional to activity; and
• Credible financial plans.
• AML/CTF programmes tailored to crypto risks (e.g. on-chain analytics and transaction monitoring scenarios);
• Client-asset safeguarding and conflict-of-interest controls;
• ICT and outsourcing should be aligned to DORA, including incident response and continuity testing.
• Transparent disclosures and complaints handling that are consistent with consumer protection expectations.

HCMC is practical, but it expects local accountability: named responsible persons must be accessible for supervision.

A Greek MiCA licence enables EU/EEA passporting and can be strategically compelling for firms serving Southern and Eastern Mediterranean markets while leveraging EU protection standards.

Regulated United Europe (RUE) prepares HCMC-compliant applications and drafts Greek/English policy suites. We also align AML frameworks with national practice. We coordinate with the HCMC and the Bank of Greece as required, and we plan cross-border notifications so that our clients can expand seamlessly across the EU.

Hungary

Regulator: The National Bank of Hungary (Magyar Nemzeti Bank – MNB).

Consistent with its role overseeing investment, payment, and e-money institutions, Hungary will channel MiCA supervision through the MNB. The shift from AML-focused virtual asset oversight to full CASP authorisation under MiCA means higher expectations regarding governance, prudential soundness, ICT resilience and consumer protection. Hungary’s goal is to establish a licensing system that is predictable and rules-based, offering clear guidance and structured engagements.

The MNB is methodical and evidence-driven. Applicants should expect:

• A complete governance map (board, senior management, compliance, risk and internal audit) with fit-and-proper proofs.
• Own funds proportional to the services provided (custody, exchange, order execution, dealing on one’s own account, portfolio management, advice and transfers).
• Risk registers and controls covering market, operational, AML/CTF and ICT risks, and continuity/testing plans aligned with DORA.
• Client asset safeguarding (segregation, key management, reconciliation and incident response).
• An AML/CTF framework tailored to crypto risks (on-chain analytics, sanctions/screening and SAR workflow).
• Local substance is important: the MNB expects accessible and accountable managers, as well as a real operational presence.

A Hungarian CASP licence provides EU/EEA passporting and strong credibility in Central and Eastern Europe. This is ideal for firms looking to establish shared-service hubs in Budapest with scalable compliance and IT teams.

Regulated United Europe (RUE) prepares MNB-ready dossiers, including governance charters, DORA-aligned ICT packs, and AML manuals. We coach management teams for supervisory Q&As and handle passporting notifications, enabling clients to activate cross-border services seamlessly.

Ireland

Regulator: Central Bank of Ireland (CBI).

The path in Ireland runs from VASP AML registration to full MiCA CASP authorisation under the CBI – an authority renowned for its fitness and probity regime and focus on consumer protection. Expect a governance structure that is as robust as a bank’s, with clear client disclosures and a focus on operational risk.

CBI reviews are granular and iterative. Successful files typically demonstrate:

• A robust three-lines-of-defence model with independent compliance and risk functions.
• Operational risk and ICT documentation (BCP/DR testing, incident thresholds, outsourcing registers and penetration testing cadence) aligned with DORA.
• Client asset protection measures such as segregation mechanics, wallet key governance, reconciliations and safeguarding disclosures.
• Consumer outcomes include plain-English risk warnings, fee transparency, complaints handling and processes for vulnerable customers.
• There is strong fitness and probity evidence for board and pre-approval roles (CVs, references and competence mapping).
• The CBI often conducts meetings and interviews with key personnel, and consistency across the business plan, policies and financials is essential.

An Irish MiCA licence inspires high levels of trust among institutional partners and enables EU/EEA passporting. Ireland is an ideal location for firms that prioritise English-language operations, talent and proximity to global finance and tech ecosystems.

RUE drafts CBI-calibrated submissions (governance, ICT, AML), refines disclosures to align with Irish consumer protection norms and supports fitness and probity packs. We manage dialogue with the regulator and plan your passporting roadmap across the EU.

Italy

Regulators: CONSOB (markets/conduct), in cooperation with the Bank of Italy (prudential/EMT aspects).

Italy is moving from the OAM VASP registry and CONSOB oversight to a full MiCA CASP regime. Expect a dual-track culture: CONSOB will oversee market conduct, disclosures and market integrity, while the Bank of Italy will oversee prudential and EMT/ART issues. Italy’s framework emphasises clear Italian-language disclosures, marketing fairness, and robust governance.

The authorities will focus on transparency, governance, and investor protection. Applicants should prepare accordingly.

• A detailed service mapping (custody, exchange, execution, dealing, advice, portfolio management and transfer);
• Conflict-of-interest management.
• Proofs of own funds and realistic financial projections; liquidity and wind-down planning where proportionate.
• ICT/DORA alignment (incident playbooks, continuity testing, critical vendor controls and audit/exit rights in outsourcing).
• They should also prepare market integrity procedures for platforms, including surveillance, insider list management and abusive pattern detection.
• Italian-compliant marketing and advertising using fair, clear and non-misleading language with risk warnings.
• Anti-money laundering/counter-terrorist financing (AML/CTF) aligned to national transposition: risk assessment, monitoring scenarios, suspicious activity report (SAR) process and governance of the money laundering reporting officer (MLRO).

An Italian MiCA licence enables EU passporting and is attractive to firms targeting large Southern European retail and SME markets or seeking to partner with Italian banks, PSPs and payment facilitators.

RUE builds CONSOB/Bank of Italy-aligned files, prepares Italian/English disclosures and policy suites, and calibrates market abuse and outsourcing controls. We manage regulatory communications and orchestrate passporting notifications to activate services efficiently across the EU.

Latvia

Regulator: Latvijas Banka (Bank of Latvia), following the integration of the former FCMC into the central bank.

Latvia has consolidated financial supervision under the Bank of Latvia, which is expected to act as the National Competent Authority (NCA) for MiCA. This centralisation streamlines oversight for banks, payment service providers, investment firms and, now, crypto-asset service providers (CASPs). Under MiCA, firms will transition from basic AML registration to full prudential authorisation, thereby aligning with EU standards for governance, consumer protection and ICT risk.

Latvian supervision is precise and documentation-driven. Emphasis will be placed on:

• Governance independence with identifiable, accountable key function holders (compliance, risk, MLRO);
• Client-asset safeguarding;
• Wallet key management;
• Reconciliation procedures.
• AML/CTF controls will be mapped to Latvia’s national transposition, including risk scoring, sanctions screening and SAR workflow.
• ICT aligned to DORA (continuity testing, incident playbooks, critical third-party oversight, data residency).
• Transparent retail disclosures and robust complaints handling.

A Latvian CASP licence enables EU/EEA passporting and is ideal for firms seeking a Baltic base with strong central bank credibility and efficient supervisory dialogue.

Regulated United Europe (RUE) preparesLatvijas Banka-ready application packs, including governance charters, AML manuals and DORA-compliant ICT frameworks. We coordinate the regulator Q&A process and execute passporting notifications, enabling our clients to expand their operations quickly across the EU.

Lithuania

Regulator: Bank of Lithuania (Lietuvos Bankas). The Financial Crime Investigation Service (FCIS) remains central to AML enforcement.

Lithuania’s transition from the previous VASP registration system (Centre of Registers + FCIS) to MiCA CASP authorisation under the central bank is well underway. Thanks to its fintech-friendly ecosystem and clear supervisory pathways, Lithuania is a leading choice for firms seeking MiCA licences with credible timelines and in-depth AML expertise.

The Bank of Lithuania takes a hands-on and proportionate approach, but expects bank-grade clarity. Applicants should prepare:

• A granular service mapping (custody, exchange, order execution, portfolio management, advice and transfer).
• Proofs of own funds and liquidity planning consistent with MiCA proportionality.
• Client-asset safeguarding (segregation, key governance, reconciliations and incident handling).
• They should also prepare AML/CTF programmes that align with FCIS expectations, including on-chain analytics, scenario calibration and SAR governance.
• ICT/DORA packages (BIA/BCP/DR, incident thresholds and vendor registers with audit and exit rights).

A Lithuanian authorisation combines regulatory credibility with pragmatic supervision and seamless EU passporting, making it attractive for exchanges, custodians and payment-adjacent crypto firms.

RUE has a strong local team in Vilnius. We craft Bank of Lithuania-calibrated submissions, align legacy VASP setups to MiCA and coordinate with the Financial Conduct Authority (FCA) on anti-money laundering (AML) robustness. Our team manages communications with the regulator and maintains post-licence compliance to keep operations inspection-ready.

Luxembourg

Regulator: Commission de Surveillance du Secteur Financier (CSSF).

Luxembourg extends its renowned supervision of funds, payments and banking to MiCA CASPs under the CSSF. The jurisdiction’s institutional ecosystem and well-established outsourcing and ICT policies make it an ideal location for firms targeting institutional clients, custody, tokenisation and B2B crypto services.

The CSSF is exacting and governance-focused. Expect thorough testing of:

• Three lines of defence with genuinely independent control functions.
• Outsourcing and cloud arrangements (data location, sub-outsourcing limits, audit/access rights and exit strategy).
• ICT/DORA compliance (operational resilience, incident thresholds, testing cadence and critical provider registers).
• Client-asset protection and reconciliation across on- and off-chain ledgers.
• Anti-money laundering (AML) and counter-terrorist financing (CTF) controls tailored to complex cross-border flows and institutional relationships.
• Market integrity controls for platforms (surveillance, handling of insider information, abuse detection).

A Luxembourg CASP licence is a gold-standard signal for banks, asset managers and regulated counterparties, enabling EU/EEA passporting from a top-tier financial centre.

RUE builds CSSF-grade dossiers with a particular focus on outsourcing, cloud and ICT documentation. We coordinate iterative Q&A sessions with the CSSF, refine institutional-class AML frameworks and plan passporting strategies to activate services across the EU post-authorisation.

Malta

Regulator: The Malta Financial Services Authority (MFSA), in collaboration with the Financial Intelligence Analysis Unit (FIAU), specialises in AML/CTF.

Malta is shifting from its established Virtual Financial Assets (VFA) framework to full MiCA CASP authorisation under the MFSA. As the VFA regime already imposed robust governance, fitness-and-propriety, and white paper disclosure obligations, many local market practices will align with MiCA’s requirements regarding own funds, safeguarding, governance, ICT, and consumer protection. Topics relating to EMT/ART will attract prudential scrutiny and coordination with EU-level guidance.

The MFSA is granular and interview-driven. Expect:

• Proven local substance (effective management presence and accountable MLRO, compliance and risk leads).
• Client asset safeguarding (segregation, key management, reconciliations and incident playbooks).
• ICT will be DORA-aligned (BCP/DR testing cadence, outsourcing registers with audit/exit rights, incident thresholds).
• Shareholders and key function holders must be fit and proper, and competency matrices are common.
• Consistency with FIAU expectations on AML/CTF (risk assessment, monitoring scenarios, SAR workflow, ongoing training).

A Maltese MiCA licence is highly regarded for B2B crypto platforms, custodians, tokenisation providers and operators serving both EU and non-EU counterparties. It unlocks EU/EEA passporting and provides the credibility of a mature gaming/fintech hub and experienced supervisor.

Regulated United Europe (RUE) aligns legacy VFA setups to MiCA (policy uplift, governance re-mapping and ICT/outsourcing remediation), prepares MFSA-calibrated files and manages FIAU touchpoints. We develop efficient passporting plans to enable clients to activate services across the EU swiftly following authorisation.

Netherlands

Regulators: The Dutch Authority for the Financial Markets (AFM) is responsible for conduct and markets, while De Nederlandsche Bank (DNB) is responsible for prudential, AML and EMT/ART elements.

The Netherlands is moving from DNB crypto-AML registration to a dual-supervisor MiCA model. The AFM will lead on authorisation, conduct, disclosures and market integrity, while the DNB will focus on prudential soundness, AML/CTF and stablecoin oversight. Dutch supervision is known for its high expectations regarding the independence of control functions, senior management accountability and IT risk governance.

Expect a bank-grade structure and precise documentation.

• There are three lines of defence, with independent and well-resourced compliance and risk functions, and proportionate internal audit.
• Proofs of own funds are tied to the service set (custody, exchange, execution, dealing, advice, portfolio management, transfers).
• ICT is DORA-aligned with architecture documentation, change management, penetration testing and critical third-party oversight.
• Client-asset safeguarding and reconciliation is carried out across on- and off-chain, and wallet key governance is a key issue.
• Marketing and disclosures are under AFM standards (fair, clear and not misleading, with retail risk warnings).
• AML/CTF controls align with DNB expectations (on-chain analytics, sanctions screening, SAR discipline and MLRO governance).

A Dutch MiCA authorisation is a strong institutional signal and is attractive for firms targeting payments-adjacent crypto, brokerage/exchange venues and institutional custody. It provides EU passporting from a top-tier regulatory environment.

RUE builds AFM/DNB-ready submissions, calibrates outsourcing/ICT packages to Dutch practice and refines marketing and retail disclosures. We coordinate dual-regulator Q&A and execute passporting notifications to enable services to be scaled up across the EU.

Poland

Regulator: The Polish Financial Supervision Authority (Komisja Nadzoru Finansowego – KNF).

Poland is evolving from an AML-focused VASP register to full MiCA CASP authorisation under the KNF. The Polish approach blends prudential discipline with practical market oversight. Expect the KNF to scrutinise service mapping, own funds, governance and ICT/outsourcing, in line with ESMA/EBA technical standards, while coordinating with national AML authorities.

The KNF is structured, evidence-based and attentive to consumer outcomes. Applicants should prepare:

• A precise service perimeter (exchange, custody, order execution, dealing, advice, portfolio management, transfers) with conflict controls.
• They should also prepare capital/own funds and realistic financials, as well as liquidity and wind-down plans where proportionate.
• They should also prepare for client-asset protection (segregation, reconciliations, key management and incident response).
• They should also be DORA-ready with ICT continuity, incident thresholds, critical vendor registers and cyber testing.
• AML/CTF measures tuned to Polish practice, including risk scoring, monitoring scenarios, sanctions screening and SAR playbooks.
• There are clear disclosures and complaints handling procedures, especially for retail channels and marketing.

A Polish MiCA licence provides EU/EEA passporting and is suitable for firms targeting Central and Eastern Europe that require scalable operations and competitive cost structures. It is particularly appealing for exchanges, custodians and brokers planning regional hubs.

RUE prepares KNF-aligned dossiers (governance, AML, ICT and safeguarding), supports management in preparation for supervisory meetings and manages cross-border passporting. We also assist with local staffing and substance, as well as vendor frameworks, to help you meet Polish supervisory expectations.

Portugal

Regulators: The Portuguese Securities Market Commission (CMVM) is responsible for markets and conduct, as well as CASP authorisation. The Banco de Portugal (BdP) is responsible for payment and e-money aspects, as well as AML coordination where relevant.

Portugal is transitioning from the BdP’s VASP AML registration regime to a CMVM-led MiCA authorisation process for Crypto-Asset Service Providers (CASPs). The CMVM’s markets mandate (disclosure, conduct and market integrity) combines with the BdP’s prudential and payments perimeter on EMTs and ARTs, as well as operational interfaces with payment rails. Portugal has also introduced a strict code of conduct for crypto advertising, which aligns well with MiCA’s philosophy of consumer protection.

Expect a documentation-intensive investor protection review with coordinated touchpoints between the CMVM and the BdP. Successful applications will typically demonstrate:

• Precise service mapping (custody, exchange, order execution, dealing on own account, advice, portfolio management and transfer);
• Own-funds and liquidity planning aligned to MiCA proportionality.
• Client asset safeguarding: segregation, wallet key governance, reconciliations and incident playbooks.
• ICT aligned to DORA: continuity/DR testing cadence, incident thresholds, critical vendor registers and audit/exit rights.
• Fair, clear and non-misleading marketing and retail disclosures (in Portuguese/English as needed) with prominent risk warnings.
• Anti-money laundering/counter-terrorist financing (AML/CTF) calibrated to BdP expectations: risk assessment, sanctions screening, monitoring scenarios, suspicious activity report (SAR) governance, and ongoing training.

A Portuguese MiCA licence enables EU/EEA passporting and is attractive for firms targeting the Iberian and Lusophone markets, including partnerships with PSPs and banks. Portugal’s maturing crypto ecosystem and talent pool make Lisbon and Porto compelling operational bases.

Regulated United Europe (RUE) prepares CMVM-ready files, aligns legacy BdP VASP setups with MiCA requirements, drafts compliant marketing disclosures and builds DORA-grade ICT and outsourcing packs. We coordinate dual-regulator Q&A and manage passporting notifications to swiftly activate services across the EU.

Romania

Regulators: The Financial Supervisory Authority (ASF) is responsible for CASP authorisation and market conduct, while the National Bank of Romania (NBR) is responsible for e-money/stablecoin prudential interfaces.

Romania is transitioning from AML-oriented oversight of virtual asset activities to a comprehensive MiCA CASP regime under the ASF, with the NBR playing a role in EMTs/ARTs and payments adjacency. The national framework emphasises ownership transparency, governance substance and end-to-end AML compliance, all of which are consistent with EU directives.

The ASF is methodical and proof-driven. Applicants should be prepared to provide evidence of:

• Fit and proper status for shareholders, directors and key function holders (CVs, competence matrices and regulatory history).
• Own-funds adequacy and credible financial projections, including wind-down planning where proportionate;
• Client asset protection measures such as segregation, access controls, key ceremonies, reconciliations and incident/compromise response procedures must also be in place.
• ICT & DORA alignment: BCP/DR, incident thresholds/reporting, cyber testing, third-party risk and data residency.
• AML/CTF is tailored to crypto risks and includes on-chain analytics, name/transaction screening, SAR workflow and training logs.
• Retail communications are balanced and transparent, and there is robust complaints handling.

Obtaining a Romanian MiCA authorisation provides EU/EEA passporting and can be an efficient option for firms looking to set up a Central/Eastern European hub, offering competitive operating costs and access to strong engineering and compliance talent.

RUE prepares ASF-calibrated governance and policy suites, structures ownership disclosures for clarity and builds AML/ICT frameworks that are aligned with national practice. We liaise with the ASF/NBR where necessary and manage passporting roadmaps to facilitate rapid EU expansion.

Slovakia

Regulator: Národná banka Slovenska (NBS).

Slovakia will route MiCA CASP authorisation through the NBS, aligning with its oversight of payments, EMIs and investment services. The Slovak approach is pragmatic but evidence-heavy, requiring clear demonstrations of capital strength, governance independence, and operational resilience.

The NBS favours complete and consistent submissions with tight cross-referencing across business plans, policies and financials. Core focal points include:

• A clear service perimeter with conflict-of-interest controls and decision-making lines;
• Own-funds and liquidity planning proportionate to the activity mix;
• Credible budgeting and staffing plans.
• Client-asset safeguarding (segregation arrangements, wallet key policies, reconciliation frequency and incident response).
• DORA-ready ICT (continuity testing, incident thresholds, critical vendor registers, change management and cyber testing).
• AML/CTF mapped to Slovak law, including risk scoring, monitoring scenarios, sanctions screening, SAR playbooks and ongoing training.
• Consumer protection includes transparent disclosures, fair marketing and structured complaints handling.

A Slovak MiCA licence enables EU/EEA passporting and is ideal for firms looking to establish cost-efficient operational hubs at the heart of the EU, with access to regional talent and suppliers.

RUE crafts NBS-ready application dossiers, implements governance, AML and ICT uplift projects, and supports management with supervisory Q&A. We execute passporting notifications and design compliance maintenance programmes to ensure that operations remain inspection-ready post-licence.

Slovenia

Regulator: The Securities Market Agency (ATVP) is responsible for CASPs, while the Bank of Slovenia is responsible for prudential and e-money token (EMT) interfaces.

Slovenia is aligning its capital markets supervision with MiCA by designating the ATVP as the National Competent Authority (NCA) for Crypto-Asset Service Providers (CASPs). The ATVP’s focus on markets (conduct, disclosures, and market integrity) will be complemented by the Bank of Slovenia for EMT/stablecoin prudential matters. MiCA replaces the previous AML registration emphasis with full authorisation covering governance, own funds, consumer protection and ICT resilience.

The ATVP is practical but exacting. Applicants should expect close scrutiny of:

• Governance independence: clear lines for compliance, risk and internal audit, and fit-and-proper evidence.
• Client asset safeguarding: segregation, wallet key governance, reconciliations and incident playbooks.
• Retail conduct: fair, clear and non-misleading disclosures; robust complaints handling and record keeping.
• DORA-aligned ICT: continuity/disaster recovery (DR) tests, incident thresholds and outsourcing registers with audit and exit rights.
• Anti-money laundering (AML) and counter-terrorist financing (CTF) measures calibrated to national law, including risk scoring, sanctions screening, on-chain analytics and SAR workflow.

A Slovenian MiCA authorisation enables EU/EEA passporting and is ideal for firms looking to establish a Central European hub with strong connections to Italy, Austria and the Balkans, while demonstrating robust conduct standards to partners.

Regulated United Europe (RUE) prepares Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) ready dossiers, drafts Slovenian/English policy suites, aligns ICT and outsourcing to DORA and manages passporting notifications, enabling clients to efficiently scale across the EU.

Spain

Regulators: CNMV (markets/conduct) and Banco de España (prudential for EMTs/payment interfaces).

Spain is evolving from the CNMV’s crypto advertising regime and the Banco de España’s payments oversight to a full MiCA split. The CNMV will authorise and supervise CASPs with regard to conduct, disclosures and market integrity, while the Banco de España will engage with EMT/ART prudential aspects. Spain already enforces strict rules on crypto promotions, which align with MiCA’s consumer protection pillars.

The CNMV is investor-protection centric and documentation-heavy. Successful applications typically demonstrate:

• Precise service mapping (custody, exchange, execution, dealing, advice, portfolio management, transfer) and conflict controls;
• They also demonstrate adequate own funds and realistic financial plans, as well as liquidity and wind-down planning where proportionate.
• Client-asset protection measures include segregation procedures, wallet-key management, reconciliation cadence and incident response.
• Marketing and disclosures: Compliance with Spanish regulations, and fair, clear and non-misleading with prominent risk warnings for retail.
• ICT/DORA: continuity and cyber testing, incident thresholds, critical vendor registers and audit/exit rights.
• Anti-money laundering (AML)/counter-terrorist financing (CTF) aligned to national practice: on-chain analytics, sanctions screening, suspicious activity report (SAR) governance, ongoing training.

A Spanish MiCA licence is valuable for firms targeting partnerships in Iberia and Latin America, and it enables EU passporting from a large consumer market with clear advertising and promotional expectations.

RUE builds CNMV/BdE-aligned submissions, refines Spanish-language disclosures and ad governance, calibrates AML and ICT packs, and manages dual-regulator Q&A and cross-border passporting to activate services EU-wide.

Sweden

Regulator: Swedish Financial Supervisory Authority (Finansinspektionen – FI).

Sweden is transitioning from AML-focused oversight of virtual asset activity to full CASP authorisation under MiCA, led by the FI. The Swedish model is renowned for IT security, operational resilience and consumer protection, and is now being applied directly to crypto under a harmonised EU framework.

The FI conducts in-depth technical and governance reviews. Expect a focus on:

• Three lines of defence with genuinely independent, well-resourced compliance and risk.
• DORA-ready ICT: architecture documentation, change control, incident thresholds/reporting, cyber testing cadence and critical vendor oversight.
• Client asset safeguarding will focus on segregation (on/off-chain), key ceremonies, reconciliations and cold/hot wallet policy.
• Proportionality of own funds and credible budgeting/staffing; management accountability is a key issue.
• Consumer conduct: transparent fee and risk disclosures and accessible complaints pathways.
• AML/CTF is tuned to Nordic expectations and includes enhanced due diligence where needed, sanctions screening, SAR discipline and ongoing staff training.

A Swedish MiCA authorisation signals quality to institutional partners and enables EU/EEA passporting. This is ideal for firms that prioritise security-first custody, exchange and brokerage for Nordic clients and standards.

RUE prepares FI-calibrated application packs, strengthens clients’ ICT/outsourcing documentation in line with Nordic norms, aligns AML programmes and supports management through supervisory interviews. RUE then executes passporting notifications to enable rapid scaling across the EU.

RUE: Shaping the Future of MiCA Compliance Across Europe.

The introduction of the Markets in Crypto-Assets Regulation (MiCA) marks a historic milestone for the European financial ecosystem by creating the first truly harmonised regulatory framework for crypto-assets. From AML registration regimes to comprehensive CASP authorisations, the EU has entered a new era of clarity, transparency and investor protection. However, as this article demonstrates, the path towards compliance varies between Member States, with each national competent authority (NCA) adopting its own supervisory approach, documentation style and procedural nuances.

In this new environment, Regulated United Europe (RUE) has established itself as a leading MiCA consulting and legal advisory firm in the EU. With offices and local legal teams in Estonia, Lithuania, Poland and the Czech Republic, as well as dedicated partners in Malta, Cyprus and Spain, RUE provides comprehensive regulatory support to crypto businesses seeking authorisation as crypto-asset service providers (CASPs).

Our team of over 30 internal and external lawyers and compliance experts works directly with EU regulators, including BaFin (Germany), AMF (France), the Bank of Lithuania, the CNMV (Spain), the MFSA (Malta) and the CSSF (Luxembourg), to ensure that each client’s application meets MiCA’s strict requirements and reflects the highest professional and ethical standards. From preparing business plans and governance frameworks to designing DORA-compliant ICT systems and AML/CTF procedures, RUE ensures that every submitted file is audit-ready, regulator-aligned and structured for passporting across the EU.

We are proud to have already assisted dozens of crypto companies with preparing their MiCA application documentation, conducting regulatory correspondence and coordinating with local authorities. Many of these firms were previously registered under national VASP regimes, and with RUE’s guidance, they are successfully transitioning to MiCA-compliant authorisation – a crucial step for continuing to operate across the European Economic Area (EEA) after June 2026.

Beyond legal preparation, RUE’s mission is to build long-term trust between crypto businesses and European regulators. We believe that regulatory compliance is a foundation for sustainable growth, not a burden, and our role is to help innovative projects achieve this with confidence, precision and transparency.

Looking to the future, RUE is expanding its reach beyond Europe to support clients in Asia, the Middle East and North America who wish to access the European market under the MiCA framework. With our extensive regulatory experience, multilingual legal teams and cross-border partnerships, we are well placed to continue shaping the future of crypto regulation and financial innovation in the EU.