MiCA Licence in Netherlands

As the EU’s Markets in Cryptoassets Regulation (MiCA) comes into force on 1 July 2025, companies providing services related to cryptocurrencies face the need to strictly comply with the updated requirements. From now on, it is possible to conduct business in the European Union only with a Crypto-Asset Service Provider (CASP) licence issued in one of the EU countries. Obtaining such a licence gives the right to freely provide services throughout the territory of the Union thanks to the mechanism of the pan-European passport.

The Netherlands is one of the few Member States that has not only completed the legislative implementation of MiCA, but also has already issued a number of CASP licences. The existence of a clear licensing procedure makes this jurisdiction attractive for cryptocurrency businesses, especially when other countries are still in transition or have no licensing practices in place. The MiCA Regulation aims to create a unified legal framework for the EU crypto market and increase investor and consumer confidence. It applies to a wide range of service providers, including custodial wallet operators, exchanges, exchange platforms, and token issuers, including stablecoins. Licensing involves a number of obligations in terms of customer protection, operational sustainability, transparency and abuse prevention. At the same time, MiCA clearly delineates areas that do not fall under its regulation. For example, information platforms that publish material about cryptocurrencies, such as analytics, news, reviews or forecasts, are not subject to regulation under the act, provided they do not provide asset custody or exchange services and do not manage client funds. This preserves the status of such portals as free media resources that play an important role in informing and educating the crypto community.

The MiCA regulations were formally approved in 2023, but the entry into force of its rules is being phased in to ensure adaptation by market participants and supervisors. Although it is formally possible to apply for a licence in any EU country, in practice not all states have provided the necessary legal and administrative infrastructure to process applications and supervise CASPs. Thus, the choice of jurisdiction to apply for a CASP licence should be based not only on the attractiveness of the tax regime, but above all on the readiness of the national regulator to implement MiCA requirements. In this context, the Netherlands has a strong reputation for high regulatory standards and a transparent licensing procedure.

With the transition to mandatory licensing of cryptocurrency service providers under the MiCA Regulation, companies operating in this area must take into account both the general provisions of EU law and the specifics of its implementation in individual member states. One of the key milestones in the phased entry into force of MiCA was the introduction of special rules for issuers of stablecoins from 30 June 2024, as well as the entry into force of market abuse and anti-money laundering requirements from 30 December 2024.

Despite this, until 1 July 2025, cryptocurrency companies, including those operating in the Netherlands, can still operate without a CASP licence if they were started before the introduction of the new regulations. This 18-month transitional period is provided to allow existing market participants to apply, complete the licensing process and align their internal processes with MiCA requirements in a timely manner.

At the same time, as of mid-2025, not all EU countries have completed the practical implementation of MiCA. While the Regulation itself is generally binding, the specific application, supervision and documentation review procedures remain the responsibility of national authorities. This requires not only the creation of a legal framework, but also the establishment of regulatory infrastructure: training of specialists, digitalisation of processes, and enforcement. In the Netherlands, the Financial Markets Authority (AFM), which has extensive experience in financial regulation, is responsible for issuing CASP licences. The AFM has already launched licence application procedures under MiCA and provides detailed checks on firms’ compliance with IT security, customer protection, financial strength and operational reliability requirements. Key documents required for submission include a description of the corporate structure, details of the services offered, details of risk management and customer protection policies, a description of internal compliance systems, and confirmation of the minimum start-up capital required for the specific activity. The Netherlands thus emerges as one of the best prepared jurisdictions to obtain a CASP licence under MiCA, offering transparent conditions and working licensing practices. This makes the country a priority for cryptocurrency companies wishing to continue operating in the EU after 1 July 2025.

MiCA crypto regulation in Netherlands

The introduction of the MiCA Regulation with mandatory certification of cryptocurrency service providers means significant changes for both crypto businesses and consumers in the European Union. On a practical level, this translates into a strict licensing system where companies are required to be vetted and obtain CASP status in an EU country. The Netherlands was one of the few countries where an application mechanism is already in place. The AFM (Netherlands Authority for the Financial Markets) regulator does not set a fixed cost of the licence: the cost is calculated based on the time spent on the analysis of the application at a rate of €200 per hour, but does not exceed €100,000. The final amount depends on the complexity of the corporate structure and the amount of information provided. As for the effects of MiCA on consumers, they largely depend on whether the services they use continue to operate legally in the EU. If the provider through which a customer accesses a wallet or other services does not execute a CASP licence by 1 July 2025, European users will be prohibited from using its platform. However, it is expected that most large and medium-sized market participants will complete the registration process, as failure to obtain a licence by the deadline will result in the loss of the entire European segment of the customer base, which in a highly competitive market is equivalent to effectively exiting the market.

For consumers, MiCA creates a safer environment. The regulation is aimed at preventing fraudulent schemes, increasing market transparency and strengthening control over the actions of platforms offering investments in cryptocurrencies. In particular, it introduces rules on mandatory disclosure of information, minimising conflicts of interest, as well as measures to combat market manipulation, including pump & dump tactics, which the AFM warns about separately on its pages. Also an important innovation is the mandatory KYC (know your customer) rules, which makes anonymous trading impossible on licensed platforms.

On the other hand, MiCA opens the way for entrepreneurs to operate sustainably within the EU Digital Single Market. While applying requires resources and effort, and the process itself is not formal, CASP-licensed companies gain access to all 27 EU countries without having to re-licence in each jurisdiction. This simplifies scaling, enhances customer and partner confidence, and increases the investment attractiveness of the business. Thus, despite the obvious burden associated with the licensing procedure, MiCA forms clear and long-term rules of the game in the European crypto market. And the Netherlands, thanks to its legal predictability, AFM experience and licences already in place, is becoming one of the best entry points into the EU’s regulated ecosystem. With the MiCA Regulation coming into full force in July 2025, the European cryptoasset market has for the first time a comprehensive and harmonised legal framework that removes previous regulatory uncertainty and creates clear rules of the game for all participants. This regulation not only legitimises the existence of cryptocurrencies as financial instruments, but also introduces oversight mechanisms that were previously either partial or non-existent. For entrepreneurs, this means a dramatic improvement in the business environment – they can expect legal certainty, protection of their investments and an understanding of what requirements are imposed on them and their projects.

The most significant element of the reform is the possibility of obtaining a pan-European CASP licence which allows cryptoasset-related services to be provided legally throughout the European Union. This creates favourable conditions for scaling businesses and bringing projects to an international level without the need for re-licensing in each country. However, despite the obvious benefits, the law raises concerns for small crypto startups and developers, which have traditionally played an important role in innovation in the blockchain sector. These companies often operate with limited budgets and lack the administrative resources to undergo licensing. In addition to the financial costs, they have to cope with a high level of regulatory burden: MiCA requirements include extensive documentation, KYC/AML compliance and ensuring that user rights are protected at a level typical of the traditional financial sector. For small teams creating new tokens, NFT projects or innovative blockchain solutions, obtaining a CASP licence can be an almost impossible task, especially if they lack legal and operational support. As a result, the market risks losing some of the creative environment that previously fuelled the industry’s growth.

A separate challenge is the regulation of decentralised finance (DeFi). The nature of these systems precludes the existence of a centralised operator or organisation that could commit to a supervisory authority. DeFi protocols are managed through smart contracts and a decentralised community of users, making classical licensing in the spirit of MiCA impossible. Although the regulation generally focuses on centralised market participants, the question remains open as to how and in what form the supervision of DeFi protocols can be implemented. As of 2025, this segment remains in a legal vacuum, which is a concern for regulators and market participants alike. Thus, on the one hand, MiCA creates a stable, predictable and reliable legal framework for cryptocurrency companies, building investor and consumer confidence. On the other hand, it raises the barrier to entry into the market, which may affect the innovative potential of the industry. The future of small crypto startups and DeFi ecosystems in Europe will largely depend on the flexibility of subsequent regulation and the ability of national regulators to take into account the peculiarities of non-standard business models.

CASP licence in the Netherlands 2025

From 2025, obtaining a Cryptoasset Service Provider (CASP) licence in the Netherlands is subject to the single European regulation MiCA (Regulation (EU) 2023/1114). The licence grants the right to legally provide cryptoasset-related services throughout the European Union. Applications to the Netherlands Authority for the Financial Markets (AFM) are available from 22 April 2024, with licences issued on the basis of applications becoming effective from 30 December 2024. Under the MiCA Regulation, a cryptoasset service provider is recognised as a legal entity or other undertaking that carries out one or more cryptoasset transactions on a professional basis, subject to authorisation. Article 59 of the MiCA regulates the conditions for granting a licence and includes requirements for internal governance, transparency, risk control and business integrity. In particular, key persons – policy makers, directors and board members – are subject to an AFM review to ensure they meet the reliability and competence criteria set out under the Dutch Suitability Regulation 2012 (Beleidsregel geschiktheid 2012), Category B.

MiCA also forms a unified concept of cryptoasset, defining it as a digital representation of value or right that can be transferred and stored using distributed ledger technology or a similar system. The regulation includes a clear list of services categorised as CASPs. These cover both infrastructure and investment advisory functions:

• custody and management of crypto-assets on behalf of clients (custody services);
• administration of trading platforms (operation of trading platforms);
• exchange of crypto-assets into fiat currencies (fiat exchange);
• exchange of crypto-assets for other crypto-assets (crypto-to-crypto exchange);
• execution of client orders (execution of client orders);
• placement of new crypto-assets (placement of crypto-assets);
• receipt and transmission of client orders (order reception and transmission);
• provision of advisory services (investment advice in crypto-assets);
• managing cryptocurrency portfolios on behalf of clients (portfolio management);
• transferring crypto-assets on behalf of clients (transfer services).

Each of these categories requires a separate justification in the CASP licence application. In addition, the applicant must demonstrate a robust IT infrastructure, internal controls, KYC/AML procedures, risk management policy, internal audit system, and sufficient start-up capital.

The Dutch regulatory context emphasises the quality of corporate governance and internal controls. The AFM licence regulation involves an in-depth review of both the business structure and the suitability of key employees. The regulator assesses not only the technical aspects of the project, but also compliance with the principles of integrity, transparency and consumer protection. In accordance with the provisions of the MiCA Regulation (EU 2023/1114), the provision of services related to cryptoassets in the European Union is only possible for a certain number of entities entitled to provide such services on the basis of authorisation. A person is not authorised to act as a cryptoasset service provider (CASP) if it:

(a) is not a legal person or other business that has been authorised under section 63 of the MiCA;
b) is not on the list of licensed financial institutions specified in Article 60 of MiCA, such as credit institutions, investment firms, UCITS/AIF fund managers, market operators and e-money providers that are authorised to provide similar services.

In other words, individuals and unlicensed entities cannot legally provide cryptocurrency services in any EU country. This provision makes centralised regulation mandatory and highlights the need for strict adherence to the licensing procedure. The CASP authorisation procedure requires significant time and resources. Even with full documentation, the simplicity of the products offered and the absence of significant regulatory risks, the minimum processing time is at least five months. This includes preliminary validation of documents, assessment of the corporate structure, review of applicable anti-money laundering, cybersecurity and consumer protection policies, and verification of the suitability of management.

In practice, this timeframe may be significantly longer, especially if the applicant:

• Offers complex or innovative types of services
• Uses a multi-level structure involving cross-border holdings
• Does not provide sufficient explanations on risk management or internal control policies
• Must finalise internal documents as requested by the regulator

In addition, the regulator may require organisational changes before licensing is completed, such as a review of the board structure, outsourcing arrangements or IT architecture. Thus, successful CASP licensing requires not only compliance with formal requirements, but also preliminary legal and operational preparation of the project. Early engagement with competent advisors, development of a regulatory strategy and preparation of a complete dossier significantly increase the chances of obtaining approval in the shortest possible time.

Application procedure for a CASP licence in the Netherlands

The procedure for preparing and submitting an application for a CASP (Crypto-Asset Service Provider) licence  in the Netherlands is a formalised and step-by-step process regulated by the AFM (Netherlands Authority for the Financial Markets) in accordance with the provisions of the MiCA Regulation. The effectiveness of the review depends directly on the quality of the pre-application preparation, the completeness of the documentation and the applicant’s willingness to engage with the regulator. Before submitting an application, the applicant must determine whether its activities fall within the scope of MiCA regulation. This includes analysing the services provided and establishing which provisions of the Regulation apply to a particular business model. At this stage, it is advisable to conduct internal due diligence or seek external advice from external advisors with relevant expertise. It is then advisable to review the MiCA provisions in terms of requirements for governance structure, financial stability, IT security, customer protection procedures and anti-money laundering policies.

The formal licence application procedure includes the following steps:

1. Application submission: carried out through the Cryptshare secure platform, via email. The application should include a structured list of attachments and a cover letter indicating the list of documents submitted.
2. Acknowledgement of receipt: AFM acknowledges receipt of submissions within five working days.
3. Completeness check: an initial formal check is conducted to ensure that all required documents are in place. Once passed, the statutory deadline (25 working days) for review of the complete application begins.
4. Additional Requests: If any materials are missing or insufficiently developed, AFM sends a request for revision. The timeframe for response is set on a case-by-case basis, ranging from 5 to 20 working days. Failure to do so may result in rejection of the application on the basis of incompleteness.
5. Interaction with the regulator: throughout the review period, there may be written, in-person or remote meetings with AFM representatives and, if necessary, with the Dutch Central Bank (DNB), if the project involves activities affecting the monetary or payments sector.

It is important to emphasise that the application must be systematically structured, all documents must be up-to-date and prepared in accordance with the regulator’s requirements. Mandatory attachments include information on the management structure, a list of services provided, a description of operational processes, an AML/CFT policy, a description of the IT environment and cybersecurity measures, confirmation of sources of capital, internal policies and control procedures, and profiles of key officials. The procedure for obtaining a Crypto Asset Service Provider (CASP) licence in the Netherlands is regulated by the AFM and follows several steps, clearly time-bound, but with flexibility and the possibility of iterative engagement with the applicant. The regulated duration of the process is around 105 working days, i.e. around five calendar months. However, actual processing time often exceeds this timeframe due to the need to adjust, clarify, or finalise submissions. Upon receipt of a complete application, AFM confirms that the application is considered complete. At that point, the statutory assessment period begins, which lasts 40 working days. During this period, the regulator analyses the applicant’s activities, the applicability of the regulation, the quality of internal procedures, the compliance of the management structure with the legal requirements and the compliance of key officials with the suitability and integrity criteria.

Within 20 working days from the start of this stage, the AFM may send a request to the applicant for additional information necessary for an objective assessment. A response to such a request must be provided within the deadline, otherwise the procedure may be suspended or terminated. Upon completion of the analysis, the AFM makes a final decision whether to grant or refuse the authorisation. The applicant is officially notified of the results within 5 working days from the date of the decision. The CASP authorisation procedure in the Netherlands is an iterative process, which means regular two-way communication between the AFM and the applicant. In practice, the regulator may ask for clarifications, clarifying material or edits. In most cases there are 1-3 meetings with company representatives (including the CEO, head of compliance or risk management officer), especially if there is a multi-level structure, international connections or non-standard business models. These meetings are aimed at confirming the quality of governance, risk understanding and sustainability of the operating model. The application is submitted via Cryptshare‘s secure platform. The preparation must strictly adhere to AFM technical and administrative instructions, including the use of correct file naming conventions and structured references to supporting documents. Violation of these requirements may result in rejection of the application as incomplete. Thus, successful CASP licensing in the Netherlands requires not only formal compliance with MiCA requirements, but also readiness for constructive dialogue with the regulator, prompt response to requests, and a high degree of preparedness of internal documentation and management team.

MiCA regulations for CASPs in Netherlands

In accordance with Article 60 of Regulation (EU) 2023/1114 (MiCA), in addition to legal persons obtaining a separate CASP licence, the right to provide certain services related to cryptoassets in the European Union is also granted to financial institutions already licensed under other European regulations. However, in order to perform such services, these organisations are required to submit a prior notification to the AFM confirming their intention to extend their activities to the cryptoasset market. In particular, the following financial market participants are able to provide services identical to CASPs without obtaining a separate CASP licence, subject to notification to the regulator:

• Credit institutions (banks licensed under the CRD/CRR Directive);
• Central securities depositories (CSDs) regulated by the CSDR;
• Investment firms authorised under MiFID II;
• Operators of regulated markets;
• Electronic Money Institutions licensed under Directive 2009/110/EC (EMD2);
• UCITS fund managers operating under Directive 2009/65/EC;
• Alternative Investment Fund Managers (AIFMs) licensed under Directive 2011/61/EU.

These entities are permitted to provide the services listed in Article 3 of MiCA (e.g. custody of cryptoassets, exchanges, execution of orders, advice), provided that the relevant activities are comparable to those for which they are already licensed and subject to MiCA requirements. However, even for such entities, a notification obligation comes into play – they must submit a CASP notice to the AFM justifying the legal and operational equivalence of their existing licences with their planned cryptoasset services. This notification must be accompanied by a detailed description of the planned services, internal controls and ensuring compliance with MiCA requirements, including KYC/AML and customer protection. It is important to understand that the regulator reserves the right to analyse the submitted materials and, if necessary, initiate additional enquiries or restrict activities if it considers that the structure does not meet the transparency, stability or consumer protection requirements under MiCA. MiCA therefore does not exempt the above financial institutions from engaging with the regulator in the context of cryptoasset services, but rather introduces a simplified market admission regime on a notification basis, but requires strict compliance with comparable governance and supervisory quality requirements. Under the MiCA Regulations and the AFM’s administrative procedure, firms holding a licence in another financial category (e.g. bank, investment firm, fund manager) but planning to provide services falling within the definition of crypto services must submit a CASP notification rather than undergoing a full licensing procedure. However, this does not exempt them from going through the simplified but highly regulated confirmation procedure.

The procedure for filing a CASP notification in the Netherlands includes the following key steps:

1. Filing the notification via Cryptshare.
   All documents and the notification form are sent to the AFM using Cryptshare’s secure data channel. It is critical to follow the instructions for naming files and linking to supporting documentation to avoid delays.
2. Acknowledgement of Receipt.
   AFM will acknowledge receipt of the notification within 5 business days.
3. Completeness check.
   AFM conducts a formal review to verify completeness of the submitted package. Once the notice is deemed formally submitted, the statutory review period of 40 working days begins.
4. Request for additional information.
   If a piece of information is missing, AFM makes a formal request. The notifying party has up to 20 business days to provide the missing materials. Exceeding this timeframe without a response may result in denial of consideration of the notification.
5. Final Decision.
   Following the review, AFM declares the notification either complete and accepted or rejects it – the decision is communicated within 5 working days of the completion of the review.

Unlike CASP licensing, the notification process does not provide for suspension of review due to additional requests. A request for clarification or clarification does not stop the countdown of the statutory deadline, so the responsibility for prompt and quality preparation lies entirely with the applicant. If necessary, AFM may request additional meetings with company management to clarify certain aspects, however, the process is generally limited to verifying the completeness and equivalence of the requested activities. It is important to remember that you may not begin providing cryptoasset related services until the CASP notification process has been completed and the AFM has formally recognised the completeness of the notification. Thus, although simplified compared to full licensing, the CASP notification procedure requires no less thorough preparation, especially given the limited time available to make corrections and the inability to suspend regulatory deadlines.

Markets in crypto assets regulations in Europe

From 2025, the European Union is entering a new phase of regulation of the cryptocurrency sector. The MiCA (Markets in Crypto-Assets Regulation), adopted to create a unified legal environment for digital assets, forms a standardised licensing model applicable in all 27 EU countries. This means that cryptocurrency companies that have obtained a CASP (Crypto-Asset Service Provider) licence in one of the member states are free to provide their services throughout the EU internal market without having to re-license in each jurisdiction.

A key aim of MiCA is to eliminate legal fragmentation and increase trust on the part of both consumers and institutional investors. The regulation aims to combat market abuse, ensure transparency of transactions, protect customers and prevent money laundering. However, since the practical implementation of the regulation began in mid-2024, there has been criticism of the pace and conditions of licensing. A number of observers are concerned that some jurisdictions are issuing licences too quickly, allegedly reducing the depth of vetting of applicants and potentially weakening the safeguards originally built into MiCA. While complex, provides cryptocurrency companies with an understandable and institutionally acceptable path to legalisation. Simplified application procedures, transparent approval criteria and the possibility of obtaining a “European passport” make the EU one of the most attractive regions for the crypto sector in 2025. For the EU, this process means not only the expansion of legal circulation of digital assets, but also increased control over market participants. A sector that previously developed under legal uncertainty is now becoming part of a regulated financial ecosystem. This creates the potential for the inflow of institutional capital, the development of new products based on tokenised assets and the strengthening of Europe’s position as a global centre for digital finance. MiCA is thus beginning to radically transform the crypto market landscape in Europe in 2025. Companies that adapt quickly to the new environment gain a strategic advantage, including access to the largest single market in the world. For consumers, this means more reliable and transparent services, while for regulators it means greater oversight and prevention of the risks inherent in unregulated digital finance.

The MiCA (Markets in Crypto-Assets Regulation), which comes into full force in 2025, is a systemic attempt by the European Union to integrate the cryptocurrency sector into the framework of the traditional financial system. Its main objective is to ensure legal predictability, infrastructure resilience and user protection, while preserving space for technological innovation and cross-border development. In this sense, MiCA seeks to bridge the legal gap between decentralised digital assets and the centralised regulatory system that applies to classical financial institutions. In practice, MiCA provides an operational and regulatory framework for cryptoasset service providers (CASPs), including requirements for capital, governance, compliance, consumer protection and compliance with KYC/AML procedures. The regulation actively promotes digital innovation, creating the conditions under which technology-focused cryptocurrency companies can grow in a legally secure environment. MiCA provides international companies, including those based outside the EU (e.g. in the US), with the opportunity to enter the European market provided they obtain a CASP licence in one of the member states. This decision promotes increased cross-border competition, financial inclusion and the overall strengthening of the cryptocurrency ecosystem within the legal framework. However, in parallel with the implementation of the new rules, there has been criticism regarding the potential risk of uneven application of MiCA in different EU states. If some regulators issue licences too quickly and formally, while others are overly strict or slow, this could undermine the main idea of unifying the rules and create regulatory arbitrage. This imbalance can lead to unequal competitive conditions, abuse, or the diversion of suspicious transactions to more liberal jurisdictions. Opponents of rushed licensing warn of the potential for a repeat of scenarios already seen in unregulated jurisdictions, where lax controls have led to widespread abuse, money laundering and loss of investor confidence. Nevertheless, at its core, MiCA is an attempt to balance market development and market oversight. This regulatory solution not only promotes the legalisation of crypto-business, but also creates a standardised framework for investors, developers and users. Its structure takes into account both financial stability and innovative features of the cryptoasset market. MiCA is thus a strategic step by the EU towards a reliable, sustainable and competitive crypto-infrastructure. Provided that the regulation is applied uniformly across the Union, it could become a global standard for the regulation of cryptoassets, contributing to economic growth and technological development.

MiCA regulations: what will change for cryptocurrency companies from the Netherlands in 2025?

From June 2025, the cryptocurrency market in the Netherlands enters a qualitatively new phase of regulation due to the end of the transition period of the European Union’s Markets in Cryptoassets Regulation (MiCA). This means that all companies providing cryptocurrency services within the EU, including the Netherlands, are required to obtain cryptoasset service provider (CASP) status in the form of a licence issued by the AFM. Until June 2025, companies already operating in the cryptosphere could continue to operate without a CASP licence under transitional provisions. However, this is now ruled out: any company operating without proper authorisation will be obliged to stop providing services in the Dutch market and the EU as a whole. This creates a need for urgent regulatory adaptation for all market participants who have not had time to complete the licensing procedure. The changes, which come into effect in 2025, do not only concern the fact of licensing itself, but also a significant tightening of operational requirements for cryptocurrency companies. Among the key innovations:

1. CASP licence as a prerequisite for operation.
   Without it, the activities of cryptocurrency companies, including exchanges, wallets, exchange platforms and token issuers, will be considered illegal. Applying for licences is possible in any EU country, but the AFM exercises control over Dutch participants.
2. Tighter advertising and communication rules.
   All marketing materials, including adverts and user interfaces, must comply with transparency requirements. Cryptocurrency companies may not publish misleading information, promise guaranteed returns or downplay the risks associated with investments. Users must receive clear warnings about potential losses.
3. Direct application of the Money Laundering and Terrorist Financing (Wwft) Act and the Sanctions Act 1977.
   These provisions make it mandatory to identify customers (KYC), continuously monitor transactions, track suspicious transactions, check against sanctions lists and ensure effective internal control systems. Failure to comply with these requirements will result in fines or licence revocation.
4. Expansion of the AFM’s powers as a supervisory authority.
   The AFM is given the power to request documents from cryptocurrency companies, conduct inspections, schedule meetings with management, and suspend or restrict activities if non-compliance with MiCA requirements is found. The AFM has already stated that it will actively use supervisory measures after June 2025.
5. Increased expectations for internal controls, IT security and consumer protection.
   Cryptocurrencies must demonstrate not only formal compliance but also real operational resilience, including measures to protect customer assets, an incident recovery plan and business continuity.

The transition from limited oversight to full regulation presents the crypto industry in the Netherlands with the challenge of operational realignment. Companies that pass licensing on time will not only be allowed to operate legally across the entire EU market, but also gain a significant competitive advantage in an environment of growing institutional trust. The rest will be forced to suspend operations or relocate them outside Europe. Thus, 2025 becomes a watershed moment for crypto-business in the Netherlands. The new rules provide legal certainty and long-term sustainability, but require companies to be mature, transparent and ready for full financial oversight.

From 2025, as part of the full implementation of the MiCA Regulation (EU Regulation 2023/1114), the Dutch financial regulator, the AFM (Dutch Financial Markets Authority), is significantly expanding its supervisory powers and strengthening its oversight of the cryptocurrency sector. This applies not only to Dutch companies, but also to all crypto-organisations holding a CASP licence issued in another EU country and operating in the Netherlands under the European passport principle. Violations of regulatory requirements, including non-compliance with KYC/AML rules, misleading advertising, market manipulation or late reporting, may result in administrative and financial liability.

Sanctions that AFM may impose include:

– a ban on advertising activities in the Netherlands for companies that violate MiCA or local law;
– temporary or permanent restriction of market access, including revocation of the right to provide services in the country;
– imposition of fines, the amount of which depends on the nature of the offence. Basic sanctions range from €2.5 million to €5 million, but for particularly serious offences such as market manipulation or money laundering, fines can be as high as €15 million or 15% of a company’s total annual turnover.

The AFM pays particular attention to sanctions compliance. From June 2025, all cryptocurrency exchanges and service providers are required to screen users for their presence on sanctions lists, including national registries, EU sanctions lists and global restrictions (e.g. OFAC lists). Failure to do so could be considered a systemic breach of the Sanctions Act 1977 and the provisions of the Wwft (Prevention of Money Laundering and Terrorist Financing Act). In addition, the AFM, together with the Dutch government, actively combats so-called manipulative trading practices, including pulling the rope and pump & dump schemes, as well as other forms of unfair market power. The application of severe sanctions in such cases should act as a deterrent to unscrupulous participants. From mid-2025, the regulation of the crypto sector in the Netherlands will be characterised not only by mandatory licensing, but also by active supervision with a high degree of enforcement. The AFM is moving from a registration model to a full-fledged supervision of all participants’ compliance with MiCA and national legislation.

Dutch Authority for the Financial Markets (AFM) is the regulator of Dutch crypto companies

As of 1 July 2025, Dutch cryptocurrency companies are under the direct supervision of the Dutch Authority for the Financial Markets (AFM) as part of the pan-European Markets in Cryptoassets Regulation (MiCA), which has come into full force. This marks the end of the transition period given to companies to adapt to the new regulations and the beginning of the hard enforcement phase. The AFM, acting as the designated supervisory authority, has set an extremely strict date of 1 July by which all crypto market participants operating in the Netherlands must obtain a CASP (Crypto-Asset Service Provider) licence or cease providing services.

This approach by the AFM has caused discontent from parts of the industry. Compared to a number of other EU countries with more flexible transition procedures or tolerance for temporary deviations, the Netherlands has taken a firm and uncompromising stance. Companies that fail to obtain a licence by the deadline are placed under so-called “temporary supervision”, which could mean restrictions on marketing activities, suspension of customer interactions or even potential interference with operational processes. MiCA requires cryptocurrencies to have a high level of organisational maturity: sufficient regulatory capital, implemented internal controls, protection of client assets, procedures to prevent market manipulation and compliance with KYC/AML rules. The AFM requires strict and unconditional compliance with these standards, regardless of the size of the business and the national origin of the company. This applies to both Dutch legal entities and foreign CASPs operating in the country under the “European passport” principle. In practice, this means that companies that have not obtained a CASP licence in time are no longer allowed to provide services to new clients, publish advertising or conduct active market activities in the Netherlands. They are subject to AFM control and must either complete the licence process within a short timeframe or cease operations in the country. The AFM has previously stated that it will impose sanctions for violations, including administrative fines, activity restrictions, marketing bans and public warnings.

Criticism from the crypto sector mainly concerns the speed and severity of MiCA implementation specifically in the Netherlands. Companies believe that the AFM is tightening the requirements faster than the EU’s general legal framework requires. However, the regulator, in turn, argues this position with the need to protect the market from unscrupulous players and increase the level of trust from consumers and financial institutions. Thus, the Netherlands becomes one of the most heavily regulated jurisdictions in the EU in the context of MiCA. Companies wishing to continue operating in the Dutch market must not only complete their licences promptly, but also ensure ongoing regulatory compliance. In the long term, this may strengthen the legal and business infrastructure of the industry, but in the short term poses significant challenges, especially for small and emerging crypto projects. With the MiCA Regulation coming into force on 1 July 2025, the Netherlands has one of the most stringent and costly regulatory models within the European Union. Although the MiCA Regulation allows for a transition period of up to 18 months, giving companies operating under national law time to adapt and obtain a CASP licence, the Dutch Ministry of Finance, in cooperation with the AFM, has set a final and irreversible date of 1 July 2025. This decision left no flexibility for market participants or the regulator itself, leading to chaos and tension in the industry. According to the positions of Dutch cryptocurrency companies, the licensing process has proven to be slow, expensive and non-transparent. Industry players complain about the AFM’s insufficient bandwidth, the complexity of regulatory requirements and delays in processing submitted applications. In response, the AFM points out that many applications were received late and incomplete, which allegedly caused the procedures to drag on by themselves.

So far, only a handful of companies have successfully completed the licensing process. Among them are crypto asset manager Amdax and exchange Bitvavo, which has already started implementing the new requirements, including re-identification of customers as EU residents, which complies with KYC and consumer protection regulations under MiCA.

Companies that have obtained MiCA licences in the Netherlands

An additional burden on business is the dramatic increase in regulatory oversight costs. According to industry data, the total annual fees paid by cryptocurrency companies to the AFM exceed €6 million. This makes it significantly more expensive to conduct crypto activities in the Netherlands compared to other EU countries. High regulatory costs have already triggered consolidation processes: Anycoin Direct was acquired by Finst, while Iconomi is considering the option of obtaining a licence in another EU jurisdiction, which is more favourable in terms of administrative burden. In parallel, the trend towards passporting is intensifying. International crypto platforms such as Coinbase, OKX, Kraken and Bybit have obtained or are obtaining CASP licences through jurisdictions with more flexible and cost-effective regulation, including Malta, Cyprus and Luxembourg. Due to the single passport principle enshrined in MiCA, holding a licence in one EU country gives the right to provide services throughout the European Union, including in the Netherlands, without the need for re-licensing. This provision de facto puts local companies at a de facto disadvantage: they have to bear higher regulatory costs and face much stricter supervision, while foreign participants can take advantage of more loyal jurisdictions. The Netherlands thus becomes an example of a highly centralised and costly implementation of MiCA, where the stringency of requirements leads not only to a squeezed domestic market but also to a forced migration of businesses to more favourable EU jurisdictions. This could jeopardise the long-term competitiveness of the Dutch crypto sector within the European single market. Under the MiCA Regulation, which comes into full force from July 2025, the marketing and promotion of cryptocurrency products within the European Union, including the Netherlands, is subject to strict regulatory control. The Netherlands Financial Markets Authority (AFM) explicitly states that any marketing communication related to cryptoassets must comply with the principles of integrity, transparency and informativeness. Below are the key requirements that all cryptoasset service providers (CASPs) operating in the EU market must comply with.

1. Correctness and unambiguous information.
   Any promotional material, including publications about expected returns, bonus programmes, staking programmes or past performance, must be presented accurately, clearly and without misrepresentation. It is strictly prohibited to omit or downplay risks, including market volatility, lack of return guarantees and the possibility of full or partial loss of investment.
2. Unambiguous identification of advertising.
   Any marketing message, including in the online space, social media and mobile applications, must be clearly labelled as an advertisement. The service provider must state that the information is not approved by the financial regulator and who is responsible for its content.
3. Availability of reference to official documents.
   If a cryptocurrency product or service is accompanied by an official information document (such as a whitepaper or information prospectus as part of the offering), the advert must link to this document and state where it is available. Up-to-date contact details for the provider must also be provided: website, email and/or telephone number.
4. Mandatory risk warnings.
   All communications with clients must include clear and prominent warnings about risks, including potential losses, the high volatility of crypto markets and the lack of protection from the deposit guarantee scheme. Fees, commissions, rates and remuneration must be disclosed in full and in an accessible manner.

Violation of these rules may be considered misleading to customers and may result in administrative action by the AFM, including a ban on marketing activities, revocation of licence or fines. In practice, this means that in the coming weeks there will be a review of the market admission of all cryptocurrency companies operating and planning to operate in the Netherlands. This will require customers to reconsider their choice of exchange, broker or cryptocurrency service, especially if the current provider is not MiCA compliant or has not obtained a CASP licence.

Markets in Crypto Assets Regulation in the Netherlands

With the entry into force of the EU’s Markets in Cryptoassets Regulation (MiCA) in July 2025, the legal landscape in the Netherlands has changed significantly for all companies dealing with digital assets, including retailers and small businesses considering accepting cryptocurrency as a means of payment. Although around 14 per cent of the Dutch population – that’s over 2.5 million people – own cryptocurrencies, their everyday use in commerce and services remains limited. The main reasons are accounting and tax uncertainties, the lack of ready-made solutions from payment operators and the high level of regulatory risks, especially after the implementation of MiCA. MiCA regulations do not explicitly prohibit the use of cryptocurrencies as a means of payment, but they do require all cryptoasset service providers – whether payment gateways, crypto wallets or transaction processing platforms – to obtain a CASP (Crypto-Asset Service Provider) licence. This applies to centralised providers as well as any business that provides intermediary services to customers in accepting cryptocurrency. Thus, small businesses looking to implement crypto-payments are effectively dependent on a MiCA-compliant partner that is registered with the AFM regulator’s register. In the Netherlands, crypto-payments in retail are still a niche phenomenon. The exception is Arnhem, unofficially called the country’s crypto capital, where cryptocurrencies are accepted in more than 70 establishments. In comparison, a study by Tweekers found that out of 137 major online retailers, only 3 of them accepted cryptocurrency as of 2024. This highlights the mismatch between the high demand from crypto-centric customers and the caution of retail businesses. In individual sectors such as digital services, SaaS and online entertainment, including iGaming platforms, interest in cryptocurrency settlement remains high. Here, not only speed and low transaction costs are important, but also higher levels of privacy. However, under MiCA, all cryptocurrency transactions, including those involving anonymous wallets, are subject to regulation under the anti-money laundering (AML) and customer identification (KYC) rules. This means that platforms providing services without proper identification could face regulatory action and restricted access to the EU market.

From a practical point of view, businesses looking to accept cryptocurrency should consider

– the need to select a licensed CASP provider operating under MiCA;
– integration of accounting and tax accounting of transactions with digital assets (especially taking into account the requirements of the Dutch Tax Authority);
– correct reflection of cryptoassets in the company’s accounting policies, including obligations for revaluation and recognition of exchange rate differences;
– implementation of compliance and internal control policies if cryptocurrency is accepted on a regular basis or in significant volumes.

For SMEs, cryptocurrency payments can be a tool to attract new audiences and build a progressive image. However, without proper legal and technical preparation, this can lead to risks of non-compliance with MiCA and national legislation. In the Netherlands, businesses are allowed to accept cryptocurrency as a form of payment for goods and services, despite the fact that cryptocurrency is not recognised as an official legal tender. However, such a move requires a conscious approach and prior preparation from both a legal and operational perspective. Consumer interest – especially among the tech-savvy 18 to 35 year old audience – makes the adoption of cryptocurrency payments an attractive strategy for companies targeting a young and digitally savvy customer base.

From a practical standpoint, entrepreneurs can utilise one of the following scenarios:

1. Accepting cryptocurrency directly to a wallet.
   The customer transfers the amount manually by scanning a QR code with the merchant’s cryptocurrency wallet address. This approach does not require third-party platforms, but comes with risks – lack of automatic conversion, inability to cancel the transaction, and volatility of the exchange rate.
2. Using payment providers.
   Services like BitPay, CoinPayments, GoCrypto and similar ones allow you to accept cryptocurrency with subsequent instant conversion into euros. The seller receives the amount in fiat, while the provider takes care of exchange rate fluctuations and technical support of the transaction. This approach reduces risks and simplifies accounting.

Nevertheless, entrepreneurs must take into account a number of legal and operational obligations:

– Accounting and taxation.
All cryptocurrency receipts must be accounted for in the accounting department with conversion into euros at the market exchange rate at the time of receipt. For VAT and income tax purposes, cryptocurrency transactions are equated to settlements in foreign currency. This means that it is necessary to document the exchange rate, the date of the transaction and record the euro equivalent.

– MiCA compliance.
If a business provides crypto services on its own – for example, providing wallets or operating as an exchange – it is subject to MiCA Regulations and must obtain a CASP licence. However, if the business only accepts cryptocurrency as a payment method and does not provide intermediary or custodial services, no licence is required. The key condition is to operate through a registered and licensed payment provider.

– Financial and reputational risks.
Cryptocurrencies are subject to high volatility, and even with instant conversion, delays or technical failures can lead to exchange rate losses. In addition, the entrepreneur needs to ensure transparent communication with customers, including notification of potential risks, fees and refund terms.

From a legal point of view, the acceptance of cryptocurrency is allowed if fiscal and regulatory requirements are met. Under current legislation, the seller and buyer are entitled to agree on any form of settlement, including digital assets, as long as it does not violate currency control and taxation obligations.

Against the backdrop of MiCA implementation and growing interest from private and institutional users, cryptocurrency payments are becoming increasingly legitimate. Entrepreneurs who adapt to this trend in time will not only be able to attract new clientele, but also gain an image and strategic advantage against the backdrop of the growing digitalisation of commerce.

Regulated United Europe provides advice to entrepreneurs wishing to accept cryptocurrency, including the selection of payment providers, legal analysis of MiCA applicability, building compliance processes and organising the accounting of cryptocurrency transactions in accordance with the requirements of the Dutch Tax Authority, and can also offer MiCA licensing in other European jurisdictions.