MiCA Licence in Spain

EU Regulation 2023/1114 on Markets in Crypto-assets (MiCA) establishes uniform rules for regulating cryptocurrency businesses within the European Union. For companies providing crypto-asset services in Spain, compliance with this regulation is a prerequisite for legal operation and entry into the pan-European market through the passporting regime. Spain has implemented the MiCA provisions without national derogations, ensuring transparency and predictability in the regulatory environment for entrepreneurs. In Spain, compliance with MiCA provisions is monitored by two bodies. The National Securities Market Commission (CNMV) is responsible for supervising the implementation and practical application of the regulation’s requirements. The Bank of Spain, in turn, monitors compliance with regulatory obligations, paying particular attention to issuers of asset-backed tokens and electronic money, as well as anti-money laundering and counter-terrorist financing issues.

For crypto-asset service providers (CASP), different categories of licences have been established depending on the list of permitted operations and minimum capital requirements. The first category requires a minimum capital of €50,000 and allows the provision of services for the execution and transmission of client orders, the placement of crypto assets, the transfer of assets, consulting and portfolio management. The second category requires €125,000 in capital and is supplemented by the right to store assets on behalf of clients, as well as exchange cryptocurrencies for both fiat money and other tokens. The most comprehensive third category requires €150,000 in capital and includes the right to operate a cryptocurrency trading platform. In addition to capital requirements, MiCA requires CASPs to establish a reserve fund of at least a quarter of their annual fixed overheads, which ensures the financial stability of companies. For newly established organisations, the calculation is based on projected expenses for the first 12 months. Fixed overheads include payroll, rent, IT infrastructure, insurance, equipment and depreciation. Variable costs, discretionary payments and one-off expenses are excluded from the calculation. Small companies have the option of partially meeting the requirements through the use of insurance coverage, but the availability of such solutions is still limited in practice.

For cryptocurrency companies registered with the CNMV as virtual asset service providers under anti-money laundering legislation until 30 December 2024, a transition period until 1 July 2026 is provided. During this time, they may continue to operate without a MiCA licence, but are required to adapt their internal procedures, corporate governance and capital to the new requirements. Companies registered between 30 December 2024 and 8 July 2025 will have to apply for a licence within three months of the law coming into force. After the transition period ends, it will no longer be possible to operate in the Spanish market without a licence. Spain fully replicates the MiCA requirements without introducing additional national conditions or exemptions. All key parameters, including capital, internal control systems, AML/KYC measures, and cybersecurity rules, comply with European regulations. At the same time, the licensing procedure does not allow for the principle of tacit refusal: the competent authorities are obliged to consider the application submitted within the established time frame and make a decision, which guarantees legal certainty for businesses.

MiCA applies to three categories of crypto assets. These include electronic money tokens (EMTs), whose value is pegged to an official currency and which are a type of stablecoin backed by the euro or the dollar; asset-backed tokens (ARTs), whose value depends on one or more underlying assets; and other crypto assets, including currencies such as Bitcoin and Ethereum, as well as utility tokens that provide access to certain products or services. At the same time, MiCA explicitly excludes from its scope financial instruments covered by MiFID II, non-fungible tokens in their classic form, central bank digital currencies, limited-purpose cryptocurrencies, and assets issued by public organisations. Additional obligations have been introduced for ART and EMT issuers to publish official documents describing the parameters of the token, its collateral, risks and terms of circulation. These documents must be prepared in a standardised format and according to a unified template provided for by the European Commission’s implementing regulation, which will enter into force on 23 December 2025. Until that date, Spain has a temporary procedure for notifying the CNMV of compliance with information obligations under Section II of MiCA. Crypto service providers wishing to operate in Spain must be legal entities authorised in one of the EU countries. They must comply with the requirements of good faith, transparency and professionalism, disclose full information on prices, commissions and risks, and establish corporate governance and internal control systems. Such companies will be authorised by the National Securities Market Commission (CNMV), which will become the main licensing and supervisory authority, while the Bank of Spain will retain its supervisory functions over issuers of stablecoins and electronic money tokens.

The MiCA Regulation allows Member States to establish a transition period of up to 18 months for businesses to adapt to the new rules. Spain has reduced this period to 12 months, meaning that the transition period will end on 30 December 2025. Until that date, only those entities that have actually provided cryptocurrency services in accordance with national legislation, namely Law 10/2010 of 28 April on the prevention of money laundering and terrorist financing, will be able to continue operating. In accordance with this law, since 2021, the Bank of Spain has maintained a register of companies providing services for the exchange of virtual currency for fiat currency and for the storage of electronic wallets. Organisations registered in this register before 30 December 2024 retain the right to operate until the end of the transition period or until they are refused registration in the new register of MiCA-regulated providers. EU Regulation 2023/1114 marks the creation of a harmonised legal framework for crypto assets in Europe. It not only introduces uniform rules for all market participants, but also establishes the obligation to comply with AML/CFT standards, corporate governance requirements and conflict of interest regulations. For businesses, this means the need to restructure internal processes, strengthen risk management systems and bring operational activities into line with the new requirements. For investors, it means the creation of a more transparent and secure environment where the provision of services will be subject to uniform rules that eliminate legal uncertainties. Spain is thus creating a favourable and predictable regulatory environment for crypto companies interested in operating legally in the European Union market. The transition period gives businesses time to prepare, but the licensing process requires significant organisational work, capital raising and the implementation of an effective internal management system.

MiCA regulations in Spain

EU Regulation 2023/1114 on markets in crypto-assets (MiCA) comes into force on 30 December 2024 and establishes uniform rules for regulating the cryptocurrency industry in all European Union countries, including Spain. The main objectives of MiCA are to establish a legal framework for the issuance and circulation of crypto assets, protect market participants, create uniform conditions for the provision of services in this area, and prevent money laundering, terrorist financing and ensure financial stability. MiCA applies to asset-backed tokens (ARTs), which maintain their value by being pegged to specific assets or a basket of assets, electronic money tokens (EMTs) backed by the exchange rate to official currencies, as well as other crypto assets such as Bitcoin, Ethereum or utility tokens. At the same time, the regulation does not apply to financial instruments regulated by MiFID II, unique NFT tokens (except for their fractional forms), tokens with limited use, central bank digital currencies, and crypto assets issued by public authorities. The Spanish supervisory regime in the MiCA area provides for the distribution of functions between the National Securities Market Commission (CNMV) and the Bank of Spain. The CNMV is responsible for supervising most crypto service providers, while the Bank of Spain oversees the issuance of asset-backed tokens and electronic money and performs supervisory and sanctioning functions. MiCA introduces mandatory licensing for crypto service providers (CASP). From 2025, the provision of crypto-asset services will only be possible with the authorisation of competent authorities such as the CNMV. Until the end of the transition period set by Spain until 30 December 2025, organisations registered in accordance with national rules, primarily in the Bank of Spain’s AML register, may continue to operate. After this period, all companies wishing to operate in Spain or use the European passport regime will be required to obtain a CASP licence in accordance with MiCA.

The regulation sets out strict requirements for transparency and investor protection. Issuers are required to publish white papers containing complete and accurate information about the crypto assets being issued, and service providers must comply with rules on corporate governance, internal control, cybersecurity and anti-money laundering. To ensure financial stability, minimum capital and reserve fund requirements are introduced, as well as obligations to inform customers about the risks associated with high market volatility, the absence of loss compensation systems and possible operational failures. MiCA requires issuers and crypto-asset service providers (CASP) to obtain licences and comply with requirements for corporate governance, transparency, consumer protection and market manipulation. Key provisions include the obligation to provide customers with accurate and complete information about tokens, the introduction of standards to combat insider trading and price manipulation, and the mandatory separation of customer and corporate assets. Thus, MiCA establishes comprehensive protection for investors in the crypto sector at the pan-European level for the first time. Other EU regulations, in particular DORA and AMLR, are an important addition to MiCA. The DORA (Digital Operational Resilience Act) regulation makes it mandatory to strengthen the digital infrastructure of financial organisations, including cryptocurrency companies. It requires regular stress tests, cyber incident response protocols ( ) and control over dependence on third-party technology providers. At the same time, AMLR and the newly created Anti-Money Laundering Agency (AMLA) introduce stricter measures to control the origin of funds and identify customers, strengthening the financial monitoring system in the crypto sector. The new set of rules reflects the EU’s strategic goal of not only legalising and structuring the crypto asset market, but also turning Europe into a centre for responsible and secure financial innovation. For businesses, this means increased requirements for capital, internal control and reporting, but at the same time opens up the possibility of unhindered access to the single European market through a licence passporting regime.

Spain, in particular, through the National Securities Market Commission (CNMV), is gaining expanded powers to license and supervise crypto service providers. The CNMV will require applicants to demonstrate transparency in their corporate structure, qualified management, and adequate internal control programmes. At the same time, the Bank of Spain will continue to play an important role in supervising issuers of stablecoins and e-money tokens, providing dual oversight of the most risky segments of the market. MiCA regulation is accompanied by increased international attention to EU standards. Individual jurisdictions, including the US, UK, Switzerland, Singapore and Hong Kong, are developing their own crypto market regulation schemes, but it is Europe that is the first to introduce a comprehensive regime covering all types of crypto assets except traditional financial instruments, NFTs and central bank digital currencies. This approach could give the European market a strategic advantage by establishing it as a global centre for digital asset regulation. For companies already operating in Spain, MiCA means they will have to undergo a process of adaptation: review their business models, update their internal AML/KYC procedures, invest in cybersecurity, and apply for a CASP licence. Those who fail to meet these requirements within the specified time frame will be forced to cease operations. Special attention is paid to transitional provisions. Companies registered with the Bank of Spain as virtual currency service providers before 30 December 2024 retain the right to operate during the transition period but are required to adapt to the new requirements by the end of 2025. Service providers not previously covered by Ley 10/2010 will be required to undergo a licensing procedure. MiCA also establishes the rule that companies authorised in one of the EU countries will be able to provide services in Spain using the passporting principle.

The introduction of MiCA marks a transition to a more mature stage of development for the crypto market in Spain. Companies must prepare in advance for the new conditions: build a corporate governance system, develop internal policies, and ensure capitalisation and transparency for investors. For users and investors, the new regulation creates a safer and more predictable environment, minimising the risks of fraud and abuse, while for businesses, it opens up the possibility of scaling up their activities at the pan-European level.

CNMV adopts five directives on the development of MiCA rules

On 13 May 2025, the Spanish National Securities Market Commission (CNMV) officially notified the European Securities and Markets Authority (ESMA) of the adoption of five directives detailing the provisions of EU Regulation 2023/1114 on markets in crypto-assets (MiCA). This step confirms Spain’s commitment to ensuring the uniform application of MiCA rules and establishing clear supervisory mechanisms within its national jurisdiction. The CNMV intends to take these directives into account in its supervisory practice and monitor their implementation by regulated entities, which is of significant importance for all service providers working with crypto-assets. The first directive concerns the requirements for assessing customer compliance and establishing a format for periodic reporting on crypto portfolio management operations. Unlike the MiFID regime, where sustainable investment plays a key role, MiCA does not contain similar provisions, but retains the principle of systematic analysis of customer data. The directive obliges service providers to explain the purposes of compliance assessment to clients, establish mechanisms for understanding both the specifics of crypto assets and the level of knowledge of the investors themselves, and ensure that information is updated regularly, at least once every two years. Additional requirements have been established for the qualifications of personnel responsible for conducting such assessments. This creates a basis for a more responsible and professional approach to providing advisory services and managing portfolios in the crypto asset segment.

The second directive is devoted to policies and procedures in the field of crypto asset transfers. It requires CASPs to develop and implement comprehensive internal rules covering the procedure for informing clients about the terms of service, requirements for notification of completed transfers, execution times and deadlines for processing transactions. It also regulates the procedure for executing, rejecting or returning transactions and establishes the direct liability of the provider in cases of unauthorised or erroneous transfers. These provisions are aimed at increasing transparency, reducing the number of disputes with customers and strengthening confidence in crypto services operating in Spain. The third directive is key to the classification of crypto assets. It establishes a clear procedure allowing issuers and service providers to determine the legal nature of an asset and its compliance with MiCA criteria. The document contains templates to be completed during the classification process, as well as a schematic algorithm that allows competent authorities and market participants to determine whether an instrument is a crypto asset and whether it falls under MiCA. If the asset meets the criteria, the directive helps to determine whether it is an asset-backed token, an e-money token or another type of crypto asset. This tool is particularly important given the diversity of tokens on the market and will help to minimise legal uncertainty.

The fourth directive regulates the procedure for attracting customers by companies from third countries and establishes supervisory practices aimed at preventing circumvention of MiCA rules through the so-called reverse initiative scheme. A reverse initiative is understood to be a situation where a customer independently contacts a foreign company for a service, and the latter uses this mechanism to circumvent the need to obtain a licence in the EU. The document establishes methods for identifying such schemes and requires supervisory authorities to take measures to prevent them. For Spain, this means tightening control over the activities of foreign players and protecting the domestic market from unregulated providers. The fifth directive concerns technical infrastructure and security. It sets out standards for the functioning of systems and access protocols for crypto-asset issuers and companies applying for admission to trading. Requirements include ensuring system stability, protection against unauthorised access, and the implementation of security protocols that comply with European standards. For market participants, this means investing in cyber security, updating software solutions, and creating a reliable IT infrastructure, which ultimately helps protect the interests of investors.

The adoption of the five CNMV directives is an important step in adapting Spanish legislation to the pan-European MiCA regulatory framework. For companies operating in Spain or planning to enter the market, this means not only formally obtaining a CASP licence, but also integrating new supervisory standards into their activities. Failure to comply with these requirements may result in sanctions from the regulator, restrictions on activities, or revocation of the licence. Spain is thus demonstrating a consistent approach to the implementation of MiCA, striking a balance between the development of the cryptocurrency industry and the protection of investors. For businesses, this is both a challenge and an opportunity: on the one hand, the costs of complying with the new requirements are increasing, but on the other hand, a single legal regime is being created that allows them to operate throughout the European Union on the basis of passporting.

Market reaction to MiCA regulation in Spain

From 1 June 2026, the European Union will become the first global jurisdiction to implement comprehensive regulation of all activities related to cryptocurrencies. EU Regulation 2023/1114 on markets in crypto-assets (MiCA) aims to provide a single legal framework for the digital asset sector, strengthen investor confidence and create conditions for the sustainable development of the crypto industry in Europe. Spain is playing a special role in the MiCA implementation process, accelerating its implementation and setting the date for full application as 31 December 2025, six months ahead of the pan-European schedule. MiCA covers three key categories of crypto assets. These include electronic money tokens (EMTs), which are backed by fiat currency and issued by credit institutions; asset-referenced tokens (ARTs), which retain their value by referencing real assets or rights, including gold and other commodities; and utility tokens, which provide access to goods or services and are often used in blockchain projects. However, the regulation does not apply to assets such as Bitcoin or Ethereum, decentralised financial services, NFTs, central bank digital currencies, and crypto assets issued by government entities.

The objectives of MiCA are to strengthen investor protection, increase the transparency of transactions, create a level playing field, stimulate innovation and eliminate differences between national regulatory regimes. For Spain, this means consolidating all supervisory functions in the hands of the National Securities Market Commission (CNMV), which is responsible for licensing and supervising the activities of cryptocurrency service providers, while the Bank of Spain retains its role in relation to stablecoins and e-money tokens. For cryptocurrency companies, the implications of MiCA’s implementation are fundamental. Platforms providing services for the purchase, sale and exchange of cryptocurrencies are required to implement strict measures to protect user data and combat money laundering and cyber threats. They must ensure full transparency of fees and costs associated with each transaction. Significant changes also apply to marketing: exchanges are required to disclose the risks of trading and avoid misleading advertising. Decentralised services without intermediaries, on the other hand, are not yet subject to MiCA, which maintains uncertainty for the DeFi sector, for which separate regulations are expected in the future.

The first companies to obtain MiCA licences have already appeared in Spain. Among them are Bit2Me, which in 2025 became the first Spanish exchange authorised by the CNMV, and the international platforms OKX and Bitvavo, licensed in Malta and the Netherlands respectively, but authorised to provide services throughout Europe. Alongside them are organisations in the process of obtaining a licence, such as Criptan, already registered with the Bank of Spain as a VASP and taking steps to comply with the new rules. After 31 July 2026, no centralised exchange that does not meet MiCA requirements will be able to continue operating in the European Union. For market participants, this means they must make a strategic decision: adapt to the new rules or leave the European jurisdiction. Users, in turn, should be aware that working with platforms not covered by MiCA involves increased security risks and a lack of adequate legal protection mechanisms. The MiCA regulation also has a fiscal and law enforcement dimension. One of its goals is to strengthen state control over the movement of cryptocurrencies and prevent tax evasion. Another key component is the fight against fraud and scams: MiCA requires transparency in advertising, full disclosure of risks, and the establishment of mechanisms to protect investors from unfair practices, including the use of offshore platforms. Penalties for non-compliance can be administrative, including fines and licence revocation, or criminal in cases classified as offences under national legal systems.

Prior to the introduction of MiCA, cryptocurrency regulation in Spain was based on the registration of companies with the Bank of Spain to provide crypto asset exchange and storage services. With the transition to MiCA, the CNMV will become the main supervisory authority, affecting more than 130 existing platforms. This will allow for the unification of rules at the European level and eliminate regulatory differences between EU countries. The introduction of MiCA has provoked a mixed reaction from market participants. Supporters consider it a necessary step towards legalising and protecting the sector, while opponents point to the risk of excessive state intervention, restrictions on user freedom and increased barriers to new projects. At the same time, it is clear to mature investors that moderate regulation is necessary to minimise chaos and fraud. Ultimately, MiCA will become the basis on which cryptocurrency businesses and users will build their activities in Europe, providing greater transparency and predictability, but at the same time limiting the degree of freedom traditional for the sector.

Banco Bilbao Vizcaya Argentaria S.A. – the first company to receive a MiCA licence in Spain

On 5 March 2025, the National Securities Market Commission (CNMV) granted Banco Bilbao Vizcaya Argentaria S.A. (BBVA) the first licence in Spain in accordance with Regulation (EU) 2023/1114 on markets in crypto-assets (MiCA). This event is of symbolic and strategic importance for the European financial sector: Spain’s largest bank has become the first organisation to officially adapt its activities to the new EU regulatory framework.

The MiCA Regulation, which came into force in December 2024, aims to create a single legal space for all participants in the cryptocurrency market in the European Union. The licensing of crypto service providers (CASP) has become a central element of this reform . BBVA, which has experience working with cryptocurrencies in Switzerland and Turkey, was the first in Spain to complete the approval process and prove its compliance with high standards of corporate governance, transparency and customer protection. A distinctive feature of the CNMV’s decision was that the first entities to be licensed were not local crypto companies, but international and banking structures. Thus, along with BBVA, licences were granted to foreign companies based in Malta and Germany, such as OKX, Zillion Bits and others. These organisations cover a wide range of services, from storage and custody services to the management of digital asset trading platforms.

At the same time, the Spanish cryptocurrency exchange Bit2Me, despite having submitted an application a year ago and registering with the Bank of Spain as a VASP, is still under review. This delay illustrates a paradoxical situation: the oldest banks and international financial institutions receive licences in the shortest possible time, while local crypto platforms are forced to wait. This points to the regulator’s clear preference for large, consolidated structures under traditional supervision over companies that have grown exclusively in the crypto environment. By issuing the first MiCA licence to BBVA, Spain is strengthening its position as one of Europe’s leading centres for cryptocurrency business. However, it faces competition from jurisdictions with earlier regulatory regimes, such as Malta, where the Virtual Financial Assets Act was passed back in 2018, and Germany, where BaFin is actively licensing cryptocurrency companies.

The issuance of BBVA’s first licence underscores the CNMV’s strategy of caution and preference for players with a strong banking base and international experience. For the Spanish cryptocurrency market, this means that the mass licensing phase is still ahead, and MiCA regulation will be implemented gradually, starting with large and stable players.

 Obtaining a MiCA licence in Spain with the help of Regulated United Europe

EU Regulation 2023/1114 on Markets in Crypto-Assets (MiCA), which came into force on 30 December 2024, has become an essential tool for establishing a unified legal framework for digital assets. Its main objective is to protect investors, increase transparency and create a stable regulatory environment for cryptocurrency companies within the European Union. Spain is implementing its provisions in full, making MiCA licensing a mandatory requirement for all crypto service providers operating in the country. The regulation applies to token issuers, cryptocurrency exchanges, custodial services and companies providing services in the field of digital assets. Providers are required to register as CASPs, comply with minimum capital, corporate governance and internal control requirements, and implement anti-money laundering and customer protection measures. Companies previously registered with the Bank of Spain under AML legislation have been granted a transition period until 30 December 2025, after which only licensed CASPs will be able to operate. Obtaining a MiCA licence in Spain requires careful preparation and compliance with the procedures established by the National Securities Market Commission (CNMV).

Steps to obtain a MiCA licence in Spain:

1. Preliminary analysis of the business model. The company must determine which services and tokens fall under MiCA, correctly classify its products, and identify potential risks.
2. Establishment of a legal entity in the EU. To apply, you must have a registered legal entity in one of the European Union countries, including Spain.
3. Capital formation. Depending on the type of services, a minimum capital of €50,000 to €150,000 is required, as well as a reserve fund equal to a quarter of the annual fixed costs.
4. Preparation of documentation. The package includes a description of business processes, AML/KYC policies, corporate governance rules, customer protection mechanisms, risk management measures, and a white paper for ART or EMT issuers.
5. Implementation of internal control systems. CASPs are required to have procedures in place for monitoring operations, preventing fraud, protecting data, and ensuring cybersecurity.
6. Staff training and appointment of responsible persons. Qualified management and employees with sufficient reputation and experience in the financial sector are required.
7. Submission of an application to the CNMV. All documents are sent to the regulatory authority, which evaluates them and decides whether to issue a licence.
8. Supervision and compliance. Once the licence has been granted, the company must maintain compliance with regulatory requirements, regularly update its documentation and undergo inspections.

MiCA creates new obligations for companies, but at the same time opens up access to the single European market through a licence passporting mechanism. This means that once a company has obtained authorisation in Spain, it can provide services in other EU countries without having to go through separate procedures in each country. Given the scale and complexity of the licensing process, companies are increasingly turning to specialist consultants for support. Regulated United Europe provides comprehensive legal and practical support at all stages of obtaining a MiCA licence in Spain: from preliminary analysis of the business model and token classification to preparing a complete set of documents, interacting with the CNMV, and implementing internal policies. This approach minimises the risk of rejection and speeds up the licensing process, providing companies with reliable access to the regulated European crypto services market.