Exchange and brokerage founders
Teams offering crypto-fiat, crypto-crypto conversion, order execution, order routing, OTC flow or platform-style matching.
EU MiCA Licensing Guide
MiCA License 2026: How to Get CASP Authorisation in the EU
This guide explains how to get a MiCA license, which CASP services fall in scope, what capital and timelines to expect, how passporting works and how MiCA interacts with TFR, DORA and GDPR. The analysis is based on Regulation (EU) 2023/1114 and current EUR-Lex, ESMA, EBA and national competent authority guidance.
27
EU member states covered €50k-€150k
minimum capital range 3-6+ mo
practical authorisation horizon
Disclaimer
Scroll to review scope, timeline, capital, documents, compliance stack, and jurisdiction fit.
Updated for 2026. General information only. MiCA outcomes depend on token classification, service perimeter, home-state regulator practice, and adjacent obligations under AML, TFR, DORA and GDPR.
Featured MiCA Jurisdictions
These are the main starting points for founders comparing MiCA authorisation routes by regulator posture, banking access, staffing reality, and long-term passporting value.
Europe
Czech Republic
- Timeline: 6-9 months
- Capital: EUR 50,000-150,000
- Passporting: Yes
- Price: 18900 EUR
Open jurisdiction
Europe
Estonia
- Timeline: From 6 months
- Capital: From 50 000 EUR
- Passporting: Yes
- Price: 19900 EUR
Open jurisdiction
Europe
Lithuania
- Timeline: From 6 months
- Capital: From 50 000 EUR
- Passporting: Yes
- Price: 19900 EUR
Open jurisdiction
Europe
Malta
- Timeline: From 6 months
- Capital: From 50 000 EUR
- Passporting: Yes
- Price: 23900 EUR
Open jurisdiction
Europe
Poland
- Timeline: From 6 months
- Capital: From 50 000 EUR
- Passporting: Yes
- Price: 18900 EUR
Open jurisdiction
How to Get a MiCA License and Who Actually Needs It
A MiCA license is not a separate pan-European certificate; it is the market term for authorisation as a Crypto-Asset Service Provider (CASP) under Regulation (EU) 2023/1114. If your company provides regulated crypto-asset services in or into the EU on a professional basis, you generally need home-state authorisation from a National Competent Authority (NCA) and then may passport the service into other EU states.
The regime became fully applicable to CASPs on 30 December 2024. That date did not mean every existing provider had to be licensed on the same day. Transitional regimes may still apply in some member states, but only within local limits and in any case not beyond 1 July 2026. If your business still relies on an older AML-only VASP registration, the strategic question is no longer whether MiCA matters, but whether your governance, safeguarding, outsourcing, complaints handling, prudential planning and ICT controls can survive MiCA scrutiny.
If you are comparing jurisdictions, the practical questions are cost, timeline, banking access and whether the home state actually fits the operating model. MiCA does not cover everything called “crypto”. Financial instruments remain outside MiCA and stay within the MiFID II perimeter. EMTs and ARTs have their own issuer rules. Certain genuinely decentralised arrangements, central bank-issued assets and some NFTs may fall outside or on the edge of scope, but those conclusions require case-by-case legal analysis. In practice, the first real gate is always token and service qualification.
Regulatory risks
- Perimeter risk: a token misclassified under MiCA may actually fall under MiFID II, EMT or other financial-services rules.
- Enforcement risk: operating without required authorisation can trigger cease-and-desist action, fines, and forced market exit.
- Banking risk: weak licensing status or weak substance often blocks bank accounts, fiat rails and payment partners.
- Reverse solicitation risk: non-EU firms often overestimate this exemption and undermine it through EU-facing marketing.
Who this guide is for
Custody and wallet operators
Businesses safeguarding client crypto-assets or cryptographic keys and needing defensible segregation, reconciliation and key-management controls.
Compliance leads and legal counsels
In-house teams preparing a MiCA dossier, mapping service perimeter, or upgrading from a legacy VASP registration.
Token issuers and listing projects
Companies assessing white paper obligations, ART/EMT qualification, admission to trading, and issuer-side disclosure duties.
MiCA replaced fragmented VASP regimes
Old national AML registrations were often narrow and local. MiCA adds conduct, governance, prudential, safeguarding and passporting logic at EU level.
One home-state authorisation can scale across Europe
A properly structured CASP authorisation can support cross-border activity through notification instead of rebuilding licensing state by state.
The regulator reviews operating model, not only documents
NCAs test whether your company can actually control client assets, outsourcing chains, ICT incidents, complaints, and financial resilience after go-live.
MiCA is only one layer of the compliance stack
A workable EU setup also requires alignment with Regulation (EU) 2023/1113 on the Travel Rule, DORA, AML/CFT controls, sanctions screening and GDPR.
Reviewed against official sources
The page is aligned with Regulation (EU) 2023/1114, EUR-Lex, ESMA, EBA and relevant national competent authority guidance where available.
Regulation (EU) 2023/1114 entered into force on 29 June 2023.
ART and EMT rules started applying on 30 June 2024.
CASP rules started applying on 30 December 2024.
Transitional regimes may run only up to 1 July 2026, depending on the member state.
MiCA passporting works through home-state authorisation plus notification, not through direct ESMA licensing.
This page is aligned with EUR-Lex, ESMA, EBA and national competent authority guidance where available.
Key MiCA and CASP Terminology
MiCA / MiCAR
EU / EEAThe Markets in Crypto-Assets Regulation, Regulation (EU) 2023/1114, is the core EU rulebook for crypto-asset issuers and crypto-asset service providers.
CASP
EU / EEACrypto-Asset Service Provider is the MiCA-regulated entity authorised to provide one or more crypto-asset services, with potential passporting across the EU and EEA.
NCA
EU / member stateNational Competent Authority is the home-state regulator that receives and assesses the CASP application. MiCA authorisation is granted by the NCA, not by ESMA.
ART
EU / issuer perimeterAsset-Referenced Token is a crypto-asset that seeks to maintain stable value by referencing another value, right, or combination of assets, excluding EMT logic.
EMT
EU / issuer perimeterE-Money Token is a crypto-asset that purports to maintain stable value by referencing the value of one official currency. EMT analysis often overlaps with e-money concepts and redemption-at-par logic.
Passporting
EU / cross-borderPassporting is the right of a CASP authorised in one EU home state to provide services in other member states after notification, without a full relicensing process in each country.
White paper
EU / disclosureA white paper is the mandatory disclosure document for certain crypto-asset offers and admissions to trading under MiCA. It is not a marketing deck; it is a regulated disclosure instrument.
Reverse solicitation
EU / cross-border exemptionA narrow exemption where a third-country firm provides a service at the exclusive initiative of the client. It cannot be used as a disguised EU acquisition strategy.
CASP Services Under MiCA by Business Model
Exchange of currency
Exchange models fall within MiCA where the company exchanges crypto-assets for funds or for other crypto-assets, and may also trigger reception, transmission or execution of orders. The legal perimeter depends on whether the firm acts as principal, agent, broker or venue operator.
Typical services
Crypto-fiat exchange, crypto-crypto conversion, retail brokerage, OTC execution support, order handling.
Common jurisdictions
Trading Platform
Operating a trading platform is the highest-intensity MiCA service model because the regulator will test venue logic, market integrity controls, listing governance, conflict management and operational resilience more deeply than in simple brokerage models.
Typical services
Order-book venue, multilateral matching, platform execution environment, listing and admission workflows.
Common jurisdictions
Custody and Administration
Safekeeping or controlling client crypto-assets or the means of access to them is a core MiCA service. In practice, regulators focus on wallet architecture, key governance, segregation, reconciliation, liability allocation, incident response and outsourcing to custody technology providers.
Typical services
Custodial wallets, institutional custody, key management, safekeeping, account administration.
Common jurisdictions
Brokerage and Order Transmission
A broker that receives, transmits or executes client orders without operating a full venue may still need multiple MiCA permissions. Founders often underestimate how quickly a light brokerage model becomes a broader CASP perimeter once execution, placement or advice is added.
Typical services
Reception and transmission of orders, execution of orders, agency brokerage, smart routing, OTC intermediation.
Common jurisdictions
Advisory and Portfolio Management
MiCA includes advice on crypto-assets and portfolio management of crypto-assets. These services are often overlooked by content providers because they resemble MiFID concepts, but they are expressly regulated under MiCA for crypto-assets that are not financial instruments.
Typical services
Crypto investment advice, managed crypto portfolios, discretionary allocation, strategy recommendations.
Common jurisdictions
Token Issuance and Placement
Issuer-side activity does not follow one single CASP route. The correct framework depends on whether the token is a non-ART/EMT crypto-asset, an ART, an EMT, or a financial instrument outside MiCA. Placement services and admission to trading can also create CASP obligations.
Typical services
Public token offer, admission to trading, placement, utility token launch, issuer disclosure, stablecoin structuring.
Common jurisdictions
MiCA Jurisdiction Comparison: Which Home State Fits Your Business?
Compare EU jurisdictions by regulator posture, transition regime, banking access, language, local substance expectations, staffing needs and practical launch conditions before you choose the home state.
20 jurisdictions in this table
Scroll horizontally to compare all licensing variables.
| Jurisdiction | Regulator | Price | Period | State fee | Annual fee | Capital | Staff | Office | Audit |
|---|---|---|---|---|---|---|---|---|---|
| Austria | Austrian Financial Market Authority (FMA) | 27900 EUR | From 6 months | From 3,000 EUR | From 3000 EUR | From 50 000 EUR | Required | Required | Required |
| Bulgaria | Financial Supervision Commission (FSC) | 22900 EUR | From 6 months | From 5,000 EUR | No annual fee | From 50 000 EUR | Required | Required | Required |
| Croatia | Croatian Financial Services Supervisory Agency | 23900 EUR | From 6 months | No | No annual fee | From 50 000 EUR | Required | Required | Required |
| Cyprus | Cyprus Securities and Exchange Commission (CySEC) | 18900 EUR | From 6 months | 10,000 EUR | From 10000 EUR | From 50 000 EUR | Required | Required | Required |
| Czech Republic | Czech National Bank (CNB) | 18900 EUR | 6-9 months | CZK 20,000 (~€800) | No annual fee | EUR 50,000-150,000 | Required | Required | Required |
| Estonia | FSA | 19900 EUR | From 6 months | 10000 EUR | 10000 EUR | From 50 000 EUR | Required | Required | Required |
| Finland | Finanssivalvonta (FIN-FSA) | 21500 EUR | From 6 months | 8220 EUR | From 5000 EUR | From 50 000 EUR | Required | Required | Required |
| France | Autorité des Marchés Financiers (AMF) | from EUR 26,800 | From 6 months | 10000 EUR | From 5000 EUR | From 50 000 EUR | Required | Required | Required |
| Germany | Federal Financial Supervisory Authority (BaFin) | 29900 EUR | From 6 months | 10750 EUR | From 10000 EUR | From 50 000 EUR | Required | Required | Required |
| Ireland | Central Bank of Ireland (CBI) | 23900 EUR | From 6 months | No | No annual fee | From 50 000 EUR | Required | Required | Required |
| Latvia | Bank of Latvia | from EUR 21,500 | From 6 months | 2,500 EUR | From 3000 EUR | From 50 000 EUR | Required | Required | Required |
| Liechtenstein | Financial Market Authority Liechtenstein (FMA) | 27900 EUR | From 6 months | 1500 EUR | From 2000 EUR | From 50 000 EUR | Required | Required | Required |
| Lithuania | Bank of Lithuania | 19900 EUR | From 6 months | 2,500 EUR | From 3000 EUR | From 50 000 EUR | Required | Required | Required |
| Luxembourg | Commission de Surveillance du Secteur Financier (CSSF) | 34900 EUR | From 6 months | 15000 EUR | 15000 EUR | From 50 000 EUR | Required | Required | Required |
| Malta | Malta Financial Services Authority (MFSA) | 23900 EUR | From 6 months | From 10,000 EUR | From 10000 EUR | From 50 000 EUR | Required | Required | Required |
| Netherlands | Netherlands Authority for the Financial Markets (AFM) | 28900 EUR | From 6 months | From 6,800 EUR | From 10000 EUR | From 50 000 EUR | Required | Required | Required |
| Poland | Polish Financial Supervision Authority (KNF) | 18900 EUR | From 6 months | 4,500 EUR | No annual fee | From 50 000 EUR | Required | Required | Required |
| Portugal | Bank of Portugal | 21900 EUR | From 6 months | 5000 EUR | No annual fee | From 50 000 EUR | Required | Required | Required |
| Slovakia | National Bank of Slovakia (NBS) | from EUR 17,900 | From 6 months | From 1000 EUR | No annual fee | From 50 000 EUR | Required | Required | Required |
| Spain | Comisión Nacional del Mercado de Valores (CNMV) | 25900 EUR | From 6 months | No | No annual fee | From 50 000 EUR | Required | Required | Required |
Non-EUR state and annual fees include approximate EUR equivalents based on reference rates used on March 11, 2026.
Minimum Capital
MiCA commonly uses €50,000, €125,000 and €150,000 thresholds depending on the service class. That is the legal floor, not the full prudential story.
Legal and Dossier Preparation
A serious application requires perimeter analysis, token qualification, programme of operations, policy pack drafting, governance mapping, financial model support and regulator-facing responses. Generic templates are one of the fastest ways to trigger RFIs.
People and Substance
Budget for directors, compliance leadership, AML/MLRO function, local office logic where needed, and time commitment of senior management. Regulators increasingly challenge letterbox structures.
Compliance Technology
Travel Rule messaging, sanctions screening, blockchain analytics, case management, secure access control, logging and incident handling are operating requirements, not optional extras.
Banking and Fiat Infrastructure
Many MiCA business models still fail operationally because banking is not arranged in parallel. Account opening, safeguarding arrangements and payment connectivity should be planned before approval, not after.
Three-Year Cost of Ownership
The correct comparison is not filing cost alone. The real metric is whether the chosen home state remains workable over three years for reporting, staffing, product expansion and counterparty acceptance.
MiCA Timeline, Scope and What Changed From Old VASP Registration
MiCA created the first unified EU framework for crypto-asset services, but it did not erase national supervisory differences or adjacent compliance obligations.
MiCA changed the legal baseline from local AML registration to full prudential-style authorisation. Under many pre-MiCA VASP regimes, the regulator mainly tested AML/CFT controls and beneficial ownership. Under MiCA, the NCA also reviews governance, safeguarding, complaints handling, conflicts of interest, outsourcing, ICT security, continuity planning, and whether the management body is genuinely capable of running the business.
The timeline matters. MiCA was published in the Official Journal on 9 June 2023, entered into force on 29 June 2023, applied to ARTs and EMTs from 30 June 2024, and applied to CASPs from 30 December 2024. Transitional regimes may still exist in some member states, but they are country-specific and cannot extend beyond 1 July 2026.
MiCA does not harmonise everything in practice. The rulebook is EU-wide, but supervisory style still differs between authorities such as BaFin, AMF/ACPR, CSSF, MFSA, Central Bank of Ireland, AFM/DNB, Banco de España and Lietuvos bankas. The same business model can face different questions on local directors, outsourcing depth, language of submission, pre-application meetings and evidence of banking readiness.
MiCA also has clear boundaries. It does not apply to crypto-assets that qualify as financial instruments under Directive 2014/65/EU (MiFID II). That boundary is commercially critical. A founder who files under MiCA with a token that is actually a financial instrument may lose months and still end up in the wrong regulatory perimeter.
Best fit
Best for firms targeting EU users, institutional counterparties, payment integrations or long-term European expansion under a recognised regulatory framework. This makes MiCA particularly suitable for businesses seeking a CASP license under EU crypto regulation, enabling passporting across the European Economic Area while ensuring long-term regulatory certainty, investor trust, and alignment with evolving MiCA compliance requirements.
Less suitable for
Less suitable for founders seeking a low-substance offshore structure, relying on aggressive cross-border marketing from outside the EU, or operating a token that more likely falls under MiFID II or another non-MiCA regime. Such models may struggle under MiCA regulatory requirements, as the framework demands substantial EU presence, robust governance, and full transparency, making it less compatible with structures designed to avoid EU crypto compliance obligations or operate under fragmented VASP regimes.
Key dates
Publication: 9 June 2023. Entry into force: 29 June 2023. ART/EMT application: 30 June 2024. CASP application: 30 December 2024. Transitional end-stop: 1 July 2026.
Old VASP vs MiCA
Old VASP regimes often focused on AML registration. MiCA requires a fuller operating model with governance, safeguarding, conduct and prudential controls.
Home-state logic
The authorisation is granted by the home-state NCA. ESMA does not issue CASP licenses directly, but ESMA remains central through registers, technical standards and supervisory convergence.
Country-by-country reality
Grandfathering, pre-application expectations, language, office substance and review style still vary materially across member states.
MiCA License Cost, Capital and Real Internal Workload
A realistic MiCA budget includes more than filing support. Year 1 cost usually combines minimum capital, legal drafting, local substance, control functions, Travel Rule tooling, ICT security work, and banking execution.
Minimum Capital
MiCA commonly uses €50,000, €125,000 and €150,000 thresholds depending on the service class. That is the legal floor, not the full prudential story.
Legal and Dossier Preparation
A serious application requires perimeter analysis, token qualification, programme of operations, policy pack drafting, governance mapping, financial model support and regulator-facing responses. Generic templates are one of the fastest ways to trigger RFIs.
People and Substance
Budget for directors, compliance leadership, AML/MLRO function, local office logic where needed, and time commitment of senior management. Regulators increasingly challenge letterbox structures.
Compliance Technology
Travel Rule messaging, sanctions screening, blockchain analytics, case management, secure access control, logging and incident handling are operating requirements, not optional extras.
Banking and Fiat Infrastructure
Many MiCA business models still fail operationally because banking is not arranged in parallel. Account opening, safeguarding arrangements and payment connectivity should be planned before approval, not after.
Three-Year Cost of Ownership
The correct comparison is not filing cost alone. The real metric is whether the chosen home state remains workable over three years for reporting, staffing, product expansion and counterparty acceptance.
MiCA Application Dossier: Compliance, Technical and Control Documents
A MiCA file is a structured authorisation dossier, not a bundle of templates. The regulator expects consistency between the business model, compliance framework, governance, financials, outsourcing map, and technical controls.
Corporate documents
1
Company structure
Shows the legal entity, ownership chain, group structure and any affiliated entities.
Financial evidence
1
Forecast Accounting Plan for 3 years
A three-year accounting plan showing expected revenue, cost base and reporting structure.
2
Forecast Calculations and Own Funds Planning
Shows the funding model, capital needs, own-funds calculations and prudential runway assumptions.
Compliance documents
1
Compliance Policies and Internal Awareness Procedures
Sets the house rules for compliance ownership, staff training, escalation and day-to-day oversight.
2
Whistleblowing Procedures (Article 116)
Defines the protected reporting channel for suspected breaches and how reports are reviewed, recorded and escalated.
3
Conflicts of Interest Management
Explains how conflicts are identified across management, staff, shareholders, vendors and affiliated entities.
4
Conflicts of Interest Policy
Sets prevention, disclosure, mitigation and approval rules for material conflicts.
5
Compliance with Delegated Regulation
Documents how the application aligns with MiCA delegated rules and related internal requirements.
6
Recordkeeping of Conflicts
Creates the log, retention and review trail for conflict checks, disclosures and mitigation steps.
7
Detection and Prevention of Money Laundering and Terrorist Financing
Sets the core AML/CTF logic for onboarding, monitoring, escalation, sanctions screening and suspicious activity reporting.
8
Assessment of Inherent and Residual AML/CTF Risks
Shows the business-wide risk assessment before and after controls, by product, client type, geography and delivery channel.
9
Risk Mitigation Measures and Compliance Framework
Maps the mitigants, control owners and review cadence that reduce the identified AML and conduct risks.
10
Adequacy and Proportionality of Internal Controls
Explains why the control stack fits the size, risk profile and service scope of the applicant.
11
AML/CTF Policy Documents
Covers the main AML/CFT procedures, sanctions checks, due diligence steps and monitoring standards.
12
Assessment and Review of Internal Controls
Defines how controls are tested, reviewed, remediated and signed off over time.
13
Conflict Mitigation Measures
Captures practical safeguards such as recusal, supervision, disclosure and independent review.
14
Suitability Assessments
Sets the fit-and-proper checks, references, integrity review and time-commitment evidence for key persons.
15
Information about Governance Arrangements, Internal Control Mechanisms, and Conflict of Interests
Describes the management body, reporting lines, control functions and conflict governance in one package.
16
Outsourcing Policy and Arrangements
Maps all outsourced functions, critical vendors, audit rights, exit planning and retained supervision.
17
Prudential Requirements
Explains the prudential obligations that sit behind the MiCA application and how they are met.
18
Segregation and Safekeeping of Clients' Crypto-Assets and Funds
Documents the segregation model, client asset records, account separation and safekeeping logic.
19
Proof of Meeting Prudential Safeguards
Shows that capital, reserves and related safeguards are in place and evidenced.
20
Market Abuse Detection and Prevention Measures
Covers manipulation detection, surveillance logic, escalation and reporting for trading activity.
21
Operating Rules of the Trading Platform and Market Abuse Detection
Sets the operating rules for the platform and the controls that support abuse detection.
22
Execution Policy
Explains how orders are received, routed, executed, monitored and reviewed.
23
Provision of Advice on Crypto-Assets or Portfolio Management of Crypto-Assets
Documents the controls for advisory or portfolio management services, including suitability and governance.
Technical and control documents
1
Technical Documentation of ICT Systems, DLT Infrastructure and Security Arrangements
Covers architecture, DLT setup, security design, access control, logging and resilience.
2
Identification of Critical ICT Services
Identifies the systems and services that are critical to continuity, security and supervised operations.
3
Security and Incident Management
Defines incident classification, response, investigation, evidence retention and remediation.
4
ICT Systems and Related Security Arrangements
Describes the IT stack, security controls, monitoring, backups, recovery and vendor dependencies.
5
Custody and Administration Policy and Operational Risk Management
Sets the operating rules for custody processes, asset administration and the related risk controls.
6
Custody and Administration Policy
Sets the day-to-day custody rules, asset handling logic and administration responsibilities.
MiCA Does Not Work Alone: Governance, Safeguarding, TFR, DORA and Ongoing Compliance
A MiCA license solves the authorisation question, not the operating-model question. The sustainable compliance stack combines MiCA conduct rules with AML/CFT, TFR, DORA, sanctions controls, outsourcing governance and GDPR data discipline.
01
Local Substance and Management Body
MiCA expects a real EU establishment, an effective management body and defensible control over the licensed activity. In practice, regulators test whether directors understand the business model, challenge outsourcing, and can evidence time commitment rather than merely lend names to the file.
02
Safeguarding, Segregation and Reconciliation
Client assets must be identifiable, segregated and controlled through a reliable operating model. For custody-heavy firms, regulators increasingly ask how private keys are governed, whether HSM or MPC architecture is used, how hot and cold wallet thresholds are set, and how reconciliation breaks are escalated.
03
Travel Rule / TFR Operations
Under Regulation (EU) 2023/1113, CASPs must implement originator and beneficiary data collection and transmission for relevant crypto transfers. That usually means workflow design with Travel Rule vendors, use of standards such as IVMS101, counterparty due diligence and controls for transfers involving unhosted wallets.
04
DORA and ICT Risk Management
Regulation (EU) 2022/2554 (DORA) made ICT governance, incident reporting, resilience testing and third-party ICT oversight central to financial-sector operations. Even where the exact firm-level application needs careful analysis, MiCA regulators increasingly expect DORA-style maturity in access control, logging, backup, recovery and cloud outsourcing oversight.
05
Conduct Rules, Complaints and Marketing Communications
CASPs must act honestly, fairly and professionally in the best interests of clients. Marketing communications must be fair, clear and not misleading. Complaint handling, conflict management and disclosure discipline are not peripheral; they are core conduct requirements.
06
Why MiCA Applications Get Delayed
The most common delay drivers are weak token qualification, generic policy packs, unclear outsourcing, unrealistic financial forecasts, no real safeguarding proof, incomplete fit-and-proper files, poor Travel Rule readiness and an overreliance on reverse solicitation for non-EU strategy.
Who Regulates a MiCA License
MiCA is an EU regulation, but the authorisation process is still home-state based. The practical supervisory environment therefore combines EU institutions, technical standard setters and national regulators.
Regulator
European Commission, Parliament and Council
MiCA was adopted through the EU legislative process, not created by a single supervisory agency. The European Commission, European Parliament and Council of the European Union form the legal backbone of the regime.
Key takeaway: MiCA is primary EU law. Any serious analysis should start with the regulation text itself and then move to technical standards and local supervisory practice.
Official source Regulator
ESMA
The European Securities and Markets Authority drives supervisory convergence, maintains relevant registers and develops level-2 measures and guidance that shape how MiCA works in practice for CASPs and market participants.
Key takeaway: ESMA does not issue CASP licenses directly, but ESMA guidance heavily influences what NCAs ask for in the application and post-authorisation phase.
Official source Regulator
EBA and ECB
The European Banking Authority is particularly important for stablecoin-related areas, prudential expectations and technical standards. The European Central Bank becomes relevant especially where EMTs, payment-system implications or significant token issues intersect with monetary and financial stability concerns.
Key takeaway: For ART and EMT projects, EBA and ECB relevance increases materially beyond the standard CASP analysis.
Official source Regulator
National Competent Authorities
The home-state NCA receives the file, runs the completeness check, conducts the substantive review, asks RFIs and grants or refuses authorisation. Examples include BaFin, AMF/ACPR, CSSF, MFSA, Central Bank of Ireland, AFM/DNB, CNMV/Banco de España and Lietuvos bankas.
Key takeaway: The same MiCA text can lead to meaningfully different review experiences depending on the home-state authority.
Official source Regulator
Adjacent Regulators and Frameworks
MiCA firms also operate under adjacent frameworks including TFR, AML/CFT supervision, sanctions enforcement, data protection authorities under GDPR, and potentially payment or securities regulators where the product crosses into EMT, e-money or MiFID II territory.
Key takeaway: A MiCA project should be managed as a multi-regime compliance programme, not as a single license filing.
Official source Banking, Safeguarding and Fiat Rails for MiCA Firms
For many CASPs, banking is the real launch bottleneck. A MiCA authorisation improves credibility, but it does not automatically solve account opening, safeguarding arrangements or payment connectivity.
1
Start Banking Workstreams Early
Parallel work on banking, safeguarding and payment rails usually saves months. Waiting until after authorisation often delays real go-live more than the regulator review itself.
2
Banks Look Beyond the License
Banks and EMIs typically ask for the same fundamentals the regulator tests: business model clarity, UBO transparency, AML controls, sanctions governance, target markets and realistic transaction flows.
3
Custody Models Need Stronger Evidence
Where the CASP safeguards client assets or handles fiat interfaces, counterparties often ask for deeper evidence on wallet governance, reconciliation, source-of-funds controls and client-money logic.
4
Payment Services Perimeter Still Matters
Some crypto-fiat models create overlap with EMI, PI or payment-services questions. A MiCA license is not a substitute for every fiat-facing permission that may be required.
5
Choose the Home State With Bankability in Mind
A jurisdiction that looks fast on paper can become expensive if local or cross-border banking remains weak. In practice, bankability is often one of the decisive factors in home-state selection.
MiCA Application Process: How to Get CASP Authorisation Step by Step
The real MiCA process starts before filing. The fastest route combines perimeter analysis, jurisdiction selection, entity setup, document build and pre-filing banking work so the file reads as an operating model rather than a template pack.
1
1-3 weeks
Scoping and Token Qualification
Define exactly which MiCA services are triggered, whether any token may be a financial instrument under MiFID II, whether issuer rules also apply, and whether the model includes custody, platform operation, advice, placement or transfer services.
2
1-3 weeks
Jurisdiction Choice and Pre-Application Strategy
Choose the home state based on regulator style, language, banking access, staffing reality, transition status and target-market fit. In many cases, a pre-application discussion materially improves the filing strategy.
3
2-6 weeks
Entity Setup and Governance Design
Incorporate the legal entity, define shareholder and UBO structure, appoint directors and control functions, and establish the governance map the regulator will expect to see in practice.
4
1-4 weeks
Capital and Financial Planning
Evidence the required capital, prepare the three-year financial forecast, explain revenue logic, stress assumptions and fixed overhead resilience, and align the funding plan with the actual launch model.
5
4-10 weeks
Document Package Preparation
Prepare the programme of operations, business plan, AML/CFT framework, safeguarding model, outsourcing policy, ICT security package, complaints process, conflict controls, continuity planning and all shareholder and management files.
6
1 week
Application Filing
Submit the dossier to the home-state NCA. The authority first tests completeness. Under MiCA, the completeness check is generally up to 25 working days, but an incomplete file can reset momentum quickly.
7
2-5 months
Regulator Review and RFI Rounds
The substantive assessment is generally around 40 working days, with possible extensions and practical delays where the NCA sends requests for information, asks for policy rewrites, interviews management or challenges outsourcing and safeguarding assumptions.
8
2-6 weeks
Approval, Register Entry and Passporting
After authorisation, the firm can move to passporting notification and operational launch. Approval is not the same as readiness: banking, Travel Rule workflows, incident reporting and client-asset controls must still be live before onboarding customers.
About Our Company
Why Regulated United Europe?
Regulated United Europe OÜ (RUE) is a European legal consulting firm specializing in financial licensing, company formation, and regulatory compliance. Since 2016, we have helped hundreds of businesses obtain crypto, gambling, forex, and EMI/PSP licenses across 35+ jurisdictions.
With offices in four EU countries and a team of experienced lawyers, we provide end-to-end support — from initial consultation and company registration to license acquisition and ongoing compliance management.
500+
Clients Served
35+
Jurisdictions
Since 2016
Years in Business
4
EU Offices
Licensed Legal Practice
Fully registered and regulated EU company with partnerships across major financial centers.
Multilingual Team
Our experts speak English, German, Russian, Chinese, and 12+ other languages for global client support.
Turnkey Solutions
From company registration to license acquisition and compliance — we handle the entire process end-to-end.
Dedicated Support
Personal consultant assigned to each client. Direct communication channels, no call centers.
🇪🇪 Tallinn, Estonia
🇱🇹 Vilnius, Lithuania
🇨🇿 Prague, Czech Rep.
🇵🇱 Warsaw, Poland
Tax, Substance and Why the Cheapest MiCA Setup Can Become the Most Expensive
MiCA jurisdiction choice should never be made on tax alone. For crypto businesses, tax outcome, management location, local office logic, transfer pricing, VAT exposure and banking reality must be assessed together.
Substance note
A low-tax or low-cost structure without defensible management and operational substance can fail under both regulatory and tax scrutiny. For MiCA businesses, substance is not only a tax issue; it is also a licensing credibility issue.
Corporate Tax Is Only One Variable
Corporate Tax Is Only One Variable
A lower headline tax rate may look attractive, but it can be outweighed by higher staffing costs, slower regulator interaction, weaker bankability or heavier local operating requirements.
Management and Control Matter
Management and Control Matter
If strategic decisions are taken outside the claimed home state, the tax and regulatory narrative can diverge. MiCA filings should be aligned with where the business is genuinely directed and controlled.
Crypto-Fiat Models Need VAT and Payment Analysis
Crypto-Fiat Models Need VAT and Payment Analysis
Some business models create VAT, payment-services or e-money questions alongside MiCA. Tax planning should therefore be coordinated with product qualification, not done afterwards.
Transfer Pricing and Group Structures
Transfer Pricing and Group Structures
Where a MiCA entity sits inside a wider group, regulators and tax authorities may both ask what functions are really performed locally and what is outsourced to affiliates.
Accounting and Audit Readiness
Accounting and Audit Readiness
A MiCA business should plan accounting, recordkeeping and auditability from day one. Weak finance infrastructure often becomes visible during prudential review and later during supervisory reporting.
Use Effective Three-Year Outcome
Use Effective Three-Year Outcome
The right comparison is the three-year operating outcome across tax, staffing, compliance, banking and expansion cost, not the cheapest incorporation package.