Regulated United Europe OÜ
Registration number: 14153440
Anno: 16.11.2016
Phone: +372 56 966 260
Email: info@rue.ee
Address: Laeva 2, Tallinn, 10111, Estonia
Crypto License in Spain
Spain crypto licensing in 2026 means MiCA-based CASP authorization, not a generic VASP filing.
RUE structures the legal, AML, governance and application package for Spain.
Regulator
CNMV
Timeframe
From 6 months
Cost
25 900 EUR
Capital
From 50 000 EUR
2026 focus: CASP scope, AML design, ICT controls and passporting logic
Spain CASP licensing after MiCA
In 2026, a crypto license in Spain usually means authorization as a Crypto-Asset Service Provider under Regulation (EU) 2023/1114 (MiCA). That is different from the legacy Spanish VASP registration model historically associated with Banco de España. Founders, exchanges, custodial wallet providers, brokers and crypto advisory businesses must first classify the exact service perimeter before preparing an application.
Spain is commercially relevant because a properly authorized CASP can use EU passporting mechanics and because the jurisdiction combines a large domestic market, strong banking and payments infrastructure, and a regulator environment where substance, AML controls and governance quality matter more than low-entry marketing promises. This page is an information resource updated for 2026 and does not replace individual legal or tax advice.
RUE supports Spain projects through regulatory scoping, company setup coordination, AML and Travel Rule framework design, application drafting, regulator Q&A support, banking preparation and post-license compliance planning. Where needed, we align Spain workstreams with MiCA, tax, accounting and operational policies across the group.
MiCA-aligned EU market entry
A Spain CASP strategy is built around MiCA authorization and post-authorization cross-border service planning within the EU, rather than around outdated VASP-only positioning.
Clear regulator map
CNMV, Banco de España, SEPBLAC and AEAT each have different roles. Spain is workable when the business model is classified correctly from day one.
Strong compliance credibility
Spain suits businesses ready to evidence AML governance, UBO transparency, complaints handling, outsourcing controls, Travel Rule implementation and ICT security architecture.
Good fit for Iberia and LatAm strategy
For groups targeting Spain, Portugal and Spanish-speaking markets, a Spanish operating company can align regulatory credibility with commercial expansion and local hiring.
Crypto License in Spain
25,900 EUR
Package includes (8)
- Preparation of necessary documents for registration of a new company in Spain
- Translation of a certificate of no criminal record through a sworn translator
- Payment of state fees related to company registration
- Payment of notary fees related to company registration
- Preparation of compliance documents for MiCA application
- Preparation of a business plan
- Submission of the necessary documents to CNMV
- Recruitment of local MLRO/Compliance officer
Timeframe: From 6 months
Additional Services
MiCA structuring & jurisdiction selection advisory within the EU
from 2,900 EUR
Legal qualification of tokens (utility vs EMT vs ART vs financial instrument under MiFID II)
from 3,900 EUR
Pre-application gap analysis and readiness assessment
from 4,900 EUR
Regulatory risk memo for business model validation
from 2,900 EUR
Cross-border structuring for non-EU founders entering the EU market
from 5,900 EUR
Annual compliance reviews and internal audits
from 4,900 EUR/year
Updating policies in line with ESMA / EBA guidelines
from 1,900 EUR
Assistance with opening crypto-friendly bank accounts / EMIs
from 2,900 EUR
Requirements for a crypto license in Spain
A Spain crypto license application is won or lost on classification, governance and evidence. In practice, the applicant must show that its business model fits a defined MiCA service perimeter, that the company has adequate prudential resources, that controllers and managers pass fit-and-proper review, and that AML, ICT and outsourcing controls are operational rather than merely drafted.
The exact burden depends on the service mix. A custody-heavy model, a trading platform, or a structure with complex outsourcing and cross-border onboarding will usually face deeper scrutiny than a narrow advisory model. EMT and ART projects require separate analysis because they are not simply another version of a standard CASP file.
Spanish legal entity and corporate substance +
The applicant normally uses a Spanish company form such as SL or SA, with registration formalities, tax identification, beneficial ownership transparency and a credible operating setup. A registered address alone is not the same as real substance.
Defined CASP service perimeter +
The file must specify which MiCA services are requested, for example custody and administration, exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, transfer services, execution of orders, reception and transmission of orders, placing, portfolio management or advice on crypto-assets.
Fit and proper management and UBO disclosure +
Directors, senior managers and qualifying shareholders should be ready to disclose identity, professional background, integrity evidence, group structure and source-of-funds information. International groups often need apostilled and translated records.
AML KYC and Travel Rule framework +
The company needs a risk-based AML system aligned with Law 10/2010, Royal Decree 304/2014 and Regulation (EU) 2023/1113. This includes customer due diligence, KYB, sanctions and PEP screening, suspicious activity escalation, recordkeeping and Travel Rule data transmission logic.
Prudential capital and safeguarding +
MiCA capital expectations depend on the class of services applied for. Spain is not a one-number jurisdiction. The correct threshold and own-funds logic must be mapped to the requested CASP services and the operating model, especially where client assets or client funds touch the setup.
ICT security and outsourcing controls +
Applicants should evidence wallet architecture, key management, access control, logging, incident handling, vendor due diligence, cloud outsourcing governance, business continuity and recovery planning. For custody models, technical controls are a core licensing issue, not an annex.
Policies for conduct and consumer protection +
The application package should cover complaints handling, conflicts of interest, client disclosures, risk warnings, order handling, safeguarding arrangements and internal control responsibilities. Marketing materials may also trigger CNMV Circular 1/2022.
Jurisdiction Comparison
Compare Spain with other jurisdictions by key conditions for obtaining and operating a MiCA/CASP license: regulator, review period, fees, capital, local substance, and passporting.
* This table focuses on MiCA/CASP authorization conditions. Use the settings icon to customize countries and parameters.
Taxation of crypto businesses in Spain
Spain tax analysis must separate company taxation, VAT treatment, individual taxation and reporting duties. For a Spanish crypto business, the starting point is the standard corporate tax framework, but the tax result depends on the exact activity: exchange, brokerage, custody, advisory, software, token issuance support or treasury operations do not always produce the same treatment.
The general corporate income tax rate is 25%. VAT treatment is service-specific. Certain crypto exchange activities may fall within VAT-exempt financial-service logic, while consulting, software integration, white-label technology, API access, analytics, licensing and some support services may be taxable. The legal and accounting qualification of tokens, fees and treasury holdings should be reviewed before launch.
Individuals are taxed under separate rules. Capital gains and income treatment depend on the nature of the transaction, holding structure and taxpayer profile. Reporting obligations, valuation methodology, transaction records and cross-border asset disclosures should be reviewed against current AEAT guidance. For deeper tax implementation, see our dedicated page on Spain crypto tax and accounting support at accounting services.
This section is informational only and is not individual tax advice.
Corporate income tax
Standard company taxation for Spanish entities
25%
Corporate income tax
Standard company taxation for Spanish entities
25% is the standard corporate income tax rate for most Spanish companies. Effective taxation depends on deductible costs, transfer pricing, group structure, treasury treatment of crypto-assets and the accounting classification of revenue streams.
VAT on crypto-related services
Depends on the nature of the service
case-based
VAT on crypto-related services
Depends on the nature of the service
VAT treatment is not uniform. Exchange-type services may be treated differently from advisory, software, SaaS, token design, compliance support or technical integration services. The CJEU Hedqvist line remains relevant for certain exchange scenarios, but it does not make all crypto revenue VAT-exempt.
Individual capital gains tax
Separate regime for individuals, not companies
progressive
Individual capital gains tax
Separate regime for individuals, not companies
Individuals are taxed under progressive savings-income rules. The exact bands should be checked against the 2026 tax year and current legislation. Do not rely on outdated summaries that compress the regime into a single legacy range.
Reporting and disclosure
Recordkeeping and tax forms may apply
n/a
Reporting and disclosure
Recordkeeping and tax forms may apply
Spanish taxpayers may face reporting duties for foreign-held crypto-assets, transaction records and annual tax filings. The applicability of any specific form, including crypto-related disclosures, should be verified against current AEAT guidance because filing practice and forms can change.
Ongoing compliance after authorization
A Spain CASP license is not a one-time filing. The operating model must remain compliant with MiCA, AML rules, Travel Rule obligations, internal governance and technical control expectations.
AML and reporting
- Risk-based AML program under Law 10/2010 and Royal Decree 304/2014
- Customer due diligence, KYB, UBO checks, PEP and sanctions screening
- Suspicious transaction reporting and internal escalation to AML function
- Recordkeeping, audit trail and periodic control testing
Travel Rule operations
- Implementation of Regulation (EU) 2023/1113 workflows
- Originator and beneficiary data collection and transmission
- Hosted versus unhosted wallet handling and risk triggers
- Interoperability planning, often using IVMS101-compatible data models
Governance and ICT controls
- Board oversight, conflicts management and complaints handling
- Access control, logging, incident response and business continuity
- Vendor due diligence and outsourcing register maintenance
- Custody security controls such as MPC, HSM or multisig where relevant
Conduct and advertising
- Client disclosures and risk warnings aligned with service type
- Marketing review under CNMV Circular 1/2022 where applicable
- Mass campaign assessment and prior notice logic
- Ongoing review of website, onboarding copy and promotional claims
RUE handles compliance for you. Our team provides ongoing compliance support, including AML officer services, regulatory reporting, and policy updates. We ensure your license stays in good standing year after year.
Contact us for compliance support →
📝 Check Your Eligibility
Answer a few quick questions to find out if this jurisdiction suits your crypto business
Step 1 of 5
What type of crypto services will you provide?
Exchange (fiat ↔ crypto)
Custody & Wallet Services
Transfer & Payment Services
Advisory / Portfolio Management
Multiple / All of the Above
Step 2 of 5
What is your target market?
European Union only
EU + Global markets
Global (non-EU priority)
Step 3 of 5
Do you already have a registered company in the EU?
Yes, in this jurisdiction
Yes, in another EU country
No, I need to register one
Step 4 of 5
What is your available budget range?
Under €20,000
€20,000 – €50,000
€50,000 – €100,000
Over €100,000
Step 5 of 5
When do you plan to launch?
As soon as possible (1–3 months)
Within 6 months
Within a year
Just exploring options
This Jurisdiction Is a Great Fit!
Based on your answers, this jurisdiction matches your business requirements well. Here's a quick summary:
Recommended License
CASP License
Estimated Budget
€24,000 – €35,000
Estimated Timeframe
4–6 months
EU Passporting
Available
Step by step licensing process
Step 1
1. Scope the model
Classify the exact business perimeter first. RUE maps the planned services against MiCA CASP categories, checks whether EMT, ART, payments or securities rules may also apply, and identifies the regulator-facing risk points.
Step 2
2. Form the company
Set up the Spanish legal entity, tax registration, corporate documents, beneficial ownership records and governance baseline. Company formation can be quick, but substance and banking readiness should be designed at the same time.
Step 3
3. Build compliance pack
Prepare the business plan, AML manual, risk assessment, Travel Rule procedure, governance file, complaints handling, conflicts policy, ICT security documentation, outsourcing register and fit-and-proper materials.
Step 4
4. Align banking and ops
Open or prepare banking and payment rails, define fiat settlement flows, wallet architecture, custody controls, vendor stack, sanctions screening and reporting logic. This step often determines whether launch is operationally realistic.
Step 5
5. Submit application
File the application with the competent authority for the relevant regime. The review usually includes completeness checks, substantive questions and requests for clarification or remediation.
Step 6
6. Answer regulator Q&A
Respond to follow-up questions on service perimeter, governance, shareholders, AML controls, outsourcing, technology and safeguarding. Review time depends heavily on document quality and business-model complexity.
Step 7
7. Launch and maintain
After authorization, implement ongoing compliance, staff training, reporting, Travel Rule operations, incident handling, policy updates and, where relevant, EU passporting notifications for cross-border services.
Answers
Frequently Asked Questions
Open the key issues founders, compliance teams and legal leads usually need to confirm before launch.
What does a crypto license in Spain mean in 2026? +
In 2026, it usually means CASP authorization under MiCA, not a generic VASP registration. The correct answer depends on the business model. Exchange, custody, order execution, transfer services, portfolio management and advice on crypto-assets can fall under the MiCA CASP regime, while EMT, ART or tokenized financial instruments may follow separate regulatory lanes.
Who regulates crypto businesses in Spain? +
CNMV is the key authority for MiCA-era CASP matters in Spain. SEPBLAC is central for AML/CFT supervision and suspicious transaction reporting logic. Banco de España remains relevant in legacy and adjacent contexts, especially where payment or e-money issues intersect. AEAT handles tax administration.
Can a non-resident apply for a crypto license in Spain? +
Yes, non-residents can structure a Spain application, but substance still matters. The regulator will look beyond nationality and focus on governance, UBO transparency, operational readiness, local corporate setup, control over outsourced functions and the credibility of the Spanish operating model. A foreign-owned company with real governance can work; a shell setup usually will not.
Do I need a physical office in Spain? +
You need more than a mailing address if the model requires real substance. A registered office is a corporate formality, but the licensing assessment is broader. The applicant should be able to evidence effective management, operational control, document retention, compliance oversight and a credible local setup proportionate to the services requested.
Can a Spain CASP serve clients across the EU? +
Yes, a properly authorized CASP can use MiCA passporting mechanics across the EU. That does not mean instant unrestricted activity everywhere without procedure. Cross-border service rollout should follow the applicable notification and operational steps, and the business should ensure its AML, disclosures, language, complaints handling and support model are scalable across target states.
How long does it take to get a crypto license in Spain? +
A realistic timeline is usually several months, not a universal one-month filing. In many cases, the full project runs around 2-6+ months when company setup, document preparation, regulator review and remediation are counted together. Complex custody, multi-service exchange or cross-border retail models can take longer.
What is the minimum capital for a Spain CASP? +
There is no single universal capital number for all Spain crypto businesses. Under MiCA, capital depends on the class of CASP services requested. That is why online summaries often conflict. The correct threshold should be mapped to the actual service mix, and founders should distinguish regulatory own funds from legal and compliance fees.
Does Spain still use the old VASP registration model? +
The legacy VASP context is not the main answer for most 2026 licensing questions. Spain moved into the MiCA era, so businesses should first assess whether they now require CASP authorization or another regime. Referring to Banco de España registration alone is usually incomplete for a current launch strategy.
Are AML and Travel Rule controls mandatory for Spain crypto companies? +
Yes, AML and Travel Rule controls are core obligations, not optional add-ons. Spain-facing crypto businesses should be prepared for customer due diligence, KYB, UBO checks, sanctions and PEP screening, transaction monitoring, suspicious activity escalation and Travel Rule data handling under Regulation (EU) 2023/1113. These controls should be visible in procedures and systems.
Do crypto advertising rules apply in Spain? +
Yes, Spain has a specific crypto advertising regime. Under CNMV Circular 1/2022, certain mass campaigns aimed at investors in Spain require prior notice to CNMV. The commonly cited threshold is campaigns targeting more than 100,000 persons. Websites, influencers, paid media and landing pages should be reviewed together.
What documents are usually needed for a Spain CASP application? +
The core file usually includes corporate documents, shareholder and UBO records, fit-and-proper evidence, a business plan, AML manuals, risk assessment, Travel Rule procedure, ICT security documents, outsourcing records and conduct policies. International groups often also need apostilles, sworn translations and source-of-funds evidence for controllers.
Can RUE help with Spain licensing and related setup? +
Yes. RUE assists with Spain crypto license strategy, MiCA scoping, company setup coordination, compliance document drafting, banking preparation, tax and accounting coordination, and post-license structuring. Related pages include CASP license, MiCA licence in Spain, bank account in Spain and contact us.
Main Services
Terms of Cooperation
Regulated United Europe
