MiCA License in Croatia 2026

What counts as a crypto-asset service under MiCA

A business needs MiCA authorisation when it provides one or more regulated crypto-asset services on a professional basis. The most common services are not theoretical categories; they map directly to real operating models used by exchanges, wallet providers, OTC desks, and token platforms.

• Custody and administration of crypto-assets on behalf of clients: typically relevant for hosted wallets, custodial platforms, and institutional safekeeping models.
• Operation of a trading platform for crypto-assets: relevant where the platform brings together multiple third-party buying and selling interests under defined rules.
• Exchange of crypto-assets for funds: relevant for fiat on-ramp and off-ramp models.
• Exchange of crypto-assets for other crypto-assets: relevant for swap and conversion services.
• Execution of orders on behalf of clients: relevant where the firm actively executes client instructions rather than merely displaying prices.
• Reception and transmission of orders: relevant for broker-type models that route client orders to another venue or liquidity provider.
• Placing of crypto-assets: relevant for distribution or placement activity connected with token offerings.
• Portfolio management: relevant where the firm has discretion to manage a client crypto portfolio.
• Advice on crypto-assets: relevant where personalised recommendations are provided.
• Transfer services for crypto-assets on behalf of clients: relevant where the provider transfers crypto-assets from one address or DLT account to another on behalf of a client.

A useful practical nuance is that one business model often triggers multiple services at once. For example, a retail exchange with hosted wallets may require analysis for custody, exchange, transfer services, and possibly order execution. This is why service mapping should be done before capital planning.

When a token falls outside MiCA and into MiFID II

A token falls outside MiCA when it is properly classified as a financial instrument under existing EU financial services law. The legal test is not based on blockchain terminology. It is based on the rights attached to the token, the economic function of the arrangement, and how the offer is structured in reality.

Five practical indicators that usually trigger MiFID II analysis:

• Rights to profit participation, dividends, or revenue share
• Debt-like repayment claims or interest-style entitlement
• Governance or control rights resembling shares or other securities
• Transferability and investment marketing aimed at return expectation
• Intermediation structure similar to securities placement or trading

If those features dominate, the project may require an investment-services analysis instead of a MiCA path. This distinction matters because the consequences are material: prospectus rules, custody rules, market abuse logic, and investment firm licensing may all become relevant. In other words, a founder can lose months by preparing a CASP file for a business that is not a CASP in the first place.

For deeper classification work, see our internal resources on tokenisation, MiCA regulation for tokens, and legal services.

Documents required for a MiCA application in Croatia

A regulator-ready Croatian MiCA file usually contains six document layers: corporate, ownership, governance, AML/CFT, ICT and security, and financial/business planning. The exact list depends on the services and token model, but the logic is consistent across serious CASP applications.

1. Corporate and structural documents

• Incorporation documents and extract from the Croatian register
• Articles of association and shareholding structure
• Group chart showing affiliates, service companies, and outsourced providers
• Registered office and operational address evidence

2. Ownership and UBO package

• Direct and indirect ownership chart
• UBO declarations
• Source-of-funds and source-of-wealth support where needed
• Shareholder questionnaires and reputation evidence

3. Governance and fit-and-proper package

• CVs of directors and senior managers
• Role descriptions and reporting lines
• Conflict of interest policy
• Fit-and-proper declarations and supporting evidence
• Organisational chart and committee structure where relevant

4. AML/CFT and Travel Rule package

• Business-wide ML/TF risk assessment
• Customer onboarding, CDD, EDD, and sanctions procedures
• Transaction monitoring and suspicious activity escalation workflow
• Travel Rule operating procedure and data-handling logic
• Record retention and training framework

5. ICT, custody and outsourcing package

• System architecture and data flow description
• Wallet and custody control matrix
• Access control, incident response, BCP/DR documentation
• Outsourcing policy and outsourcing register
• Vendor due diligence files and critical-service oversight model

6. Programme of operations and financials

• Detailed business plan and service description
• Customer journey and operational process maps
• Three-year financial projections with assumptions
• Capital planning and liquidity support
• Complaints handling and safeguarding procedures

The most common document mistake is inconsistency across the file. If the business plan says the company will safeguard client assets, but the ICT pack does not explain key management and reconciliation, the regulator will treat the submission as incomplete even if every document formally exists.

AML, Travel Rule and transaction monitoring documentation

A Croatian CASP application must explain how the firm will identify customers, screen them, monitor transactions, and handle crypto transfers under the EU Transfer of Funds Regulation. In 2026, this is one of the clearest areas where regulators can distinguish a serious operator from a superficial applicant.

The minimum operational stack usually includes:

• CDD and EDD logic: onboarding rules for natural persons, corporates, UBOs, PEPs, and high-risk jurisdictions
• Sanctions screening: onboarding and ongoing screening against relevant lists
• Blockchain analytics: wallet risk scoring, typology flags, exposure analysis, and case escalation
• Travel Rule workflow: originator and beneficiary data collection, transmission, validation, and fallback handling
• STR process: internal escalation, decision logs, and reporting path to the competent authority
• Record retention: evidence that customer files, alerts, and transfer records are retrievable and auditable

A technical nuance often missed by applicants is that Travel Rule compliance is not just a legal notice in the AML manual. It requires process design between onboarding, wallet screening, transfer initiation, counterparty CASP identification, and exception management. Many firms use IVMS101-compatible messaging to support interoperability, even though the law does not prescribe a single technical standard by name.

RUE helps clients align the legal policy, operational workflow, and vendor stack so the Croatian regulator sees one coherent AML/TFR control environment rather than disconnected documents.

Token issuance in Croatia under MiCA: white paper, EMTs, ARTs and public offers

Token issuance in Croatia is not the same legal exercise as obtaining a CASP licence. A founder may need one, the other, or both, depending on whether the business is issuing crypto-assets, providing services around them, or doing both simultaneously.

MiCA distinguishes three broad token categories relevant here:

• Electronic money tokens (EMTs): tokens that purport to maintain a stable value by referencing one official currency.
• Asset-referenced tokens (ARTs): tokens that reference another value or right, or a combination of them, including baskets.
• Other crypto-assets: the residual MiCA category for tokens not already captured by EMT, ART, or financial-instrument analysis.

For many public offers or admissions to trading, a white paper is required unless a specific exemption applies. That white paper is a regulated disclosure document. It should accurately describe the issuer, project, rights attached to the token, technology, risks, economics, complaints handling, and, where relevant, reserve or stabilisation mechanics.

EMTs and ARTs face stricter rules than ordinary crypto-assets. In Croatian projects involving stable-value features, the issuer analysis should be done before launch, because the legal consequences may extend beyond MiCA marketing disclosures into e-money or prudential territory. This is also where the role of HNB becomes especially important.

A practical nuance that many pages omit: even where a token is marketed as a utility token, secondary-market support, redemption promises, treasury management, or reserve claims can materially change the legal analysis. The regulator will review substance over branding.

See also our internal pages on EMT regulation, ART regulation, stablecoin regulation, and MiCA for blockchain projects.

Passporting from Croatia across the EU

A Croatian MiCA licence can support EU-wide expansion, but passporting starts only after authorisation and notification. It is not created by company incorporation and it is not an automatic right at the draft-application stage.

The sequence is usually:

1. Obtain CASP authorisation from the competent Croatian authority.
2. Prepare the cross-border notification describing the services and target states.
3. The home authority transmits the notification under the MiCA framework.
4. Cross-border services or branch activity may then proceed in accordance with the notification mechanics.

This is commercially important because Croatia can function as an EU entry point for firms that want one regulated base rather than multiple local licences. However, passporting does not remove host-state obligations outside MiCA, such as consumer law, tax registration, advertising rules, data protection, or local language requirements.

A practical point often missed by founders: if the operating model relies on local payment partners, local marketing affiliates, or branch staff in another state, those arrangements should be reflected in the original governance and outsourcing design rather than added later without control mapping.

Next steps: how to assess your eligibility for a MiCA license in Croatia

The fastest way to evaluate a Croatian MiCA project is to review the facts before drafting. RUE normally starts with a short eligibility assessment covering the business model, token classification, service list, ownership structure, jurisdictions served, AML stack, custody model, and outsourcing dependencies.

Before the first call, prepare:

• one-page business model summary;
• list of planned services;
• token description or white paper draft, if any;
• group and ownership chart;
• target countries and customer types;
• current KYC/AML, wallet, and payment stack.

We then issue a practical roadmap covering scope, regulator split, likely capital threshold, document checklist, timeline, and launch budget logic. If needed, RUE can also support crypto business banking, accounting services, Croatia crypto tax coordination, and CASP licensing strategy.