MiCA License in Lithuania 2026

Obtain a Lithuania CASP authorization under MiCA with RUE. We support exchanges, brokers, custody providers, and crypto platforms before the Bank of Lithuania.

Book Eligibility Call

Regulator

BoL

Timeframe

3-6+ months

Cost

from €18,900

Capital

€50k-€150k

New 2026 entrants apply under MiCA/CASP route; budget depends on scope and substance.

Why Lithuania for a MiCA License

Lithuania remains one of the most practical EU jurisdictions for CASP authorization in 2026. RUE helps structure your UAB, map your business model to MiCA services, prepare regulator-grade documentation, and manage the Bank of Lithuania review process end to end.

Polina Merkulova

Polina Merkulova

Licensing Services Manager

[email protected]

As your point of contact, I help coordinate the licensing process end-to-end, keep communication clear, and move your application forward without unnecessary delays.

RUE provides end-to-end support for MiCA license applications in Lithuania, including company formation, service-scope analysis, governance design, AML/CFT framework drafting, DORA-aligned ICT documentation, and regulator-facing submissions.

We also assist with corporate structuring, banking strategy, local substance planning, and post-authorization compliance so your Lithuania CASP is built for approval and sustainable operation, not just for filing.

Contact me

🏛️

Recognized EU Regulator

The Bank of Lithuania is the national competent authority for CASP authorization and supervision in Lithuania.

🌍

EU Passporting Potential

Once authorized, a Lithuania CASP can notify cross-border services across the EU under MiCA passporting rules.

🧩

Strong Fintech Infrastructure

Lithuania offers a mature ecosystem for fintech, legal, compliance, accounting, and payment operations.

🛡️

Operational Compliance Focus

Lithuania works well for firms ready to build real AML, governance, safeguarding, and ICT resilience from day one.

MiCA in Lithuania

19,900 EUR

Package includes (8)

Preparation of necessary documents for registration of a new company in Lithuania 2026
Translation of a certificate of no criminal record through a sworn translator
Payment of state fees related to company registration
Payment of notary fees related to company registration
Preparation of compliance documents for MiCA application
Preparation of a business plan
Submission of the necessary documents to BoL
Recruitment of local MLRO/Compliance officer

MiCA Class Comparison for MiCA in Lithuania

Compare MiCA Class 1, Class 2 and Class 3 by permitted activities and baseline requirements.

Mica Class 1 - 50 000 EUR

CapitalFrom EUR 50,000 TimeCountry-specific

Swipe left/right to switch license type

Reception and transmission of client orders

Execution of orders on behalf of clients

Placement and advisory services

Portfolio management

No custody of client crypto-assets

Target Models

Advisory firms Introducing brokers Portfolio advisory setups

Mica Class 2 - 125 000 EUR

CapitalFrom EUR 125,000 TimeCountry-specific

Swipe left/right to switch license type

All Class 1 services

Crypto-fiat and crypto-crypto exchange

Custody and administration of client assets

Transfer services for crypto-assets

Higher organizational and AML requirements

Target Models

Exchanges Custody providers Broker-dealer operations

Mica Class 3 - 150 000 EUR

CapitalFrom EUR 150,000 TimeCountry-specific

Swipe left/right to switch license type

All Class 2 services

Operation of crypto-asset trading platform

Enhanced governance and internal controls

Advanced risk management and reporting

Typical for full-scale marketplace operators

Target Models

Trading venues Multi-service CASP groups Institutional-grade operators

Discuss this license

MiCA Class Comparison (Class 1, Class 2, Class 3)

Activity / Option	Mica Class 1 - 50 000 EUR	Mica Class 2 - 125 000 EUR	Mica Class 3 - 150 000 EUR
Reception and transmission of orders	V	V	V
Execution of orders on behalf of clients	V	V	V
Advisory and portfolio management	V	V	V
Crypto-fiat and crypto-crypto exchange	X	V	V
Custody and administration of crypto-assets	X	V	V
Operation of a trading platform	X	X	V

Core Requirements for a Lithuania MiCA License

A MiCA license in Lithuania means authorization as a Crypto-Asset Service Provider (CASP) under Regulation (EU) 2023/1114. In 2026, new applicants should approach Lithuania through the full MiCA/CASP route rather than the legacy local VASP narrative that dominated pre-transition materials.

The Bank of Lithuania reviews not only formal eligibility, but also whether your company can operate safely in practice. That means your file must show a coherent business model, adequate capital, credible management, effective AML/CFT controls, client-asset safeguarding, and ICT governance that aligns with the broader compliance stack, including DORA and the Transfer of Funds Regulation.

Below are the requirements that matter most for founders seeking a CASP license in Lithuania. Exact expectations depend on your service mix, custody model, outsourcing structure, and target markets.

Minimum Capital by CASP Class (€50,000 / €125,000 / €150,000) +

Minimum own-funds thresholds under MiCA are typically structured as follows:

Class 1 — €50,000: for lower-risk services such as reception and transmission of orders, placing, advice, portfolio management, and transfer services relating to crypto-assets;
Class 2 — €125,000: for execution of orders, exchange of crypto-assets for funds, and exchange of crypto-assets for other crypto-assets;
Class 3 — €150,000: for custody and administration of crypto-assets on behalf of clients and operation of a trading platform for crypto-assets.

Capital must be demonstrable, lawful in origin, and normally injected in fiat, not in volatile crypto-assets. Founders often underestimate that regulatory capital is only the floor: the real launch budget also includes legal work, compliance tooling, local staffing, accounting, audit, and ICT security implementation.

Lithuanian Company, Registered Office, and Real Substance +

You will generally need a Lithuanian legal entity, most often a UAB, with a registered office and a governance setup that supports effective supervision. A formal address alone is not enough if the actual management, compliance, and operational control sit elsewhere with no local accountability.

In practice, the Bank of Lithuania and banking providers look for real substance: clear decision-making lines, accessible management, documented outsourcing oversight, and a credible local operating model. Depending on your business model, that may include local directors or senior managers, a local AML function, or at least a practical supervision footprint in Lithuania. Incorporation itself often takes 1-3 weeks, but substance planning should start before filing.

Directors, UBOs, and Fit-and-Proper Review +

The Bank of Lithuania will assess whether shareholders, beneficial owners, directors, and key function holders are fit and proper. This review usually covers:

good repute and criminal-record status;
relevant experience in crypto, payments, financial services, risk, or compliance;
time commitment and role clarity;
source of wealth and source of funds for founders and capital providers;
conflicts of interest and governance independence.

A weak management file is one of the most common reasons for delay. A strong file usually contains detailed CVs, role descriptions, evidence of prior regulated experience, clean background documentation, and a governance map that matches the actual business model.

AML/CFT Framework and MLRO Function +

A Lithuania CASP must maintain a business-specific AML/CFT framework aligned with the Lithuanian Law on the Prevention of Money Laundering and Terrorist Financing, MiCA conduct expectations, and the operational realities of crypto-assets. A generic template is not enough.

business-wide ML/TF risk assessment;
CDD, EDD, sanctions screening, and ongoing monitoring;
blockchain analytics / KYT controls;
suspicious transaction reporting procedures to FCIS / FNTT;
record retention, training, and independent review cadence;
Travel Rule controls under Regulation (EU) 2023/1113.

You will usually need a clearly designated AML officer or MLRO-equivalent function with sufficient authority, expertise, and access to management. Whether this role must be locally based depends on the concrete setup, but effective local supervision and responsiveness are critical in practice.

ICT Security, DORA Readiness, and Operational Resilience +

In 2026, a CASP application without serious ICT governance is structurally weak. The regulator expects you to show how your platform manages availability, integrity, confidentiality, key management, incident escalation, outsourcing risk, and business continuity.

ICT risk management framework and asset inventory;
access control, privileged-access logging, and segregation of duties;
wallet architecture description, including MPC, HSM, or cold-storage controls where relevant;
incident response, crisis communications, and evidence preservation;
business continuity and disaster recovery with target RTO/RPO;
third-party ICT register and vendor oversight aligned with DORA.

A practical nuance many competitors miss: if you outsource core wallet, KYC, or transaction-monitoring functions, the regulator will still expect your board and control functions to understand and supervise those providers rather than treat outsourcing as a compliance shortcut.

Detailed Business Plan, Financial Model, and Service Mapping +

Your application must explain exactly what you do, for whom, where, and how. The Bank of Lithuania will compare your narrative against your policies, customer journey, custody model, and revenue assumptions. Inconsistencies create immediate review friction.

A strong package usually includes:

service-by-service MiCA classification;
client journey and onboarding flows;
target jurisdictions and passporting plan;
outsourcing map and vendor dependencies;
3-year financial projections with realistic assumptions;
liquidity, safeguarding, complaints, and wind-down logic.

One underappreciated issue is negative-space analysis: you should also identify what your company does not do, for example whether you avoid custody, avoid dealing in own account, or do not issue tokens. This helps prevent overbroad regulatory interpretation.

Client Asset Safeguarding and Segregation +

If your model involves custody or control over client crypto-assets or client funds, safeguarding becomes central. The regulator will expect a clear description of wallet ownership, signing authority, reconciliation, insolvency ring-fencing logic, and segregation of client assets from proprietary assets.

Typical focus points include:

separate wallet/account architecture for client assets;
daily or near-real-time reconciliation procedures;
incident and loss-allocation logic;
client disclosures on custody risk and recovery process;
access matrix for key holders and emergency procedures.

CASP authorization does not automatically solve token-issuance questions. If your project also plans an ART, EMT, or admission-to-trading strategy, separate MiCA analysis is required in parallel.

Banking, Payments, and Fiat Rails Readiness +

A Lithuania MiCA license improves credibility with banks and EMIs, but it does not guarantee account opening. You should prepare a banking strategy early, especially if your model needs fiat on-ramp/off-ramp, client-money segregation, or merchant acquiring.

Founders typically need:

corporate account for paid-up capital and operations;
payment partner or EMI relationship for fiat settlement;
clear AML narrative for expected flows, geographies, and customer types;
evidence that crypto-fiat controls, sanctions checks, and source-of-funds reviews are operational.

RUE regularly aligns licensing and banking workstreams together because a technically licensable model can still fail commercially if its fiat rails are not credible.

Jurisdiction Comparison

Compare Lithuania with other jurisdictions by key conditions for obtaining and operating a MiCA/CASP license: regulator, review period, fees, capital, local substance, and passporting.

* This table focuses on MiCA/CASP authorization conditions. Use the settings icon to customize countries and parameters.

💰 Licensing Cost Estimator

Get an approximate cost estimate for your crypto license based on your business needs

Configure Your Licensing Package

Select options below to see estimated costs

License Type

Mica Class 1

Mica Class 2

Mica Class 3

Do you need company registration?

Yes — Register New Company

No — I Have a Company

Additional Services

✓ AML/KYC Package ✓ Bank Account Opening ✓ Physical Office ✓ Compliance Officer

Estimated Cost

€0

Estimated Timeframe

Country-specific

Capital Requirement

€0

📞 Get Exact Quote

* This calculator provides approximate estimates only. Actual costs may vary based on your specific situation. Contact us for a detailed personalized quote.

Taxation and Operating Costs for Lithuania CASPs

A MiCA license in Lithuania should be budgeted as a regulated operating platform, not just a filing exercise. The tax side matters, but for most founders the larger economic question is the full compliance stack: capital, staffing, AML tooling, accounting, audit, legal support, cybersecurity, and banking infrastructure.

Lithuania corporate taxation in 2026 is generally competitive by EU standards, but the exact tax outcome depends on your legal structure, revenue mix, VAT treatment, transfer-pricing profile, and whether you have taxable presence in other jurisdictions through passported activity or local branches.

What founders should budget beyond minimum capital

The practical launch formula is:

Total launch budget = paid-up capital + incorporation + legal/compliance + local staffing + AML/KYT tooling + accounting/audit + ICT/security + contingency

For a lean advisory or broker model, the non-capital launch budget can still be material. For exchange, custody, or trading-platform models, the operational spend rises sharply because safeguarding, monitoring, and incident-management expectations are heavier.

Tax and cost planning points that are often missed

VAT treatment is service-specific and should be confirmed before launch;
cross-border passporting may create local tax or consumer-law obligations in target markets;
outsourcing abroad can trigger transfer-pricing and permanent-establishment questions;
crypto accounting policy should be set before the first transaction, especially if treasury or fee income is received in crypto-assets.

RUE usually coordinates licensing with Lithuania accounting services, Lithuania crypto tax planning, and bank account opening in Lithuania so the approved structure is also workable in daily operations.

Corporate Income Tax

Standard Lithuanian corporate tax for most companies

15%

The standard Lithuanian corporate income tax rate is generally 15%. Preferential rates may apply in limited cases for qualifying small entities, but regulated crypto businesses should not assume reduced treatment without a full tax review. The taxable base depends on accounting treatment, deductible expenses, transfer pricing, and cross-border structuring.

Value Added Tax (VAT)

Depends on the exact crypto or ancillary service

21% / exempt

Lithuania’s standard VAT rate is generally 21%, but some crypto-related services may be exempt or treated differently depending on their legal and economic character. Exchange activity, technology licensing, advisory, SaaS, and token-related services should be analyzed separately. Do not rely on a blanket VAT assumption for all CASP revenue lines.

Dividend Withholding Tax

Depends on shareholder status and treaty position

0%-15%

Dividend taxation depends on whether the shareholder is Lithuanian or foreign, individual or corporate, and whether an applicable tax treaty or participation exemption applies. Founders should structure ownership before capitalization, not after authorization, because later changes can trigger regulatory notifications and tax friction.

Employer and Payroll Costs

Material cost for local substance and key staff

variable

Local payroll costs depend on salary level, role seniority, social contributions, and whether functions are internal or outsourced. For CASPs, payroll is often one of the largest recurring costs because AML, compliance, operations, and ICT governance require qualified personnel rather than nominal appointments.

Accounting and Audit

Mandatory financial reporting and recurring support

€6,000-€30,000+

Annual accounting and audit costs vary by transaction volume, custody complexity, number of wallets/accounts, and whether you operate cross-border. A simple advisory model may stay near the lower end; exchange or custody models usually require more extensive reconciliation, controls testing, and audit support.

AML/KYT and KYC Tooling

Recurring vendor cost for compliance operations

€8,000-€60,000+

Typical recurring tooling includes onboarding/KYC, sanctions screening, transaction monitoring, blockchain analytics, case management, and Travel Rule messaging. Costs depend on transaction volume, number of jurisdictions covered, and whether you need enterprise-grade APIs or manual-review workflows.

ICT Security and DORA Controls

Security stack, testing, and resilience operations

€10,000-€100,000+

Budget for hosting, logging, access management, penetration testing, incident tooling, vendor-risk oversight, backup architecture, and resilience documentation. Custodial models with MPC, HSM, or institutional wallet infrastructure typically sit at the higher end of the range.

Legal and Licensing Support

One-off and recurring regulatory support

€18,900-€75,000+

Legal costs depend on the business model, number of services, complexity of governance, and quality of the initial data room. Advisory-only CASPs are cheaper to structure than exchange-plus-custody or trading-platform files. Post-license support may continue for policy updates, passporting notifications, outsourcing reviews, and material-change filings.

Compliance and Ongoing Obligations After Approval

A Lithuania CASP must maintain continuous compliance with MiCA, AML/CFT, TFR, DORA, corporate, and reporting obligations after authorization.

📊

Regulatory Reporting

Annual audited financial statements and corporate filings
Notifications of material changes in ownership, management, or services
Incident and breach reporting where applicable
Regulator responses and ad hoc information requests
Cross-border passporting notifications before expansion

🛡️

AML/CFT and Travel Rule

CDD, EDD, sanctions screening, and ongoing customer review
Transaction monitoring and blockchain analytics controls
Suspicious transaction reporting to FCIS / FNTT
Travel Rule data collection and transmission under TFR
Record retention, usually at least 5 years in AML context

🔐

Operational and Safeguarding Standards

Segregation of client assets and clear reconciliation procedures
Complaints handling and client disclosure controls
Custody governance, wallet-access matrix, and key-management controls
Outsourcing oversight and third-party risk monitoring
Wind-down planning and business continuity documentation

💻

DORA and ICT Governance

ICT risk management framework and control testing
Incident logging, escalation, and remediation evidence
Business continuity and disaster recovery maintenance
Vendor register for critical ICT service providers
Periodic security reviews, training, and access-right recertification

💡

RUE handles compliance for you. Our team provides ongoing compliance support, including AML officer services, regulatory reporting, and policy updates. We ensure your license stays in good standing year after year. Contact us for compliance support →

MiCA License in Lithuania in 2026: What It Really Means

MiCA License in Lithuania in 2026: what it is and who needs it

A MiCA license in Lithuania is authorization for a company to provide regulated crypto-asset services as a CASP under Regulation (EU) 2023/1114. In practical terms, this is the route for exchanges, brokers, custody providers, trading platforms, portfolio managers, and other crypto intermediaries that want to operate lawfully from Lithuania and potentially passport services across the EU.

For 2026 applicants, the relevant question is no longer whether Lithuania still offers a legacy VASP path. The operative route is the full MiCA/CASP authorization framework, with the Bank of Lithuania acting as the national competent authority. That means your application must be assessed against MiCA governance, prudential, conduct, safeguarding, and organizational standards rather than older local registration logic.

Founders usually need this license if their company:

holds or controls client crypto-assets or private keys;
executes or transmits client orders in crypto-assets;
operates a crypto trading venue or matching environment;
exchanges crypto-assets for fiat or for other crypto-assets;
provides crypto-asset portfolio management, placing, or advice.

A key nuance is that CASP authorization is service-based. The regulator will look at what your platform actually does in operational reality, not just at the label you place on your website. A firm calling itself a “technology provider” may still fall inside MiCA if it controls client flows, private keys, order routing, or settlement logic.

Request CASP Scoping

What changed after the MiCA transition period

What changed after the MiCA transition period

The post-transition reality in 2026 is that founders entering Lithuania should prepare for a fully operational CASP regime. Older references to local VASP registration windows, simplified pre-MiCA onboarding, or transitional grandfathering are no longer the right planning baseline for new market entrants.

In practical terms, the transition changed three things:

authorization standard: applicants are assessed under MiCA rather than under lighter legacy local crypto-registration logic;
compliance depth: documentation must now cover safeguarding, conduct, governance, complaints, conflicts, outsourcing, and prudential readiness in a more structured way;
EU effect: the business case is no longer Lithuania-only, because authorization can support passporting across the EU once notification steps are properly completed.

Another important change is supervisory maturity. Regulators and banks now expect applicants to understand that MiCA is only one layer. A credible Lithuania MiCA license file in 2026 must also show readiness for DORA, TFR / Travel Rule, local AML law, and data-governance issues under GDPR. This is why many “cheap crypto license” offers fail in practice: they budget for filing, but not for operating.

For a broader legal background, see our MiCA license in Europe and CASP regulation guide.

Download MiCA Readiness Checklist

Which business models usually require a Lithuania MiCA license

MiCA-regulated service	Typical business model	Likely capital class	Key regulator focus
Custody and administration of crypto-assets on behalf of clients	Custodial wallet, omnibus custody, treasury custody for clients	Class 3 / €150,000	Safeguarding, key management, segregation, incident response
Operation of a trading platform for crypto-assets	Exchange, matching engine, order book venue	Class 3 / €150,000	Market conduct, execution logic, surveillance, resilience
Exchange of crypto-assets for funds	Broker, OTC desk, retail exchange, fiat on/off-ramp	Class 2 / €125,000	AML, fiat rails, transaction monitoring, source of funds
Exchange of crypto-assets for other crypto-assets	Crypto swap service, brokered conversion engine	Class 2 / €125,000	Execution chain, pricing, sanctions, Travel Rule logic
Execution of orders on behalf of clients	Brokerage or routed execution model	Class 2 / €125,000	Best execution logic, conflicts, outsourcing oversight
Reception and transmission of orders	Introducing broker, order-routing interface	Class 1 / €50,000	Scope boundaries, disclosures, third-party reliance
Portfolio management of crypto-assets	Managed crypto accounts, discretionary strategy service	Class 1 / €50,000	Mandates, suitability logic, conflicts, risk disclosures
Providing advice on crypto-assets	Advisory desk, investment research, recommendation service	Class 1 / €50,000	Advice perimeter, disclosures, inducements, records
Transfer services for crypto-assets on behalf of clients	Client-instructed transfer facilitation	Class 1 / €50,000	TFR data, wallet checks, operational traceability

Service classification is fact-specific. Mixed models may trigger the highest applicable capital threshold and broader documentation requirements.

Activities that may fall outside MiCA or require separate analysis

Activities that may fall outside MiCA or require separate analysis

Not every crypto-related product needs a CASP license in Lithuania, but many edge cases require careful legal qualification. The most common mistake is to assume that a product is outside MiCA because it uses smart contracts, labels itself as DeFi, or does not hold fiat.

Activities that often require separate analysis include:

pure software that does not control client assets, execute orders, or intermediate transactions;
non-custodial wallet tools where the provider never has control over private keys or transaction execution;
NFT projects where the assets may be genuinely unique and non-fungible, though fractionalization or series issuance can change the analysis;
DeFi interfaces where the front-end, governance, fee capture, or operational control may still create a regulated perimeter;
token issuance, especially where the project may involve a crypto-asset white paper, admission to trading, or separate rules for ARTs and EMTs;
financial instruments in tokenized form, which may fall under MiFID-style securities regulation rather than MiCA.

The key legal distinction is control and intermediation. If your company can move client assets, determine execution outcomes, or operate a service layer on behalf of clients, the case for regulation becomes much stronger. Conversely, a genuinely non-custodial open-source tool with no intermediation may sit outside CASP authorization, but that conclusion should never be assumed from branding alone.

RUE often performs a three-bucket analysis: inside MiCA, outside MiCA, or separate regime. This is especially important for projects combining exchange, wallet, staking UX, token issuance, and embedded payments. See also our pages on MiCA and NFTs, MiCA and DeFi, EMTs, and ARTs.

Regulators and laws that govern CASPs in Lithuania

The Bank of Lithuania (Lietuvos bankas) is the central authority for CASP authorization and prudential/conduct supervision in Lithuania. It reviews applications, assesses governance and business-model fitness, and supervises authorized firms on an ongoing basis.

FCIS / FNTT plays a separate but critical role in the AML/CFT ecosystem, especially around suspicious transaction reporting, financial-crime enforcement, and the practical application of Lithuania’s anti-money laundering rules.

The legal stack for a Lithuania CASP in 2026 typically includes:

MiCA — Regulation (EU) 2023/1114: authorization, conduct, governance, safeguarding, prudential rules;
DORA — Regulation (EU) 2022/2554: ICT risk management, incident handling, third-party ICT oversight;
TFR — Regulation (EU) 2023/1113: Travel Rule data for crypto transfers;
Lithuanian AML law: customer due diligence, monitoring, reporting, retention;
GDPR — Regulation (EU) 2016/679: lawful processing of customer and transaction data.

Other institutions also matter operationally: the Register of Legal Entities / Centre of Registers for incorporation, and the State Tax Inspectorate (VMI) for tax registration and ongoing tax compliance.

A practical insight many founders miss: the regulator map is not linear. A file can be legally strong under MiCA but commercially weak if it fails banking due diligence, tax structuring, or outsourcing governance. That is why RUE typically aligns legal services in Lithuania, accounting, and crypto banking support in one workstream.

Law vs regulator expectation vs market practice in Lithuania

Topic	Black-letter law	Regulator expectation	Market practice in 2026
Company form	Lithuanian legal entity required for local authorization route	Clear governance and accountability in Lithuania	Usually a UAB with documented local operating footprint
Local substance	No simple "virtual office only" safe harbor	Effective supervision and accessible management	Founders usually appoint local support functions and maintain real presence
AML officer / MLRO	AML function must exist and be effective	Competent, responsive, sufficiently independent control function	Often local or locally reachable with real authority and documented workflows
Outsourcing	Permitted subject to oversight and accountability	Board must understand and supervise outsourced critical functions	KYC, KYT, and IT are often outsourced, but never "delegated away"
Non-custodial tools	Scope depends on actual control and service design	No blanket exclusions based on branding	Detailed legal memo usually needed before launch
DPO under GDPR	Not automatically mandatory for every CASP	Data governance must still be mature and documented	DPO need is assessed case by case based on processing profile
Token issuance	CASP authorization is separate from ART/EMT issuance logic	Clear perimeter analysis expected	Projects often need parallel MiCA issuer analysis and white paper review

The compliance stack every Lithuania applicant should understand

MiCA

Authorization, conduct of business, client disclosures, safeguarding, prudential capital, conflicts, complaints, and governance.

DORA

ICT risk management, incident handling, resilience testing, and third-party ICT oversight for regulated financial entities.

TFR / Travel Rule

Originator and beneficiary data collection and transmission for crypto transfers, including self-hosted wallet scenarios.

AML/CFT

CDD, EDD, sanctions, monitoring, suspicious reporting, and retention under Lithuanian AML law and EU standards.

GDPR

Lawful handling of KYC data, transaction data, biometrics, and retention schedules across onboarding and monitoring flows.

Corporate law

UAB setup, governance records, director powers, shareholder changes, and local corporate housekeeping.

Tax and accounting

Revenue classification, VAT analysis, crypto accounting policy, transfer pricing, and annual reporting.

Banking and fiat rails

Operational accounts, settlement partners, payment flows, and enhanced due diligence by banks and EMIs.

Documents required for a CASP application in Lithuania

Documents required for a CASP application in Lithuania

A strong Bank of Lithuania file is usually built in five baskets: corporate, people, financial, compliance, and technical. The exact list depends on your service scope, but most applicants should expect to prepare a substantial regulator-grade data room rather than a short form set.

Common document groups include:

Corporate: incorporation documents, shareholder register, UBO structure chart, registered office evidence, governance map;
People: CVs, passports/IDs, criminal-record certificates, questionnaires, role descriptions, references, conflict disclosures;
Financial: proof of capital, source-of-funds evidence, opening balance sheet, 3-year projections, assumptions memo, liquidity planning;
Compliance: AML/CFT manual, business-wide risk assessment, sanctions policy, complaints policy, conflicts policy, outsourcing policy, client-asset safeguarding procedures;
Technical: system architecture, wallet/custody design, access-control model, incident response plan, BCP/DRP, vendor register, security testing evidence.

Where token activity is involved, additional analysis may be needed for white paper obligations, admission to trading, or issuer status. Where cross-border servicing is planned, the file should also explain target markets, language strategy, and operational support model.

One practical point often missed: translation, notarization, and apostille can affect timeline more than founders expect, especially for foreign shareholder documents, police certificates, and source-of-funds evidence. RUE often coordinates this with our document support and local filing teams before the application clock starts.

Prepare Application Documents

Compliance and technical documentation matrix

Document	Main purpose	Why the regulator cares
Business plan	Explains services, clients, markets, and economics	Tests viability and consistency of the model
Financial projections	Shows runway, assumptions, and sustainability	Assesses prudential realism and capital planning
AML/CFT manual	Sets onboarding, monitoring, sanctions, reporting rules	Core evidence of ML/TF risk control
Business-wide risk assessment	Maps inherent and residual AML risks	Shows the framework is tailored, not generic
Complaints policy	Explains how customer complaints are handled	MiCA conduct and consumer-protection expectation
Conflicts of interest policy	Identifies and manages decision conflicts	Important for brokers, platforms, and group structures
Safeguarding / custody policy	Explains segregation, wallet control, reconciliation	Critical for custody and client-asset protection
Execution / order handling policy	Describes routing and execution logic	Needed where client orders are handled or transmitted
ICT architecture document	Maps systems, access, environments, integrations	DORA and operational resilience review
Incident response plan	Sets escalation, containment, recovery steps	Tests operational maturity and evidence preservation
BCP / DRP	Defines continuity and recovery targets	Important for uptime, client protection, and resilience
Outsourcing register	Lists critical vendors and control measures	Shows the firm can supervise outsourced functions

Common reasons applications fail or get delayed

Common reasons applications fail or get delayed

The most common reason a Lithuania MiCA license file stalls is not missing paperwork. It is inconsistency between the business model, governance, AML controls, and technical reality presented to the regulator.

The 7 most common red flags

Template business plan — fix: rewrite it around your actual client journey, monetization, and service perimeter.
Weak source-of-funds evidence — fix: build a clean founder and investor funds trail before capitalization.
No real local substance — fix: document who manages what, from where, and under which reporting lines.
Unclear custody model — fix: explain wallet control, signing rights, reconciliation, and insolvency logic in detail.
Generic AML manual — fix: tailor onboarding, monitoring, sanctions, and SAR logic to your exact risk profile.
Immature ICT governance — fix: provide architecture, access control, incident response, vendor oversight, and BCP/DRP evidence.
Overbroad regulatory claims — fix: clearly state which activities you perform and which you do not perform, especially around token issuance and non-custodial tools.

A subtle but important point: regulators often test traceability. If they ask how a customer order travels from onboarding to execution to settlement to complaint handling, your answer must be consistent across the business plan, AML manual, system architecture, and customer terms.

Get a Gap Analysis

Cost of a MiCA license in Lithuania: realistic budget for 2026

Cost of a MiCA license in Lithuania: realistic budget for 2026

The real cost of a MiCA license in Lithuania is not just the capital threshold. Founders should separate regulatory capital from implementation budget and from ongoing annual operating cost.

A practical budgeting model looks like this:

Capital floor: €50,000, €125,000, or €150,000 depending on service class;
Setup and filing: company formation, legal drafting, application assembly, translations, and corporate support;
Operational buildout: AML/KYT tooling, KYC onboarding, accounting, audit, security stack, and local staffing;
Banking and payments: account opening, EMI/PSP onboarding, and payment integration work;
Contingency: extra budget for regulator questions, revised policies, or additional evidence requests.

Sample budget scenarios usually look like this:

Advisory / order-transmission model: lower capital class, lighter safeguarding burden, but still meaningful AML and governance costs;
Exchange plus custody model: higher capital, stronger safeguarding, more expensive monitoring, and heavier banking due diligence;
Trading platform model: top-end capital class with additional focus on market conduct, resilience, and execution controls.

In market practice, many founders underbudget the first 12 months. The regulator wants to see not only that you can obtain authorization, but that you can survive the first year without cutting compliance corners. That is why RUE usually models both the licensing budget and the post-license burn rate before submission.

For adjacent structuring, see our legal address for your Lithuanian company, accounting services in Lithuania, and MLRO services in Lithuania.

When Lithuania is a strong fit — and when it is not

Lithuania is a strong fit if

You want an EU base with a credible fintech ecosystem, are prepared to build real governance and AML controls, need passporting potential, and can support a regulator-grade documentation process.

Lithuania is not a strong fit if

You want a low-substance shell, rely on vague non-custodial claims to avoid regulation, cannot evidence source of funds, or do not have budget for post-license compliance and banking readiness.

Best-suited business models

Structured brokers, exchanges with clear custody architecture, advisory and portfolio services, and crypto businesses that need legal certainty for EU expansion.

Anti-fit situations

Anonymous founder structures, sanction-sensitive geographies, unstable token schemes, or projects mixing issuance, DeFi, and custody without a clear legal perimeter.

Final checklist: are you ready to apply for a CASP license in Lithuania?

Final checklist: are you ready to apply for a CASP license in Lithuania?

You are close to filing only if your legal, operational, and financial story is internally consistent. A good application reads as one system, not as separate documents written by different providers.

10-point readiness checklist

Have you mapped your exact services to the correct MiCA perimeter?
Have you identified the correct capital class: €50k / €125k / €150k?
Have you incorporated or planned a Lithuanian UAB with real substance?
Can you evidence lawful source of funds and source of wealth?
Do your directors and key persons pass fit-and-proper review?
Is your AML/CFT framework tailored to your actual business model?
Are your Travel Rule and blockchain analytics workflows operationally realistic?
Do you have DORA-grade ICT governance, incident handling, and vendor oversight?
Are your business plan, financial model, and custody/execution narrative fully aligned?
Can you support post-license accounting, audit, banking, and reporting from day one?

If the answer is “no” to more than two of these points, founders should usually run a pre-application gap analysis before filing. RUE can provide a scoped readiness review, documentation buildout, and full submission support for the Bank of Lithuania CASP license process.

Request End-to-End Support

📝 Check Your Eligibility

Answer a few quick questions to find out if this jurisdiction suits your crypto business

Step 1 of 5

What type of crypto services will you provide?

Exchange (fiat ↔ crypto)

Custody & Wallet Services

Transfer & Payment Services

Advisory / Portfolio Management

Multiple / All of the Above

Step 2 of 5

What is your target market?

European Union only

EU + Global markets

Global (non-EU priority)

Step 3 of 5

Do you already have a registered company in the EU?

Yes, in this jurisdiction

Yes, in another EU country

No, I need to register one

Step 4 of 5

What is your available budget range?

Under €20,000

€20,000 – €50,000

€50,000 – €100,000

Over €100,000

Step 5 of 5

When do you plan to launch?

As soon as possible (1–3 months)

Within 6 months

Within a year

Just exploring options

✅

This Jurisdiction Is a Great Fit!

Based on your answers, this jurisdiction matches your business requirements well. Here's a quick summary:

Recommended License

CASP License

Estimated Budget

€24,000 – €35,000

Estimated Timeframe

4–6 months

EU Passporting

Available

📞 Get Personalized Assessment

Step-by-Step CASP Licensing Process

Step 1

Scoping and Gap Analysis

We map your business model to MiCA services, identify whether you fall inside or outside CASP scope, select the likely capital class, and test readiness across governance, AML, ICT, and substance. Typical duration: 1-3 weeks.

Step 2

Lithuanian Company Setup

We incorporate the Lithuanian UAB, arrange registered-office formalities, structure shareholding, prepare governance documents, and align the company with future licensing needs. Typical duration: 1-3 weeks.

Step 3

Substance and Staffing Plan

We define management roles, AML/compliance function, outsourcing model, local presence, and banking strategy. This phase is critical because weak substance planning often causes later regulator pushback. Typical duration: 1-3 weeks.

Step 4

Documentation Buildout

We prepare the business plan, financial projections, AML/CFT framework, risk policies, safeguarding documentation, complaints procedures, ICT architecture, DORA-related controls, and supporting personal/corporate files. Typical duration: 4-10 weeks.

Step 5

Application Submission

We assemble the final data room, quality-check consistency across all documents, and submit the CASP application to the Bank of Lithuania with the required forms and evidence. Typical duration: 1 week.

Step 6

Regulator Review and Q&A

The Bank of Lithuania reviews completeness and substance, then issues follow-up questions where needed. A commonly cited statutory benchmark is up to 65 working days after completeness, but real elapsed time depends on file quality and response speed. Typical real-world duration: 2-4+ months.

Step 7

Authorization and Launch Readiness

After approval, we finalize internal controls, banking and payment arrangements, onboarding flows, Travel Rule operations, reporting lines, and post-license compliance calendar so the CASP can launch in a controlled way. Typical duration: 2-4 weeks.

Start Your Application

Frequently Asked Questions

Can a foreign founder get a MiCA license in Lithuania? +

Yes, foreign founders can obtain a MiCA license in Lithuania through a Lithuanian company, usually a UAB, provided they meet ownership transparency, source-of-funds, governance, and fit-and-proper requirements. Foreign ownership itself is not the problem; weak substance, unclear UBO structure, or poor documentation usually is.

In practice, the Bank of Lithuania will focus on whether the company can be effectively supervised in Lithuania and whether the management and compliance setup is credible for the proposed services.

How long does a CASP application take in Lithuania? +

A realistic timeline is usually 3-6+ months from project start to authorization, depending on readiness. Incorporation often takes 1-3 weeks, document preparation 4-10 weeks, and regulator review can extend for several months depending on completeness and Q&A rounds.

A commonly cited review benchmark is up to 65 working days after completeness, but founders should distinguish the statutory clock from the real elapsed timeline, which includes pre-filing work and follow-up requests.

What is the minimum capital for a Lithuania MiCA license? +

The standard MiCA capital thresholds are €50,000, €125,000, and €150,000, depending on the services provided. Lower-risk advisory and order-transmission models usually sit at €50,000, exchange services often at €125,000, and custody or trading-platform models at €150,000.

The exact classification depends on the actual business model. Capital is only the regulatory floor and should not be confused with the total launch budget.

Can a Lithuania CASP passport services across the EU? +

Yes, an authorized Lithuania CASP can generally passport services across the EU through the MiCA notification mechanism. This is one of the main commercial advantages of obtaining authorization in an EU member state.

Passporting does not remove all local obligations. You may still need to comply with host-state rules on consumer protection, marketing, tax, and local operational matters depending on how you enter each market.

Does a CASP license allow token issuance? +

No, CASP authorization does not automatically authorize token issuance. A CASP license covers regulated crypto-asset services. Token issuance, admission to trading, and white paper obligations require separate analysis under MiCA, especially for asset-referenced tokens (ARTs) and e-money tokens (EMTs).

This distinction is critical for founders building combined exchange-plus-token projects. The service-provider and issuer analyses should be run in parallel, not merged into one assumption.

Is a non-custodial wallet app regulated in Lithuania? +

Not always. A purely non-custodial wallet interface may fall outside CASP authorization if the provider does not control private keys, intermediate transfers, or execute transactions on behalf of clients. However, this is highly fact-specific.

If the app includes custody-like control, order routing, embedded brokerage, fee-taking intermediation, or other operational influence over client transactions, it may still fall within MiCA. Blanket statements are unsafe here.

Do I need a Lithuanian resident AML officer? +

Not as a universal black-letter rule in every case, but the AML function must be effective, competent, and compatible with local supervision. In practice, Lithuanian presence or at least strong local accessibility is often important, especially for firms with active onboarding, fiat rails, or higher-risk customer flows.

The right answer depends on your structure, outsourcing model, and regulator expectations for effective control. Founders should treat this as a practical supervisory issue, not just a formal checkbox.

What are the main post-license obligations for a Lithuania CASP? +

The main post-license obligations include ongoing AML/CFT controls, Travel Rule compliance, safeguarding, governance maintenance, reporting, audit, and ICT resilience. A CASP must keep policies updated, monitor transactions, file suspicious reports where needed, maintain records, and notify material changes to the regulator.

For many firms, the biggest operational burden after approval comes from the combined effect of MiCA + DORA + TFR + AML law, not from MiCA alone.

Can I apply remotely for a MiCA license in Lithuania? +

Much of the process can be organized remotely, especially document collection, structuring, drafting, and project management. However, remote setup does not remove the need for a Lithuanian company, credible governance, and real supervisory substance.

Some founders complete most of the project remotely with local legal, compliance, and corporate support on the ground. The key is not physical presence during drafting, but whether the final operating model is genuinely licensable.

What is the biggest mistake founders make when applying in Lithuania? +

The biggest mistake is treating the application as a paperwork exercise instead of an operating-model review. The Bank of Lithuania will test whether your business plan, AML framework, custody or execution logic, staffing, and ICT controls actually fit together.

Files usually fail when they are built from templates, funded unclearly, or unsupported by real substance. The strongest applications are consistent, evidenced, and operationally credible from the first submission.

Regulated United Europe OÜ

Registration number: 14153440
Anno: 16.11.2016
Phone: +372 56 966 260
Email: [email protected]
Address: Laeva 2, Tallinn, 10111, Estonia

Company in Lithuania UAB

Registration number: 304377400
Anno: 30.08.2016
Phone: +370 6949 5456
Email: [email protected]
Address: Lvovo g. 25-702, Vilnius, 09320, Lithuania

Company in Czech Republic s.r.o.

Registration number: 08620563
Anno: 21.10.2019
Phone: +420 775 524 175
Email: [email protected]
Address: Na Perstyne 342/1, Prague

Company in Poland Sp. z o.o.

Registration number: 38421992700000
Anno: 28.08.2019
Email: [email protected]
Address: Twarda 18, Warsaw, 00-824, Poland

Please leave your request

The RUE team understands the importance of continuous assessment and professional advice from experienced legal experts, as the success and final outcome of your project and business largely depend on informed legal strategy and timely decisions. Please complete the contact form on our website, and we guarantee that a qualified specialist will provide you with professional feedback and initial guidance within 24 hours.

Main Services

Terms of Cooperation

Regulated United Europe