MiCA Licence in Netherlands

Obtain a Netherlands MiCA license for CASP activities under the Dutch supervisory model. RUE supports exchanges, brokers, custody providers, and crypto platforms from scoping to authorization.

Schedule Free Consultation

Regulator

AFM/DNB

Timeframe

5-8 months

Cost

from €39,000

Capital

€50k-€150k

Statutory review is **105 working days** after completeness; timing depends on scope.

Why the Netherlands for a MiCA License

A MiCA license in Netherlands gives access to one of the EU’s most credible fintech markets, but the Dutch model is documentation-heavy and substance-sensitive. RUE structures the entity, maps the exact CASP services, prepares the application pack, and manages regulator-facing work through authorization readiness.

Polina Merkulova

Polina Merkulova

Licensing Services Manager

[email protected]

As your point of contact, I help coordinate the licensing process end-to-end, keep communication clear, and move your application forward without unnecessary delays.

Regulated United Europe (RUE) provides end-to-end support for a MiCA license in Netherlands, including service qualification, Dutch company setup, governance design, application drafting, AML/CTF framework buildout, DORA-aligned ICT documentation, and regulator Q&A support.

We also coordinate banking preparation, accounting, tax structuring with local advisers, and post-license compliance implementation so the business is ready not only to obtain authorization, but to operate under it.

Contact me

🏛️

Recognized Supervisory Environment

The Dutch model is associated with high regulatory credibility, serious governance review, and strong market perception among banking and institutional counterparties.

🌍

EU Passporting Base

A Netherlands MiCA license can be passported across **27 EU member states** after the required notification process through the home-state framework.

🧭

Good Fit for Complex Models

The Netherlands is often suitable for custody, exchange, OTC, brokerage, and hybrid models that need robust governance, outsourcing control, and defensible compliance architecture.

🛡️

Operational Discipline

Dutch authorization preparation naturally forces stronger AML, Travel Rule, DORA, complaints, incident, and board-control frameworks before launch.

MiCA Licence in Netherlands

28,900 EUR

Package includes (8)

Preparation of necessary documents for registration of a new company in Netherlands
Translation of a certificate of no criminal record through a sworn translator
Payment of state fees related to company registration
Payment of notary fees related to company registration
Preparation of compliance documents for MiCA application
Preparation of a business plan
Submission of the necessary documents to AFM/DNB
Recruitment of local MLRO/Compliance officer

Timeframe: From 6 months

Comprehensive Requirements for Netherlands MiCA License

A MiCA license in Netherlands is, in legal terms, a CASP authorization under the EU Markets in Crypto-Assets Regulation. In 2026, applicants are expected to show not only formal eligibility, but operational readiness across governance, AML/CTF, ICT resilience, outsourcing, safeguarding, and financial planning.

The Dutch model should not be confused with the old pre-MiCA DNB AML registration. For a new or scaling crypto business, the real question is whether the proposed activities fall within MiCA’s list of crypto-asset services and whether the Dutch entity can evidence effective management, transparent ownership, adequate capital, and a credible control environment. The exact package depends on whether you are applying for advisory-only services, brokerage, exchange, transfer, custody, or a mixed model.

Correct CASP Service Mapping Under MiCA +

You must define the exact MiCA service perimeter before filing. Dutch reviewers will expect your application to map the business model to one or more regulated services such as:

custody and administration of crypto-assets on behalf of clients;
operation of a trading platform for crypto-assets;
exchange of crypto-assets for funds;
exchange of crypto-assets for other crypto-assets;
execution of orders;
reception and transmission of orders;
placement;
transfer services;
advice on crypto-assets;
portfolio management on crypto-assets, where the model falls within MiCA service definitions.

A weak service-mapping memo is one of the most common causes of delay. Labels such as “non-custodial,” “DeFi,” “software-only,” or “NFT platform” do not remove the need for legal analysis. The regulator will look at actual control points, client journey, private-key influence, order flow, fee model, and whether the platform intermediates execution or transfer.

Minimum Capital Requirements (€50,000 / €125,000 / €150,000) +

MiCA capital thresholds for CASPs are set by service class and must be met in fiat, not in crypto-assets. The key thresholds are:

€50,000 for lower-risk categories such as certain advisory or order-related models;
€125,000 for intermediate-risk models;
€150,000 for higher-risk activities such as custody, exchange, or platform operation, depending on the service mix.

For mixed models, the practical rule is that the more risk-sensitive service usually drives the prudential threshold and the depth of controls. For example:

advice + reception/transmission is typically lighter than
exchange + custody, which requires stronger safeguarding, reconciliation, and wallet-governance evidence.

Minimum capital is not the same as total funding need. In practice, Dutch reviewers also look at operating runway, realistic burn, and whether the entity can fund compliance, staffing, audit, and ICT resilience. A practical planning metric is 12 months of fixed operating costs in addition to the minimum own-funds threshold.

Dutch Company Setup, Substance, and Effective Management +

You need an EU legal entity with a Dutch corporate footprint that can support real supervision. In practice, applicants usually establish a Dutch company registered with the Dutch Chamber of Commerce (KVK) and maintain proportionate local substance.

Substance is not satisfied by a mailbox structure. Supervisory expectations typically include:

a registered office in the Netherlands;
accessible books, records, and compliance documentation;
real decision-making capacity within the EU and preferably within the Dutch setup;
management able to interact with the regulator and explain operations in detail;
control over outsourced functions rather than blind vendor dependence.

A physical office is often expected in practice for serious applications, but the real test is effective management and operational substance proportionate to the risk profile. The more your model relies on custody, exchange, client money flows, or critical outsourcing, the stronger the Dutch presence should be.

Directors, Shareholders, and Fit-and-Proper Review +

Directors, senior managers, and qualifying shareholders must pass a fit-and-proper assessment. In practice, this means the Dutch supervisory architecture will review:

competence and relevant experience in financial services, crypto operations, compliance, or technology risk;
integrity, including criminal record, sanctions exposure, litigation, insolvency, and prior regulatory history;
time commitment and whether the proposed role is realistic;
conflicts of interest and independence of control functions;
ownership transparency, including UBO chain and source of funds.

Shareholdings of 10% or more generally trigger enhanced scrutiny as qualifying holdings. Typical evidence includes CVs, references, passports, police certificates where required, ownership charts, source-of-funds documents, questionnaires, and explanations of prior regulated activities. A strong business model with a weak board is still a weak application.

AML/CTF, Wwft, Sanctions, and Travel Rule Controls +

A Netherlands MiCA license does not replace AML obligations. CASPs must operate a parallel compliance stack under MiCA, the Dutch AML framework including Wwft, the EU sanctions regime, and the recast Transfer of Funds Regulation (TFR).

Your AML package should include:

business-wide ML/TF risk assessment;
client risk scoring and onboarding controls;
KYC/CDD and enhanced due diligence for high-risk cases;
PEP, sanctions, and adverse-media screening;
transaction monitoring and, where relevant, KYT tooling;
suspicious activity escalation and reporting logic;
record retention and governance around false positives, overrides, and QA;
Travel Rule procedures for originator and beneficiary data transmission in crypto transfers.

For exchanges and custodians, the regulator will usually look beyond policy wording and ask how Travel Rule data is collected, validated, transmitted, and handled when counterparties are unhosted wallets or non-responsive VASPs/CASPs. This is a major practical gap in many weak applications.

ICT Security, Outsourcing, and DORA Readiness +

In 2026, a CASP in the Netherlands must be prepared not only for MiCA, but also for the broader EU operational-resilience framework, especially DORA. This means your application should demonstrate credible ICT governance, incident handling, and third-party oversight.

Expected controls commonly include:

role-based access control and privileged-access reviews;
MFA, encryption, and audit logging across critical systems;
incident classification and escalation playbooks;
business continuity and disaster recovery arrangements;
vendor due diligence and outsourcing register;
cloud risk assessment and exit planning;
security testing proportionate to the model, including vulnerability scans and penetration testing;
for custody models, key-management architecture using HSM, MPC, or equivalent institutional controls.

Reviewers often test whether the applicant truly controls outsourced technology. If your exchange engine, wallet stack, onboarding, screening, or customer support is outsourced, you must show governance over SLAs, incident reporting, audit rights, concentration risk, and fallback arrangements.

Program of Operations, Financial Plan, and Wind-Down Logic +

The application must show how the business will operate, scale, and, if necessary, wind down without disorderly harm to clients. A credible program of operations is therefore central to the Dutch MiCA file.

Core planning evidence usually includes:

detailed service description and target markets;
client journey from onboarding to transaction execution and offboarding;
3-year financial projections with conservative assumptions;
capital planning and liquidity runway;
outsourcing map and control framework;
complaints handling, conflicts, and disclosure design;
recovery and orderly wind-down logic.

One technical nuance often missed by founders: the regulator will compare your revenue model against your requested services and operational architecture. If you claim to be “software-only” but earn spread, routing fees, custody fees, or settlement fees, the file must explain why the requested service scope is complete and internally consistent.

Jurisdiction Comparison

Compare Netherlands with other jurisdictions by key conditions for obtaining and operating a MiCA/CASP license: regulator, review period, fees, capital, local substance, and passporting.

* This table focuses on MiCA/CASP authorization conditions. Use the settings icon to customize countries and parameters.

Taxation and Cost Considerations for Dutch CASPs

The Netherlands is not usually chosen for a MiCA license because of low headline tax. It is chosen for regulatory credibility, commercial infrastructure, and institutional perception. That said, tax analysis remains essential because a Dutch CASP must align regulatory substance, tax substance, and actual value creation without assuming they are the same test.

For 2026, tax rates and interpretations should always be verified against the current guidance of the Belastingdienst and local tax advisers. As a high-level rule, Dutch companies are generally subject to corporate income tax, and certain non-exempt services may fall within the standard VAT regime. VAT treatment in crypto is highly fact-sensitive: exchange activity may be treated differently from advisory, software, licensing, white-label technology, or support services.

How to think about tax for a Netherlands MiCA license

The most useful approach is to separate five layers:

corporate tax position of the Dutch entity;
VAT characterization of each revenue stream;
withholding and cross-border payments within the group;
wage tax and payroll for Dutch staff and directors;
transfer pricing and substance if the CASP is part of an international group.

Founders often underestimate the tax effect of outsourcing. If technology, compliance, or customer support sits outside the Netherlands, the group should document which entity performs DEMPE-like value functions for the regulated business, who controls key risks, and how service charges are priced. A MiCA-ready structure with weak transfer-pricing logic can still create tax friction.

Initial and ongoing cost logic

The real budget for a Netherlands MiCA license is broader than the filing itself. A practical formula is:

Total Initial Budget = regulatory review fee + legal/advisory + policy pack + company setup + capital lock-up + audit/accounting + ICT/compliance tooling + substance costs

In practice, many applicants budget €40,000-€100,000+ for setup and authorization work, excluding locked capital and business runway. Exchange and custody models usually sit at the upper end because they require stronger safeguarding, wallet governance, incident controls, and vendor oversight.

This content is for general information only and is not legal or tax advice. Tax rates, VAT treatment, and supervisory practice should be verified for the current year 2026.

Corporate Income Tax

Dutch corporate tax applies to the licensed entity

verify 2026

Dutch corporate income tax rates should be checked for the current tax year with the Belastingdienst or local advisers. The effective burden depends on taxable profit, deductible costs, group structure, transfer pricing, and whether functions are genuinely performed in the Netherlands.

Value Added Tax (VAT)

Service-specific and fact-sensitive in crypto

21% / exempt

The standard Dutch VAT rate is 21%, but not all crypto-related services are treated the same. Certain exchange activities may be exempt, while advisory, software licensing, white-label technology, implementation, or support services may be taxable. Revenue mapping by service line is essential before launch.

Payroll Taxes and Social Charges

Relevant where Dutch staff or directors are engaged

variable

If the CASP employs staff or pays Dutch-based directors, payroll compliance becomes part of ongoing substance. This includes wage tax withholding, employment classification, and social-security treatment. High-skill compliance, MLRO, and ICT roles can materially affect annual cost base.

Withholding and Cross-Border Payments

Depends on payment type and group structure

variable

Cross-border royalties, service fees, dividends, and intercompany charges should be reviewed under Dutch domestic rules, treaty network, and anti-abuse standards. For international CASP groups, this is often as important as the headline corporate tax rate.

Regulatory Review Costs

Authority review fees and related filing costs

case-based

Applicants should budget for authority review fees and related professional support. In market practice, Dutch review costs are often modeled with an hourly regulator component and can become significant for complex files, especially where multiple Q&A rounds arise.

Accounting and Audit Readiness

Annual finance-control and reporting layer

€12,000+

Even a lean CASP should budget for bookkeeping, annual accounts, tax filings, and audit-readiness work. Where the business model includes custody, high transaction volumes, or complex outsourcing, finance-control costs increase because reconciliation, reserves, and reporting become more demanding.

Compliance Tooling

AML, screening, Travel Rule, and security stack

€10,000+

Common recurring costs include KYC/CDD tools, sanctions and PEP screening APIs, blockchain analytics or KYT, Travel Rule messaging, SIEM/log retention, ticketing, and incident-management tooling. These are operational costs, but they directly affect tax-deductible expense planning and runway.

Local Substance Costs

Office, governance, and key personnel

variable

Substance costs usually include office, resident or regularly present management, compliance support, accounting, and board governance. The Netherlands is generally better suited to businesses that can support a serious operating budget rather than ultra-lean founder-only structures.

Compliance and Ongoing Obligations for Dutch CASPs

Authorization is the start of supervision, not the end of the project. A licensed Dutch CASP must maintain governance, AML, DORA-aligned ICT controls, complaints handling, and event-driven regulatory notifications on an ongoing basis.

📊

Reporting and Notifications

Periodic regulatory reporting as required by the applicable MiCA and Dutch supervisory framework
Event-driven notification of material changes in management, ownership, outsourcing, or service scope
Incident escalation and reporting where operational or ICT events meet reportable thresholds
Maintenance of accurate books, records, audit trails, and decision logs
Passporting notifications before starting cross-border services in other EU states

🛡️

AML, Wwft, and TFR Controls

Customer due diligence, beneficial ownership checks, and risk-based onboarding
Enhanced due diligence for high-risk clients, geographies, and transaction patterns
Ongoing transaction monitoring and alert governance with documented escalation paths
Travel Rule data collection, transmission, exception handling, and record retention
Sanctions, PEP, and adverse-media screening with periodic recalibration

🔐

ICT, DORA, and Outsourcing

ICT risk management framework covering access control, logging, backup, and resilience
Third-party risk oversight for cloud, wallet, screening, onboarding, and support vendors
Incident classification, response testing, and lessons-learned governance
Business continuity and disaster recovery plans kept current and tested
Security testing proportionate to risk, including vulnerability management and penetration testing

📋

Governance and Client Protection

Board and senior-management review cycle for compliance, risk, complaints, and outsourcing
Conflicts-of-interest management and clear client disclosures
Complaints handling framework with tracking, root-cause review, and remediation
For custody models: segregation, reconciliation, key-management governance, and incident playbooks
Ongoing staff training on MiCA, AML, sanctions, data protection, and operational procedures

💡

RUE handles compliance for you. Our team provides ongoing compliance support, including AML officer services, regulatory reporting, and policy updates. We ensure your license stays in good standing year after year. Contact us for compliance support →

MiCA license in Netherlands in 2026

MiCA license in Netherlands in 2026: what it is and who regulates it

A MiCA license in Netherlands means CASP authorization under the EU Markets in Crypto-Assets Regulation, not a generic “crypto license.” In 2026, the old market language around VASP registration is no longer sufficient. If a business provides regulated crypto-asset services from the Netherlands or uses the Netherlands as its home Member State, it must assess whether it needs authorization as a Crypto-Asset Service Provider (CASP) under MiCA.

The Dutch supervisory architecture is best understood as a split model involving AFM and DNB. The Authority for the Financial Markets (AFM) is central to market-conduct and authorization logic, while De Nederlandsche Bank (DNB) remains relevant in the broader prudential, integrity, and AML-related supervisory environment. Exact supervisory touchpoints depend on the service model, governance structure, and how the Dutch framework allocates responsibilities in practice.

This matters because many legacy market articles still describe the Netherlands through the lens of the old DNB AML-registration era. That is outdated. After MiCA became fully operational for CASPs and the transition period passed, firms could no longer rely on pre-MiCA narratives as if they were equivalent to a Netherlands MiCA license.

For founders, the practical takeaway is simple: if you are searching for MiCA Licence in Netherlands or Netherlands MiCA license, the real project is a regulated authorization file covering service scope, governance, AML, DORA, outsourcing, complaints, capital, and passporting readiness across the EU.

Discuss Your CASP Scope

AFM vs DNB and the end of the old DNB registration model

AFM vs DNB: split supervisory model in the Netherlands

The Dutch MiCA model should be read as a coordinated supervisory architecture, not as a one-regulator story. In practical terms, applicants usually need to prepare for scrutiny that spans:

authorization and conduct expectations associated with the AFM;
integrity, prudential, and AML-related expectations associated with DNB and the Dutch control environment more broadly;
EU-level convergence materials from ESMA and EBA, which increasingly shape what a “good” CASP file looks like in 2026.

This is why a narrow legal memo is rarely enough. The application must be internally consistent across business model, client journey, control framework, outsourcing map, and financial plan. Reviewers typically test whether the proposed governance actually matches the operational risk.

What changed after the end of the DNB AML-registration era

The old Dutch registration regime for certain crypto service providers under AML rules was a different legal framework with a different supervisory logic. It was not the same as a full MiCA authorization. The historical milestone most founders should remember is 30 June 2025 as the end-point of the transition narrative in practical market terms.

In 2026, businesses should not plan around “getting a DNB crypto registration.” They should plan around a full MiCA authorization file, including program of operations, fit-and-proper evidence, Travel Rule controls, DORA readiness, and passporting strategy.

View MiCA in Europe

AFM vs DNB in a Netherlands MiCA license project

Area	AFM	DNB
Authorization logic	Core role in CASP authorization and conduct-related review	Relevant within the broader Dutch supervisory architecture
Market conduct	Primary conduct focus	Indirect / coordinated relevance depending on issue
AML / integrity environment	Application consistency and controls review	Strong relevance through Dutch integrity and AML expectations
Prudential expectations	Relevant where tied to CASP authorization file	Relevant within Dutch prudential and integrity context
Founder takeaway	Prepare for a dual-touchpoint supervisory environment rather than a single-regulator filing mindset

Which businesses need a Netherlands MiCA license

Which businesses need a Netherlands MiCA license — and which do not

A business needs a Netherlands MiCA license if it provides one or more regulated crypto-asset services in scope of MiCA from the Netherlands or through a Dutch authorized entity. The analysis starts with actual functionality, not branding.

Typical in-scope models include:

custodial wallet providers controlling client keys or key infrastructure;
centralized exchanges matching or executing client trades;
brokers routing client orders to venues or liquidity providers;
OTC desks exchanging crypto for fiat or crypto for crypto as a business;
platforms providing transfer services for clients;
advisory or portfolio models where the service falls within MiCA definitions.

Businesses that are not automatically in scope include some pure software developers, certain infrastructure providers, and models genuinely outside MiCA’s service perimeter. But this is where founders make expensive mistakes. A front-end, API, wallet UX layer, or embedded execution flow may still place the business inside CASP territory if it controls key steps in custody, transfer, order routing, or exchange.

Services typically covered by CASP authorization

The core MiCA service list typically covers:

custody and administration;
operation of a trading platform;
exchange for funds;
exchange for crypto-assets;
execution of orders;
reception and transmission of orders;
placement;
transfer services;
advice on crypto-assets;
portfolio management where the service model falls within MiCA’s regulated perimeter.

Examples help. A mobile app allowing users to buy crypto with EUR through an integrated execution partner may still be in scope if the Dutch entity controls onboarding, pricing, routing, or client relationship. A B2B venue offering order book access and settlement workflows is likely closer to trading-platform logic. A wallet provider using MPC where the provider still participates in signing may still trigger custody analysis.

Edge cases: NFTs, DeFi, token issuers, software-only providers

“NFT” and “DeFi” are not magic exclusion words. In 2026, Dutch and EU analysis remains case-specific. Key edge cases include:

NFT collections that are functionally fractionalized or economically interchangeable;
DeFi interfaces where a legal person still controls fees, governance, front-end access, or execution pathways;
token issuers dealing with ARTs, EMTs, or other crypto-assets under MiCA issuance rules;
software-only providers that claim neutrality but in fact orchestrate regulated services.

The correct conclusion is usually one of three: in scope, out of scope, or requires detailed legal analysis. Founders should be especially careful where the business controls private-key logic, settlement permissions, fee extraction, or customer support around regulated transactions.

Read CASP Service Rules

Business model to MiCA service mapping

Business model	Likely MiCA service	Typical regulatory question
Custodial wallet	Custody and administration	Who controls keys, signing flow, recovery, and segregation?
Crypto/EUR app	Exchange for funds / execution / reception-transmission	Who prices, routes, executes, and settles the transaction?
OTC desk	Exchange for funds or crypto-assets	Is the entity principal, agent, or arranger?
Broker front-end	Reception and transmission / execution / advice	Does the entity influence order flow or only provide software?
Trading venue	Operation of a trading platform	How are orders matched, prioritized, cancelled, and monitored?
Crypto transfer gateway	Transfer services	How is Travel Rule data captured and transmitted?
Research/advisory desk	Advice on crypto-assets	Is the output generic content or client-specific recommendation?
NFT / DeFi interface	Needs case-by-case analysis	Is there real decentralization or a controlled intermediation layer?

Capital thresholds and mixed business models

Capital requirements and CASP service classes in the Netherlands

The key MiCA capital thresholds for CASPs are €50,000, €125,000, and €150,000. The applicable threshold depends on the services provided, and mixed models should be assessed against the highest-risk service in the package.

In practical terms:

advisory-only or limited order-related models may fall at the lower end;
intermediate brokerage or execution models may sit in the middle tier;
custody, exchange, and trading-platform models typically require the strongest prudential and control framework.

How to determine the correct capital threshold for a mixed business model

The correct method is not to average services. It is to identify the service that creates the highest prudential and operational risk. Examples:

advice + reception/transmission: usually lower than custody-led models;
exchange + custody: usually driven by the higher-risk custody/exchange perimeter;
platform + transfer services: often requires deeper market-abuse, operational, and Travel Rule controls.

A technical nuance often missed in budgeting: capital threshold is only one part of prudential planning. The regulator will also assess whether the business has enough liquidity to survive delayed revenue ramp-up, vendor concentration, incident costs, and compliance staffing. That is why RUE usually models both minimum capital and 12-month operating runway before filing.

MiCA capital thresholds for Dutch CASP planning

Threshold	Typical service profile	Practical note
€50,000	Lower-risk advisory or order-related models	Still requires full governance, AML, and documentation discipline
€125,000	Intermediate-risk service combinations	Usually requires stronger control evidence and more detailed financial planning
€150,000	Custody, exchange, or platform-led models	Most scrutiny on safeguarding, ICT, outsourcing, and incident readiness

Documents required for a Netherlands MiCA license application

Documents required for a Netherlands MiCA license application

A strong Dutch MiCA file usually contains 12-18 core document groups, and complex models require more. The regulator is not only checking whether documents exist, but whether they fit together without contradiction.

Core application pack

The core package commonly includes:

application form and corporate particulars;
program of operations describing services, client types, geographies, and workflows;
business plan and market rationale;
financial projections and capital plan;
governance map with roles, committees, reporting lines, and control functions;
AML/CTF framework including Wwft-aligned risk assessment and monitoring model;
risk framework covering operational, compliance, outsourcing, conduct, and ICT risks;
ICT and security policy set;
outsourcing register and vendor agreements;
complaints handling policy;
conflicts-of-interest policy;
shareholder and director files;
proof of capital and source-of-funds evidence.

Each document has a distinct purpose. For example, the program of operations explains what you do; the governance map explains who controls it; the AML framework explains how abuse is detected; and the ICT pack explains how the platform survives incidents.

Additional documents for custody, exchange, and platform operators

Higher-risk models usually need additional technical annexes, such as:

wallet architecture and key-management description;
hot/cold wallet segregation logic;
reconciliation procedures and exception handling;
market abuse surveillance logic for platform models;
order handling and execution flow;
safeguarding and client asset segregation design;
incident logs, escalation matrix, and recovery playbooks.

A useful technical nuance: for custody models, reviewers increasingly look for evidence that key ceremonies, privileged access, backup shard governance, and emergency recovery are operationally plausible, not just described in abstract security language.

Prepare MiCA Documents

Application document pack, purpose, and common regulator question

Document	Purpose	Common regulator question
Program of operations	Defines services, client journey, and operating model	Does the requested scope fully match the real business model?
Business plan	Shows commercial rationale and sustainability	Are assumptions realistic and internally consistent?
Financial projections	Demonstrates runway, capital adequacy, and viability	Can the firm survive 12 months of slower-than-planned growth?
AML/CTF framework	Explains KYC, monitoring, escalation, and sanctions controls	How are crypto-specific ML/TF risks calibrated in practice?
TFR / Travel Rule procedure	Explains originator-beneficiary data handling	What happens with unhosted wallets and incomplete counterparty data?
ICT security pack	Shows resilience, access control, logging, and incident readiness	Who controls critical systems and how are incidents classified?
Outsourcing register	Maps critical vendors and oversight controls	Can the firm supervise vendors or is it dependent on them?
Governance map	Clarifies board, management, and control functions	Who owns risk, compliance, and operational decisions?
Shareholder / director files	Supports fit-and-proper and ownership transparency	Are competence, integrity, and source of funds sufficiently evidenced?

EU passporting after obtaining a MiCA license in Netherlands

EU passporting after obtaining a MiCA license in Netherlands

A Netherlands MiCA license can be passported across the EU, but passporting is not automatic on day one without the required notification process. The home-state model allows an authorized Dutch CASP to expand into other 27 EU member states by notifying its home regulator of the intended cross-border services or branch setup.

The passporting workflow usually involves:

defining the target Member States and service types;
submitting the required notification through the Dutch home-state channel;
waiting for the home regulator to transmit the information under MiCA procedures;
starting cross-border activity only when the legal conditions for commencement are met.

The practical lead time is usually shorter than a full license application, but it still requires planning. Marketing, onboarding, language, complaints handling, and AML operations must be ready for the host market before launch. Passporting is therefore a compliance project, not just a formality.

What passporting does not solve: local consumer, tax, and marketing rules

Passporting does not erase all host-state obligations. A Dutch CASP expanding into France, Germany, Spain, or another EU market may still need to assess:

local consumer-law requirements;
tax registrations or VAT consequences;
marketing and financial-promotion rules;
GDPR and local data-handling expectations;
sanctions and geo-restriction controls in the operating setup.

This is why RUE treats passporting as part of launch design. A firm that is licensed but operationally unprepared for cross-border complaints, disclosures, and Travel Rule workflows can create avoidable supervisory friction very quickly.

Compare MiCA Jurisdictions

MiCA, DORA, and TFR compliance stack for a Dutch CASP

Layer	Main focus	Operational consequence
MiCA	Authorization, conduct, governance, safeguarding, disclosures	You need a valid CASP authorization and operating model aligned with the licensed scope
DORA	ICT risk, resilience, incident management, third-party risk	You need tested ICT controls, vendor oversight, logging, and incident workflows
TFR	Travel Rule data for crypto transfers	You need originator-beneficiary data capture, transmission, and exception handling
Wwft / AML	KYC, monitoring, suspicious activity, sanctions	You need a risk-based AML program calibrated to crypto-specific threats
GDPR	Personal data governance	You need lawful processing, retention logic, and security around sensitive client data

When the Netherlands is a strong fit for MiCA

Institutional-facing model

Well-suited to businesses that need a credible EU base for bank, EMI, PSP, or institutional counterparty discussions.

Custody or exchange complexity

A strong option where the business can support the heavier governance, security, and outsourcing evidence required for higher-risk models.

Serious EU expansion plan

Useful for firms that intend to passport and build a durable EU operating footprint rather than test the market on a minimal budget.

Not ideal for ultra-lean startups

Less suitable where founders expect a low-substance, low-documentation, founder-only setup with minimal compliance overhead.

Not ideal for unclear token models

If token classification, custody design, or DeFi claims are still unresolved, more pre-filing legal work is needed before choosing the Netherlands.

Best with banking preparation

Dutch licensing can improve banking discussions, but only if ownership, AML, transaction flows, and operational controls are bank-ready.

Common mistakes in Dutch MiCA applications

Common mistakes when applying for a MiCA license in Netherlands

The most common Dutch MiCA failures are not legal theory problems. They are consistency problems. Regulators usually challenge applications where the documents do not match the real operating model.

The 7 most common red flags regulators see

vague business model that does not clearly map to MiCA services;
weak board or senior team with limited relevant experience;
outsourced compliance without internal oversight;
generic AML framework with no crypto-specific calibration;
unclear custody or wallet architecture for models touching client assets;
opaque shareholder chain or weak source-of-funds evidence;
unrealistic projections that ignore compliance and ICT cost reality.

A useful practical rule is this: if a regulator asks “who controls this?” and the answer is “our vendor,” the file is usually underprepared. That applies to onboarding, screening, wallet operations, cloud hosting, customer support, and incident response.

This content is for general information only and is not legal or tax advice. RUE can perform a pre-filing gap review before the application is submitted.

Book a Gap Review

📝 Check Your Eligibility

Answer a few quick questions to find out if this jurisdiction suits your crypto business

Step 1 of 5

What type of crypto services will you provide?

Exchange (fiat ↔ crypto)

Custody & Wallet Services

Transfer & Payment Services

Advisory / Portfolio Management

Multiple / All of the Above

Step 2 of 5

What is your target market?

European Union only

EU + Global markets

Global (non-EU priority)

Step 3 of 5

Do you already have a registered company in the EU?

Yes, in this jurisdiction

Yes, in another EU country

No, I need to register one

Step 4 of 5

What is your available budget range?

Under €20,000

€20,000 – €50,000

€50,000 – €100,000

Over €100,000

Step 5 of 5

When do you plan to launch?

As soon as possible (1–3 months)

Within 6 months

Within a year

Just exploring options

✅

This Jurisdiction Is a Great Fit!

Based on your answers, this jurisdiction matches your business requirements well. Here's a quick summary:

Recommended License

CASP License

Estimated Budget

€24,000 – €35,000

Estimated Timeframe

4–6 months

EU Passporting

Available

📞 Get Personalized Assessment

Step-by-Step MiCA Licensing Process

Step 1

Regulatory Scoping

Define the exact CASP services, token perimeter, custody logic, target markets, and whether the model is in scope under MiCA. This is the stage that prevents months of rework later. Typical duration: 2-4 weeks.

Step 2

Dutch Entity Setup

Incorporate the Dutch company, register with KVK, structure ownership, appoint directors, and prepare the substance model. Banking and payroll planning should begin here, not after filing. Typical duration: 2-4 weeks.

Step 3

Governance and Policy Build

Prepare the core application pack: program of operations, AML/CTF framework, Travel Rule procedures, governance map, outsourcing register, complaints policy, conflicts policy, ICT and security documentation, and financial projections. Typical duration: 6-10 weeks.

Step 4

Pre-Filing Review

Run an internal quality check to test consistency across services, contracts, vendor setup, wallet architecture, and financial assumptions. This stage often identifies scope mismatches, weak board allocation, or missing DORA evidence. Typical duration: 1-2 weeks.

Step 5

Application Submission

Submit the application with supporting annexes and evidence of capital, ownership transparency, and management suitability. The completeness of the initial file strongly affects the speed of the next stage. Typical duration: 1 week.

Step 6

Completeness and Q&A

The authority reviews completeness and then runs the substantive assessment. The statutory review clock is **105 working days** after the file is deemed complete, but real projects often involve Q&A rounds and pauses. Typical end-to-end timing: 5-8+ months.

Step 7

Authorization and Launch

After authorization, finalize operational readiness: banking, Travel Rule workflows, incident reporting, vendor oversight, staff training, complaints handling, and EU passporting notifications where relevant. Typical duration: 2-4 weeks before full launch.

Start Your Application

Frequently Asked Questions

What is a MiCA license in Netherlands? +

A MiCA license in Netherlands is the market term for CASP authorization under the EU Markets in Crypto-Assets Regulation through the Dutch supervisory framework. It allows an authorized crypto-asset service provider to offer regulated services such as custody, exchange, brokerage, transfer, or advice, depending on the approved scope.

Is a Netherlands MiCA license the same as a CASP license? +

Yes. In practice, “Netherlands MiCA license,” “MiCA Licence in Netherlands,” and “Netherlands CASP license” refer to the same concept: authorization as a Crypto-Asset Service Provider under MiCA. “Crypto license” is still used colloquially, but CASP authorization is the more precise legal term in 2026.

Who regulates CASPs in the Netherlands: AFM or DNB? +

The Dutch model should be understood as a split supervisory architecture involving both AFM and DNB. The AFM is central to authorization and conduct-related review, while DNB remains relevant in the broader prudential and integrity environment, including AML-related expectations. Applicants should prepare for both touchpoints rather than assuming a single-regulator process.

How much capital is required for a MiCA license in Netherlands? +

The key MiCA capital thresholds for CASPs are €50,000, €125,000, and €150,000, depending on the services provided. Mixed models are usually assessed by reference to the highest-risk service in the package. Minimum capital must be distinguished from total funding needs, which should also cover substance, compliance, ICT, and at least 12 months of operating runway.

How long does the application take in the Netherlands? +

The statutory review period is 105 working days after the application is deemed complete. In practice, a well-prepared file usually takes around 5-8 months end to end, while custody, exchange, or platform-led models can take longer. The biggest timing variable is usually not the formal clock, but the quality and completeness of the initial filing.

Can a foreign founder obtain a Netherlands MiCA license? +

Yes. Foreign founders can own and operate a Dutch CASP structure, subject to ownership transparency, source-of-funds evidence, fit-and-proper review, and proportionate Dutch or EU substance. The critical issue is not nationality. It is whether the business can demonstrate effective management, credible governance, and a compliant operating model.

Do I need local substance in the Netherlands? +

Yes, proportionate substance is expected. The Dutch framework is not designed for a mailbox-only CASP. In practice, applicants should expect to maintain a registered office, accessible records, real management capacity, and sufficient operational presence to supervise the licensed activities. The more complex the model, the stronger the local substance expectation.

Can I passport a Netherlands MiCA license across the EU? +

Yes. Once authorized, a Dutch CASP can use MiCA passporting to expand across 27 EU member states through the required notification process. Passporting does not remove local tax, consumer-law, marketing, or GDPR considerations, so cross-border launch should be planned as a compliance project rather than treated as an automatic switch.

What documents are required for a Dutch MiCA application? +

A typical file includes the application form, program of operations, business plan, financial projections, governance map, AML/CTF framework, Travel Rule procedures, ICT and security policies, outsourcing register, complaints policy, conflicts policy, shareholder and director files, and proof of capital. Custody and exchange models usually need additional technical annexes on wallet architecture, reconciliation, safeguarding, and incident management.

Does MiCA cover NFTs or DeFi in the Netherlands? +

Sometimes, and often only after detailed analysis. NFTs and DeFi labels do not automatically place a project outside MiCA. The real test is whether the assets are functionally unique, whether the service is genuinely decentralized, and whether a legal person still controls custody, routing, fee extraction, governance, or client-facing intermediation. Many edge cases require a formal scope opinion.

What ongoing obligations apply after authorization? +

A Dutch CASP must maintain ongoing compliance with MiCA, AML/Wwft, sanctions, TFR, and operational-resilience expectations. This usually includes periodic reporting, event-driven notifications, complaints handling, governance reviews, staff training, transaction monitoring, Travel Rule operations, outsourcing oversight, and incident management. Custody models also need strong segregation, reconciliation, and key-governance controls.

How does DORA affect a Dutch CASP? +

DORA matters directly to CASP operating readiness in 2026. It adds structure around ICT risk management, incident classification and reporting, resilience testing, and third-party ICT risk. For a Dutch CASP, this means the regulator will increasingly expect evidence of access control, logging, backup, vendor oversight, cloud governance, and tested recovery procedures rather than generic cybersecurity statements.

Is the old DNB registration still valid in 2026? +

No as a substitute for MiCA authorization. The old pre-MiCA DNB registration regime was a different legal framework and should not be treated as equivalent to a Netherlands MiCA license in 2026. Businesses planning new operations or continued scaling should work from the full CASP authorization model, not legacy registration narratives.

What taxes apply to a licensed CASP in the Netherlands? +

A licensed Dutch CASP typically needs to assess corporate income tax, VAT, payroll taxes, and cross-border payment treatment. VAT is especially service-specific in crypto and can differ between exchange, advisory, software, and support revenues. Tax rates and treatment should be verified for the current year 2026 with the Belastingdienst and local tax advisers.

Regulated United Europe OÜ

Registration number: 14153440
Anno: 16.11.2016
Phone: +372 56 966 260
Email: [email protected]
Address: Laeva 2, Tallinn, 10111, Estonia

Company in Lithuania UAB

Registration number: 304377400
Anno: 30.08.2016
Phone: +370 6949 5456
Email: [email protected]
Address: Lvovo g. 25-702, Vilnius, 09320, Lithuania

Company in Czech Republic s.r.o.

Registration number: 08620563
Anno: 21.10.2019
Phone: +420 775 524 175
Email: [email protected]
Address: Na Perstyne 342/1, Prague

Company in Poland Sp. z o.o.

Registration number: 38421992700000
Anno: 28.08.2019
Email: [email protected]
Address: Twarda 18, Warsaw, 00-824, Poland

Please leave your request

The RUE team understands the importance of continuous assessment and professional advice from experienced legal experts, as the success and final outcome of your project and business largely depend on informed legal strategy and timely decisions. Please complete the contact form on our website, and we guarantee that a qualified specialist will provide you with professional feedback and initial guidance within 24 hours.

Main Services

Terms of Cooperation

Regulated United Europe