Crypto License in Estonia 2026

Obtain MiCA-compliant CASP authorization in Estonia with RUE. Legal support for exchanges, custodians, brokers, and trading platforms seeking structured EU market entry.

Book Free Consultation

Regulator

FI

Timeframe

3-8 months

Cost

from €19,900

Capital

€50k-€150k

CASP under MiCA; own funds and total budget depend on service mix and substance.

Why Estonia for a Crypto License

Estonia remains one of the most credible EU jurisdictions for crypto businesses, but in 2026 the legal reality is no longer the old VASP permit. The relevant route is CASP authorization under MiCA, supervised by Finantsinspektsioon, with national AML, corporate, tax, and operational rules still fully relevant.

Polina Merkulova

Polina Merkulova

Licensing Services Manager

[email protected]

As your point of contact, I help coordinate the licensing process end-to-end, keep communication clear, and move your application forward without unnecessary delays.

RUE structures Estonian CASP projects end-to-end: company formation, licensing strategy, governance design, AML/CFT framework, MiCA documentation, DORA-readiness mapping, and regulator-facing support.

We also coordinate related workstreams that usually delay crypto launches in practice: banking and EMI introductions, accounting setup, annual reporting, tax structuring, Travel Rule tooling, and local substance planning in Estonia.

Contact me

🏛️

MiCA-Based Authorization

The Estonian crypto license in 2026 means CASP authorization aligned with EU law, not the legacy FIU-era VASP model.

🌍

EU Expansion Logic

An Estonian CASP can use MiCA passporting mechanisms to scale across the EU, subject to notification and host-state operational rules.

💻

Digital Business Environment

Estonia offers efficient company administration, strong e-governance infrastructure, and a mature ecosystem for fintech and compliance operations.

🛡️

Credibility Through Substance

Estonia is not a light-touch shortcut. That is precisely why licensed structures here are taken seriously by banks, counterparties, and institutional clients.

Crypto License in Estonia 2026

55,000 EUR

Package includes (8)

Preparation of necessary documents for registration of a new company in Estonia 2026
Translation of a certificate of no criminal record through a sworn translator
Payment of state fees related to company registration
Payment of notary fees related to company registration
Preparation of compliance documents for MiCA application
Preparation of a business plan
Submission of the necessary documents to FI
Recruitment of local MLRO/Compliance officer

Timeframe: From 6 months

MiCA Class Comparison for Crypto License in Estonia 2026

Compare MiCA Class 1, Class 2 and Class 3 by permitted activities and baseline requirements.

Mica Class 1 - 50 000 EUR

CapitalFrom EUR 50,000 TimeCountry-specific

Swipe left/right to switch license type

Reception and transmission of client orders

Execution of orders on behalf of clients

Placement and advisory services

Portfolio management

No custody of client crypto-assets

Target Models

Advisory firms Introducing brokers Portfolio advisory setups

Mica Class 2 - 125 000 EUR

CapitalFrom EUR 125,000 TimeCountry-specific

Swipe left/right to switch license type

All Class 1 services

Crypto-fiat and crypto-crypto exchange

Custody and administration of client assets

Transfer services for crypto-assets

Higher organizational and AML requirements

Target Models

Exchanges Custody providers Broker-dealer operations

Mica Class 3 - 150 000 EUR

CapitalFrom EUR 150,000 TimeCountry-specific

Swipe left/right to switch license type

All Class 2 services

Operation of crypto-asset trading platform

Enhanced governance and internal controls

Advanced risk management and reporting

Typical for full-scale marketplace operators

Target Models

Trading venues Multi-service CASP groups Institutional-grade operators

Discuss this license

MiCA Class Comparison (Class 1, Class 2, Class 3)

Activity / Option	Mica Class 1 - 50 000 EUR	Mica Class 2 - 125 000 EUR	Mica Class 3 - 150 000 EUR
Reception and transmission of orders	V	V	V
Execution of orders on behalf of clients	V	V	V
Advisory and portfolio management	V	V	V
Crypto-fiat and crypto-crypto exchange	X	V	V
Custody and administration of crypto-assets	X	V	V
Operation of a trading platform	X	X	V

Comprehensive Requirements for Estonia Crypto License

An Estonia crypto license in 2026 means a CASP authorization under MiCA. The competent authority for CASPs is Finantsinspektsioon, while the Financial Intelligence Unit (FIU) remains central for AML reporting and enforcement in its statutory role. This is a materially different regime from the old VASP framework, both in document depth and in operational expectations.

The regulator reviews substance, not just paperwork. A compliant file must show that the applicant can actually operate the requested services: governance, internal controls, safeguarding, ICT resilience, AML/CFT, complaints handling, outsourcing oversight, and financial sustainability. For higher-risk models such as custody, exchange, transfer, or trading platform operation, the scrutiny is correspondingly deeper.

Exact requirements depend on service scope. A custody-focused applicant, a broker, and a trading platform do not carry the same prudential or operational burden. That is why a regulator-grade application must map each requested MiCA service to its capital bucket, control environment, outsourcing model, and client asset flow.

Estonian Legal Entity, Office, and Real Substance +

You need an Estonian company with genuine operational presence. In practice, applicants typically use an OÜ registered in the Estonian Commercial Register, with a real office, accessible records, and decision-making that can be evidenced in Estonia. A mailing address alone is not enough.

Operational office in Estonia, not a virtual-only setup;
Corporate records, contracts, and compliance files available for inspection;
Board governance that reflects real management, not nominee-only optics;
Substance proportionate to the business model, volumes, and risk profile.

For many applicants, local substance is also critical for banking, tax residency analysis, and regulator comfort on effective management.

Board, Key Persons, and Fit-and-Proper Assessment +

Management quality is a licensing issue, not an HR issue. Finantsinspektsioon assesses the reputation, competence, time commitment, and role clarity of directors and key function holders. As a practical baseline, applicants should plan for at least two board members and clearly allocated control functions.

Board members with relevant financial services, crypto, payments, risk, or compliance experience;
AML/CFT responsible person and reporting lines;
Compliance and risk ownership documented in policies and governance charts;
Clean criminal background, no unresolved regulatory integrity concerns, and transparent UBO structure;
Evidence that key persons have enough time to perform their duties.

A common failure point is appointing impressive names with no real availability. Regulators test substance through interviews, role descriptions, and internal reporting logic.

Minimum Capital and Prudential Readiness +

Capital depends on the MiCA service class requested. In broad market practice under MiCA, the relevant entry buckets are €50,000, €100,000, and €150,000, depending on the services. However, applicants must distinguish initial capital from ongoing own funds.

€50,000 typically applies to lower-risk service combinations such as reception/transmission of orders, advice, portfolio management, and transfer of crypto-assets;
€100,000 typically applies to execution of orders, placing of crypto-assets, and exchange of crypto-assets for funds or other crypto-assets;
€150,000 typically applies to custody/administration and operation of a trading platform.

After authorization, own funds must be maintained on an ongoing basis under MiCA prudential logic. For scaling businesses, the fixed-overheads test often becomes more relevant than the entry capital number shown in marketing materials.

AML/CFT, KYC, KYT, and Travel Rule Framework +

A generic AML manual is not enough. Your framework must be built around the actual risk profile of your services, clients, geographies, channels, and token flows. Estonian CASPs are expected to align with the Money Laundering and Terrorist Financing Prevention Act, MiCA governance expectations, and the recast Transfer of Funds Regulation for Travel Rule compliance.

Business-wide ML/TF risk assessment;
CDD/EDD procedures, including PEP and sanctions screening;
UBO identification and verification;
Source of funds and, where risk requires, source of wealth analysis;
Transaction monitoring and blockchain analytics (KYT);
Travel Rule data collection and transmission workflows for crypto transfers;
Suspicious transaction/activity reporting to the FIU;
Record retention for at least 5 years where required by AML law.

One practical nuance many articles miss: self-hosted wallet interactions are not prohibited per se, but they require a documented risk-based control model, including ownership verification or alternative mitigating controls where appropriate.

ICT Security, Custody Controls, and DORA Readiness +

CASP licensing now requires a credible ICT control environment. Under DORA, crypto firms must demonstrate operational resilience, incident handling, vendor oversight, and continuity planning. For custody or exchange models, the regulator will expect architecture-level explanations, not slogans.

ICT risk management framework and asset inventory;
Access control, MFA, privileged access governance, and logging;
Wallet architecture using combinations of MPC, HSM, multisig, and hot/cold segregation;
Client asset segregation and reconciliation controls;
Business continuity and disaster recovery planning;
Major ICT incident classification and reporting workflows;
Third-party ICT provider governance and outsourcing register;
Vulnerability management, patching, and penetration testing.

ISO 27001 is not a statutory substitute for DORA, but it is often a useful evidence layer when documenting the security management system.

Business Plan, Financial Model, and Source of Funds +

The application must prove viability, not just legality. Finantsinspektsioon expects a business plan tied to the requested services, governance model, target markets, outsourcing structure, and realistic financial assumptions. A standard practical baseline is a 2-year business plan with opening balance sheet, P&L, cash flow, and capital planning.

Service-by-service revenue model;
Client acquisition assumptions and concentration risk;
Cost of compliance, staff, technology, and external vendors;
Liquidity runway and stress assumptions;
Documented source of funds for shareholders and capitalization;
Explanation of how prudential own funds will be maintained post-launch.

A recurring red flag is a business plan that ignores the cost of Travel Rule vendors, KYT tools, audit, DORA controls, and payment infrastructure. Regulators notice immediately when the numbers are not operationally credible.

Safeguarding, Complaints Handling, and Client Disclosure +

Client protection is a core MiCA theme. If you hold client crypto-assets or client funds, you must show how they are segregated, reconciled, protected from misuse, and recoverable in distress scenarios. Even non-custodial service providers need clear customer documentation and complaints procedures.

Terms of business and risk disclosures aligned with actual services;
Clear fee schedule and execution logic;
Complaints handling policy with escalation path and response timelines;
Segregation of client assets and internal ledger controls where applicable;
Conflict-of-interest policy and disclosure framework;
Outsourcing controls where customer-facing functions are delegated.

For custody models, the insolvency treatment of client assets and the legal structure of wallet control should be documented with unusual care. This is one of the most scrutinized areas in serious CASP files.

Banking, Payments, and Fiat Rails +

Licensing and banking are separate workstreams. An Estonian crypto license improves credibility, but it does not automatically create bankability. Applicants should prepare a parallel banking strategy covering operational accounts, safeguarding logic, fiat settlement, and payment counterparties.

Corporate account strategy in Estonia or another EU jurisdiction;
EMI/PSP relationships for SEPA flows and client payments;
Transaction flow mapping between wallets, treasury, and fiat accounts;
Bank-facing AML pack and business model summary;
Contingency planning if the first banking route is delayed.

RUE typically treats banking readiness as part of the license project, not as an afterthought, because weak fiat rails can delay launch even after authorization is granted.

Jurisdiction Comparison

Compare Estonia with other jurisdictions by key conditions for obtaining and operating a MiCA/CASP license: regulator, review period, fees, capital, local substance, and passporting.

* This table focuses on MiCA/CASP authorization conditions. Use the settings icon to customize countries and parameters.

💰 Licensing Cost Estimator

Get an approximate cost estimate for your crypto license based on your business needs

Configure Your Licensing Package

Select options below to see estimated costs

License Type

Mica Class 1

Mica Class 2

Mica Class 3

Do you need company registration?

Yes — Register New Company

No — I Have a Company

Additional Services

✓ AML/KYC Package ✓ Bank Account Opening ✓ Physical Office ✓ Compliance Officer

Estimated Cost

€0

Estimated Timeframe

Country-specific

Capital Requirement

€0

📞 Get Exact Quote

* This calculator provides approximate estimates only. Actual costs may vary based on your specific situation. Contact us for a detailed personalized quote.

Taxation of Crypto Companies in Estonia

Estonia remains attractive from a corporate tax timing perspective. The core feature is that resident companies generally pay 0% corporate income tax on retained and reinvested profits, while profit distributions are taxed when made. For many founder-led crypto businesses, this is commercially significant because licensing, technology, and compliance costs are front-loaded.

How the Estonian corporate tax model works

Tax is triggered on distribution, not on accrual. If the company earns profit and keeps it inside the business, no corporate income tax is generally due at that stage. When profits are distributed, the standard corporate tax burden is typically expressed as 22/78 of the net distributed amount, which corresponds to 22% of the grossed-up taxable base under the 2026 regime.

Company retains profit for growth: generally 0% current corporate tax;
Company distributes €78,000 net: corporate income tax is €22,000;
Total pre-distribution profit represented: €100,000.

This timing advantage does not eliminate the need for tax planning. Founders still need to assess management remuneration, cross-border dividend treatment, permanent establishment risk in other countries, transfer pricing, and VAT characterization of services.

VAT treatment needs service-by-service analysis

Not all crypto services are VAT-exempt. Following the logic of ECJ Hedqvist, certain exchange services may fall within VAT exemption treatment similar to currency exchange. But custody, software access, white-label infrastructure, SaaS, API services, token listing support, or advisory work may be taxable depending on the exact legal and factual structure.

Operational costs matter as much as tax rates

For a licensed CASP, the real annual burden is usually operational rather than tax-driven: audit, accounting, local substance, compliance staff, KYT, Travel Rule tooling, external legal support, and DORA controls. That is why RUE usually plans tax and licensing together, not as separate projects.

Corporate Income Tax

Deferred until profit distribution

0% / 22%

Retained profits are generally taxed at 0% until distribution. When profits are distributed, Estonian corporate income tax applies. In 2026, the standard formula is commonly expressed as 22/78 of the net distributed amount. This is attractive for businesses reinvesting into licensing, product buildout, compliance, and expansion.

Dividend Distribution Logic

Tax arises at company level on distributions

22/78

The company, not the shareholder alone, bears the Estonian distribution tax mechanism. Example: if the company wants shareholders to receive €78,000 net, the company pays €22,000 corporate income tax, making the total pre-tax distributable profit €100,000. Cross-border shareholder taxation must still be checked separately.

Value Added Tax (VAT)

Depends on the exact crypto service supplied

0% / 24%*

VAT treatment is not uniform across crypto businesses. Certain exchange services may be exempt under EU case-law logic, while custody, software, consulting, technical integration, and ancillary services may be taxable. The standard Estonian VAT rate is 24% in 2026 where taxable supplies arise. Always verify the classification of each revenue line.

*Standard rate shown for taxable supplies; exemption depends on service characterization.

Payroll Taxes

Relevant for local staff and management

Variable

Local substance usually creates payroll tax exposure. If the company hires staff or pays management remuneration in Estonia, salary taxation and social charges apply under Estonian employment and tax rules. This is often a larger recurring cost than founders initially model.

Accounting and Annual Reporting

Mandatory for Estonian companies

€3,000-€18,000+

Every Estonian company must maintain accounting and file annual reports. For CASPs, costs are higher because transaction flows, safeguarding, reconciliations, and audit-readiness are more complex than in ordinary trading companies. See our Accounting services in Estonia and Annual report for an Estonian company pages for the corporate reporting layer.

External Audit

Often required or commercially expected

€8,000-€35,000+

Audit cost depends on scale, service mix, and custody complexity. A CASP with client asset flows, fiat settlement, and multiple vendors should budget materially more than a simple advisory-only structure. Audit scope may expand where safeguarding, outsourcing, or incident controls require deeper testing.

Compliance Tooling

KYC, KYT, Travel Rule, sanctions, case management

€12,000-€120,000+

Most crypto companies underestimate tooling costs. Annual spend may include identity verification, sanctions screening, blockchain analytics, Travel Rule messaging, case management, secure archiving, and monitoring infrastructure. These costs directly affect prudential planning and runway.

Office and Local Substance

Real presence, not a letterbox

€18,000-€180,000+

Estonia is efficient, but not substance-free. Budget for office rent, local directors or senior presence, compliance support, and administrative operations. The exact figure depends on whether functions are in-house, outsourced, or hybrid.

Compliance & Ongoing Obligations

Authorization is the starting line. An Estonian CASP must maintain prudential, AML, governance, reporting, and ICT controls on a continuous basis.

📊

Reporting and Corporate Filings

Annual financial statements and statutory corporate filings
Regulatory reporting required by Finantsinspektsioon
Notification of material changes in ownership, management, or services
Documented board minutes and governance records
Ongoing capital and own funds monitoring

🛡️

AML, KYC, and Sanctions

Customer due diligence and enhanced due diligence for high-risk cases
Ongoing transaction monitoring and blockchain analytics screening
Travel Rule compliance for in-scope crypto transfers
Suspicious activity reporting to the FIU
Retention of AML and business records for at least 5 years where required

🔐

Operational Resilience and DORA

ICT risk management framework and asset inventory
Incident classification, escalation, and regulatory reporting
Business continuity and disaster recovery testing
Third-party ICT provider oversight and outsourcing register
Access control, logging, vulnerability management, and security reviews

📋

Client Protection and Governance

Segregation and reconciliation of client assets where applicable
Complaints handling and customer communications controls
Conflict-of-interest management and disclosure
Periodic policy updates and staff training
Review of outsourcing, vendor, and safeguarding arrangements

💡

RUE handles compliance for you. Our team provides ongoing compliance support, including AML officer services, regulatory reporting, and policy updates. We ensure your license stays in good standing year after year. Contact us for compliance support →

What changed in 2026: is there still a crypto license in Estonia?

What changed in 2026: is there still a crypto license in Estonia?

Yes, but legally it is no longer the old VASP-style Estonian crypto license. In 2026, when founders search for crypto license in Estonia, the legally correct concept is CASP authorization under Regulation (EU) 2023/1114 (MiCA). Estonia implemented the national supervisory architecture through its domestic legal framework, while the competent authority for CASPs is Finantsinspektsioon.

The transition matters because the old FIU-issued VASP model was AML-centered, while the CASP regime is full financial supervision. Under the legacy system, businesses could operate with a national authorization focused primarily on AML/CFT. Under MiCA, the regulator assesses governance, safeguarding, prudential capital, complaints handling, outsourcing, ICT resilience, and conduct obligations in a far more integrated way.

The key dates are:

1 July 2024: Estonia’s national transition architecture took effect in practice for the move toward MiCA supervision;
30 December 2024: MiCA became fully applicable for CASP authorization across the EU;
1 July 2026: end of the Estonian transition period for legacy VASP operators.

For new entrants, the practical answer is simple: there is no strategic reason to build around the old VASP vocabulary. The application, internal controls, and launch model should be designed as a MiCA-ready CASP project from day one. RUE supports this through CASP licensing, MiCA licence in Estonia, and MiCA application document preparation.

Discuss Your CASP Scope

VASP vs CASP in Estonia

Topic	Legacy VASP Model	Current CASP Model
Legal basis	National AML-focused regime	MiCA + Estonian implementing/supervisory framework
Main authority	FIU	Finantsinspektsioon
Core focus	AML registration/authorization logic	Prudential, conduct, safeguarding, AML, ICT, governance
Passporting	No MiCA passporting	MiCA passporting framework across the EU
Transition deadline	Ended 1 July 2026	Current live regime for new applicants
Automatic conversion?	No	No automatic conversion from VASP

What services does an Estonia crypto license cover?

What services does an Estonia crypto license cover?

An Estonian CASP authorization covers specific crypto-asset services listed under MiCA, not a vague universal crypto permission. Your application must identify the exact services requested, and the regulator will assess your governance, capital, outsourcing, and control environment against that scope.

The main MiCA service categories include:

Custody and administration of crypto-assets on behalf of clients;
Operation of a trading platform for crypto-assets;
Exchange of crypto-assets for funds;
Exchange of crypto-assets for other crypto-assets;
Execution of orders on behalf of clients;
Reception and transmission of orders for crypto-assets on behalf of clients;
Placing of crypto-assets;
Transfer services for crypto-assets on behalf of clients;
Portfolio management of crypto-assets;
Providing advice on crypto-assets.

Not every Web3 business needs a CASP authorization. Pure software development, node infrastructure, self-custody tooling, non-custodial interfaces, or protocol-layer services may fall outside licensing in some cases, but only after a fact-specific legal analysis. The decisive issue is not branding; it is whether the business actually performs a regulated service for clients.

A practical nuance often missed in competitor articles: if your platform controls order routing, settlement logic, client instructions, or wallet access in a way that goes beyond neutral software provision, the licensing analysis changes quickly. That is why RUE usually starts with a service-mapping memo before drafting the application.

Get Service Scope Analysis

Capital matrix by MiCA service type

Service Type	Typical Minimum Capital	Notes
Reception and transmission of orders / Advice / Portfolio management / Transfer	€50,000	Lower entry bucket, but still subject to governance and own funds rules
Execution of orders / Placing / Exchange crypto-to-fiat / Exchange crypto-to-crypto	€100,000	Often paired with stronger AML, market conduct, and operational controls
Custody and administration / Operation of a trading platform	€150,000	Highest standard entry bucket in common CASP structuring; safeguarding burden is materially higher

Always verify the exact capital bucket against the final service mix and current regulator interpretation before filing. Initial capital is not the same as ongoing own funds.

Minimum capital and own funds: the part most articles get wrong

Initial capital and ongoing own funds are different tests. The entry capital figure is the amount you must have to qualify for authorization based on the services requested. Ongoing own funds are a prudential maintenance obligation after authorization, and for a growing business they can become the real constraint.

Why this matters in practice:

A startup exchange may enter at €100,000, but if fixed overheads rise because of staffing, compliance tooling, market expansion, and custody infrastructure, the own-funds requirement can exceed the initial number;
A custody provider starting at €150,000 may later need a stronger capital buffer because safeguarding, insurance, reconciliation, and security operations materially increase the cost base;
Regulators look at solvency and continuity, not just whether the share capital was paid on incorporation day.

The practical prudential logic is usually a higher-of test. In simplified terms, the firm must maintain at least the higher of the applicable initial capital threshold or the relevant ongoing own-funds measure linked to fixed overheads and any other applicable MiCA metrics. This is why serious applicants build a monthly capital adequacy dashboard before launch.

A useful founder-level rule: if your budget model ignores audit, Travel Rule vendor fees, KYT, local staff, board costs, cyber controls, and legal updates, your own-funds planning is probably wrong.

Documents required for an Estonian CASP application

Documents required for an Estonian CASP application

A regulator-grade CASP file is a structured dossier, not a single form. The exact package depends on the requested services and operating model, but most serious Estonia crypto license applications include the following document groups.

Corporate and ownership documents

Incorporation documents and Commercial Register extracts;
Shareholding chart and UBO disclosure;
Source-of-funds evidence for capitalization;
Group structure documents where a parent or holding company is involved.

Governance and key persons

Board composition and governance chart;
CVs, diplomas, references, and role descriptions for directors and key staff;
Criminal record certificates and fit-and-proper questionnaires;
Conflict-of-interest, outsourcing, remuneration, and complaints policies.

Financial and prudential file

2-year business plan with financial projections;
Opening balance sheet and capitalization evidence;
Capital adequacy and own-funds planning;
Forecasts for revenue, costs, liquidity, and stress scenarios.

AML/CFT and operational controls

Business-wide ML/TF risk assessment;
KYC/CDD/EDD procedures, sanctions and PEP screening logic;
Travel Rule implementation description;
Transaction monitoring and suspicious activity reporting process;
Recordkeeping and data retention controls.

ICT and security materials

System architecture description;
Custody model and key management controls where relevant;
DORA-aligned incident, continuity, backup, and vendor-risk documents;
Access control, logging, vulnerability management, and penetration testing evidence.

The most common delay drivers are predictable: unclear service scope, weak source-of-funds evidence, generic AML manuals, no real Estonian substance, and technology descriptions that never explain who actually controls wallets, keys, order flow, or client data.

Prepare Application Documents

Realistic budget for an Estonia crypto license

State Fee

Official application fees must always be checked against the current Estonian fee schedule and Finantsinspektsioon materials before filing.

Share Capital

Plan for €50,000, €100,000, or €150,000 depending on services, plus additional runway for actual operations.

Legal and Licensing

Drafting, gap analysis, regulator responses, and fit-and-proper support usually form a major part of the project budget.

Local Substance

Office, local administration, board support, and compliance functions create recurring cost even in a lean setup.

Compliance Tooling

KYC, sanctions screening, KYT, Travel Rule, secure archiving, and case management are often underestimated by first-time applicants.

Audit and Accounting

Annual reporting, accounting, reconciliations, and audit-readiness should be budgeted from the start, not after approval.

State fee vs total project cost

State fee vs total project cost

The regulator fee is only one line item. Founders often focus on the official filing fee because it is easy to quote, but the real licensing budget usually consists of:

official state fee;
paid-up share capital;
company setup and substance costs;
legal drafting and application management;
AML/CFT framework and risk assessment;
DORA and ICT documentation;
KYC/KYT/Travel Rule tooling;
audit, accounting, and annual reporting;
banking and payment onboarding.

In practical 2026 planning, most serious Estonia CASP projects should budget for a total launch stack well above the state fee alone. For a lean advisory or brokerage model, this may still be manageable. For custody, exchange, or platform models, the budget rises sharply because safeguarding, ICT resilience, and banking complexity rise together.

RUE follows a no-hidden-fees approach and usually builds a low / base / high scenario budget before the filing stage, so founders can see where the real cost drivers sit.

Request Budget Estimate

Does an Estonia crypto license give EU passporting rights?

Does an Estonia crypto license give EU passporting rights?

Yes, an Estonian CASP authorization is designed to support EU passporting under MiCA, but it is not a magic switch that makes you automatically operational everywhere on day one. The authorization creates the legal basis for cross-border activity across the 27 EU member states, subject to the relevant notification and operational requirements.

The practical sequence is:

Obtain CASP authorization from Finantsinspektsioon;
Notify the home authority of the member states where you intend to provide services or establish a branch;
Ensure customer documentation, complaints handling, marketing, and operational setup are suitable for the target markets;
Launch cross-border activity after the applicable passporting process is completed.

What many competitor pages oversimplify:

Passporting does not remove local consumer law, tax, or advertising obligations;
Local-language disclosures may still be commercially or legally necessary;
If you market aggressively into a host state, your communications must still comply with local consumer-facing standards;
Banking and payment partners may require separate onboarding for each major market.

For businesses targeting several EU states from launch, passporting should be planned as an operational rollout project, not just a legal footnote. We cover this in our broader MiCA license in Europe and CASP regulation materials as well.

Plan EU Expansion

Is Estonia the right jurisdiction for your crypto business?

Estonia is best for founders who want a serious EU-regulated structure, not a low-friction shortcut. It is particularly suitable for businesses that need credibility with counterparties, want a disciplined governance model, and are prepared for MiCA-grade compliance from the start.

Best fit profiles:

EU-focused exchanges and brokers that need a clean MiCA route;
Custody providers with institutional security architecture;
Trading venues and order-execution models with real compliance budgets;
Crypto advisory and portfolio management businesses targeting regulated growth;
Groups that value Estonian digital administration and local legal infrastructure.

When another jurisdiction may be better:

your budget is too small for real substance and ongoing compliance;
your service model is still legally unclear and may not need CASP authorization at all;
you want a light-touch offshore-style setup rather than an EU-supervised institution;
your main target market is outside the EU.

RUE is headquartered in Estonia, so we usually give founders a blunt answer early: if you are not ready for governance, AML, DORA, and post-license operating discipline, Estonia is not the right place to pretend otherwise. If you are ready, it is one of the strongest jurisdictions in Europe.

RUE support for Estonia CASP projects

RUE support for Estonia CASP projects

We do not sell template packs. RUE supports Estonia crypto license projects as integrated regulatory builds:

service-scope and licensing analysis;
Estonian company formation and substance planning;
MiCA application drafting and regulator correspondence;
AML/CFT, Travel Rule, and sanctions framework design;
DORA and ICT governance documentation;
banking and EMI onboarding support;
accounting, annual reporting, and tax coordination in Estonia;
post-license compliance operating model.

Related internal resources: Crypto license 2026, Cryptocurrency Regulation in Estonia 2026, Crypto Business Bank Account, Bank account in Estonia, Legal services in Estonia, and Accounting services in Estonia.

Start Your Estonia CASP Project

📝 Check Your Eligibility

Answer a few quick questions to find out if this jurisdiction suits your crypto business

Step 1 of 5

What type of crypto services will you provide?

Exchange (fiat ↔ crypto)

Custody & Wallet Services

Transfer & Payment Services

Advisory / Portfolio Management

Multiple / All of the Above

Step 2 of 5

What is your target market?

European Union only

EU + Global markets

Global (non-EU priority)

Step 3 of 5

Do you already have a registered company in the EU?

Yes, in this jurisdiction

Yes, in another EU country

No, I need to register one

Step 4 of 5

What is your available budget range?

Under €20,000

€20,000 – €50,000

€50,000 – €100,000

Over €100,000

Step 5 of 5

When do you plan to launch?

As soon as possible (1–3 months)

Within 6 months

Within a year

Just exploring options

✅

This Jurisdiction Is a Great Fit!

Based on your answers, this jurisdiction matches your business requirements well. Here's a quick summary:

Recommended License

CASP License

Estimated Budget

€24,000 – €35,000

Estimated Timeframe

4–6 months

EU Passporting

Available

📞 Get Personalized Assessment

Step-by-Step Licensing Process

Step 1

Scope and Feasibility

We map your business model to MiCA service classes, identify whether CASP authorization is required, define capital bucket, and assess Estonia fit. Duration: 1-2 weeks.

Step 2

Company Setup

Register the Estonian entity, structure ownership, arrange legal address and office, appoint board members, and plan local substance. Duration: 1-4 weeks.

Step 3

Pre-Filing Readiness

Build the regulator-facing file: 2-year business plan, governance framework, AML/CFT package, DORA and ICT controls, financial model, source-of-funds evidence, and service descriptions. Duration: 3-8 weeks.

Step 4

Application Submission

Submit the CASP application to Finantsinspektsioon with the required annexes and official fee payment. The file must be complete enough to pass the initial admissibility and completeness stage. Duration: 1 week.

Step 5

Completeness Review

The regulator checks whether the application package is complete. A practical benchmark is around 25 working days, but the clock may pause if information is missing or clarification is requested.

Step 6

Substantive Review

Finantsinspektsioon reviews governance, capital, AML, safeguarding, outsourcing, and ICT resilience in substance. A practical benchmark is around 40 working days, with possible extension and multiple rounds of questions.

Step 7

Interviews and Q&A

Board members and key persons may be interviewed. We coordinate responses, remediate gaps, and align documents with regulator comments. This stage often determines whether the timeline stays realistic.

Step 8

Authorization and Launch

After approval, the company finalizes banking, vendor onboarding, internal reporting, staff training, and, where relevant, MiCA passporting notifications. Realistic total project timeline: 3-8 months.

Start Your Application

Frequently Asked Questions

Is there still a VASP license in Estonia in 2026? +

No, the relevant route in 2026 is CASP authorization under MiCA, not a new legacy VASP license. The old Estonian VASP framework was transitional and AML-centered. For new applicants, the legally relevant concept behind the search term crypto license in Estonia is a MiCA-compliant CASP authorization supervised by Finantsinspektsioon.

Who regulates crypto companies in Estonia now? +

Finantsinspektsioon is the key authority for CASP authorization and supervision. The FIU still matters in the AML/CFT ecosystem, especially for suspicious activity reporting and enforcement within its competence, but the licensing authority for MiCA CASPs is no longer the old FIU-led VASP model.

What is the minimum capital for an Estonian CASP? +

The typical MiCA entry buckets are €50,000, €100,000, and €150,000 depending on the services requested. Lower-risk services such as advice or reception/transmission of orders usually sit in the lower bucket, while custody and trading platform operation usually sit in the highest bucket. Always confirm the exact capital category against your final service scope before filing.

What is the difference between initial capital and own funds? +

Initial capital is the entry threshold for authorization; own funds are the ongoing prudential requirement after licensing. Many founders budget only for the entry number and miss the fact that a growing CASP may need to maintain a higher amount over time due to fixed overheads and other prudential metrics. This becomes especially important for exchanges and custody businesses.

How long does the Estonia crypto license process take in practice? +

A realistic project timeline is usually 3-8 months. Company setup may take 1-4 weeks, documentation 3-8 weeks, completeness review around 25 working days, and substantive review around 40 working days, often with extensions or clock-stops if the regulator requests more information. Complex custody or platform models can take longer.

Do I need a physical office in Estonia? +

Yes, you should plan for real operational presence in Estonia, not just a correspondence address. The regulator expects substance proportionate to the business model. A real office, accessible records, local management presence, and evidence of actual decision-making materially strengthen both the licensing file and later banking discussions.

Do I need local directors or local management? +

You need real governance and effective management, and in practice local substance is strongly advisable. Estonia does not operate on a pure mailbox logic for CASPs. Applicants generally plan for at least two board members, clear control functions, and enough local presence to demonstrate operational reality. The exact residency mix should be assessed case by case.

Can non-residents own an Estonian crypto company? +

Yes, non-residents can own the company. Estonia does not prohibit foreign ownership of an OÜ used for CASP licensing. However, shareholders and UBOs must be fully transparent, pass integrity checks where relevant, and document the lawful source of funds used for capitalization and operations.

What services can the Estonian crypto license cover? +

An Estonian CASP can cover custody, exchange, execution, reception and transmission of orders, placing, transfer services, portfolio management, advice, and operation of a trading platform. The authorization is scope-specific. You only receive approval for the services actually requested and supported by your governance, capital, and control environment.

Does the license cover crypto-to-fiat and crypto-to-crypto exchange? +

Yes, both can be covered if they are included in the CASP application scope. Exchange of crypto-assets for funds and exchange of crypto-assets for other crypto-assets are recognized MiCA service categories. These models usually require stronger AML, transaction monitoring, and banking/payment infrastructure than advisory-only businesses.

Is custody included in an Estonia crypto license? +

Custody is a separate regulated service and must be expressly requested. It is one of the most demanding service lines because it triggers deeper scrutiny of safeguarding, wallet architecture, key management, reconciliation, incident response, and insolvency treatment of client assets. In typical MiCA structuring, custody sits in the €150,000 capital bucket.

Do I need an AML officer for an Estonian CASP? +

Yes, a clearly assigned AML/CFT responsible function is essential. The exact title and structure may depend on your model, but the regulator expects a competent person responsible for AML controls, suspicious activity escalation, staff training, and interaction with the FIU where required. A nominal appointment without real authority is a common red flag.

What AML controls are expected from an Estonian crypto company? +

The baseline includes KYC, EDD, sanctions and PEP screening, KYT, suspicious activity reporting, and Travel Rule compliance. You also need a business-wide risk assessment, source-of-funds procedures, ongoing monitoring, and recordkeeping for at least 5 years where required by AML rules. For self-hosted wallet exposure, a documented risk-based framework is expected.

Does DORA apply to Estonian CASPs? +

Yes, DORA is part of the operating reality for CASPs in the EU. In practice this means ICT risk management, incident classification and reporting, business continuity, disaster recovery, third-party ICT oversight, and documented resilience controls. For custody and exchange models, DORA readiness is not an optional extra; it is part of regulator credibility.

Does an Estonia crypto license give automatic access to the whole EU? +

It gives access to the MiCA passporting framework, not automatic same-day launch everywhere. After authorization, cross-border activity into other EU states normally requires the relevant notification process and operational readiness for those markets. Local consumer, tax, language, and marketing rules may still matter in each target country.

What taxes apply to a licensed crypto company in Estonia? +

The main corporate feature is 0% tax on retained profits and taxation on distribution. In 2026, distributed profits are generally taxed using the 22/78 formula on the net amount distributed. VAT treatment depends on the exact service line: some exchange services may be exempt, while custody, software, advisory, and ancillary services may be taxable.

Are audited financial statements mandatory? +

Audit obligations depend on the company’s legal and regulatory profile, but licensed CASPs should assume a high standard of financial reporting and audit-readiness. Even where a statutory audit threshold analysis is needed, counterparties, banks, investors, and regulators usually expect audited or audit-ready financials for a serious crypto business operating under MiCA.

What are the most common reasons for refusal or delay? +

The most common problems are unclear service scope, weak source-of-funds evidence, generic AML manuals, lack of real substance, and poor governance. Other frequent issues include unrealistic financial projections, no credible banking strategy, and technology descriptions that never explain custody, wallet control, or incident management in operational terms.

Can RUE help with banking and post-license compliance in Estonia? +

Yes. RUE supports not only the licensing file but also the adjacent workstreams that usually determine whether the business can actually launch: crypto business banking, bank account opening in Estonia, Estonian accounting, annual reporting, MiCA documentation, and ongoing compliance structuring.

Regulated United Europe OÜ

Registration number: 14153440
Anno: 16.11.2016
Phone: +372 56 966 260
Email: [email protected]
Address: Laeva 2, Tallinn, 10111, Estonia

Company in Lithuania UAB

Registration number: 304377400
Anno: 30.08.2016
Phone: +370 6949 5456
Email: [email protected]
Address: Lvovo g. 25-702, Vilnius, 09320, Lithuania

Company in Czech Republic s.r.o.

Registration number: 08620563
Anno: 21.10.2019
Phone: +420 775 524 175
Email: [email protected]
Address: Na Perstyne 342/1, Prague

Company in Poland Sp. z o.o.

Registration number: 38421992700000
Anno: 28.08.2019
Email: [email protected]
Address: Twarda 18, Warsaw, 00-824, Poland

Please leave your request

The RUE team understands the importance of continuous assessment and professional advice from experienced legal experts, as the success and final outcome of your project and business largely depend on informed legal strategy and timely decisions. Please complete the contact form on our website, and we guarantee that a qualified specialist will provide you with professional feedback and initial guidance within 24 hours.

Main Services

Terms of Cooperation

Regulated United Europe