MiCA's Territorial Scope — Why Non-EU Companies Are Affected
MiCA Regulation (EU) 2023/1114 applies on a client-location basis. MiCA Art. 2 establishes that it applies to crypto-asset service providers that "provide crypto-asset services or offer to provide crypto-asset services to clients located in the Union." The regulation does not require the service provider to be established in the EU — only the clients.
This means a Cayman Islands exchange, a Singapore custodian, a US broker-dealer expanding into crypto, or a UAE exchange providing services to EU users is subject to MiCA — and must obtain a CASP authorization. The EU has made clear through ESMA guidance that "active solicitation" of EU clients — including websites accessible in EU languages, EU-targeted advertising, app store availability in EU member states, or accepting EU payment methods — constitutes providing services to EU clients.
For non-EU businesses, MiCA creates three possible paths:
- Path 1 — Establish an EU subsidiary and obtain CASP authorization: The compliant and scalable solution for any business that wants meaningful EU market access
- Path 2 — Rely on reverse solicitation (Art. 61): A narrow exception applicable only to truly unsolicited client approaches — not a viable commercial strategy
- Path 3 — Withdraw from the EU market: Accept that EU clients cannot be served and implement genuine geographic restrictions
Reverse Solicitation — Art. 61 and Why It Does Not Work as a Strategy
MiCA Art. 61 provides that third-country firms may provide crypto-asset services to EU clients without authorization when the service is provided "solely at the own exclusive initiative of the client." This is the reverse solicitation exception — and it is far narrower than many non-EU businesses assume.
ESMA's guidelines on reverse solicitation (published 2025) establish that the exception applies only when:
- The EU client initiates the contact entirely of their own initiative, without any prior solicitation by the third-country firm
- The third-country firm has not engaged in any advertising, marketing, promotional activity, or canvassing directed at EU clients — directly or indirectly
- The third-country firm does not then use the client-initiated contact to offer additional services or products beyond the specific service the client requested
ESMA's guidelines specifically identify the following as disqualifying the reverse solicitation exception:
- Website content accessible to EU users without geographic restrictions
- Social media presence targeting EU audiences
- Onboarding EU clients via partnerships or referral arrangements
- Mobile app availability in EU app stores
- Accepting EU payment methods (SEPA transfers, EU-issued cards)
- Having customer support available in EU languages
- Using EU-targeted keywords in advertising
Any non-EU crypto business that maintains a website, social media presence, or mobile app accessible to EU users without genuine geographic restrictions is very likely not eligible for the reverse solicitation exception. ESMA interprets this provision as a narrow residual exception, not a route to EU market access. Relying on it exposes businesses to NCA enforcement action and significant reputational risk.
How to Set Up an EU Subsidiary for CASP Authorization
The compliant and commercially scalable solution for non-EU businesses is to establish a genuine EU subsidiary and obtain CASP authorization. "Genuine" is the critical word — MiCA and all NCAs require real business substance, not a letter-box entity. The process involves:
Step 1: Choose Your EU Jurisdiction
For most non-EU companies, the priority criteria are: English-language process, speed of authorization, and quality of the fintech banking ecosystem. Lithuania (Bank of Lithuania) scores highest on all three: English process, 3–4 month authorization, and a mature fintech banking ecosystem. Estonia and Poland are strong alternatives.
Step 2: Incorporate a Local Legal Entity
MiCA requires CASP authorization to be held by a "legal person established in the Union" — specifically, a local entity with a genuine registered office and demonstrable business operations in the member state. For Lithuania, this means a UAB (Uždaroji akcinė bendrovė) — a private limited company. Formation takes 1–2 weeks.
Step 3: Establish Genuine Business Substance
The NCA will scrutinize substance carefully. A genuine local presence means:
- A real office (not just a registered address) — a serviced office in Vilnius, Warsaw, or Tallinn is acceptable
- At least one locally-based director or senior authorized representative
- An MLRO (Money Laundering Reporting Officer) — may be outsourced to a licensed compliance firm in the jurisdiction
- Local bank account
- Operational systems accessible from the EU jurisdiction
Step 4: Prepare Documentation and Apply
A full CASP application package (AML program, DORA ICT framework, business plan, director dossiers, capital evidence) takes 4–8 weeks to prepare. Applications are submitted to the chosen NCA. Total timeline from project start to authorization: 3–5 months in Lithuania, 4–7 months in Estonia or Poland. See our full CASP application guide for detailed documentation requirements.
Best EU Jurisdictions for Non-EU Companies
Non-EU companies have specific requirements that influence jurisdiction selection. The key factors from a non-EU perspective are: English-language NCA process, acceptance of non-EU parent ownership structures, quality of fintech banking, and regulatory openness to international groups.
| Jurisdiction | Language | Non-EU Ownership | Timeline | Best For |
|---|---|---|---|---|
| Lithuania | English | Accepted with full disclosure | 3–4 months | Most non-EU companies — all business types |
| Estonia | English | Accepted, stricter scrutiny | 4–6 months | Companies with Estonian operational presence |
| Poland | Polish | Accepted | 4–6 months | Companies with Polish-speaking teams |
| Malta | English | Accepted | 5–8 months | Companies with existing Malta presence |
| Ireland | English | Accepted (US companies preferred) | 6–10 months | US companies — common law, 12.5% tax |
Special Considerations for UK, Swiss, and US Companies
UK Companies Post-Brexit
Following Brexit, UK companies lost EU passporting rights. A UK FCA crypto registration or authorization does not permit provision of services to EU clients under MiCA. UK-based crypto businesses that wish to serve EU clients must establish a separate EU subsidiary with genuine substance and obtain CASP authorization. Many UK crypto businesses have chosen Lithuania or Ireland for their EU entity. Ireland offers the additional advantages of common law legal framework and English language, which reduces documentation adaptation costs from UK operations.
Swiss Companies
Switzerland has a comprehensive domestic crypto regulatory framework under FINMA. However, like the UK, Switzerland is not an EU member state, and FINMA authorization does not provide EU passporting. Swiss companies targeting EU clients must establish an EU subsidiary. Given the close economic ties between Switzerland and Germany and Austria, many Swiss companies choose Germany (BaFin) for prestige, or Lithuania for speed and cost efficiency.
US Companies
The US crypto regulatory landscape (SEC, CFTC, FinCEN, state money transmitter licenses) is entirely separate from MiCA. There is no equivalence or mutual recognition between US crypto licenses and MiCA CASP authorization. US companies wishing to serve EU clients must establish an EU subsidiary. Ireland is frequently chosen by US companies for its 12.5% corporate tax rate, English-language regulatory process, and established ecosystem of US technology company subsidiaries. Lithuania is typically faster and cheaper. Our EU company formation service assists US companies with full subsidiary setup and CASP application management.
