MiCA Regulation (EU) 2023/1114 — In force since December 2024
VASP→CASP Transition Deadline: 1 July 2026
Offices in Düsseldorf · Vilnius · Tallinn
Free Initial Consultation
Crypto License Europe MiCA CASP Authorization
Get Free Consultation
MiCA Regulation — EU 2023/1114

MiCA CASP License: Complete Guide to EU Crypto Authorization 2026

European Parliament — home of the MiCA crypto regulation

The Markets in Crypto-Assets Regulation (MiCA) — Regulation (EU) 2023/1114 — transformed European crypto licensing when it became fully applicable in December 2024. Any company providing crypto-asset services on a professional basis in the EU now requires a CASP (Crypto-Asset Service Provider) license. This guide covers every requirement, capital threshold, cost, and timeline you need to plan your MiCA authorization — and how EU passporting gives your single CASP license access to all 27 member states.

Get a Free MiCA Consultation View Requirements ↓
Regulation Overview

What Is MiCA?

MiCA — the Markets in Crypto-Assets Regulation (EU) 2023/1114 — is the European Union's comprehensive framework governing the issuance, offering, and provision of services related to crypto-assets. Adopted by the European Parliament on 20 April 2023 and published in the Official Journal on 9 June 2023, MiCA entered into force on 29 June 2023, with stablecoin provisions (Titles III and IV) applying from June 2024 and the full regulation — including the CASP licensing regime — becoming applicable on 30 December 2024.

Before MiCA, crypto regulation across EU member states was fragmented: each country had its own VASP (Virtual Asset Service Provider) registration or licensing regime, with widely differing requirements and no mechanism for cross-border service provision without separate national authorizations. MiCA replaced this patchwork with a single, harmonized framework. For a deeper look at how the regulation works, see our guide: MiCA Regulation explained.

MiCA covers three categories of crypto-assets: asset-referenced tokens (ARTs), e-money tokens (EMTs), and a broad residual category of crypto-assets (which includes utility tokens and other digital assets not covered by existing financial law). It also establishes the CASP authorization framework — a harmonized licensing regime for businesses that provide services related to any of these crypto-asset categories.

MiCA does not apply to NFTs (unless they are fungible in practice), DeFi protocols (as they have no identifiable legal entity), and crypto-assets that already qualify as financial instruments under MiFID II (such as tokenized securities). For those categories, existing EU financial regulation applies.

The regulation is supervised by national competent authorities (NCAs) — such as Poland's KNF, Lithuania's Bank of Lithuania, and Germany's BaFin — with ESMA (European Securities and Markets Authority) providing coordination, technical standards, and oversight guidance. Read the MiCA Regulation explained for the full regulatory context.

Scope of Authorization

Who Needs a CASP License Under MiCA?

Any legal entity that provides one or more of the 10 CASP services defined in MiCA Article 63 on a professional and commercial basis in the EU must be authorized as a CASP. This applies regardless of where the company is incorporated — a non-EU company providing crypto-asset services to EU clients must establish a legal entity within the EU and obtain authorization.

Key business types that require a CASP license include:

  • Crypto exchanges and trading platforms — centralized exchanges (CEXs) operating order books or matching engines require CASP authorization for operation of a trading platform. See our guide to a crypto exchange license under MiCA.
  • Custodians and wallet providers — entities holding client crypto-assets or private keys need CASP authorization for custody and administration services.
  • Crypto brokers and OTC desks — businesses exchanging crypto for fiat or crypto-to-crypto on behalf of clients require CASP status.
  • Crypto portfolio managers — discretionary management of client crypto portfolios falls under the MiCA CASP framework.
  • Transfer service providers — platforms facilitating crypto transfers (comparable to payment services) need CASP authorization.
  • Crypto advisors and investment platforms — entities providing investment advice on crypto-assets require CASP authorization for the advisory service.
  • Stablecoin issuers and EMT providers — though governed by Titles III and IV of MiCA, entities offering or placing ARTs and EMTs intersect with CASP requirements. See our guide to the stablecoin EMT license.

Exemptions: MiCA provides limited exemptions for entities already regulated under EU financial law (credit institutions, investment firms, e-money institutions) for certain services they already perform. Entities providing CASP services incidentally (below de minimis thresholds) and pure peer-to-peer transactions without a commercial intermediary are also outside scope. Always verify your specific model with a qualified MiCA advisor before assuming an exemption applies.

Article 63 — MiCA Service Categories

Types of Crypto-Asset Services Under MiCA

MiCA Article 63 defines exactly 10 types of crypto-asset services. A CASP license must specify which services the entity is authorized to provide — and capital requirements, ongoing obligations, and conduct rules differ by service type.

1
Custody & Administration Safekeeping and managing crypto-assets or private keys on behalf of clients
2
Operation of a Trading Platform Running a multilateral system that brings together buyers and sellers of crypto-assets
3
Exchange for Funds (Fiat) Exchanging crypto-assets for fiat currency using proprietary capital
4
Exchange Crypto-to-Crypto Exchanging one crypto-asset for another using proprietary capital
5
Execution of Orders Executing purchase or sale orders for crypto-assets on behalf of clients
6
Placing of Crypto-Assets Marketing and placing crypto-assets to the public on behalf of issuers
7
Reception & Transmission of Orders Receiving and transmitting client orders relating to crypto-assets
8
Portfolio Management Discretionary management of portfolios of crypto-assets on behalf of clients
9
Transfer Services Providing transfer services for crypto-assets on behalf of natural or legal persons
10
Advice on Crypto-Assets Providing personalised recommendations to clients relating to crypto-assets

A single CASP authorization can cover multiple service types simultaneously. Most full-service exchanges apply for services 1–5 and 7 as a baseline, while specialized advisory or brokerage firms may apply for a narrower subset. Each additional service category adds compliance obligations but does not require a separate license.

Authorization Criteria — Article 67

CASP License Requirements Under MiCA

To obtain a MiCA CASP license, an applicant must satisfy a comprehensive set of authorization requirements set out in MiCA Articles 62–76. The national competent authority assesses each application against these criteria before granting authorization.

Capital Requirements (Article 67)

Capital Tier Covered Service Types Minimum Own Funds
Tier 1 — Basic Advice, reception & transmission, execution of orders, placing €50,000
Tier 2 — Mid Exchange services (fiat & crypto-to-crypto), portfolio management, transfer services €125,000
Tier 3 — Full Custody & administration, operation of a trading platform €150,000

Note: Own funds must also not fall below one-quarter of fixed overheads from the preceding year, if that figure exceeds the minimum threshold. For growing businesses, this dynamic requirement often sets a higher effective capital floor.

AML/KYC Compliance

All CASPs are subject to EU anti-money laundering obligations. Applicants must demonstrate a robust AML/KYC compliance program aligned with AMLD6 and the EU Transfer of Funds Regulation (crypto travel rule). This includes Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures, transaction monitoring systems, appointment of an AML compliance officer, and established suspicious activity reporting channels to the national Financial Intelligence Unit.

Fit & Proper Requirements

All directors, senior managers, and qualifying shareholders must pass a fit and proper assessment. NCAs evaluate: absence of criminal convictions (financial crimes, fraud, money laundering), professional qualifications and relevant experience, and financial integrity. Most NCAs require a minimum of two directors with EU residency and demonstrable experience in financial services or regulated industries.

IT Security & DORA

The Digital Operational Resilience Act (DORA), applicable from January 2025, applies to CASPs. Applicants must present a documented ICT risk management framework, digital resilience testing protocols, major incident reporting procedures, and a third-party ICT risk management policy. For custody and trading platform services, additional cybersecurity standards apply.

Crypto-Asset White Paper (Article 66)

CASPs that offer, place, or admit crypto-assets to trading must prepare a MiCA-compliant crypto-asset white paper. The white paper must include details of the issuer or offeror, a description of the crypto-asset project, rights and obligations attaching to the asset, underlying technology disclosures, and risk factor statements. It must be filed with the NCA and published on the company's website prior to any public offer or trading admission.

Other Organizational Requirements

  • Legal establishment: Registered legal entity in an EU member state (SA, GmbH, UAB, OÜ, or equivalent)
  • Local presence: Genuine operational substance — not a letterbox entity
  • Complaint handling: Documented procedures for handling client complaints
  • Conflict of interest policy: Written policies identifying and managing conflicts of interest
  • Custody segregation: For custodians — strict segregation of client assets from firm assets
  • Insurance or guarantee: Some NCAs require professional indemnity insurance as an alternative to maintaining excess capital
€50k
Minimum Capital (Tier 1 Services)
40
Working Days NCA Review Period
27
EU Countries — Single Passport
Dec 2024
MiCA Fully in Force
3–6
Months Total Timeline
10
CASP Service Types (Art. 63)
Investment & Timing

MiCA License Cost and Timeline

The total cost of obtaining a MiCA CASP license varies significantly by jurisdiction and the scope of services applied for. Below is a realistic breakdown of the main cost components.

Government and NCA Fees

ESMA does not charge an EU-level authorization fee. Each national competent authority sets its own application fee. Fees vary considerably: Poland's KNF charges application fees in the range of PLN 10,000–25,000 (approximately €2,500–€6,000); Lithuania's Bank of Lithuania charges fees in a similar range; some larger NCAs such as BaFin apply higher examination fees. Annual supervisory levies typically range from €3,000 to €15,000 per year depending on the jurisdiction and the scale of operations.

Professional Fees

Legal and compliance consulting fees — covering document preparation, regulatory strategy, AML program design, white paper drafting, and NCA liaison — typically range from €25,000 to €80,000 for a complete CASP authorization mandate. Costs are driven by the complexity of the business model, the number of service types applied for, and whether the company requires significant organizational build-out (board recruitment, substance establishment, DORA compliance).

Minimum Capital Requirement

The minimum own funds of €50,000–€150,000 (depending on tier) must be held permanently. This is not a fee — it remains the company's capital — but it must be available at authorization and maintained on an ongoing basis.

Operational Setup Costs

  • Company formation: €1,500–€5,000 (varies by jurisdiction)
  • Registered office and substance: €3,000–€12,000/year
  • AML compliance officer (local or outsourced): €12,000–€36,000/year
  • DORA-compliant IT documentation and systems: €5,000–€20,000
  • Professional indemnity insurance (where required): €5,000–€15,000/year

Timeline

MiCA sets a mandatory review clock: the NCA has 25 working days to assess completeness of the application, then up to 40 working days to make an authorization decision (extendable once by 20 working days for complex cases). In practice, the total timeline from initial engagement to authorization decision runs 3 to 6 months, depending on jurisdiction, application quality, and NCA workload.

Single-License Access

EU Passporting — One License for 27 Countries

One of MiCA's most significant commercial benefits is EU passporting: a CASP authorized in any one EU member state can provide the same authorized services across all other 26 EU member states without obtaining a separate license in each country. This eliminates the multi-jurisdiction licensing burden that characterized the pre-MiCA era. Read our detailed guide to EU Passporting: one license for 27 countries.

🏭
Home NCA Authorization
Obtain CASP license in chosen EU country
📄
Passport Notification
File notification with your home NCA
🕒
10 Working Days
Home NCA forwards to host country NCA
🇺🇪
Service in 27 Countries
Operate across the full EU single market

The notification procedure is straightforward: the CASP submits a passporting notification to its home NCA, specifying which services it intends to provide in which member states. The home NCA transmits the notification to the host country NCA within 10 working days. The CASP can then commence services in the host country without awaiting any additional decision — the host NCA may only intervene on consumer protection or AML grounds.

This mechanism makes the choice of initial authorization jurisdiction strategically important. CASPs often choose their home jurisdiction based on cost, speed, and regulator pragmatism — then passport services into larger markets including Germany, France, and the Netherlands. For a full analysis, see our guide to EU Passporting: one license for 27 countries.

Step-by-Step Guide

How to Apply for a MiCA CASP License: 6-Step Process

1
Jurisdiction Selection & Strategy
Assess which EU member state best fits your business model, timeline, and budget. Key factors: NCA track record with MiCA applications, local talent availability, cost of substance, and tax regime.
Weeks 1–2
2
Company Incorporation & Substance
Register a legal entity in the chosen EU country. Appoint qualified directors (minimum 2 with EU residency in most jurisdictions), establish a registered office with genuine operational substance, and open a bank account for capital deposit.
Weeks 2–5
3
Compliance Program & Documentation
Draft and implement an AML/KYC program, DORA-compliant ICT risk management framework, complaint handling procedures, conflict of interest policy, and (where applicable) a MiCA crypto-asset white paper. Prepare all director/shareholder documentation for fit and proper assessment.
Weeks 3–8
4
Application Submission to NCA
Submit the complete CASP authorization application to the national competent authority. The NCA has 25 working days to declare the application complete. Respond promptly to any requests for additional information during completeness review.
Week 8–10
5
NCA Review & Assessment
The NCA conducts its substantive review — up to 40 working days (extendable by 20 days for complex applications). Maintain active communication with the NCA, respond to any clarification requests within the prescribed timeframes. Capital must be deposited and evidenced during this phase.
Weeks 10–20
6
Authorization & Passporting
Upon authorization, the NCA registers the CASP on ESMA's public register. File passport notifications for all EU member states where you intend to provide services. Implement ongoing compliance obligations: periodic reporting, AML record-keeping, DORA testing, and capital maintenance.
Week 20–26
Article 143 — Transitional Regime

VASP to CASP Transition: What Existing Operators Must Do

If your business was registered or licensed as a VASP under national law before 30 December 2024, MiCA Article 143 grants you a transitional period — but the clock is running. For a complete comparison of the two regimes, read our guide on VASP vs CASP differences and the VASP to CASP transition guide.

Critical Deadline

Existing VASPs must submit a full MiCA CASP authorization application before 1 July 2026 (18-month transitional period) — or before 30 June 2025 in member states that opted for the 12-month shortened period. Missing the deadline means immediate cessation of crypto-asset services. See MiCA deadline 2026 for country-by-country status.

Key Transitional Provisions

  • Continued operation: VASPs with valid national authorization may continue providing services during the transitional period without a CASP license — provided they submit their CASP application before the deadline.
  • Simplified procedure: NCAs may apply a simplified assessment for entities already subject to national AML/VASP requirements, focusing on gaps relative to MiCA standards rather than conducting a full de novo review.
  • No grandfathering of services: Transitional rights cover only services the VASP was already authorized to provide under national law. Adding new service types requires full CASP authorization for those services.
  • Country variations: Several member states (including Estonia and Lithuania) applied the shorter 12-month transitional period. If your VASP is registered in one of these jurisdictions, the June 2025 deadline already passed — you must hold a CASP license or cease operations.

Crypto License Europe has guided 30+ VASPs through the MiCA transition process. Contact us for a gap analysis comparing your current national authorization against MiCA CASP requirements. Read the full VASP to CASP transition guide for detailed procedural information.

European Union flags — MiCA passporting across all 27 EU member states
Best Countries for MiCA Authorization

Best Countries for a MiCA CASP License

Because a single CASP license unlocks the entire EU single market through passporting, the initial authorization jurisdiction is a strategic — not merely administrative — decision. The right choice depends on your timeline, budget, business model, and target markets.

Below is a concise comparison of the five most popular jurisdictions in 2026:

Country Regulator Gov. Fee Timeline Note
Poland KNF ~€3,000 3–5 mo. Popular
Lithuania Bank of Lithuania ~€4,000 3–5 mo. Fast
Estonia Finantsinspektsioon ~€3,500 4–6 mo. Digital-first
Germany BaFin ~€10,000+ 6–12 mo. Tier-1 brand
Malta MFSA ~€5,000 4–7 mo. Crypto hub

Poland — fast CASP under MiCA — is the most in-demand jurisdiction in 2026, combining a pragmatic KNF approach, competitive costs, and fast timelines. Lithuania CASP license through the Bank of Lithuania's fintech-friendly environment is another consistent top choice, especially for companies targeting the Baltic and Nordic markets. Estonia's Finantsinspektsioon has built strong digital processes but implemented the shorter 12-month VASP transitional period. Germany (BaFin) and Malta (MFSA) suit businesses for whom a tier-1 jurisdiction label is commercially valuable, despite higher costs and longer timelines.

Ready to Start Your MiCA CASP License Application?

Our team has obtained 140+ licenses across 35+ European jurisdictions. We'll guide you from jurisdiction selection through to EU passporting — with full NCA liaison and compliance documentation included.

Get MiCA consultation Browse Countries →
Our Services

How Crypto License Europe Helps

140+
Successful Licenses
7
Years of MiCA Expertise
3
EU Offices (DE · LT · EE)
35+
European Jurisdictions

Crypto License Europe is a specialized consultancy focused exclusively on European crypto licensing. Since 2019, we have guided clients through 140+ successful authorization processes across 35+ European jurisdictions, with offices in Düsseldorf, Vilnius, and Tallinn — three of the most active MiCA authorization centers in the EU.

Our MiCA CASP license service includes:

  • Jurisdiction analysis and selection — matching your business model and budget to the optimal NCA
  • Company formation — legal entity registration with genuine substance in the chosen jurisdiction
  • Full application package preparation — compliance manuals, AML/KYC program, DORA documentation, fit and proper dossiers, and crypto-asset white paper where required
  • NCA liaison — direct communication with the competent authority throughout the review process
  • EU passporting notifications — filing passport notifications for all target member states upon authorization
  • Ongoing compliance support — annual supervisory reporting, AML program updates, and DORA testing

Our 96% approval rate across all mandates reflects both the quality of our applications and our deep regulatory relationships in every key MiCA jurisdiction. Whether you are starting a new crypto business in Europe or transitioning from a pre-MiCA VASP registration, we provide end-to-end support.

Start Your EU Crypto License Journey
Frequently Asked Questions

MiCA CASP License — FAQ

What is a MiCA CASP license?
A MiCA CASP (Crypto-Asset Service Provider) license is an EU-wide authorization under Regulation (EU) 2023/1114 that permits companies to provide crypto-asset services across all 27 EU member states. It replaced fragmented national VASP regimes when MiCA became fully applicable in December 2024. A CASP license specifies which of the 10 defined service types the holder is authorized to provide.
How much capital is required for a CASP license under MiCA?
MiCA Article 67 sets three capital tiers: €50,000 for advisory, order reception and transmission, execution, and placing services; €125,000 for exchange services (fiat and crypto-to-crypto), portfolio management, and transfer services; €150,000 for custody and administration and operation of a trading platform. Additionally, own funds must not fall below one-quarter of fixed overheads from the preceding year if that figure exceeds the minimum.
How long does it take to get a MiCA CASP license?
The national competent authority (NCA) has 25 working days to declare an application complete, then up to 40 working days for the authorization decision (extendable once by 20 working days for complex applications). Including company formation and document preparation, applicants should budget 3 to 6 months from initial engagement to authorization. Streamlined jurisdictions like Poland and Lithuania tend toward the shorter end of that range.
What is EU passporting under MiCA?
EU passporting means that a CASP authorized in one EU member state can provide the same authorized services in all other 26 EU countries through a simple notification procedure — without obtaining a separate license in each country. The notification is filed with the home NCA, which forwards it to the host country NCA within 10 working days. For full details, see our EU Passporting guide.
Who needs a CASP license under MiCA?
Any legal entity providing one or more of the 10 crypto-asset services defined in MiCA Article 63 on a professional basis within the EU requires a CASP license. This includes crypto exchanges, custodians, crypto brokers, portfolio managers, transfer service providers, and crypto advisors. Certain exemptions apply to entities already regulated under MiFID II and to de minimis activities.
What is the deadline for VASPs to transition to CASP status?
Under MiCA Article 143, existing VASPs authorized under national law before December 30, 2024 may continue operating under a transitional regime for up to 18 months — until July 1, 2026 — unless their member state opted for the shorter 12-month period (such as Estonia and Lithuania, where the deadline was June 30, 2025). VASPs must submit a full CASP authorization application before the applicable deadline. See our MiCA deadline 2026 guide for country-by-country details.
What AML/KYC requirements apply to CASPs under MiCA?
CASPs must comply with the EU Anti-Money Laundering framework (AMLD6 and implementing regulations), including full customer due diligence, enhanced due diligence for high-risk clients, transaction monitoring, suspicious activity reporting to the national FIU, and 5-year record retention. The EU Transfer of Funds Regulation (the crypto travel rule) also applies to CASP-to-CASP transfers. See our AML/KYC compliance guide for full requirements.
What is the difference between a VASP and a CASP?
A VASP (Virtual Asset Service Provider) is the pre-MiCA term used under FATF guidance and national AML regimes. A CASP (Crypto-Asset Service Provider) is the new EU legal category defined by MiCA. CASPs operate under a harmonized EU authorization framework with EU passporting rights, whereas VASPs operated under varying national rules without a single-license passporting mechanism. Read our detailed comparison: VASP vs CASP differences.
Which EU country is best for a MiCA CASP license?
The best jurisdiction depends on your business model, capital, and timeline priorities. Poland (KNF) offers competitive costs and a pragmatic regulator — it is the most in-demand jurisdiction in 2026. Lithuania (Bank of Lithuania) has an established fintech hub and English-language processes. Estonia (Finantsinspektsioon) is known for its digital infrastructure. Germany (BaFin) and Malta (MFSA) suit businesses targeting tier-1 market branding. Crypto License Europe recommends the optimal jurisdiction after reviewing your specific profile.
Does MiCA require a local office?
Yes. MiCA requires that CASPs be legally established in an EU member state. Most NCAs additionally require that at least two directors or senior managers be resident in — or maintain genuine operational presence in — the country of authorization. A registered address alone is generally insufficient; genuine substance (staff, decision-making, infrastructure) is expected and assessed during the authorization review.
What does a crypto white paper under MiCA involve?
Under MiCA Article 66, CASPs that offer, place, or admit crypto-assets to a trading platform must prepare and publish a compliant crypto-asset white paper. The white paper must include specified disclosures about the issuer, the project, rights and obligations of token holders, underlying technology, and risk factors. It must be filed with the relevant NCA and published on the company's website before any public offer or trading admission.
What does DORA require from CASPs?
The Digital Operational Resilience Act (DORA), applicable from January 2025, requires CASPs to implement ICT risk management frameworks, conduct regular digital resilience testing, maintain incident reporting procedures for major ICT-related incidents, and manage third-party ICT provider risk. DORA requirements are assessed as part of the MiCA CASP authorization process. Non-compliance can result in license refusal or post-authorization supervisory action.