How many countries does EU passporting cover?

EU passporting under MiCA covers all 27 EU member states: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden. The EEA (European Economic Area) states Norway, Iceland, and Liechtenstein are expected to implement MiCA through EEA Agreement incorporation — consult local counsel for their exact adoption timeline.

Which jurisdiction is best for EU passporting under MiCA?

The most popular EU passporting bases under MiCA are Lithuania, Estonia, and Malta — due to lower government fees (€1,000–€15,000), faster processing timelines (3–5 months), English-language procedures, and established fintech-friendly regulators. Germany (BaFin) is preferred for companies targeting the DACH market or requiring high credibility. The 'best' jurisdiction depends on your target markets, service types, capital requirements, and operational footprint. Crypto License Europe provides tailored jurisdiction analysis as part of the initial consultation.

How long does the EU passporting notification take?

Under MiCA Article 60(5), the home NCA must transmit the passporting notification to the host NCA within 10 working days of receipt. The CASP may then start providing services in the host member state from the date of transmission — effectively immediately after the 10-working-day period. There is no separate approval required from host NCAs for the passporting itself. However, CASPs must comply with the host member state's local conduct rules (consumer protection, language requirements, etc.).

Can a CASP passport all services or only specific ones?

The passporting notification must specify which crypto-asset services (as listed in MiCA Annex I) will be provided in each host member state. A CASP can passport individual services, selected combinations, or all authorized services. Common choices: exchange services (fiat↔crypto, crypto↔crypto), custody, portfolio management, order transmission, or the full license scope. Each host-state notification specifies the services intended — you cannot passport services you are not authorized for in the home state.

Does EU passporting mean no compliance obligations in host states?

No. EU passporting removes the licensing requirement in host states, but CASPs must still comply with local conduct-of-business rules, AML/CFT obligations (under the EU's AMLD framework), consumer protection requirements, and any specific host-state marketing regulations. Host NCAs retain supervisory powers over conduct in their territory. A CASP must notify the host NCA before establishing a physical branch, which involves a more detailed notification with a business plan, organizational structure, and local AML officer details.

Does a UK crypto firm need a separate EU license for passporting?

Yes. Since Brexit, UK-based entities cannot use EU passporting. UK crypto firms wishing to serve EU clients must establish a subsidiary or branch in an EU member state, obtain MiCA CASP authorization in that state, and then passport within the EU. The UK has its own crypto regulation under the FCA regime (Financial Services and Markets Act 2023). Crypto License Europe can advise on optimal structures for UK groups seeking EU market access.

What happens to passporting rights if the home NCA withdraws the CASP license?

If the home NCA withdraws or suspends a CASP's authorization, all passporting rights derived from that authorization automatically cease. The home NCA must inform all host NCAs where the CASP was providing services. The CASP must immediately stop providing services in host states. Clients in host states remain protected under MiCA's client asset safeguarding rules during wind-down. This is why regulatory relationship with the home NCA is critical — choosing an established, fintech-friendly regulator such as the Bank of Lithuania or EFSA (Estonia) reduces operational risk.

✓ MiCA Regulation (EU) 2023/1114 — In force since December 2024

✓ VASP→CASP Transition Deadline: 1 July 2026

✓ Offices in Düsseldorf · Vilnius · Tallinn

✓ Free Initial Consultation

MiCA Single Market Access

EU Passporting for CASP License: One Authorization, 27 Markets

European Parliament building in Strasbourg — symbol of the EU single market and MiCA passporting framework

Under MiCA Regulation (EU) 2023/1114, a single CASP authorization from any EU member state grants the right to provide crypto-asset services across all 27 EU countries. No separate national licenses. No repeated due diligence. EU passporting is the defining commercial advantage of building your crypto business inside the EU regulatory perimeter — and the notification procedure can be completed in as little as 10 working days.

Plan Your Passporting Strategy ← MiCA CASP Overview

EU Passporting — At a Glance

Legal Basis: MiCA Art. 60–76
Markets Covered: All 27 EU Member States
Notification Period: 10 working days (home NCA → host NCA)
Host NCA Approval: Not required — notification only
Branch Passporting: Additional notification required
Conduct Rules: Host state rules still apply
Best Base Jurisdictions: Lithuania · Estonia · Malta · Germany

What Is EU Passporting Under MiCA?

EU passporting is a cornerstone of the European single market for financial services — and MiCA extends this principle to crypto-asset service providers for the first time. Before MiCA, a crypto firm wanting to operate in France, Germany, and Poland needed to navigate three separate regulatory regimes, three applications, and three ongoing supervisory relationships. MiCA eliminates that fragmentation.

Under MiCA Articles 60–76, once a company obtains CASP authorization in its home member state, it acquires the right to provide any or all of its authorized crypto-asset services in any other EU member state — known as the host member state — purely through a notification procedure. There is no separate application, no additional fees to the host regulator, and no approval required from the host NCA.

The mechanism mirrors the EU passporting framework already used for investment firms (MiFID II), banks (CRD), and payment institutions (PSD2). MiCA brings crypto into the same single-market architecture, meaning the EU now has full regulatory harmonization for crypto-asset services across its entire territory.

MiCA Article 60(5) — The Key Provision

"The competent authority of the home member state shall, within 10 working days of receipt of the complete notification referred to in paragraph 1, communicate that notification to the competent authority of the host member state. The crypto-asset service provider may start providing the crypto-asset service in the host member state as from the date of that communication."

The practical implication: after your home NCA forwards the notification, you can begin serving clients in the host country immediately — before the host NCA has even reviewed the notification in detail.

The Passporting Notification Procedure (Step by Step)

Passporting under MiCA is a two-phase notification process. The CASP submits a notification to the home NCA; the home NCA forwards it to the host NCAs. The CASP may then operate. Here is the full procedure:

Prepare Notification

1–2 weeks

Draft notification letter specifying host member states and crypto-asset services to be passported.

Submit to Home NCA

Day 0

File the notification with your home NCA (e.g., Bank of Lithuania, EFSA, MFSA, BaFin).

Home NCA Forwards

Within 10 days

Home NCA transmits the notification to each host NCA within 10 working days. CASP is notified of transmission date.

Start Operations

Day of transmission

CASP may begin providing the notified services in the host member state from the date of transmission.

Comply Locally

Ongoing

Apply host state conduct-of-business rules, AML obligations, and any local consumer protection requirements.

What the Notification Must Include

MiCA Article 60(1) specifies the content of the passporting notification. Under ESMA's technical standards, the notification typically includes:

The host member state(s) where services will be provided
The specific crypto-asset services (from MiCA Annex I) to be provided in each host state
Whether services will be provided on a cross-border basis (remotely) or through a branch
A start date (which cannot be before the date of transmission by the home NCA)
For branch passporting: a business plan, branch address, senior management identities, local AML officer details, and organizational structure

For pure cross-border service provision (no physical branch), the notification is simpler and faster. Most CASPs begin with cross-border passporting to test markets before establishing physical branches.

Which Countries Are Covered by EU Passporting?

EU passporting under MiCA covers all 27 EU member states. The table below shows key details for each jurisdiction, including its NCA and any significant local considerations for passported CASPs:

Country	NCA	Key Local Notes	Market Size
🇩🇪 Germany	BaFin	Strong AML enforcement; local language preferred for marketing	★★★★★
🇫🇷 France	AMF	French language requirements for retail clients	★★★★★
🇳🇱 Netherlands	AFM / DNB	High retail crypto adoption; strict AML requirements	★★★★☆
🇪🇸 Spain	CNMV / BE	Marketing pre-notification required for retail advertising	★★★★☆
🇮🇹 Italy	Consob / BI	Growing retail market; Italian language for consumer-facing	★★★★☆
🇵🇱 Poland	KNF	Large, fast-growing crypto market; PLN currency	★★★★☆
🇸🇪 Sweden	Finansinspektionen	Advanced digital payments market; SEK currency	★★★☆☆
🇦🇹 Austria	FMA	German-speaking; closely aligned with German standards	★★★☆☆
🇧🇪 Belgium	FSMA	French/Dutch bilingual market; Brussels fintech hub	★★★☆☆
🇮🇪 Ireland	CBI	English language; major EU fintech hub for US firms	★★★☆☆
🇨🇿 Czech Republic	CNB	CZK currency; large crypto community	★★★☆☆
🇲🇹 Malta	MFSA	English; pioneer in crypto regulation (also a base jurisdiction)	★★☆☆☆
🇱🇹 Lithuania	Bank of Lithuania	Popular base for CASPs; strong fintech infrastructure	★★☆☆☆
🇪🇪 Estonia	EFSA	Digital-first economy; former VASP hub	★★☆☆☆
+ 13 additional EU member states covered by passporting rights

EEA States (Norway, Iceland, Liechtenstein)

The EEA (European Economic Area) agreement generally incorporates EU financial services legislation. MiCA is being reviewed for EEA incorporation — once adopted, Norwegian, Icelandic, and Liechtenstein CASPs will benefit from the same passporting rights. Check with local counsel for the current adoption timeline in each EEA state.

Jurisdiction Strategy: Where to Base Your CASP

Choosing the right home jurisdiction for your CASP authorization determines your passporting base, your regulatory costs, your operational overhead, and how quickly you can enter new EU markets. There is no single "best" jurisdiction — the optimal choice depends on your business model, target markets, and capitalization.

🇱🇹

Lithuania — Best for Cost Efficiency

Gov fee €1,000–€2,000. Timeline 3–5 months. Bank of Lithuania is fintech-friendly and fast. UAB formation in 1–2 weeks. Ideal for startups and mid-size exchanges passporting to all EU.

🇪🇪

Estonia — Best for Digital-First Firms

Gov fee €3,300–€10,000. EFSA (formerly FIU) known for thorough AML supervision. E-Residency ecosystem advantage. Strong for custody and DeFi-adjacent services.

🇲🇹

Malta — Best for English + Tax Planning

Gov fee €5,000–€15,000. English official language. 5% effective corporate tax via dividend refund. First EU state to regulate crypto (VFA Act 2018). Strong for funds and institutional clients.

🇩🇪

Germany — Best for DACH Market Access

Gov fee €10,000–€25,000. BaFin license highest credibility in EU. Preferred if primary target is Germany, Austria, Switzerland. GmbH or AG structure. Strong investor confidence signal.

🇮🇪

Ireland — Best for US/UK Groups

English language. Common law system. Gateway for US and UK groups seeking EU market access post-Brexit. Strong for institutional-grade CASPs and those with existing EU financial licenses.

🇨🇿

Czech Republic — Best for CEE Access

Gov fee €1,500–€3,500. CNB accepts English applications. Prague is a growing fintech center. Well-positioned for clients targeting Central and Eastern European markets.

Cross-Border Services vs. Branch Passporting

MiCA distinguishes between two forms of passporting. Understanding the difference is critical for operational planning:

Cross-Border Service Provision (Remote)

A CASP provides services to clients in the host member state without a physical presence there. This is the default starting point. The notification is straightforward — just a letter specifying services and target countries. The CASP operates entirely from its home state infrastructure. Most CASPs providing exchange, custody, or portfolio management services use this model.

Notification content: Host states, services, start date. Forwarded by home NCA within 10 working days. CASP starts operating on that date.

Branch Passporting (Physical Presence)

A CASP establishes a physical branch in a host member state — with local staff, a registered address, and client-facing operations. The branch notification is more detailed, similar to a mini-authorization application. The home NCA reviews it, may request clarifications, and then forwards to the host NCA within 2 months. The branch cannot start until the home NCA completes the review.

Additional requirements: Branch business plan, address, senior manager details, AML officer designation, organizational structure chart, and description of services to be provided at the branch.

Practical Tip: Start Cross-Border, Then Branch

Most CASPs begin with cross-border passporting to validate demand in a new market before committing to a local branch. Once you have established client relationships and revenue in a host state, the branch setup costs (office, local staff, compliance officer) are justified by scale. Crypto License Europe advises on branch setup in all major EU markets.

Host State Obligations: What Passporting Does NOT Eliminate

EU passporting removes the requirement for a separate license in each host state — but it does not create a "regulation-free" zone. Passported CASPs must comply with host-state rules in several important areas:

AML/KYC Obligations

Anti-money laundering and counter-terrorist financing obligations derive from the EU's AMLD (Anti-Money Laundering Directive) framework, which is harmonized but implemented at national level. CASPs must apply the AML requirements of each member state where they provide services. In practice, for cross-border provision, this usually means applying your home state's AML regime — but you should verify host-state specifics, especially for higher-risk jurisdictions.

Consumer Protection and Marketing Rules

MiCA establishes baseline consumer protection standards. But host member states may have additional rules: language requirements for retail contracts (Germany, France, Spain), mandatory risk warnings, advertising restrictions, and complaint-handling obligations. France's AMF, for example, requires pre-notification before broadcasting crypto advertising to French retail clients.

Host NCA Supervisory Powers

Host NCAs retain supervisory jurisdiction over conduct matters in their territory. If a passported CASP breaches conduct rules in Germany, BaFin can act — including requiring the firm to stop providing services in Germany. This is separate from the home NCA's authorization supervision.

Tax and Employment Law

Passporting has no effect on tax obligations. Each host state may have crypto-specific tax rules (capital gains, VAT, transaction taxes). Establishing a branch creates a permanent establishment for tax purposes. Cross-border service provision generally does not create local tax presence — but this requires case-by-case legal analysis.

ESMA's Role in MiCA Passporting

The European Securities and Markets Authority (ESMA) plays a central coordination role in the MiCA passporting system. ESMA maintains the public register of all authorized CASPs and their passporting notifications — the so-called ESMA CASP Register.

Under MiCA Article 109, ESMA publishes and maintains on its website a register of all authorized CASPs, including the member states where each CASP is authorized to provide services (both home state and all host states via passporting). This creates a centralized public record that host NCAs, clients, and counterparties can query.

ESMA also issues technical standards (RTS and ITS) governing the format and content of passporting notifications, the supervisory cooperation arrangements between home and host NCAs, and the procedures for passporting withdrawal or suspension. The ESMA CASP Register is the definitive reference for verifying a firm's passporting status.

Significant Institution Status

CASPs with more than 15 million active users in the EU per year are designated as "significant" CASPs and subject to additional supervisory requirements under MiCA Article 85. Significant CASPs remain supervised by their home NCA but must cooperate more closely with ESMA on cross-border issues. This threshold applies regardless of passporting structure.

Frequently Asked Questions

What is EU passporting for a crypto license?

EU passporting under MiCA allows a CASP authorized in one EU member state to provide crypto-asset services in any other EU member state without a separate local license. The home NCA forwards the notification to host NCAs within 10 working days. The CASP may begin operating in the host state on that date. Legal basis: MiCA Articles 60–76.

Which jurisdiction is best for EU passporting?

Lithuania and Estonia offer the lowest government fees (€1,000–€10,000) and fastest timelines (3–5 months). Malta offers English-language procedures and tax efficiency. Germany (BaFin) provides maximum credibility for institutional clients. Ireland suits US/UK groups. The best choice depends on your target markets, capital, and service types — Crypto License Europe provides tailored analysis.

How long does the passporting notification take?

The home NCA must forward the notification to host NCAs within 10 working days of receipt. The CASP can start operating in the host state on that transmission date — effectively immediately after the 10-working-day period. Branch passporting takes longer (up to 2 months for the home NCA review).

Does a UK crypto firm need an EU license for passporting?

Yes. Post-Brexit, UK entities cannot use EU passporting. A UK group must establish an EU subsidiary, obtain CASP authorization in an EU member state, and then passport within the EU from that base. Ireland and Lithuania are common choices for UK-linked groups seeking EU access.

Does EU passporting eliminate AML obligations in host states?

No. Passporting removes the licensing requirement, not AML/KYC obligations. CASPs must apply AML requirements in all states where they operate. Host NCAs retain supervisory powers over conduct in their territory. France's AMF also requires pre-notification before crypto advertising to French retail clients.

Author & Expert

Elena Fischer

EU Financial Regulation Specialist · Düsseldorf

Elena Fischer specializes in EU financial services regulation, MiCA implementation, and cross-border passporting structures. She advises CASPs on jurisdiction selection, regulatory strategy, and multi-market expansion across the EU single market. Based in Crypto License Europe's Düsseldorf office, Elena works with clients from Germany, Austria, Switzerland, and the wider EU.

EU Member States

Working Days to Passport

450M+

EU Consumers Reachable

€0

Host NCA Licensing Fee

European Union flags representing the 27 member states covered by MiCA CASP passporting

Single Market Strategy

Why EU Passporting Changes the Economics of Crypto Compliance

Before MiCA, a crypto firm aiming to serve clients in Germany, France, and Poland faced three separate regulatory regimes, three licensing applications, three sets of ongoing supervisory obligations, and three different AML frameworks. The total cost and time to achieve EU-wide coverage was prohibitive for most firms.

MiCA changes this calculation fundamentally. One CASP authorization — obtained in a single EU jurisdiction — unlocks access to the entire EU single market of 450 million+ consumers. The incremental cost of entering each additional EU market via passporting is minimal: legal review of host-state conduct rules, localization of client documentation, and a notification letter.

The strategic question is no longer "can we afford to operate in multiple EU markets?" — it is "which EU jurisdiction gives us the best authorization platform?" Factors to evaluate include: government fee, authorization timeline, regulator communication style, ongoing supervisory fees, local talent pool, and tax environment.

Crypto License Europe specializes in this jurisdiction selection analysis. We have helped over 40 crypto firms structure their EU passporting strategy, from initial jurisdiction selection through authorization and cross-border expansion. Our offices in Düsseldorf, Vilnius, and Tallinn give us direct working relationships with BaFin, the Bank of Lithuania, and EFSA.

Ready to Build Your EU Passporting Strategy?

Our team will analyze your business model, recommend the optimal home jurisdiction, and manage the full authorization and passporting process — from company formation to live operations across 27 EU markets.

Start Free Consultation