[codicts-css-switcher id=”346″]

Global Law Experts Logo
mica casp authorisation eu

Talk with Our Expert

Jonathon Richards

Global Law Experts

Lead Enquiries Qualification
Delete Article

Mica CASP Authorisation for the EU How to Secure a CASP Licence and Passport Across All Member States

By Jonathon Richards
– posted 3 hours ago

This page is the definitive guide for founders, compliance officers, in-house counsel and crypto-exchange or custody teams seeking structured, lawyer-led support for MiCA CASP authorisation EU-wide. Whether you are launching a new crypto-asset service or migrating an existing operation into the regulated perimeter, the information below covers every stage from eligibility and capital planning through to passporting and ongoing compliance.

Urgency: The MiCA Transitional Window Has Closed

The transitional arrangements that allowed certain crypto-asset service providers to continue operating under national regimes have now ended. On 23 June 2026, ESMA issued a public statement confirming the expiry of the MiCA transitional period. Firms still relying on interim or grandfathered registrations now face enforcement risk, restricted passporting options and, in many cases, the obligation to cease providing services to EU clients. The window for orderly preparation has narrowed immediate action is essential.

Quick Summary What MiCA CASP Authorisation Gives You

Single EU Passport Explained Rights and Limits

Regulation (EU) 2023/1114 commonly known as MiCA establishes a harmonised licensing framework for crypto-asset service providers across the entire European Union. Once a firm obtains authorisation from the national competent authority (NCA) in its home Member State, it receives a single EU passport that enables it to provide the authorised services in every other EU/EEA country without the need for a separate licence in each jurisdiction.

The European Commission summarises the policy intent as creating a level playing field: one application, one set of prudential standards, and cross-border access for both providers and their clients. In practice, passporting is subject to a notification procedure the home NCA informs the host NCA, and the CASP must comply with local AML and consumer-protection rules where it serves clients. The passport covers the crypto-asset services specified in the authorisation (for example, custody and administration, exchange services, order execution, transfer services, advice, and portfolio management) but does not extend to activities outside MiCA’s scope, such as the issuance of asset-referenced tokens (ARTs) or e-money tokens (EMTs), which require separate authorisation tracks.

Who Needs a CASP Licence vs Other MiCA Roles

  • CASPs (Title V of MiCA): Any firm providing one or more of the ten defined crypto-asset services including custody, exchange, transfer, placement, advice and portfolio management must hold CASP authorisation.
  • ART and EMT issuers (Titles III and IV): Entities issuing asset-referenced tokens or e-money tokens follow separate authorisation or notification paths under MiCA, with additional prudential requirements supervised in coordination with the European Banking Authority.
  • Trading platforms: Operating a trading platform for crypto-assets is itself a listed CASP service and requires authorisation under Title V.
  • Purely technical infrastructure providers (e.g., node operators, miners, non-custodial wallet developers) are generally outside scope, although functional analysis is required to confirm this.

Key Requirements at a Glance

EU Presence and Legal Seat / Establishment Tests

MiCA requires that a CASP applicant has its registered office and effective management in an EU Member State. The home Member State is determined by the location of the registered office. Substance expectations are real: NCAs will assess whether decision-making, compliance oversight and key operational functions are genuinely located within the EU rather than being letter-box arrangements. At least one director (and typically the compliance officer and MLRO) must be resident in the home jurisdiction. The ESMA Supervisory Briefing on Authorisation of CASPs reinforces these substance expectations and signals that NCAs should scrutinise whether the entity is genuinely managed from within its home Member State.

Governance Expectations

Applicants must demonstrate robust governance, including fit-and-proper assessments for all members of the management body and qualifying shareholders. NCAs evaluate professional experience, criminal-record checks and potential conflicts of interest. Internally, the CASP must establish documented policies for risk management, internal audit, outsourcing oversight, business continuity and conflict-of-interest management. A clear organisational chart delineating reporting lines, control functions and segregation of duties is a mandatory component of the application dossier.

Capital Bands by Service Class

MiCA sets minimum own-funds requirements that vary by the type of crypto-asset service provided. Under the regulation’s framework, the baseline floors are designed to ensure that CASPs can absorb operational losses and wind down in an orderly manner. The own-funds requirement is the higher of a fixed minimum (which varies by service class, with the lowest floor set at €50,000 for certain advisory or order-reception services and higher thresholds up to €150,000 for custody or exchange-type activities) or a percentage of fixed overheads. Delegated and implementing measures further specify calculation methods. Applicants should model both the fixed floor and the overheads-based calculation to determine which binds. NCA-specific guidance may add supplementary buffers; always confirm with the relevant authority. These requirements are set out in Title V of Regulation (EU) 2023/1114.

Prudential and Operational Requirements

Beyond capital, CASPs must satisfy a range of prudential and operational standards:

  • IT and cyber resilience: Robust systems architecture, penetration testing, incident-response protocols and business-continuity planning.
  • Custody and asset segregation: Client crypto-assets and funds must be clearly segregated from the CASP’s own assets, with third-party custody arrangements meeting specific due-diligence standards.
  • AML/CFT interface: CASPs are classified as obliged entities under EU anti-money-laundering legislation. Customer due diligence, transaction monitoring, suspicious-activity reporting and Travel Rule compliance are mandatory from day one.
  • Complaints handling and disclosure: Pre-contractual disclosures, complaints procedures and fair-pricing transparency obligations apply to all client-facing services.

Step-by-Step Application Checklist and Timeline

A well-managed MiCA CASP authorisation application typically follows a structured path from initial planning through to passporting readiness. The downloadable “MiCA CASP Authorisation: Complete Application Checklist & Documentation Pack” provides an itemised annex list, sample organisational chart and jurisdiction-by-jurisdiction contact details. The summary process below outlines the core stages.

Step 1 Pre-Application Planning

Define the services to be authorised (custody, exchange, transfer, advice, portfolio management, etc.), the target client base and the preferred home Member State. Prepare a shortlist of jurisdictions based on regulatory speed, language capabilities, substance feasibility and corporate-law environment. Engage specialist legal counsel for a preliminary eligibility review and gap analysis against MiCA requirements before committing resources.

Step 2 Governance and Internal Policies

Appoint or identify proposed board members, compliance officers and the MLRO. Commission fit-and-proper assessments. Draft and adopt all required internal policies: AML/KYC, risk management, custody segregation, outsourcing oversight, conflict-of-interest management, data protection and complaints handling. Each policy must be board-approved, version-controlled and aligned with NCA supervisory expectations set out in the ESMA supervisory briefing.

Step 3 Capital and Financial Plan

Prepare three-year financial projections covering revenue assumptions, operating costs and capital adequacy. Determine the applicable minimum own-funds requirement (the higher of the fixed floor for the relevant service class or the overheads-based calculation). Document sources of initial capital, shareholder funding commitments and any planned subordinated instruments. NCAs will scrutinise the credibility and sustainability of the capital plan.

Step 4 Technical and Operational Readiness

Build or validate IT infrastructure, custody technology, key-management processes and incident-response capabilities. Conduct an independent penetration test and remediate findings. Prepare business-continuity and disaster-recovery plans. Ensure that the technology stack supports MiCA-compliant transaction monitoring, record-keeping and regulatory reporting. Document all outsourcing arrangements and perform due diligence on critical third-party providers.

Step 5 Documentation Pack and Application Forms

Compile the complete application dossier as specified by the home NCA. This typically includes the detailed business plan, programme of operations, compliance manuals, organisational chart with CVs of key personnel, shareholder structure diagrams, evidence of capital, internal-control documentation and AML risk assessments. The Bank of Lithuania’s CASP authorisation page provides a representative example of the documentary requirements that NCAs publish.

Step 6 Supervisor Interactions and Meetings

Most NCAs offer (and some require) a pre-application meeting. This is an opportunity to present the business model, clarify regulatory expectations and identify potential obstacles before formal submission. Following submission, expect an iterative process: the NCA may issue requests for information, require amendments to policies or seek additional evidence of substance. Proactive, well-prepared responses to clarification requests significantly reduce overall timelines.

Step 7 Typical Review Times and Outcomes

MiCA allows NCAs up to 25 business days to acknowledge completeness and then up to 40 business days to issue or refuse authorisation from the date the application is deemed complete (with possible extensions). In practice, total elapsed time from first submission to authorisation decision varies considerably between NCAs industry observers note that well-prepared applications in faster jurisdictions may achieve authorisation within three to five months, while complex applications or those requiring substantial remediation can take longer. Common reasons for delay include incomplete documentation, inadequate substance evidence, governance deficiencies and unresolved AML policy gaps.

Documents to Attach to Application

  • Business plan and programme of operations
  • Organisational chart and CVs of key function holders
  • Compliance and AML/KYC manuals
  • Custody and asset-segregation policy
  • IT security and incident-response documentation
  • Capital adequacy evidence and financial projections
  • Shareholder structure and beneficial-ownership details

For an itemised breakdown, refer to the MiCA CASP authorisation application checklist and downloadable documentation pack.

Cost and Staffing Estimates Minimum Own Funds, Set-Up and Ongoing Compliance

Estimated One-Off Set-Up Costs

Total set-up costs for MiCA CASP authorisation vary significantly based on business model complexity, jurisdiction and whether the applicant is building compliance infrastructure from scratch. As a broad indication, a smaller CASP (brokerage or advisory model) might expect one-off legal, compliance, technology and audit costs in the range of €150,000–€350,000, while a medium-sized exchange or custody platform could incur set-up costs of €400,000–€800,000 or more. These estimates cover external legal advisory fees, policy drafting, IT security audits, penetration testing, recruitment of key personnel and NCA application fees (which vary by jurisdiction).

Minimum Own Funds and Capital Bands

As noted above, MiCA’s own-funds floors range from €50,000 for lower-risk service classes up to €150,000 for custody, exchange or trading-platform activities or one quarter of fixed overheads of the preceding year, whichever is higher. In practice, NCAs may require applicants to hold capital above the regulatory minimum where their risk profile, business model or growth projections warrant it. The precise calculation methodology is detailed in Title V of MiCA and associated technical standards.

Ongoing Compliance Cost Ranges

Post-authorisation, CASPs should budget for recurring compliance costs including regulatory reporting, external audit, SOC assessments, penetration testing, ongoing AML monitoring tools and staff training. Recommended key hires and approximate EU salary ranges include:

  • Chief Compliance Officer / Head of Compliance: €90,000–€160,000 per annum
  • Money Laundering Reporting Officer (MLRO): €75,000–€130,000 per annum
  • Chief Technology Officer / Head of IT Security: €110,000–€180,000 per annum
  • Operations and Risk Manager: €80,000–€140,000 per annum

Smaller CASPs may combine roles, but NCAs increasingly expect dedicated function holders, particularly for compliance and AML. Total ongoing compliance costs (staff, technology, audit and reporting) typically range from €250,000 to €700,000 annually depending on scale and service scope.

Choosing an EU Jurisdiction Operational Fit, Time-to-Decision and Regulator Responsiveness

Decision Framework

Selecting the right home Member State for MiCA CASP authorisation is a strategic decision that should account for regulatory predictability, time to decision, language and communication ease, local substance requirements, corporate and tax friction, and proximity to target markets. The authorisation is EU-wide once granted, but the day-to-day supervisory relationship is with the home NCA making regulator engagement quality a critical factor.

Home Country Typical Time to Decision Regulator Responsiveness Application Fees Notable Local Requirements
Lithuania (Bank of Lithuania) 3–5 months (well-prepared applications) High established crypto-licensing track record; English-language engagement Moderate (fee schedule published by Bank of Lithuania) Local director/substance; competitive corporate environment; strong fintech ecosystem
Netherlands (AFM / DNB) 4–7 months High rigorous but predictable; extensive supervisory guidance from DNB Higher (significant ongoing supervisory levies) Strong substance expectations; existing AML infrastructure from AMLD registration regime
Austria (FMA) 4–6 months Moderate-to-high FMA has published MiCA roadmaps and guidance Moderate German-language administration (though FMA accepts English documentation in many cases); well-structured corporate law
Cyprus (CySEC) 5–8 months (dependent on application quality) Moderate improving, with dedicated crypto-asset units Moderate Established financial-services hub; favourable corporate/tax environment; close alignment with MiFID-based supervision

How to Choose: Business Model Fit and Passport Strategy

The optimal jurisdiction depends on the CASP’s specific service mix and target market. A custody or exchange platform serving institutional clients may prioritise the Netherlands or Austria for supervisory credibility, while a fintech-oriented brokerage or advisory firm may favour Lithuania for speed and operational flexibility. CASPs expecting the majority of their clients in Southern or Central Europe might weigh Cyprus’s geographic and linguistic advantages. In every case, the passporting mechanism means that the authorisation extends EU-wide the choice of home state shapes the supervisory relationship, not the commercial reach. A detailed comparison of EU member states for MiCA CASP authorisation covering additional jurisdictions is available in the jurisdiction comparison guide.

Post-Authorisation Obligations and Passporting

Ongoing Prudential Reporting, Governance Updates and Incident Reporting

Authorisation is the beginning, not the end, of the compliance journey. CASPs must submit regular prudential reports (capital adequacy, own-funds calculations, liquidity positions) to their home NCA. Material changes to governance board appointments, qualifying-shareholder changes, outsourcing arrangements require prior notification or approval. Cybersecurity incidents, operational disruptions and significant complaints must be reported within prescribed timeframes. NCAs have the power to require ad hoc reporting and on-site inspections.

How Passporting Works in Practice

To passport services into another Member State, the authorised CASP notifies its home NCA, which then transmits the notification to the host NCA. The host authority may impose local AML obligations and consumer-protection rules, but cannot require a separate licence. The ESMA MiCA rulebook and resources provide the supervisory framework underpinning cross-border notifications. In practice, passporting enables rapid market entry across EU Member States but compliance with host-state AML regimes and local conduct rules remains the CASP’s responsibility. Maintaining accurate registers of passported activities and clients by jurisdiction is essential for audit and supervisory purposes.

What Can Trigger Withdrawal or Supervisory Action

MiCA grants NCAs extensive powers to suspend, restrict or withdraw authorisation. Common triggers include persistent capital shortfalls, governance failures, AML breaches, material misstatements in the application, failure to commence services within 12 months of authorisation, or a finding that the CASP no longer meets the conditions for authorisation. Article 64 and Article 74 of MiCA set out the withdrawal grounds and the requirements for orderly wind-down, including the protection of client assets and funds during the wind-down period. Firms should maintain standing wind-down plans and earmarked resources to ensure that an orderly exit is achievable at all times.

Conclusion and Next Steps What to Prepare Now

With the MiCA transitional period now closed, obtaining full CASP authorisation is no longer optional for any firm providing crypto-asset services to EU clients. The regulatory landscape is consolidating rapidly, and firms without authorisation face enforcement action, market exclusion and reputational damage.

To prepare effectively for MiCA CASP authorisation EU-wide, firms should take the following immediate steps:

  1. Conduct a self-assessment against MiCA’s eligibility, governance, capital and operational requirements as outlined in this guide.
  2. Shortlist home Member State options based on business model fit, regulatory speed and substance feasibility.
  3. Compile the documentation pack business plan, compliance manuals, organisational chart, capital evidence and AML policies.
  4. Engage specialist legal counsel for a formal eligibility review and managed application support.
  5. Download the MiCA CASP authorisation checklist and documentation pack for an itemised annex list, sample timelines and NCA contact details.

The MiCA compliance playbook covering AML, custody and governance requirements provides further operational guidance for firms building or upgrading their compliance infrastructure. Proactive preparation, combined with experienced legal support, remains the most reliable path to timely authorisation and effective EU-wide passporting.

Sources

FAQs

What are the requirements for a CASP under MiCA?
To obtain MiCA CASP authorisation, a firm must have its registered office and effective management in an EU Member State, satisfy fit-and-proper assessments for its management body, maintain minimum own funds (ranging from €50,000 to €150,000 depending on service class, or a proportion of fixed overheads if higher), implement robust governance and internal-control frameworks, meet IT security and cyber-resilience standards, and comply with AML/KYC obligations as an obliged entity. The full requirements are set out in Title V of Regulation (EU) 2023/1114.
The typical application process follows these stages: (1) choose your home Member State and engage legal counsel; (2) request a pre-application meeting with the NCA; (3) prepare and submit the full documentation pack including business plan, compliance manuals, governance structure and capital evidence; (4) respond to NCA clarification requests during the review period; (5) receive the authorisation decision. The ESMA Supervisory Briefing on Authorisation of CASPs sets out common supervisory expectations that applicants should build into their preparation.
Costs vary by jurisdiction, business model and complexity. One-off set-up costs (legal, compliance, technology and audit) typically range from €150,000 to €800,000. Minimum own-funds requirements range from €50,000 to €150,000 or more depending on service class. Ongoing annual compliance costs — including staff, reporting, audits and IT security — generally fall between €250,000 and €700,000. Application fees are set by each NCA and should be confirmed directly with the relevant authority.
There is no single “best” jurisdiction — the optimal choice depends on the CASP’s business model, target market and operational preferences. Lithuania offers speed and an established fintech ecosystem; the Netherlands provides rigorous but predictable supervision; Austria combines structured regulation with a central European location; and Cyprus offers a favourable corporate environment and established financial-services infrastructure. See the jurisdiction comparison table above and the detailed jurisdiction comparison guide for further analysis.
A MiCA CASP licence is an authorisation granted by an EU Member State’s NCA under Regulation (EU) 2023/1114 that permits the holder to provide specified crypto-asset services. Once authorised, the CASP may passport its services into any other EU/EEA Member State by notifying its home NCA, which transmits the notification to the host authority. The passport removes the need for separate licences in each country, although the CASP must comply with host-state AML rules and local conduct requirements.
MiCA allows NCAs up to 25 business days to confirm completeness and then up to 40 business days to issue a decision. In practice, the total elapsed time from initial submission to authorisation typically ranges from three to eight months depending on the NCA, application quality and the complexity of the business model. Pre-application planning and document preparation may add one to three months before formal submission. Well-prepared applications with strong substance and complete documentation tend to progress materially faster.

Our Expert

Jonathon Richards

Global Law Experts

how to get a capital importation certificate
By Global Law Experts

posted 49 minutes ago

Find the right Legal Expert for your business

The premier guide to leading legal professionals throughout the world

Specialism
Country
Practice Area
LAWYERS RECOGNIZED
0
EVALUATIONS OF LAWYERS BY THEIR PEERS
0 m+
PRACTICE AREAS
0
COUNTRIES AROUND THE WORLD
0
Join
who are already getting the benefits
0

Sign up for the latest legal briefings and news within Global Law Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.

Naturally you can unsubscribe at any time.

About Us

Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.

Global Law Experts App

Now Available on the App & Google Play Stores.

Social Posts
[wp_social_ninja id="50714" platform="instagram"]
[codicts-social-feeds platform="instagram" url="https://www.instagram.com/globallawexperts/" template="carousel" results_limit="10" header="false" column_count="1"]

See More:

Contact Us

Stay Informed

Join Mailing List
About Us

Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.

Social Posts
[wp_social_ninja id="50714" platform="instagram"]
[codicts-social-feeds platform="instagram" url="https://www.instagram.com/globallawexperts/" template="carousel" results_limit="10" header="false" column_count="1"]

See More:

Global Law Experts App

Now Available on the App & Google Play Stores.

Contact Us

Stay Informed

GLE

Lawyer Profile Page - Lead Capture
GLE-Logo-White
Lawyer Profile Page - Lead Capture

Mica CASP Authorisation for the EU How to Secure a CASP Licence and Passport Across All Member States

Send welcome message

Custom Message