What a CASP Licence Actually Costs & Why Most Applicants Get It Wrong

We’ve sat across the table from hundreds of crypto founders over the past few years. Smart business models, well-capitalized, building genuinely innovative products. And yet, one question trips up nearly all of them the moment MiCA enters the conversation: What exactly is a CASP license, and what is it going to cost me?

The pattern tell the same story. People are looking for CASP license requirements, the ESMA CASP register, and what the acronym itself even stands for. These aren’t just curiosities; they’re the research trail of founders who are about to make a decision that shapes the next five to ten years of their businesses.

So let’s get into what we’ve actually learned from navigating these applications on behalf of clients across the EU.

What Is a CASP License? (And Why the Meaning Matters More Than You Think)

CASP stands for Crypto-Asset Service Provider. It’s the regulatory category created under the EU’s Markets in Crypto-Assets Regulation; MiCA; which came into full effect in December 2024. If you’re running any kind of crypto-related service directed at EU clients, the CASP license is the authorization you need to do it legally.

Here’s where founders get confused. The term feels new, so many assume it’s just a rebranding of something they’ve already encountered. It’s not. CASP is a MiCA-specific designation, and it covers a defined set of crypto-asset services: custody and administration, operation of a trading platform, exchange of crypto for fiat, exchange of crypto for crypto, execution of orders, placement of crypto-assets, reception and transmission of orders, and providing advice or portfolio management over crypto-assets.

If your platform touches any of these activities for EU users, you need CASP authorization. Not a general fintech license, not a legacy VASP registration; a CASP license issued by a national competent authority under the MiCA framework.

Think of it like this: if the original VASP frameworks were regional building codes, MiCA is the EU-wide planning authority that now supersedes them. The CASP license is the permit you pull from that authority.

CASP vs VASP: The Distinction That Can Derail Your Entire Strategy

This is probably the single most misunderstood point in EU crypto licensing right now, and we’ve seen it cause serious strategic errors.

VASP; Virtual Asset Service Provider; is a FATF concept. It was adopted by individual EU member states as the basis for national crypto registration requirements before MiCA existed. Countries like Lithuania, Estonia, and Poland built their own VASP registration regimes in the years prior to 2024. These regimes required companies to register with a national financial intelligence unit or financial regulator, comply with AML/CTF requirements, and maintain certain operational standards.

MiCA changed everything. Under MiCA, VASP registrations do not automatically convert to CASP authorizations. A company registered as a VASP in Lithuania or Estonia cannot simply continue operating across the EU under that registration once MiCA’s transitional provisions expire.

The transitional window is real but finite. Member states had the option to allow VASP-registered entities to continue operating for up to 18 months after MiCA’s entry into force; which takes most firms to mid-2026 at the latest. After that, full CASP authorization is required.

What this means practically: if you’ve been operating under a VASP registration and haven’t started your CASP application, you’re not ahead of the curve. You’re behind it. We’ve had clients come to us after assuming their VASP registration would carry them through; the conversations that follow are not easy ones.

The ESMA CASP register is the public record where authorized CASPs will be listed once they receive authorization from their national competent authority. This register will become the primary due diligence tool for exchanges, banking partners, and institutional counterparties looking to verify that a firm is legitimately authorized under MiCA. Not appearing on it will close doors.

CASP License Requirements: What Regulators Actually Look For

The MiCA text runs to over 150 pages, but for the CASP application itself, the requirements cluster around five areas. Here’s what we see regulators scrutinize most heavily.

Governance and organizational structure. You need a clear, documented management structure with fit-and-proper individuals in key positions. This means background checks, professional qualifications, and demonstrated experience in financial services or closely related fields. A technical co-founder who has never touched compliance is not going to pass fit-and-proper assessment for a CEO role in an EU-regulated entity without supplementary appointments.

Prudential requirements; own funds. The minimum own funds requirement under MiCA depends on the class of CASP services you’re offering. Class 1 services (e.g., advice, reception and transmission of orders) require €50,000. Class 2 services (e.g., execution of orders, placement) require €125,000. Class 3 services (e.g., custody, operation of a trading platform) require €150,000. These are regulatory minimums; the actual capital a regulator will expect you to demonstrate operational sustainability with is almost always higher.

AML/CFT compliance program. A compliant AML program under MiCA means having a Money Laundering Reporting Officer (MLRO), a documented risk appetite, transaction monitoring procedures, KYC/CDD protocols, and a training program. Regulators will ask to see this documentation in detail. A generic AML policy downloaded from the internet will not pass scrutiny.

ICT and cybersecurity frameworks. MiCA intersects with DORA; the Digital Operational Resilience Act; which came into full effect in January 2025. This means your technology infrastructure needs documented resilience policies, incident classification and reporting procedures, and a business continuity plan. For platforms handling custody, the security requirements are significant.

White paper obligations. If you’re issuing crypto-assets as part of your service model, you’ll need a compliant crypto-asset white paper filed with your national regulator. The content requirements are specific: token characteristics, rights attached, technology description, risk factors, and financial projections where applicable.

CASP License Cost: The Real Numbers (And Why Quotes Vary So Widely)

This is where we want to be unusually direct, because the variance in quotes founders receive is genuinely disorienting.

A CASP license application has three distinct cost layers, and conflating them is how people end up with sticker shock three months into the process.

Government fees and regulatory levies. These vary by jurisdiction. As a rough guide, national competent authority application fees for MiCA CASP authorization range from approximately €3,000 to €15,000 depending on the member state. Some jurisdictions charge an initial application fee and then ongoing supervisory fees. Others have a flat assessment fee structure. The specific fee schedules are published by each NCA, but they change; always verify with the regulator directly at the time of your application.

Documentation and compliance preparation. This is the lion’s share of the cost for most applicants. Getting your governance structure, AML program, ICT documentation, prudential evidence, and white paper (where applicable) to a standard that will survive regulatory scrutiny requires serious work. At LegalBison, we’ve seen this range from €20,000 for firms that already have mature compliance infrastructure and need mostly adaptation and filing support, to €80,000 or more for firms starting from scratch across all requirement areas. The honest answer is that the number depends heavily on your starting point.

Ongoing compliance and supervisory costs. Authorization is not a one-time event. Once licensed, a CASP is subject to ongoing reporting obligations, supervisory fees, annual AML reporting, and periodic review. Budget a meaningful ongoing compliance function; whether internal or outsourced; as a recurring line item.

What makes quotes vary so wildly is that different advisors price different scopes. A quote for “CASP license assistance” might mean help filling in the application form. It might mean full preparation of all required documentation. It might mean end-to-end support including regulatory meetings. Always ask for a detailed scope of work before comparing prices.

Jurisdiction Selection: Not All EU Member States Are Equal

MiCA created a single EU passport for CASP authorization: get licensed in one member state, and you can passport services across all 27. This means jurisdiction selection is a strategic decision, not just an administrative one.

Different national competent authorities have different processing speeds, different levels of regulatory communication during the application process, and different reputations among banking partners. Some member states have published detailed CASP application guidance and have dedicated crypto licensing teams within their supervisory authority. Others are still building that capacity.

From what we’ve observed in applications across multiple EU jurisdictions, there are meaningful differences in timeline; from initial submission to decision; that can span anywhere from six months to over eighteen months. Regulatory resource, application volume, and the specific services being authorized all play a role.

For most of our clients, the jurisdictional decision comes down to a combination of processing speed, banking accessibility for a licensed CASP in that jurisdiction, ongoing supervisory intensity, and whether the firm has any existing operational presence. There is no universally correct answer. A well-reasoned jurisdictional selection, documented in your application as part of your governance rationale, signals to regulators that you’re approaching this seriously.

The MiCA CASP License Timeline: What to Actually Expect

MiCA sets a maximum assessment period of 40 working days from the date a complete application is received. This sounds fast. In practice, the process works differently.

Most national competent authorities will acknowledge your application, then assess completeness before starting that 40-day clock. Requests for additional information (which are common, particularly for novel business models or cross-service authorization requests) pause the clock and restart it. A straightforward Class 1 application with a firm that has clean governance and a mature compliance program can move through in the MiCA-mandated timeframe. A complex multi-service application requiring extensive back-and-forth with the regulator can take considerably longer.

What consistently accelerates the process is submitting a complete, well-organized application the first time. Regulators have limited capacity. Applications that require multiple rounds of information requests take longer and create a less favorable impression. Investing in preparation before submission pays dividends in processing speed.

What Happens If You Miss the Window

Operating as a CASP without authorization after the transitional provisions expire is not a gray area. MiCA establishes clear obligations on member states to take supervisory action against unauthorized CASP activity. This means regulatory sanctions, potential prohibition orders, and reputational consequences that affect banking relationships and partner due diligence.

The ESMA CASP register will make the authorization status of any firm publicly verifiable. Institutional counterparties, exchanges, and banking partners will check it. Not appearing on it is a commercial problem, not just a regulatory one.

The window to secure authorization before the transitional deadline is real, and it is closing. The average time from initial instruction to completed application submission; done properly; is four to six months for most firm types. Factor in regulatory processing time, and firms that haven’t started aren’t starting at an advantage.

How LegalBison Approaches CASP Applications

At LegalBison, we’ve navigated licensing applications across EU member states before and after MiCA’s entry into force. Our approach doesn’t start with the application form; it starts with a detailed assessment of your business model, your current operational structure, and your regulatory starting point.

That assessment determines the realistic scope of work, the right jurisdiction for your specific situation, and the correct service classification for your activities. From there, we prepare all required documentation; governance policies, AML program, ICT framework documentation, white paper where applicable; to regulator-ready standard. We liaise with the national competent authority through the assessment process, managing information requests and ensuring responses are substantive and complete.

What we don’t do is submit applications speculatively or before a client’s infrastructure is ready to support the authorization. A rejection or withdrawal damages future applications and burns time. Every CASP application we prepare is submitted because we believe it’s ready.

Conclusion

The CASP license under MiCA is the definitive EU regulatory credential for crypto-asset service providers. It replaces the patchwork of national VASP regimes, creates a single EU passport, and sets a unified standard for governance, capital, compliance, and operational resilience. The cost is real but manageable with proper preparation. The timeline is tight but workable for firms that move now. The jurisdictional choice matters strategically, not just administratively.

If your business serves EU clients; or intends to; the CASP authorization process deserves serious attention, not a wait-and-see approach. The transitional window is not infinite, and the ESMA CASP register will define who operates legitimately in the EU crypto market going forward.