MiCA License EU

MiCA License: Cost, Timeline & Step-by-Step CASP Application Process

Updated: February 19, 2026

MiCA is the EU’s unified crypto regulation — one license to operate across all 27 Member States. If you run a crypto exchange, wallet, trading platform, or advisory service, you need CASP authorization. We handle the entire process from jurisdiction selection to NCA approval. Over 500 licenses obtained since 2016.

At Fintech Simple, we help crypto businesses obtain CASP licenses under the EU's Markets in Crypto-Assets Regulation (MiCA). With 500+ license approvals since 2016, we handle the entire process — from jurisdiction selection to NCA submission and EU passporting.

See Costs & Timeline
Patrik Asevicius
Patrik Asevicius
Lawyer, MiCA licensing expert at Fintech Simple

Packages & Pricing

Each package covers the entire licensing process from start to approved license — jurisdiction selection, company registration, document preparation, NCA submission, and regulator Q&A management. You pay a fixed price; we deliver the CASP authorization. If the NCA requests additional information or revisions, we handle every round at no extra cost.

Essential€21,000 StandardUpon request EnterpriseUpon request
Selection of a suitable jurisdiction in the EU
Company registrationIncluding legal address and opening a bank account
Preparation of all documents for MiCA licensing
Review of documents, rules, and policies
Submission of documents to ESMA and obtaining the license
Assistance in finding key personnel (MLRO, Compliance Officer, local directors)
Customized policies and business plan (if needed)
Essential €21,000
  • Selection of a suitable jurisdiction in the EU
  • Company registration (including legal address and opening a bank account)
  • Preparation of all documents for MiCA licensing
  • Review of documents, rules, and policies
  • Submission of documents to ESMA and obtaining the license
  • Assistance in finding key personnel (MLRO, Compliance Officer, local directors)
  • Customized policies and business plan (if needed)
Standard Upon request
  • Selection of a suitable jurisdiction in the EU
  • Company registration (including legal address and opening a bank account)
  • Preparation of all documents for MiCA licensing
  • Review of documents, rules, and policies
  • Submission of documents to ESMA and obtaining the license
  • Assistance in finding key personnel (MLRO, Compliance Officer, local directors)
  • Customized policies and business plan (if needed)
Enterprise Upon request
  • Selection of a suitable jurisdiction in the EU
  • Company registration (including legal address and opening a bank account)
  • Preparation of all documents for MiCA licensing
  • Review of documents, rules, and policies
  • Submission of documents to ESMA and obtaining the license
  • Assistance in finding key personnel (MLRO, Compliance Officer, local directors)
  • Customized policies and business plan (if needed)

Final pricing depends on jurisdiction and scope of services. We provide a fixed-price quote within 48 hours — no hidden fees, no hourly billing.

Our Experts

Our in-house team of EU regulatory lawyers has been licensing crypto businesses since 2016 — long before MiCA existed. With 500+ CASP and VASP license approvals across Lithuania, Poland, Czech Republic, Estonia, and other EU jurisdictions, we know how each NCA operates and what it takes to get your application approved.

Photo Joseph Davies — General Counsel at Fintech Simple
Joseph Davies
General Counsel, Partner. Leads MiCA licensing strategy and NCA negotiations across EU jurisdictions.
Photo Tomas Kęstutis — Senior Legal Counsel at Fintech Simple
Tomas Kęstutis
Senior Legal Counsel, Partner. Specializes in CASP authorization, AML frameworks, and crypto regulatory compliance in the EU.
Photo Patrik Asevicius — MiCA Licensing Lawyer at Fintech Simple
Patrik Asevicius
Lawyer, MiCA licensing expert. Handles CASP application packages, policy documentation, and regulator Q&A for EU crypto companies.

What Is the MiCA Regulation and Who Must Comply by 2026

MiCA (Markets in Crypto-Assets Regulation) is the EU's single rulebook for crypto businesses — one license, one set of rules, access to all 27 Member States.

If you run a crypto exchange, wallet, trading platform, or advisory service, MiCA requires you to obtain authorization as a Crypto-Asset Service Provider (CASP). In return, your CASP license lets you passport across the entire EU from a single jurisdiction — no separate registrations per country.

Regulation
Full enforcement
30 Dec 2024
Supervised by
ESMA + NCAs
Key benefit
EU-wide passport

MiCA categorizes crypto-assets into three distinct classes — E-Money Tokens (EMTs), Asset-Referenced Tokens (ARTs), and Other Crypto-Assets (utility tokens) — each subject to its own regulatory regime under Titles II–IV. For a detailed breakdown of issuer requirements, capital thresholds, and whitepaper obligations for each class, see Issuing Crypto-Assets Under MiCA below.

Key Dates: MiCA Timeline and Transitional Provisions

MiCA's provisions came into force in stages:

DateMilestoneStatus
30 Jun 2024 EMT & ART rules (Titles III–IV) — stablecoin issuers must comply In effect
30 Dec 2024 CASP authorization regime (Title V) + Transfer of Funds Regulation In effect
Until ~Jul 2026 Transitional period — existing national-license holders may continue operating (varies by country) Closing soon

What this means for you in 2026: If you already operate under a national crypto license, check your country's transitional deadline — most expire by mid-2026. New entrants must apply for full CASP authorization immediately — no transitional grace period for new businesses.

Do You Need a MiCA License?

Under MiCA, any entity that provides one or more crypto-asset services to third parties on a professional basis within the EU must obtain authorization as a Crypto-Asset Service Provider (CASP). This applies whether your company is established in an EU Member State or targets EU-based clients from abroad through marketing, language localization, or fiat on-ramp integrations. The scope is broad by design: if your business model touches crypto-assets and serves EU users, MiCA likely applies to you.

One license, multiple services: A single CASP authorization can cover any combination of the ten service categories below. You don't need a separate license for each activity — but you must be authorized for every service you provide.

MiCA Service Categories by Capital Tier

MiCA defines ten categories of crypto-asset services. They are grouped below by capital tier to help you quickly identify your requirements:

Class 1 Services (€50,000 minimum capital)

  • Providing advice on crypto-assets — offering personalized recommendations to a client regarding transactions in crypto-assets.
  • Reception and transmission of orders — receiving an order from a client and transmitting it to a third party for execution.
  • Execution of orders on behalf of clients — concluding agreements to buy or sell crypto-assets on behalf of clients.
  • Placing of crypto-assets — marketing newly issued crypto-assets to specified purchasers, on behalf of the issuer or offeror.
  • Transfer services for crypto-assets — transferring crypto-assets from one address or account to another on behalf of a person.
  • Portfolio management of crypto-assets — managing portfolios on a discretionary, client-by-client basis.

Class 2 Services (€125,000 minimum capital)

  • Custody and administration of crypto-assets — safekeeping or controlling clients' crypto-assets or means of access to them (e.g., private keys).
  • Exchange of crypto-assets for funds (fiat) — concluding purchase or sale contracts of crypto-assets against fiat currency.
  • Exchange of crypto-assets for other crypto-assets — concluding purchase or sale contracts of crypto-assets against other crypto-assets.

Class 3 Services (€150,000 minimum capital)

  • Operation of a trading platform for crypto-assets — managing a multilateral system that brings together buying and selling interests in crypto-assets.

Who Is Exempt from MiCA

MiCA does not apply to every activity involving crypto-assets. The regulation carves out several categories:

  • Truly decentralized protocols — where there is no identifiable service provider or intermediary. In practice, regulators scrutinize whether a truly decentralized structure exists — many projects with a foundation, core team, or concentrated governance token voting may still fall within scope.
  • Non-fungible tokens (NFTs) — unique and non-fungible crypto-assets. However, if an NFT exhibits fungible characteristics — such as fractionalization, revenue-sharing, or large-scale series issuance — it may fall under MiCA or MiFID II. The classification depends on the specific design.
  • Financial instruments under MiFID II — crypto-assets that qualify as transferable securities or derivatives continue to be regulated under existing EU financial services legislation.
  • Intra-group services — crypto-asset services provided exclusively within a group of companies, with no third-party clients.
  • Central banks and certain public entities — the ECB, EU Member State central banks, and certain public international organizations are excluded.
Needs a MiCA LicenseMay Be Exempt
Crypto exchanges (fiat-to-crypto and crypto-to-crypto)Truly decentralized DeFi protocols with no identifiable service provider
Custodial wallet providersUnique, non-fungible NFTs (not part of a large collection or fractionalized)
Trading platforms for crypto-assetsServices already fully regulated under MiFID II (e.g., tokenized securities)
Portfolio management services for crypto-assetsCentral banks and EU Member State governments
Crypto advisory services (personalized recommendations)Intra-group transactions with no third-party clients
Transfer and payment services involving crypto-assetsCertain services provided exclusively to professional clients under national exemptions

Exemptions are fact-specific and depend on your exact business structure. If you're unsure whether your project falls within scope, we can help you assess your status.

MiCA Capital Requirements for CASPs

Every CASP must hold a minimum amount of own funds (capital) before the NCA will grant authorization. The exact figure depends on the services you provide — MiCA defines three tiers. If your company offers multiple services, the highest applicable tier applies. For example, if you run a custody service (Class 2) but also operate a trading platform, you fall under Class 3 (€150,000) regardless of your other services.

Capital TierAmountApplicable Services
Class 1€50,000Advice on crypto-assets, reception and transmission of orders, execution of orders on behalf of clients, placing of crypto-assets, transfer services, portfolio management
Class 2€125,000Custody and administration of crypto-assets, exchange of crypto-assets for funds (fiat), exchange of crypto-assets for other crypto-assets
Class 3€150,000Operation of a trading platform for crypto-assets

The 25% Overhead Rule — Your Real Minimum May Be Higher

The table above shows the absolute floor. On top of it, MiCA requires CASPs to hold own funds equal to at least one quarter (25%) of fixed overhead expenses from the preceding year. Whichever number is higher becomes your actual capital requirement.

Example: Your company runs a crypto exchange (Class 2, €125,000 minimum). Your annual fixed overheads — salaries, rent, IT infrastructure, legal — total €800,000. One quarter of that is €200,000. Because €200,000 > €125,000, your real capital requirement is €200,000.

This is recalculated annually, so growing operational costs mean a growing capital obligation. We help you model realistic first-year budgets so there are no surprises after authorization.

Token issuers: ART and EMT issuers face separate, higher capital requirements under MiCA Titles III and IV. See Issuing Crypto-Assets Under MiCA for details.

MiCA License Requirements: What You Need Beyond Capital

Meeting the minimum capital threshold is only the starting point. NCAs assess every CASP applicant against five core areas — and weakness in any one of them can delay or block your authorization:

  1. Governance and fit-and-proper — qualified directors, clear roles, EU-resident management
  2. AML/CFT compliance — tailored KYC procedures, transaction monitoring, sanctions screening
  3. IT security and resilience — cybersecurity framework, penetration testing, BCP/DRP
  4. Client asset safeguarding — strict segregation of client and company holdings
  5. Marketing and complaints handling — fair disclosures, transparent fees, formal complaint process

MiCA Governance and Fit-and-Proper Rules

Especially critical for advisory CASPs and portfolio managers, where the NCA scrutinizes individual competence most closely.

Key rule: at least one senior director must be resident in the EU Member State of authorization. The management body must collectively demonstrate competence in compliance, risk management, IT security, and financial operations. Each member undergoes a fit-and-proper assessment covering good repute, professional experience, and absence of conflicts of interest.

In our experience, fit-and-proper checks take 4–8 weeks per person. NCAs frequently request additional documentation on directors’ professional history — having complete CVs and criminal record certificates ready from the start prevents delays.

AML/CFT Compliance

Required for all CASPs without exception — this is the area where generic, copy-pasted policies are rejected most often.

Key rule: the compliance function must be independent and report directly to the management body. Your AML/CFT program must include comprehensive KYC procedures, ongoing transaction monitoring, sanctions screening, and SAR filing — all tailored to your specific business model and risk profile. NCAs will reject template policies that do not reflect your actual service type and client base.

CASPs must also conduct regular risk assessments and maintain staff training programs. The MLRO (Money Laundering Reporting Officer) must have direct NCA access and operational independence.

Need help building your AML framework? See our AML and Risk Management services — we develop regulator-ready AML policies tailored to your business model.

IT Security and Operational Resilience

Particularly important for exchanges and trading platforms that handle high transaction volumes and manage private keys.

Key rule: a Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) are mandatory. Beyond that, NCAs expect documented ICT risk management policies, vulnerability assessments, independent penetration testing, encryption standards, and secure key management procedures. Generic security documents will not pass — the framework must reflect your actual technical architecture.

CASPs also fall under the Digital Operational Resilience Act (DORA), the EU’s dedicated ICT risk regulation for financial entities. DORA imposes additional requirements for ICT third-party risk management and periodic resilience testing that go beyond MiCA’s own provisions.

Client Asset Safeguarding

Critical for CASPs providing custody, exchange, or any service where client crypto-assets or fiat funds are held.

Key rule: strict segregation of client assets from company holdings at all times. This means separate wallets and accounts, daily reconciliation, and a prohibition on using client assets for the CASP’s own trading or operations. Client fiat must be placed with a credit institution by the next business day.

Custody arrangements must be documented in detail: key management procedures, client rights in case of insolvency, and the process for returning assets on demand. NCAs treat safeguarding failures as the most serious compliance breach.

Marketing and Complaints Handling

Applies to all CASPs — regulators increasingly enforce this area post-authorization through mystery shopping and ad monitoring.

Key rule: all communications must be fair, clear, and not misleading. Before providing any service, CASPs must disclose fees, commissions, spreads, and risk warnings. Marketing materials must be accurate and specific to the services offered — not generic disclaimers.

Every CASP must maintain a formal complaints handling procedure: free submission for clients, defined response timeframes set by the NCA, escalation paths, and record-keeping. NCAs review complaint logs during supervisory visits.

We Prepare the Full Documentation Package

Governance dossiers, fit-and-proper files, AML frameworks, IT security policies, safeguarding procedures, and marketing compliance documentation — all five areas, tailored to your business model.

Step-by-Step: How to Get a MiCA License

We handle the entire MiCA authorization process end-to-end. Here is exactly what happens at each stage when you work with Fintech Simple.

1

Home-State Selection & Incorporation (1–4 weeks)

What we do: We analyze your business model, target markets, and budget to recommend the optimal EU Member State and NCA. We then incorporate the legal entity, set up a registered office, and establish the initial substance — including appointing at least one EU-resident director and preparing UBO/fit-and-proper files.

Baseline we deliver: Registered address in the EU, corporate structure aligned with MiCA requirements, initial banking plan (often an EMI account as interim, then a bank account closer to authorization), and clear ownership documentation.

2

Pre-Application Contact with the NCA (1–3 weeks)

What we do: We engage the NCA informally on your behalf to confirm the service perimeter (custody, exchange, execution, trading platform, etc.), clarify transitional regime eligibility, discuss outsourcing approach, and align on the documentation set.

Outcome: Aligned scope and expectations with the regulator, which eliminates surprises and reduces later rounds of requests for information (RFIs).

3

Build the Application Package (6–10 weeks)

What we prepare:

  • Business plan & financials — 3-year projections with activity-based own-funds calculations
  • Governance & organization — role charters, decision-making trail, independence of control functions
  • Policies & procedures — AML/KYC, safeguarding (segregation + daily reconciliation), conflicts of interest, complaints, marketing/disclosures, incident response, outsourcing, business continuity, and wind-down plan
  • IT & security — architecture, access controls, logging/monitoring, change management, vendor register, and exit plans
  • Service-specific documentation — best execution/order handling, market-abuse surveillance, settlement flows, white-paper governance (where applicable)

We use our pre-built legal frameworks and adapt them to your business model, saving up to 50% of preparation time compared to building from scratch.

4

Submission & Completeness Check (2–4 weeks)

What we do: We file the complete dossier with the NCA and manage all communication from Day 0. The NCA acknowledges receipt (typically within 5 working days), then conducts a completeness check over 25–30 working days.

Possible outcomes: If the file is complete, it proceeds to substantive assessment. If gaps are identified, we address them immediately so the clock restarts without delay. Our thorough preparation in Step 3 means completeness issues are rare.

5

Substantive Assessment (3–6 months)

What the NCA assesses:

  • People & substance — time commitment of directors, competence, independence of control functions
  • Safeguarding — no re-use of client assets, client fiat placed with a credit institution by the next business day, daily reconciliations
  • IT & outsourcing — security posture, incident handling, third-party oversight and exit scenarios
  • Conduct — fair and transparent marketing, conflicts management, complaint handling SLAs

What we handle: We manage all RFI rounds (typically 1–3), prepare responses, coordinate interviews with key personnel, and liaise directly with the NCA on your behalf. Our familiarity with each regulator's priorities means faster, more targeted responses.

6

Decision, ESMA Register & Passporting (1–3 weeks)

What happens: Upon approval, the NCA issues the CASP authorization decision and your company is listed in ESMA's public register. We then file passporting notifications to the Member States you want to operate in.

Next steps we support: Aligning terms and conditions and marketing to the authorized status, keeping register information current, and preparing for the ongoing supervisory relationship.

7

Banking & Go-Live

What we coordinate: We help you open operational bank accounts by preparing the full package banks and payment providers require — the authorization letter, board minutes, complete policy set (especially safeguarding/AML), proof of reconciliations and segregation, and the UBO/KYC pack.

Result: Operational accounts are opened and your services begin under the MiCA regime.

Ready to Start Your MiCA Application?

We handle the entire process from jurisdiction selection to ESMA registration. Get your licensing plan within 48 hours.

MiCA License Cost: What to Expect

The total first-year cost of a MiCA CASP license typically ranges from €200,000 to €475,000 depending on the type of services and jurisdiction. This includes regulatory capital, incorporation, legal fees, staffing, office, IT infrastructure, and NCA application fees. Below, we break it down by component and by three common CASP scenarios.

Regulatory Capital (Own Funds)

This is capital you must maintain at all times, not a one-time fee. Your minimum depends on your service tier: €50,000 (Class 1), €125,000 (Class 2), or €150,000 (Class 3). The 25% overhead rule may push your actual requirement higher.

Legal and Compliance Fees

The full documentation package — policies, procedures, business plan, and NCA application materials — typically costs €15,000 to €60,000 depending on the scope and complexity of your services. Our approach uses pre-built, regulator-tested frameworks, which keeps legal costs toward the lower end of this range for most clients.

Ongoing Annual Costs

After authorization, annual compliance costs typically range from €80,000 to €200,000. MLRO salary and office rent are your largest recurring items — plan for these to scale with headcount as your operations grow.

Cost ComponentCustody OnlyExchange + CustodyTrading Platform
Regulatory Capital€125,000€125,000€150,000
Incorporation & Setup
Company formation, registered office, initial corporate structure
~€10,000~€10,000~€14,000
Legal Package
Policies, procedures, business plan, NCA application dossier
min. €23,000min. €35,000min. €48,000
MLRO (annual)
Full-time or outsourced; smaller CASPs often start with an outsourced MLRO
min. €40,000min. €50,000min. €60,000
Office (annual)min. €12,000min. €17,000min. €21,000
IT / Security Auditmin. €10,000min. €18,000min. €25,000
NCA Application Fee
Set by each national regulator; varies by jurisdiction
~€3,000~€5,000~€7,000
Estimated First-Year Totalmin. €230,000min. €270,000min. €380,000

All figures are estimates based on typical market conditions across EU jurisdictions. Actual costs vary depending on the specific country, scope of services, and complexity of your business model.

Get a Personalized Cost Estimate

Tell us your target services and preferred jurisdiction — we will send you a detailed cost breakdown within 48 hours.

MiCA License Timeline: Realistic Estimates

The timeline for obtaining a MiCA license depends on three primary factors: your chosen jurisdiction, the readiness of your documentation, and the scope of CASP services you apply for. Below are three realistic scenarios based on our experience.

ScenarioTimelineKey Factors
Best Case~4 monthsSimple scope (e.g., custody only), experienced team, pre-built documentation, jurisdiction with fast NCA (e.g., Lithuania), no NCA pushback
Typical6–9 monthsExchange + custody scope, professional advisors, complete documentation submitted, 1–2 rounds of NCA questions
Complex9–12+ monthsTrading platform, multiple services, new company without track record, jurisdiction with thorough NCA (e.g., Germany), multiple Q&A rounds

The single most effective way to accelerate the timeline is to ensure your application package is complete and high-quality before formal submission. Incomplete applications trigger additional completeness check cycles, each adding 2–4 weeks. Working with advisors who have direct experience with your chosen NCA can reduce the overall timeline by 2–3 months compared to a self-guided approach.

Best EU Countries for a MiCA License

Choosing the right jurisdiction is one of the most consequential decisions in your MiCA licensing journey. Each EU Member State has its own NCA, processing culture, substance expectations, and practical advantages. Below, we compare ten relevant jurisdictions — enriched with real licensing data from the ESMA Interim MiCA Register.

CountryLicensed CASPs*Typical SLA (months)SubstanceLanguageBanking
Germany456–12+Very highGerman requiredExcellent
France126–9HighFrench preferredExcellent
Cyprus84–8ModerateEnglish acceptedModerate
Austria74–8Moderate–HighGerman preferredGood
Spain54–8ModerateSpanishGood
Luxembourg46–12HighFrench/GermanExcellent
Lithuania33–5ModerateEnglish acceptedGood
Estonia24–8HighEnglish acceptedModerate
Poland04–7ModerateEnglish acceptedGood
Czech Republic04–6ModerateEnglish acceptedGood

*Data from the ESMA Interim MiCA Register (February 2026). Numbers reflect CASPs authorized under MiCA as of the register’s last update. 150 licensed CASPs across the EU in total.

Substance refers to the level of real operational presence the NCA expects in the country:

  • Moderate — registered office, at least one local director, basic local staff. Lean setups are generally accepted.
  • Moderate–High — local director with industry experience, dedicated compliance officer on-site, physical office expected.
  • High — multiple local employees, senior management resident in-country, fully operational office, independent compliance and risk functions.
  • Very high — full C-suite presence, extensive local headcount, audited operational processes, and deep regulatory engagement expected from day one.

Banking indicates how easy it is for a newly licensed CASP to open a corporate bank account in the jurisdiction:

  • Excellent — multiple banks actively service crypto-licensed companies; account opening typically takes 2–4 weeks.
  • Good — several banking options available; some banks may require additional due diligence, 4–8 weeks typical.
  • Moderate — limited bank appetite for crypto clients; expect longer timelines (2–3 months) and possible rejections before finding a partner bank.

Germany

Germany offers the largest domestic market in the EU and excellent banking access through BaFin supervision. With 45 licensed CASPs — by far the most in the EU — Germany has attracted heavyweights such as Bitpanda, Trade Republic, N26, Commerzbank, and Bullish Europe. However, BaFin is notoriously thorough, timelines can exceed 12 months, and all communications must be in German.

France

France offers excellent banking access and a mature financial ecosystem. The AMF is a respected regulator, and France's shorter transitional period signals its commitment to rapid MiCA adoption. With 12 licensed CASPs, France has attracted major players including Circle (the issuer of USDC and EURC) and Société Générale Forge. Best suited for larger companies with the resources to maintain significant local presence.

Cyprus

Cyprus has long been a popular jurisdiction for financial services companies. CySEC accepts English, and the country offers moderate substance requirements and a favorable tax environment. With 8 licensed CASPs under MiCA — including eToro, Revolut, and Trading 212 — Cyprus is proving a popular choice for consumer-facing platforms. A strong choice for companies already familiar with the CySEC regulatory approach.

Austria

Austria provides a solid financial infrastructure and good banking access through the FMA. With 7 licensed CASPs, Austria has attracted notable names including Bitpanda, Bybit EU, and KuCoin EU. Particularly well-suited for companies targeting the DACH region (Germany, Austria, Switzerland).

Spain

Spain is building its crypto regulatory infrastructure through the CNMV. The country offers moderate substance requirements and connections to Latin America that offer unique strategic advantages.

Luxembourg

Luxembourg is the jurisdiction of choice for institutional-grade crypto operations. The CSSF is a highly respected regulator with unmatched banking infrastructure. However, timelines are long and costs are at the upper end of the range.

Lithuania

Lithuania remains the most popular jurisdiction for crypto startups and mid-size companies seeking a MiCA license. The Bank of Lithuania accepts English-language submissions, offers competitive processing times of 3 to 5 months, and the country provides a cost-effective operating environment with a well-established fintech ecosystem. With only 3 licensed CASPs so far under MiCA, Lithuania is still in the early stages of its transition — the country was dominant under the previous VASP regime, and most existing operators are now converting to full MiCA authorization. Learn more about crypto licensing in Lithuania.

Estonia

Estonia is known for its digital-first governance and was one of the earliest EU countries to establish a crypto licensing framework. Under MiCA, Estonia has not adopted grandfathering provisions, meaning all providers must apply for full CASP authorization. The FSA enforces strict substance requirements, but the jurisdiction's reputation for digital innovation continues to attract serious crypto businesses. Learn more about crypto licensing in Estonia.

Poland

Poland is an increasingly attractive option for MiCA licensing, offering a cost-effective environment and a growing crypto ecosystem. The KNF has been actively preparing for MiCA implementation, and Poland's large domestic market adds appeal for companies seeking a Central European presence. As of February 2026, no CASPs have been licensed under MiCA in Poland yet — the KNF is still ramping up its authorization process, which may present an opportunity for early movers. Learn more about crypto licensing in Poland.

Czech Republic

The Czech Republic offers a straightforward licensing process, reasonable costs, and a central EU location. The Czech National Bank has demonstrated a pragmatic approach to crypto regulation, and Prague has emerged as a significant European tech hub. Like Poland, the Czech Republic has 0 licensed CASPs under MiCA so far — the CNB is still finalizing its authorization procedures. Learn more about crypto licensing in Czech Republic.

Documentation Checklist for CASP Application

A complete and well-structured application package is the foundation of a successful MiCA licensing process. Below is the comprehensive checklist of documents and policies you will need to prepare.

  • Constitutional documents and ownership structure, including full UBO (Ultimate Beneficial Owner) disclosure up to the natural person level
  • Detailed business plan covering services offered, target markets, three-year financial projections, key risks, and mitigation strategies
  • AML/CFT policy and sanctions compliance framework, tailored to your specific business model and risk profile
  • KYC and customer onboarding procedures, including customer due diligence (CDD) and enhanced due diligence (EDD) protocols
  • Custody and safekeeping policy (if providing custody and administration of crypto-assets on behalf of clients)
  • Market abuse prevention policy, covering insider dealing, unlawful disclosure, and market manipulation as defined under MiCA Title VI
  • Conflicts of interest policy, documenting identification, prevention, management, and disclosure of conflicts
  • Complaints handling procedure with defined timelines, escalation paths, and record-keeping requirements
  • Pricing and fee schedule with full client disclosures
  • Outsourcing policy and third-party risk assessment, covering all critical functions delegated to external providers
  • ICT risk management framework, aligned with MiCA requirements and relevant DORA standards
  • Information security policy and penetration test results
  • Business continuity and disaster recovery plan (BCP/DRP), including recovery time objectives and testing evidence
  • Data protection and GDPR compliance documentation
  • Whitepaper (if issuing tokens under MiCA Title II or Title III) — see our policies and procedures development services
  • Key personnel CVs and fit-and-proper declarations for all members of the management body
  • Financial statements and capital adequacy calculations, demonstrating compliance with Annex IV own funds requirements

Let Us Prepare Your Application Package

Our pre-built frameworks save you months of preparation. We deliver regulator-ready documentation.

Why MiCA Applications Get Rejected: Lessons from Real Cases

A rejected MiCA application typically means 3–6 months lost and a significantly harder path to resubmission — NCAs remember previous attempts. Based on our experience working alongside regulators, these are the mistakes we see most often.

Insufficient Substance

The number one reason for rejection. Virtual offices, nominee directors with no real involvement, absence of local staff — NCAs flag these immediately. We have seen applications returned within weeks because the registered office was a shared coworking address with no dedicated space, and the sole director visited the country once a quarter. Your entity must demonstrate genuine, day-to-day operational presence in the Member State.

Generic IT Security Frameworks

Regulators can tell within minutes whether your IT security documentation reflects your actual architecture or was downloaded from the internet. One common pattern we see: applicants submit a penetration test report from an unrelated system, or list security controls that do not match their cloud infrastructure. NCAs expect company-specific ICT risk policies, independent pen test results for your systems, and alignment with DORA — not a renamed template.

Copy-Pasted AML Policies

NCAs can immediately identify AML frameworks copied from other jurisdictions or generic templates — the wrong FIU name, references to legislation that does not apply, or risk assessments that describe a business model different from yours. One applicant we helped rescue had submitted a policy referencing Estonian AML law while applying in Lithuania. Your risk assessment must address the specific risks of your service type, and your transaction monitoring rules must be calibrated to your expected volumes and client profile.

Unclear Governance Structure

Overlap between control functions is a red flag regulators catch quickly. If your compliance officer also serves as CFO, or your risk function reports to the same person who runs the business line, the NCA will push back. The management body must also collectively demonstrate competence across all proposed services — a team of software engineers with no financial services background will not pass the fit-and-proper assessment.

Unrealistic Financial Projections

NCAs scrutinize three-year projections specifically for MiCA-related details: how own-funds requirements scale as transaction volumes grow, whether the 25% overhead rule is modeled correctly, and whether revenue projections per crypto-asset service type are defensible. Overly optimistic forecasts, capital buffers that barely meet the minimum, and the absence of stress testing are consistent triggers for additional Q&A rounds — or outright rejection.

Missing or Incomplete Documentation

Incomplete UBO disclosures, outdated CVs, unsigned policies, or forms with blank fields signal a lack of professionalism and restart the completeness clock. We have seen applications delayed by two months because a single director’s criminal record certificate was from the wrong country. Every document must be complete, current, and properly executed before submission.

We Review Every Application Against All Known Rejection Criteria

Before we submit your dossier to the NCA, we audit it against every pitfall listed above — so you discover problems from us, not from the regulator.

Why Choose Fintech Simple

Navigating MiCA licensing requires more than legal knowledge — it demands hands-on regulatory experience, proven documentation frameworks, and deep familiarity with the NCAs you will be working with.

500+ License Approvals Since 2016

Our team has successfully completed over 500 CASP and VASP license approvals across EU jurisdictions. This is not theoretical expertise — it is built on years of real applications, real regulator interactions, and real approvals.

Pre-Built Legal Frameworks

We have developed a comprehensive ecosystem of legal templates and procedures specifically aligned with MiCA requirements. Instead of building from scratch, we adapt our proven frameworks to your business model, reducing preparation time by up to 50%.

Direct Regulator Experience

We have worked directly with NCAs including the Bank of Lithuania, KNF (Poland), CNB (Czech Republic), FSA (Estonia), and others. We understand how each regulator operates, what they prioritize, and how to structure your application for the fastest possible approval.

End-to-End Service

From initial jurisdiction analysis through company incorporation, documentation preparation, application filing, regulator Q&A management, and post-approval compliance — we handle the entire process with a single point of contact.

Competitive Pricing with Transparency

We provide clear, upfront pricing with no hidden fees. We deliver a detailed quote within 48 hours of your initial consultation.

In-House EU Regulatory Lawyers

Our team consists of dedicated EU regulatory lawyers who work in-house, ensuring faster turnaround, better quality control, and consistent expertise across every stage of your project.

Issuing Crypto-Assets Under MiCA: EMTs, ARTs and Utility Tokens

MiCA does not only regulate crypto-asset service providers. If your business plans to issue crypto-assets — whether stablecoins, asset-referenced tokens, or utility tokens — Titles II, III, and IV of MiCA set out separate authorization and disclosure requirements that apply to issuers. This section consolidates the key rules for token issuers in one place.

CASP vs. Issuer: If your company only provides services such as exchange, custody, or advisory (without issuing its own tokens), the issuer rules below do not apply to you — see the CASP sections above. If you both issue tokens and provide CASP services, both sets of requirements apply.

Three Classes of Crypto-Assets Under MiCA

MiCA categorizes crypto-assets into three distinct classes, each subject to its own regulatory requirements:

Asset class Key requirements
E-Money Tokens (EMTs)
Crypto-assets pegged to a single official currency, functioning like electronic money (e.g., EUR- or USD-backed stablecoins). Regulated under Title IV of MiCA.
  • Maintain reserves equal to 100% of tokens in circulation at all times
  • Holders must be able to redeem at par value on demand
  • Issuer must be authorized as a credit institution or e-money institution
  • Ongoing capital and liquidity requirements apply
Asset-Referenced Tokens (ARTs)
Tokens backed by a basket of assets, currencies, commodities, or other crypto-assets (e.g., multi-asset stablecoins). Regulated under Title III of MiCA.
  • NCA approval of crypto-asset white paper required before public offering
  • Reserve assets must be segregated and held by custodians
  • Minimum own funds of €350,000
  • Enhanced governance and conflict-of-interest policies
Other Crypto-Assets (Utility Tokens)
Utility tokens and any crypto-assets not qualifying as EMTs, ARTs, or MiFID II financial instruments. Regulated under Title II of MiCA.
  • Publish a crypto-asset white paper and notify the NCA
  • No prior NCA approval needed — but NCA can intervene post-notification
  • Fair, clear, and not misleading marketing communications
  • Right of withdrawal for retail buyers within 14 days

Note: Algorithmic stablecoins without actual reserves may fall outside the ART definition, limiting their ability to be publicly offered in the EU. Always verify classification against the full MiCA text and EBA/ESMA guidance.

Capital Requirements for Token Issuers

ART issuers (stablecoin projects under Title III) face a minimum own-funds floor of €350,000 — more than double the highest CASP tier. This capital must be maintained at all times and is separate from any CASP capital obligations. If your business involves both CASP services and stablecoin issuance, both sets of requirements apply in parallel.

EMT issuers must be authorized as a credit institution or electronic money institution under Directive 2009/110/EC. This means meeting the EMI/bank capital requirements, which are substantially higher than the ART floor. For more details, see our EMI license page.

Utility token issuers do not face a specific capital requirement under MiCA, but must comply with whitepaper publication, marketing, and right-of-withdrawal obligations.

Whitepaper and Disclosure Obligations

Every crypto-asset issuer offering tokens to the public or seeking admission to a trading platform must publish a crypto-asset whitepaper. The whitepaper must include a detailed description of the project, the rights and obligations attached to the crypto-asset, the underlying technology, and the risks involved.

  • ARTs (Title III): Whitepaper must be approved by the NCA before publication. The issuer cannot begin the public offering until approval is granted.
  • Utility tokens (Title II): Whitepaper must be notified to the NCA at least 20 working days before publication. No prior approval is required, but the NCA may intervene post-notification.
  • EMTs (Title IV): Whitepaper requirements similar to ARTs, with additional disclosures specific to e-money characteristics.

For details on whitepaper content requirements, see MiCA Articles 6, 17, and 51.

Planning to Issue a Token in the EU?

Our team can help you classify your crypto-asset, prepare the required whitepaper, and navigate the NCA authorization process.

Frequently Asked Questions

What is MiCA and when did it come into effect?

MiCA (Markets in Crypto-Assets Regulation) is EU Regulation 2023/1114, establishing a unified framework for crypto-asset services and issuance across the European Union. Adopted in May 2023, rules for stablecoin issuers (ART/EMT) applied from June 30, 2024, while CASP provisions took effect on December 30, 2024.

What is a CASP under MiCA?

A Crypto-Asset Service Provider (CASP) is any legal entity that professionally provides one or more crypto-asset services listed in MiCA Annex I. These services include custody, exchange, trading platform operation, order execution, portfolio management, advice, and transfer services. All CASPs serving EU clients must obtain authorization from a national competent authority.

Does MiCA apply to my company if it is based outside the EU?

Yes, if your company actively targets or markets to EU-based customers — through EU-language websites, fiat on-ramps for EU currencies, or targeted advertising — MiCA likely applies. Non-EU companies must establish an EU entity and obtain CASP authorization to serve EU clients lawfully.

How much capital do I need for a MiCA license?

MiCA sets three minimum capital thresholds: €50,000 for services like advisory, order execution, and portfolio management; €125,000 for custody and exchange services; and €150,000 for trading platform operators. These are minimum own funds that must be maintained at all times.

How much does it cost to get a MiCA license?

Total first-year costs typically range from €200,000 to €475,000 depending on the scope of services and jurisdiction. This includes regulatory capital, legal fees (€15,000–60,000), incorporation costs, staff, office, IT infrastructure, and NCA application fees. Ongoing annual costs run €80,000–200,000.

Are there ongoing costs after getting the license?

Yes. Licensed CASPs must maintain regulatory capital, employ qualified compliance staff (MLRO), pay for office space, submit regular reports to the NCA, conduct annual AML audits, and maintain IT security infrastructure. Annual ongoing costs typically range from €80,000 to €200,000.

How long does it take to get a MiCA license?

The typical timeline is 6 to 9 months from project start to license approval. Simple cases with complete documentation can be resolved in as little as 4 months, while complex applications may take 12 months or more.

What is the fastest way to get a MiCA license?

Choose a jurisdiction with an efficient NCA (such as Lithuania or Czech Republic), use pre-built policy frameworks, engage early with the regulator through pre-application meetings, and ensure all documentation is complete before submission. Working with experienced advisors can save 2–3 months.

Which EU country is best for a MiCA license?

Lithuania is the most popular choice for crypto startups due to its English-speaking regulator, competitive costs, and efficient processing times. Czech Republic and Poland offer good value. France and Luxembourg are preferred by larger institutions. The best choice depends on your business model, budget, and substance capabilities.

Can I operate across all EU countries with one license?

Yes, this is one of MiCA's greatest advantages. A CASP authorized in any EU Member State can provide services across all 27 EU countries through a passporting mechanism. You simply notify your home NCA, eliminating the need for separate licenses in each country.

Do I need a physical office in the EU?

Yes. MiCA requires CASPs to have their registered office in an EU Member State and to maintain effective management and substance in that jurisdiction. A virtual office or mailbox address is not sufficient.

Do I need EU-resident directors?

While MiCA does not explicitly mandate EU-resident directors, most NCAs require at least one member of the management body to be resident in the licensing jurisdiction. Having local directors with relevant experience significantly strengthens your application.

What AML policies do I need?

CASPs must implement a comprehensive AML/CFT framework including KYC procedures, ongoing transaction monitoring, sanctions screening, suspicious activity reporting, employee training, and risk assessment methodologies. Policies must be tailored to your specific business model — generic templates are routinely rejected.

What IT security requirements does MiCA impose?

CASPs must implement ICT risk management frameworks covering cybersecurity policies, access control, encryption, vulnerability management, incident detection and response, and regular penetration testing. Business continuity and disaster recovery plans are mandatory.

What documents do I need for a MiCA application?

A complete application typically includes constitutional documents, UBO disclosure, a detailed business plan with 3-year financial projections, all compliance policies (AML, KYC, IT security, BCP/DRP, market abuse, complaints, outsourcing), governance documentation, key personnel CVs, IT architecture documentation, and capital adequacy calculations.

What happens during the NCA assessment?

The NCA first conducts a completeness check (2–4 weeks), then proceeds to a substantive assessment (3–6 months). During the substantive phase, the regulator reviews governance, financial soundness, compliance framework, IT security, and business model. Expect multiple rounds of questions and potentially interviews with key personnel.

What are common reasons applications get rejected?

The most common rejection reasons include insufficient local substance, generic AML policies not tailored to the business, weak IT security frameworks, unclear governance with overlapping responsibilities, unrealistic financial projections, and incomplete documentation.

Does MiCA cover DeFi protocols and NFTs?

MiCA does not directly regulate truly decentralized protocols where no identifiable service provider exists. However, if a DeFi protocol has an identifiable entity providing services, MiCA may apply. Non-fungible tokens are generally excluded unless they exhibit characteristics of regulated crypto-assets (fungibility, fractionalization, or use as payment instruments).

Do I need a whitepaper for my token under MiCA?

If you are issuing crypto-assets and offering them to the public or seeking admission to trading, you must publish a whitepaper under MiCA Title II. For ART issuers, the whitepaper must be approved by the competent authority before publication. CASP-only businesses that do not issue tokens are not required to publish a whitepaper.

How does MiCA relate to the Travel Rule (TFR)?

The Transfer of Funds Regulation (TFR), Regulation (EU) 2023/1113, complements MiCA by requiring CASPs to collect and transmit originator and beneficiary information for crypto-asset transfers. TFR applies from December 30, 2024. CASPs must ensure their systems can capture, verify, and transmit this data for every transaction.

Your Privacy

By clicking "Accept", you consent to the use of cookies and similar technologies on your device to improve site navigation, analyze usage, provide specific functionalities, and support our marketing initiatives. Cookies that are strictly necessary will always be active with this link.