Crypto License in Greece: MiCA CASP Authorisation Guide 2026

Under Regulation (EU) 2023/1114 (MiCA), ten categories of crypto-asset services require CASP authorisation from the HCMC. If your business provides any of the following services in or from Greece, you must hold a valid authorisation before commencing operations:

• Custody and administration of crypto-assets — safeguarding clients’ crypto-assets or private keys on their behalf, including holding, storing, and transferring those assets.
• Operation of a trading platform — managing a multilateral system that brings together buying and selling interests in crypto-assets, resulting in contracts.
• Exchange of crypto-assets for funds — concluding purchase or sale contracts for crypto-assets against fiat currency (e.g. EUR, USD) using the firm’s own capital.
• Exchange of crypto-assets for other crypto-assets — concluding purchase or sale contracts for crypto-assets against other crypto-assets using the firm’s own capital.
• Execution of orders for crypto-assets — concluding agreements to buy or sell crypto-assets on behalf of clients, including arranging settlement.
• Placing of crypto-assets — marketing newly issued crypto-assets to buyers on behalf of the offeror or issuer, with or without a firm commitment to purchase.
• Reception and transmission of orders — receiving a client’s order to buy or sell crypto-assets and transmitting it to a third party for execution.
• Providing advice on crypto-assets — offering personalised recommendations to a client on crypto-asset transactions based on the client’s individual circumstances.
• Providing portfolio management of crypto-assets — managing portfolios of crypto-assets on a discretionary, client-by-client basis.
• Providing transfer services for crypto-assets — transferring crypto-assets on behalf of a client from one distributed ledger address to another.

All authorised CASPs are entered on the ESMA Register of CASPs, which serves as the EU-wide public record. Regulators, banks, and institutional counterparties routinely check this register as part of their own due diligence. A Greek CASP authorisation, once entered on the ESMA register, enables EU-wide passporting under MiCA’s Freedom of Services framework.

MiCA does not cover every crypto-related activity. The following services fall outside the regulation’s current scope and do not require CASP authorisation from the HCMC:

• Crypto lending and borrowing — providing or facilitating collateralised or uncollateralised crypto loans is not classified as a crypto-asset service under MiCA. There is no specific CASP authorisation requirement for peer-to-peer or institutional crypto lending platforms in Greece.
• Staking services — operating staking pools, offering delegated staking, or running validator infrastructure for proof-of-stake networks is not listed among the ten CASP service categories. MiCA does not regulate staking as a standalone service.
• Decentralised Finance (DeFi) — fully decentralised protocols with no identifiable service provider fall outside MiCA’s scope. However, the European Commission is required to assess DeFi regulation by 30 December 2027 under MiCA Article 142, and future legislation may bring certain DeFi activities into scope.
• NFT platforms — unique, non-fungible tokens are generally excluded from MiCA’s definition of crypto-assets. However, NFTs issued in large series or collections may be reclassified as fungible crypto-assets, bringing them within scope. Each platform requires individual assessment.

Greece offers a combination of low regulatory costs, full EU market access, and an active fintech support structure. Each advantage below translates directly into cost or speed for your business:

• Low registration fees — HCMC administrative fees are included in both of our service packages (€6,500 notification path or €18,500 full licence). Compared to €5,000–€17,000 in Lithuania depending on activity scope, Greece keeps upfront regulatory costs manageable when you are still building a client base.
• EU passporting under MiCA — A Greek MiCA authorisation lets you serve clients across all 27 EU member states without a separate licence in each jurisdiction. One approval, one regulatory relationship, one annual compliance cycle.
• 22% corporate tax — Greece’s headline corporate tax rate is competitive within the eurozone, sitting close to the European average of roughly 21.6%. Cyprus is lower at 12.5%, but Cyprus carries reputational risk with some institutional banking partners. Greece does not.
• BoG Innovation Hub — The Bank of Greece Innovation Hub provides a formal channel for pre-application dialogue. You can clarify your business model with the regulator before filing, reducing the risk of a revise-and-resubmit cycle.
• Growing fintech talent pool — Athens has seen fintech startup activity accelerate since 2021, supported by EU structural funds and local accelerator programmes. Hiring compliance officers, AML analysts, and tech staff is increasingly feasible without relocating your entire team from another country.
• Lean substance requirements — The HCMC requires genuine local substance, but does not impose the same headcount thresholds that some regulators (notably the Central Bank of Ireland) apply. A lean operation with a qualified local director and a compliance function can satisfy the test.

No jurisdiction is without friction. Greece has three structural issues you should factor into your planning before committing.

• Nascent licensing ecosystem — The HCMC only began processing MiCA CASP applications in earnest from mid-2025 following HCMC Decision 8/1059/30.07.2025. Regulatory precedent is thin, processing timelines are not yet battle-tested at scale, and the pool of Greek lawyers with deep MiCA practice experience is smaller than in Lithuania or Germany. Expect more back-and-forth with the regulator during the authorisation phase than you would in a mature jurisdiction.
• Limited banking options for crypto businesses — Greek domestic banks — Piraeus, Alpha, Eurobank — remain cautious about onboarding crypto CASPs. You will likely need to open a business account with an EMI (Electronic Money Institution) or an international neobank as your primary operating account, and maintain Greek banking as a secondary relationship if at all. This is a workflow inconvenience, not a legal barrier, but it adds setup time.
• Greek-language regulatory correspondence — The HCMC communicates in Greek. You will need a local legal representative capable of handling Greek-language filings and correspondence — not just translation, but substantive regulatory dialogue.

All three jurisdictions below grant MiCA authorisation, meaning the end result — an EU passport to serve clients across the bloc — is identical. The differences are in cost, speed, and the maturity of the regulatory environment. Greece wins on price; Lithuania wins on speed and ecosystem depth; Czech Republic sits in between.

Lithuania’s 15% corporate tax looks attractive on paper, but the minimum capital requirement of €125,000 for a full CASP licence ties up working capital that early-stage operators typically need for operations. Greece’s MiCA capital requirements (€50,000–€150,000 depending on service class) are set at the EU-wide floor, and the 22% corporate tax rate remains competitive against the eurozone average. Once MiCA application volume through the HCMC increases and processing times stabilise, Greece is likely to become more competitive on speed as well.

The table below maps each law to its year and scope. The two AML laws (4557/2018 and 4734/2020) are the immediate hurdles for most applicants; Law 5193/2025 is the statute that formally designates the HCMC as Greece’s MiCA competent authority and sets the domestic CASP authorisation procedure.

Three distinct authorities share oversight of crypto businesses in Greece. Their roles do not overlap — each covers a defined perimeter. A common error in competitor guides is referring to the “NBG” (National Bank of Greece) as a regulator: NBG is a commercial bank, not a supervisory authority. The relevant central bank body is the Bank of Greece (BoG), which is the country’s central bank and a separate institution.

In practice, obtaining MiCA CASP authorisation in Greece primarily means satisfying the HCMC. You will submit your application, AML programme, and director documentation to the HCMC. If your business also processes payments, expect parallel engagement with BoG. Ongoing AML compliance involves the FIU through your STR reporting obligations.

MiCA (Regulation EU 2023/1114) became fully applicable on 30 December 2024. As an EU member state, Greece is bound directly — no further transposition law is needed for MiCA itself to apply. Law 5193/2025 designates the HCMC as Greece’s competent authority for CASP authorisation, and HCMC Decision 8/1059/30.07.2025 establishes the domestic application procedure. Greece chose a 12-month grandfathering period (not the EU maximum of 18 months), which expired on 31 December 2025. All crypto-asset service providers must now hold full MiCA CASP authorisation to operate.

A Greek MiCA CASP authorisation gives access to all 27 EU member states via the standard Freedom of Services notification procedure, without separate national registrations in each country. MiCA also introduces explicit minimum own-funds requirements (€50,000 to €150,000 depending on service class) that were absent from the previous Greek VASP regime under Law 4734/2020. The HCMC’s review clock for CASP authorisation is 25 working days for the completeness check, followed by 40 working days for the substantive assessment under MiCA Article 63.

Under Law 5193/2025, you can obtain CASP authorisation in Greece through one of two structural routes:

• Greek Société Anonyme (AE/SA) — a public limited company incorporated and domiciled in Greece. This is the mandatory legal form for MiCA CASP authorisation under Law 5193/2025. No other Greek corporate form (IKE, OE, EE) is accepted. The company must have a registered office in Greece and at least one director with verifiable operational responsibility.
• EU/EEA branch or subsidiary — an established EU or EEA company that opens a registered branch or subsidiary in Greece with genuine local presence. The branch must have an autonomous operational presence and at least one senior manager physically based in Greece; the HCMC will not accept a mailbox arrangement.

Third-country (non-EU) entities are not eligible to register directly. If your company is incorporated outside the EU/EEA, you must first establish a Greek SA or a qualifying EU holding structure.

The registered office must be located in Greece and function as the actual place of management. A virtual office address alone does not satisfy this requirement. The company objects must explicitly include the provision of crypto-asset services as defined under MiCA (Regulation EU 2023/1114).

Every director, senior manager, and shareholder holding ≥10% of shares or voting rights must pass a fit-and-proper assessment. The HCMC evaluates three dimensions:

• Honesty and integrity — no criminal convictions for fraud, money laundering, terrorist financing, market abuse, or related financial crime in any jurisdiction. Convictions more than 10 years old for minor offences may be disregarded, but full disclosure is mandatory.
• Professional competence — at least one senior manager must hold verifiable experience in financial services, compliance, or crypto-asset operations. A minimum of 3 years in a comparable regulated role is the practical benchmark the HCMC applies.
• Financial soundness — directors and significant shareholders must not be subject to active insolvency proceedings and must not have been disqualified from holding a directorship or controlling a regulated entity in any EEA state.

The HCMC also assesses reputation at the entity level: a company that has had a VASP, CASP, or payment-institution authorisation revoked in another jurisdiction will face heightened scrutiny and may be refused authorisation.

Beneficial owners (ultimate natural persons behind corporate shareholders) are subject to the same fit-and-proper review as direct shareholders. Opaque or multi-layered ownership structures that obscure beneficial ownership are a common ground for rejection.

Submit all documents in Greek or accompanied by a certified Greek translation. The HCMC expects a complete file at submission under HCMC Decision 8/1059/30.07.2025 — requests for material documents after lodgement extend the review period significantly.

• Certificate of incorporation & articles of association — current certified copy showing the company name, registered address, share capital, and corporate objects.
• Register of shareholders — full ownership chain down to the ultimate beneficial owners (UBOs), with percentage stakes and voting rights at each level.
• UBO declaration — signed statutory declaration by each natural person owning or controlling ≥25% directly or indirectly (per Law 4557/2018), confirming accuracy of beneficial-ownership data.
• CVs of directors and senior managers — including employment history for the past 10 years, professional qualifications, and relevant regulated-industry experience.
• Criminal record certificates — issued within the past 3 months by the competent authority of every country of residence or nationality for each director, senior manager, and UBO. Greek criminal record extract plus apostilled equivalents for foreign nationals.
• Fit-and-proper declarations — signed declarations by each director and senior manager confirming absence of disqualification, insolvency, or regulatory sanction in any jurisdiction.
• Business plan — minimum 3-year plan covering the CASP services to be provided, target markets, projected transaction volumes, revenue model, and organisational chart.
• AML/CFT policy & procedures manual — complete written AML programme including risk appetite statement, CDD/EDD procedures, transaction monitoring, and STR escalation.
• Appointment of AMLCO — written appointment of a dedicated Anti-Money Laundering Compliance Officer (AMLCO), with CV demonstrating relevant AML expertise; the AMLCO must be based in Greece.
• IT system and cybersecurity description — technical overview of the wallet/exchange infrastructure, custody arrangements, access controls, and incident-response plan per HCMC Decision 8/1059.
• Third-party custody or safeguarding arrangements — if client crypto-assets are held with a third-party custodian, the relevant agreement and due diligence must be included.
• Proof of registered office — lease agreement or property ownership document confirming the physical address of the Greek registered office.
• Financial statements or opening balance sheet — audited accounts for the past 2 years (existing entities) or an auditor-certified opening balance sheet (newly incorporated entities).
• Evidence of paid-in capital — bank statement or auditor certificate confirming that the required minimum own funds under MiCA Annex IV have been paid in full.
• Professional indemnity or financial guarantee — where the HCMC requires evidence of financial guarantee, an insurance certificate or bank guarantee letter must be provided.
• Internal audit framework — description of internal controls, segregation of duties, and (for larger operations) an internal audit function or outsourced equivalent.
• GDPR and data protection policy — summary of how the entity processes and protects client personal data in line with Regulation (EU) 2016/679.

Greece implements the EU’s Anti-Money Laundering Directives and MiCA’s conduct-of-business rules via Law 4557/2018 (as amended by Law 4734/2020). Your AML/KYC programme must be written, board-approved, and proportionate to the money-laundering and terrorist-financing risks you face. The HCMC scrutinises five core elements: a documented risk assessment reviewed at least annually, customer due diligence (CDD) and enhanced due diligence (EDD) procedures for all clients at onboarding, automated or manual transaction monitoring with defined thresholds and red-flag indicators specific to crypto-assets, a clear internal escalation path for Suspicious Transaction Reports (STRs) filed with the Hellenic Financial Intelligence Unit, and record retention for a minimum of 5 years.

The AMLCO must have direct access to the board and must submit an annual compliance report. If your CASP operates a hosted wallet or exchange, your transaction monitoring tool must be capable of blockchain analytics — the HCMC expects you to identify transfers from or to high-risk addresses and to flag unhosted wallet counterparts above applicable thresholds in line with the EU Transfer of Funds Regulation (Regulation 2023/1113).

Greece operates under the EU’s Markets in Crypto-Assets Regulation (MiCA), which came into full effect for CASPs (Crypto-Asset Service Providers) in December 2024. The HCMC is the competent authority responsible for authorisation. Two mandatory payments apply directly to the regulator:

• Application fee — €1,500, payable when you submit your authorisation dossier. This covers the HCMC’s review of your legal documents, business plan, AML framework, and fit-and-proper assessments. The fee is non-refundable whether your application is approved or refused.
• Annual supervisory fee — €1,000 per year, due each January following authorisation. This covers the HCMC’s ongoing oversight obligations under MiCA Article 82.

These are the lowest direct regulatory fees among EU member states that have published their MiCA fee schedules. By comparison, Malta charges €3,000–€5,000 for comparable VASP applications, and Germany’s BaFin schedule starts at €10,750.

Both fees are included in Fintech Simple’s service packages (€6,500 notification path and €18,500 full licence path), so you do not need to budget for them separately when engaging our team.

To apply for a crypto license in Greece you must first incorporate a Greek legal entity — a Société Anonyme (AE/SA) is the mandatory corporate form under Law 5193/2025. The one-time formation costs depend on your chosen structure and whether you use a local law firm or a specialist licensing provider.

• Notary and registration fees — €800–€1,500, covering notarial deed preparation, General Commercial Registry (GEMI) registration, and official gazette publication.
• Share capital deposit — MiCA sets minimum own funds requirements by service type: €50,000 for order execution and portfolio management; €125,000 for operation of a trading platform; €150,000 for custody and administration. Capital must be deposited in a Greek bank account and evidenced at the time of application.
• Local director / management requirements — Greece does not mandate a resident director as a formal rule, but HCMC expects the management body to exercise genuine control from Greece. If you need to appoint a local senior manager, that cost is typically €12,000–€24,000 annually (reflected in the ongoing costs section below).

MiCA imposes continuous obligations on all authorised CASPs. Under Greek law, HCMC-authorised entities must maintain a permanent compliance function, an AML officer, and an internal audit function proportionate to the scale of operations. Plan for the following annual expenditure from year one:

• AML compliance officer (MLRO) — €18,000–€36,000 per year for a qualified local MLRO, or €6,000–€12,000 for an outsourced arrangement. Greek law requires the MLRO to be locally based and to report directly to senior management.
• Legal and regulatory advisory retainer — €6,000–€18,000 per year, covering regulatory correspondence, policy updates, and HCMC filing support as MiCA implementing measures evolve through 2025–2026.
• AML transaction monitoring software — €3,000–€12,000 per year depending on transaction volumes and vendor. Blockchain analytics tools (e.g., Chainalysis, Elliptic) are expected but not yet mandated by name under Greek national guidance.
• External audit — €4,000–€8,000 per year for a statutory audit, mandatory for Greek SAs and for all HCMC-regulated entities regardless of size.
• Virtual office / registered address — €1,200–€3,600 per year for a compliant Greek registered office with mail handling. HCMC requires a genuine local presence; a bare registered address is acceptable for smaller operations during the first licence period.

The table below consolidates every cost category. Year 1 totals include both one-time setup expenses and the first full year of ongoing costs. From year 2 onward, you pay only the recurring items. Ranges reflect the difference between a lean remote operation (lower bound) and a locally-staffed compliance setup (upper bound).

Share capital is a balance-sheet item — it is not spent, it is held. The figures above exclude it from the cost totals so you can compare operating cash outflows directly. If your intended services require the €150,000 capital threshold, you will need to fund that separately and maintain it throughout the licence period.

Greece operates a flat corporate tax rate alongside a progressive personal income tax scale. Crypto trading profits, staking income, and fees earned through a Greek CASP licence are taxed as ordinary business income at entity level. Distributions to individual shareholders are subject to dividend withholding tax on top of the personal rate if the shareholder is a Greek tax resident drawing salary or dividends from the company.

VAT treatment for crypto businesses in Greece follows the CJEU Hedqvist ruling (Case C-264/14), which established that exchange of conventional currency into Bitcoin — and by extension, crypto-to-fiat and crypto-to-crypto exchange services — are exempt from VAT as financial transactions under Article 135(1)(e) of the EU VAT Directive. Greece implemented this exemption through Greek VAT law (Law 2859/2000), meaning CASP exchange services are VAT-exempt without the right to deduct input VAT.

• Exchange services — Converting fiat to crypto, crypto to fiat, or one crypto asset to another: exempt from Greek VAT per the Hedqvist principle.
• Custody and wallet services — Generally treated as exempt financial services, though the exact scope depends on service contract structure.
• Consulting and advisory fees — Subject to standard Greek VAT at 24%. If the client is a VAT-registered business in another EU member state, reverse charge applies.
• Software licensing and SaaS fees — Taxable at 24% in Greece or subject to reverse charge where the B2B client is EU-registered outside Greece.
• NFT sales — Greek tax authorities treat NFT transactions as taxable supplies of digital services in most cases; 24% VAT applies unless a specific exemption can be justified.

Greece has signed over 55 double-tax treaties (DTTs), including agreements with the United Kingdom, United States, Germany, Cyprus, Malta, and the UAE. These treaties can reduce or eliminate withholding tax on dividends paid to non-resident shareholders, which is particularly relevant for holding structures.

• Holding structure — Routing equity through a Cyprus or EU holding company can reduce effective dividend withholding to 0% under the EU Parent-Subsidiary Directive, subject to substance and anti-avoidance rules (ATAD I & II).
• Transfer pricing — Greek entities transacting with related parties (e.g., a group treasury or IP holding company) must maintain transfer pricing documentation and comply with OECD arm’s-length standards. IAPR audits crypto businesses with cross-border intra-group flows.
• Crypto regulation Greece 2026 — MiCA alignment — From 30 December 2024, MiCA applies directly in Greece. HCMC-licensed entities operating under MiCA may benefit from EU passporting, which can affect where VAT on B2B services is accounted for.
• Loss carry-forward — Tax losses in Greece can be carried forward for 5 years. Crypto businesses in early stages with significant setup costs should track deductible losses carefully to offset future profits.
• Notional interest deduction (NID) — Greece does not currently operate an NID regime (unlike Cyprus or Belgium), so equity financing carries no automatic deduction benefit. Thin-capitalisation rules cap deductible interest at 30% of EBITDA (ATAD alignment).

Law 4557/2018 sets two hard thresholds that trigger mandatory CDD for crypto businesses:

• Transactions ≥ €15,000 — any single transaction or linked series at or above this value requires full CDD before execution, regardless of whether the customer is already onboarded.
• All crypto transfers — transfers of virtual assets require verification of both the originator and the beneficiary in line with the FATF Travel Rule, as incorporated into EU law via the Transfer of Funds Regulation (2023/1113).

CDD has three tiers. Standard CDD covers identity verification and beneficial ownership confirmation for all customers. Simplified CDD applies where statute explicitly permits lower risk, which is narrow for crypto. Enhanced Due Diligence (EDD) is mandatory for politically exposed persons (PEPs), high-risk third-country nationals, and any relationship flagged by your risk assessment. EDD requires senior management sign-off before the relationship proceeds.

Your onboarding procedures must document which tier applies and why. The HCMC expects policies to define trigger conditions precisely — phrases like “when appropriate” are not acceptable.

Every customer record and transaction document must be retained for 5 years from the date of the transaction or the end of the business relationship, whichever is later. This applies to:

• Identity documents — copies of passports, corporate registrations, and any verification outputs from your KYC provider.
• Transaction data — blockchain transaction IDs, wallet addresses, timestamps, amounts in both crypto and euro equivalent at the time of execution.
• CDD assessments — the rationale for tier classification, EDD sign-off records, and risk-scoring outputs.
• Correspondence — any written communication relevant to a suspicious activity review.

When your compliance team identifies a suspicious transaction, you must file a Suspicious Transaction Report (STR) with the Hellenic Financial Intelligence Unit (FIU). Reporting is mandatory — there is no minimum threshold. Tipping off the customer that an STR has been filed is a separate criminal offence under Greek law. STRs must be filed promptly; deliberate delay is treated as a violation.

Every CASP authorised in Greece must appoint a dedicated Compliance Officer. This is not a role that can be absorbed into another function or outsourced entirely to a third party — the officer must have genuine authority within the organisation and direct access to the board.

The Compliance Officer’s responsibilities under Law 4557/2018 include:

• Programme ownership — maintaining and updating the written AML/CFT programme, including customer risk assessment methodology and internal controls.
• STR filing — reviewing internal alerts and determining whether to file with the FIU, documented with clear reasoning either way.
• Staff training — ensuring all customer-facing and operations staff complete AML training annually and that records of completion are retained.
• Regulatory liaison — serving as the primary point of contact for HCMC and Bank of Greece AML supervisory requests and examinations.

The HCMC expects the Compliance Officer to hold relevant qualifications — typically a legal or financial background with demonstrated AML experience in regulated financial services. If your appointed officer does not meet this bar, the regulator may require a replacement before finalising your CASP authorisation.

The HCMC has broad sanctioning powers under MiCA and Law 4557/2018. Administrative sanctions for AML violations include licence suspension, public censure, and personal liability for senior managers. Financial penalties scale with the severity and duration of the breach.

Beyond financial penalties, the reputational consequences of a public sanction are severe in the EU context. Regulators across member states share enforcement information, and a Greek AML finding can affect your ability to obtain licences in other jurisdictions. Greek courts have treated unauthorised crypto operations as money laundering facilitation where AML failures are identified alongside the authorisation breach. Building a robust compliance framework before you apply is far less costly than remediation after the HCMC has opened an investigation.

The Greek VASP registry, administered by the HCMC under Law 4557/2018 (as amended), was an AML-focused registration. It screened beneficial owners and verified AML/CFT procedures, but it did not impose capital requirements, custody rules, or conduct-of-business obligations comparable to MiCA-level standards.

MiCA authorisation is a different instrument entirely. The HCMC now acts as a full prudential and conduct supervisor. Under MiCA, a CASP authorisation covers one or more of 10 defined crypto-asset services, including:

• Custody and administration
• Operating a trading platform
• Exchange services (crypto-to-fiat and crypto-to-crypto)
• Execution of orders
• Reception and transmission of orders
• Portfolio management
• Advice

Your CASP authorisation must enumerate the specific services you will provide. The authorisation is service-specific: holding authorisation for exchange does not permit you to offer portfolio management without a separate approval or an amendment to your authorisation.

Once authorised in Greece, MiCA grants your firm an EU passport. You can notify the HCMC to extend services into any other EU member state without a separate licence in each country.

MiCA Article 143 sets out the grandfathering rules. For Greece, the practical timeline is:

• 30 December 2024 — MiCA Title V (CASP rules) became applicable across the EU
• 1 July 2026 — end of Greece’s 18-month transitional period; all operating CASPs must hold valid MiCA authorisation
• Submit before 1 July 2026 — you must file a complete application with the HCMC; an incomplete submission does not preserve your right to operate

The HCMC can reject or revoke the transitional benefit if a registered VASP materially changes its business model, beneficial ownership, or service scope during the transition. Stay within the boundaries of your original VASP registration while your MiCA application is pending.

New entrants, firms that were not registered as VASPs in Greece before 30 December 2024, receive no transitional period. They must obtain full MiCA CASP authorisation before commencing any crypto-asset service.

A MiCA CASP application is substantively more demanding than the original VASP registration. The HCMC will assess the following areas, all of which require documented policies, procedures, and in some cases third-party verification:

• Minimum own funds — €50,000 for advice and RTO services; €125,000 for execution, exchange, and portfolio management; €150,000 for custody and operating a trading platform (exact thresholds depend on the services sought)
• Governance and fit-and-proper — management body members must meet experience, reputation, and time-commitment criteria; at least two independent directors for larger CASPs
• Organisational requirements — written internal controls, risk management framework, business continuity plan, and record-keeping for 5 years minimum
• Client asset protection — segregation of client crypto-assets from proprietary assets; regular reconciliation procedures
• Prudential safeguarding — liquid assets or insurance cover equal to the higher of minimum capital or one quarter of fixed overheads
• AML/CFT integration — MiCA does not replace AMLD obligations; Greek CASPs remain subject to Law 4557/2018 in parallel
• White paper disclosure — if you issue, offer, or seek admission of any crypto-asset to trading, a MiCA-compliant white paper is required (with defined liability for misleading content)

The HCMC has up to 25 working days to declare an application complete, then a further 40 working days to grant or refuse authorisation. The 40-day period may be suspended for up to 20 working days if the HCMC requests additional information. Build these timelines into your planning: a realistic preparation-to-decision window is 6–9 months from the date you begin gap analysis.

If you have not yet started your MiCA readiness review (gap analysis, policy drafting, capital structuring, and management body assessment), the 1 July 2026 deadline leaves roughly 3 months of working time. Enforcement applies from that date without a grace period.