Crypto License Crypto Europe Guide MiCA

Can You Operate Crypto Services in the EU Without a CASP License?

As the MiCA transitional window closes in 2026, crypto entrepreneurs must distinguish between regulated services and those falling outside the mandatory licensing perimeter. Understanding these specific exemptions is essential for maintaining operational agility and avoiding the heavy compliance burden of a full Crypto-Asset Service Provider (CASP) authorization.

Can You Operate Crypto Services in the EU Without a CASP License? image
Feb, 12 2026 8 minutes

The implementation of the Markets in Crypto-Assets (MiCA) regulation marks a paradigm shift for digital businesses across the European Economic Area. While the regulation introduces comprehensive licensing requirements for Crypto-Asset Service Providers (CASPs), it also delineates specific operational boundaries.

For entrepreneurs in high-risk verticals, particularly in the iGaming and gambling sectors, understanding these boundaries is more valuable than understanding the license itself.

Not every business interacting with cryptocurrency requires a full CASP authorisation. The regulation is designed to capture entities acting as financial intermediaries, not necessarily those utilising blockchain technology as a utility layer for other commercial activities.

By carefully structuring technical architecture and funds flow, operators can function legally within the EU without triggering the heavy prudential and organisational requirements mandated by Article 59 of the regulation.

Understanding CASP: why it matters for crypto entrepreneurs

To understand how to operate outside the scope of the regulation, one must first understand the trigger points for licensing. Under Article 3 of MiCA, a Crypto-Asset Service Provider is defined as a legal person or undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis.

The phrase “on a professional basis” is the critical threshold. It implies a commercial activity carried out as a regular occupation or business. If your business model involves facilitating third-party transactions, holding customer funds, or exchanging assets for profit, you likely fall within the scope.

The implications of falling within this definition are severe. Article 59 strictly prohibits the provision of crypto-asset services within the Union unless the entity is a duly authorised legal person with a registered office in a Member State. Obtaining this authorisation requires:

  • meeting minimum capital requirements ranging from €50,000 to €150,000, depending on the service;
  • establishing a place of effective management in the EU with at least one resident director;
  • implementing robust governance, AML/CFT controls, and ICT security systems compliant with Regulation (EU) 2022/2554 (DORA).

For many startups, gaming companies, and e-commerce platforms, these requirements are commercially prohibitive. Therefore, the strategic imperative is to design business models that utilise crypto-assets as a tool rather than offering them as a service.

Also read: Requirements for Publishing a Crypto White Paper Under MiCA

List of crypto activities that do not require a CASP license

The regulation allows for specific operational models that leverage crypto-assets without crossing the regulatory perimeter. These exemptions generally rely on the principle of “non-intermediation” or the specific classification of the token being used.

1. Utilising third-party payment gateways

The most effective method to accept cryptocurrency without becoming a CASP is to outsource the regulated activity entirely. MiCA regulates the entity performing the service, not the merchant receiving the settlement.

If an iGaming operator integrates a licensed third-party payment gateway, the gateway acts as the regulated CASP. The gateway performs the “exchange of crypto-assets for funds” and the “custody and administration of crypto-assets”. The operator, in this scenario, is simply the client of the CASP.

The regulation supports this distinction by defining the scope of authorisation. Authorisation is required for those whose “business is the provision” of the service. When a merchant receives fiat currency that was originally sent as crypto by a user, the merchant has not provided a crypto-asset service; they have merely received payment. The conversion and custody liability sit with the gateway.

However, strict adherence to this model is required. To remain exempt, the operator must never:

  • possess the private keys to the wallet where customer funds are initially deposited;
  • perform the conversion from crypto to fiat on their own proprietary books;
  • facilitate the transmission of crypto-assets between users (peer-to-peer transfers) on their platform.

2. Operating with closed-loop utility tokens

MiCA provides a robust exemption for tokens that function within a “limited network.” This is particularly relevant for social casinos, loot box mechanics, and loyalty programs.

Article 4 states that Title II (requirements for white papers and marketing) does not apply to offers of crypto-assets where the holder has the right to use them only in exchange for goods and services in a limited network of merchants with contractual arrangements with the offeror.

Furthermore, Recital 17 clarifies that digital assets accepted only by the issuer and which are technically impossible to transfer directly to other holders do not fall within the definition of crypto-assets under the regulation.

For an iGaming operator, this allows for the creation of a “closed-loop” economy. If a platform issues a utility token that:

  • can only be used to play games on that specific platform;
  • cannot be transferred to external wallets or secondary markets;
  • cannot be exchanged back for fiat currency or other crypto-assets on the platform;

Then the issuance and operation of this token generally fall outside the scope of MiCA. It is treated similarly to a loyalty scheme.

It is important to note the threshold for this exemption. If the total consideration of the offer exceeds EUR 1,000,000 over 12 months, the offeror must send a notification to the competent authority explaining why the exemption still applies. The authority retains the right to reject this classification if it believes the “limited network” is becoming too broad.

3. Non-custodial wallet integration

The definition of “custody and administration” in Article 3 is precise. It means the safekeeping or controlling, on behalf of clients, of crypto-assets or of the means of access to such crypto-assets, where applicable, in the form of private cryptographic keys.

Conversely, Recital 83 explicitly states that hardware or software providers of non-custodial wallets should not fall within the scope of this Regulation. This offers a significant technological exemption for “Web3” gambling operators.

If an operator builds a decentralised application (dApp) where the user connects their own self-hosted wallet (like MetaMask or Ledger), the operator never takes custody. The funds move directly from the user’s wallet to a smart contract and back. Because the operator never holds the “means of access” (the private keys), they are not a custodian under MiCA.

This exemption hinges on the concept of “control.” If the operator can freeze funds, initiate transfers without a user signature, or recover lost accounts, they likely hold custody and require a license. If the architecture is purely non-custodial, the activity is a software service, not a financial service.

Related reading: Malta VASP vs. Malta CASP – A Guide to Transitioning from VFA to MiCA

The risks of operating without a license: when you must comply

Attempting to skirt the edges of these exemptions carries significant risk. European regulators are empowered with broad supervisory tools to detect and penalise disguised CASPs.

The “professional basis” trap

The definition of a CASP includes any person providing services on a “professional basis”. This is a low threshold. If an iGaming site runs a “peer-to-peer” marketplace for skins or tokens but charges a fee for each transaction, they are operating a trading platform or providing reception and transmission of orders.

Even if this is a secondary feature of the gambling site, it triggers the requirement for full authorisation.

Penalties for non-compliance

Operating without a license is not a minor administrative infraction; it is a severe breach of Union law. Article 59 strictly prohibits providing services without authorisation.

If a competent authority determines that a gambling operator is acting as a CASP without a license, they have the power to:

  • order the immediate cessation of the activity;
  • impose administrative fines of at least EUR 5,000,000 or 3% of total annual turnover for legal persons;
  • issue a public statement naming the entity responsible for the infringement;
  • restrict access to the online interface (website blocking) to protect consumers.

Furthermore, ESMA maintains a register of non-compliant entities providing crypto-asset services. Being placed on this blacklist effectively severs an operator’s access to banking and payment processing within the EU, as traditional financial institutions will refuse to onboard high-risk, non-compliant entities.

How LegalBison helps crypto entrepreneurs navigate MiCA

The distinction between a “software provider” and a “financial intermediary” is often a matter of technical nuance and legal structuring. At LegalBison, we specialise in defining this perimeter to ensure your business remains compliant while maximising operational efficiency.

Our team assists crypto entrepreneurs by providing:

  • Regulatory Classification Opinions: We analyse your flow of funds and technical architecture to issue a formal legal opinion on whether your specific business model triggers a CASP requirement under Article 59;
  • Exemption Structuring: We guide the development of closed-loop token economies to ensure they meet the “limited network” criteria set out in Article 4 and Recital 17;
  • Third-Party Integration Vetting: We review commercial agreements with payment gateways and custodians to ensure the transfer of liability is legally robust and that your platform retains no residual custodial obligations;
  • Notification Filings: For limited network tokens exceeding the EUR 1,000,000 threshold, we handle the mandatory notifications to competent authorities required by Article 4, drafting the necessary justification for the exemption;
  • Corporate Structuring: We help establish entities in favourable jurisdictions that separate software development from operational liability, ensuring a clean regulatory profile.

Navigating MiCA does not always mean obtaining a costly license; often, it means intelligent design. By understanding the exemptions provided within the regulation, entrepreneurs can continue to innovate with crypto-assets while remaining compliant with European law.

Share this article on