Customized Legal Solutions for Acquiring CASP License

The CASP license framework established under the Markets in Crypto-Assets Regulation (MiCA) represents the unified EU-wide authorisation standard for Crypto-Asset Service Providers.

This framework replaces the previously fragmented national VASP registration regimes that governed market entry across individual Member States with a harmonised regulatory architecture applicable throughout the European Economic Area.

CASP License - What Is It and How to Obtain

A CASP licence constitutes the formal regulatory authorisation required under the Markets in Crypto-Assets Regulation (MiCA) for entities seeking to provide crypto-asset services within the European Union, representing a fundamental departure from the fragmented national Virtual Asset Service Provider (VASP) registration regimes that previously governed market entry on a Member State-by-Member State basis. Unlike the earlier VASP frameworks, which varied substantially in scope, procedural rigour, and supervisory intensity across jurisdictions, the MiCA license establishes a harmonised set of prudential and conduct requirements applicable uniformly throughout all 27 EU member states and the broader European Economic Area. The regulatory architecture mandates compliance with minimum capital requirements ranging from EUR 50,000 to EUR 150,000 depending on the classification of services provided, alongside comprehensive governance arrangements, client asset safeguarding obligations, and robust AML/CFT control frameworks as stipulated in Articles 59 through 71 of the Regulation. Critically, CASP authorisation confers passporting rights, enabling licence holders to provide services across the entire EU single market without requiring separate national registrations in each territory.

CASP License vs VASP Registration: Regulatory Distinction

The distinction between VASP and CASP frameworks reflects the fundamental shift from fragmented national oversight to unified European regulatory architecture under the Markets in Crypto-Assets Regulation (MiCA). National VASP registration regimes, which are still in the transition period in jurisdictions such as Poland and the Czech Republic, typically involve lighter-touch, usually risk-based AML/CFT-focused requirements administered by local Financial Intelligence Units, granting authorization limited exclusively to the territory of the issuing Member State. The CASP authorization framework established under MiCA, by contrast, imposes comprehensive prudential standards, governance requirements, and conduct obligations while conferring EU-wide passporting rights that permit cross-border service provision throughout all 27 member states without additional national registrations. LegalBison assists operators in navigating both transitional VASP regimes and full MiCA CASP authorisation pathways, providing regulatory strategy guidance tailored to each client’s market entry objectives.

Key distinctions include:

Territorial scope: VASP registration permits operations within the issuing jurisdiction; CASP authorisation enables single-market access across the entire EU/EEA
Regulatory intensity: VASP regimes focus primarily on AML/CFT compliance; CASP requirements encompass own funds, governance, client asset safeguarding, technical and conduct standards
Capital requirements: VASP thresholds vary nationally; CASP mandates EUR 50,000 to EUR 150,000 based on service classification

Transitional provisions: Under Article 143(3) of MiCA, existing VASP operators may continue providing services until 1 July 2026, subject to Member State discretion regarding grandfathering arrangements

Entities Subject to CASP License Obligations

Under Article 2(1) of MiCA, any entity providing crypto-asset services to third parties on a professional basis within the European Union falls within the regulatory perimeter and must obtain CASP authorisation, replacing the previous national VASP license requirements.

Entities requiring CASP authorisation:

Providing custody and administration of crypto-assets on behalf of clients
Operation of a trading platform for crypto-assets
Exchange of crypto-assets for funds
Execution of orders for crypto-assets on behalf of clients
Placing of crypto-assets
Reception and transmission of orders
Portfolio management of crypto-assets
Transfer services of crypto-assets

Entities outside the regulatory perimeter:

As per Article 2(2), this Regulation does not apply to:

Persons who provide crypto-asset services exclusively for their parent companies, for their own subsidiaries or for other subsidiaries of their parent companies
A liquidator or an administrator acting in the course of an insolvency procedure, except for the purposes of Article 47
The ECB, central banks of the Member States when acting in their capacity as monetary authorities, or other public authorities of the Member States
The European Investment Bank and its subsidiaries
The European Financial Stability Facility and the European Stability Mechanism
Public international organisations

MiCA Transition Timeline and Compliance Deadlines

The Markets in Crypto-Assets Regulation entered into force in June 2024, with the CASP authorisation regime becoming fully applicable on 30 December 2024. From this date onward, no EU Member State may issue new national VASP registrations, as all new market entrants must seek authorisation directly under the CASP framework.

Article 143 MiCA grants existing nationally registered VASPs a transitional period during which they may continue operating without CASP authorisation. However, this transitional phase does not have a uniform EU-wide end date. Instead, each Member State must set the precise duration in its national MiCA implementation law, meaning that the transition period may end earlier than 1 July 2026 or on 1 July 2026 at the latest.

This way, we clearly distinguish between (i) the non-binding “intent” timelines that some NCAs have communicated and (ii) the actual legally effective end of the transition period, which will only be determined by the national MiCA implementation in each Member State

CASP License Framework by EU Jurisdiction

The MiCA framework establishes harmonised authorisation requirements across all Member States, yet implementation remains delegated to National Competent Authorities (NCAs) whose processing timelines, supervisory fees, and procedural practices vary considerably between jurisdictions. Jurisdictional analysis therefore requires evaluation of multiple factors, including application processing speed, own funds thresholds, banking infrastructure accessibility, and the regulatory reputation of the authorising Member State within the broader financial services ecosystem.

Czech Republic

The Czech National Bank (CNB) serves as the designated National Competent Authority for CASP authorisation, with the jurisdiction offering comparatively lower capital thresholds and streamlined procedural requirements within the MiCA framework. Entities registered prior to 31 December 2024 qualify for an 18 months transitional period under Article 143 provisions.

Key characteristics:

Regulator: Czech National Bank (CNB)
Transitional period: Until 1 July 2026 for pre-registered entities
Capital requirements: 1 CZK for a Limited company + applicable capital requirements for the designated activity under the MiCA Regulation
Processing timeline: Approximately 30 to 60 days for registration procedures

Poland

The Polish Financial Supervision Authority (Komisja Nadzoru Finansowego, or KNF) administers the VASP registry, while the competent authority for the CASP license Poland authorisation procedure is still subject to being decided.

Key characteristics:

Regulator: not yet appointed, potentially the Polish Financial Supervision Authority (KNF)
Capital requirements: Applicable capital requirements for the designated activity under the MiCA Regulation
Processing timeline: Approximately 3 to 6 months, subject to application completeness
Substance requirements: In line with Article 59(2) the CASP needs to have their place of effective management in the country of registration and at least one of the directors is ordinarily resident in the EU. In practice the regulator will require more people on the ground than less to issue an authorization.

Lithuania

The Bank of Lithuania (Lietuvos bankas) serves as the designated National Competent Authority for CASP license in Lithuania applications, building upon the jurisdiction's established fintech regulatory infrastructure and developed banking ecosystem supporting crypto-asset businesses.

Key characteristics:

Regulator: Bank of Lithuania
Captal requirements: Applicable capital requirements for the designated activity under the MiCA Regulation
Processing timeline: from 3 months
Infrastructure: Established fintech ecosystem with accessible banking services

Estonia

Estonia introduced its VASP licensing framework in 2017, establishing the jurisdiction among the earliest EU Member States to implement dedicated crypto-asset regulatory oversight. The Estonian Financial Supervision Authority (Finantsinspektsioon, FSA) administers CASP authorisation under a reformed framework imposing enhanced substance requirements, including local management presence and comprehensive AML/CFT control infrastructure.

Key characteristics:

Regulator: Estonia’s Financial Supervision Authority (Finantsinspektsioon, FSA)
Capital requirements: Applicable capital requirements for the designated activity under the MiCA Regulation
Processing timeline: from 3 months
Substance requirements: In line with Article 59(2) the CASP needs to have their place of effective management in the country of registration and at least one of the directors is ordinarily resident in the EU. In practice the regulator will require more people on the ground than less to issue an authorization.

Germany

The Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, or BaFin) administers CASP authorisation under a comprehensive supervisory framework characterised by rigorous fit and proper assessments, extensive documentation requirements, and detailed scrutiny of governance arrangements and AML/CFT control infrastructure. Processing timelines for BaFin authorisation typically extend to 6 to 12 months or longer, reflecting the authority's thorough evaluation procedures, with the jurisdiction's regulatory standing within the European financial services ecosystem corresponding to these elevated supervisory standards and comprehensive compliance obligations.

France

The Autorité des Marchés Financiers (AMF) serves as the designated National Competent Authority for CASP authorisation, building upon the jurisdiction's PSAN (Prestataires de Services sur Actifs Numériques) registration framework introduced in 2019, which established France among the earliest EU Member States to implement comprehensive digital asset oversight predating MiCA. The AMF's established supervisory procedures and France's position as a significant European financial market provide authorised entities with access to substantial consumer and institutional client bases within a developed fintech ecosystem.

Malta

The Malta Financial Services Authority (MFSA) administers CASP authorisation, building upon the jurisdiction's Virtual Financial Assets (VFA) Act framework established in 2018, which positioned Malta among the earliest EU Member States to implement comprehensive digital asset regulatory oversight.

Parameter	Details
Regulator	Malta Financial Services Authority (MFSA)
Regulatory heritage	VFA Act tiered licensing since 2018
Processing timeline	Approximately 6 to 12 months
Working language	English

Comparative Overview of CASP Requirements by Jurisdiction

The following table presents a comparative analysis of CASP authorisation parameters across key EU Member States, enabling jurisdictional assessment based on own funds thresholds, substance requirements, and procedural timelines under the harmonised MiCA framework.

Jurisdiction	Regulator	Minimum Capital	Local Presence	Timeline	Notable Features
Czech Republic	CNB	Standardized, depends on the service class	Place of management in the country	from 3 months	18 months transitional period
Poland	To be defined	Standardized, depends on the service class	Place of management in the country	from 3 months	18 months transitional period
Lithuania	Bank of Lithuania	Standardized, depends on the service class	Place of management in the country	from 3 months	Developed FinTech ecosystem
Estonia	FSA	Standardized, depends on the service class	Place of management in the country	from 3 months
Germany	BaFin	Standardized, depends on the service class	Place of management in the country	from 3 months
Malta	MFSA	Standardized, depends on the service class	Place of management in the country	from 3 months

Requirements for CASP License Authorization

The MiCA CASP license requirements establish a comprehensive regulatory framework applicable uniformly across all member states, including jurisdictions such as the CASP license in Spain administered by the Comisión Nacional del Mercado de Valores (CNMV), ensuring harmonised standards for market entry throughout the European Union.

Corporate Requirements:

Mandate registration as a legal entity within an EU Member State, with a registered office, effective place of management, and demonstrable substance in the jurisdiction of authorisation as to be interpreted under Article 59(2) of MiCA.

Capital Requirements:

Under MiCAR, minimum capital is standardised and depends on the service class: EUR 50,000 for Class 1, EUR 125,000 for Class 2 (including exchange and custody), and EUR 150,000 for Class 3 (operation of a trading platform).

Governance Requirements:

Impose fit and proper assessments for all members of the management body and Ultimate Beneficial Owners (UBOs), evaluating professional experience, reputation, and absence of criminal convictions related to financial crimes.

AML/CFT Compliance:

Obligations require appointment of a Money Laundering Reporting Officer (MLRO), implementation of KYC/CDD procedures, transaction monitoring systems, and adherence to the Transfer of Funds Regulation (Travel Rule) requirements.

Operational Requirements:

Encompass IT security frameworks, business continuity planning, data retention protocols conforming to GDPR, and client complaint handling procedures.

Documentation:

For application submission, it includes a detailed business plan, service descriptions, a business-wide risk assessment (BWRA), and a comprehensive compliance manual addressing all regulatory obligations.

CASP License Application Procedure

The CASP authorisation pathway under MiCA follows a structured sequence commencing with jurisdictional analysis, wherein applicants evaluate member state options based on regulatory timelines, own funds thresholds, and supervisory approaches, noting that non-EU alternatives such as a CASP license in Panama do not confer EU passporting rights.

Step 1: Jurisdiction Selection involves a comparative assessment of National Competent Authority procedures across eligible Member States.

Step 2: Legal Entity Registration requires incorporation of an appropriate corporate vehicle with a registered office and substance in the chosen jurisdiction.

Step 3: Documentation Preparation encompasses business plan development, service descriptions, risk assessments, and compliance manuals conforming to Article 62 requirements.

Step 4: Key Personnel Appointment mandates designation of a Money Laundering Reporting Officer (MLRO) and compliance team meeting fit and proper criteria.

Step 5: AML/CFT Policy Development involves drafting KYC/CDD procedures, transaction monitoring protocols, and Suspicious Activity Report (SAR) frameworks aligned with AMLD6 transposition requirements.

Step 6: Application Submission to the designated NCA initiates formal review, with processing timelines typically ranging from 3 to 6 months depending on jurisdictional capacity.

Step 7: Regulatory due diligence encompasses fit and proper assessments, UBO verification, and documentation completeness review.

Step 8: Authorisation Grant confers the right to commence operations and, critically, EU-wide passporting privileges under Article 65.

Step 9: Ongoing compliance obligations include supervisory reporting, periodic policy reviews, and continuous AML/CFT programme maintenance.

Strategic Considerations of CASP License Acquisition

CASP authorisation under MiCA presents distinct advantages and operational considerations relative to non-EU frameworks, such as a VASP license in SVG, requiring careful evaluation of regulatory positioning and resource allocation.

Benefits:

EU-wide passporting rights: Single authorisation grants service provision across all 27 Member States and EEA under Article 65, eliminating multiple licensing requirements
Banking and payment infrastructure access: Authorised CASPs demonstrate enhanced eligibility for correspondent banking relationships and payment service provider integrations
Institutional credibility: MiCA compliance signals regulatory legitimacy to institutional investors, corporate clients, and counterparties conducting due diligence
Legal certainty and sanctions protection: Operating within a regulated EU framework mitigates enforcement risk and reputational exposure associated with unregulated jurisdictions
Scalable growth environment: Harmonised regulatory architecture enables operational expansion without jurisdictional fragmentation

Challenges:

Capital requirements: Own funds thresholds of EUR 50,000 to EUR 150,000 represent significant initial and ongoing financial commitments
Compliance infrastructure costs: MLRO appointment, external audits, transaction monitoring systems, and supervisory reporting generate recurring operational expenses
Processing timelines: Authorisation procedures typically require 3 to 12 months depending on jurisdictional capacity and application complexity
Substance requirements: Local management presence, registered office, and mind-and-management obligations necessitate genuine operational footprint
Ongoing supervisory obligations: Periodic reporting, policy reviews, AML/CFT programme updates, and regulatory examinations impose continuous compliance burdens

CASP Licensing Services by LegalBison

LegalBison provides end-to-end CASP authorisation support through specialised departments covering jurisdictional analysis, business plan development, AML/CFT policy drafting, MLRO sourcing, regulatory liaison, and ongoing compliance, distinguishing EU MiCA authorisation from non-passportable alternatives such as a VASP license in Seychelles.

CASP License Process with LegalBison

LegalBison’s CASP authorisation service follows a structured methodology, with project teams assembled from specialised departments encompassing corporate registration, crypto licensing, AML/CFT policy development, and key personnel sourcing.

Business Model Analysis: Evaluation of proposed service scope against MiCA requirements to determine optimal jurisdictional positioning and licensing strategy
Client Due Diligence: KYC verification and fit and proper pre-assessment of prospective clients
Business Plan Development: Regulatory-grade documentation preparation or refinement to meet NCA submission standards
Team Assembly: Cross-departmental project team formation with subject-matter experts from relevant specialisations
Documentation and Submission: AML/CFT policies, governance frameworks, and application materials conforming to Article 62 requirements
Regulatory Liaison: Direct communication with National Competent Authorities throughout the application process

Ongoing Compliance Support: Post-authorisation supervisory reporting, policy updates, and regulatory correspondence