CASP Licensing Under MiCA: Requirements, Timeline, and Compliance Checklist

The Markets in Crypto-Assets Regulation (MiCA) has fundamentally transformed how crypto asset service providers operate within the European Union. For businesses offering cryptocurrency exchange, custody, trading platform, or advisory services, obtaining proper CASP licensing is no longer optional—it's a legal requirement that determines whether you can legally serve European customers. With the December 2026 deadline now firmly on the horizon, understanding the CASP licensing process is essential for any crypto business with EU ambitions.

This guide walks you through everything you need to know about securing your CASP license: the specific requirements, critical deadlines, and a practical compliance checklist you can use to track your progress.

What Is CASP Licensing Under MiCA?

MiCA, which came into force in June 2023, establishes the first comprehensive regulatory framework for crypto-assets across all 27 EU member states. The regulation introduces a unified licensing regime for Crypto Asset Service Providers, commonly abbreviated as CASP.

A CASP is any legal person or enterprise that provides one or more of the following services professionally to third parties:

• Custody and administration of crypto-assets on behalf of clients
• Operation of a trading platform for crypto-assets
• Exchange of crypto-assets for funds or other crypto-assets
• Execution of orders for crypto-assets
• Placing of crypto-assets
• Reception and transmission of orders for crypto-assets
• Advice on crypto-assets
• Portfolio management of crypto-assets
• Transfer services for crypto-assets

Under MiCA, any entity providing these services within the EU must hold authorization from its home member state's national competent authority (NCA). This authorization serves as your passport to operate across the entire European Economic Area—the license you obtain in one EU country is valid in all 27 member states.

CASP Licensing Requirements: What You Need to Meet

Securing CASP authorization involves satisfying a comprehensive set of requirements spanning governance, capital, operational capacity, and organizational structure. The European Securities and Markets Authority (ESMA) has published regulatory technical standards that specify exactly what NCAs expect from applicants.

Legal Entity Requirements

Your business must be established as a legal entity within the EU—typically as a company limited by shares (GmbH, SAS, BV, Ltd.) in your chosen home member state. You cannot operate as an individual or partnership when seeking CASP authorization.

The entity must have its registered office and head office in the same EU member state where it seeks authorization. This is a non-negotiable requirement: you cannot incorporate in a favorable jurisdiction like the Netherlands while operating primarily from elsewhere.

Minimum Capital Requirements

MiCA establishes tiered capital requirements based on the services you provide and your operational scale:

• €50,000 minimum if providing only one CASP service (such as advice or portfolio management)
• €125,000 minimum if providing custody, exchange, or trading platform services
• €150,000 minimum if combining multiple CASP services

Alternatively, you can hold capital equal to your fixed overheads for the preceding 12 months—whichever is higher. The capital must consist of liquid assets, not illiquid investments. This ensures you can wind down operations in an orderly manner if necessary without exposing clients or creditors to losses.

Governance and Organizational Requirements

Your CASP must implement robust governance arrangements that ensure sound and prudent management of the business. This includes:

• Board composition: The management body must possess adequate collective knowledge, skills, and experience to understand the institution's activities and associated risks. At least one member of the management body must be resident in the EU.
• Fit and proper assessment: All key function holders—including compliance officers, directors, and persons with significant influence—must undergo a "fit and proper" assessment. This evaluates their honesty, integrity, and financial soundness.
• Internal controls: You must establish adequate policies and procedures for risk management, compliance, internal audit, and anti-money laundering. These must be documented and regularly reviewed.
• Remuneration policy: Your remuneration policies must be consistent with sound and effective risk management and must not encourage excessive risk-taking.

Operational Requirements

Beyond governance, your CASP must demonstrate operational capability:

• Segregation of client assets: Client crypto-assets and funds must be segregated from the CASP's own assets. Custodied assets remain protected in insolvency.
• Order execution policy: If you execute orders, you must establish and implement an order execution policy that achieves the best possible result for clients.
• Complaint handling: You must establish and maintain effective procedures for receiving and handling client complaints, with a dedicated complaints officer.
• Outsourcing: Any critical functions outsourced to third parties must not impair the quality of your internal controls or the NCA's supervisory effectiveness.

Antimoney Laundering and Counter-Terrorist Financing

CASP authorization requires full compliance with EU antimoney laundering rules, including the Anti-Money Laundering Regulation (AMLR). Your business must implement:

• Customer due diligence (CDD) procedures, including identification and verification
• Ongoing monitoring of business relationships
• Suspicious activity reporting obligations
• Record-keeping systems
• A dedicated antimoney laundering compliance officer

2026 EU Regulatory Deadline Timeline

CASP licensing under MiCA is converging with two other major EU regulatory frameworks. The overlap demands a coordinated compliance strategy — treating MiCA in isolation will leave gaps.

Critical Timeline: When to Submit Your CASP Licensing Application

The timeline for CASP licensing is not something to leave to the last minute. The authorization process is rigorous and time-consuming—most industry experts recommend budgeting 6 to 12 months from initial preparation to final authorization.

Key MiCA Deadlines

30 December 2026 is the definitive deadline. After this date, any entity providing CASP services within the EU without proper authorization commits a criminal offense in most member states. Operating without authorization carries penalties of up to €5 million or 10% of annual worldwide turnover, whichever is higher.

1 January 2026 marked the application date for several MiCA provisions, including requirements related to market abuse prevention for crypto-assets. While your CASP may have been operating under transitional provisions, the December 2026 deadline is the hard stop for authorization.

Application Processing Time

NCAs must acknowledge your application within one working day and inform you whether your application is complete within 15 working days. However, the substantive assessment period—during which the NCA evaluates your business plan, governance, capital, and operational readiness—typically takes 3 to 6 months, and can extend longer for complex applications.

Given the December 2026 deadline, submitting your application in the first half of 2026 is strongly advisable. Some NCAs, particularly in popular jurisdictions like the Netherlands, Germany, and France, are already experiencing significant backlogs.

Choosing Your Jurisdiction

Your choice of home member state significantly impacts your licensing timeline. Each NCA has its own procedures, processing times, and specific expectations. Researching your options carefully before submitting is essential:

• Netherlands (AFM/DNB): Sophisticated regulatory framework, English-speaking, popular choice but potentially longer processing times
• Germany (BaFin): Strict but predictable requirements, strong consumer protection focus
• France (AMF): Clear application procedures, relatively efficient processing
• Ireland (CBI): English-speaking, English common law legal system, EU passporting
• Italy (CONSOB/Banca d'Italia): Growing crypto hub, increasingly popular choice

CASP Licensing Compliance Checklist

Use this checklist to track your organization's progress toward CASP authorization. Each item represents a critical requirement that NCAs will evaluate during your application process.

Phase 1: Pre-Application Planning

• ☐ Map all crypto-asset services you currently provide or plan to provide
• ☐ Identify the specific CASP authorization category or categories you need
• ☐ Research NCA requirements in your chosen home member state
• ☐ Evaluate whether your current legal structure meets EU requirements
• ☐ Assess your timeline against the December 2026 deadline

Phase 2: Capital and Financial Requirements

• ☐ Calculate your minimum capital requirement based on services provided
• ☐ Ensure capital is held in liquid assets (cash, government bonds, etc.)
• ☐ Prepare audited financial statements for the past two years
• ☐ Establish capital monitoring systems for ongoing compliance
• ☐ Engage an external auditor approved by your home NCA

Phase 3: Governance and Organization

• ☐ Establish or restructure your legal entity within the EU
• ☐ Ensure the management body has adequate collective expertise
• ☐ Conduct fit and proper assessments for all key function holders
• ☐ Appoint a compliance officer with appropriate qualifications
• ☐ Appoint an antimoney laundering compliance officer
• ☐ Document your governance arrangements and organizational structure

Phase 4: Policies and Procedures

• ☐ Develop and document a comprehensive risk management framework
• ☐ Create an antimoney laundering policy and procedures
• ☐ Establish client asset segregation procedures
• ☐ Develop order execution policies (if applicable)
• ☐ Create a complaints handling procedure
• ☐ Document business continuity and IT security policies
• ☐ Establish a remuneration policy aligned with MiCA requirements

Phase 5: Operational Readiness

• ☐ Implement systems for client identification and verification
• ☐ Establish transaction monitoring capabilities
• ☐ Set up record-keeping systems meeting regulatory requirements
• ☐ Ensure adequate insurance or equivalent protection for client assets
• ☐ Prepare for outsourcing due diligence if applicable

Phase 6: The Application

• ☐ Compile your business plan with three-year financial projections
• ☐ Prepare constitutional documents and proof of registered office
• ☐ Document governance arrangements in detail
• ☐ Submit application to your home NCA
• ☐ Respond promptly to any requests for additional information
• ☐ Prepare for potential on-site inspections

What Happens If You Miss the Deadline

Operating as a CASP without authorization after 30 December 2026 is not simply a regulatory infringement—it constitutes a criminal offense in most EU member states. The consequences are severe:

Financial penalties can reach €5 million or 10% of annual worldwide turnover for the most serious violations. Some member states have enacted even higher penalties.

Market exclusion is equally critical. Without authorization, you cannot legally serve EU-based customers. This includes targeting EU customers from abroad—MiCA's territorial scope captures any CASP marketing services to EU persons, regardless of where the CASP is based.

Reputational damage from regulatory enforcement can be irreversible. News of license rejections or enforcement actions spreads quickly in the crypto industry and can destroy partner relationships and customer trust.

Personal liability may attach to directors and officers who knowingly operate without authorization, including potential criminal prosecution.

Moving Forward: Your Path to CASP Licensing

The December 2026 deadline is approaching rapidly. But for CASPs operating under transitional arrangements, the July 1, 2026 grandfathering deadline is the immediate crisis point — just 67 days away. The EU AI Act's GPAI obligations taking effect this July add another layer of compliance pressure, particularly for CASPs relying on AI-powered compliance tools. The authorization process is demanding, but it is also an opportunity to establish your organization on a foundation of regulatory compliance that will support sustainable growth across the European market.

Start by conducting an honest assessment of where your organization stands against the requirements outlined in this guide. If the July 1 deadline is not achievable, engage with your NCA immediately to discuss your options — some authorities may offer guidance on orderly wind-down that mitigates enforcement risk. For CASPs already in the application process, focus on resolving any outstanding information requests from your NCA within days, not weeks. Identify gaps in your governance, capital, and operational readiness. Engage with legal counsel who specialize in EU crypto regulation—preferably in your chosen home member state.

Remember that CASP licensing is not merely a box-checking exercise. Regulators want to see that you understand the risks inherent in your business and have the controls in place to manage them effectively. Demonstrating this understanding throughout your application is as important as meeting the technical requirements.

The crypto industry is maturing, and regulatory compliance is becoming a competitive advantage. Organizations that secure CASP authorization early will have a significant edge over competitors still navigating the licensing process as the deadline approaches. Start your application today, and position your business for success in the regulated European crypto market of tomorrow.