How to obtain a CASP license under MiCA and enter the entire EU market

Thinking about providing crypto services in the EU under MiCA?

This is no longer a trendy topic, but a regulated path that must be followed. Obtaining a CASP license may seem like a labyrinth of forms, policies, and procedures. But the good news is that the outcome is worth it: once you obtain authorization in one EU country, you have the right to operate throughout the Union.

This guide is not meant to scare you with legal jargon. Its purpose is to explain what the process actually looks like. Whether you are just starting to familiarize yourself with MiCA or have already delved into compliance planning, these steps will help you move forward with a clear understanding and confidence.

Step 1. Determine the applicability of MiCA and basic requirements

Start with a sober assessment of whether your business falls under MiCA. If you are actively engaging clients from the EU and providing at least one of the following services:

• custody and administration of crypto assets on behalf of clients;
• management of a trading platform for crypto assets;
• exchange of crypto assets for fiat currency;
• exchange of crypto assets for other crypto assets;
• execution of orders to buy/sell crypto assets on behalf of clients;
• placement of crypto assets;
• receipt and transmission of orders on behalf of clients;
• provision of advice on crypto assets;
• portfolio management of crypto assets;
• provision of crypto asset transfer services on behalf of clients.

If your activities fall under these criteria, check whether your legal entity can meet the basic MiCA requirements:

• having a registered office and a place of management in one of the EU countries;
• appointing at least one director residing in the EU (a person with temporary protection status in an EU country is also acceptable);
• having a minimum share capital (50,000, 125,000, or 150,000 euros depending on the type of services);
• implementing a package of approximately 20–30 internal policies, including risk management, AML/CTF, client asset segregation, and transparent disclosure.

If you are ready for this level of compliance, you can consider it a green light: the path to the CASP license has begun.

Step 2. Conduct an internal audit

Conduct a comprehensive internal audit to assess your level of readiness. Compare what has already been implemented with what needs further development. Evaluate your governance structure, financial condition, compliance systems, and IT infrastructure. This is not a formality, but an opportunity to truly understand your strengths, identify gaps, and determine what is needed to confidently move to the next steps.

Step 3. Choose a jurisdiction

Choosing a country for obtaining a CASP license is a strategic decision that will affect the entire authorization process and subsequent operations in the EU. This choice determines the location of your office and management, as well as the legislation that will apply. While MiCA establishes common rules for the entire EU, each country interprets them differently, adding its own requirements for reporting, corporate governance, and operational activities. This choice also determines which regulator you will interact with.

When choosing a country, consider the regulator's experience with crypto businesses, the language environment, currency, and ease of market entry. Pay attention to cost factors—office rent, local staff salaries, operational expenses. They can significantly impact your budget if not planned in advance.

Given the complexity of these factors, it is advisable to engage a legal advisor to help choose the jurisdiction that best fits your business model.

Step 4. Operational readiness: office, personnel, banking

After selecting a country, review the local legislation that implements MiCA and the regulator's guidelines. They often contain additional requirements.

Alongside preparing the document package for the license, ensure the following steps:

• find an office in the chosen jurisdiction (co-working is allowed if provided by local regulations);
• enter into a lease agreement with a deferred start date, so the rent begins to accrue only after the license is issued;
• identify key personnel required under MiCA: CEO, CCO, CFO, MLRO/KYC Officer, Risk Officer, Outsourcing Manager, Information Security Officer, Data Protection Officer, Customer Support, Software Developer, Accountant, Internal Auditor. The regulator may require that some positions be held by local residents or allow for function overlap;
• open segregated accounts to separate client funds from company funds. Start negotiations with several financial institutions in advance and plan for a deferred start to minimize costs.

Step 5. Prepare a complete document package

According to Article 62 of MiCA, the CASP application must include a set of written policies confirming your readiness to operate. The minimum set includes:

• operational program;
• management and internal control policy;
• risk, business continuity, and IT security policies;
• AML/CTF policy;
• client asset segregation procedure;
• complaints handling procedure.

Additional policies depend on the type of services, for example:

• asset custody and administration policy;
• description of the trading platform's operating rules and market abuse detection system;
• pricing and commercial activity policy for exchange services;
• order execution policy;
• confirmation of the qualifications of individuals providing advice or managing portfolios;
• description of the asset transfer service provision process.

You also need to add documents about the reputation, experience, and competencies of the management and owners, proof of financial stability, and a list of crypto assets the company will work with.

Additionally, MiCA refers to the DORA requirements regarding cybersecurity, so your application must take this into account.

Overall, the document package reflects your legal, operational, and financial readiness. The more structured and complete it is, the faster the licensing process will progress.

Step 6. Submit the application and work with the regulator's feedback

Submit the application to the regulator in the chosen country, expecting an iterative process. The review usually takes at least five months and includes several rounds of questions and clarifications.

Maintain open and constructive communication. Even a perfectly prepared application does not guarantee the absence of additional questions, but quality dialogue reduces delays. Be flexible, respond accurately, and view feedback as a roadmap to final approval.

The final step (before the real first)

The process of obtaining a MiCA license may seem complicated, and partly this is true. But with a clear plan, realistic timelines, and qualified professionals, it is entirely achievable. Each step brings you closer not only to compliance but also to full access to the EU market within a single regulatory framework.

You know who can help. Just write to us.