MICA — New Types of Cryptocurrency Licenses in the EU

Status update: The MiCA CASP authorization regime entered full application on 30 December 2024. Existing providers operating under national pre-MiCA regimes may continue under transitional arrangements until 1 July 2026, after which a MiCA license is mandatory for all crypto-asset service providers targeting EU clients. The transitional period varies by member state — some jurisdictions have already shortened or closed it. Applications submitted close to the deadline face 6–12 month processing timelines, meaning firms without a pending application by mid-2026 are unlikely to be authorized before the cutoff.

Types of MiCA Licenses for Crypto-Asset Service Providers

The Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA) was published in the Official Journal of the EU on 9 June 2023 and entered into force on 29 June 2023. Provisions relating to Asset Referenced Tokens (ART) and E-Money Tokens (EMT) began applying from 30 June 2024. The remaining provisions — including those governing Crypto Asset Service Providers (CASPs) — entered application on 30 December 2024.

In a previous article, we examined MiCA’s token classification framework, white paper requirements, and the broad categories of CASP services. This article goes deeper: the specific requirements for obtaining a MiCA crypto license from scratch, the timeline and procedure, capital requirements by service class, and the grounds on which authorization may be refused or revoked.

One important note at the outset: MiCA’s requirements for service providers are detailed and extensive. This article focuses on the most operationally significant elements rather than exhaustive coverage of every provision. Requirements are also divided between general obligations that apply to all CASPs and specific requirements for individual service types — we focus primarily on the former.

Two Types of MiCA License Applicants

MiCA distinguishes between two categories of applicant from the start.

The first type covers legal entities that already hold financial licenses and are supervised by the relevant financial authorities in their home countries — banks, investment firms, central securities depositories, electronic money institutions (EMIs), and similar regulated entities. These institutions are treated as already meeting high standards of reliability, reporting, and AML/CFT compliance. Accordingly, MiCA significantly simplifies their path: a notification procedure under Article 60 of MiCA applies to them rather than a full authorization application, and the number of required documents is materially reduced. For each type of service, MiCA cross-references the existing financial regulation governing these entities and requires them to apply equivalent standards to crypto-assets.

The second type covers all other legal entities seeking authorization from scratch — new applicants without existing financial licenses. A detailed and extensive list of documents and information is required from these applicants, submitted to the National Competent Authority (NCA) of their chosen EU member state. This is the path most crypto-native businesses will follow, and the remainder of this article focuses primarily on it.

MiCA License Requirements for Applicants with an Existing Financial License

For regulated financial entities following the notification path, the required submissions include:

• A programme of activities defining the types of crypto-asset services to be provided, including where and how those services will be marketed
• A description of internal controls, policies and procedures to ensure AML/CFT compliance
• Risk assessment systems to manage money laundering and terrorist financing risks
• A business continuity plan
• Technical documentation on information systems and security measures, with a non-technical summary
• A description of the procedure for segregation of crypto-assets and client funds

Each type of service for which the notification is made requires a specific policy document. For example, a firm seeking to provide portfolio management or advisory services must demonstrate that its management has relevant knowledge and expertise in those areas.

MiCA CASP License Requirements: Full Authorization from Scratch

An application for a MiCA crypto license must be submitted to the NCA of the EU member state in which the applicant is established. Once authorized, a CASP benefits from EU-wide passporting rights — the authorization in one member state permits operation across all 27 EU countries without separate national licenses. Passported authorizations and their scope are published in ESMA’s public CASP register.

The full application under Article 62 of MiCA must contain:

• The legal name, legal entity identifier, website, contact details, and physical address of the applicant
• The legal form of the CASP
• The statutes or articles of association, if applicable
• A programme of activities defining the types of crypto-asset services to be provided, including marketing approach
• Proof that the applicant meets the prudential (minimum capital) requirements applicable to its service class
• A description of governance arrangements
• Evidence that members of the management body have sufficient standing and the relevant knowledge, skills and experience
• The identity of all direct and indirect shareholders with qualifying interests, and evidence of their good standing
• A description of internal controls, risk management policies and procedures, including AML/CFT risk assessment and a business continuity plan
• Technical documentation on information systems and security measures, in both technical and non-technical form
• A description of client asset segregation procedures
• A description of the complaints handling procedure
• The type of crypto-assets to which the services relate

Each service class carries additional specific documentation requirements on top of these general requirements.

MiCA CASP Minimum Capital Requirements 2026

One of the most frequently searched topics in relation to the MiCA license is the capital threshold. MiCA establishes minimum prudential requirements — referred to as “prudential guarantees” — that must be maintained at all times. The general rule is that a CASP must hold the greater of:

• The fixed minimum capital requirement for its service class (see table below), or
• One-quarter of the previous year’s fixed overheads, reviewed annually

For first-year applicants with no prior operating history, the overhead calculation is based on projected costs submitted as part of the 12-month business plan included in the application.

MiCA CASP minimum capital requirements by service class:

A CASP providing services across multiple classes must maintain capital sufficient for the highest applicable class. These thresholds represent the regulatory minimum — in practice, NCAs may expect higher capitalization levels for business models involving significant client asset volumes or complex operational risk.

MiCA License Adaptation: The Transitional Regime for Existing VASPs

A significant keyword cluster in the search data relates to MiCA license adaptation and MiCA license renewal — both reflecting the same practical challenge: companies previously operating under national VASP registrations must now obtain a full MiCA CASP authorization.

MiCA includes a grandfathering clause under Article 143(3) allowing entities that were lawfully providing crypto-asset services under applicable national law before 30 December 2024 to continue doing so until 1 July 2026, or until their MiCA authorization is granted or refused, whichever is earlier. A simplified authorization procedure under Article 143(6) applies to entities already authorized under national law, which may reduce the documentation burden compared to entirely new applicants.

However, this transitional regime has important limitations:

• It applies only in the member state where the firm was originally registered — no EU passporting during the transition
• Member states may shorten or opt out of the transitional period — the Czech Republic, for example, set a hard deadline of 30 July 2025 for applications to qualify for grandfathering
• ESMA has explicitly warned that last-minute applications will face heightened scrutiny, and that firms operating without authorization after the transitional deadline must implement orderly wind-down plans

For existing VASPs, the MiCA license adaptation process — building a compliant MiCA application on top of existing compliance infrastructure rather than starting from zero — is currently the most time-sensitive regulatory task in the EU crypto sector.

General Procedure and Timeline for Obtaining a MiCA Crypto License

The authorization process under MiCA follows a structured timeline:

1. Within 25 working days of receipt, the NCA assesses whether the application is complete and contains all required information
2. If complete, the NCA notifies the applicant and the 40-working-day assessment clock begins
3. Within 40 working days of notification, the NCA issues a reasoned decision to grant or refuse the authorization

In practice, total elapsed time from submission to decision — including pre-submission engagement, completeness review, and the formal assessment period — typically ranges from 6 to 12 months depending on the NCA and the complexity of the applicant’s business model. Early engagement with the regulator and a well-prepared application materially reduce this timeline.

The NCA may refuse authorization on the following grounds:

• The management body poses a threat to efficient, prudent management or exposes the applicant to serious AML/CFT risk
• Members of the management body do not meet the fit-and-proper requirements under MiCA
• Qualifying shareholders do not meet the good standing criteria
• The applicant fails or may fail to comply with MiCA’s requirements

If no grounds for refusal exist, the NCA issues a positive decision and the CASP may begin providing the authorized services.

Ongoing Duties of a MiCA-Licensed CASP

Obtaining a MiCA license is not a one-time event — it creates a framework of continuous obligations. The most material ongoing requirements include:

• Acting honestly, fairly, and professionally in accordance with the best interests of current and potential clients
• Providing information that is honest, clear, and not misleading — including in marketing communications, which must be clearly identified as such
• Warning clients about the risks associated with crypto-asset transactions
• Publishing pricing, costs, and charges in a prominent location on the firm’s website
• Maintaining minimum capital requirements at all times
• Ensuring members of the management body and qualifying shareholders remain in good standing and continuously meet fit-and-proper standards — changes in management or ownership after licensing may require additional regulatory approval
• Employing personnel with appropriate knowledge, skills, and experience proportionate to the scope and nature of services provided
• Complying with DORA (the Digital Operational Resilience Act, Regulation (EU) 2022/2554), which applies to CASPs as financial entities and sets detailed ICT risk management requirements
• Segregating client assets from the firm’s own assets at all times, with client funds held at an EU credit institution

MiCA License Revocation

A MiCA authorization may be withdrawn by the NCA in several circumstances, including: non-use of the authorization within 12 months of grant; explicit renunciation by the CASP; serious regulatory breaches; the use of false statements to obtain authorization; or where the CASP no longer meets the conditions under which authorization was granted. Revocation is published in ESMA’s public register.

FAQs: MiCA Crypto License in Europe

What is a MiCA license and who needs one?

A MiCA license — formally a CASP authorization under Regulation (EU) 2023/1114 — is the mandatory regulatory authorization for any company providing crypto-asset services to EU clients on a professional basis. This includes crypto exchanges, custodians, trading platforms, brokers, portfolio managers, and advisory services. From 30 December 2024, new entrants must hold a MiCA authorization before providing services. Existing VASPs operating under national regimes have until 1 July 2026 under the transitional arrangements.

What are the MiCA CASP minimum capital requirements in 2026?

MiCA sets three capital tiers: €50,000 for Class 1 services (advisory, order execution, portfolio management), €125,000 for Class 2 services (custody and exchange), and €150,000 for Class 3 services (operating a trading platform). Additionally, CASPs must maintain at least one-quarter of previous year’s fixed overheads if that exceeds the class minimum. These are regulatory floors — NCAs may expect higher capitalization in practice.

How long does it take to obtain a MiCA crypto license in Europe?

The formal statutory timeline is 25 working days for completeness review plus 40 working days for assessment. In practice, total time from initial preparation to authorization decision typically ranges from 6 to 12 months depending on the NCA and application quality. Jurisdictions with higher CASP volumes — Germany, Netherlands, France — may have longer queues heading into the July 2026 deadline.

What is MiCA license adaptation for existing VASPs?

MiCA license adaptation refers to the process of converting an existing national VASP registration into a full MiCA CASP authorization. Firms that were already authorized under national law before 30 December 2024 may benefit from a simplified procedure under Article 143(6) of MiCA, which reduces documentation requirements compared to a full fresh application. However, the transitional period ends on 1 July 2026 and some member states have already shortened it.

Does a MiCA license need to be renewed?

MiCA authorizations are granted for an indefinite term — there is no scheduled renewal process comparable to annual license renewal in some offshore jurisdictions. However, the authorization can be withdrawn by the NCA if the CASP ceases to meet the conditions under which it was granted, fails to use it within 12 months, or commits serious regulatory breaches. Ongoing compliance is therefore the functional equivalent of renewal.

Which EU member states are best for obtaining a MiCA crypto license?

The answer depends on the firm’s business model, team composition, and timeline. Germany, the Netherlands, and Luxembourg have issued the highest numbers of early MiCA authorizations. France, Malta, and Ireland have active pipelines with existing VASP frameworks that provide a basis for simplified authorization. Portugal and Lithuania attract applicants seeking lower operational costs combined with EU passporting rights. No single jurisdiction is universally optimal — a jurisdictional feasibility assessment based on service class, substance requirements, and NCA processing capacity is the correct starting point.

Can a MiCA-licensed CASP operate across all EU countries?

Yes. A MiCA authorization granted by the NCA of one EU member state provides passporting rights to operate across all 27 EU member states. Before commencing activities in another member state, the CASP must notify the NCA of its home state, which then notifies the relevant authority in the target jurisdiction. The passporting notification and scope appear in ESMA’s public register.

Conclusion

With the full entry into application of MiCA, the EU now has a single, harmonized authorization regime for crypto-asset service providers. The fragmented national VASP landscape that characterized the previous decade has been replaced by a framework that grants meaningful passporting rights in exchange for substantive compliance with governance, capital, AML/CFT, and operational resilience requirements.

For new entrants, the MiCA crypto license represents the gateway to the EU market — one that demands serious preparation but delivers regulatory legitimacy and access to 450 million consumers. For existing VASPs, the July 2026 deadline for MiCA license adaptation is not a distant horizon: given application timelines of 6–12 months, firms that have not already begun the process are operating with limited margin.

The ESMA MiCA register is the authoritative source for tracking authorized CASPs and active grandfathering periods across member states.