FinlexProAll Posts
Guide

How to Apply for a CASP License in the EU: Step-by-Step Process (2026)

Rui Tanitkan
February 14, 2026
15 min read

Before You Begin: Is a CASP License Right for You?

Getting a CASP license under MiCA is a significant undertaking. Before diving into the application process, you need to understand what you're signing up for.

A CASP license authorizes you to provide crypto-asset services across all 27 EU member states. That's the good news. The challenging part is that MiCA sets a high bar for authorization, and the process typically takes 6-12 months from initial application to final approval.

This guide walks you through every step of the process based on the actual requirements in MiCA and the technical standards published by ESMA and EBA.

Step 1: Determine Which Services You Need Authorization For

MiCA defines ten distinct crypto-asset services. Your license application must specify exactly which services you intend to provide:

Custody and Administration of Crypto-Assets

Holding crypto-assets on behalf of clients or controlling the means of access to those assets. This is one of the most common CASP activities and includes operating custodial wallets.

Operation of a Trading Platform

Running a multilateral system that brings together multiple buyers and sellers of crypto-assets. Think centralized exchanges.

Exchange Services

Exchanging crypto-assets for funds (fiat currency) or for other crypto-assets. This covers both fiat on/off ramps and crypto-to-crypto trading.

Execution of Orders

Concluding agreements to buy or sell crypto-assets on behalf of clients. Similar to brokerage services in traditional finance.

Placing of Crypto-Assets

Marketing newly-issued crypto-assets to investors. Relevant for platforms facilitating token launches.

Reception and Transmission of Orders

Receiving client orders and transmitting them to another CASP or trading platform for execution.

Providing Advice

Offering personalized recommendations on crypto-asset transactions. Triggers additional suitability obligations.

Portfolio Management

Managing crypto-asset portfolios on a discretionary basis according to client mandates.

Transfer Services

Transferring crypto-assets between addresses or accounts on behalf of clients.

Each service you apply for increases the complexity of your application and ongoing compliance obligations. Start with the services you actually need and expand later if necessary.

Step 2: Choose Your Home Member State

Your CASP license will be granted by a national competent authority (NCA) in one EU member state. This becomes your "home member state" and your primary supervisor.

The choice matters more than you might think:

Regulatory Culture

Some NCAs have more experience with crypto and may process applications faster. Others are more conservative and may require additional documentation.

Language Requirements

Most NCAs require applications in their national language, though some accept English. Check before you start.

Fees

Authorization fees vary significantly. Some jurisdictions charge flat fees while others calculate based on company size or service scope.

Supervisory Approach

Ongoing supervision differs between jurisdictions. Some NCAs are more hands-on while others take a lighter touch.

Popular Choices for CASPs

Several jurisdictions have emerged as popular choices:

France (AMF): Established crypto regulatory framework since 2019. The AMF has processed numerous CASP applications and published detailed guidance.

Germany (BaFin): Strong financial regulatory tradition. BaFin requires thorough documentation but provides clear expectations.

Ireland (Central Bank of Ireland): English-speaking jurisdiction with experience in financial services passporting.

Lithuania (Bank of Lithuania): Relatively streamlined process and competitive fees. Popular among fintech startups.

Estonia (Finantsinspektsioon): Digital-first approach and English-friendly. Note that Estonia has tightened requirements significantly since 2022.

Don't choose based solely on perceived ease of authorization. You'll work with your home NCA for the life of your license.

Step 3: Prepare Your Corporate Structure

MiCA requires CASPs to be established as legal entities within the EU. Before applying, you need:

EU Legal Entity

You must have a registered office and head office in the EU. The head office means the place where key management decisions are made, not just a registered address.

Management Body

Your directors and senior managers must meet fitness and propriety requirements. This includes:

  • Professional qualifications and experience relevant to the services
  • Good reputation with no criminal history related to financial crimes
  • No conflicts of interest that would impair judgment

MiCA specifically requires that at least two members of the management body are resident in the EU and have sufficient knowledge and experience.

Shareholders and Qualifying Holdings

Anyone holding 10% or more of your company (directly or indirectly) is a "qualifying holder" and must be assessed by the NCA. This includes:

  • Natural persons and their identities
  • Legal entities and their beneficial owners
  • Their financial soundness
  • Any grounds for suspecting money laundering connections

Prepare comprehensive documentation on your ownership structure. Opaque ownership is a red flag for regulators.

Step 4: Meet Capital Requirements

MiCA sets minimum own funds requirements based on which services you provide:

€50,000 Minimum

For CASPs providing only:

  • Reception and transmission of orders
  • Providing advice on crypto-assets
  • Execution of orders

€125,000 Minimum

For CASPs providing:

  • Custody and administration
  • Exchange of crypto-assets for funds
  • Exchange of crypto-assets for other crypto-assets
  • Placing of crypto-assets
  • Transfer services

€150,000 Minimum

For CASPs operating a trading platform for crypto-assets.

Important: These are minimums. NCAs may impose higher requirements based on your risk profile. Additionally, you must maintain own funds equal to at least one quarter of your fixed overheads from the previous year.

Own funds must be composed of Common Equity Tier 1 items (essentially paid-up share capital and retained earnings).

Step 5: Build Your Governance Framework

The application requires detailed documentation of your internal organization:

Organizational Structure

A clear chart showing reporting lines, responsibilities, and how key functions are organized. You need to demonstrate clear separation of duties and adequate staffing for each service.

Internal Control Mechanisms

Policies and procedures for:

  • Compliance monitoring
  • Risk management
  • Internal audit (for larger CASPs)
  • Management information systems

ICT Risk Management

Under DORA (which applies to all CASPs), you need comprehensive ICT risk management including:

  • ICT governance and strategy
  • Information security policies
  • Business continuity and disaster recovery
  • Incident management procedures
  • Third-party risk management for ICT providers

Outsourcing Policy

If you outsource any critical or important functions, you need a comprehensive outsourcing policy covering:

  • Due diligence on providers
  • Contractual requirements
  • Monitoring procedures
  • Exit strategies

Step 6: Develop Required Policies and Procedures

Your application must include numerous policies. At minimum:

Client Asset Safeguarding

How you protect client crypto-assets and funds. This must include:

  • Segregation from your own assets
  • Custody arrangements
  • Reconciliation procedures
  • What happens if you become insolvent

Conflicts of Interest

Identification and management of conflicts between:

  • Your interests and client interests
  • Different clients' interests
  • Staff personal interests and client interests

Complaints Handling

A procedure for receiving, investigating, and resolving client complaints. Must be free of charge and allow complaints in any official EU language.

Market Abuse Prevention

Measures to detect and prevent insider dealing and market manipulation. This includes surveillance systems if you operate a trading platform.

AML/CFT Procedures

Comprehensive anti-money laundering procedures including:

  • Customer due diligence (CDD)
  • Transaction monitoring
  • Suspicious activity reporting
  • Travel rule compliance (TFR)
  • Staff training

Step 7: Prepare Your Application Package

The actual application package includes:

Application Form

The NCA's standard form covering your company details, requested services, and basic information.

Programme of Operations

A business plan covering at least three years that includes:

  • Description of services and how you'll provide them
  • Target markets and client types
  • Marketing strategy
  • Revenue projections and financial forecasts
  • Technical infrastructure description

Governance Documentation

  • Organizational chart
  • CVs and fitness questionnaires for all management body members
  • Criminal record certificates
  • Shareholder documentation and qualifying holdings assessments

Policy Documentation

All the policies listed in Step 6, fully developed and board-approved.

Financial Information

  • Audited accounts (if existing company)
  • Opening balance sheet and capital evidence
  • Three-year financial projections
  • Own funds calculation

Technical Documentation

  • System architecture descriptions
  • Security measures
  • Business continuity plans
  • Outsourcing arrangements

Insurance

Evidence of professional indemnity insurance or comparable guarantees (required for advisory and portfolio management services).

Step 8: Submit and Engage with the NCA

Once submitted, the NCA has 25 working days to acknowledge receipt and confirm completeness. If your application is incomplete, the clock doesn't start until you provide all required documents.

From the completeness confirmation, the NCA has 40 working days to make a decision. In practice, this often extends because:

Information Requests

NCAs frequently request additional information or clarification. Each request stops the clock until you respond.

Interviews

The NCA may want to meet with your management body members to assess their competence and commitment.

Site Visits

Some NCAs conduct on-site assessments to verify your operational readiness.

Tips for a Smooth Process

Be responsive. Delays in answering NCA queries extend the process and may create negative impressions.

Be transparent. If there are potential issues (past regulatory problems, complex ownership, novel business models), address them proactively rather than waiting for the NCA to discover them.

Prepare your management team. They should be able to articulate your business model, risk management approach, and regulatory understanding without reading from scripts.

Step 9: Post-Authorization Obligations

Authorization isn't the end. Ongoing obligations include:

Passporting Notifications

If you want to operate in other EU member states, you must notify your home NCA, which then informs the host NCAs. Cross-border services can begin 15 working days after notification.

Annual Reporting

Regular reports to your NCA on activities, complaints, own funds, and material changes.

Material Change Notifications

You must notify your NCA before making significant changes to governance, ownership, services, or policies.

Continuous Compliance

All the policies you submitted aren't just paperwork. You must actually implement and follow them.

Timeline Expectations

Realistically, the process from starting to prepare your application to receiving authorization looks like:

Months 1-3: Corporate setup, hiring, policy development

Months 4-5: Finalizing documentation, internal review

Month 6: Application submission

Months 7-12: NCA review, queries, interviews

Month 12+: Authorization decision

Some well-prepared applicants complete faster. Others with complex structures or novel business models take longer.

Common Reasons for Rejection or Delay

Based on NCA feedback across the EU, common issues include:

Inadequate Management Experience

Directors without relevant financial services or crypto experience.

Insufficient Capital

Own funds that don't meet requirements or aren't in qualifying forms.

Weak Governance

Unclear organizational structures, missing policies, or inadequate resources.

AML Concerns

Insufficient AML procedures or questionable ownership structures.

Technical Shortcomings

ICT systems that don't meet DORA requirements or can't demonstrate adequate security.

FinlexPro Can Help

Navigating MiCA authorization requirements means understanding dozens of articles across the regulation plus technical standards from ESMA and EBA. FinlexPro indexes all of these documents, letting you:

  • Search specific authorization requirements by topic
  • Get AI explanations with article citations
  • Cross-reference between MiCA, DORA, and AML requirements
  • Access direct links to official EUR-Lex sources

Start your CASP authorization research with 15 free searches.

Search Related Regulations

Use FinlexPro to find specific articles mentioned in this post.

Start Searching

Related Resources

MiCA Regulation Guide
Complete overview — Arts. 1–149
MiCA Capital Calculator
Free tool
ART / EMT Classifier
Free tool

Related Posts

The EU AML Package Explained: AMLR, AMLD6, and AMLA for Crypto & Finance

14 min read

Stablecoin Regulation in the EU: ART vs EMT - The Complete Guide

12 min read