1. Confirm you need CASP authorisation
MiCA (Regulation (EU) 2023/1114) requires authorisation for any legal person providing one or more crypto-asset services listed in Article 3(1)(16) on a professional basis in the EU. Confirm that your activity falls within scope and is not exempt (e.g. fully decentralised services without an identifiable issuer/provider, certain intra-group services, or activities already covered by another EU licence under the equivalence regime in Article 60 — credit institutions, MiFID firms, EMIs, UCITS managers, AIFMs and central securities depositories).
2. Identify the exact services (a–j) to be authorised
Your application must list every service you intend to provide: (a) custody and administration of crypto-assets on behalf of clients (b) operation of a trading platform for crypto-assets (c) exchange of crypto-assets for funds (d) exchange of crypto-assets for other crypto-assets (e) execution of orders for crypto-assets on behalf of clients (f) placing of crypto-assets (g) reception and transmission of orders (h) providing advice on crypto-assets (i) providing portfolio management on crypto-assets (j) providing transfer services for crypto-assets. The scope drives capital requirements, organisational rules and ongoing obligations.
3. Establish a legal entity with substance in the EU
You must be a legal person with a registered office in a Member State, place of effective management in the EU, and at least one director resident in the Union. Outsourcing is allowed but the entity must retain real decision-making, risk management and compliance capability locally.
4. Meet the minimum capital requirement (Annex IV)
Permanent minimum own funds depend on the services: • Class 1 — EUR 50,000 (services (h), (g), (i), (d), (c), (e), (f), (j)) • Class 2 — EUR 125,000 (Class 1 + (a) custody) • Class 3 — EUR 150,000 (operating a trading platform — service (b)). Own funds must at all times be at least the higher of the Annex IV amount and one quarter of the previous year's fixed overheads. Acceptable instruments: CET1 capital or an insurance policy meeting Article 67(4).
5. Fit-and-proper management body and qualifying shareholders
Members of the management body and persons holding ≥10% of capital or voting rights must demonstrate good repute, sufficient knowledge, skills and experience, and the time needed to perform their duties. Submit CVs, criminal-record extracts, declarations of interest and a collective suitability assessment of the board.
6. Build the governance, risk and compliance framework
Required policies and arrangements include: organisational chart and three lines of defence; conflicts-of-interest policy; complaints-handling procedure; business continuity and ICT risk management (DORA-aligned); AML/CFT programme under Directive (EU) 2015/849; market-abuse detection (Title VI of MiCA); custody and segregation of client crypto-assets and funds (Article 70); safeguarding of client funds via credit institutions or EMIs; outsourcing policy; record-keeping for at least five years.
7. Compile the application file (Article 62)
The dossier filed with the national competent authority (NCA) must contain at minimum: legal-entity details and articles of association; programme of operations describing each service; governance arrangements; proof of prudential safeguards; business continuity plan; ICT and security policies; AML/CFT manual; description of the trading-platform rulebook (if applicable); custody policy; complaints-handling procedure; conflict-of-interest policy; market-abuse procedures; outsourcing arrangements; identity and suitability documents for the management body and qualifying shareholders; and a white paper for any crypto-asset offered or admitted to trading where required.
8. Assessment by the NCA (timelines)
The NCA confirms completeness within 25 working days and may request missing information. Once the file is complete, the NCA has 40 working days to grant or refuse authorisation. ESMA and the EBA are consulted where relevant. Authorisation is valid in the entire EU once notified to ESMA, which lists the firm in its public register.
9. Passporting to other Member States
Under Article 65 you may provide services across the EU under freedom of services or via a branch. Submit a passporting notification to your home NCA listing the host Member States and services. The home NCA forwards it within 10 working days; activities may start once the host NCA is notified.
10. Ongoing obligations after authorisation
Continuing duties include: prudential reporting; notification of material changes to the authorisation; safeguarding and segregation of client assets; transparency and conduct-of-business rules (best execution, fair treatment, marketing communications); publication and ESMA-notification of crypto-asset white papers; market-abuse surveillance and STOR reporting; complaints reporting; AML/CFT and sanctions screening; cooperation with NCAs, ESMA and EBA; and annual disclosure of environmental and climate-related impact under Article 66(5).
11. Transitional regime for existing providers
Firms lawfully providing crypto-asset services under national law before 30 December 2024 may continue under the transitional regime until 1 July 2026, or until authorisation is granted or refused, whichever is earlier. Member States may shorten this window — verify the exact deadline applied by your NCA.
12. Fees and external costs
Expect NCA application and supervisory fees (varies by Member State), legal and compliance advisory costs, ICT and security audits, external auditor fees, and PI insurance premiums where used to meet Article 67. Budget a realistic 6–12 month project timeline from kick-off to authorisation.
Official sources
Frequently Asked Questions
Who needs a MiCA CASP authorisation?+
Any legal person providing one or more crypto-asset services listed in Article 3(1)(16) of Regulation (EU) 2023/1114 on a professional basis in the EU. Credit institutions, MiFID firms, EMIs, UCITS managers, AIFMs and CSDs use the equivalence regime of Article 60 instead.
When did MiCA become applicable?+
Title III (asset-referenced tokens) and Title IV (e-money tokens) apply from 30 June 2024. The rest of MiCA, including the CASP authorisation regime, applies from 30 December 2024.
How long does authorisation take?+
The competent authority has 25 working days to confirm completeness and 40 working days from a complete file to grant or refuse authorisation. End-to-end projects typically run 6–12 months including preparation.
What is the minimum capital?+
EUR 50,000 (Class 1), EUR 125,000 (Class 2, includes custody) or EUR 150,000 (Class 3, operating a trading platform). Own funds must always equal at least the higher of the Annex IV amount and one quarter of the previous year's fixed overheads.
Can I passport my authorisation across the EU?+
Yes. Under Article 65 a single MiCA authorisation lets you provide services in all EU/EEA Member States via freedom of services or a branch, after a passporting notification through your home NCA.
What is the transitional regime?+
Providers operating lawfully under national law before 30 December 2024 may continue under the transitional regime until 1 July 2026, or until their authorisation is granted or refused, whichever is earlier. Some Member States have shortened this window.
Where can I find the official MiCA register?+
ESMA publishes the public register of authorised CASPs and notified white papers. Links to ESMA, the EBA and EUR-Lex are provided in the Official sources section above.