top of page

CASP Licence in 2025 Explained


CASP Licence in 2025 Explained
CASP Licence in 2025 Explained

Following the introduction of the Markets in Cryptocurrencies Regulation (MiCA), obtaining a CASP (cryptocurrency service provider) licence has become a vital step for cryptocurrency companies looking to operate legally and thrive in the EU. As of 1 January 2025, all cryptocurrency-related companies must comply with these new regulatory requirements to maintain their operations. However, the so-called "grandfather regime" (an 18-month transition period) is still in place, meaning that virtual asset service providers (VASPs) can continue to operate under their current national licenses until 31 December 2025. In some countries, this period can be extended to 1 July 2026.


In this article, we present the main steps to obtain a CASP licence, the main requirements, and tips for ensuring your business complies with MiCA. Regardless of whether you are an established cryptocurrency exchange or a start-up wallet provider, preparation and strategic compliance will be pivotal to your success in this new regulatory framework.


Firstly, it is necessary to define who crypto asset service providers are and which services fall under the definition of 'crypto asset services'. According to the provisions of the Markets in Crypto-Assets Act, a crypto-asset service provider is a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and which is allowed to provide crypto-asset services.


The list of services and actions related to any crypto asset


The list includes the following:


  • providing custody and administration of crypto-assets on behalf of clients;

  • operation of a trading platform for crypto-assets;

  • exchange of crypto-assets for funds;

  • exchange of crypto-assets for other crypto-assets;

  • execution of orders for crypto-assets on behalf of clients;

  • placing of crypto-assets;

  • reception and transmission of orders for crypto-assets on behalf of clients;

  • providing advice on crypto-assets;

  • providing portfolio management on crypto-assets;

  • providing transfer services for crypto-assets on behalf of clients.


It is clear that the list of relevant actions and services includes the activities of VASPs – organisations that exchange between different forms of virtual assets or between virtual assets and fiat currencies. This means that every company holding a VASP license must re-apply for a new MiCA CASP license.


What exactly are the requirements of CASP Compliance?


  1. Mandatory authorization requirement. It is related to the fact that all legal entities or other enterprises must be authorized as cryptoasset service providers to provide such services. Such authorization will result in obtaining a CASP license. All the following requirements are inextricably linked to the above, as without compliance with the other obligations, obtaining a CASP license is impossible.

  2. Requirements for the performance of management functions. CASPs must ensure good reputation, competence, transparency, continuity of operations, compliance with regulatory requirements, data protection, and maintenance of mandatory documentation for effective management and supervision.

  3. Organizational requirements. First and foremost, CASPs must have a registered office in the EU Member States where they provide at least part of their cryptocurrency asset services. Cryptoasset service providers also need to have their place of actual management in the EU, and at least one of their directors must be a resident of the EU. 

  4. Capital requirements. CASPs must comply with the amounts of permanent minimum capital requirements set out in Annex IV of the MiCA. These amounts vary from EUR 15,000 to EUR 150,000 depending on the type of services provided using cryptocurrency assets.

  5. Requirements to protect clients' interests and assets. Cryptoasset service providers must act honestly, fairly, and professionally in the best interests of their clients and potential clients. In addition, CASPs that hold cryptoassets belonging to customers or means of accessing such cryptoassets should take appropriate measures to protect the property rights of customers, especially in the event of insolvency of the cryptoasset service provider, and to prevent the use of customers' cryptoassets for their account.

  6. Transparency of activities. CASPs are also required to have KYC systems, record-keeping, and monitoring activities to prevent illegal activities.


Timeline & Milestones


The process of obtaining a Crypto Asset Service Provider (CASP) license in the European Union is regulated in detail by EU Regulation 2023/1114 (MiCA). The CASP licensing procedure can be divided into three main stages:


  1. Preparation and submission of the application.

    - Preparation of documentation. The applicant prepares the necessary documents, including internal policies, procedures, and proof of compliance with MiCA requirements. The entire required list of documents to be attached to the application is clearly set out in the MiCA rules.

    - Submission of the application. The application is submitted to the relevant national regulator of the EU member state (for example, for Polish entities, this is the Financial Supervision Authority) where the company plans to operate. Although MiCA regulates licensing issues in the same way for all EU countries, CASPs should choose the jurisdiction that best suits their business model. It should also be noted that some member states may impose additional rules prior to obtaining a license.

  2. Confirmation of receipt and verification of the completeness of the application:

    - The competent authority must confirm receipt of the application from the company within 5 days in any case.

    - The competent authority then has 25 working days to verify the completeness of the application.

    - If the application is incomplete, the competent authorities will set a deadline by which the cryptoasset service provider that applied must provide any missing information.

    - The competent authorities must, within 40 working days of receiving a complete application, assess whether the cryptoasset service provider meets the legal requirements and make a fully informed decision to grant or deny the authorization.

  3. Making a decision The competent authorities shall notify the applicant of their decision within 5 working days from the date of the decision.


Important! It should also be noted that the competent authorities may revoke the cryptocurrency asset service provider's permit if the cryptocurrency asset service provider fails to comply with the requirements of national and/or international law, as well as performs any of the actions outlined in Article 64 EU Regulation 2023/1114 (MiCA).


Therefore, even after obtaining a license, cryptocurrency asset service providers must ensure compliance with the established requirements throughout the entire course of their activities.


Іmpact of the new rule on business operations


Implementing the new CASP license rules can challenge businesses, but it also opens up development opportunities. The key to success is to adapt to changes and proactively implement innovative solutions.


For companies providing services with crypto assets in the EU, these changes are needed:

  • Promptly obtain a license under MiCA;

  • Implementation and maintenance of AML/CFT procedures and compliance with the Travel Rule;

  • Adaptation to different national requirements and transition periods.


Failure to comply with these requirements may result in fines, restrictions on activities, or loss of access to the EU market.


However, there are also positive aspects. Strict requirements will increase customer confidence in crypto service providers. Regulated companies are seen as more reliable, which will attract more clients, including institutional investors. The new rules will also ensure that cryptoasset services are not limited to the territory of one country in the EU. CASPs will be able to provide cross-border services without the need to obtain additional permits after notifying the competent authority.


Learning points & legal cases on compliance


The European Union's Markets in Crypto-Assets Regulation (MiCA) sets out common rules for the EU crypto asset market, including requirements for crypto asset service providers (CASPs). As MiCA's rules on CASP licensing have only recently come into force, there is no case law on implementing its requirements. However, challenges are already emerging in implementing the MiCA provisions relating to CASP licenses at the national level.


For the new rules to be effective in an EU member state, such states must bring their national legislation in line with MiCA (also known as implementation). However, some countries have faced the problem of a short timeframe and have not yet managed to do so. 


For example, Poland is one of the few EU member states that has not yet adopted legislation to implement MiCA decisions into its national legal framework as of January 2025. The Polish legal system lacks the necessary mechanisms to support the implementation of MiCA, making it impossible to apply for a CASP license. However, CASPs can prepare for the start of licensing by getting all the necessary documents ready. The same countries remain Portugal and Belgium


Meanwhile, some EU countries have already granted their first CASP licences to companies. Boerse Stuttgart Digital, for example, is the first German cryptocurrency service provider to get a pan-European license under the Markets in Cryptocurrency Assets Regulation (MiCA). This allows the company to provide crypto services across the EU.


Crypto.com has also received preliminary approval for a CASP license from Malta's Financial Services Authority, demonstrating full compliance with MiCA requirements.


Our company insights and advice


Cryptocurrency companies must navigate the new regulatory landscape under MiCA if they want to solidify their position in the European market. Drawing on our insights and experience, we present the key takeaways and advice to ensure a smooth transition and successful compliance.


1. Early-bird preparation is a key priority.


The MiCA compliance journey is both detailed and time-sensitive. Companies must take advantage of the grandfather clause and use the 18-month transition period to thoroughly prepare. This involves:

  • Conduct an in-depth gap analysis to identify discrepancies between current operations and MiCA requirements.

  • Developing or refining internal compliance frameworks, including AML/CFT measures and data protection protocols.


2. Transparency is the core of MiCA


MiCA emphasizes transparency and customer protection, making it vital to establish robust systems for:

  • KYC (Know Your Customer) and customer due diligence.

  • Transparent reporting and record-keeping to prevent financial crimes.

  • Clear communication with customers regarding their rights and the security of their assets.

It is essential to comply with these requirements. This is the only way to ensure regulatory approval and enhance customer confidence and brand reputation.


3. Compliance undoubtedly opens doors to new market opportunities.


MiCA is the key to seamless CASP operations across the EU, eliminating the need for additional licensing in multiple member states. Obtain a single CASP licence and your company can:

  • Expand services to new markets within the EU.

  • Attract institutional investors by positioning itself as a regulated and trustworthy service provider.

  • Gain a competitive edge over non-compliant companies that may face restrictions or penalties.


Here's the final advice: think of compliance as a long-term investment.


Achieving and maintaining MiCA compliance is not just a regulatory obligation. It is a long-term investment in the growth, credibility and sustainability of your business. Companies that take a strategic approach to compliance and capitalise on the opportunities it presents will thrive in the emerging European crypto market.

                                                 

So, whatever stage your business is at, prepare now, act strategically, and see MiCA compliance as an opportunity to grow your business, not an obstacle to overcome.


Conclusion


MiCA is the start of a new era for the cryptocurrency industry in the European Union. It sets clear and unified rules for crypto asset service providers. While compliance may seem challenging, it presents a clear opportunity to build trust, expand markets and drive innovation. Companies who prepare early, strategically adapt to the new regulations and embrace transparency will position themselves for long-term success in this regulated yet promising environment.



Comentários


Os comentários foram desativados.
bottom of page