The New Era of Crypto Businesses
Do you remember the days when you could register a crypto exchange in a few months, following basic AML/CFT (anti-money laundering and counter-terrorism legislation) requirements, and that was enough for VASP status? But everything has changed. Europe hit the refresh button and introduced a new regulatory game — with transparent rules, a focus on risk control and authorization.
Welcome to the world of MiCA — Markets in Crypto Assets Regulation!
The new European Union (EU) regulation puts an end to the era of simplified approaches to crypto business regulation. Since December 30, 2024, the VASP status has become a thing of the past, and a new format has been introduced — Crypto-Asset Service Provider (CASP).
Thus, for the first time in the history of the EU, unified requirements for cryptocurrency service providers were established. Now, in order to continue operating legally in the EU market, they must obtain a CASP license.
What has changed or briefly about the new reality of MiCA:
1. Companies that provide services with crypto-assets must obtain a CASP license, even if they previously had a local VASP registration.
2. Common requirements for capital, management structure, and internal control have been established.
3. Stricter requirements for AML/CFT, compliance, and transparency of work with clients.
4. A clear definition of crypto-assets is introduced, including utility tokens, asset-referenced tokens, and e-money tokens.
Who is CASP and what are the requirements for entering the EU crypto market?
There are a number of requirements that everyone who wants to obtain a CASP license needs to know:
1. Directors and shareholders
· There are strict requirements for education, experience, and reputation for directors and shareholders.
· One of the directors must be a resident of the EU.
· There must be at least one shareholder with any residency, except for sanctioned countries.
2. Authorized capital
Depends on the type of CASP activity:
· Class 1 — EUR 50,000 is applicable for CASPs that provide the following services:
- execution of orders on behalf of clients,
- placement of crypto-assets,
- providing services for the transfer of crypto-assets on behalf of clients,
- receiving and transferring orders for crypto-assets on behalf of clients,
- providing advice on crypto-assets,
- providing crypto-asset portfolio management services.
· Class 2 — EUR 125,000 applies to CASPs that provide any of the services from Class 1 and:
- providing storage and administration of crypto-assets on behalf of clients,
- exchange of crypto-assets for funds,
- exchange of crypto-assets for other crypto-assets.
· Class 3 — EUR 150,000 applies to CASPs that provide any of the services from Class 2 and:
- operation of a trading platform for crypto-assets.
The authorized capital for future CASPs must be placed in a credit institution (bank, credit union, etc.) that is authorized to operate within the European Economic Area (EEA).
3. Compliance with AML/CFT rules and procedures
· Availability of a Compliance Officer and a Money Laundering Reporting Officer (MLRO).
· Developed AML/CFT policy package.
4. Audit
· Conducting an IT audit for compliance with the Digital Operational Resilience Act (DORA).
5. Physical office
· A CASP must have a physical office in an EU member state, where some of the services related to crypto-assets will be provided.
Transition period for VASPs:
The MiCA provides for a transitional period that allows companies with a valid VASP registration in a particular EU member state to continue operating for a limited time without a CASP license, but only within that country.
What the law says:
Article 143 of the MiCA allows states to maintain the validity of national VASP registrations until July 1, 2026 (the maximum period), provided that the company was registered before December 30, 2024; applied for a CASP license within the established deadline; and does not operate outside the jurisdiction without authorization.
At the same time, each EU member state has the right to set its own shortened period for VASPs.
What is the procedure for obtaining a CASP license?
Applying for a CASP license is a full-fledged process that is applicable in most EU countries and includes the following steps:
Step 1: The application is submitted to the national regulator (for example, in Cyprus — to CySEC (Cyprus Securities and Exchange Commission) together with the full package of documents required by MiCA.
Step 2: The regulator sends an official confirmation of receipt of the application within 5 business days. From this point on, the application is considered officially accepted for consideration.
Step 3: Within 25 business days, the regulator checks whether the submitted package of documents is complete. If something is missing, the applicant is informed and given a clear deadline for submitting additional documents.
Step 4: Once the application is deemed complete, a detailed review of the content of the documents begins: compliance with the requirements, assessment of policies, organizational structure
Step 5: If clarifications arise during the review, the regulator has the right to send an additional request within 20 business days, which may extend the overall assessment period.
Step 6: After the analysis is completed and all responses are received, the competent authority makes the final decision to issue or refuse a CASP license. The process should be completed within 40 business days from the date of submission of the complete application.
Step 7: The decision (on approval or denial) is sent to the applicant within 5 business days after the decision is made. The scale, complexity and type of services to be provided are taken into account.
Step 8: The national regulator is obliged to notify the European Securities and Markets Authority (ESMA) of its decision within 2 business days of the decision.
Step 9: Upon receipt of the information, ESMA publishes the company’s data in its official register of CASPs. From that moment on, the CASP is authorized to operate throughout the EU.
How many CASPs have already been authorized in the EU as of May 1, 2025?
A number of companies have already obtained CASP licenses in their respective jurisdictions. At the time of publication, 19 CASPs were registered in ESMA’s public register, in particular in the following countries:
1) Germany (7 companies): Boerse Stuttgart Digital Custody GmbH, Crypto Finance (Deutschland) GmbH, Bitpanda Asset Management GmbH, Tangany GmbH, Upvest GmbH
2) Malta (5 companies): ZBX, Bitpanda, Crypto.com, Altarius Asset Management Limited, P2P Finance Ltd.
3) Netherlands (5 companies): Zebedee Europe B.V., MoonPay Europe B.V., Bitonic B.V., Coinmerce B.V., Satang Europe B.V.
4) Austria (1 company): Bitpanda.
5) Cyprus (1 company): eToro.
The CASPs registry already reflects the first wave of strong and public players that have passed through a serious filter of regulators. This is a signal to the rest of the participants: preparations should begin today in order not to be left out of the new European crypto landscape.
Implementation of MiCA at the national level
Lithuania
· Regulator: Lietuvos banko.
· Applications for CASP license are accepted by the regulator.
· Transition period: Existing VASPs have to apply by July 1, 2025.
Estonia
· Regulator: Finantsinspektsioon.
· The application process started on January 1, 2025.
· Transition period: VASPs have to transform into CASPs by July 1, 2026.
Czech Republic
· Regulator: Česká Národní Banka (ČNB).
· The Czech Republic accepts applications from those wishing to obtain a license.
· Transition period: A person who had a permit to provide cryptocurrency-related services before December 30, 2024, and applied for a CASP license before July 31, 2025, may continue to carry out these activities until the date of entry into force of the decision on the application for permission to operate as a CASP, but no later than July 1, 2026.
Poland
· Regulator: Komisja Nadzoru Finansowego (KNF).
· The KNF does not yet accept applications for a CASP license, but preparation for this process (documentation, internal structure, compliance with DORA requirements) is recommended now.
· Transition period: The Polish law on crypto-assets has not yet been adopted.
Are the MiCA rules a new architecture for the EU crypto market?
Yes, because MiCA is a systemic reboot of trust, transparency, and responsibility in the crypto-asset sector. MiCA standards form a new reality in which crypto business ceases to be a “gray sector” and becomes a full-fledged, regulated participant in the European economy.
For crypto companies, this is not just a challenge, but also an opportunity:
· get the right to operate in all 27 EU countries without an additional license;
· strengthen the trust of banks, partners, and customers;
· prove a competitive advantage in negotiations with investors.
So, while some crypto companies are still hesitating and watching, the real leaders are already taking action — formulating a strategy, collecting documents, and applying for authorization to be among the first.
.png)
.png)
.png)
.png)
.png)
