Skip to content
Magist
AnalyzeRegulationsVendorsCounselUpdatesCompareAbout
← All Controls

MiCA CASP authorization (crypto-asset services)

mica-casp-authorizationDomain: paymentsType: process

Description

MiCA CASP authorization is the EU's single licensing regime for crypto-asset service providers, introduced by Regulation (EU) 2023/1114 (the Markets in Crypto-Assets Regulation), phased in through 2024 and 2025, and replacing the prior patchwork of national virtual-asset registrations with a passportable EU authorization. A firm authorized as a CASP by one member-state competent authority can provide the authorized services across the EU under the freedom-to-provide-services framework, which is the structural feature that distinguishes MiCA from the national-by-national virtual-asset registrations it superseded (BaFin in Germany, AMF in France, CONSOB in Italy, MFSA in Malta, CSSF in Luxembourg, and others each operated parallel regimes that an EU-wide crypto operator previously had to satisfy in series). The services covered by the regime under MiCA Article 3(1)(16) and Annex IV are ten in number: custody and administration of crypto-assets on behalf of clients; operation of a trading platform for crypto-assets; exchange of crypto-assets for funds (fiat); exchange of crypto-assets for other crypto-assets; execution of orders for crypto-assets on behalf of clients; placing of crypto-assets; reception and transmission of orders for crypto-assets on behalf of clients; advising on crypto-assets; portfolio management of crypto-assets; and providing transfer services for crypto-assets on behalf of clients (the last one added during the final negotiation phase and now folded into the standard scoping question for new authorizations). Authorization requires compliance across four substantive pillars. The prudential pillar sets initial capital between 50,000 EUR (Class 1: advisory and order-reception-only services), 125,000 EUR (Class 2: custody, exchange, execution, placing, transfer), and 150,000 EUR (Class 3: operating a trading platform), with an additional own-funds requirement that scales with operating volume and asset-under-custody balances. The governance pillar requires fit-and-proper assessments of the management body, a documented risk-management function, an internal audit function proportionate to the size of the operation, and a complaints-handling procedure. The conduct-of-business pillar imposes best-execution duties, conflict-of-interest disclosure, client classification analogous to MiFID II's retail/professional split, and detailed rules on marketing communications. The disclosure pillar requires white papers for offerors of crypto-assets to the public, with content requirements that vary by token type and that are reviewed by the relevant member-state competent authority before publication. Issuers of asset-referenced tokens (ARTs) and e-money tokens (EMTs) carry additional obligations under separate MiCA titles (Titles III and IV respectively), including reserve-asset segregation, redemption-at-par-value commitments for EMTs, and stricter capital and governance requirements for ART issuers; significant ARTs and EMTs sit under the direct supervision of the European Banking Authority rather than the national competent authority that authorized the issuer. The transitional regime is the live operational question for crypto operators with EU footprints. Firms that were previously registered or authorized to provide crypto-asset services under national law before 30 December 2024 may continue providing those services under the prior regime until 1 July 2026 (with shorter periods in some member states that elected the 12-month rather than the 18-month transitional window). After the transitional period ends, operating without CASP authorization is prohibited and exposes the firm to administrative sanctions plus the possibility of criminal liability in member states that have transposed the regulation with criminal-enforcement overlays. The authorization timeline is typically 6 to 9 months from a complete application; starting the application less than that long before the transitional deadline materially increases the risk of an enforcement gap.

Applicability

Applies when: markets include EU AND sector is fintech.

How predicates are evaluated

Required by (1 regulation)

  • EU MiCA

    MiCA Articles 59-67 + Annex IV — CASP authorization for any of 10 crypto-asset services; Class 1/2/3 prudential capital scaled to service category (€50K/€125K/€150K); transitional regime expires 1 July 2026.

    Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023

    Source →

Fulfilled by (1)

  • In-house build · high effort

Magist does not accept payment from vendors. Methodology.

Evidence formats

  • MiCA authorization decision
  • white-paper register (where applicable)
  • capital adequacy reports

Magist provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions.

Magist

Pre-launch regulatory analysis for product teams. Built by a lawyer, designed for PMs.

Tools

  • Analyze
  • Guided walkthrough
  • Vendors
  • Find counsel
  • Saved analyses

Reference

  • Scope by business model
  • Scope by jurisdiction
  • App ratings
  • Regulations
  • Compare regulations
  • Enforcement
  • Browse Controls
  • Vendor coverage
  • Radar
  • Pulse
  • Changelog
  • Guides
  • Regulatory updates
  • Open data
  • Corpus license
  • Ontology
  • State of Compliance

Solutions

  • For legal teams
  • For engineering
  • For executives
  • For law firms
  • For investors
  • For teams →

About

  • About Magist
  • Methodology
  • Editorial standards
  • Reviewers
  • Coverage status
  • Corrections
  • Trust
  • Coverage scope
  • How we handle data
  • Sub-processors
  • FAQ

Built by Neel Patel, a practicing in-house games attorney. Games touch more compliance domains at once than anything else in tech — Magist was designed around that.

Magist provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions. Operated by a Washington-licensed attorney. Not licensed in California or other US states. Magist provides legal information; consult a licensed attorney in your jurisdiction.

Magist is an instrument, not a consultancy. It does not sell compliance services or take payment from vendors for placement; the analysis is the same for everyone. No vendor, sponsorship, or referral fees, ever.

MethodologyLimitationsDisclosures

© 2026 Magist
TermsLicensePrivacySecurityLinkedIn