Meet Dr. Marcus Hartmann
Dr. Marcus Hartmann has spent over two decades at the intersection of financial law and emerging technology. Based in Zug — Switzerland's Crypto Valley — he has guided startups, trading platforms, and institutional investors through the full spectrum of VASP licensing: from FINMA FinTech notifications to MiCA CASP applications and offshore structuring across 60+ jurisdictions.
He joined CryptoLicenses.net as Senior Licensing Advisor after a decade leading the fintech practice of a Swiss-regulated law firm, where he managed regulatory mandates in the UAE, Singapore, Liechtenstein, and the Cayman Islands.
- MiCA entered full force on December 30, 2024 — all crypto-asset service providers in the EU must be authorized or wind down
- The regulation applies uniformly across all 27 EU member states, replacing 27 separate national regimes
- MiCA covers three asset categories: Asset-Referenced Tokens (ART), E-Money Tokens (EMT), and all other crypto-assets including utility tokens
- A single CASP authorization provides passporting rights to operate in all 27 EU countries
- Minimum capital requirements start at €50,000 for Class 1 CASPs and rise to €150,000 for Class 3
- The 18-month transitional period ended June 30, 2026 — no more grandfathering under prior national registrations
What is MiCA?
MiCA — Markets in Crypto-Assets Regulation — is EU Regulation 2023/1114. It is the first comprehensive regulatory framework in the world to cover crypto-assets at a pan-jurisdictional level, creating a single set of rules for the issuance of crypto-assets and the provision of crypto-asset services across the entire European Union.
MiCA was adopted by the European Parliament on April 20, 2023 and published in the Official Journal of the EU on June 9, 2023. Its stablecoin provisions (covering ART and EMT issuers) entered into application on June 30, 2024. The provisions covering crypto-asset service providers (CASPs) entered full application on December 30, 2024.
Before MiCA, each EU member state maintained its own national crypto regulatory regime — ranging from strict licensing in France and Germany to lighter VASP registrations in Poland and Estonia. This fragmentation made it impossible to passport a national crypto authorisation across borders. MiCA eliminates this patchwork by creating a single EU-wide authorisation that any CASP can passport into all remaining 26 member states.
MiCA's scope is deliberately broad. It covers the issuance of crypto-assets to the public, the admission of crypto-assets to trading, and the provision of any of the ten designated crypto-asset services. It applies to any legal entity that offers these services to EU clients — regardless of where that entity is incorporated.
What MiCA Does Not Cover
MiCA explicitly excludes certain asset categories: crypto-assets that qualify as financial instruments under MiFID II (these remain covered by securities law), crypto-assets that are e-money under the E-Money Directive, truly non-fungible tokens (NFTs) with no fungible or fractionalized characteristics, and crypto-assets that are deposits or structured deposits. The regulation also carves out fully decentralised services where there is no identifiable service provider — though regulators have made clear this exclusion is narrow and fact-specific.
MiCA Timeline — From Adoption to Enforcement
2023
On June 9, 2023, MiCA (EU Regulation 2023/1114) was published in the Official Journal of the European Union. This marked the formal legal existence of the regulation and started the implementation countdown for both national competent authorities (NCAs) and regulated entities.
2023
MiCA entered into force on June 29, 2023 (20 days after OJ publication). ESMA and EBA began developing the extensive technical standards (RTS and ITS) required to implement the regulation. Member states began designating their national competent authorities (NCAs) for MiCA supervision.
2024
On June 30, 2024, Title III (ART issuers) and Title IV (EMT issuers) of MiCA entered application. Any entity issuing asset-referenced tokens or e-money tokens in the EU from this date required authorization from its home state NCA. This affected stablecoin issuers including large players operating euro-pegged and multi-asset tokens.
2024
December 30, 2024 was the critical date: all CASP provisions of MiCA entered full application. Any entity providing crypto-asset services in the EU from this date must hold a MiCA CASP authorization or operate under the transitional arrangements available to providers previously registered under national law. The transitional period allowed existing nationally-registered CASPs up to 18 months (until June 30, 2026) to obtain MiCA authorization.
2026 marks the transition from implementation to active enforcement. NCAs across the EU have significantly increased supervisory activity, conducting on-site inspections, reviewing compliance programs, and taking enforcement action against unlicensed operators and licensed CASPs failing ongoing obligations. The transitional period for prior national registrations ended June 30, 2026 — any CASP not holding a MiCA authorization by this date is operating unlawfully in the EU.
"MiCA is the most consequential regulatory development in crypto since the FATF Travel Rule. For the first time, a business can obtain a single authorization and operate legally in 27 countries — that is transformational. But the complexity of the application process and the ongoing obligations are real: the 18-month transition period was a grace period, not a reprieve. Businesses that treated MiCA as a future problem now face enforcement."
— Dr. Marcus Hartmann, Senior Licensing Advisor
Three Asset Categories Under MiCA
MiCA creates a tripartite classification system for crypto-assets, with each category subject to distinct rules for issuance, ongoing obligations, and supervision. Understanding which category applies to your token is foundational to MiCA compliance.
| Category | Definition | Issuer Requirements | Supervisor |
|---|---|---|---|
| Asset-Referenced Tokens (ART) | Tokens referencing multiple assets, currencies, or commodities to maintain stable value (e.g., multi-currency baskets) | EU authorization from NCA; minimum own funds of €350,000 or 2% of average reserve; detailed whitepaper; reserve asset management rules; significant ART issuers supervised by EBA directly | NCA (home state); EBA for significant ARTs |
| E-Money Tokens (EMT) | Tokens referencing a single official currency (e.g., euro-pegged stablecoin like EURS) | Must be issued by an authorized credit institution or e-money institution; comply with E-Money Directive requirements; 1:1 redemption at par on demand; reserve assets held in segregated accounts | NCA (home state); EBA for significant EMTs |
| Other Crypto-Assets | All crypto-assets not qualifying as ART or EMT — includes utility tokens, payment tokens, and most project tokens | Publish a whitepaper notified to NCA (no pre-approval required for non-ART/EMT); comply with marketing communications rules; 14-day cooling-off period for retail investors; 12-month liability period post-issuance | NCA of member state where offered |
Classification matters: The ART/EMT distinction is not merely technical. ART issuers face substantially heavier regulatory burdens including own-funds requirements, reserve management rules, and potential direct EBA supervision if deemed "significant" (>10M token holders or >€5B reserve value). Misclassifying a token can expose issuers to regulatory action.
CASP License — Who Needs It
A Crypto-Asset Service Provider (CASP) authorization under MiCA is required for any legal entity that provides one or more of the ten designated crypto-asset services in the EU on a professional basis. This is not optional — operating any of these services without authorization from the date of application is a criminal offence in most EU member states.
Holding private keys or equivalent control mechanisms on behalf of third parties. This covers hot and cold wallet services, custody platforms, and any arrangement where a service provider controls client crypto-assets.
Running a multilateral system that matches buy and sell orders. Covers centralized exchanges (CEX), order-book platforms, and automated market makers operated by an identifiable entity.
Buying or selling crypto-assets against legal tender, on own account. Covers OTC desks, fiat-crypto on/off ramps, and payment gateway services converting between fiat and crypto.
Buying or selling crypto-assets against other crypto-assets on own account. Covers crypto-to-crypto OTC operations, market making desks, and token swap services.
Acting on behalf of clients to buy or sell crypto-assets or subscribe to crypto-assets. Includes broker-dealers, agency trading desks, and execution-only platforms.
Marketing newly issued or existing crypto-assets to buyers on behalf of the issuer. Covers ICO/IDO arrangers, token sale platforms, and placement agents for crypto securities.
Receiving and transmitting client orders to a trading platform or execution venue. Covers introducing brokers, referral platforms with order routing, and aggregator services.
Offering personalized recommendations to a client about crypto-assets. Includes robo-advisors, personal finance apps with crypto recommendations, and IFA services covering digital assets.
Managing portfolios of crypto-assets on behalf of clients on a discretionary basis. Covers crypto hedge funds managing third-party capital, discretionary managed accounts, and automated crypto portfolio services.
Providing services of transfer of crypto-assets from one distributed ledger address or account to another, on behalf of natural or legal persons. Covers crypto payment processors, remittance services, and wallet-to-wallet transfer platforms.
- Any EU-incorporated entity providing the above services to EU clients on a professional basis
- Non-EU entities targeting EU clients with any of the ten services (subject to reverse solicitation limits)
- Entities previously operating under national VASP registrations who have not yet obtained MiCA authorization
- New market entrants — no grandfathering available for businesses starting after December 30, 2024
- Crypto exchanges offering services to retail EU clients regardless of where the platform is hosted
Not sure which licence fits your business? Get a free 30-minute consultation with our advisors. We'll review your model and recommend the right jurisdiction.
Get Free Consultation →MiCA Passporting — One License, 27 Countries
One of MiCA's most commercially significant features is the EU passporting regime. A CASP authorization granted by any EU member state's national competent authority (NCA) can be passported to provide the same services across all other 26 EU member states — without requiring separate authorization in each country.
This is a transformational change from the pre-MiCA landscape, where a crypto business wanting to operate across multiple EU countries needed separate national registrations or licences in each, with no mutual recognition. Under MiCA, one authorization covers the entire EU single market of 450 million people.
How Passporting Works Under MiCA
A CASP wishing to passport must notify its home state NCA of its intention to provide services in one or more other member states. The notification must include: the list of member states where services will be provided, the specific services to be offered, a description of how services will be provided, the expected start date, and details of any agents or tied agents to be used in the host member state.
The home NCA has 10 working days to forward the notification to the competent authorities of each host member state identified. The CASP may begin providing services in the host member state from the date of communication by the home NCA — no host state approval is required. This is a purely notification-based passporting mechanism, not a second authorization process.
Home State Supervisor
The home state NCA — the regulator in the country where the CASP is incorporated and authorized — retains primary supervisory responsibility for the CASP, including when it is providing passported services in other member states. Host state NCAs retain competence for consumer protection rules and local market integrity rules in their jurisdiction.
Strategic Jurisdiction Selection
Because passporting means that the choice of home member state determines which NCA supervises the entire EU operation, jurisdiction selection is a strategic decision beyond simple cost optimization. Key factors include: NCA experience and pragmatism in applying MiCA rules, speed of authorization processing, quality of regulatory dialogue, local substance requirements, and corporate tax rates. Early data from 2025–2026 shows Lithuania, Poland, and the Netherlands processing CASP applications fastest, with average timelines of 3–4 months from complete application.
Passporting vs. prior regime: Before MiCA, a company with a Polish VASP registration could not legally offer services in Germany, France, or Spain — it was a Polish registration only. Under MiCA, a Polish CASP authorization can be passported to all 26 other EU states within 10 working days of notification. The strategic value is substantial.
Capital Requirements Under MiCA
MiCA establishes tiered minimum own-funds (capital) requirements for CASPs, based on the class of services provided. These requirements are not a cost — they represent own funds that must be maintained in the entity throughout the authorization period, not merely at the point of application.
| Class | Minimum Own Funds | Services Covered | Ongoing Requirement |
|---|---|---|---|
| Class 1 | €50,000 | Advice on crypto-assets; Reception and transmission of orders; Portfolio management of crypto-assets | Greater of €50k or one quarter of the prior year's fixed overheads |
| Class 2 | €125,000 | Execution of orders on behalf of clients; Placing of crypto-assets; Transfer services; Operation of a trading platform | Greater of €125k or one quarter of the prior year's fixed overheads |
| Class 3 | €150,000 | Custody and administration of crypto-assets; Exchange for fiat; Exchange for other crypto-assets | Greater of €150k or one quarter of the prior year's fixed overheads |
CASPs providing services from multiple classes must meet the highest applicable minimum — not the sum of all applicable minimums. However, as the entity scales and fixed overheads increase, the "one quarter of fixed overheads" requirement often becomes the binding constraint, substantially exceeding the minimum class threshold.
In addition to own-funds requirements, CASPs must also maintain professional indemnity insurance (PII) covering at least 90% of professional liability exposure, or alternatively hold additional own funds equal to 11.25% of the preceding year's revenue from relevant services. Larger CASPs managing client assets may also face additional prudential requirements set by NCAs.
MiCA vs Global Standards — FATF, UK, US, Singapore
MiCA does not exist in isolation — it is the EU's implementation of international standards developed by the Financial Action Task Force (FATF) and must be understood alongside regulatory frameworks in other major jurisdictions. Understanding how MiCA aligns with and differs from these frameworks is essential for global crypto businesses.
MiCA and FATF Recommendation 15
FATF Recommendation 15 (revised 2019) requires all member countries to regulate Virtual Asset Service Providers (VASPs) for AML/CFT purposes. MiCA goes significantly beyond FATF's minimum standards: while FATF requires basic registration and AML program requirements, MiCA adds prudential requirements (capital, governance, client asset safeguarding), consumer protection rules, market integrity obligations, and a comprehensive authorization (not just registration) regime.
The Travel Rule Under MiCA
The "Travel Rule" for crypto — requiring originator and beneficiary information to accompany crypto transfers — is implemented in the EU through the Transfer of Funds Regulation (TFR, EU Regulation 2023/1113), which applies in parallel with MiCA. The TFR requires EU-regulated CASPs to collect and transmit originator and beneficiary information for all crypto-asset transfers, including transfers to and from unhosted wallets (subject to a €1,000 threshold for most retail transfers). MiCA-authorized CASPs must be fully TFR-compliant as a condition of their ongoing authorization.
MiCA Compared to Other Major Jurisdictions
| Jurisdiction | Framework | Passporting | Travel Rule | Key Difference vs MiCA |
|---|---|---|---|---|
| EU (MiCA) | Full authorization regime, uniform across 27 states | Yes — all 27 EU states | Yes — TFR regulation, all amounts | Reference framework |
| United Kingdom | FCA registration (VASP) transitioning to full authorization under PISCA regime | No — bilateral only | Yes — JMLSG rules, £1,000 threshold | Less comprehensive than MiCA; no passporting; crypto-specific prudential rules still developing |
| United States | Fragmented: FinCEN MSB registration + state money transmitter licences + SEC/CFTC oversight | No — state-by-state | Yes — Bank Secrecy Act rules, $3,000 threshold | No federal crypto-specific law equivalent to MiCA; state patchwork creates high compliance burden; spot crypto ETF approval signals regulatory evolution |
| Singapore | MAS Major Payment Institution licence (PSA) | No — bilateral recognition | Yes — MAS Notice PSN02 | Narrower scope (payment-focused); heavier AML scrutiny; strong institutional credibility |
| UAE (Dubai) | VARA Virtual Asset Service Provider licence | No — Dubai-only | Yes — VARA Travel Rule guidance | Activity-based licence categories; zero corporate tax; no cross-border passporting |
"Jurisdiction selection under MiCA is one of the most strategically consequential decisions a crypto business makes in 2026. It determines which regulator supervises you, which capital standards apply, the quality of ongoing dialogue, and how quickly you can passport. Lithuania and Poland have emerged as the most pragmatic first-choice NCAs for early-stage CASPs — but the optimal answer depends on your business model, team location, and growth strategy."
— Dr. Marcus Hartmann, Senior Licensing Advisor
How to Get a CASP License — 6 Steps
Select the EU member state where you will incorporate and apply. This becomes your home state — the regulator here will supervise your entire EU operation, including passported activities. Consider: NCA processing speed, regulatory pragmatism, local substance requirements, corporate tax, and operational costs.
In 2026, the fastest CASP processing times have been observed in Lithuania (Bank of Lithuania), Poland (KNF), and the Netherlands (AFM/DNB), typically 3–4 months from a complete application. France (AMF) and Germany (BaFin) are more thorough but take 5–8 months and have higher substance requirements.
If your business involves issuing crypto-assets (ART, EMT, or other tokens), you must prepare a MiCA-compliant whitepaper including: issuer details, token description, rights and obligations, underlying technology, risk factors, and a statement of no prior regulatory action. For CASPs not issuing tokens, a whitepaper is not required — but the application package is still extensive.
The core CASP application package includes: incorporation documents, business plan and programme of operations, AML/CFT policy suite (Business-Wide Risk Assessment, CDD procedures, transaction monitoring, sanctions screening), financial projections (3 years), governance structure, management body composition with CVs and fit-and-proper declarations, ICT risk management policies, conflict of interest policy, client complaints procedure, and evidence of capital adequacy.
Submit the complete application to your home state NCA. Most NCAs have dedicated online portals for MiCA CASP applications. The application must be complete — regulators will reject or return incomplete applications without starting the review clock. Engage with the NCA's pre-application process where available (BaFin, AMF, and AFM all offer pre-application meetings).
Ensure your MLRO (Money Laundering Reporting Officer) and senior management team are ready for potential interviews. Several NCAs — particularly BaFin, AMF, and CySEC — conduct mandatory fit-and-proper interviews with key management personnel as part of the review process.
MiCA mandates that NCAs must assess CASP applications within 25 working days of receiving a complete application — and grant or refuse authorization within 40 working days of acknowledging completeness. This works out to approximately 3 months maximum for a complete application. However, if the NCA requests additional information (RFI), the clock can be paused.
Respond to all RFIs promptly and comprehensively. Partial responses or delays in responding to NCA questions are the most common cause of extended timelines. Keep your application documentation current — if your business plan, management team, or capital position changes during review, notify the NCA immediately.
Upon approval, the NCA issues the CASP authorization, specifying the authorized services and any conditions attached. The authorization is registered in ESMA's public register of CASPs — providing EU-wide transparency and confirmation of regulatory status. Your authorization details, including authorized services and home state NCA, are publicly searchable by clients, partners, and counterparties.
Before commencing operations, ensure all systems, policies, and personnel are in place as described in the application. Operating outside the scope of the authorization, or failing to implement the systems described in the application, are serious compliance breaches subject to supervisory action and fines.
Once authorized in your home state, you can passport to provide services in any or all other 26 EU member states by notifying your home NCA. The notification triggers a 10 working-day period during which the home NCA forwards details to host NCAs. Upon completion, you may commence providing passported services in those states.
Maintain ongoing compliance in all states where you operate. Host state NCAs monitor consumer protection compliance and local market rules within their territory. Annual regulatory reporting must cover all member states of operation. Ensure your client-facing documentation, terms of service, and disclosures are adapted for each relevant jurisdiction's language and regulatory requirements.