CASP Passporting: What It Unlocks - And What It Doesn’t, part 2

What CASP passporting does not unlock

Now for the less glamorous part. Passporting does a lot, but it doesn’t change everything.

1. It doesn’t make you “regulated everywhere, for everything”

MiCA covers a defined list of crypto-asset services (custody, trading, exchange, portfolio management, etc.) and certain types of tokens. It does not magically authorise:

• activities outside the MiCA perimeter (for example, certain DeFi protocols, NFTs that truly are “non-fungible”, or pure software tools),
• non-crypto financial services (like traditional investment advice or deposits),
• services in third countries (outside the EU/EEA).

The French regulator AMF is clear in its MiCA explainer that the regulation is aimed at crypto-assets not already covered by existing financial-services rules, and does not replace other regimes such as MiFID for securities.AMF – The European regulation Markets in Crypto-Assets (MiCA) AMF France

If your product straddles several regimes (for example, tokenised securities plus “plain” crypto), expect to deal with more than one licence.

2. It doesn’t override all host-country rules

Passporting means you don’t have to get a second MiCA authorisation in, say, France if you’re licensed in Ireland. It does not mean host countries suddenly lose all power.

Host regulators still have tools via:

• local implementation of MiCA and related laws,
• consumer-protection and marketing rules,
• general contract, tax and AML laws.

And politically, you can feel the tension. In September 2025, Reuters reported that France signalled it might try to block certain crypto firms from operating on its territory even if they hold a licence in another EU state, citing fears of “regulatory shopping” and inconsistent supervision.Reuters – France threatens to block crypto licence ‘passporting’ Reuters

That’s not how passporting is supposed to work - but it shows that, in practice, some host states are willing to push back if they think standards elsewhere are too lax.

3. It doesn’t let you blur the line between regulated and unregulated products

ESMA has already had to step in here.

In July 2025, Europe’s securities regulator warned that some CASPs are using their MiCA-regulated status as a marketing hook, while offering both regulated and unregulated products on the same platform - and not making it clear to customers which is which.Reuters – ESMA warns about crypto firms misleading customers Reuters

The message is pretty simple: passporting is not a licence to sprinkle “MiCA-regulated” dust over your entire product catalogue. You need sharp disclosure and product-governance lines.

4. It doesn’t free you from AML, tax or other horizontal rules

MiCA sits on top of – not instead of – other EU and national frameworks:

• AML/CFT rules (including the upcoming EU AML Regulation and AML Authority),
• sanctions,
• tax reporting obligations,
• general cyber-security and operational-resilience expectations (for large players, eventually DORA-type rules).

Passporting doesn’t change any of that. If anything, supervisors might expect more from passported firms, because their footprint is bigger.

Grey areas and political weather

Because MiCA is new, some of the most interesting questions around CASP passporting aren’t fully settled yet.

A few examples that practitioners are watching:

• Delegation to third countries: legal analysis of MiCA has flagged concerns around how far EU CASPs can outsource or delegate essential functions to non-EU entities while still claiming to be “EU supervised”. Some legal commentary notes that the European Commission is already under pressure to review parts of MiCA, including rules on third-country outsourcing and cyber-security. Regulation Tomorrow
• Authorisation standards and “fast-track” regimes: ESMA’s scrutiny of certain Member States’ authorisation processes (including a peer review of Malta) shows worries that some jurisdictions might be more generous than others, reviving the old “light-touch vs strict” debate inside the EU. Reuters
• Timing and transitional regimes: Not every firm will flip from national regimes to MiCA authorisations overnight. National authorities have transitional regimes, and firms will need to manage the shift without creating periods where their cross-border status is unclear.

None of this kills the idea of passporting. But it does mean 2025–2027 will be a time of negotiation, legal interpretation and, frankly, some regulatory politics.

What this means if you’re building or scaling a CASP

If you’re a founder, product lead or compliance officer looking at MiCA passporting, it helps to think in two columns: “real unlocks” vs “dangerous illusions.”

Real unlocks

• You can design one EU-wide crypto-asset service model instead of 10 different local regimes.
• You can talk to investors about a single licence unlocking access to ~450 million potential consumers.
• You can centralise governance, risk and compliance functions instead of duplicating them in every Member State.

Dangerous illusions

• Thinking “passporting” = “no one else can touch us once we’re licensed”. Host states and ESMA still have teeth.
• Assuming everything on your platform automatically enjoys MiCA protections just because you are licensed. Clients will be reading the small print - and so will supervisors.
• Treating the home regulator as a box-ticking formality. Under MiCA, NCAs are expected to coordinate and share information; a weak file in one country can quickly become everyone’s problem.

So… is CASP passporting worth it?

If your ambitions are local, maybe not. If you’re building a niche, domestic crypto business, staying under a national regime (where still available) or partnering with an already-licensed provider might be enough.

But if you’re serious about EU-wide scale in crypto-asset services, MiCA passporting is likely to become as central to your strategy as PSD2 was for payments or MiFID for investment firms.

Just treat it for what it is:

• a powerful mechanism to reach multiple markets under one regulatory roof,
• bounded by firm legal limits,
• operating in a political environment where “regulatory arbitrage” is a dirty phrase.

Build for the real unlocks, not the myths - and you’ll be in a much better position to use CASP passporting as a growth tool rather than a future headline in a supervisory warning.