EU MiCA licensing explained: how CASP authorisation works (and what “VASP licence” means now)

There’s a moment every crypto founder hits in Europe.

It usually happens during a bank onboarding call, a partner due diligence questionnaire, or a fundraising meeting with someone who has seen a few regulatory cycles. The question is never philosophical. It’s practical:

“So… what’s your MiCA plan?”

Because MiCA - the Markets in Crypto-Assets Regulation - is now the baseline legal framework for providing crypto-asset services in the EU. And for exchanges, custody businesses, brokers, and platforms, that means one big thing: CASP authorisation.

This is a high-level, landing-page style guide to EU MiCA / VASP / CASP licensing, with a focus on what teams actually need to do to get ready - and where to find reliable, official sources.

What MiCA is (and why “VASP licence Europe” is now basically “CASP authorisation”)

MiCA is Regulation (EU) 2023/1114 - it sets uniform EU requirements for crypto-assets and for crypto-asset service providers (CASPs). The full regulation text is here (EUR-Lex): https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng

ESMA’s MiCA hub explains the purpose clearly: one EU framework covering transparency, disclosure, authorisation and supervision for key crypto activities.

Before MiCA, people used “VASP” as the generic word for “a crypto business that needs AML registration.” Under MiCA, the more precise term for licensing is CASP - and the core deliverable is the crypto asset service provider licence / CASP authorisation.

So when someone asks for a “VASP licence Europe consulting,” they usually mean:help me get MiCA-ready and obtain CASP authorisation in an EU member state.

What services are covered by CASP authorisation?

MiCA sets requirements for crypto-asset service providers, meaning firms that provide defined crypto services (think: exchange, custody, execution, transfer, etc.) under a harmonised EU rulebook. (The legal text defines the scope and requirements for CASPs.)

In founder language, CASP authorisation is most relevant for:

• crypto exchange MiCA licence (fiat/crypto, crypto/crypto)
• custody service MiCA authorisation (custodial wallets, safeguarding)
• broker/execution models
• transfer and payment-like crypto flows

The MiCA CASP licence application: what regulators actually want

If you want the fastest “what does a good application look like?” shortcut, read ESMA’s Supervisory Briefing on CASP authorisation. It’s designed to align national regulators (NCAs) and clarify expectations for applicants. PDF here: https://www.esma.europa.eu/sites/default/files/2025-01/ESMA75-453128700-1263_Supervisory_Briefing_on_Authorisation_of_CASPs.pdf

ESMA also published a news note pointing to this guidance and why it matters.

At a high level, a MiCA CASP licence application is not just “forms.” It’s a structured package proving that:

• your governance is real (not just names on an org chart)
• your compliance program matches your risks
• you can operate safely (including ICT and outsourcing control)
• you can protect clients and handle complaints and incidents

That’s what people mean by:

• MiCA CASP licence application
• MiCA application documentation support
• CASP authorisation MiCA support
• MiCA gap analysis / MiCA readiness assessment

MiCA compliance program: the pieces you’ll be building anyway

Most teams underestimate MiCA because they treat it like “one more licence.” In practice, MiCA is an operating standard.

A good MiCA compliance program typically includes:

Governance and “fit & proper” readinessMiCA pushes hard on who runs the firm and whether leadership is suitable. EBA and ESMA issued joint guidelines on suitability for CASP management body members and qualifying shareholders. 

Conflicts, remuneration, governance controlsEBA has published regulatory products under MiCA on governance, conflicts of interest and remuneration. https://www.eba.europa.eu/publications-and-media/press-releases/eba-publishes-governance-regulatory-products-under-markets-crypto-assets-regulation

ICT and outsourcing controlsEven if MiCA is the licensing label, your real-world supervision will touch ICT resilience and outsourcing (and, in many cases, DORA alignment). This is why “MiCA governance and ICT requirements” and “MiCA outsourcing compliance” are common workstreams alongside the application.

AML is still there (MiCA doesn’t replace it)MiCA is not an AML law. You still need AML/CFT compliance under the EU AML framework, plus local implementation - which is why “MiCA AML compliance for CASP” is usually a combined project: MiCA authorisation + AML readiness.

MiCA licensing in Poland / Lithuania / Czech Republic: choosing a home regulator

MiCA is EU-wide, but the licence is obtained via a national competent authority (NCA). That’s why you see demand for:

• MiCA licensing Poland
• MiCA licensing Lithuania
• MiCA licensing Czech Republic

The strategy is typically about:

• regulator experience and responsiveness
• local substance requirements (people, office, decision-making)
• banking and payment rails access
• timelines and application pipeline

Important note: “country comparisons” change fast as regulators publish local rules and begin processing applications. So for a serious country-choice decision, you should treat it as a live research task, not a static blog claim.

MiCA travel rule implementation (quick note)

If you operate transfers, you’ll also face “Travel Rule” obligations in the EU via separate AML rules (funds transfer regulation updates). In practice, CASPs implement Travel Rule tooling alongside KYT/transaction monitoring. This is why “MiCA travel rule implementation” is often bundled into the licensing roadmap - even though the Travel Rule is not “MiCA itself.”

A simple CASP licensing roadmap (the one that actually works)

Here’s the practical sequence most teams follow:

1. Scope mappingWhat services are you providing under MiCA? Exchange, custody, execution, transfer, etc.
2. MiCA gap analysis / readiness assessmentCompare current ops vs. MiCA expectations (governance, policies, ICT, outsourcing, complaints, safeguarding, disclosures).
3. Build the compliance core

• policies and procedures (MiCA + AML)
• risk framework
• governance documentation
• outsourcing register and oversight
• incident and complaint handling

1. Application documentation supportPrepare the full MiCA CASP licence application pack aligned to NCA expectations (ESMA supervisory briefing is the reference for what “good” looks like). https://www.esma.europa.eu/sites/default/files/2025-01/ESMA75-453128700-1263_Supervisory_Briefing_on_Authorisation_of_CASPs.pdf
2. Submission + regulator Q&A cycleExpect clarifications. Plan internal bandwidth for fast responses.
3. Go-live + ongoing obligationsReporting, audits, controls testing, outsourcing monitoring - licensing is day 1, not the finish line.