Skip to content
Horizon Scanner
Book a demo
GlossaryMiCA

What is a CASP authorisation under MiCA?

Short answer

The CASP authorisation under Art. 60 et seq. of Regulation (EU) 2023/1114 (MiCA) is the EU-wide authorisation for crypto-asset service providers. It supersedes national crypto permissions and confers EU passporting (Art. 65) — an authorisation granted in one member state allows operation across the EU after written notification. The activity catalogue (Art. 3(16)) comprises seven service types, including custody, exchange, brokerage, advice and portfolio management.

Last updated:

01The seven CASP services (Art. 3(16))

The CASP authorisation covers one or more of the following service types: (1) custody and administration of crypto-assets on behalf of clients; (2) operation of a trading platform for crypto-assets; (3) exchange of crypto-assets for fiat or for other crypto-assets; (4) execution of orders for clients; (5) placing of crypto-assets; (6) reception and transmission of orders for clients; (7) advice, portfolio management or transfer services [1].

Crucially: the applicant specifically lists the activities to be authorised in the application. A later expansion to non-listed activities requires a material amendment with a renewed completeness and substantive review by the supervisor — in 2026 practice with 3 – 6 months of processing time.

02Application process and minimum items

Art. 60(7) lists the formal application items: minimum capital (between €50,000 and €150,000 depending on the activity), business-model plan over 3 years, governance structure, operations programme, ICT risk framework, conflict-of-interest policy, custody plan (if custody), reserve-asset policy (if issuance) [1]. Art. 63 gives the supervisor 25 working days for the completeness check and a further 40 working days for the substantive review; with the stop-the-clock mechanism, realistically 4 – 8 months to a decision.

03EU passporting under Art. 65

Once authorisation is granted, Art. 65 confers a passporting right: the authorised CASP may provide services in all other EU member states by giving written notice to the relevant national supervisors. Receiving supervisors have 10 working days to respond. ESMA's central register publicly lists all passported CASPs [2].

04Transitional regime (Art. 143(3)) — expires in 2026

For CASPs that were already operating under a national regime before 30 December 2024, Art. 143(3) provides a transitional regime: up to 18 months continued operation under the national regime, expiring at the latest on 1 July 2026 [1]. The full MiCA application must reach the supervisor within that window. The deadline is a ceiling — many member states chose shorter windows (e.g. Malta and Cyprus: 9 months, Spain and Italy: 12 months).

05Consistency with DORA and AMLR

From 30 December 2024 CASPs fall within the scope of DORA (Art. 2(b) DORA) — their ICT risk framework must be consistently documented in the MiCA application and the DORA register. From 10 July 2027, CASPs are additionally obliged entities under AMLR and subject to the KYC single rulebook. 2026 inspections actively check the consistency between MiCA application, DORA register and AMLR preparation [3].

Sources

Every cited claim links to the primary source. External links open in a new tab.

  1. [1]Regulation (EU) 2023/1114 (MiCA) — full text on EUR-Lex
  2. [2]ESMA — Register of passported CASPs
  3. [3]Regulation (EU) 2024/1620 (AMLR) — full text on EUR-Lex

See Horizon Scanner in action.

Twenty minutes. No slides.

Book a demo