Introduction

The Markets in Crypto-Assets Regulation (MiCAR) is a landmark framework for the European cryptocurrency industry. It establishes consistent regulatory standards across the EU and EEA. As the first comprehensive crypto regulatory framework, MiCA aims to provide legal certainty, support innovation, and ensure adequate consumer and investor protection throughout Europe. This document provides a comprehensive overview of the grandfathering periods established by each member state, highlighting the complex compliance landscape that CASPs must navigate. This guide will help you with all the essential knowledge, including grandfathering periods, to help you prepare for MiCAR licensing.

Implementing MiCAR presents significant operational challenges for crypto-asset service providers (CASPs) due to varying transition timelines across jurisdictions.  The grandfathering periods—ranging from as short as 5 months to the maximum allowable 18 months—allow existing CASPs to continue operations while preparing for full MiCAR license compliance. The transition began on December 30, 2024, and the latest possible compliance deadline for some jurisdictions with the full 18-month extension is July 1, 2026. 

A MiCAR license in one jurisdiction can be passed across all EEA jurisdictions. Therefore, it is recommended that each business choose a jurisdiction in the EEA that makes the most business sense for them, intending to passporting it across the rest of the EEA. To help with that decision, we have included below an extensive list of all the transition timelines and essential requirements to apply for a CASP license since MiCAR took full effect.

Transition timeline from December 30, 2025

Immediate action required (5-6 months)

– Lithuania (5 months): May 30, 2025

– Latvia (6 months): June 30, 2025

– Hungary (6 months): June 30, 2025

– Netherlands (6 months): June 30, 2025

– Poland (6 months): June 30, 2025

– Slovenia (6 months): June 30, 2025

– Finland (6 months): June 30, 2025

Medium-term implementation (9-12 months)

– Sweden (9 months): September 30, 2025

– Bulgaria (12 months): December 30, 2025

– Ireland (12 months): December 30, 2025

– Greece (12 months): December 30, 2025

– Spain (12 months): December 30, 2025

– Italy (12 months): December 30, 2025. Entities registered as VASPs in the Italian AML/TF register must file their application within six months to benefit from the grandfathering period (by June 30, 2025)

– Austria (12 months): December 30, 2025

– Slovakia (12 months): December 30, 2025

– Liechtenstein (12 months): December 30, 2025

Extended implementation (18 months)

– Czechia (18 months): July 1, 2026. Applicant CASPs must apply before July 31, 2025, to benefit

– Denmark (18 months): July 1, 2026. Applicant CASPs must apply before December 30, 2024, to benefit

– Estonia (18 months): July 1, 2026

– France (18 months): July 1, 2026

– Croatia (18 months): July 1, 2026

– Cyprus (18 months): July 1, 2026

– Luxembourg (18 months): July 1, 2026

– Malta (18 months): July 1, 2026

– Romania (18 months): July 1, 2026

– Iceland (18 months): July 1, 2026

Pending Determination

– Belgium (TBA)

– Norway (TBA)

– Germany (TBA)

– Portugal (TBA)

* This information is sourced directly from the European Security and Markets Authority and is retrievable here.

The most essential requirements to apply for a CASP license 

This section outlines the key requirements for entities seeking to obtain a CASP license under the MiCAR framework in the European Union. While these requirements provide a general foundation, specific implementation details and regulatory approaches may vary significantly across different EU jurisdictions. Prospective CASPs should thoroughly research their target jurisdictions’ specific interpretations and additional requirements.

1. Business setup and registration
   1. Company registration: Register as a Limited Liability Company (LTD) or similar structure in an EU member state
   2. Office location: Maintain a physical office in the EU to meet economic substance requirements
   3. Directorship: Ensure there is a director with EU residency who meets security requirements
2. Capital requirements: the minimum capital required depends on the services offered
   1. €50,000 for essential services like order reception and transmission
   2. €125,000 for services, including exchange and trading
   3. €150,000 for services, including custody and management of crypto assets
3. Governance and compliance
   1. Board composition: a minimum of four board members, including two executive directors and two independent members
   2. Key officers: appoint a Compliance Officer, Risk Manager, and Financial OFFICER
   3. AML/CFT policies: Implement robust Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) policies
   4. Risk management: Establish internal control mechanisms for risk management
4. Documentation and systems
   1. Business plan: outline financial projections, governance structure, and compliance measures
   2. IT systems: provide detailed documentation of IT infrastructure and cybersecurity measures
   3. Client protection: Ensure secure custody of client assets and implement mechanisms for handling complaints.
5. Application process:
   1. Jurisdiction selection: Choose an EU or EEA state for licensing, considering local regulations 
   2. Application submission: apply to the competent authority in the chosen jurisdiction
   3. Undergo an audit to verify compliance with MiCAR requirements
6. Ongoing compliance
   1. Regular reporting: Provide regular financial reports to the regulator
   2. Ongoing supervision: Be prepared for ongoing supervision by the regulator to ensure compliance with MiCAR obligations

Conclusion

The varying implementation timelines for MiCAR across EU and EEA jurisdictions create a complex regulatory landscape requiring crypto-asset service providers’ careful navigation. With some countries requiring compliance as early as May 2025 and others extending the transition period to July 2026, CASPs must develop strategic, jurisdiction-specific compliance plans.

Early engagement with regulators, proactive authorization applications, and careful monitoring of regulatory developments will be essential for maintaining operational continuity throughout this transition period. The sooner CASPs begin their preparatory work, the better positioned they will be able to secure their licenses and operate freely across the different jurisdictions within the EU. While building a solid and robust compliance framework demands significant resources, this investment will ultimately make the industry more reliable, enhance market confidence, and open doors to new possibilities previously unattainable in a fragmented regulatory landscape. Forward-thinking providers who embrace these changes will survive the transition and thrive in the newly harmonized European crypto-asset marketplace.

Make compliance effortless with Fiat Republic

Stop letting regulatory complexities slow your crypto business’s growth. With our Oxygen transaction monitoring platform, you can use fiat rails for crypto to monitor compliance and fraud. This allows you to focus on expanding your user base and building your platform in the crypto world.

Why choose Fiat Republic

– Complete regulatory coverage: We track regulations, help you monitor transactions with our Oxygen platform, and advocate with regulators.

– Enhanced security and efficiency: Comprehensive data capture with automated reconciliation saves time

– Uninterrupted banking access: Our trusted banking network ensures continuous fiat access regardless of policy changes