MiCA Decoded is a 12-article weekly series for Bitcoin.com News, co-authored by Aaron Glauberman, Viktor Juskin, and Sabir Alijev, Co-Founding and Managing Directors of LegalBison. LegalBison advises crypto and FinTech companies on MiCA licensing, CASP and VASP applications, and regulatory structuring across Europe and beyond.
What is MiCA, and what is it about?
MiCA (Markets in Crypto-Assets) is the European Union’s unified regulatory framework for crypto markets. It entered into force in June 2023, with stablecoin provisions applying from June 2024 and the full regime starting from December 30, 2024. For the first time in any major jurisdiction, a single licensing framework now applies across all 27 EU member states (passporting).
Before MiCA, crypto regulation in Europe was fragmented. Each country ran its own national regime. A company could obtain a crypto exchange license, a VASP license or a DASP license in one country under relatively light requirements and use it to reach European customers, sometimes with minimal ongoing supervision.
That time is over. MiCA replaces those national patchworks with one standard framework:
- The Crypto Assets Service Provider regime (CASP);
- Unified rules for white paper notification and token issuance, and classification for crypto.
Who needs a MiCA license?
Any company providing crypto-asset services within the EU must hold a CASP license.
The scope is broad: operating a crypto exchange, providing custody and administration of crypto assets, executing orders, providing investment advice on crypto assets, offering portfolio management in crypto assets, and providing transfer services. If your business touches any of these functions for EU clients, MiCA applies regardless of where your company is incorporated. Also, if you wish to obtain a CASP license you will need to incorporate any of the EU member states.
A few topics such as DeFi protocols and dApps are currently out of the scope of MiCA. As long as there is no identifiable centralized individual providing the service, it is possible to argue the service is out of scope currently. Currently, also NFTs are out of scope.
For the vast majority of centralized crypto businesses operating in or into Europe, MiCA compliance is mandatory.
What does obtaining a CASP license actually require?
The requirements are substantive.
Applicants must demonstrate minimum capital ranging from 50,000 to 150,000 EUR depending on the services offered, and management must pass fit-and-proper checks. Firms must implement rigid AML/KYC frameworks aligned with the applicable Directives, maintain IT security systems that meet regulatory standards (DORA alignment), segregate client funds, and put in place governance structures with clearly defined accountability and more. In contrast, when mere templates of these documents for VASPs were often deemed sufficient by entrepreneurs, the regulators will make sure one actually has everything implemented.
Ongoing obligations include regulatory reporting, public disclosure requirements, and conduct-of-business rules designed to protect retail investors.
The application goes to the national competent authority of the EU member state where the applicant is incorporated. Each member state designates its own authority: in Lithuania it is the Bank of Lithuania, in Austria it is the FMA, in Germany it is BaFin, and so on.
Once authorized in one member state, the CASP license can be passported across the entire EU, allowing the firm to service clients in all 27 countries without separate licenses in each.
The transitional arrangements
Companies already registered or licensed under national pre-MiCA regimes, as VASPs, registered crypto businesses, or similar, were given a transitional window to continue operating while preparing for full MiCA authorization. The length of this window varies by member state, but for all it ends with July 1, 2026.
After that date, firms without a valid CASP license under MiCA must cease providing crypto-asset services in the EU.
This deadline is not flexible. It is embedded in the EU Regulation itself and cannot be extended by national authorities or national legislation. The clock is running.
Why does this matter beyond compliance?
A MiCA license is a commercial asset as much as a regulatory requirement. Companies that secure authorization gain access to the entire EU single market through passporting, with a level of regulatory standing that institutional counterparties, banking partners, and investors increasingly require.
Companies whose business model requires them to but do not obtain authorization by July 2026 will be locked out of the EU market.
The MiCA regulation has also introduced a framework that other jurisdictions are watching closely. It is the most comprehensive crypto-specific regulatory regime enacted by any major jurisdiction to date. Its structure, particularly the passporting mechanism and tiered capital requirements, is being studied by regulators in the UK, Singapore, and the UAE as a potential model. Montenegro, which is in continental Europe, but not part of the European Union and hence not subject to MiCA, used the framework as a basis for its domestic regulation.
For operators with EU exposure, the practical question is not whether to pursue MiCA compliance, but where to apply, how to prepare, and whether the July 2026 deadline leaves enough runway.
And MiCA is moving fast. It’s a live topic with multiple implications.
MICA License in Austria: KuCoin Prohibited from Taking New Business
Austria’s Financial Market Authority (FMA) has prohibited the Austrian branch of KuCoin EU Exchange GmbH from conducting any new business after finding the company was operating without certain key mandatory positions required under the MiCA regulatory framework (Anti-Money-Laundering Officer and deputy, Sanctions Compliance Officer and deputy).
The prohibition blocks new customer acquisition and new transactions, effectively freezing the company’s ability to grow in Europe as a whole. It is one of the first high-profile enforcement actions taken by an EU regulator under MiCA, and it targets a globally recognized exchange brand.
For any crypto operator without a valid CASP license in the EU, the message is plain: regulators are not waiting.
CASP License in Lithuania: Four Successful Registrations
The crypto license in Lithuania used to be one of the most popular frameworks for digital asset companies, and not just in Europe. Before MiCA tightened the requirements, the VASP framework in Lithuania was one of Europe’s most permissive regulations for crypto registration, issuing thousands of authorizations under a light-touch national regime.
Under MiCA, the Bank of Lithuania has now issued four CASP licenses, including one in March 3, marking the beginning of a functioning MiCA licensing pipeline in the country.
The former crypto license Lithuania regulatory infrastructure, its established track record in the crypto space, and its pool of compliance professionals make it a credible option for companies seeking a MiCA license in a cost-efficient EU jurisdiction.
Crypto License Poland: Second Veto, July 2026 Deadline, No Exit
On February 12, 2026, Polish President Karol Nawrocki vetoed the Crypto-Assets Market Act for the second time, blocking the legislation that would formally designate the KNF as the competent authority for the enforcement of MiCA in Poland.
Without that law, companies holding a crypto license in Poland cannot submit a MiCA license application domestically, yet they remain bound by the EU-level July 1, 2026 deadline after which unauthorized firms must cease operations.
Over 1,300 registered VASPs are caught in this gap. Foreign companies holding a MiCA license from another EU country can already passport services into Poland and serve Polish clients, creating a significant asymmetry that favors operators who secured crypto compliance in more decisive jurisdictions earlier.
