Cryptoasset Business Registration in 2026: MiCA, CASP and Beyond
A 2026 guide to registering a cryptoasset business in the EU under MiCA, in the UK under the FCA regime, and across major jurisdictions. CASP authorization, capital requirements, travel rule, passporting and how to ship a compliant crypto product.
The 2026 crypto registration landscape
Running a crypto business in 2026 is a very different job from 2023. The EU's Markets in Crypto-Assets Regulation (MiCA) has been in full application since 30 December 2024, and the fragmented patchwork of national crypto registers is being replaced with a single authorization: the Crypto Asset Service Provider (CASP) license. Outside the EU, the UK FCA still runs its own MLRs-based register, the US is reshaping rules after the 2024-2025 enforcement wave, and jurisdictions from Dubai to Singapore are aligning with FATF standards.
If you want to operate an exchange, a custodian wallet, a brokerage, an OTC desk or a token issuance platform, you now pick a lead regulator, meet its capital and governance bar, and passport across the rest of the bloc. The registration is heavier than the old VASP regime, but the prize is a 27-country market and a credible brand signal for banks, auditors and institutional clients.
Single EU license
One CASP authorization, passporting across all 27 Member States. No more country-by-country VASP registers.
Clear capital bar
50k, 125k or 150k EUR of own funds depending on the service category. Predictable, auditable, bank-grade.
Travel Rule live
The EU Transfer of Funds Regulation (TFR) applies to every crypto transfer, with no de minimis threshold.
Let's discuss your project and see how we can launch your digital banking product together
Request demoMiCA in plain English
MiCA splits crypto-assets into three buckets, and each has its own rulebook. Knowing which bucket your product touches tells you which authorization you need and what capital you have to post.
| Category | What it is | Applicable since | Key obligations |
|---|---|---|---|
| Asset-Referenced Tokens (ARTs) | Tokens pegged to a basket of currencies, commodities or other crypto-assets. | 30 June 2024 | Issuer authorization, whitepaper, reserve of assets, redemption rights, significant-token thresholds. |
| E-Money Tokens (EMTs) | Tokens pegged 1:1 to a single fiat currency. The euro and USD stablecoins are the main examples. | 30 June 2024 | Issuer must be an authorized credit institution or EMI, 1:1 reserve, par-value redemption. |
| Other crypto-assets | Utility tokens, plain crypto-assets that are not ARTs, EMTs or financial instruments under MiFID II. | 30 December 2024 | Whitepaper notification to the home regulator, marketing rules, fair-dealing obligations. |
| Crypto-Asset Services (CASP) | Exchanges, custody, brokerage, placement, OTC, advice, portfolio management, transfer services. | 30 December 2024 | CASP authorization, capital, governance, conflicts, custody segregation, complaints handling. |
A practical rule of thumb: if you operate a crypto service for clients, you need a CASP authorization. If you issue a stablecoin, you additionally need an EMT or ART authorization (or to be a credit institution). NFTs that are genuinely unique and not fractionalised remain outside MiCA, as do pure DeFi protocols with no identifiable intermediary - but regulators are watching that border closely.
CASP capital and the three service classes
MiCA groups CASP services into three classes with different minimum capital floors. Your own funds must always be the higher of the fixed floor or one quarter of your previous year's fixed overheads.
Reception, execution, placement, advice
Order reception and transmission, execution on behalf of clients, placement of crypto-assets, advice, portfolio management, transfer services.
Custody, exchange fiat / crypto
Custody and administration on behalf of clients, exchange of crypto-assets for funds or other crypto-assets, plus all Class 1 services.
Operating a trading platform
Running an exchange or trading venue for crypto-assets, plus every Class 1 and Class 2 service.
On top of the own-funds floor you need professional indemnity insurance or additional capital, plus a governance package: fit-and-proper directors, a named compliance officer, an MLRO, segregated client custody, business continuity and an ICT-risk framework aligned with DORA. Existing VASPs registered before 30 December 2024 benefit from a transition period that ends at the latest on 1 July 2026, so national regulators are processing a wave of upgrade applications through spring 2026.
Picking a jurisdiction in 2026
Because of passporting, your lead CASP jurisdiction matters less than it did under the VASP era - but it still shapes timelines, fees, language of the application and the regulator's appetite for innovation.
Lithuania (Bank of Lithuania)
Fast, pragmatic regulator. Large pool of licensed EMIs that pair naturally with a CASP. English-language process. Popular for exchanges and OTC desks.
Malta (MFSA)
Mature crypto track record since 2018. Strong institutional ecosystem. Higher operating costs, but credibility with tier-1 banking partners.
Estonia (FIU, Finantsinspektsioon)
Rebuilt after the 2022 VASP shake-out. Digital-first government, reasonable fees, English application. Attractive for wallets and small exchanges.
Germany (BaFin)
Gold-standard regulator. Longer timelines but best-in-class for institutional custody and security-token work. Pairs well with existing KWG permissions.
Spain (CNMV)
CNMV took over as lead crypto regulator for CASPs, with the Bank of Spain handling AML. Large domestic market, growing institutional demand.
France (AMF / ACPR)
The legacy PSAN register is being migrated to CASP. AMF leads, ACPR covers prudential. Strong brand for French-speaking markets and Africa.
Ireland, the Netherlands, Luxembourg and Austria are also seeing flows, while Cyprus and Portugal remain competitive for smaller setups. Outside the EU, the UK's FCA runs a separate cryptoasset register under the MLRs with no equivalent passporting, and its forthcoming full financial services regime for crypto is expected to land in 2026 - a parallel track any UK-facing business has to track.
What a CASP application actually contains
Every EU regulator works from the same template under MiCA Article 62 and the related RTS. The dossier is heavier than the old VASP checklist, but it is also predictable. Budget four to nine months from kick-off to authorization, plus a readiness phase of two to three months if you are starting from scratch.
- Programme of operations. Services offered, target clients, jurisdictions served, expected volumes, marketing strategy, outsourcing map.
- Governance and fit-and-proper. Board composition, named compliance officer and MLRO, CVs, police clearance, conflicts-of-interest policy.
- Own funds and financial projections. Evidence of paid-up capital, three-year projections, stress scenarios, professional indemnity cover.
- Custody and client asset segregation. Hot-wallet and cold-wallet architecture, key-management policy, insurance, reconciliation cadence.
- ICT and cyber resilience. DORA-aligned ICT-risk framework, incident reporting, third-party register, penetration testing.
- AML / CTF package. Business-wide risk assessment, KYC, transaction monitoring, Travel Rule implementation, SAR process, sanctions screening.
- Market abuse and conflicts. For trading venues: pre- and post-trade transparency, order-book rules, insider lists, market-manipulation monitoring.
- Complaints handling and client communications. Fair marketing, pre-contractual disclosures, complaints workflow, redress procedures.
ESMA keeps a public CASP register. Once authorized, you notify your home regulator of each Member State you want to passport into, and you can usually start operating there within 15 working days.
The Travel Rule in practice
The EU Transfer of Funds Regulation (TFR, Regulation (EU) 2023/1113) has applied to crypto since 30 December 2024. Unlike the FATF "travel rule" in some non-EU jurisdictions, there is no de minimis threshold: every crypto transfer between CASPs must carry originator and beneficiary information, regardless of amount.
Between two CASPs
Full originator and beneficiary data travels with the transfer: names, addresses, account or wallet identifiers, and for transfers above 1,000 EUR the originator's official personal document number.
Self-hosted wallets
Transfers to or from self-hosted wallets above 1,000 EUR require the CASP to verify that the counterparty wallet is controlled by its client, typically through a signed-message or Satoshi-test approach.
The operational answer is a travel-rule solution: TRP, Sumsub Travel Rule, Notabene, 21 Analytics, or direct integration into a crypto core. Expect your regulator to test the full chain during inspections: originator verification, counterparty discovery, beneficiary CASP onboarding and evidence retention for five years.
The UK and other non-EU regimes
Outside the EU, the headline regimes in 2026 look like this:
| Jurisdiction | Regulator | Regime | 2026 status |
|---|---|---|---|
| United Kingdom | FCA | Cryptoasset register under MLRs, separate financial promotions regime | Full financial-services regime for crypto expected in 2026, covering issuance, trading, custody and stablecoins |
| United States | FinCEN, SEC, CFTC, state regulators | MSB registration federally, BitLicense in NY, Money Transmitter Licenses state-by-state | Post-2024 enforcement reset, clearer stablecoin legislation progressing in Congress |
| UAE (Dubai) | VARA, DFSA | VARA for Dubai mainland, DFSA for DIFC free zone | Fully operational tiered regime, attractive for regional exchanges and token issuers |
| Singapore | MAS | Payment Services Act, Digital Payment Token license | Tight but predictable, favoured by institutional custodians and asset managers |
| Hong Kong | SFC | Virtual Asset Service Provider (VASP) regime | Retail trading permitted since 2023 for licensed VASPs, stablecoin regime live |
For a global product the typical setup is one EU CASP (passporting across the bloc), one UK FCA registration, one UAE VARA or DIFC entity, and a Singapore or Hong Kong entity for APAC. Each adds overhead, but mixing them reduces single-jurisdiction risk and opens the widest banking network.
Building the stack: how Crassula fits
Getting the license is one job. Shipping a product that meets the CASP rulebook on day one is another. A compliant crypto exchange or wallet in 2026 needs at least: a ledger, a matching engine or liquidity aggregator, fiat on- and off-ramps, hot and cold custody, KYC and KYB, transaction monitoring, travel-rule messaging, market-surveillance tooling, a client portal, and an admin back office.
Brand and distribution
Your exchange, wallet or OTC desk, your UX, your customers.
Crassula platform
Ledger, order management, KYC orchestration, travel-rule, admin back office and APIs.
Licensed entity
Your own CASP or a partner, plus an EMI for the fiat side.
Rails and liquidity
SEPA, SWIFT, card rails, tier-1 exchange liquidity, custody networks.
Crassula powers crypto exchanges, wallets and OTC desks on top of this stack. We bring a production-ready crypto core with native support for MiCA reporting, the Travel Rule, DORA-aligned ICT controls, and integrations with leading custody, liquidity and KYC providers. You focus on the license, the vertical and the customer. We ship the plumbing.
A pragmatic 2026 registration playbook
If you are starting or upgrading a crypto business this year, a workable plan looks like this:
- Define the perimeter. Decide which MiCA services you offer (Class 1, 2 or 3), whether you issue any EMT or ART, and which non-EU jurisdictions you need.
- Pick a lead jurisdiction. Match regulator appetite, language, cost and banking access to your product. Plan passporting from day one.
- Set up the legal entity and capital. Incorporate, inject own funds at the right class level, appoint qualified directors, compliance officer and MLRO.
- Build the compliance stack. AML, KYC, transaction monitoring, travel rule, sanctions, DORA, complaints, client asset segregation. Document everything.
- Pick the technology backbone. Ledger, matching, wallet, KYC, travel-rule, admin. Either build in-house (18-24 months) or integrate a platform like Crassula (8-16 weeks to MVP).
- File the application and engage. Treat the regulator as a partner: clear answers, proactive updates, honest gap analysis.
- Go live and passport. After authorization, notify the Member States you want to serve, onboard the first clients, measure transaction monitoring and KPIs from week one.
The firms that move now, while the transition period is still open, will enter 2027 with a genuine MiCA passport, a banked balance sheet, and a clean enforcement record. The firms that wait will face a tougher market with more competition and stricter supervisory benchmarks.
FAQ
MiCA is the EU Markets in Crypto-Assets Regulation. Rules for stablecoins (EMTs and ARTs) started on 30 June 2024. Rules for crypto-asset service providers (CASPs) and other tokens started on 30 December 2024. Existing VASPs registered before that date can rely on a transition period that ends at the latest on 1 July 2026.
Any business that provides crypto-asset services to EU clients by way of business: exchanges, custody and wallet providers, brokers, OTC desks, placement agents, advisers, portfolio managers, and transfer-service providers. Pure token issuers need an EMT or ART authorization instead, or must partner with an authorized issuer.
Minimum own funds are 50,000 EUR for Class 1 services (reception, execution, advice, portfolio, placement, transfer), 125,000 EUR for Class 2 (custody and exchange), and 150,000 EUR for Class 3 (operating a trading platform). You must always hold at least one quarter of the previous year's fixed overheads on top of that floor.
There is no single winner. Lithuania and Estonia are fast and English-friendly. Malta is mature and institutional. Germany (BaFin) is the gold standard for security-token and custody work. Spain (CNMV) and France (AMF) offer large domestic markets. All of them passport into the full EU once you are authorized.
In practice four to nine months from filing to authorization, plus two to three months of readiness if you are building the compliance stack from scratch. Transitioning VASPs usually move faster because most controls are already in place.
The Transfer of Funds Regulation requires every crypto transfer between CASPs to carry originator and beneficiary information. Unlike the FATF threshold used elsewhere, the EU TFR has no de minimis: the rule applies to every transfer, and verification of self-hosted wallet counterparties is required above 1,000 EUR.
No. The UK FCA runs a separate cryptoasset register under the MLRs and a financial-promotions regime, with no EU passporting. A full UK financial-services regime for crypto is expected in 2026, covering trading, custody and stablecoins. UK-facing businesses usually hold both a UK FCA registration and an EU CASP authorization.
Crassula powers crypto exchanges, wallets and OTC desks with a production-ready platform: ledger, order and liquidity management, KYC orchestration, Travel-Rule messaging, DORA-aligned ICT controls, and admin back office. You keep the license and the customer relationship; we deliver the software stack so you can ship in weeks, not years.
