Crypto licensing • EU

MiCA licensing & EU compliance for crypto businesses.

Practical legal support for CASP-ready operations: licensing perimeter, governance setup, AML/CTF framework, client disclosures, and a documentation pack aligned with EU requirements and your real product.

Best fit for exchanges, brokers, custody, on/off-ramp, stablecoin-related services, and token issuers entering the EU market.

What we clarify first

Which MiCA activities you actually fall under (and which you don’t).
Where the substance should sit (people, governance, outsourcing).
What regulators will question in your model (flows, custody, conflicts).
What documents you must have before filing and before go-live.

If you need a fixed starting scope, see Packages.

Overview

MiCA-ready structure, not just “templates”.

We translate your product into a licensing perimeter, then build a compliance and governance baseline that survives regulator questions and operational reality.

Scope

Licensing perimeter

Clarify whether you are a CASP, what services apply, and what restrictions/conditions follow from your exact flows.

Activity mapping and role split (platform, issuer, agent, distributor).
Client asset vs non-custodial models.
Marketing and cross-border positioning baseline.

Outcome: clear “what license / what obligations” map.

Governance

Substance & controls

Governance, outsourcing and operational controls sized to your stage and risk profile.

Board / senior management responsibilities.
Outsourcing chain and oversight logic.
Conflicts, complaints, incident response baseline.

Outcome: a structure regulators can understand and audit.

Compliance

AML/CTF + sanctions

Risk-based onboarding, transaction monitoring logic and sanctions screening aligned with your actual flows.

Customer types, geography, product risk factors.
Blockchain analytics & third-party tooling perimeter.
Escalations, MLRO reporting, recordkeeping baseline.

Outcome: policy pack + procedures your ops team can run.

What we do

Core workstreams for MiCA.

Pick a starting point, then scale the scope. For complex structures we combine licensing, corporate, IP/IT and website legal layers.

Phase 1

MiCA gap assessment

A fast, structured review of your current setup against MiCA expectations and “typical regulator questions”.

Service mapping and red flags.
Substance & outsourcing readiness check.
Document list and prioritised remediation plan.

Phase 2

Policy & procedure pack

A coherent set of internal documents sized for licensing and operational reality.

AML/CTF, sanctions, KYC/EDD procedures.
Conflicts of interest, complaints, incident handling.
Outsourcing oversight and vendor controls baseline.

Phase 3

Client disclosures & product terms

User-facing legal layer: terms, risk disclosures and operational transparency.

Client agreements (retail/professional where relevant).
Risk disclosures tailored to your asset flows.
Website disclosures and marketing guardrails.

Related: Website & IT/IP →

Support

EU corporate structuring

Corporate setup, governance and contracting layer to support MiCA substance and operational model.

Entity and shareholder structure baseline.
Governance documents and delegated authorities.
Key commercial contracts alignment.

Open Corporate →

Support

Ongoing compliance

Support after go-live: updates, audits, incident handling, vendor changes, regulator queries.

Policy updates as product evolves.
Periodic control testing baseline.
Regulator Q&A and remediation support.

Open Compliance →

Support

IP/IT & data layer

Data, security, licensing and IP ownership aspects that frequently appear in crypto licensing and banking.

Data processing and vendor DPAs baseline.
IP chain clean-up and assignments.
Platform terms and consumer-facing policies.

Open IP/IT →

Process

How the MiCA work usually runs.

We keep the process predictable: scope → perimeter → documents → implementation guidance. You always see what’s next.

Step 1

Kick-off & product map

Model, jurisdictions, target clients, asset flows, custody, partners, and revenue logic.

Step 2

Licensing perimeter

Define applicable services, restrictions, and what must be built in governance and disclosures.

Step 3

Policies & procedures

AML/CTF, sanctions, conflicts, outsourcing, incident handling, recordkeeping.

Step 4

Client layer & rollout

Client agreements, risk disclosures, website pages, and implementation guidance for ops.

What we need from you

Short product description and target EU markets.
Client types (retail / professional) and onboarding flow.
Asset flows: who holds keys, who settles, who can move funds.
Vendors (custody, KYC, blockchain analytics, payment providers).

If you don’t have this fully documented yet, we map it together in the kick-off.

Typical deliverables

MiCA perimeter memo (clear scope and assumptions).
Compliance pack (policies + procedures, role split, reporting lines).
Outsourcing & vendor controls baseline.
Client documentation and disclosure layer baseline.

For a fixed-scope start, use Packages or request a tailored scope via Contact.

FAQ

Common questions about MiCA projects.

Short, practical answers. For your case we confirm details in the initial assessment.

Do we need MiCA if we don’t custody assets?

Not necessarily, but non-custodial models still can be regulated depending on services, client flows, and how execution/transfer is organised. We start with a perimeter map.

Can we rely on outsourcing for compliance functions?

Outsourcing is usually possible, but it must be governed: oversight, reporting, documentation, and continuity. We build the vendor-control layer and responsibilities split.

What do regulators focus on most?

Clarity of the operating model (who does what), asset flows, conflicts of interest, AML/CTF controls, incident handling, and whether your disclosures match reality.

Do you help with “website legal” for EU launch?

Yes. We align your Terms, disclosures, privacy/data layer, and marketing claims to your product and compliance logic so you don’t create avoidable regulatory or consumer-law risk.

Want a clear MiCA roadmap for your product?

Send a short description: what you do, target EU markets, whether you custody client assets, and what vendors you rely on. We’ll reply with the best starting scope (assessment → pack → implementation).

If your project is multi-jurisdictional, we can compare MiCA with AIFC, UAE and other routes.

Useful to include in your message:

Entity structure and where your team sits.
Product flows (wallets, custody, settlement).
Client types and onboarding/KYC approach.
Key vendors and partners.

Even 8–10 lines is enough to start.

MiCA (EU)

MiCA licensing & EU compliance for crypto businesses.