MiCA Crypto License for Non-EU Companies: What You Need

Crypto Licensing & Company Formation , , , , ,

MiCA Crypto License for Non-EU Companies: What You Need

🇪🇺 MiCA · Non-EU Company Guide

MiCA crypto licence for non-EU companies

If your company is based outside the EU but you have EU users, EU institutional clients, or EU revenue — MiCA applies to you. This guide explains your obligations, your options, and the cost of getting it right. See our MiCA EU crypto licence service for hands-on support.

MiCA CASP
Non-EU Founders
EU Retail Access
CASP Authorisation
In force Dec 2024
Contents
6 sections · ~8 min read
1
MiCA and non-EU companies: the core problem
No third-country equivalence. No passporting from VARA or MAS.
2
Three paths to EU market access under MiCA
CASP licence, reverse solicitation, institutional exception
3
Setting up a MiCA entity: what it actually requires
Minimum substance requirements — not negotiable
4
Best EU jurisdictions for CASP licensing
Lithuania vs Netherlands vs Ireland vs Malta
5
MiCA compliance without an EU entity
Geo-blocking, reverse solicitation, audit-ready position
6
Timeline and cost: what to budget
Setup costs, timeline, and annual running costs
⚠️ Section 1

MiCA and non-EU companies: the core problem

MiCA came into full force in December 2024. If your company is based in the UAE, Singapore, Seychelles, Mauritius, or any other non-EU jurisdiction and you have EU users — you are already in scope. Read what the MiCA deadline means for existing VASP licence holders and see the EU regulatory environment overview before deciding your next move.

🔍
Two things most non-EU founders get wrong about MiCA
Why your existing licence does not help you in the EU
2 key points
1
MiCA has no third-country equivalence regime

MiFID II has an equivalence mechanism that allows non-EU firms to serve professional clients in the EU if their home country’s regime is deemed equivalent by the European Commission. MiCA has no equivalent provision. There is no third-country equivalence route, no recognition regime, and no grandfather period for firms that were operating in the EU before MiCA came into force.

This is a deliberate policy choice by the EU. The result is that every company — regardless of where it is incorporated or what licence it holds — needs a MiCA authorisation to actively provide crypto-asset services to EU retail clients. Your VARA licence, your Mauritius FSC VASP licence, your MAS exemption: none of these provide any form of EU market access under MiCA. They are jurisdictionally irrelevant for the purpose of EU retail access.

2
MiCA applies based on where your clients are — not where you are

MiCA’s scope is determined by where you provide services — not where you are incorporated. If you are actively marketing crypto-asset services to EU residents, onboarding EU retail clients, or providing ongoing services to EU retail users, you are providing crypto-asset services within the EU under MiCA. The fact that your servers are in Singapore and your company is registered in the Seychelles is irrelevant to the question of regulatory scope.

The extraterritorial reach of MiCA is similar to GDPR in this respect. EU national competent authorities (NCAs) are already pursuing enforcement actions against non-EU platforms with EU user bases. The risk is not theoretical — it is operational and it is escalating. If you have EU retail clients and you are not on a path to MiCA authorisation, you need to make a decision about your EU strategy now, not when an NCA sends you a letter.

⚠️
Enforcement is live
If your platform has EU retail users and you are not MiCA-licensed, you are operating in breach of EU law. The enforcement timeline began in December 2024. NCAs in the Netherlands, Germany, and France have already issued enforcement actions against non-licensed platforms. This is not a future risk — it is a current one. See our MiCA EU crypto licence service to understand your options.
🗂️ Section 2

Three paths to EU market access under MiCA

There are technically three ways a non-EU company can have EU clients under MiCA. Understanding the limits of each is essential before you decide how to respond to your EU exposure.

Recommended path
Get a CASP licence in an EU member state
Full EU market access — the only permanent solution
  • Full EU single market access — one CASP licence passports across all 27 EU member states under MiCA’s mutual recognition framework
  • Covers retail and professional clients — no restrictions on client type, marketing activity, or product scope within the authorised service categories
  • Required for any active marketing, user acquisition, or ongoing retail service provision directed at EU residents
  • Most resource-intensive path — requires a genuine EU subsidiary, local management, own funds, and a full NCA application process. See Section 3 for requirements.
⚠️
High compliance risk
Reverse solicitation only
EU client approaches you — you do not market to them
  • MiCA Article 61 permits non-EU firms to service EU clients who approach them exclusively on the client’s own initiative — without any marketing, solicitation, or promotion by the firm
  • The threshold for “active solicitation” is interpreted broadly by EU NCAs — any social media, referral programme, or targeted advertising directed at EU residents destroys the reverse solicitation defence
  • NCAs are actively scrutinising reverse solicitation claims — it is increasingly viewed as a compliance fiction rather than a legitimate market access route for any platform with material EU revenue
  • Not a long-term strategy — it buys limited time while you complete a CASP application, but it is not a substitute for authorisation
🏛️
Limited scope
Institutional clients only (Article 61)
Professional / eligible counterparty exception
  • MiCA provides an exception for services provided solely to eligible counterparties and professional clients as defined under MiFID II — credit institutions, investment firms, insurance companies, and similar entities
  • If your entire EU business is B2B with verified professional counterparties and you have no retail exposure, this exception may legitimately apply to you
  • Does not cover retail clients under any circumstances — a single EU retail client relationship invalidates the institutional exception for the entire platform
  • Requires ongoing verification of counterparty professional status — one misclassified client is sufficient to trigger regulatory exposure

For any serious EU-facing operation, path 1 — getting a CASP licence in an EU member state — is the only viable long-term option. Paths 2 and 3 may be legitimate for specific, limited situations, but neither is a substitute for authorisation if you are building a business that depends on EU users. The cost of enforcement significantly exceeds the cost of authorisation. See our MiCA EU crypto licence service for a full assessment of your situation.

🏗️ Section 3

Setting up a MiCA entity: what it actually requires

A MiCA CASP licence requires genuine substance in an EU member state. These are not administrative formalities — NCAs are actively rejecting applications that do not meet them. See also our guide on AML/KYC compliance when switching jurisdiction and our AML/KYC compliance service.

📋
MiCA CASP: minimum substance requirements
8 requirements — all mandatory before NCA application
Not negotiable
Legal entity incorporated in an EU member state
Must be a subsidiary or standalone entity incorporated under the laws of an EU member state — not a branch of a non-EU company. The NCA in the member state of incorporation is the home NCA and the entity through which the EU-wide passport is issued.
Registered office with a real address
The registered office must be a genuine operational address in the EU member state — not a virtual office or a legal services firm’s address used for correspondence. NCAs conduct physical verification checks. A serviced office with dedicated space is the minimum acceptable standard.
At least one executive director resident in the EU
At least one member of the management body must be EU-resident and actively engaged in managing the entity’s operations — not a nominee director. NCAs will interview key function holders and assess whether management decisions are genuinely being made within the EU entity.
Compliance officer and MLRO located in the EU
The compliance officer and money laundering reporting officer (MLRO) must be EU-based — either employed by or contracted to the EU entity on a dedicated basis. These roles cannot be shared with the non-EU parent without explicit NCA approval, which is rarely granted in practice.
Own funds (minimum capital) held in the EU entity
Minimum capital varies by CASP class: Class 1 EUR 50,000 / Class 2 EUR 125,000 / Class 3 EUR 150,000. Capital must be held in the EU entity’s own account — not in the parent company. Capital adequacy must be maintained on an ongoing basis.
Class 1: EUR 50K · Class 2: EUR 125K · Class 3: EUR 150K
IT infrastructure and custody arrangements documented
Full description of the technology platform, wallet architecture, key management, cybersecurity controls, and business continuity arrangements. For custody services, client asset segregation must be documented and evidenced. Third-party technology or custody arrangements must include provider agreements.
Full AML/KYC programme compliant with EU AMLD6
A comprehensive AML/KYC programme covering customer due diligence, enhanced due diligence triggers, transaction monitoring, suspicious activity reporting, and travel rule compliance. Must align with the Sixth Anti-Money Laundering Directive (AMLD6) and MiCA’s own AML requirements. A compliance manual reviewed by local counsel is mandatory.
Application submitted to the national competent authority (NCA)
The MiCA CASP application is submitted to the NCA of the EU member state where the entity is incorporated. The NCA has 25 working days to assess completeness and 3 months to make a licensing decision from the date it declares the application complete. NCAs in Lithuania and Estonia have significantly faster completeness assessments than those in Netherlands or Germany.
📌
Substance requirements are being enforced
NCAs are rejecting applications with nominee directors, virtual offices, or compliance functions that are clearly shared with non-EU parent companies. Budget for genuine EU presence — at minimum, a dedicated office, one EU-resident executive, and EU-based compliance staff. The cost of getting this wrong is a rejected application and a 6-month delay. See our MiCA EU crypto licence service for a structure that will pass NCA scrutiny.
🇪🇺 Section 4

Best EU jurisdictions for CASP licensing

Not all EU member states are equal for MiCA CASP applications. Speed, cost, NCA responsiveness, and institutional credibility vary significantly. See our full comparison of MiCA vs VARA vs AIFC to understand how the regulatory routes actually differ before choosing your jurisdiction.

Faster / lower cost
Lithuania · Estonia
4–6 months
Lower cost
⏱️
Application timeline
4–6 months from submission to authorisation in Lithuania. Estonia broadly comparable. Both NCAs have established MiCA processing workflows and English-language application procedures.
Lithuania: fastest NCA in EU
🏦
Track record
Lithuania’s Bank of Lithuania has licenced more crypto entities than any other EU NCA and has a well-established CASP application process. Extensive experience means fewer surprises during the review process.
💰
Annual compliance costs
Lower operational costs than Western Europe. Compliance officer and MLRO roles can be staffed at significantly lower annual cost in Lithuania or Estonia than in Netherlands, Ireland, or Germany.
🌐
Regulatory communication
Both NCAs communicate effectively in English. Lithuania’s Bank of Lithuania publishes detailed guidance and has dedicated FinTech teams. Application queries are typically responded to within 2–3 weeks.
🎯
Best suited for
New entrants, companies with budget constraints, businesses that need to reach the EU market quickly and can build institutional credibility over time through track record rather than NCA prestige.
More credibility / harder
Netherlands · Ireland · Malta
6–12 months
Institutional
⏱️
Application timeline
6–12 months in Netherlands (AFM) and Ireland (CBI). Both NCAs conduct extremely thorough reviews. Malta (MFSA) has longer institutional relationships with crypto businesses but a more complex application process.
Netherlands / Ireland: most rigorous
🏛️
Institutional recognition
A CASP licence from AFM (Netherlands) or CBI (Ireland) carries significantly stronger institutional credibility with European banks, asset managers, and institutional counterparties. Preferred for businesses targeting institutional EU clients.
📋
Application demands
More demanding application process — detailed business model scrutiny, fit-and-proper interviews with key function holders, thorough AML/CFT assessment, and higher substance requirements in practice. Expect multiple query rounds.
💰
Annual running costs
Higher annual compliance, staffing, and office costs than Baltic alternatives. Amsterdam and Dublin are among the more expensive European cities for office and employment costs. Budget accordingly for the ongoing cost of the licensed entity.
🎯
Best suited for
Well-capitalised businesses targeting EU institutional investors, EU banking partners, or large-enterprise EU clients where NCA prestige materially affects commercial relationships.
📌
Jurisdiction recommendation
Lithuania remains the most popular choice for new entrants due to speed and cost — a 4–6 month timeline at lower annual running cost is a meaningful advantage when you are building EU presence from scratch. If your target is EU institutional investors, EU banking partners, or large-enterprise clients where regulatory prestige matters commercially, Netherlands or Ireland provides stronger credibility. The passport is identical regardless of which member state issues it — the difference is the NCA’s market reputation and the scrutiny level during application. See our MiCA vs VARA vs AIFC comparison for the full picture.
🛡️ Section 5

MiCA compliance without an EU entity

If you are not yet ready to apply for a CASP licence — or you are in the middle of the application process — there are three steps you should take now to reduce your regulatory exposure. These are not permanent solutions, but they are the audit-ready interim position while you work toward authorisation.

📐
Three steps to reduce EU exposure during the application period
Interim measures — not substitutes for MiCA authorisation
3 steps
1
Assess your actual EU exposure
Do this first — before anything else

Count your EU users by member state. Calculate EU revenue as a percentage of total revenue. Identify every EU institutional client relationship. Map which services you are actively marketing to EU residents versus which are genuinely client-initiated.

This assessment tells you exactly what you are dealing with. If retail EU users are above zero and you are marketing to them, you cannot avoid MiCA — the only question is how quickly you get authorised and what interim measures you take in the meantime. If your EU exposure is genuinely zero or limited to institutional clients, your position is different and your options are broader. Do not skip this step — it drives every other decision.

2
Geo-block EU users temporarily
Buys time — not a permanent solution

Blocking EU IP addresses and removing EU residents from your onboarding flow stops the accumulation of new EU retail clients while you complete your CASP application. This is a legitimate interim measure — it demonstrates to NCAs that you identified the issue and took steps to stop the breach while pursuing authorisation.

The geo-block must be genuinely implemented — not cosmetic. NCAs and enforcement teams regularly test geo-blocking implementations. A geo-block that can be circumvented with a VPN and no friction will not be considered effective. Implement it properly: IP-level block, KYC residency check at onboarding, and documented enforcement logs. Document the implementation date and the decision to apply for authorisation — this creates a timeline that regulators can review.

3
Run a reverse solicitation analysis
Audit-ready documentation — not just a policy

If you are relying on the reverse solicitation exception (Article 61) for any existing EU client relationships, document every EU client relationship individually to confirm — with evidence — that no active solicitation occurred. This is an audit-ready position, not a policy statement in your terms and conditions.

For each EU institutional client: document the origin of the relationship, the first contact, any marketing materials they received, and their professional client classification. If any client received a marketing communication from you before initiating contact themselves, the reverse solicitation defence does not apply to that relationship. Clean up your EU client base before regulators examine it — not during an enforcement investigation.

⚠️
Neither is a substitute for authorisation
Geo-blocking and reverse solicitation claims are increasingly scrutinised by EU NCAs. Neither is a substitute for authorisation if you have a material EU business. NCAs are conducting active market monitoring — identifying platforms with EU users that are not authorised and issuing formal requests for information. The clock is running. Use the interim measures to buy time, but do not mistake them for a long-term strategy.
💰 Section 6

Timeline and cost: what to budget

MiCA is a serious regulatory commitment. Here are the real numbers — broken out by setup costs, timeline, and annual running costs. All figures assume a Lithuania or Estonia filing at the lower end and Netherlands/Ireland at the upper end. For a full licence comparison, see our VASP licence comparison guide.

🏗️
One-time costs
Setup costs
What you spend before going live
  • EU entity formation — EUR 3,000–8,000 including incorporation, registered office setup, and initial corporate governance documentation
  • CASP application legal fees — EUR 30,000–80,000 covering legal advisory, AML/KYC policy, compliance manual, business plan, NCA submission, and query responses
  • Own funds deposit — EUR 50,000–150,000 depending on CASP class. This is equity capital that remains in the entity — not a fee, but a capital commitment you need to fund
  • NCA application fees: EUR 2,000–10,000 depending on member state (Lithuania and Estonia at lower end; Netherlands and Ireland at higher end)
⏱️
End to end
Timeline
From decision to authorised CASP
  • EU entity incorporation — 1–2 weeks from submission of complete documents in Lithuania or Estonia. Faster than Netherlands or Ireland where corporate formation can take 3–4 weeks
  • Application preparation — 6–12 weeks to prepare a complete MiCA CASP application package to NCA-acceptable standard. This is the step most founders underestimate
  • NCA review to authorisation — 4–6 months in Lithuania/Estonia. 8–12 months in Netherlands, Ireland, or Germany. Includes 25-day completeness check and 3-month decision window after completeness
  • Total from decision to operating CASP: 6–8 months (Lithuania/Estonia) or 10–14 months (Netherlands/Ireland)
📅
Recurring costs
Annual running costs
What you pay every year after authorisation
  • Compliance officer + MLRO — EUR 40,000–80,000 per year combined, depending on seniority and whether employed directly or contracted through a compliance services firm
  • Annual NCA supervisory fee — EUR 5,000–15,000 depending on member state and activity scope. Lithuania and Estonia at the lower end; Netherlands and Ireland at the higher end
  • External compliance support — EUR 20,000–50,000 per year for ongoing AML/KYC advisory, regulatory reporting, policy updates, and NCA correspondence support
  • Office and administration: EUR 12,000–30,000 per year for registered office, company secretary, and basic operational costs of the EU entity

MiCA is not cheap. Budget EUR 150,000–300,000 for year one — including setup, legal fees, own funds deposit, compliance staffing, and annual running costs. This is the realistic number. Projects that budget EUR 50,000 for a MiCA licence consistently run out of runway mid-application. Plan for this before you start — not halfway through. See our full crypto licence comparison to assess whether MiCA or an alternative regulatory route makes more sense for your stage and budget.

Ready to start your MiCA CASP application?
Our team handles the full MiCA CASP process for non-EU companies — from EU entity setup and NCA selection to application preparation, AML/KYC documentation, and ongoing compliance. We have worked with companies relocating from UAE, Singapore, Seychelles, and Mauritius.
MiCA EU crypto licence service → EU regulatory environment
Tag
Oleg Prosin

Oleg Prosin is the Managing Partner at WCR Legal, focusing on international business structuring, regulatory frameworks for FinTech companies, digital assets, and licensing regimes across various jurisdictions. Works with founders and investment firms on compliance, operating models, and cross-border expansion strategies.

view all posts

Related Posts

Post Comment