The MiCA architecture in one page

MiCA divides crypto-assets into three regulatory categories and authorises ten service activities under one passportable Crypto-Asset Service Provider (CASP) authorisation.

Asset categoryDefinition (in shorthand)Issuer obligations
ART — Asset-Referenced TokenReferences multiple fiat currencies, commodities or other crypto-assets to maintain stable value.Authorisation by an NCA; published white paper; capital and reserve requirements; significant-ART thresholds trigger EBA supervision.
EMT — E-Money TokenReferences a single fiat currency to maintain stable value. Statutorily classified as e-money.EMI or credit-institution authorisation under PSD2 / EMD2 plus MiCA white paper. EMT-as-payment activity falls inside PSD2.
Other crypto-assetsCrypto-assets that are neither ART nor EMT, and not financial instruments under MiFID II.Issuer must publish a MiCA-compliant white paper, with limited exemptions.

The ten CASP services

A CASP authorisation covers one or more of the ten services below. Each service has bespoke conduct, capital and operational requirements, and the authorisation file must be scoped against the services the firm intends to offer at launch and through a defined growth horizon.

  1. Custody and administration of crypto-assets on behalf of clients.
  2. Operation of a trading platform for crypto-assets.
  3. Exchange of crypto-assets for funds (fiat).
  4. Exchange of crypto-assets for other crypto-assets.
  5. Execution of orders for crypto-assets on behalf of clients.
  6. Placing of crypto-assets.
  7. Reception and transmission of orders for crypto-assets on behalf of clients.
  8. Providing advice on crypto-assets.
  9. Providing portfolio management of crypto-assets.
  10. Providing transfer services for crypto-assets on behalf of clients.

The capital floor

MiCA structures CASP capital as a base requirement, scaled to the activity perimeter:

Capital classIndicative figureActivities
Class 1EUR 50,000Reception, transmission, advisory, placing, execution.
Class 2EUR 125,000Custody, exchange, transfer services, portfolio management.
Class 3EUR 150,000Trading-platform operation.

The base capital is supplemented by an own-funds requirement of one quarter of the firm's annual fixed overheads — the higher of the two applies. Significant CASPs (above defined thresholds) face additional supervisory scrutiny by the EBA and ESMA.

The transitional grandfathering window

Article 143 of MiCA permits firms providing crypto-asset services under a national framework before 30 December 2024 to continue operating until 1 July 2026 without a CASP authorisation, or until they are granted (or refused) one — whichever is earlier. Several member states shortened the window to as little as six months. By mid-2026 the window has lapsed in:

  • The Netherlands — closed at the end of the AMLD5 transitional regime.
  • Germany — BaFin operated a 12-month window that closed at the end of 2025.
  • Malta, Ireland, Spain, Finland and Poland — all operated transitional windows materially shorter than the 18-month maximum.

The practical effect is that firms still relying on a national-regime authorisation in 2026 face a hard stop. Preparing the CASP authorisation file is no longer an aspirational item on the regulatory roadmap; it is the work that defines whether the firm can continue to serve EU clients.

NCA selection — the structural choice

MiCA is a single rulebook but it is administered by national competent authorities. The choice of authorising NCA materially affects timeline, fee, supervisory style and post-authorisation engagement. The most active NCAs in CASP authorisations through 2025 and into 2026 have been:

  • BaFin (Germany) — highly experienced in financial-services authorisation; conservative supervisory style; long timeline; strong reputational anchor.
  • AMF / ACPR (France) — established crypto track record (the legacy PSAN regime fed into MiCA); active in significant-ART supervision.
  • CSSF (Luxembourg) — premium IFC posture; institutional brand premium; longer process.
  • MFSA (Malta) — early mover under the Virtual Financial Assets Act; faster processing for firms that previously held VFAA authorisations.
  • Central Bank of Ireland — increasingly active; Anglophone process; rigorous on governance.
  • CySEC (Cyprus) — fast-mover; pragmatic on smaller-Class authorisations.

NCA selection is not a marketing decision. It is a structural call that should be made against the firm's commercial profile, target client base, and post-authorisation supervisory expectations.

The PSD2 / PSD3 and EMI overlay

The most significant 2026 risk for EU-licensed CASPs is the EMT-as-payment overlay. EMTs are statutorily classified as e-money. EMT transactions that qualify as payment services therefore fall inside PSD2, and must be conducted by a Payment Institution or an Electronic Money Institution — not by a CASP authorisation alone.

The EBA's No-Action Letter and supervisory commentary established that, with effect from 2 March 2026, EMT-issuing CASPs operating EMT payment flows must hold the PI / EMI authorisation alongside their CASP authorisation, or cease the relevant activity. The PSD3 / PSR package — provisional political agreement reached November 2025, texts published April 2026, expected entry-into-force 2027 with a 21-month transition — will merge the PI and EMI regimes and is expected to streamline the path for MiCA-licensed firms. Until PSD3 is in force, the dual-stack discipline is the operative reality.

The implications for an EMT-issuing CASP are straightforward but operationally heavy: dual capital stacks, dual governance reporting lines, dual supervisory engagement, and a defined boundary between MiCA-side and PSD2-side activity that the firm can demonstrate to a supervisor.

The MiFID II carve-out

Crypto-assets that qualify as financial instruments under MiFID II sit outside MiCA and inside MiFID II. ESMA's 2025 guidelines on the qualification of crypto-assets as financial instruments are the operative reference. The practical implication for firms operating across both regimes is that:

  • A token-classification assessment is the first step in any new product launch — and must be defensible against ESMA's qualification framework.
  • MiFID-authorised firms can offer crypto-asset services by notification rather than full CASP authorisation, which is a structural advantage where MiFID authorisation already exists.
  • Hybrid tokens that have both MiFID and MiCA characteristics require careful structuring — and a documented governance position that the firm can produce on demand.

What "good" looks like in a CASP authorisation file

Across the active NCAs, the components of a credible CASP authorisation file are converging on a recognisable structure:

  1. A regulatory business plan that defines the activity perimeter against the ten CASP services and the asset-category boundary.
  2. Governance and three-lines-of-defence operating model with documented role-and-responsibility matrices.
  3. AML / CFT framework calibrated to the firm's specific risk profile — not a cloned template.
  4. Custody, segregation and key-management framework where custody is in scope.
  5. Trading-platform operational rulebook where trading-platform operation is in scope.
  6. White paper drafting and notification process for the asset categories the firm will support.
  7. Three-year financial projections aligned to the capital floor and own-funds calculation.
  8. Outsourcing register and intra-group service governance.
  9. IT, cyber and operational-resilience documentation.
  10. Marketing communications and conflicts management framework.

How CASA helps

  • NCA pathway diagnostic — a fixed-fee comparison of the most active CASP-authorising NCAs against the firm's commercial profile.
  • CASP authorisation programme — end-to-end ownership of the authorisation file, in partnership with named EU counsel in the chosen NCA jurisdiction.
  • EMI / PI overlay strategy — for EMT-issuing CASPs, the dual-stack governance and licensing programme.
  • MiFID II perimeter analysis — token-classification assessments and hybrid-token structuring against ESMA's 2025 guidelines.

Considering an EU CASP authorisation? Want a side-by-side view of the active NCAs?

Brief our team

References: Regulation (EU) 2023/1114 (MiCA); ESMA Guidelines on the qualification of crypto-assets as financial instruments (2025); EBA No-Action Letter on EMT supervision (2025); PSD3 / PSR provisional political agreement texts (April 2026); ESMA / EBA Level 2 Regulatory Technical Standards (various, 2024-2026).

This briefing is general commentary by CASA and does not constitute regulated legal, financial or investment advice. Firms should confirm specific positions with retained counsel and the relevant supervisory authority.