Buy a licensed company 
VASPs live data and insights 
Learn about crypto safety 
Read the latest research 
MiCA Licence: Complete Checklist of Required Documents
Summary
- A MiCA licence is mandatory for all CASPs operating in the EU.
- The application requires extensive documentation across legal, governance, financial, and compliance categories.
- Total costs usually range from €100,000 to €500,000, with ongoing annual compliance above €50,000.
- The timeline from preparation to approval is three to six months on average.
- One licence grants passporting rights across all 27 EU member states.
The Markets in Crypto-Assets (MiCA) regulation came into force across the European Union in December 2024. It sets out a single framework for crypto-asset service providers (CASPs), replacing the patchwork of national regimes that existed before.
authorization under MiCA is not optional. Any firm offering custody, exchange, trading, or issuance of crypto-assets in the EU must hold a licence from a national competent authority. Without it, operations will be considered unlawful once the transition period ends. Most major exchanges have already secured their MiCA authorization.
“12 to 18 months” after MiCA ratification, says CZ. It’s been nearly 30 months, and Binance has yet to be registered as a CASP in the EU under MiCA. Interesting.
Other exchanges that have registered, and in which jurisdiction:
Bitgo (Germany)
Bitpanda (Germany)
Bitvavo… https://t.co/TS6XhIE2xh— Bill Hughes 🦊 (@BillHughesDC) September 24, 2025
A key benefit of the MiCA framework is passporting. Once a licence is granted in one member state, the provider can operate across all 27 EU countries without applying again. This makes early preparation critical, as regulators expect complete documentation and will not tolerate gaps or inconsistencies. Firms that delay risk bottlenecks in the application queue and potential disruption to their business model.
Who Needs a MiCA Licence?
MiCA applies to all businesses providing crypto-asset services within the European Union. This covers exchanges, custodians, trading platforms, brokers executing orders on behalf of clients, and firms offering investment advice or portfolio management in crypto. Issuers of asset-referenced tokens (ARTs), e-money tokens (EMTs), and other crypto-assets are also in scope.
The regulation introduces a single licence for CASPs, but the level of detail required depends on the type of activity. Issuers of stablecoins face stricter obligations than providers dealing with non-stable crypto-assets.
Firms already registered as virtual asset service providers (VASPs) under anti-money laundering laws are not automatically compliant.
The Application Process
Getting a MiCA licence comes down to three phases. First is company setup. You need to incorporate in an EU member state, have a proper registered office, and sort out VAT registration if it applies.
The second phase is dossier preparation. This step covers governance structures, anti-money laundering and counter-terrorist financing policies, ICT and security documentation, and prudential safeguards. Many regulators also expect workshops or direct engagement during this stage to clarify operational models.
The final phase is submission to the national competent authority (NCA). Once approved, the licence can be passported across the EU, allowing the business to operate in all 27 member states without further applications.
The process generally takes between three and six months. Preparation of documentation can require one to two months, followed by an initial review of 25 to 40 working days, and then a full assessment of around three months.
Checklist of Required Documents
A MiCA licence application is document-heavy. Regulators require proof that a business is legally established, properly governed, financially stable, and capable of managing compliance risks. The requirements can be grouped into six main categories.
Corporate and legal documents are there to prove the company is real and set up properly. You’ll need a registration certificate, articles of association, and proof of a registered office in an EU country. Some regulators also ask for a physical presence and at least one director living in the EU. On top of that, you’ll have to provide a shareholder register, UBO declarations, and the company’s LEI. Regulators also want contact details for whoever will handle communication with them, plus the domain names and social media accounts your business uses.
Fit and proper assessments apply to directors, shareholders, and anyone with significant influence over the company. Regulators expect passports or identity cards, criminal record certificates issued within three months of submission, and CVs covering at least the previous ten years. These CVs should highlight experience in financial services, crypto, technology, or related fields. Additional requirements include fit and proper questionnaires, shareholder disclosures, and declarations of no objection for those holding more than ten percent of shares. Regulators often ask for biographies with education and qualifications, details of other positions held, and the estimated time commitment to the company. Conflicts of interest must be disclosed in full, including financial or non-financial interests of immediate family members, with measures described for how they will be managed. A detailed organisational chart of the corporate group is required, identifying ownership structure, distribution of voting rights, and shareholder transparency.
Business and operational documents show regulators how your company will actually run once you get the licence. You’ll need a business plan and program of operations that spell out your services and long-term goals. An organisational chart has to lay out ownership and governance, and regulators expect clear frameworks for risk management, compliance, and audit. You also have to include ICT and security details covering system setup, cybersecurity, and data protection. A business continuity plan is required to explain how you’ll handle disasters or disruptions. On top of that, you need policies for safeguarding client assets, procedures for handling complaints, agreements for any outsourced work, and a marketing strategy that follows MiCA’s disclosure rules.
Financial and prudential documents demonstrate the company’s financial soundness. Proof of minimum initial capital is required, ranging from €50,000 to €150,000. Firms must submit audited financial statements showing stability, as well as prudential safeguard descriptions covering own funds, guarantees, or insurance policies. Three-year forecasts are required, including liquidity planning, expected client numbers, projected transaction volumes, and stress-test scenarios. Some regulators also request proof of capital deposits in local bank accounts.
Compliance and risk management documents show how the company will meet regulatory obligations on an ongoing basis. These include a complete AML and counter-terrorist financing policy, with procedures for customer due diligence, monitoring, and reporting. KYC and KYB frameworks must also be included, along with proof of registration with the national financial intelligence unit. Regulators also require risk management procedures, consumer protection policies that address transparency and disclosures, and a conflicts of interest framework with mitigation strategies.
Extra documents can come into play depending on how the business is set up. If you’re issuing tokens, you’ll need a whitepaper that follows MiCA’s disclosure rules. Regulators also expect IT and data protection policies that show you’re compliant with GDPR and other EU standards. On top of that, you’ll likely need a governance framework that spells out how committees make decisions, and legal opinions to clear up token classifications or other regulatory questions.
Costs and Timelines
Applying for a MiCA licence is a significant financial and operational commitment. The average cost of completing the process ranges between €100,000 and €500,000 once legal fees, audits, capital requirements, and regulator charges are included.
For firms that combine in-house work with external support, the starting point is usually around €28,000. This covers incorporation, company setup, and preparation of the first licence application. The figure can rise quickly as more complex business models require additional documentation, workshops with regulators, and specialist legal input.
Once authorized, most providers should expect annual costs of at least €50,000 to maintain audits, reporting, and ongoing regulatory obligations.
The timeline is relatively predictable. Document preparation typically requires one to two months, regulators take 25 to 40 working days for an initial review, and the full assessment adds roughly three months. In total, most firms should plan for three to six months from the start of preparation to final approval.
Risks and Challenges
One of the biggest risks is token misclassification. Projects that fall closer to securities than utility tokens may be redirected into a different regulatory regime, delaying approval or forcing a redesign of the product.
Incomplete or inconsistent documentation is another common issue. Regulators expect alignment across all submissions, and small discrepancies between policies, registers, or declarations can lead to rejection.
Although MiCA sets out a harmonised EU framework, differences remain between national competent authorities. Some regulators apply stricter interpretations or request additional evidence, meaning firms need to account for variations even when the core rules are the same.
The cost of compliance is also a challenge, particularly for smaller or early-stage firms. High upfront expenses for legal work, audits, and capital requirements combine with ongoing obligations that typically exceed €50,000 each year.
Finally, compliance does not end with the licence. CASPs are required to update documents annually, undergo continuous audits, and demonstrate that governance and risk management frameworks remain effective. Falling behind on these obligations puts both the licence and the business at risk.
Conclusion
A MiCA licence granted in one member state opens access to all 27, making it a powerful tool for firms that want to scale across the EU.
The application requires a wide range of documentation, and regulators are unlikely to overlook gaps or inconsistencies. Starting early gives firms the best chance of meeting deadlines and avoiding costly delays.
Specialist guidance can make all the difference. Generally, legal and compliance advisors bring the expertise needed to align documents, address regulator questions, and keep applications on track. For most firms, involving external experts is a time-saving investment.
Frequently Asked Questions (FAQ)
Who needs to apply for a MiCA licence?
Any crypto-asset service provider operating in the EU. This includes exchanges, custodians, brokers, advisers, and issuers of asset-referenced tokens (ARTs), e-money tokens (EMTs), or other crypto-assets.
How long does the application process take?
Most firms should expect three to six months. Document preparation usually takes one to two months, followed by a regulator review of up to 40 working days and a full assessment period of around three months.
What are the main costs involved?
The total cost typically ranges from €100,000 to €500,000. This covers legal support, audits, capital requirements, and regulator fees. Initial setup and first application preparation can start from €28,000, with annual compliance costs of at least €50,000.
Can one MiCA licence be used across the EU?
Yes. Once a licence is granted in one member state, it can be passported across all 27 EU countries. This is one of MiCA’s key benefits, eliminating the need to apply separately in each jurisdiction.
What happens if a firm does not obtain a MiCA licence?
Operating without authorization after the deadline is unlawful. Firms face penalties, loss of market access, and possible enforcement action from regulators.
Do all token issuers need a full licence?
Not always. Issuers of certain crypto-assets may only need to file a MiCA-compliant whitepaper, while issuers of stablecoins such as ARTs and EMTs face stricter obligations and must obtain full authorization.
