1. MiCA CASP registration statutory core admission requirements
Physical structure and local substantive operations
Registered EU legal entity required (recommendedCyprus LTD),and setting up local physical office space。"Mailbox companies" are strictly prohibited,board of directors at least 4 members,Contains at least 2 executive directors based in Sierra Leone and 2 independent non-executive directors,Establish local decision-making chains。
Legally paid capital and prudent bottom line
The initial capital must be paid in full in euro legal currency,Strictly prohibitedCryptoassets。Class 1/2/3 The corresponding minimum capital is 50,000/125,000/150,000 euros respectively.。Continued operations must strictly meet the principle of "minimum capital" or "1/4 of the fixed expenses of the previous year, whichever is higher"。
Eligibility review and key resident executives
Directors and core executives must pass the “Fit & Proper)" check,Submit proof of clean criminal and bankruptcy record。The Head of Compliance and the Money Laundering Reporting Officer (MLRO) must be based in Cyprus and perform their duties full-time,Have a matching professional background。
Asset Segregation and DORA Technical Compliance
Enforce hot and cold wallet separation and multi-signature mechanism,The client’s legal currency must be in the EUcreditInstitutional independent account custody。IT systems and disaster recovery plans must be strictly aligned with mandatory EU Digital Operations Resilience Act (DORA) standards。
2. Statutory approval and EU passportization (Passporting) process
first stage:Physical structure construction and account opening (2-4week)
Establishment of a local limited liability company in Cyprus,Open an EU Credit Institution Operating Account,Completed the actual payment of Euro legal currency capital,Establish service scope and identify local compliance executives。
second stage:Case file assembly and compliance system construction (4-8week)
Prepare three-year financial forecasts (including stress testing)、AML/CFT Brochure、DORA Architecture White Paper、A complete application package for the hot and cold wallet risk control mechanism and UBO source of funds (SoF) audit verification letter。
The third stage:CySEC online submission and substantive inquiry (3-6months)
After submission 25 Complete the preliminary review of completeness within 3 working days,Then initiate in-depth substantive inquiries。During this period, CySEC will interview key executives (CEOs/MLROs) to assess their compliance capabilities and internal controls.。
Stage 4:Officially approved with EU passport notification (15day validity)
Awarded CASP license and included in the EEA register。Submission of cross-border service notifications to CySEC,10 Delivery to destination country within 1 working day,15 Be legal in the EU after calendar days 27 Exhibition industry across the country。
3. fees、Third Party Auditing and Operating Cost Budgeting Guidelines
CySEC official application fee:Charged based on business permissions,such as hosting services 10,000 EUR,Operate trading platform 30,000 EUR,Basic single item (execution、transfer, etc.) 5,000-8,000 euros。
CySEC annual regulatory fees:Covers fixed fees (€5,000-20,000) and variable fees (turnover exceeds 50 10,000 euros part press 0.1%-1% Ladder collection,capped 50 million euros)。Usually exempt in the first year。
UBO fund legality traceability:Shareholders holding ≥10% of the shares must submit traceable proof of the source of wealth in legal currency (tax form、running water、Dividend resolution),It is strongly recommended that a verification letter be issued by a licensed auditor。
Estimated localized comprehensive operations in the first year:Covers physical offices、Full-time Compliance Executive Compensation、DORA Penetration Testing and Legal Internal Audit,Recommended to reserve for the first year 10 Wanzhi 30 Start-up guarantee budget of 10,000 euros。
4. The absolute red line that triggers CySEC disapproval or delisting
Shell architecture and remote control:Trying to set up a "mailbox company",Fully outsource core decision-making and AML processing authority,or the MLRO is not resident in Cyprus,will be directly rejected by regulatory agencies。
Capital violations and SoF disconnect:Attempting to use crypto assets as registered capital,Or the ultimate beneficiary cannot be provided (COUGH) Legal source of legal tender funds and tax payment certificate,Directly touching the dead line of anti-money laundering verification。
Overdue MiCA standard limits:If the existing institutions during the transition period are not in 2026 Year 2 moon 27 Submit complete application before,Liquidation must be enforced;Carrying out "reverse solicitation" without a license is illegal solicitation and illegal operation.。
5. MiCA regulatory framework and Cyprus tax reform timeline
- 2024 Year 12 moon 30 day:MiCA fully effective
MiCA Actand"funds transferRegulations (Travel Rule)》Completely applicable to all encryption service providers。CySEC officially stops accepting applications under old country rules CASP Registration application。
- 2025 Year 1 moon 17 day:DORA enforcement
Digital Operations Resilience Act(DORA) Officially effective。All MiCA authorized entities must have a mandatory ICT risk management framework,Pass elastic penetration testing,and implement strict penetrating supervision on third-party technology suppliers。
- 2026 Year 1 moon 1 day:8% Exclusive crypto tax bonus
Cyprus ImplementationCryptoassetstax reform。sell、exchange orpayWaiting for the implementation of proceeds from the disposal of crypto assets 8% unified fixed capital gains tax,Much lower than traditional companies 12.5% and individuals 35% income tax rate。
- 2026 age limit:End of transitional period
2The absolute red line for existing institutions to submit formal applications on March 27th。7On March 1st, the Grandfathering transition period completely ended.,Since then, any company that has not been officially authorized by MiCA to provide services in the EU will be operating illegally.。
6. The first batch of licensed giants and compliance benchmarks in the MiCA system
Revolut (001/2025)
As a world-renowned financial technology giant,Its EEA entity successfully obtained MiCA CASP license from CySEC,Be the first to realize a closed loop of legal currency and encryption business compliance in the EU。
Crypto.com
At 2025 Year 1 Successfully passed CySEC’s MiCA authorization in 2019,And further superimpose acquisitions to obtain MiFID(Traditional Financial Instruments) License,Establishing its European dual-track complianceinvestment servicesArchitecture。
eToro European subsidiary
Relying on the MiCA license of the Cyprus subsidiary,Through the EU passport mechanism (Passporting) exist 27 Member states legally provide more than 100 crypto-assets,Consolidate its global multi-asset trading position。
7. Practical Legal Questions and Answers (FAQ):Full analysis of approval paths and compliance pain points
Once approved, you will have the “EU passport” mechanism,You can apply directly at the 27 Legally operating business in EU member states。At the same time enjoy the EU's extremely low 12.5% corporate income tax,and 2026 Gains from the disposal of crypto assets since 2017 8% exclusive fixed capital gains tax。
Absolutely prohibited。CySEC strictly requires “substantial operations” (Substance)”。A local physical office must be established,Have local bank accounts and employees。The board of directors must at least 2 Executive Directors based in Cyprus,Core decisions and MLROs must not be fully offshored。
MiCA classifies risk:Class 1 (5million euros) Applicable investment advice and order transmission;Class 2 (12.5million euros) Add legal currency/currency currency exchange and asset custody;Class 3 (15million euros) for the highest level,Allows the operation of multilateral matching and trading platforms for crypto assets。
Can't。Initial capital must be paid in legal currency (EUR),Cryptoassets must not count towards regulatory capital。After obtaining the license, you must continue to meet the higher principle of "minimum fixed capital" and "1/4 of the fixed expenses of the previous year"。
extremely strict。UBOs that directly or indirectly hold ≥10% of the shares must submit a detailed chain of evidence (tax payment certificate、bank statement、equity agreement, etc.),Demonstrate that wealth accumulation did not originate in high-risk sanctioned jurisdictions。It is strongly recommended that an external licensed institution issue a fund verification letter and submit it for review.。
All senior executives must pass the "fit and proper" (Fit & Proper)"Evaluate,Check for crime and financial health。A dedicated and locally based anti-money laundering reporting officer must be established (MLRO)、Director of Compliance and DORA Compliant IT Directors。
Application package contains 40-80 core document:Three-year financial forecast including stress testing、AML/CFT Brochure、Client Funds Segregation Procedures、DORA Compliant Business Continuity Plan (BCP)、Penetration test report and UBO background due diligence file。
The standard approval cycle for extremely mature materials is 3-6 months。If missing materials lead to multiple rounds of inquiries for replacement materials, the supervisory authorities (RFI),or the business model belongs to a high-risk large exchange,The in-depth substantive review will be extended to 6-12 months。
Don’t completely shirk responsibility。Specific execution tools (such as on-chain analytics) can be outsourced,But “highly important functions” (core decision-making、Matching engine、AML disposals) must be subject to internal controls。The supplier agreement must give CySEC the right to conduct on-site audits and data retrieval。
Relying on the EU’s “passportization” process,Submit target country and service list notifications to CySEC。CySEC will be 10 Transfer to the corresponding national competent authority within 10 working days,Delivered full 15 calendar days from now,can legally and seamlessly carry out cross-border services。
No fixed expiry date。To maintain the license, audited financial statements must be submitted annually.、AML independent internal audit report and full payment of annual regulatory fees。In the event of illegal misappropriation of customer assets or capital adequacy ratio falling below the red line,Supervision has the power to suspend or revoke licenses immediately。
Existing institutions operating under the old regulations must 2026 Year 2 moon 27 Submit a complete MiCA application before,Otherwise, liquidation will be compulsorily required。The transition period will be 2026 Year 7 moon 1 end of day,At that time, all unlicensed encryption business activities will be deemed illegal.。
