From July 2026 at the latest, companies operating in the crypto-asset market in the European Union will be required to hold a CASP license. Entrepreneurs who previously provided services as so-called VASPs (Virtual Asset Service Providers) will need to transition and become authorised as CASPs under MiCA. This means not only a change in the formal category of activity but, above all, the need to adapt to a much more demanding regulatory regime.
New Legal Framework – What is MiCA?
The Markets in Crypto-Assets Regulation (MiCA) is the first comprehensive EU legislation concerning the crypto-asset market. Its aim is to create a uniform system of licensing and supervision over companies offering services related to digital assets, as well as to ensure consumer protection and transparency of market participants’ activities. Until now, many entities have operated based on national registers established under AML regulations, and the scope of their obligations has been mainly limited to verifying clients’ identities and reporting suspicious transactions. MiCA introduces an entirely new standard – not only formal but also operational.
VASP vs. CASP – Key Differences
The current VASP status was defined under FATF guidelines and EU AML directives. It covered entities engaged in exchanging, storing, and transferring virtual assets. In many Member States, VASPs were only required to be listed in a register, and actual supervision of their activities was limited or non-existent.
CASP, or Crypto-Asset Service Provider under MiCA, is a new category of entity subject to a full-fledged licensing system. It requires meeting organizational, capital, and disclosure requirements, as well as being under ongoing supervision by the competent national authority, such as the Polish Financial Supervision Authority (KNF) in Poland (as envisaged in the proposed MiCA implementation bill).
Who Must Adapt?
The MiCA provisions will generally cover all companies offering crypto-asset services, regardless of their size or business model. This includes large exchanges, start-ups offering crypto wallets, custody services, trading platforms, as well as token issuers and blockchain application operators. Each of these firms will be obliged to comply with the new standards if they wish to continue operating.
CASP License – Process and Obligations
Transforming operations from VASP to CASP means meeting many formal requirements. The first step should be to identify whether the scope of services provided by a company falls within the definition of activities covered by MiCA. Then, internal governance structures, compliance procedures, and the business model must be analysed for compliance with the new regulations.
Companies must prepare a full set of licensing documentation, including internal policies, a business plan, and a description of consumer protection procedures. The license application should be submitted to the competent supervisory authority (in Poland expected to be the KNF) in due time.
Firms that were lawfully operating under national regimes before 30 December 2024 may, where their home state allows, rely on a transitional period that can last up to 1 July 2026 while they seek authorisation.
What Are the Risks of Non-Compliance?
MiCA introduces a wide range of sanctions for entities that fail to meet the new requirements. The lack of a license will mean a ban on providing services throughout the European Union, regardless of the delivery channel. Companies may face an order to cease operations, financial penalties, as well as public disclosure of violations.
Maximum administrative fines, depending on the infringement, include at least €5 million and at least 12,5 % of total annual turnover for certain breaches of MiCA and at least €15 million or 15% of total annual turnover for certain market-abuse breaches. Board members of such entities may also be disqualified from serving on the governing bodies of other companies.
How to Prepare?
For many firms, the change will be a challenge but also an opportunity to strengthen their market position. Entrepreneurs should already carry out an internal MiCA compliance audit, develop a plan to adjust the organizational structure, secure financial resources to meet capital requirements, and build a compliance team. Engaging with the national supervisory authority and starting a regulatory dialogue may also prove essential.
Expert Opinion
Wojciech Ługowski, attorney-at-law and managing partner notes: “MiCA is not just a set of new obligations. It is also an opportunity to build a lasting competitive advantage in a regulated crypto-asset market. Companies that prepare well for this change will gain the trust of investors and consumers, as well as access to the entire EU market under a single passport”.
Conclusions
The MiCA regulation introduces new standards of transparency, accountability, and security in the European digital asset market. The transition from VASP to CASP will be necessary not only from a legal standpoint but above all from an operational one. Entities that take the right steps now will gain an advantage, while those that ignore the new obligations may find themselves excluded from the market.