Data-Driven Insights on the Lithuanian VASP Industry: 2025 Snapshot, Licensing, and Register Guide

~15 min read – A founder‑ and compliance‑level snapshot of the Lithuanian VASP industry in 2025: market data, register dynamics, and what the closed‑registration grandfathering regime really means for your strategy.

This guide turns data‑driven insights on the Lithuanian VASP industry into a practical playbook: how to read the VVKO/DVVPO registers, benchmark the market, and choose between upgrading a grandfathered VASP, going straight for CASP/EMI/PI, partnering/acquiring, or exiting Lithuania entirely.

Jump to:

• Lithuanian VASP Market in Numbers (Revenue, Entities, Employment)

• How to Get a VASP License in Lithuania in 2025 (Grandfathering and Real Options)

• Lithuania VASP Register: How to Check and Benchmark Entities

• How MiCA and CASP Licensing Interact with Lithuanian VASPs

• Risks, Supervisory Trends, and Common Pitfalls

• FAQ

TL;DR – Data-Driven Insights on the Lithuanian VASP Industry in 2025

• Lithuania remains one of the EU's most active VASP hubs, with hundreds of registered and formerly registered entities in our 2025 dataset – a useful laboratory for founders, compliance leads, and investors.

  
  

• New standalone VASP registrations in Lithuania are already closed; we are in a grandfathering window where only entities that made it onto the VVKO/DVVPO lists before the 2025 cut-off can maintain that status while they decide whether to transition into CASP/EMI/PI or exit.

  
  

• Lithuanian supervisors are shifting from basic registration checks to deeper scrutiny of AML controls, governance, and actual transaction flows, which raises the bar for "lite" setups and shell structures.

  
  

• This article gives you a data-driven snapshot of the Lithuanian VASP market (entities, revenue, employment) and pairs it with a practical, no-drama walkthrough of how to upgrade, restructure, or rethink Lithuanian VASP status in the 2025 grandfathering period – and what to do if you missed the window entirely.

  
  

• We also explain how the national VASP register maps into MiCA CASP licensing, EMI/PI options, and cross-border strategy, so you can decide whether Lithuania should be your primary hub, a satellite booking centre, or a jurisdiction to exit.

Lithuanian VASP Market in Numbers (Revenue, Entities, Employment)

Based on our 2025 snapshot of the official Lithuanian VASP registers and financials:

• Our dataset covers 379 entities that have appeared on the VVKO/DVVPO lists. 342 are currently listed in at least one register, while 37 show as delisted or legacy records.

  
  

• Roughly 90% of all entities remain active, and about 98% of active firms appear on both VVKO and DVVPO. Only a handful sit on a single list (6 VVKO-only, 1 DVVPO-only), mostly reflecting edge-case licensing or historic clean-up.

• Combined, Lithuanian VASPs report around €1.2bn in annual revenue, but the median firm generates only about €250k. The top 10% of entities capture ~93% of all revenue, so you’re looking at a barbell market: a small club of scale players and a very long tail of small operators.

• Across the register we see about 712 jobs linked to VASPs. The median team is 2 FTEs, and over 90% of firms employ five people or fewer, while only three companies have 20+ staff – most entries look more like lean operating cells or booking centres than fully staffed financial institutions.

For founders, compliance leads, and investors, this means Lithuania is both a deep sandbox and a crowded micro-entity market: there is real volume and deal flow at the top, but the regulator increasingly expects the bigger revenue and headcount cohorts to behave like proper financial institutions, not side projects. In other words, the data-driven insights on the Lithuanian VASP industry in this article are not just academic – they are the backbone for concrete licensing, register, and MiCA decisions.

The next step is to translate this market picture into a concrete licensing and build plan that fits where you want to sit on that spectrum.

How to Get a VASP License in Lithuania in 2025 (Grandfathering and Real Options)

The Lithuanian VASP regime is still formally a registration under AMLD5, but the window for new VASP registrations is already closed. Lithuania is in a grandfathering phase: only firms that were on the VVKO/DVVPO lists before the 2025 cut-off can maintain that status for a limited period. In practice, you should treat that legacy VASP position as a light-touch licence and a bridge into MiCA CASP/EMI/PI – not as something a new entrant can apply for from scratch.

Below is a pragmatic, founder- and compliance-friendly sequence for two situations we see in 2025:

• teams that already hold Lithuanian VASP status and need to make it MiCA-ready; and

  
  

• teams starting without VASP status who need to design directly for CASP/EMI/PI (and possibly acquire or partner with a grandfathered VASP in Lithuania).

1. Decide what you really are: VASP-only, CASP-in-waiting, or EMI/PI candidate  

   
   

   Map your current and planned products against three buckets:

   
   

   1. VASP-only: simple exchange, brokerage, or custodial services with limited cross-border ambitions and no issuance of tokens or e-money.

      
      

   2. MiCA CASP: you expect to serve the wider EEA under MiCA, list or trade multiple crypto-assets, or operate an order book/venue.

      
      

   3. EMI/PI track: you touch fiat flows at scale (accounts, cards, payment acquiring) and will eventually sit under Bank of Lithuania supervision as an EMI/PI.

   
   

   The more you lean toward CASP or EMI/PI, the less sense it makes to treat legacy Lithuanian VASP registration as a quick, low-substance box-tick or a permanent solution.

   
   

2. Lock in scope of services and corporate architecture  

   
   

   Before you talk to advisors or the FIU, write down a concrete list of activities (exchange, custody, OTC, staking-as-a-service, card top-ups, etc.) and how they map to Lithuanian law and MiCA definitions. Decide:

   
   

   1. Which services sit in the Lithuanian entity vs group companies.

      
      

   2. How you will segregate client crypto and fiat vs own funds.

      
      

   3. Whether you need one or multiple regulated entities to keep risk rings fenced.

   
   

   This is also where you align legal entity, booking model, and on-chain architecture instead of bolting compliance on later.

   
   

3. Design governance and key function holders early  

   
   

   Lithuanian authorities increasingly expect named humans with real decision-making power: MLRO/AML head, compliance officer, risk owner, and accountable managers. For each, define:

   
   

   1. Role, reporting line, and time allocation ("0.1 FTE on paper" is a red flag for higher-risk models).

      
      

   2. Relevant experience (crypto, payments, banking, AML/CTF).

      
      

   3. How they will oversee outsourced operations, technology, and group functions.

   
   

   Weak governance is one of the most common reasons for protracted correspondence or quiet discouragement.

   
   

4. Build an AML/CTF framework that matches your on-chain reality  

   
   

   A generic copy-paste policy is no longer enough. You need:

   
   

   1. A risk assessment that actually reflects your products, counterparties, and geographies.

      
      

   2. KYC/CDD flows calibrated for both retail and institutional clients, including source-of-funds logic for higher-risk flows.

      
      

   3. A transaction monitoring setup that understands UTXO vs account-based assets, mixers, privacy tools, and DeFi flows, and can be explained to the FIU.

      
      

   4. Clear procedures for sanctions screening, adverse media, and SAR/STR reporting.

   
   

   The more volume and complexity you plan to run through Lithuania, the more this framework should look like an early CASP-grade stack.

   
   

5. Assemble the application pack and evidence  

   
   

   Historically, a typical Lithuanian VASP registration file would include – and the same evidence set is now what supervisors expect to see in CASP/EMI/PI applications:

   
   

   1. Corporate documents (AoA, ownership, group structure, UBO evidence).

      
      

   2. Business plan and financial projections, tied back to the services you actually plan to offer.

      
      

   3. Policies and procedures (AML/CTF, risk, governance, outsourcing, IT/security, complaints handling).

      
      

   4. CVs and declarations for key function holders and shareholders.

      
      

   5. A short description of your technical architecture (wallets, custody stack, transaction monitoring, key management).

   
   

   Your goal is to make the reviewer’s job easy: show a coherent story from business model → risks → controls → people.

   
   

6. File, iterate with the authority, and plan for MiCA timing  

   
   

   Whether you are responding to questions on an existing VASP file or preparing a fresh CASP/EMI/PI application, expect questions, clarifications, and at least one iteration on governance or AML/CTF. Treat every round of feedback as a dry run for your eventual full CASP/EMI/PI file rather than a nuisance. In parallel:

   
   

   1. Map exactly how and when you’ll transition from any remaining Lithuanian VASP status to a full MiCA CASP authorisation or EMI/PI licence (or, if you never had VASP status, how you’ll go straight to those end-state licences).

      
      

   2. Identify which gaps you can park for now (e.g., some reporting automation) and which you must close before launch (e.g., segregation, key function capacity).

      
      

   3. Decide whether Lithuania is the right long-term hub or a stepping stone toward a different primary jurisdiction.

   
   

7. Operationalise and avoid the “registered but not really live” trap  

   
   

   Post-registration, Lithuanian supervisors increasingly look for evidence of real activity: clients onboarded, monitoring running, internal reporting, and board minutes that show AML and risk are actually discussed. Use the first 6–12 months to:

   
   

   1. Run realistic pilots and internal audits of your controls.

      
      

   2. Tighten your booking and revenue model so the numbers you report line up with the risk story you sold in the application.

      
      

   3. Prepare the documentation you will later re-use or extend for CASP/EMI/PI applications.

Lithuania VASP Register: How to Check and Benchmark Entities

Once you have a concrete licensing plan and an application pack taking shape, the next place you should be living in is the Lithuanian VASP register – often shortened to the Lithuania crypto register in search results – it’s the public source your supervisors, banks, and counterparties will quietly use to sanity-check you. If you landed here after a "Lithuania VASP register search" in Google, this is the section you’re looking for.

At a high level, Lithuania maintains two public lists for virtual asset activity:

• A list of virtual currency exchange operators (VVKO).

  
  

• A list of depository virtual currency wallet operators (DVVPO).

Both lists are published via the national company-register infrastructure and are searchable online. Our dataset for this article is built directly from these VVKO/DVVPO sources.

How to find and read your entry

For day-to-day use, treat the register as a structured address book:

1. Locate the right list  

   
   

   Start with the VVKO list if your core is exchange/brokerage and with the DVVPO list if you provide hosted wallets or custody. Many firms will appear on both, which is reflected in our data (roughly 98% of active entities).

   
   
   
   

2. Search by legal name or company code  

   
   

   Use the Lithuanian legal name and company code from your incorporation documents. For groups, sanity-check that the right legal entity – not just the brand name – is listed, and that there are no stray legacy entities you thought were inactive but still show up.

   
   
   
   

3. Check the basic fields and status  

   
   

   For each entry, focus on a few core signals:

   
   

   1. Legal name and company code.

      
      

   2. Service type (exchange, wallet operator, or both).

      
      

   3. Registration date(s) and whether the entity is still listed or has been removed.

      
      

   4. Contact details (address, email/website) that your banks, partners, and clients will see.

   
   

   The register is not a rating or an endorsement, but it is the minimum public footprint you control.

   
   
   
   

4. Cross-check VVKO vs DVVPO membership  

   
   

   If you claim to run both exchange and custodial activity but only appear on one of the lists, that is a signal to fix your licensing perimeter before a bank or regulator points it out. Conversely, if you are still on both lists but operationally wound down, consider whether your status and communications reflect reality.

Using the register to benchmark competitors and partners

For founders, compliance leads, and investors, the register is also a benchmarking tool:

• Map the active population: start with the 300+ entities currently on at least one list and segment them by service type (exchange, custody, both) and by single- vs dual-list membership. This helps you see how crowded your exact niche is.

  
  

• Overlay your own metrics: combine register data with financials and employment figures (like the dataset we use in this article) to distinguish micro-entities from firms with real scale. A VASP that barely files accounts but sits on both lists tells a different story from one with meaningful revenue and staff.

  
  

• Sanity-check counterparties: before onboarding partners, liquidity providers, or white-label VASPs, confirm that (a) they are on the register if they should be, and (b) the perimeter and group structure they describe matches what the lists show.

When you need to zoom out from this micro-level picture to the broader EU crypto regulation and MiCA deadline action items, you can plug this register view into your EU-wide strategy and decide whether Lithuania remains your hub or becomes one of several regulated booking centres.

How MiCA and CASP Licensing Interact with Lithuanian VASPs

By this point you know what you want to do in Lithuania and where you and your peers sit on the VASP register. The next question is whether a plain Lithuanian VASP registration is enough in a MiCA world – and for most serious business models, the answer is "only as a stepping stone".

Where Lithuanian VASPs sit under MiCA

MiCA does not erase the Lithuanian VASP regime overnight, but it reframes it:

• Today: Lithuanian VASPs are registered under AMLD5-style rules focused on AML/CTF and basic governance. There is no full prudential licence in the banking sense, but supervision is tightening.

  
  

• Under MiCA: to provide most crypto-asset services across the EEA, you will need a MiCA CASP authorisation from an EU competent authority (often where your main establishment is). A Lithuanian VASP registration does not automatically convert into a CASP licence, but it is a strong signal of intent and an on-ramp.

  
  

• In practice: the more your business looks like an exchange, trading venue, broker, or custodian with cross-border ambitions, the more you should assume you are on a CASP trajectory, not a permanent VASP-only track.

For a deeper dive into the MiCA CASP licensing requirements and how a full authorisation process works, you can read our dedicated EU CASP licensing guide.

Lithuania can still be your MiCA home state if you build real substance there: people, governance, and decision-making. Alternatively, some groups keep Lithuania as a specialised booking or operational centre while anchoring their CASP licence elsewhere.

When Lithuanian VASP registration is not enough

For founders, compliance leads, and investors, a quick way to test whether VASP-only status is sufficient is to ask a few blunt questions:

• Cross-border ambition: Do you plan to actively market and serve clients across multiple EU states beyond occasional reverse solicitation? If yes, you’re in MiCA CASP territory.

  
  

• Service complexity: Are you running an order book, derivatives, staking-as-a-service, or complex structured products? These are unlikely to be sustainably parked under a simple AML registration.

  
  

• Fiat intensity: Are you holding client fiat, running payment accounts, or issuing cards at scale? That points you toward EMI/PI authorisation with Bank of Lithuania or another EU supervisor, not just VASP status.

  
  

• Balance-sheet and client reliance: Are you building something that institutional clients or large retail populations will rely on for core financial activity? If so, you should be designing for CASP/EMI/PI-grade governance and capital from day one.

If you answer “yes” to several of these, treating Lithuanian VASP registration as your end-state is risky. It may work for a year or two, but you’ll eventually be pushed – by regulators, banks, or your own growth – into a full CASP/EMI/PI licence.

How Lithuania compares to other EU options

From a strategy perspective, Lithuania competes with a handful of other EU hubs (for example, larger Western financial centres or other crypto-forward jurisdictions). What makes Lithuania interesting in the MiCA era is the combination of three factors:

• Depth of the VASP market: As we saw earlier, Lithuania hosts hundreds of VASP entities with real revenue and employment. This creates an ecosystem of advisors, banks, and service providers that understand the model.

• Regulatory familiarity with crypto flows: Supervisors and FIU staff have spent years dealing with high volumes of on-chain activity. That doesn’t mean they are lenient; it means they have pattern-recognition and a lower tolerance for box-ticking.

  
  

• Pathways into CASP/EMI/PI: You can use the VASP regime to prototype your controls, governance, and data flows, then roll those into a MiCA CASP application or an EMI/PI project, whether in Lithuania or another member state.

Compared to some heavier regimes, Lithuania still offers relatively fast time-to-market if you bring substance. Compared to purely “crypto-friendly” marketing jurisdictions, it offers a more credible path into MiCA and mainstream financial rails.

The strategic question for your board and investors is therefore not "Lithuania or MiCA?" but "What role should Lithuania play in our MiCA and payments map over the next 3–5 years?" – primary hub, specialist booking centre, or a jurisdiction we exit once CASP/EMI/PI licences elsewhere are live.

Risks, Supervisory Trends, and Common Pitfalls

If MiCA sets the destination and the Lithuanian VASP register shows who is already on the map, supervisory practice decides how bumpy the road will be. In 2025, Lithuanian authorities are less interested in how fast you incorporated and more in whether your controls and governance look like a real financial firm.

Supervisory mood in 2025

Three themes stand out in how supervisors and the FIU look at Lithuanian VASPs right now:

• Substance over slogans: With hundreds of entities on the lists and a median team size of 2 people, the default assumption is that many structures are thin. High revenue with tiny headcount, or complex products run from a near-empty local entity, attracts questions.

  
  

• Follow the flows, not the PDF: Authorities care less about the beauty of your AML policy and more about how transactions actually move through your stack, which tools you use, and who reviews alerts. They increasingly expect you to explain your on-chain architecture and monitoring in plain language.

  
  

• Early MiCA mindset: As CASP authorisations roll out, reviewers are informally grading VASPs on whether they could survive in a MiCA world: governance, outsourcing, conflict management, and client asset protection are creeping into what used to be a narrow AML registration.

For founders and compliance leads, this means that "good enough for VASP" is no longer a safe design target if you have any ambition beyond a small side business or a short-lived structure.

Typical issues regulators flag

Across files and onsite work, a few patterns keep coming up:

• Underpowered key function holders: MLROs and compliance officers with unrealistic 0.1 FTE allocations, vague mandates, or no practical influence on product and engineering decisions.

  
  

• Generic AML/CTF documentation: Policies copied from banks or other jurisdictions that don’t mention your actual assets, clients, or use-cases – and don’t match what the data shows in practice.

  
  

• Weak segregation and wallet design: Blurred lines between client and house wallets, no clear reconciliation process, or over-reliance on a single custodian without understanding how assets are really held on-chain.

  
  

• Black-box transaction monitoring: Outsourced tools plugged in without a clear risk-based rationale, tuning, or documented governance over alerts, escalations, and STRs.

  
  

• Board disengagement: Minutes and internal reporting that barely mention AML, sanctions, or operational risk, suggesting that compliance is a side spreadsheet, not part of strategy.

None of these on their own is always fatal, but together they paint a picture of a VASP that is not yet ready for CASP/EMI/PI-level scrutiny – and that’s exactly where the market is heading.

Common pitfalls for founders and compliance leads

Some of the biggest mistakes we see are not technical, but architectural:

• Treating Lithuania as a temporary loophole: Designing everything – entity, wallets, controls – around the assumption that you’ll "fix it later under MiCA". In practice, you inherit your shortcuts and have to unwind them under a harsher spotlight.

  
  

• Decoupling product and compliance: Shipping new features, tokens, or integrations without pulling AML, sanctions, and legal into the design phase. This leads to hard-to-monitor flows and awkward retrofits.

  
  

• Ignoring the human capacity constraint: Running a multi-country, multi-asset business with a two-person Lithuanian core team and a patchwork of group support. On paper this looks cheap; under stress, it breaks.

  
  

• Over-optimising for time-to-market: Choosing the fastest incorporation route, the cheapest providers, and the lightest possible policies – only to find that banks, payment partners, and institutional clients won’t onboard you.

The healthier pattern is to design your Lithuanian setup as an early version of your future CASP/EMI/PI architecture: same logic for segregation, ownership of controls, and data, just with lighter reporting and capital.

Use these themes as a board- and founder-level checklist: walk through them against your current plan and only then commit to a specific licensing and build path.

If you want a structured MiCA compliance checklist for founders that you can run through with your team, we have a separate guide that walks through each control area in more detail.

FAQ

To close, here are concise answers to the questions founders, compliance leads, and investors most often type into Google about Lithuanian VASP licensing and the register.

Q1. Is Lithuania crypto-friendly for VASP and CASP businesses in 2025?  

Yes, Lithuania remains crypto-friendly in the sense that it has a legacy VASP registration regime in grandfathering, an active market, and supervisors who understand on-chain activity. At the same time, the bar on substance, AML/CTF, and governance is rising – especially for firms that look like future MiCA CASPs or EMI/PI institutions – and new standalone VASP registrations are closed.

Q2. What license or registration do I need to operate a crypto exchange or wallet service in Lithuania?  

To operate a crypto exchange or hosted wallet service in Lithuania today, you typically either (a) operate through an entity that already holds VASP status on the VVKO/**DVVPO** lists, or (b) design directly for a MiCA CASP and/or EMI/PI licence. New VASP registrations are closed; we are in a grandfathering phase for firms that were already on the lists. If you plan to serve clients across the EEA or offer more complex services, you should assume a MiCA CASP authorisation (and, where fiat is central, an EMI/PI licence) is the relevant end-state, even if you inherit or partner with an existing Lithuanian VASP.

Q3. How do I apply for a VASP license in Lithuania and how long does it take?  

Short answer: you can’t file a fresh Lithuanian VASP application any more. New VASP registrations are closed and Lithuania is running a grandfathering regime for entities that were already on the VVKO/DVVPO lists before the cut-off. If you’re not on the register, your realistic options are to design directly for a MiCA CASP and/or EMI/PI licence (potentially using Lithuania as your home state) or to acquire/partner with a grandfathered Lithuanian VASP, subject to the same substance and AML/CTF expectations. If you do hold grandfathered VASP status, treat that registration as a starting point: the people, policies, and architecture you needed for VASP are exactly what supervisors will expect – in more detail – in your CASP/EMI/PI applications. In all cases, think in months rather than weeks, and budget time for at least one round of questions and clarifications with supervisors.

Q4. What does a Lithuania VASP license typically cost, including setup and ongoing work?  

For a Lithuanian crypto structure (around a grandfathered VASP and/or MiCA CASP/EMI/PI application), think in terms of total build/upgrade budget, not just state fees. As a rough guide, we typically see:

• €10k – basic document bundle built from standard templates; enough to tick boxes on paper, but usually light on substance and likely to need rework under scrutiny.

  
  

• ~€45k – custom policy set tuned to your business model, produced largely as a documentation project with limited day-to-day project management.

  
  

• ~€70k – documentation plus structured project support: workshops, coordination with technology and vendors, and organised responses to questions from banks or supervisors.

  
  

• €100k+ – full, senior-led build: design of the target operating model, testing, direct NCA engagement, and several review/remediation cycles, often covering multiple entities or service lines.

All of this sits on top of roughly €50k–€150k in statutory capital, up to €1k for company formation, and the ongoing compensation of your management team.

Q5. Where can I find and search the official Lithuanian VASP register?  

You can search the official Lithuanian VASP register via the national company-register infrastructure, which publishes separate lists for VVKO and DVVPO. In practice, you search by legal name or company code, then review the entry for service type, status, registration dates, and contact details – and use that to sanity-check competitors, partners, and your own public footprint.

Q6. How will MiCA and CASP licensing change requirements for Lithuanian VASPs over the next few years?  

MiCA now provides a harmonised CASP authorisation regime for most crypto-asset services across the EEA, which sits on top of – not neatly inside – today’s Lithuanian VASP registration. Over the next few years, Lithuanian VASPs with meaningful cross-border or institutional ambitions should expect expectations around governance, capital, client-asset protection, and reporting to converge toward full CASP/EMI/PI standards, even if they start life as simple VASPs.

Turning your Lithuanian VASP strategy into an execution plan

If this Lithuanian VASP snapshot triggered concrete questions – keep, upgrade, or exit Lithuania; VASP‑only vs CASP/EMI/PI; greenfield vs acquisition – you don’t have to solve them alone. On our services side we work with founders and compliance leads through a Strategy Architecture Sprint, Fractional Advisory, and Operational Architecture Build‑out to turn exactly this kind of analysis into a practical, regulator‑ready plan.

If you’re at the point where you need to translate this article into decisions, next steps, and ownership, head over to our services page to see how those engagements work in detail.