EU Licensing Requirements for CASPs Explained – MiCA, EMI, PI, and More
- ASD Labs
- Apr 10
- 10 min read
🔑 Key Takeaways
MiCA completely changes the playing field that was established by AMLD5 with a full-scope licensing regime for CASPs, introducing stricter requirements and EU-wide passporting rights.
Lithuanian VASPs were early to register under AMLD5, but they now face one of the shortest MiCA transition periods in the EU – the deadline is May 2025.
MiFID II may apply to crypto businesses that deal in tokenized securities or investment-like assets – triggering dual compliance for some platforms.
PSD2 still governs fiat-based services. If you're handling euros, offering SEPA rails, or issuing e-money, you’ll need a PI or EMI license in addition to MiCA.
There is no one-size-fits-all license. Your regulatory obligations depend on what you actually do – not what you call your product.
Licensing is more than compliance. Firms that structure around MiCA, PSD2, and MiFID II now will be positioned to scale faster across EU markets.
Introduction - The Maze of EU Licensing for Crypto Companies
MiCA. PSD2. MiFID II. AMLD5. EMI. PI.
If you’re building in crypto or fintech in Europe, you’re not just launching a product – you’re navigating a minefield of overlapping regulations.
In Lithuania, many founders assumed registering as a VASP under AMLD5 was enough. It isn’t. By the end of 2025, that registration won’t count for much. MiCA is coming – and with it, a far more demanding regime. But MiCA isn’t the only acronym that matters.
Depending on what you build – whether you hold fiat, offer custody, process payments, or trade tokenized assets – you may fall under multiple frameworks: MiCA for crypto, PSD2 for payments, MiFID II for investments, and additional licensing like EMI or PI.
This article is your practical reference. No legal jargon. No abstract theory. Just a clear, founder-friendly insight into what each regulation does, how they differ, and when they apply.
Let’s decode the EU’s regulatory stack – and help you choose the right path forward.
The 6 Pillars: What Each Regulation or License Does
Before diving into the differences, it helps to know what we’re comparing. Each of these six frameworks plays a distinct role in Europe’s financial regulation landscape. Depending on what your business does – or plans to do – one or more may apply.
Here’s what each one covers, in plain terms:
MiCA (Markets in Crypto-Assets Regulation) – MiCA is the EU’s comprehensive framework for crypto asset service providers (CASPs). It introduces full-scope licensing, capital requirements, governance expectations, and consumer protections. MiCA builds on top of AMLD5 for most crypto businesses and will be fully enforced across the EU by the end of 2025. It covers everything from custody and trading to issuing stablecoins.
AMLD5 (5th Anti-Money Laundering Directive) – AMLD5 introduced the first EU-wide registration obligation for CASPs. It was focused on anti-money laundering (AML) – not full licensing. It required crypto firms to register with local authorities and comply with KYC/AML rules. In Lithuania, this formed the basis for the existing CASP regime.
MiFID II (Markets in Financial Instruments Directive) – MiFID II governs traditional investment services and applies to companies dealing with financial instruments – including tokenized securities. If your crypto offering crosses into investment territory, MiFID II may apply in parallel with MiCA. It’s stricter and more complex, covering everything from investor protection to execution standards.
PSD2 (Revised Payment Services Directive) – PSD2 governs payment services and access to bank infrastructure. If your product handles fiat transfers, payment initiation, or account information services, you’re in PSD2 territory. This includes businesses building on SEPA rails or offering fiat on/off-ramps. PSD2 doesn’t touch crypto directly, but many hybrid models need both PSD2 and MiCA compliance.
EMI License (E-Money Institution) – An EMI license allows you to issue e-money – digital alternatives to fiat – and hold customer funds. It’s the go-to license for neobanks and digital wallets operating across the EU. EMIs must safeguard client funds, maintain regulatory capital, and follow strict reporting standards. This license is heavier than a PI, but offers broader functionality.
PI License (Payment Institution) – A PI license is lighter than EMI but still powerful. It allows you to process payments, initiate transfers, and operate under PSD2. PIs can’t issue e-money, but they’re ideal for fintechs focused on payments infrastructure.
Understanding the scope of each regulation is step one. But when do they actually apply – and how do they interact with one another?
Let’s start by looking at how MiCA ups-the-bar, and what that means for CASPs already operating in the EU.
MiCA vs AMLD5: The Crypto Regulation Transition
For years, AMLD5 served as the EU’s de facto crypto regulation. It didn’t offer a license – just registration. It asked crypto asset service providers (CASPs) to identify themselves, put basic AML procedures in place, and cooperate with authorities. That was the start. But it was never designed to handle the complexity or risk of today’s crypto landscape.
MiCA replaces AMLD5 as the regulatory foundation for CASPs across the EU. And unlike AMLD5, it’s not just about transparency – it’s about structure, governance, and resilience. If you’re custodying crypto assets, operating a trading platform, or issuing stablecoins, MiCA isn’t optional. It’s mandatory.
The differences are material:
Licensing vs Registration: AMLD5 required VASPs to register with local regulators. MiCA introduces full licensing with capital, governance, and operational obligations.
Consumer Protection: MiCA mandates complaint handling, disclosures, and segregation of client assets – none of which AMLD5 touched.
Passporting: AMLD5 didn’t enable cross-border operations. MiCA does – once licensed in one EU state, firms can operate in others without separate approvals.
For a deeper look at the shift from AMLD5 to MiCA and what it means for CASPs, see our breakdown: EU Crypto Regulation: VASP Market Evolution and the MiCA Compliance Deadline.
In Lithuania, CASPs were early movers under AMLD5. But that first-mover advantage is now on a clock.
Grandfathering Isn’t a Free Pass
MiCA includes a transition period for CASPs already registered under AMLD5 – but it’s tight. Each member state sets its own timeline, with most expiring by mid-to-late 2025. Lithuania has already begun the transition. If you’re operating without a MiCA license application in progress, you’re at risk of disruption.
MiCA doesn’t just raise the bar – it replaces the playing field. And for Lithuanian CASPs who want to maintain continuity across the EU, moving early isn’t just smart – it’s essential.
Let’s now look at another common point of confusion: how MiCA compares to MiFID II – and what happens when crypto services overlap with traditional finance.
MiCA vs MiFID II: Where Crypto Meets Securities Law
Not every crypto business falls neatly under MiCA. When tokens start to look like financial instruments – equity-like governance, profit-sharing, or derivatives – MiFID II enters the frame. That’s where things get more complex.
MiCA and MiFID II are not interchangeable. One regulates crypto-specific services (CASPs). The other governs investment firms dealing in securities. But for tokenized assets, the line between them is thinner than many founders think.
Here’s the practical distinction:
MiCA covers crypto-assets that are not financial instruments.
MiFID II applies when those crypto-assets are financial instruments.
The EU defines financial instruments using a classic framework: transferable securities, units in collective investment schemes, derivatives, etc. If a crypto token meets that test, it’s regulated under MiFID II – regardless of whether it's on-chain.
Dual Compliance Is Rare – But Real
Most CASPs won’t fall under MiFID II. But the moment your platform supports trading tokenized equity, securities tokens, or investment-based NFTs, you're in dual compliance territory.
That means:
Licensing under both regimes – MiCA for your crypto operations, MiFID II for your investment activity.
Two regulatory frameworks, two communication channels – operating under both MiCA and MiFID II means navigating distinct legal regimes.
Higher operational overhead – investor protection rules, best execution policies, and suitability assessments all come into play.
Strategic Takeaway
If you’re a Lithuanian founder exploring tokenized investments or hybrid asset platforms, don’t assume MiCA is a universal cover. MiFID II wasn’t built for crypto, but it will apply if your product touches traditional financial instruments.
What’s essential is clarity – in your product scope, your asset classification, and your regulatory obligations.
Next, we’ll explore another area of overlap: how MiCA interacts with PSD2, and when firms need EMI or PI licenses to operate with fiat.
MiCA vs PSD2, EMI, PI: Fiat, Payments, and Custody
MiCA may dominate headlines, but it doesn't cover everything – especially not when euros or SEPA payments are involved. If your business touches fiat, you’re not just in crypto territory anymore. You're also dealing with PSD2 – and possibly needing a PI or EMI license, or a very reliable partner whose license you can leverage.
This is a common blind spot for crypto-first founders. MiCA regulates how you handle crypto-assets – not traditional currency. The moment you start holding fiat on behalf of clients, processing SEPA transfers, or issuing payment accounts, you’ve crossed into a separate regulatory domain with different rules, timelines, and expectations.
PSD2: The Payments Backbone
PSD2 governs payment services in the EU. It introduced strong customer authentication (SCA), access to banking APIs, and clear rules for payment institutions. If you’re building a fiat on-ramp, issuing IBANs, or linking directly to user accounts – PSD2 is your operating framework.
To operate under PSD2, you need one of two licenses:
PI (Payment Institution) – A lighter license that allows payment processing, initiation, and FX services. Common for startups offering payment rails without holding e-money.
EMI (Electronic Money Institution) – A heavier license that allows issuance of e-money and safeguarding of user funds. Used by neobanks, digital wallets, and firms holding fiat balances for clients.
When You Need Both MiCA and PSD2 Licensing
Some business models will clearly need dual compliance. For example:
A custodial crypto wallet that also allows users to store euros or top up via SEPA → You’ll likely need both a MiCA license and an EMI license.
A crypto exchange offering fiat off-ramps or integrated bank accounts → MiCA plus PSD2 (via a PI or EMI license).
A DeFi protocol with fiat access through third parties → You might avoid PSD2 if the third party is fully licensed – but you'll need to tread carefully and document everything.
But licensing isn’t always required. Many early-stage companies and cross-border operators choose to work with a regulated partner – for example, a licensed EMI – and build their product on top of that infrastructure. That route can speed up go-to-market, reduce regulatory overhead, and help validate the model before investing in your own license. The key is selecting a partner with proper safeguards, alignment on service scope, and clear SLAs.
Whether you license or partner, the responsibility still lands on you: your clients, your brand, your compliance exposure. And regulators will care about how you're operating – not just under whose license.
Lithuanian Context
Lithuania is the most active jurisdictions for EMI and PI licenses in the EU. Many international fintechs have already planted a flag here. If you're operating locally, the infrastructure and supervisory environment are in place – but the bar is rising.
Firms that delay or misjudge their licensing needs risk operational headaches. We’ve seen founders launch wallets only to discover they’re technically holding fiat – triggering a licensing gap. Others hit a wall when banking partners freeze accounts over unclear EMI status. In a worst-case scenario, a SEPA connection can be revoked, stalling client onboarding or disbursements across the EU.
When founders plan for fiat integration and crypto services separately, they risk building fragmented compliance stacks. The smarter move? Plan for both together – and license strategically from day one.
Let’s now shift from regulatory mapping to strategic thinking: how should founders approach licensing from a product and growth perspective?
Strategic Licensing: How to Think Like a Regulator
Most licensing mistakes don’t come from bad intentions – they come from mismatched assumptions. A founder thinks they’re building a wallet, but they’re actually custodying assets. A product team launches payment features without realizing they’ve stepped into PSD2 territory. A company thinks MiCA solves everything, but they're processing fiat and need EMI status too.
To avoid missteps, start by thinking like a regulator.
What Regulators Care About
Regulators don’t care what you call your product. They care what it does. Their lens is function-first, not brand-first. Ask yourself:
Are you holding customer assets (crypto or fiat)?
Are you facilitating payments or issuing e-money?
Are your users investing in financial instruments?
Do you custody private keys, or access client funds?
Each “yes” triggers a different license or regulation. And if you trigger more than one, expect layered compliance.
Mapping EU Licensing Requirements for CASPs by Business Mode
Let’s bring this down to ground level. Here’s how common business models map to EU regulatory regimes:
Business Model | Likely Licensing Path |
Crypto Exchange (custodial) | MiCA (CASP license) |
Fiat On/Off-Ramp | MiCA + PI or EMI |
Multi-Asset Wallet (crypto + EUR) | MiCA + EMI |
Tokenized Securities Platform | MiCA + MiFID II |
Crypto Tax or Analytics Tool | No license (unless handling user assets) |
Neobank w/ Crypto Feature | EMI + MiCA |
DeFi Protocol (non-custodial) | Case-by-case, often unregulated (for now) |
The Acquisition Angle
If you're looking to acquire a licensed entity – like a Lithuanian CASP or EMI – remember that licenses don’t automatically transfer. You’ll still need to notify the regulator, demonstrate post-acquisition compliance, and in some cases, reapply under MiCA.
But the right acquisition can shortcut market entry and save 12–18 months of regulatory wait time.
Licensing isn’t a checkbox – it’s part of your product architecture. If you build with it in mind, you gain more than compliance. You gain operational flexibility, faster launches, and long-term scalability.
Let’s close with a simple but powerful idea: regulation isn’t just a constraint. In this space, it’s infrastructure.
Conclusion – Build With Regulation, Not Against It
Understanding the EU’s regulatory landscape isn’t just a legal exercise — it’s a strategic advantage. Whether you're operating under MiCA, PSD2, or MiFID II, each framework defines how you scale, what services you can offer, and where you can go next.
For Lithuanian founders and operators, the urgency is real. MiCA is arriving fast, and the window to transition from AMLD5 is closing. At the same time, PSD2-based licensing (PI or EMI) continues to be a foundational layer for anyone touching fiat.
The key insight?
These regimes don’t compete – they complement. And knowing how they fit together is what separates reactive compliance from forward-thinking execution.
This article wasn’t written to overwhelm you with rules. It’s here to help you think clearly, plan early, and act with confidence. Because in 2025, regulation isn’t just part of the product – it is the product.
So ask yourself: is your licensing strategy holding you back – or setting you up to win across the EU?
Need a second opinion on your licensing setup?
We’re technologists first, and we’ve spent years helping crypto and fintech teams build products that don’t just work – they comply.
If you’re unsure whether your stack matches your regulatory obligations, we’re happy to take a look.
Comentarios