CASP vs VASP: What Actually Changed Under MiCA

Two words, two regulatory worlds

“VASP” and “CASP” sound like variants of the same thing. They are not. They describe the crypto-licensing world before MiCA and the crypto-licensing world after it — and the gap between them is the single biggest shift in EU crypto regulation.

Getting the distinction wrong is the most common framing error we see. A founder who carries a VASP-era mental model into a CASP project under-scopes everything: the capital, the governance, the timeline, the cost, the supervisory depth.

What a VASP was

A VASP — Virtual Asset Service Provider — was a firm registered on a national register, established by each member state when it transposed the EU’s Anti-Money Laundering Directives. The VASP register was, in substance, an AML/CFT registration. Its purpose was to bring crypto firms inside the anti-money-laundering perimeter — customer due diligence, suspicious-transaction reporting, an MLRO.

What a VASP registration was not:

• It was not a financial-services licence in the prudential sense
• It carried no EU-wide reach — a VASP registered in one member state had no automatic right to operate in another
• It typically imposed little or no capital requirement
• It involved light governance and conduct supervision compared with a regulated financial institution

The VASP world was fragmented by design. Each member state ran its own register, with its own standards. A firm “licensed” as a VASP in one country was a stranger everywhere else.

What a CASP is

A CASP — Crypto-Asset Service Provider — is a firm authorised under MiCA, Regulation (EU) 2023/1114. A CASP authorisation is a full EU financial-services authorisation, and it changes the picture on every axis.

A CASP is supervised across the whole regulated surface:

• Prudential — capital floors and an ongoing own-funds requirement
• Governance — management-body suitability, conflicts of interest
• ICT resilience — DORA
• Conduct — complaints handling, marketing rules, custody rules
• Market integrity — the market-abuse regime for trading platforms
• AML/CFT — still there, but now one workstream among many

And critically, a CASP authorisation passports. One authorisation, granted by one home regulator, gives the firm the right to provide its services across all 27 EU member states.

The comparison, point by point

Dimension	VASP (pre-MiCA)	CASP (under MiCA)
Legal nature	National AML/CFT registration	EU financial-services authorisation
Legal basis	National transposition of EU AML Directives	MiCA Regulation (EU) 2023/1114
Geographic reach	National only	Passportable across all 27 EU states
Capital requirement	Typically none or minimal	€50,000 / €125,000 / €150,000 (Annex IV) + ongoing
Governance supervision	Light	Full — management body suitability, conflicts
ICT resilience	Not a focus	DORA applies
Conduct rules	Minimal	Complaints, marketing, custody, best execution
Market abuse	Not covered	MiCA Title VI applies
Supervisory intensity	Administrative	Financial-institution-grade

The pattern is consistent: every row is a step up. CASP is not “VASP, renamed.” It is a materially heavier regime.

Cited expert

MiCA represents a breakthrough for the regulation of crypto-assets.

How the transition worked

MiCA started applying to CASPs from 30 December 2024. Existing VASPs were not shut down overnight — MiCA’s transitional regime (the transitional regime) let a firm registered under a national VASP regime keep operating while its CASP authorisation application was reviewed, provided the application was filed before the member state’s deadline.

That window has a hard end: 1 July 2026 at the latest, and earlier in member states that chose a shorter transitional period. After the deadline, a VASP registration does not survive. Only a granted MiCA CASP authorisation permits crypto-asset services in the EU.

Crucially, the transition is not an automatic upgrade. A VASP does not become a CASP by operation of law. It has to file a full CASP authorisation application — and several EU regulators have stated they apply the same substance review to transitional applicants as to brand-new entrants. A long VASP track record helps with familiarity; it does not guarantee the CASP authorisation.

Why the distinction costs real money

The reason this comparison matters is budgeting and scoping. A firm that benchmarks its CASP project against its VASP experience gets three things wrong:

1. Cost — the CASP regime carries capital, ongoing own-funds, insurance for custody, and a far heavier documentation and counsel workload than a VASP registration ever did.

2. Timeline — a VASP registration was administrative and relatively quick. A CASP authorisation is a months-long supervisory process.

3. Substance — a VASP could operate with a thin local footprint. A CASP authorisation expects real substance: a suitable management body, local presence, genuine governance.

The firm that scopes a CASP project as “our VASP, upgraded” arrives at the regulator under-prepared. The firm that scopes it as a fresh financial-services authorisation — which is what it is — arrives ready.

Working with counsel on a VASP-to-CASP transition

The diagnostic for counsel: ask them to map exactly which parts of the existing VASP file the regulator will accept and which need rebuilding to MiCA standard — and to scope the project as a financial-services authorisation, not a re-registration. Counsel that frames it as a light conversion has the wrong model. The firms in our index with documented VASP-to-CASP transition experience are listed below.