Licensed Crypto Exchanges EU 2026 — Authorised CASP Directory

The post-MiCA EU exchange landscape

The EU crypto exchange landscape transformed through 2024-2026 under MiCA Regulation (EU) 2023/1114. The framework replaced fragmented national VASP registrations with unified CASP authorisation across all 27 EU member states. The transition produced a smaller, more rigorously-supervised exchange population than the pre-MiCA era.

The pre-MiCA landscape was characterised by national VASP registers operating under 5AMLD frameworks. Estonia, Lithuania, Czech Republic, Latvia, Finland, Netherlands, and other member states maintained separate registers with varying substance and supervision standards. The total registered VASP population peaked at approximately 2,500-3,000 across the EU.

The post-MiCA landscape in 2026 has approximately 300-500 authorised CASPs across the 27 member states. The contraction reflects:

• Voluntary exit by operators that did not pursue or could not obtain MiCA authorisation
• Migration failure for operators that commenced authorisation but could not complete
• Selective member-state distribution with several major pre-MiCA hubs hosting smaller post-MiCA populations
• Substantively higher substance and operational standards under MiCA versus pre-MiCA frameworks

For operators verifying counterparty status, customers identifying regulated platforms, or analysts tracking the EU crypto landscape, the ESMA-maintained CASP register is the authoritative source. The register operates under Article 109 of MiCA with NCA-coordinated updates and produces public visibility of authorisation status across the EU.

How CASP authorisation works

CASP authorisation under MiCA operates through several structural elements:

Service classification. MiCA Article 3(1)(16) defines crypto-asset services. Annex IV maps services to capital classes — Class 1 (advisory and limited services, EUR 50,000 capital floor), Class 2 (operational services, EUR 125,000 capital floor), Class 3 (trading platform operations and substantial custody, EUR 150,000 capital floor).

Service permission scope. Authorised CASPs hold permission for specific services within their authorisation. Authorisation for one service does not produce automatic permission for others — operators must obtain permission for each service category they operate.

Authorisation procedure. Articles 62-63 cover the procedure. Completeness assessment, five-month statutory clock, information requests during review, ESMA notification on grant. Typical real timelines run 6-12 months for clean files.

Capital and prudential requirements. Article 67 covers initial and ongoing capital. Class 3 trading platforms face EUR 150,000 capital floor plus risk-based add-on potentially extending the requirement substantially.

Conduct and operational rules. Articles 66-82 cover conduct of business, conflict of interest, custody, market abuse, and broader operational rules. Articles 83-84 cover qualifying holdings and acquisitions.

Ongoing supervision. National competent authority (NCA) of the home member state conducts ongoing supervision. ESMA coordinates EU-wide register and designated-CASP supervision under Articles 92-94. EBA coordinates for ART/EMT issuers and designated CASPs.

The framework is substantively more demanding than pre-MiCA VASP registration but produces single-market access through Article 65 passporting — a CASP authorisation in one member state enables operations across all 27.

The major EU licensing hubs

The post-MiCA CASP population concentrates in several principal member states:

Lithuania. The Bank of Lithuania (Lietuvos bankas) hosts one of the largest authorised CASP populations through 2025-2026. The Lithuanian pre-MiCA VASP register provided substantial migration pipeline and the integrated single-supervisor model has supported efficient authorisation processing. Approximately 50-80 authorised CASPs as of 2026.

Cyprus. CySEC operates one of the major MiCA-authorised CASP populations with strong cross-border financial-services positioning. Cyprus has been one of the more active jurisdictions in authorising mid-tier and larger CASPs through 2025-2026. Approximately 30-50 authorised CASPs.

Netherlands. AFM-DNB joint supervision hosts a smaller but premium-tier CASP population. The Dutch framework produces strong reputational signal but with higher cost economics than CEE alternatives. Approximately 20-30 authorised CASPs.

Ireland. Central Bank of Ireland operates a smaller authorised CASP population with premium-tier banking-grade supervisor framework. Ireland has been selective in authorisation through 2025-2026 producing high-quality but limited-population framework. Approximately 15-25 authorised CASPs.

Malta. MFSA operates substantial authorised CASP population leveraging Malta’s pre-MiCA Virtual Financial Assets framework experience. Malta has historic positioning in EU crypto licensing. Approximately 30-50 authorised CASPs.

Czech Republic. Czech National Bank operates substantial authorised population from the migration of pre-MiCA Czech crypto-firm register. Approximately 40-60 authorised CASPs.

Other member states. Spain, France, Germany, Italy, Belgium, Luxembourg, Estonia, Latvia, Poland, and others host smaller authorised CASP populations. Some major operators (institutional banks adding crypto services, payment institutions extending to crypto) operate in member states outside the principal CASP hubs.

How major exchanges are authorised

The major global crypto exchanges operating in the EU hold CASP authorisation through specific subsidiary structures. Verifiable through the ESMA register and exchanges’ regulatory disclosures:

Binance. Has pursued MiCA authorisation pathways in multiple EU jurisdictions. Specific authorisation status by entity is verifiable through ESMA register and Binance’s regulatory disclosures. Operations have evolved through 2024-2026 as the broader Binance regulatory landscape developed globally.

Coinbase. Operates through authorised European entity structure with MiCA CASP authorisation. Coinbase has been one of the major exchanges to pursue EU regulatory authorisation early and operates with strong regulatory engagement positioning.

Kraken. Authorised in multiple EU jurisdictions through subsidiary structures. Kraken has held banking authorisation in the US (Kraken Bank) and has pursued comparable institutional-grade positioning in the EU through CASP authorisation.

Bitstamp. Long-established European operator. Authorised under MiCA framework following migration from pre-MiCA registration.

Crypto.com. Has pursued EU CASP authorisation alongside broader global regulatory engagement.

Major regional exchanges. Various regional exchanges (BitPanda, Bitvavo, others) have obtained CASP authorisation in their home member states with EU passport reach.

The ESMA register provides authoritative verification of authorisation status. Operators verifying counterparty authorisation status should rely on the ESMA register rather than exchange marketing materials.

Designations under Article 85

Several major exchanges have been designated under Article 85 under MiCA Article 85 through 2025-2026. The designation triggers enhanced supervision under Articles 92-94 including:

• Direct ESMA information-request rights
• ESMA on-site inspection rights
• EBA coordination role for designated CASP supervision
• Enhanced ongoing reporting obligations
• Coordinated home-NCA plus ESMA plus EBA supervisor framework

Article 85 designation criteria include EUR 9 bn average client assets, EUR 4.5 m average daily users, or qualitative impact assessment by EBA. Several major exchange CASPs cross these thresholds based on customer-base scale and produce significance designation as the supervisor framework matures.

For operators verifying designated CASP designation status, the ESMA register includes significant-CASP marking. The status is operationally important for understanding the supervisory framework around major exchanges.

How to verify CASP authorisation status

The authoritative verification source is the ESMA-maintained CASP register. Practical workflow:

Access ESMA register. The register is publicly available through the ESMA website at the markets-in-crypto-assets section. The register lists all CASPs authorised by EU member-state NCAs.

Verify authorisation details. Each register entry includes operator name, home member state, authorising NCA, authorised services (which classes and which specific services within classes), authorisation date, and significance designation status if applicable.

Cross-check authorising NCA. For high-value verification, cross-check with the home member-state NCA’s own register. NCAs maintain their own published lists of authorised operators that can serve as secondary verification.

Confirm specific service permission. Authorisation for one service does not produce automatic permission for others. Confirm the specific service category that covers the activity in scope.

Check for enforcement or supervisor action. ESMA register and NCA publications include supervisor warnings, enforcement actions, and authorisation withdrawals. Verify authorisation is current and not subject to material supervisor concerns.

Verify entity identity. Confirm the specific legal entity holding the authorisation matches the entity the operator deals with. Some exchanges operate through multiple legal entities with authorisation held by specific entities only.

Authorisation grants vs pending applications

The ESMA register lists authorised operators. Operators with pending applications under Article 63 review do not appear in the register until authorisation is granted. Several considerations:

Pre-MiCA register migration. Operators in MiCA Article 143 transitional regime appear in pre-MiCA national registers but not in the ESMA CASP register until MiCA authorisation is granted. The 1 July 2026 maximum deadline applies for transition completion.

Pending applications. Operators with applications under NCA review do not appear in the ESMA register until authorisation is issued. Application status is not public — operators only appear post-grant.

Conditional authorisations. Some authorisations are granted conditionally with specific operational restrictions during a transition period. The conditional authorisation appears in the register but operators should verify any operational conditions.

Refused or withdrawn authorisations. Refused applications and withdrawn authorisations are tracked through NCA enforcement publications and ESMA coordination but operate outside the active CASP register.

Practical takeaways

The licensed EU crypto exchange landscape in 2026 is materially smaller, more rigorously-supervised, and more harmonised than the pre-MiCA VASP era. Three principles for operators and analysts engaging with the framework:

Use the ESMA register as authoritative source. Verify authorisation status through ESMA register rather than relying on exchange marketing materials. The register is the public-record authoritative source for current authorisation across the EU.

Plan for ongoing supervisor visibility. Authorisation in one EU member state produces visibility across all 27 through Article 88 information-sharing and ESMA coordination. Operators planning member-state-by-member-state isolation strategies misread the operational reality.

Verify specific service permission scope. Authorisation for one CASP service does not produce automatic permission for others. Verify the specific service category that covers your counterparty engagement or your customer-facing activity.

For corrections, updates, or counsel referrals on EU CASP authorisation verification, email [email protected].