VASP licensing · Pre-MiCA frameworks
VASP License Crypto Explained — Pre-MiCA Frameworks to MiCA Migration
VASP — Virtual Asset Service Provider — was the dominant EU crypto-licensing concept before MiCA. The framework operated through national AML registers under 5AMLD: Estonia's MTR register, Lithuania's VASP register, Czech Republic's CNB list, Latvia's FCMC register, Finland's Fin-FSA register, Netherlands' DNB register. MiCA replaces all of this with unified CASP authorisation. Here's what changed and how migration works in practice.
VASP (Virtual Asset Service Provider) is the FATF-derived term used in pre-MiCA EU regulatory frameworks for entities providing crypto-asset services. VASP registration was AML-focused under 5AMLD national implementations. The MiCA Regulation (EU) 2023/1114 introduces unified CASP (Crypto-Asset Service Provider) authorisation across all 27 EU member states, replacing the fragmented pre-MiCA VASP framework with full prudential, conduct, and AML supervision.
Quick facts
| Parameter | Value |
|---|---|
| VASP term origin | Financial Action Task Force (FATF) 2018 recommendations on virtual assets and VASP regulation |
| Pre-MiCA VASP frameworks | Estonia MTR (since 2017), Lithuania VASP register (since 2020), Czech Republic CNB list (since 2017), Latvia FCMC register, Finland Fin-FSA register, Netherlands DNB register |
| Pre-MiCA framework scope | AML/CFT registration only under 5AMLD; no substantive prudential or conduct supervision |
| MiCA replacement | Full CASP authorisation under MiCA Articles 59-89 covering prudential, conduct, AML, ICT, operational resilience |
| Transitional regime | MiCA Article 143 — VASP register operators can continue under transitional arrangements until 1 July 2026 maximum |
| Migration deadline | 1 July 2026 — VASP register operators must hold MiCA CASP authorisation or cease EU customer operations |
| Pre-MiCA register peak | Estonia MTR peaked at 1,600+ registered VASPs; total EU pre-MiCA VASP population approximately 2,500-3,000 |
| Post-MiCA reality | Approximately 300-500 EU CASPs authorised as of 2026; substantial contraction from pre-MiCA VASP population |
What VASP licensing was
VASP — Virtual Asset Service Provider — is the term the Financial Action Task Force (FATF) introduced in its 2018 updated guidance on virtual assets. FATF defined VASP as any entity that conducts one or more crypto-asset services: exchange between virtual assets and fiat, exchange between virtual assets, transfer of virtual assets, custody and administration of virtual assets, or financial services related to issuer offerings or sales.
EU member states adopted the FATF definition into their AML/CFT frameworks under the 5th Anti-Money Laundering Directive (5AMLD). The directive required member states to subject crypto-asset service providers to AML/CFT obligations and supervisor oversight. Each member state implemented through national legislation — producing the patchwork of VASP register frameworks that defined EU crypto regulation from 2018 through 2024.
The pre-MiCA frameworks shared common characteristics:
AML-focused. Registration covered AML/CFT obligations under 5AMLD — customer due diligence, suspicious activity reporting, sanctions screening, record retention. The frameworks did not impose prudential capital requirements, conduct-of-business rules, or operational resilience standards.
National scope only. VASP registration in one member state did not produce passport access to other member states. Each operator needed separate registration in each member state where it conducted activity (in theory; in practice many operators relied on home-state registration plus cross-border services arrangements that varied by member state interpretation).
Variable supervisor intensity. Estonia and Lithuania applied lighter-touch registration with broad licensee populations. Finland, Netherlands, and Latvia applied more selective registration with substantive AML scrutiny. The intensity varied across the framework producing different operational realities in different member states.
Lower substance bar than MiCA CASP. Most pre-MiCA VASP frameworks accepted skeletal substance — non-resident senior management, corporate-services-provider addresses, minimal in-jurisdiction operational presence. The exceptions (Finland, Netherlands) applied more demanding substance expectations even at registration phase.
The major pre-MiCA VASP frameworks
Estonia MTR register. Established 2017 under the Money Laundering and Terrorism Financing Prevention Act. The largest pre-MiCA VASP framework — at peak around 1,600 registered providers. Several enforcement scandals through 2019-2022 produced reputational damage and progressive policy tightening. By 2024 the register had contracted to under 100 active providers as the supervisor revoked registrations and operators exited.
Lithuania VASP register. Established 2020 under amendments to the Law on Prevention of Money Laundering and Terrorist Financing. Substantial population — peaked around 500-600 registered VASPs. More selective than Estonia from inception, with progressive substance tightening through 2022-2024.
Czech Republic CNB list. Czech National Bank operated the crypto-asset provider list since 2017 under the Czech AML Act. Substantial population around 500-700 registered operators. The framework was lighter than Lithuania or Finland with corresponding regulatory dynamics.
Latvia FCMC register. Smaller AML-registration framework under the Finance and Capital Market Commission. Limited registered population, limited enforcement history. The 2023 integration reform consolidated FCMC into Latvijas Banka producing a single integrated supervisor.
Finland Fin-FSA register. Established 2019 under the Act on the Provision of Virtual Currency Services. Selective framework with substantive AML and operational expectations — approximately 15-25 registered operators at peak. The Finnish framework produced more demanding registration than larger registers but smaller population.
Netherlands DNB register. Established November 2020 under amendments to the Dutch Money Laundering and Terrorist Financing Prevention Act. Approximately 30-50 registered VASPs at peak. DNB applied substantive substance and AML expectations producing a more selective registered population.
Other member states. Most other EU member states operated lighter pre-MiCA frameworks or had not implemented dedicated VASP registration before MiCA took effect. The pattern was inconsistent across the 27-member-state landscape.
What MiCA replaces and how
MiCA Regulation (EU) 2023/1114 introduced unified CASP authorisation across all 27 EU member states. The framework differs from pre-MiCA VASP registration in multiple dimensions:
Full multi-dimensional supervision. MiCA CASP authorisation covers prudential capital requirements (Article 67), conduct of business rules (Articles 66-82), AML obligations integrated with the broader Anti-Money Laundering Regulation (AMLR), ICT operational resilience under DORA, customer asset protection (Articles 70 and 75), and ongoing supervisor engagement under each national competent authority.
EU passport. CASP authorisation in one EU member state produces operational rights across all 27 member states under Article 65 passporting. The single market access transforms the operator’s cross-border capability compared to fragmented national VASP registration.
Substantive substance requirements. MiCA CASP authorisation requires substantive entity presence, named resident senior management, dedicated compliance and AML teams, real operational infrastructure. The substance bar is consistent across member states (varying somewhat by national supervisor temperament) and is materially higher than pre-MiCA VASP norms in most member states.
Categorised by service set. MiCA distinguishes Class 1 (advisory and limited services), Class 2 (operational services), and Class 3 (trading platform operations and substantial custody). Capital requirements scale with class — EUR 50,000 for Class 1, EUR 125,000 for Class 2, EUR 150,000 for Class 3 under Annex IV. The class system produces proportionate regulation matching activity scope.
The Article 143 transitional regime
MiCA Article 143 provides a transitional regime for pre-MiCA VASP-registered operators. The regime allows existing VASP-registered operators to continue activities under MiCA-applicable rules during a defined transitional window without immediate CASP authorisation requirement.
Key features:
Effective date. MiCA CASP authorisation provisions came into effect 30 December 2024. The transitional regime started running from that date for operators registered under pre-MiCA VASP frameworks as of the effective date.
Maximum transitional window. The regime runs until 1 July 2026 maximum — eighteen months from MiCA effective date. Member states could elect shorter transitional windows in their national MiCA implementing legislation.
Member state-specific deadlines. Several member states have implemented transitional windows shorter than 18 months. The actual deadline varies by member state. Lithuania set 1 July 2026, Czech Republic set 1 July 2026, Estonia set earlier deadlines. Operators must verify the specific deadline in their home member state.
Migration obligation. During the transitional window, operators must apply for full MiCA CASP authorisation and have authorisation granted before the deadline. Failure to obtain authorisation by the deadline requires the operator to cease EU customer operations or face enforcement under Article 59 unauthorised-operation provisions.
Continued AML obligations. During the transitional window, operators continue under their existing VASP AML framework alongside developing MiCA CASP framework. The dual obligation period is operationally complex but is the bridge structure between regimes.
Practical migration realities
The migration from VASP to MiCA CASP is more demanding than many pre-MiCA operators anticipated. Common migration issues:
Substance uplift. Many pre-MiCA VASP operators built thin substance under the lighter pre-MiCA framework. MiCA CASP substance requirements demand named resident senior management, dedicated compliance and AML teams, real operational infrastructure. The substance build is real and runs months of preparation.
Capital reset. MiCA Annex IV minimum capital (EUR 50,000-150,000) is consistent across member states but is meaningfully higher than some pre-MiCA frameworks required at registration phase. Operators that capitalised at pre-MiCA-minimum levels need capital top-up before CASP authorisation.
Senior management fitness-and-properness review. MiCA fitness-and-properness review extends beyond AML competence into full senior-management substance assessment. Pre-MiCA senior management with limited industry experience or adverse regulatory history face material review challenges.
ICT and DORA framework. MiCA CASP authorisation requires DORA-aligned ICT operational resilience framework. Pre-MiCA VASPs typically had not built DORA-equivalent infrastructure. The DORA build is one of the most-time-intensive migration workstreams.
AML programme uplift. Pre-MiCA VASP AML programmes typically met 5AMLD baseline. MiCA-era AML expectations align with AMLR and MLD6 standards including enhanced customer due-diligence, more detailed transaction monitoring, and integration with the future EU FIU framework. Programme uplift is needed for most migrating operators.
The migration cost typically runs EUR 200,000-500,000 for a mid-tier operator including legal advisory, substance build, capital top-up, and system implementation. Operators that planned migration starting late 2024 are typically in the latter stages by mid-2026. Operators that delayed migration planning face the 1 July 2026 deadline with insufficient runway and material risk of operations cessation.
Current state of the EU CASP population
The pre-MiCA VASP population was approximately 2,500-3,000 registered operators across all EU member states. The post-MiCA CASP population in 2026 is materially smaller — approximately 300-500 authorised CASPs across the 27 member states.
The contraction reflects:
Voluntary exit. Many pre-MiCA operators exited rather than migrate. The cost-benefit analysis favoured exit for low-scale operators, operators with serious substance gaps, or operators with reputational concerns from pre-MiCA enforcement history.
Migration failure. Some operators commenced migration but failed to complete authorisation in the transitional window — typically due to substance gaps, AML programme deficiencies, or fitness-and-properness concerns.
Selective member-state distribution. The post-MiCA authorised CASP population concentrates in fewer member states than the pre-MiCA register population — Lithuania, Czech Republic, Netherlands, and Cyprus host substantial CASP populations, while many smaller pre-MiCA registers have minimal post-MiCA presence.
The result is a tighter, more substantively-regulated EU crypto operator population than the pre-MiCA framework produced. Quality up, quantity down.
Practical takeaways
VASP licensing is an artefact of the pre-MiCA regulatory era. The framework was AML-focused, fragmented across member states, and produced highly variable substance and supervisor intensity. MiCA’s CASP authorisation replaces it with unified, substantively-supervised EU regulation.
Three principles for operators thinking about the VASP-to-CASP transition:
Treat VASP and CASP as different products. They are not interchangeable terms. Marketing materials, consultant pitches, or strategy materials that conflate the two misrepresent regulatory reality. CASP is materially more demanding and materially more valuable.
Plan migration with real timeline buffer. The 1 July 2026 maximum transitional deadline is firm. CASP authorisation typically runs 6-12 months. Operators starting migration late risk operational cessation. Migration planning that started late 2024 or early 2025 has appropriate buffer; migration starting in 2026 is too late for clean transition.
Use the migration as an opportunity to build real compliance infrastructure. The substance investment, capital top-up, AML uplift, and DORA framework build that MiCA requires produce operational infrastructure with long-term value. Operators that build for compliance produce stronger operations than the pre-MiCA framework demanded.
For corrections, updates, or counsel referrals on VASP-to-CASP migration, email [email protected].
Pitfalls and nuances
1 Treating VASP and CASP as interchangeable terms
VASP and CASP are different regulatory frameworks with different scope. VASP was AML-only national registration; CASP is full multi-dimensional EU authorisation. Marketing materials or consultant pitches that use VASP and CASP interchangeably misrepresent the operational reality. CASP authorisation is materially more demanding and produces materially broader rights.
2 Underestimating the substance gap between VASP and CASP frameworks
Many pre-MiCA VASP operators had skeletal substance — corporate-services-provider addresses, non-resident senior management, minimal in-jurisdiction operational presence. MiCA CASP substance expectations are real and verifiable. The migration from VASP to CASP requires substantive substance build that catches operators that assumed continuity from light-touch VASP norms.
3 Missing the 1 July 2026 transitional deadline
MiCA Article 143 transitional regime ends 1 July 2026 maximum for VASP-register operators. Some member states have already shortened the transitional window. Operators relying on the transitional regime need to file CASP authorisation early enough for grant before the deadline — typical CASP timelines are 6-12 months, so filing late 2025 is the latest safe window.
4 Confusing VASP framework with general crypto-asset regulation
VASP framework was narrow — AML registration of specific service providers. It did not regulate crypto-asset issuance, secondary trading, or broader market activity. Operators planning issuance or market-making activity need MiCA Title III (ART), Title IV (EMT), or Title V (CASP) authorisation, not just VASP-style AML registration.
Frequently asked questions
What is a VASP licence?
VASP (Virtual Asset Service Provider) licence is the pre-MiCA EU crypto-asset registration under 5AMLD national implementations.
Is VASP licensing still available?
Not for new applicants in most EU member states. MiCA Regulation (EU) 2023/1114 transitioned the EU crypto framework from VASP registration to CASP authorisation effective 30 December 2024.
What is the difference between VASP and CASP licensing?
VASP was AML-only registration under national 5AMLD frameworks. CASP is full authorisation under MiCA covering prudential capital, conduct of business, AML, ICT operational resilience, customer asset protection, and ongoing supervisor engagement.
What happens to existing VASP-registered operators?
Under MiCA Article 143 transitional regime, existing VASP register operators can continue operations until 1 July 2026 maximum. To continue operating after the deadline, they need full MiCA CASP authorisation.
Can I still get an Estonian or Lithuanian VASP licence in 2026?
No. Estonian MTR registration and Lithuanian VASP registration are no longer accepting new applicants. The EU framework requires full MiCA CASP authorisation under Articles 59 and 63.
Get matched
Working through a crypto-licensing decision?
Get an editorial shortlist of firms matched to your business — customer market, model, jurisdiction, and stage. Free, and not influenced by sponsorship.
Get a firm shortlist →