Published on 28 March 2026 · By Alexandre VINAL · 19 min read

Do Crypto Fund Managers Need a MiCA CASP License?

Since 30 December 2024, the Markets in Crypto-Assets Regulation (MiCA) has been fully in force across all 27 EU member states, including its rules on Crypto-Asset Service Providers (CASPs). If your firm manages client portfolios of crypto-assets — or provides execution, custody, or advisory services on digital assets — the compliance question isn't hypothetical anymore. The answer turns on which regulatory authorization your firm already holds, and how honestly you can characterize your actual activities.

The European Parliament building in Strasbourg, France — where the MiCA regulation was adopted in April 2023, reshaping crypto licensing across the EU.

Key takeaways

  • MiCA's CASP provisions have applied since 30 December 2024, with a maximum 18-month grandfathering period ending 1 July 2026 (ESMA, 2024).
  • Fully authorized AIFMs don't need a separate CASP license — Article 60 lets them add crypto portfolio management via a 40-working-day notification.
  • Sub-threshold (registered) AIFMs are explicitly excluded from Article 60 and must either upgrade to full AIFMD authorization or obtain a standalone CASP license.
  • Crypto fund managers without any EU financial license must apply for full CASP authorization, including capital requirements starting at €125,000 for portfolio management.
  • Estonia's legacy VASP licenses all expire 1 July 2026 — no automatic conversion to MiCA status.

What Is a CASP Under MiCA, and Does Portfolio Management Qualify?

MiCA's Article 3(1)(15) defines a CASP as any legal person providing one or more of nine specific crypto-asset services on a professional basis (EUR-Lex, MiCA Regulation 2023/1114). Service number nine on that list is discretionary portfolio management of crypto-assets on behalf of clients — making it an explicit and unambiguous regulatory trigger for asset managers with digital assets mandates.

The full list covers: custody and administration, operating a trading platform, exchanging for fiat, exchanging for other crypto, executing client orders, placing crypto-assets, receiving and transmitting orders, providing advice, and portfolio management. If your firm provides any of these professionally, it falls within MiCA's scope — regardless of whether you consider yourself a "crypto firm" or a traditional manager with a digital assets allocation.

Providing CASP services without authorization carries penalties of up to €5 million or 3% of annual turnover, whichever is higher. The regulation doesn't carve out established asset managers from these consequences.

Our analysis. The nine-service list in Article 3(1)(15) mirrors MiFID II's investment service categories almost exactly — portfolio management, investment advice, execution, order reception — but applied to crypto-assets. This structural parallelism was deliberate. Article 60 reflects a policy choice to avoid double-licensing the same conduct when it's already supervised under existing EU law. Fund managers who understand MiFID II will recognize the architecture immediately.

That said, MiCA built in a critical carve-out for entities already subject to EU financial regulation — which is where the real differentiation starts.

Related reading: MiCA, CASP categories, and fund compliance

Do Authorized AIFMs Need a Separate CASP License?

No — and this is MiCA's most operationally significant carve-out for fund managers. Fully authorized AIFMs under the Alternative Investment Fund Managers Directive can provide crypto-asset portfolio management and related services to clients without obtaining a separate CASP authorization (DLA Piper, 2025; Dechert, 2025). They use a notification pathway under MiCA Article 60 instead.

Article 60 lists seven categories of already-regulated entities that can provide crypto services via notification rather than full CASP authorization: credit institutions, central securities depositories (CSDs), MiFID II investment firms, e-money institutions (EMIs), UCITS management companies, authorized AIFMs, and regulated market operators (MiCA Article 60). The underlying logic is regulatory proportionality — these entities are already subject to ongoing capital adequacy, conduct-of-business, and governance supervision. Duplicating that oversight for crypto activities would create compliance cost without adding supervisory coverage.

For an authorized AIFM, this means you can expand into crypto portfolio management for clients, or add crypto custody or execution services, without going through a full CASP authorization. What you can't do is ignore the procedural requirements that Article 60 imposes.

According to MiCA's Article 60 mechanism, an authorized AIFM that notifies its home-state regulator correctly and faces no objection within 40 working days is treated as deemed authorized to provide the notified crypto services — a framework borrowed directly from passporting mechanics under MiFID II (Apex Group, 2025).

Related reading: AIFMD authorization and the crypto AIFM role

What Does the Article 60 Notification Require in Practice?

The 40-working-day notification window starts from receipt of a complete file — not the date you send it. Regulators across multiple member states have been returning incomplete submissions rather than starting the clock, which means preparation quality directly determines go-live timing. Here's what the notification file must include:

  1. Service description — which of the nine MiCA crypto-asset services the firm intends to provide
  2. Three-year operational program — a forward-looking plan for the crypto service activities, including revenue projections and staffing
  3. AML/CFT framework — the firm's anti-money laundering and counter-terrorist financing procedures as applied specifically to crypto activities
  4. ICT architecture description — covering the technology systems supporting crypto services, including wallet infrastructure and key management
  5. Asset segregation policies — how client crypto-assets are separated from firm assets
  6. Market abuse detection procedures — surveillance systems for crypto market manipulation, insider trading, and wash trading

Practitioner note. The completeness requirement has proven to be a real friction point. Regulators in several member states have indicated that crypto-specific AML documentation is frequently the weakest element — firms often adapt their existing AML policy without adequately addressing the pseudonymity and blockchain-specific risks that MiCA supervisors are looking for.

Once the notification period passes without regulatory objection, the firm is deemed authorized to provide the notified crypto services under its existing regulated status. New crypto service categories added later require a fresh notification — the original filing doesn't expand to cover additional services automatically.

Related reading: Compliance guide for fund managers

What If You're a Registered AIFM or Operating Without an AIFMD License?

This is where the regulatory path diverges sharply, and many crypto-native fund managers find themselves in a harder position. Article 60 is available only to fully authorized AIFMs — not to registered (sub-threshold) managers who operate below AIFMD's authorization thresholds (Apex Group, 2025). MiCA Article 60(5) makes this exclusion explicit.

For sub-threshold registered AIFMs, two paths forward exist:

Path 1 — Upgrade to full AIFMD authorization, then notify. This is the cleaner long-term structure for firms that expect to grow above AIFMD thresholds anyway. Full AIFMD authorization opens access to the Article 60 shortcut, EU passporting rights for the underlying fund, and regulatory recognition across member states. The downside is time — AIFMD authorization processes take six to twelve months in most jurisdictions.

Path 2 — Apply directly for a standalone MiCA CASP license. This route requires meeting the applicable minimum own funds requirements (see capital table below), appointing at least two fit-and-proper directors, establishing a registered office and genuine operational presence in an EU member state, and building out the full compliance infrastructure MiCA requires for CASPs.

Crypto fund managers who operate entirely outside any EU financial regulation perimeter — no AIFMD authorization, no MiFID II license — have no shortcut at all. A full CASP authorization is the only route to providing portfolio management or related services to EU clients legally.

MiCA CASP Minimum Capital Requirements by Service Type MiCA CASP Minimum Capital Requirements (Article 67) Source: MiCA Regulation 2023/1114 / KPMG, 2025 Minimum Own Funds €175k €125k €75k €25k €50,000 Advisory Only €125,000 Custody / Exchange €150,000 Trading Platform Note: Actual requirement is the higher of the above or 25% of prior-year fixed overheads
Source: MiCA Regulation 2023/1114, Article 67 / KPMG Cyprus, 2025

Related reading: EU crypto licensing and compliance steps

Estonia: From Crypto Licensing Pioneer to MiCA Compliance Deadline

Estonia's regulatory story is the most instructive case study in EU crypto licensing reform. The country issued its first Virtual Asset Service Provider (VASP) licenses in 2017, well before most jurisdictions had any crypto-specific framework, and by 2019 had issued 1,234 licenses in a single year — making it by far the most permissive licensing regime in Europe (Euronews, 2022). Total licenses issued since 2017 approached 4,000.

The model attracted firms from across the globe seeking an EU-recognized crypto license with minimal substance requirements. By 2021, approximately 650 licenses were active at the peak. But the permissiveness that made Estonia attractive also drew scrutiny over AML/CFT standards — scrutiny that escalated into reform.

In March 2022, Estonia amended its Anti-Money Laundering Act to introduce genuine substance requirements: a €250,000 minimum capital threshold, a ban on anonymous accounts, and a requirement for real operational presence in Estonia rather than letterbox structures. The impact was swift. The Financial Intelligence Unit (FIU) revoked approximately 190 licenses and around 200 more were voluntarily surrendered. By May 2023, only 100 active licenses remained — an 85% reduction from the 2021 peak (FIU Estonia, 2023).

Insight. Estonia's 2022 collapse previews exactly what MiCA's substance requirements will do at EU level. Exchanges that registered in a jurisdiction without genuinely operating there — the "letterbox CASP" model — find no safe harbor under MiCA's rules. The pattern is repeating: low-substance registrations are being replaced by higher-cost authorizations that require real presence, real capital, and real compliance infrastructure.

Estonia VASP Active License Collapse (2021–2023) Estonia: Active VASP Licenses — Peak to Collapse Source: FIU Estonia / Euronews, 2022–2023 700 500 300 100 0 ~650 ~260 100 2021 Peak Late 2022 May 2023 March 2022: AML Act €250k capital + substance req. ~260 estimated after 190 revocations + 200 voluntary surrenders from 650 peak Total licenses ever issued (2017–2022): ~4,000 | Active licenses May 2023: 100 (official FIU figure)
Source: FIU Estonia, 2023; Euronews, 2022. The ~260 figure for late 2022 is an estimate derived from 650 peak minus approximately 190 revocations and 200 voluntary surrenders per FIU data.

The current transition matters directly for any crypto fund manager holding a legacy Estonian VASP license. Those licenses expire on 1 July 2026 with no automatic conversion to MiCA CASP status (Hacken, 2025; Scorechain, 2025). Firms must reapply to Estonia's Financial Supervision Authority (FSA), which replaced the FIU as the sole crypto licensing authority. The FSA now applies full MiCA criteria — not the legacy FIU standards that made Estonia attractive in the first place.

Related reading: Regulated crypto fund management in Estonia

When Does the Grandfathering Period End, and Can You Still Passport?

Under MiCA Article 143(3), firms operating legally under national law before 30 December 2024 may continue during a national transition period of up to 18 months — ending no later than 1 July 2026 (ESMA, 2024). But several member states chose significantly shorter windows, meaning the transition has already closed in several key jurisdictions.

Transition Length Member States Effective Deadline
5–6 months (already expired) Netherlands, Finland, Latvia, Lithuania, Hungary, Poland, Slovenia ~June 2025
12 months (expired or imminent) Germany, Ireland, Greece, Spain, Liechtenstein ~December 2025
18 months (full period) Belgium, Bulgaria, Czech Republic, and most remaining states 1 July 2026

Source: ESMA official grandfathering period list, December 2024

Grandfathered status carries one critical operational limitation: firms operating under national grandfathering provisions are not MiCA-authorized CASPs and cannot use EU passporting rights during the transition period (Skadden, 2025). A fund manager in Germany or the Netherlands that relied on cross-border services under its national registration needed to be inside the MiCA authorization process by mid-2025 at the latest. Those grandfathering windows have closed.

For fund managers in jurisdictions that chose the full 18-month window, the 1 July 2026 deadline is now less than four months away as of this writing. CASP application processing times in most member states range from three to nine months depending on application completeness and regulatory queue length. The practical filing window is already narrow.

Related reading: Regulatory timelines and fund compliance

How Many CASPs Are Actually Authorized in the EU?

By July 2025 — seven months after the CASP framework went live — over 40 CASPs had received MiCA authorization across the EU, according to data from TRM Labs and Skadden (TRM Labs, 2025; Skadden, 2025). Before MiCA, researchers estimated 1,100–1,300 genuinely operational crypto service providers existed across the EU — against a background of 3,000+ registrations issued under fragmented national regimes that imposed minimal requirements. The gap between 40 authorizations and 1,100 operational firms shows the scale of what's still in motion.

MiCA CASP Authorizations by EU Member State (July 2025) MiCA CASP Authorizations by EU Member State As of July 2025 — Source: ESMA / TRM Labs / Skadden Germany 18 Netherlands 14 France 6 Malta 6 Spain 3 Luxembourg 3 Austria 2 Ireland 2 Others* 3 6 12 18 0 Number of CASP authorizations | *Others: Cyprus 1, Lithuania 1, Finland 1
Source: ESMA CASP register / TRM Labs (April 2025) / Skadden (July 2025)

The authorization concentration tells its own story. Germany and the Netherlands account for the majority of licenses issued, reflecting both those regulators' pre-existing crypto supervision experience and the volume of firms that applied early. Luxembourg and Ireland — traditional EU fund domiciles — are processing applications actively but at slower pace, which reflects queue depth rather than regulatory hostility.

For fund managers evaluating jurisdiction strategy, Germany's BaFin and the Netherlands' AFM have demonstrated they can process CASP applications at meaningful scale. Malta, which handled early crypto licensing under the Virtual Financial Assets framework, is also showing volume. The data suggests that choosing a jurisdiction with demonstrated processing capacity reduces approval risk.

Related reading: Launching a fund and choosing a jurisdiction

Frequently Asked Questions

Does an AIFM managing a crypto-only fund need a MiCA CASP license?

Not if it holds full AIFMD authorization. A fully authorized AIFM can manage a crypto-only fund and provide crypto portfolio management to clients using MiCA's Article 60 notification pathway — 40 working days' advance notice to its home regulator, with deemed authorization on expiry of the window (MiCA Article 60, 2024). Sub-threshold registered AIFMs are explicitly excluded from this pathway under Article 60(5).

Can a grandfathered firm passport its crypto services across the EU?

No. Firms operating under national grandfathering provisions during the MiCA transition period are not considered MiCA-authorized CASPs and cannot exercise EU passporting rights (Skadden, 2025). Cross-border crypto service provision to clients in other member states requires a full MiCA CASP authorization obtained in a home member state.

Is Estonia still a viable jurisdiction for crypto fund managers post-MiCA?

Estonia remains a credible option, but it's no longer a low-cost shortcut. All legacy FIU-issued VASP licenses expire 1 July 2026, and the FSA now applies full MiCA standards — not the legacy FIU criteria (Copla, 2025). Firms choosing Estonia today get an FSA with growing MiCA implementation experience and an established crypto regulatory culture, but no regulatory advantage over other EU jurisdictions that have moved aggressively on MiCA authorization.

What's the minimum capital requirement for a CASP providing portfolio management?

Portfolio management falls under the €125,000 minimum own funds tier under MiCA Article 67 (EUR-Lex MiCA, 2024). That figure represents the floor — the actual requirement is the higher of €125,000 or 25% of the firm's prior-year fixed overheads. Firms providing only advisory services face the lower €50,000 threshold; firms operating a trading platform face €150,000.

Can a UCITS management company also use Article 60 for crypto services?

Yes. UCITS management companies authorized under Directive 2009/65/EC are listed explicitly in MiCA Article 60 alongside AIFMs and MiFID II investment firms (MiCA Article 60, 2024). They follow the same 40-working-day notification procedure and are subject to the same deemed-authorization mechanism. The same filing requirements apply: service description, operational program, AML/CFT documentation, ICT architecture, asset segregation policy, and market abuse detection procedures.

Conclusion

Most crypto fund managers operating in the EU face one of three situations under MiCA. Fully authorized AIFMs have the cleanest path: notify your home regulator 40 working days before your first crypto service, file the required documentation, and proceed without a standalone CASP license. Sub-threshold AIFMs and managers without any EU license face a real choice — upgrade to full AIFMD authorization and then notify, or apply directly for a CASP license under MiCA's standard procedure. And anyone still operating under a legacy national registration, including Estonia's old FIU-issued VASP framework, is working against a hard 1 July 2026 deadline that's now months away.

What the data makes clear is that MiCA authorization isn't theoretical. Over 40 CASPs have cleared the full process already. The firms that acted early are now positioned to operate across the entire EU market under a single passported license. That's the right that grandfathered operators don't have today — and won't gain until they complete the process.

Related reading: Crypto fund compliance and authorization roadmap

This article reflects the regulatory framework as of March 2026. MiCA implementation guidance from ESMA continues to evolve; consult legal counsel for advice specific to your firm's structure and jurisdiction.

Disclaimer: This article is provided for informational purposes only and does not constitute investment advice, a solicitation, or an offer to invest. Investing in crypto-asset funds involves significant risk, including the possible loss of all capital invested. Past performance does not guarantee future results. SparkCore Investment OÜ is registered as a small alternative investment fund manager with the Estonian Financial Supervision Authority (Finantsinspektsioon). This content is intended for professional and qualified investors only. Readers should seek independent legal, tax and financial advice before making any investment decision.

← Back to all articles