Regulations & Compliance
10 min read

What Is a CASP Under MiCA? Crypto-Asset Service Providers Explained

By FiatFlex Team ·

What Is a CASP Under MiCA? Crypto-Asset Service Providers Explained

If you accept crypto payments, run a wallet product, or simply follow how Europe is shaping digital-asset rules, you have almost certainly run into the acronym CASP. Under the EU's Markets in Crypto-Assets Regulation, a CASP MiCA classification is the central concept that determines who can legally offer crypto services across the European Economic Area and under what conditions. A crypto-asset service provider is, put simply, any business that provides specific crypto-related services to customers on a professional basis. This guide breaks down what the term means, which activities trigger it, how authorization works, and why the mica casp framework matters even for merchants who only touch crypto at the edges of their business. By the end, you will understand the practical contours of the regime and know which questions to ask before you build, integrate, or accept crypto.

Key Takeaways

  • • A CASP (crypto-asset service provider) is a legal or natural person whose business is providing one or more regulated crypto-asset services in the EU.
  • • MiCA defines a closed list of crypto-asset services; if your activity falls inside that list and you do it professionally, you generally need authorization.
  • • Authorization is granted by a national competent authority and, once obtained, allows passporting across all EEA member states.
  • • CASPs face ongoing duties around governance, capital, custody of client assets, complaint handling, conflicts of interest, and anti-money-laundering controls.
  • • Many merchants who simply accept crypto payments are not themselves CASPs, but they should understand the framework when choosing tools and partners.
  • • The CASP MiCA regime is being phased in, with transitional arrangements for firms already operating under earlier national rules.
  • What MiCA Is and Why CASPs Sit at Its Center

    The Markets in Crypto-Assets Regulation, usually shortened to MiCA, is the European Union's comprehensive framework for crypto-assets that are not already covered by existing financial-services law. It replaces a patchwork of national approaches with a single, harmonized rulebook across the EEA. Before MiCA, a crypto firm might be lightly registered in one country, unregulated in another, and effectively banned in a third, which made cross-border operation difficult and left consumers exposed.

    MiCA tackles this in two broad ways. First, it sets rules for the issuance of certain crypto-assets, including asset-referenced tokens and e-money tokens (the categories that capture many stablecoins). Second, it regulates the firms that provide services around crypto-assets, the crypto-asset service providers. The CASP concept is therefore the operational heart of the regulation: it decides who may offer crypto services to the public and what obligations they carry.

    The goals behind the regime

    Regulators consistently point to a handful of objectives when they explain the mica casp rules:

  • • Consumer and investor protection, so people using crypto services have clear information and recourse.
  • • Market integrity, including measures against market abuse and manipulation.
  • • Financial stability, particularly around large stablecoins that could affect payment systems.
  • • Legal certainty, giving legitimate businesses a clear path to operate across borders.
  • Understanding these goals helps you anticipate why a given obligation exists, rather than treating each rule as an arbitrary box to tick.

    Defining a Crypto-Asset Service Provider

    A crypto-asset service provider under MiCA is any legal or natural person whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis. Three elements are doing the heavy lifting in that sentence.

    The three tests that make you a CASP

  • • You provide a defined service. The activity must appear on MiCA's specific list of crypto-asset services. If it is not on the list, the CASP regime does not apply (though other laws still might).
  • • You do it for third parties. Acting purely on your own account, for your own treasury, is treated differently from offering a service to customers.
  • • You do it professionally. Occasional, non-business activity is not the same as running a service as your trade.
  • Where all three are present, you are generally looking at a CASP MiCA obligation and, with it, a requirement to be authorized before you operate. While the definition can reach natural persons in some circumstances, the authorization and governance requirements are built around firms with a registered office, management body, and internal controls, which is why most CASPs are incorporated entities.

    The Crypto-Asset Services MiCA Actually Covers

    The single most useful thing to memorize about the mica casp framework is the closed list of services. If your activity maps onto one of these, you are inside the perimeter.

    Custody and administration of crypto-assets

    Holding crypto-assets, or the means of access to them (such as private keys), on behalf of clients. This is one of the most consequential categories because it brings custody obligations, asset segregation, and liability rules.

    Operation of a trading platform

    Running a venue that brings together multiple buying and selling interests in crypto-assets in a way that results in contracts, such as an exchange or marketplace where orders are matched.

    Exchange services

    Two related activities sit here:

  • • Exchange of crypto-assets for funds (converting crypto to or from fiat currency).
  • • Exchange of crypto-assets for other crypto-assets (swapping one token for another).
  • Order handling and dealing

  • • Reception and transmission of orders for crypto-assets on behalf of clients.
  • • Execution of orders for crypto-assets on behalf of clients.
  • • Placing of crypto-assets, meaning marketing newly issued or existing assets to specific buyers.
  • • Dealing on own account, where the firm trades against client flow.
  • Advice and portfolio management

  • • Providing advice on crypto-assets, offering personalized recommendations.
  • • Portfolio management, managing crypto-asset portfolios on a discretionary, client-by-client basis.
  • Transfer and payment-adjacent services

  • • Providing transfer services for crypto-assets on behalf of clients, moving assets from one distributed-ledger address or account to another.
  • This list is deliberately specific. A business that only publishes general market commentary without personalized recommendations is not automatically a CASP, because general information is not the same as regulated advice. The precise boundaries are where most real-world questions live, and they determine whether a crypto-asset service provider authorization is required.

    How CASP Authorization Works

    Becoming an authorized CASP is a formal process overseen by a national competent authority (NCA) in the member state where the firm is established. The NCA assesses the application against MiCA's standards and, if satisfied, grants authorization recognized across the entire EEA.

    What the application typically involves

    While details vary by jurisdiction, applicants generally must demonstrate:

  • • A program of operations describing each crypto-asset service they intend to provide.
  • • Robust governance, including fit-and-proper management and clear lines of responsibility.
  • • Adequate prudential safeguards, such as minimum capital or insurance appropriate to the services offered.
  • • Sound custody and segregation arrangements where client assets are held.
  • • ICT and security policies covering operational resilience and cybersecurity.
  • • AML/CFT controls, since CASPs are obliged entities under anti-money-laundering law.
  • • Procedures for complaint handling and managing conflicts of interest.
  • Passporting across the EEA

    The payoff for authorization is passporting. Once a CASP is authorized in one member state, it can provide its services throughout the EEA by notifying the relevant authorities, without seeking a fresh license in each country. This single-market access is one of the main reasons MiCA was created, and it is a clear advantage over the pre-MiCA national patchwork.

    Transitional and grandfathering arrangements

    Because many firms were already operating under earlier national crypto registrations, MiCA includes transitional provisions. These give existing providers a window to keep operating while they apply for full authorization, with the grandfathering period set at the member-state level within limits defined by the regulation. Firms in this position should track their national deadline closely, as the runway is finite.

    Ongoing Obligations Once You Are a CASP

    Authorization is the entry ticket, not the finish line. The CASP MiCA regime imposes continuous duties designed to keep the firm safe and customers protected.

    Conduct and transparency

    CASPs must act honestly, fairly, and professionally in the best interests of their clients. That includes clear, non-misleading communications, fair pricing disclosure, and warnings about crypto-asset risks. Marketing must be identifiable as such and consistent with the information the firm provides.

    Safeguarding client assets

    Where a CASP holds client crypto-assets or funds, it must keep them segregated from its own and protect clients' ownership rights, particularly in the event of insolvency. Custody-focused CASPs carry specific liability for loss of assets attributable to incidents within their control.

    Operational resilience and security

    Firms must maintain resilient systems, secure access protocols, and continuity arrangements. The emphasis on ICT risk reflects how often crypto incidents stem from technical compromise rather than market events.

    Market abuse and AML

    CASPs operating or supporting trading must guard against market manipulation and insider dealing, with monitoring and reporting obligations. Separately, as obliged entities, they perform customer due diligence, including KYC and ongoing monitoring, and report suspicious activity under AML rules.

    What the CASP Framework Means for Merchants

    Here is the question most business owners actually care about: if I want to accept crypto payments, do I become a regulated crypto-asset service provider? In most ordinary merchant scenarios, the answer is no. A shop accepting a stablecoin for goods, or a service business taking crypto for an invoice, is using crypto as a means of payment rather than providing a regulated crypto service to third parties. The regulated activities cluster around custody, exchange, trading venues, brokerage, advice, and transfers offered as a service, not around the simple act of being paid.

    That said, the mica casp landscape still matters to merchants. When you pick a payment app like FiatFlex or another processor, the way crypto flows through the tool, who holds the keys, who performs any conversion, and where settlement happens all sit against the backdrop of MiCA. Understanding the framework helps you ask sharper questions and choose solutions that fit how you want to operate.

    A concrete merchant workflow

    Modern payment tools are designed so a merchant can take crypto without running an exchange or custody business. As an illustration, FiatFlex is a mobile payment app that lets merchants accept USDC, EURC, and SOL on the Solana blockchain through simple payment links and QR codes. The merchant keeps manual control over when to convert received crypto to euros and when to withdraw, with payouts settling to a SEPA-area bank account. The same app also supports contactless Tap to Pay over NFC for card and wallet payments on a compatible phone, so a small business can handle both card and crypto flows from one dashboard. The merchant's role there is accepting payment for their own goods and services, a very different posture from operating a regulated crypto service for others.

    Where merchant activity could edge toward CASP territory

    Pause and seek guidance if your model starts to look like a service rather than a sale. Warning signs include:

  • • Offering to hold or custody crypto for your customers beyond a transaction.
  • • Routinely exchanging crypto for customers as a standalone service.
  • • Providing investment-style advice or managing crypto on customers' behalf.
  • • Operating anything resembling a trading venue or order-matching system.
  • If your roadmap heads in any of those directions, the CASP MiCA analysis becomes directly relevant and professional legal advice is warranted.

    How MiCA Connects to the Rest of EU Rules

    MiCA does not exist in a vacuum. It leaves out crypto-assets that already qualify as financial instruments, which stay under securities law, and it interacts with anti-money-laundering directives, the transfer-of-funds rules sometimes called the travel rule, and broader EU consumer- and data-protection law. For stablecoin-style tokens, the issuance rules for asset-referenced and e-money tokens sit alongside the CASP rules, so a single product can engage several parts of the regulation at once. For a merchant, the takeaway is that the crypto-asset service provider regime is one layer in a larger compliance stack, and the tools you choose should be transparent about identity checks, data security, and settlement.

    Frequently Asked Questions

    What is the difference between a CASP and a stablecoin issuer under MiCA?

    They are regulated under different parts of MiCA. A crypto-asset service provider offers services such as custody, exchange, trading, or transfers around crypto-assets. A stablecoin issuer, by contrast, is the entity that creates and stands behind an asset-referenced token or e-money token, subject to MiCA's issuance and reserve rules. A single company could be both, but the obligations attach to the distinct roles. Knowing which hat a firm is wearing tells you which rulebook applies.

    Does every crypto business in the EU need to become a CASP?

    No. Only businesses that provide one of MiCA's specifically listed crypto-asset services to third parties on a professional basis fall inside the CASP MiCA perimeter. Activities outside that closed list, or genuinely non-professional and occasional activity, are not captured by the CASP authorization requirement, although other laws such as AML rules may still apply. The list-based approach is what lets you reason about whether your activity is in scope.

    How does CASP passporting actually work across Europe?

    Once a firm is authorized as a CASP by a national competent authority in its home member state, it can extend its services across the rest of the EEA through a notification process rather than a fresh full application in each country. The home and host authorities coordinate, and the firm can then serve customers in multiple markets under a single authorization. This single-market access is a headline benefit of the mica casp framework compared with the earlier country-by-country approach.

    Are merchants who simply accept crypto considered CASPs?

    Generally not. A merchant accepting crypto as payment for its own goods or services is using crypto as a means of settlement, which differs from providing a regulated crypto-asset service to others. The regulated services revolve around custody, exchange, trading venues, brokerage, advice, portfolio management, and transfers offered as a business. Merchants should still understand the framework so they can choose payment tools wisely and recognize if their model ever starts to resemble a regulated service.