VASP лицензия и переход на CASP для криптокомпаний ЕС
VASP → CASP: what will change for existing crypto companies in the EU in 2026
For companies already operating in the EU via VASP registration, 2026 marks a period of mandatory review. Previously, businesses often launched via a national register, AML policies, KYC procedures and a description of digital asset operations. In many countries, this was sufficient to get started.
MiCA is changing the approach. Now, the full range of a company’s services is taken into account: asset exchange, custody of client funds, transfers, trading platform operations, execution of client orders and advisory services. The transition from VASP to CASP in the EU by 2026 helps existing companies understand in advance whether they will be able to continue operating after the transitional period ends, or whether they already need a CASP licence.
How VASPs differ from CASPs under MiCA
The old VASP approach centred on AML/CFT. A company would register in a specific country and outline its procedures for customer due diligence, transaction monitoring and data retention. For an exchange, OTC service or custodial wallet provider, this was often a sufficient basis for getting started.
The CASP regime is broader. The regulator looks at corporate governance, the business reputation of senior management, the protection of client assets, internal controls, complaints, the security of IT systems, contractors and financial stability. In other words, it is no longer just about compliance with AML rules, but about the full authorisation of a crypto-asset service provider.
The differences between VASP and CASP under MiCA are clearly illustrated by the example of asset storage. Under the old approach, a company demonstrated how it verified the client and their transactions. Under CASP, it is necessary to explain where assets are stored, who has access to them, and what procedures are in place in the event of a failure, dispute or attempted unauthorised withdrawal.
Polish VASP registrations and the transition to CASP
For a long time, Poland remained a convenient jurisdiction for crypto companies. VASP licences were issued more quickly than in many EU countries, and the requirements were straightforward for exchanges, custodial services and small platforms. Consequently, a crypto licence in Poland was often seen as a quick way to start working with European clients.
Polish registration now requires a separate review. Licences in Poland obtained under the old VASP regime do not automatically confer CASP status. A company may continue to operate only under the applicable transitional regime and until such time as it is granted or refused CASP authorisation. For Polish projects, it is important to bear in mind another nuance: until CASP status is obtained, the company cannot operate fully across the EU as an authorised MiCA provider.
Please provide your contact information. One of our specialists will contact you within 30 minutes to discuss your inquiry.
Schedule a consultation!
For projects that previously used VASP in Poland as a starting point for working with European clients, a new challenge arises in 2026: preparing the company for MiCA requirements. CASP in Poland involves full authorisation, where the regulator reviews documents, the list of services, management, internal procedures and interaction with the KNF.
MiCA requirements for crypto companies: what is checked prior to CASP authorisation
The MiCA requirements for crypto companies begin with an analysis of the services provided. The regulator must be shown exactly what the company does: trading in crypto-assets, holding client funds, transfers, platform operations, order execution, token issuance or advisory services.
Then comes the more complex part. You need to describe who manages the business, which functions are outsourced to contractors, where client assets are held, how complaints are handled, who is responsible for security, and what procedures are in place in the event of an operational failure. Whereas the old VASP registration was prepared as a basic AML package, a CASP application will require the revision of almost all internal documents.
This is particularly sensitive for companies with multiple legal entities. For example, the brand is registered in one country, payments go through a different entity, the platform is operated by a separate contractor, and customers are located in different EU jurisdictions. Such a model needs to be broken down by function before submitting the application.
Who is required to obtain a CASP licence in the EU
A CASP licence is required for companies that actually provide services involving crypto-assets to clients from the EU. The following are primarily covered by MiCA:
- providers of client asset custody services;
- trading platforms;
- companies that execute transfers on behalf of clients;
- projects that execute client orders;
- token listing services;
- companies that provide advice on digital assets or manage portfolios.
Companies outside the EU deserve special consideration. If a website targets European customers, accepts users from the EU, markets in local languages, or effectively manages such accounts, the issue of CASP authorisation arises even without a physical office in the European Union.
The EU VASP CASP transition period: why deadlines depend on the country of registration and the customer base
The EU VASP CASP transition period does not apply equally to everyone. MiCA has allowed existing providers who were operating legally up to 30 December 2024 to continue their activities until 1 July 2026 or until a decision on their CASP application is made, whichever comes first. However, EU countries may have shortened this period or set their own application rules.
For a company, this means one simple thing: it is necessary to check not only the country of registration but also the countries of the clients. A Polish VASP structure, a client from Germany, marketing in French, and a payment chain via a separate legal entity can give rise to different regulatory issues. A single common date on the calendar is not enough here.
ISG Consult helps existing VASP companies determine the applicable transitional regime, assess their services against MiCA requirements, and prepare a plan for obtaining a CASP licence.
Please provide your contact information. One of our specialists will contact you within 30 minutes to discuss your inquiry.
Schedule a consultation!
What will happen if we continue to operate under the old VASP model
Once the applicable transition period ends, working with EU clients without CASP authorisation becomes a regulatory risk. The problem may arise not only in dealings with the regulator. Banks, payment partners, liquidity providers and counterparties are already requesting MiCA status or a transition plan.
For existing businesses, the main risk relates to clients. If the application is not ready on time, the company may need to restrict access to services, change its geographical scope of operations, divest some clients, or transfer them to an authorised entity. It is best to prepare such decisions in advance, as a CASP application requires time, documentation and communication with the regulator.
Q&A
How does CASP differ from VASP Poland?
In most EU countries, VASP registration has been linked to AML, KYC and the national register. CASP under MiCA requires full authorisation for crypto-asset services, including descriptions of governance, client asset protection, internal procedures and risk management.
Can a Polish VASP company continue to operate during the transition period?
In general, this is possible for providers that were operating legally prior to 30 December 2024, but the conditions must be checked on a case-by-case basis. The registration status, services, clients and CASP application are all relevant factors.
Is it necessary to change the legal structure before applying for CASP authorisation?
Sometimes, yes. If functions are distributed across several legal entities, the regulator must be presented with a clear operational model: who provides the service, who holds the assets, who accepts payments, and who is accountable to the client.
How can a company determine whether it needs CASP authorisation?
First, it is necessary to understand what services the company actually provides: exchange, asset custody, transfers, platform operations or consultancy on crypto-assets. Next, the clients’ countries and the transitional regime are assessed. ISG Consult assists in conducting such an analysis, preparing the necessary documentation and supporting the process of obtaining a CASP licence in the chosen jurisdiction.
