Home Glossary

CASP (Crypto-Asset Service Provider)

Most popular terms Medium Security

A CASP, or Crypto-Asset Service Provider, is any business authorized under the EU’s Markets in Crypto-Assets Regulation (MiCA) to offer cryptocurrency-related services to clients within the European Union.

CASP stands for Crypto-Asset Service Provider. It is the legal category created by the EU’s MiCA regulation to describe any company that provides crypto-related services to clients on a professional basis within the European Union.

Before MiCA, crypto businesses in Europe operated under a patchwork of national rules. A company registered in one country often had no automatic right to serve customers in another. CASP authorization changes that. A business that receives a CASP licence from a regulator in any EU member state can passport that authorization across all 27 countries.

The term itself matters because it creates a defined legal identity for crypto businesses in the same way that terms like “credit institution” or “investment firm” define traditional finance companies. Regulators, courts, and users all operate with the same shared understanding of what a CASP is and what it must do.

For anyone looking to buy crypto in Europe, CASP authorization is among the clearest indicators that a platform operates within the EU’s regulatory framework.

What Services Does a CASP Provide?

MiCA defines a specific list of services that fall under the CASP category. A business qualifies as a CASP if it provides any of the following on a professional basis.

  • Custody and administration of crypto-assets covers platforms that hold cryptocurrency on behalf of clients, including exchange wallets and standalone custody services.
  • Operation of a trading platform applies to any marketplace where buyers and sellers can exchange crypto-assets, including spot exchanges and order-book platforms.
  • Exchange of crypto-assets for fiat currency covers the core activity of most retail exchanges, converting between euros, dollars, or other fiat currencies and cryptocurrencies.
  • Exchange of crypto-assets for other crypto-assets captures crypto-to-crypto trading services.
  • Execution of orders refers to platforms that execute buy and sell instructions on behalf of clients rather than providing a direct marketplace.
  • Placing of crypto-assets covers businesses involved in distributing new crypto-asset offerings to investors.
  • Reception and transmission of orders applies to intermediaries that receive client orders and pass them to another platform for execution.
  • Providing advice on crypto-assets includes any professional service offering personal recommendations on buying, selling, or holding specific cryptocurrencies.
  • Portfolio management covers discretionary management of client crypto holdings on their behalf.

Most retail exchanges, including those where users buy Bitcoin or buy Ethereum, fall under at least the exchange and custody categories.

How Does MiCA Define a CASP?

MiCA sets out its definition of a CASP in Article 3, establishing that the term applies to any legal person or undertaking whose occupation or business is the professional provision of one or more crypto-asset services to clients.

Three elements of that definition are worth unpacking.

  • Legal person or undertaking. Individuals cannot be CASPs. The regulation applies to companies, not solo operators. This is consistent with how financial services regulation works across the EU.
  • Occupation or business. Providing a crypto service occasionally or incidentally does not trigger CASP obligations. The threshold is professional, ongoing provision. A company that processes a single crypto transaction as part of a broader commercial arrangement is treated differently from one whose core business is crypto services.
  • Clients. CASP status is triggered by serving external clients. A company managing its own crypto treasury internally is not a CASP. The moment it starts providing services to third parties, the rules apply.

MiCA also distinguishes CASPs from issuers of crypto-assets. A company launching a new token operates under a different set of MiCA rules covering white papers and disclosure obligations. CASP rules specifically govern the service layer, meaning the businesses that help users access, trade, and store existing crypto-assets.

What Are the Obligations of a Licensed CASP?

Receiving a CASP licence is not the end of the process. It comes with a sustained set of operational requirements that define how the business must run.

  • Authorisation from a National Competent Authority (NCA). A CASP must apply to a regulator in an EU member state and receive formal authorization before operating. The regulator reviews governance, financial resources, IT systems, and compliance programs before approving.
  • Capital requirements. CASPs must hold minimum own funds, which vary by service type. This ensures platforms have a financial buffer rather than operating on paper-thin margins where any disruption threatens user funds.
  • Safeguarding of client assets. Client crypto-assets and funds must be kept separate from the company’s own assets. This is one of the most important protections for users, as it means client holdings cannot be used to cover company liabilities.
  • Conflict of interest management. CASPs must identify, disclose, and manage conflicts of interest. A platform that also trades on its own account, for example, must have clear policies preventing it from disadvantaging clients.
  • Complaint handling. All CASPs must have formal procedures for receiving and resolving client complaints within defined timeframes.
  • Transparency and disclosure. Clients must receive clear information about fees, risks, and the nature of the services provided before they commit to using the platform.
  • Ongoing reporting. Licensed CASPs submit regular reports to their NCA and must notify regulators of significant operational changes.

These obligations make the CASP framework one of the most comprehensive crypto regulatory regimes in the world. Understanding how cryptocurrency works at a technical level and how platforms are regulated at an institutional level are two sides of the same picture for informed users.

How Is a CASP Different from a VASP?

VASP (Virtual Asset Service Provider) is the equivalent term used by the Financial Action Task Force (FATF), the global standard-setter for anti-money laundering rules. Many countries adopted the VASP terminology before MiCA existed.

The differences between the two frameworks reflect their different origins.

VASP is a FATF concept focused primarily on AML and counter-terrorism financing controls. Countries that adopted it, including the UK and many non-EU jurisdictions, used it as the basis for registration requirements. The emphasis is on monitoring and reporting suspicious activity. It says relatively little about how platforms must treat clients commercially or how they must structure their operations.

CASP is a MiCA concept that goes significantly further. It covers AML compliance but adds requirements on capital, client asset safeguarding, governance, conduct of business, and market integrity. Where VASP registration is primarily about financial crime risk, CASP authorization is about comprehensive financial services regulation.

In practical terms, a business registered as a VASP in a non-EU country meets a lower bar than a CASP-authorized business. Both frameworks exist because different regulators built different systems, but MiCA’s CASP framework currently represents the most detailed crypto regulatory standard applied at scale.

Which Businesses Need CASP Authorization?

Any business providing crypto-asset services professionally to clients in the EU needs CASP authorization, regardless of where it is based.

The location of the company matters less than the location of the clients. A platform headquartered outside the EU that actively markets to or serves EU residents is subject to MiCA and must obtain CASP authorization to do so legally. This extraterritorial reach is similar to how GDPR applies to non-EU businesses that process EU resident data.

Businesses that were already registered under pre-MiCA national regimes in EU member states had a transition period to convert their existing authorization to full CASP status. Many national frameworks, such as Germany’s BaFin crypto custody licence or France’s PSAN registration, ran in parallel with MiCA during this period.

The list of businesses that need CASP authorization is broad. Retail exchanges, OTC desks, crypto payment processors, custody providers, and portfolio managers all fall within scope. Decentralized platforms are more complex. MiCA includes carve-outs for fully decentralized services with no identifiable service provider, but most platforms that present a user interface and earn fees from clients are treated as CASPs regardless of their technical architecture.

Users can buy Bitcoin and buy Ethereum through CASP-authorized platforms knowing the platform has passed the EU’s authorization process and operates under its ongoing supervision.

Does Paybis Hold a CASP Licence?

Paybis holds the MiCA CASP licence issued in Latvia, placing it among the crypto platforms fully authorized under the EU’s unified regulatory framework.

The MiCA CASP licence and the Payment Institution (PI) licence under PSD2 were granted on the same day by the Bank of Latvia in May 2026, by the same national authority that supervises traditional financial institutions. The CASP licence covers crypto-asset services across all 27 EU member states and the broader EEA through MiCA passporting. Client crypto funds are held separately from Paybis’s own assets.

These sit alongside Paybis’s other regulatory authorizations:

  • FinCEN registration in the US (#31000272911973)
  • FINTRAC registration in Canada (#C100000816)
  • VASP registration in Poland (#RDWW-805)
  • FCA authorization in the UK

Paybis has operated since 2014 and serves 6.9 million+ users across 190+ countries. Users can buy Bitcoin and buy Ethereum through a platform operating under the EU’s highest-tier crypto authorization. For a deeper look at what MiCA means in practice, the Paybis MiCA coverage covers the regulation in detail.

Key Takeaway

CASP is the EU’s legal definition for any business providing crypto-asset services professionally under MiCA authorization. It represents a significant step beyond earlier registration frameworks, combining AML compliance with capital requirements, client asset safeguarding, conduct standards, and ongoing regulatory oversight. For users, CASP authorization is a meaningful indicator that a platform has passed scrutiny from a European financial regulator and operates under enforceable rules designed to protect them.

FAQ

What does CASP stand for?

CASP stands for Crypto-Asset Service Provider. The term was introduced by the EU’s Markets in Crypto-Assets Regulation (MiCA) as the official legal category for businesses offering cryptocurrency services within the European Union. It replaced a range of inconsistent national terms that different EU member states had used previously, creating a single definition that applies uniformly across all 27 countries. The equivalent term used outside the EU, particularly in FATF guidance and non-EU regulation, is VASP (Virtual Asset Service Provider), though the two frameworks carry different levels of regulatory detail.

Is every crypto exchange a CASP?

Not automatically. A crypto exchange serving EU clients must obtain CASP authorization to operate legally under MiCA, but not every exchange has done so. Exchanges based outside the EU that do not actively market to or onboard EU clients may not require CASP authorization. An exchange becomes a CASP when it meets the legal definition: a business professionally providing one or more crypto-asset services to clients. Having the word “exchange” in a name does not confer CASP status; the formal authorization from a National Competent Authority does.

Can a CASP operate across the whole EU?

Yes, through passporting. Once a CASP receives authorization from a regulator in one EU member state, it can provide its licensed services across all 27 member states without needing to apply separately in each country. This is one of the central advantages of MiCA over the previous patchwork of national rules, where a business licensed in France could not automatically operate in Germany or Italy. The passporting mechanism makes the EU a single market for crypto-asset services in the same way it functions for banking and investment services.

How long does CASP authorization take?

The MiCA regulation sets a maximum review period of 25 working days from receipt of a complete application, after which the National Competent Authority must issue a decision. In practice, the timeline depends heavily on the completeness of the application and the workload of the regulator. Applications with missing documentation or complex structures can extend significantly beyond the statutory period. Businesses with strong compliance infrastructure and experienced regulatory teams tend to move through the process faster than those applying for the first time.

What happens if a CASP loses its licence?

If a CASP has its authorization withdrawn, it must cease providing crypto-asset services to EU clients. The regulator will typically impose a wind-down period to allow the business to return client assets and close positions in an orderly manner. Clients of a de-authorized CASP retain their legal rights to the assets held on the platform. The National Competent Authority publishes changes to authorization status on the public register, so users can verify the current standing of any CASP before using its services.

Disclaimer: Don’t invest unless you’re prepared to lose all the money you invest. This is a high‑risk investment and you should not expect to be protected if something goes wrong. Take 2 mins to learn more at: https://go.payb.is/FCA-Info