What MiCA Means If You Run a Business That Accepts Crypto from European Customers
- MiCA is the EU’s single crypto regulation, in full effect since December 2024. It replaced 27 separate national regimes with one framework
- Any business offering crypto-asset services to EU clients after July 1, 2026 needs full CASP authorisation, not just a legacy VASP registration
- If you accept crypto payments from EU customers through an unlicensed provider, your counterparty risk just changed
- The Travel Rule now applies to all crypto transfers above €1,000 between CASPs in the EU. Sender and recipient data has to travel with the payment
- Paybis holds MiCA CASP authorisation and a PSD2 Payment Institution licence, both issued by the Bank of Latvia in May 2026, covering all 27 EU member states
- Businesses that do not want to hold their own licence can integrate a licensed on-ramp and keep crypto acceptance running under a compliant provider’s framework
Most MiCA coverage is written for exchanges. If you run a business that accepts crypto from European customers, the regulation still applies to you, just from a different angle.
You are probably not a CASP. But the platforms you use to process crypto payments are, or they should be, after July 2026. Which ones hold genuine authorisation, what breaks when they do not, and what MiCA compliance actually requires from your side of the transaction- these are the questions this article covers.
Table of contents
- What is MiCA and who does it apply to?
- Does MiCA apply to your business directly?
- What changed on July 1, 2026?
- What is the Travel Rule and how does it affect your payments?
- What does your crypto acceptance provider actually need to hold?
- What about DAC8 and tax reporting?
- What are the practical options for a business that is not a CASP?
- What should you ask your current crypto acceptance provider?
- How does Paybis handle this for business partners?
- Bottom Line
- About Paybis
What is MiCA and who does it apply to?
MiCA is the EU’s Markets in Crypto-Assets Regulation. It replaced the patchwork of national crypto regimes across Europe with a single rulebook, applied uniformly across all 27 member states. A platform authorised in one country can passport that authorisation across the whole EU.
For businesses accepting crypto, the part of MiCA that matters most is the CASP framework. A Crypto-Asset Service Provider is any business that offers custody, exchange, transfer, or payment services involving crypto-assets on a commercial basis. Under MiCA, those businesses need a CASP licence to operate in the EU. A legacy VASP registration, which is an AML notification rather than a financial services authorisation, does not qualify. The VASP vs CASP guide covers that distinction in full.
Does MiCA apply to your business directly?
It depends on what you do. If your business accepts crypto as payment for goods or services but does not itself offer crypto-asset services, you are generally outside the CASP framework. Your customers send you crypto, you receive it. That is a payment, not a regulated service.
Where it gets complicated is the infrastructure you use to do that. The wallet provider, the exchange you convert through, the settlement provider who converts crypto to fiat and sends it to your bank account: those businesses are CASPs. After July 2026, if they are not authorised, they cannot legally operate in the EU. And if they cannot operate legally, your ability to accept crypto from EU customers runs through an unregulated chain.
That is where MiCA lands on your operations, even if you are not a CASP yourself.
What changed on July 1, 2026?
The MiCA transition period closed. Before that date, platforms that were already operating under legacy national VASP registrations were permitted to continue while their CASP applications were processed. That window is now shut across most EU member states.
A platform still running on a legacy registration after that date cannot legally serve EU clients. In practice, that can mean frozen withdrawals, restricted services, or a provider quietly restricting EU customer access while it works through a compliance backlog. For a business relying on that provider to process crypto acceptance, the interruption is operational, not theoretical.
The full picture of what CASP authorisation covers is in the Europe crypto regulation guide.
What is the Travel Rule and how does it affect your payments?
The Travel Rule is the requirement that has the most direct impact on day-to-day crypto transactions. Under the EU’s Transfer of Funds Regulation, which operates alongside MiCA, every crypto transfer above €1,000 between CASPs must carry originator and beneficiary data. The sender’s name, account details, and address have to travel with the payment.
For self-hosted wallets, the threshold for additional verification is also €1,000. If a customer sends you crypto from a wallet they control themselves rather than from an exchange, a CASP-licensed provider on your side has to verify that the customer actually controls that wallet above that threshold.
This changes something practical for B2B crypto acceptance. If your settlement provider is not CASP-authorised, it is not part of the Travel Rule network. That means transfers between your provider and licensed counterparties carry compliance gaps that Travel Rule-compliant CASPs cannot legally ignore. Some will reject transfers from non-compliant sources outright.
What does your crypto acceptance provider actually need to hold?
Two things, depending on how the settlement works.
If your provider handles the crypto leg only, a CASP licence covers it. That covers receiving, converting, and transferring crypto-assets.
If your provider also holds your fiat float while it converts and settles to your bank account, that is a payment service under PSD2, and it needs a Payment Institution licence on top of the CASP authorisation. A business operating that settlement flow without a PI licence is sourcing the fiat leg from a partner bank or EMI. That adds a counterparty you never chose into every payment you receive.
The PI licence article explains the fiat leg in detail and what breaks when it is rented rather than licensed in-house.
What about DAC8 and tax reporting?
DAC8 is the EU tax reporting directive that came into effect in 2026. Licensed crypto platforms are now required to collect and report user transaction data to national tax authorities, who share it across member states.
For businesses accepting crypto from EU customers, this means the platform processing your settlements is collecting and reporting that data. If you are using an unlicensed provider, it is outside the DAC8 reporting framework. That may look convenient in the short term. Regulators are increasingly treating gaps in DAC8 coverage as a signal for additional scrutiny rather than a clean absence of liability.
What are the practical options for a business that is not a CASP?
There are two routes.
The first is to obtain CASP authorisation. This is the right path if crypto acceptance is core to your product and you are processing volume that justifies the compliance infrastructure. The guide to getting a crypto licence in Europe covers what the process involves. It is not fast, and it is not cheap, but it gives you direct control over the full chain.
The second is to integrate through a licensed provider. This is the path most businesses take. You integrate a CASP-authorised on-ramp or settlement provider, and your crypto acceptance runs under their regulatory framework. KYC, AML monitoring, Travel Rule compliance, and the CASP obligations all sit with the provider. Your business benefits from that coverage without building the infrastructure independently.
For this to work, the provider you choose has to actually hold the authorisation. Not a legacy registration. Not a transitional arrangement. A current CASP licence, checkable on ESMA’s public register.
What should you ask your current crypto acceptance provider?
Three questions get to the point quickly.
- Does the provider hold a current CASP licence? Ask for the legal entity name and the licence reference number. Both are checkable on ESMA’s register or the national regulator’s own list. A provider that cannot give you a reference number quickly does not hold one.
- Is the fiat settlement leg licensed in-house? If your provider converts crypto to fiat and sends it to your bank account, ask whether they hold a Payment Institution licence for that leg. If the answer involves a partner bank or third-party EMI, you have a counterparty in the chain you have not vetted.
- How does the provider handle Travel Rule compliance? A CASP-authorised provider runs Travel Rule checks on every eligible transfer. If the answer is vague, the infrastructure probably is not there.
How does Paybis handle this for business partners?
Paybis holds MiCA CASP authorisation and a PSD2 Payment Institution licence, both issued by the Bank of Latvia in May 2026. The CASP licence passports across all 27 EU member states. The PI licence covers the fiat settlement leg. Both sit under one roof.
For businesses integrating crypto acceptance, the Paybis on-ramp handles the full chain under that licensing base. KYC, AML monitoring, and Travel Rule compliance are handled on the Paybis side. For higher-volume institutional operations, the Corporate On/Off Ramp adds KYB for business clients and supports transactions up to $5 million per transaction across 140+ countries, SEPA and SWIFT rails, and 25 fiat currencies.
For businesses running outbound payments alongside crypto acceptance, Paybis Send handles mass crypto payouts with named IBANs and API or dashboard execution, under the same licensed framework.
Bottom Line
MiCA goes beyond regulating crypto exchanges. It regulates the infrastructure that businesses use to accept crypto from European customers. After July 2026, that infrastructure either holds CASP authorisation or it does not operate legally in the EU.
The check is straightforward. Ask your provider for a licence reference and look it up. If the authorisation is there, your crypto acceptance chain has a licensed entity behind it. If it is not, the counterparty risk that comes with an unlicensed provider falls on you.
About Paybis
Paybis is a licensed cryptocurrency exchange and payment infrastructure provider, operating since 2014. It holds MiCA CASP authorisation, reference 27-55/2026/6, and a PSD2 Payment Institution licence, reference 27-55/2026/7, both issued by the Bank of Latvia. Alongside EU authorisation, Paybis holds FinCEN registration in the US, FINTRAC registration in Canada, VASP registration in Poland, and FCA authorisation in the UK.
The platform serves 7 million users across 180+ countries, supports 90+ cryptocurrencies through 22 payment methods, and processes close to $6 billion in annual trading volume. For businesses, Paybis provides on-ramp and off-ramp integration, mass payout infrastructure, and corporate exchange services with dedicated B2B support.
FAQ
Does my business need a CASP licence to accept crypto from EU customers?
Generally no, if you are simply accepting crypto as payment for goods or services. The CASP framework applies to businesses offering crypto-asset services on a commercial basis. However, the providers you use to process and settle those payments do need CASP authorisation after July 2026.
What happens if my crypto payment provider is not CASP-authorised?
After the July 2026 transition deadline, a provider without CASP authorisation cannot legally serve EU clients. In practice, this can mean restricted services, frozen settlement flows, or being excluded from Travel Rule networks that licensed CASPs use to exchange compliance data. The impact lands on your operations even though the licensing gap sits with your provider.
What is the difference between a VASP registration and a CASP licence?
A VASP registration is an AML notification. It confirms that a business exists and has committed to anti-money laundering rules. A CASP licence is a full financial services authorisation. A regulator has reviewed the business across capital requirements, governance, IT security, and AML infrastructure, and approved it to operate.
How do I check whether a crypto provider holds a valid CASP licence?
Ask for the legal entity name and the licence reference number, then check ESMA’s public CASP register. It is updated weekly and shows the scope of each authorisation and which national regulator granted it.
Can I integrate Paybis without holding my own crypto licence?
Yes. Businesses that integrate the Paybis on-ramp or Corporate On/Off Ramp operate under Paybis’s licensed framework. KYC, AML, and Travel Rule compliance are handled on the Paybis side. You do not need to hold a CASP licence in each market to accept crypto from EU customers through the integration.
Disclaimer: Don’t invest unless you’re prepared to lose all the money you invest. This is a high‑risk investment and you should not expect to be protected if something goes wrong. Take 2 mins to learn more at: https://go.payb.is/FCA-Info
