Home›Crypto License (BaFin)

MiCAR CASP Authorisation

German Crypto License — BaFin MiCAR CASP Authorisation.

Germany's MiCAR CASP framework covers all 27 EU member states via passporting. Capital from €50,000. BaFin requires minimum two managing directors. Timeline: 12–24 months from pre-filing to conditional authorisation.

Get Started View Costs

12–24 months

BaFin regulated

EU passport ready

Overview

MiCAR (Reg (EU) 2023/1114) entered into force 30 December 2024. BaFin is Germany's designated CASP competent authority under MiCA Art. 63(1). The German KWG transitional regime ended 31 December 2025. From 1 July 2026, MiCAR applies across all 27 EU member states — any CASP without valid authorisation faces immediate operations ban and fines up to €5 million or 3% of turnover. A German GmbH or AG is the mandatory corporate vehicle.

€50KClass I capital

€150KClass III capital

12–24 moTimeline

27 statesEU passport

2Min. directors

1 Jul 2026EU deadline

Service Category	MiCA Reference	Capital Class	Min. Own Funds
Advice / order reception / portfolio management	Art. 3(1)(16)(d)(h)(i)	Class I	€50,000
Exchange / execution / transfer services	Art. 3(1)(16)(c)(e)(g)	Class II	€125,000
Custody + trading platform	Art. 3(1)(16)(a)(b)	Class III	€150,000

How It Works

Step by step, handled for you.

Licence Scope Assessment

Identify correct MiCAR service categories (Art. 3(1)(16)), capital class (I/II/III), and minimum own-funds. Most applicants require multiple categories — over-authorisation increases compliance costs.

Entity Formation + Directors

German GmbH or AG required. Two Geschäftsführer minimum (hard BaFin requirement). Both must satisfy BaFin Fit & Proper: criminal background, 3+ years crypto/financial senior management, no conflicting mandates.

Application File Preparation

Business plan, AML/KYC programme (GwG §§5–10), Geldwäschebeauftragter appointment, DORA ICT risk documentation (Reg (EU) 2022/2554), capital adequacy calculation including one-quarter fixed-overheads test.

BaFin Submission

Complete application submitted to BaFin. Typical 3-month completeness check, then formal review opens. We manage all Nachforderungen (supplementary requests) within BaFin deadlines.

Regulatory Review

12–24 months from complete application. We attend all BaFin meetings and respond to queries. Director Fit & Proper review is the most common timeline variable.

Post-Authorisation Compliance

Ongoing own-funds reporting, AML transaction monitoring, DORA incident reporting, annual BaFin submissions, MiCA Art. 65 passport notifications for EU expansion.

MiCAR Transition Deadlines — Two Dates That Cannot Be Missed

From 1 July 2026: unauthorised CASP provision is a criminal offence in Germany. BaFin may issue an immediate operations injunction plus public disclosure of enforcement.

Date	Event	Consequence of Missing
30 Dec 2024	MiCAR Title V enters force EU-wide	New CASP applications open — file early to beat queue
31 Dec 2025	German KWG transitional regime ends	Operating without authorisation = regulatory offence
1 Jul 2026	EU-wide backstop (MiCA Art. 143(3))	Immediate operations ban, fines up to €5M or 3% turnover

Germany's MiCAR framework grants EU-wide CASP passporting — one BaFin authorisation covers all 27 member states.

BaFin Fit & Proper — What Both Directors Must Demonstrate

→No criminal convictions for fraud, money-laundering, or insolvency offences in any jurisdiction
→Minimum 3 years verifiable senior management experience in financial services or crypto context
→Direct crypto-specific experience: custody, AML compliance, exchange operations, or smart contract risk
→Sufficient time commitment — non-compete declarations, absence of conflicting mandates
→If neither director has sufficient crypto experience: additional Key Function Holder (KFH) required by BaFin

The EU Passport Advantage — Why Germany is the Right Jurisdiction

A single German MiCAR CASP authorisation provides passporting across all 27 EU member states via MiCA Art. 65. Expanding to France, Spain, Italy, or the Netherlands requires only a BaFin notification — processed in 10 business days. Local regulators have no veto right over a German-passported CASP. Germany's established BaFin crypto track record and Frankfurt's position as the EU's financial centre make it the optimal passport jurisdiction.

MiCAR Art. 65: once authorised in Germany, EU expansion is a 10-business-day notification process — no new applications, no local regulator veto.

Process Overview

BaFin Crypto License — Step-by-Step

Choose Legal Structure

GmbH or AG required; UG generally insufficient for §32 KWG

1–2 weeks

Build AML/KYC Programme

Full compliance manual, transaction monitoring, designated MLRO

2–4 weeks

File BaFin Application

§32 KWG (banking licence) or KAGB (fund management)

1 day

BaFin Review Period

Fit-and-proper checks, capital adequacy review

3–6 months

Licence Granted

EU-wide MiCAR passport available from 2024

Active

Choose Legal Structure

GmbH or AG required; UG generally insufficient for §32 KWG

1–2 weeks

Build AML/KYC Programme

Full compliance manual, transaction monitoring, designated MLRO

2–4 weeks

File BaFin Application

§32 KWG (banking licence) or KAGB (fund management)

1 day

BaFin Review Period

Fit-and-proper checks, capital adequacy review

3–6 months

Licence Granted

EU-wide MiCAR passport available from 2024

Active

FAQ

Common questions.

What crypto activities require a MiCAR licence?

All five MiCAR service categories require BaFin authorisation: custody, trading platform operation, exchange, reception/transmission of orders, execution of orders, placing, transfer services, portfolio management, and advice. Even "advice only" requires Class I with €50,000 minimum capital.

How long does BaFin CASP authorisation take?

12–24 months from complete application submission. Initial completeness check: ~3 months. Director Fit & Proper review is the most common timeline variable — verified crypto experience shortens the process.

What is the minimum capital requirement?

Class I: €50,000. Class II: €125,000. Class III: €150,000. The one-quarter fixed-overheads rule (MiCA Art. 67(3)) may require more — a firm with €1M annual fixed costs needs €250,000 in own funds regardless of class minimum.

Does a German licence cover all EU member states?

Yes. Under MiCA Art. 65, a German CASP authorisation provides passporting across all 27 EU member states. Expansion to another member state requires only a BaFin notification — processed in 10 business days.

Can a single-director GmbH receive CASP authorisation?

No. BaFin requires at least two Geschäftsführer for any CASP applicant — this is a hard requirement. A single-director GmbH must add a second director before application. Both must separately satisfy BaFin Fit & Proper criteria.

What DORA obligations apply to CASPs?

DORA (Reg (EU) 2022/2554) applies to all CASPs from 17 January 2025. BaFin rejects applications lacking DORA-compliant ICT risk documentation: risk management framework, incident reporting procedures, digital resilience testing, and third-party ICT provider management policies.

Can I passport a MiCAR licence from another EU country into Germany?

Yes. Under MiCA Article 65, a CASP authorised in any EU member state can passport into Germany by notifying BaFin and ESMA. BaFin must be notified at least 10 working days before services begin. The passporting CASP must comply with German anti-money laundering (GwG) requirements independently — BaFin supervises AML compliance for passported entities.

What is the difference between a crypto custodian licence and a CASP?

Before MiCAR, Germany had a standalone crypto custody licence under KWG §32 (Kryptoverwahrgeschäft). From 30 December 2024, the KWG crypto custody regime is replaced by the MiCAR CASP authorisation. Existing KWG licence holders must transition to MiCAR by the applicable deadline — typically 18 months from national implementation.

What ongoing compliance obligations apply to a German CASP?

Key ongoing obligations under MiCAR: quarterly prudential reporting to BaFin, annual financial statements (audited for Class II/III), incident reporting within 4 hours for significant operational disruptions, annual DORA testing, continuous AML/CFT compliance under GwG, and white paper maintenance for crypto assets offered.

What is a MiCAR White Paper and when must a German CASP publish one?

Under MiCA Art. 4–21, the issuer of a crypto-asset (excluding e-money tokens and asset-referenced tokens) must publish a White Paper before offering to the public or seeking admission to trading. CASPs facilitating trading must verify that a compliant White Paper exists and notify BaFin. The White Paper must be filed with BaFin and published on the issuer's website throughout the offer period. CASPs are not responsible for White Paper accuracy unless they are also the issuer.

Ready to Start?

Your BaFin crypto licence, handled end to end.

Entity formation, BaFin application, Fit & Proper preparation, and post-authorisation compliance — all in English.

Book Free Consultation