EU regulatory authorisation

EU Electronic Money Institution Authorisation

SKY7's in-house regulatory team develops the authorisation strategy, application file, governance and control framework, management readiness and regulator response process through one accountable workstream.

EMI licence founder guide illustration

Build an authorisable electronic money institution

This route fits founders building stored-value accounts, wallets or payment products where monetary value is issued on receipt of funds and accepted by parties other than the issuer. The first decision is whether the real model is e-money, a payment service, another regulated activity or a mixed perimeter.

As of July 2026, the core EU framework remains Directive 2009/110/EC, with relevant PSD2 authorisation rules and DORA-related ICT requirements applied through EU and national law. An electronic money institution is authorised by the competent authority of its home Member State. There is no central authority issuing a single document called an EU EMI licence.

An EMI may issue electronic money and provide only the payment services included in its individual authorisation. It is not a bank and may not take deposits or other repayable funds from the public. Whether a wallet or balance is e-money depends on the legal definition and the actual product and money flow, not its marketing label.

SKY7's in-house regulatory team connects perimeter, flow of funds, capital, safeguarding, people, technology and policies into one operating case, then coordinates filing and follow- up. The national competent authority alone decides whether to grant, refuse or condition authorisation. Banks, providers and candidates also retain their independent decisions, so we do not promise an outcome or fixed approval date.

Perimeter questions resolved before the application

Question Effect on the authorisation file Boundary to preserve
Question Is monetary value issued on receipt of funds? Effect on the authorisation file The product, ledger, issuance, redemption and customer-money flows must be described in consistent legal and operational terms. Boundary to preserve Not every wallet balance is automatically e-money; the facts must satisfy the statutory definition.
Question Which payment services are performed? Effect on the authorisation file Account operation, transfers, acquiring, instruments, remittance, initiation or account information are mapped to the requested scope. Boundary to preserve Authorisation covers the services granted by the authority, not every possible payment activity.
Question Who receives, holds and moves customer funds? Effect on the authorisation file The flow determines safeguarding, reconciliation, outsourcing, contractual and control evidence. Boundary to preserve Safeguarded customer funds are separate from the applicant's own capital and operating money.
Question Which activities sit with providers? Effect on the authorisation file Banking, processing, cards, cloud, KYC and technology dependencies are recorded in the operating and outsourcing model. Boundary to preserve Outsourcing a task does not transfer the EMI's regulatory accountability.

Capital, own funds and safeguarding are three different tests

Directive 2009/110/EC sets initial capital of not less than EUR 350,000 at authorisation. That figure is not the total project budget and it is not customer money. The institution must also maintain ongoing own funds at no less than the higher applicable amount. The calculation depends on issued e-money and any payment services outside the issuance activity, so the model must remain compliant after launch as volumes and costs change.

Safeguarding protects funds received in exchange for issued e-money. SKY7 maps when funds enter the safeguarded perimeter, the proposed method, accounts or assets, reconciliation logic, access controls and failure scenarios. A bank or insurer makes its own acceptance decision, so the workstream includes evidence and provider readiness rather than a promise of an account.

SKY7 in-house EMI authorisation programme

  1. Confirm the perimeter and target scope

    We map the product, customers, markets, issuance and redemption logic, payment services, funds, data and providers. The output states what permission is being requested and which activities sit outside it or require a separate analysis.

  2. Select the home Member State

    We compare viable authorities against the model, ownership, management, substance, language, provider stack and target markets. The recommendation records trade-offs and open assumptions instead of choosing a jurisdiction from headline speed claims.

  3. Design the institution

    We build the legal and operating structure, governance map, key roles, committees, reporting lines, outsourcing register and three-lines control model that the application narrative will describe.

  4. Develop the regulatory business plan

    We prepare the programme of operations, market and customer analysis, flow of funds, revenue logic, three-year financial model, capital and own-funds calculations, stress assumptions and resourcing plan as one connected case.

  5. Build the policy and control suite

    We coordinate AML/CFT, compliance, risk, safeguarding, complaints, outsourcing, conduct, continuity, incident, ICT-security and data-governance materials. Documents are tailored to the actual product, systems and accountable people.

  6. Complete owner and management evidence

    We organise ownership, source-of-funds and source-of-wealth evidence, management histories, role mandates, time commitments and suitability materials, then prepare the team to explain the model and controls consistently.

  7. Assemble and coordinate submission

    We control versions, cross-references, forms, declarations and supporting evidence, run a consistency review, coordinate the filing method required by the selected authority and maintain a record of every submitted item.

  8. Manage questions and remediation

    We triage authority questions, allocate factual inputs, draft and quality-control responses, update affected documents and maintain the issue log until the authority reaches its decision or identifies the next formal step.

Overview

Application file and applicant inputs

Business, financial and ownership case

SKY7 develops the programme of operations, customers, markets, revenue model, three-year forecasts, stress cases, capital and viability evidence from the applicant's group, UBO, source-of-wealth, source-of-funds and financing information.

Product, e-money operations and money flows

Customer journeys, issuance, distribution, redemption, requested payment services, contracts, pricing, every money and data handoff, reconciliation and settlement are mapped from product facts and management-approved flows.

Safeguarding and provider evidence

The file covers method, account or asset design, counterparties, triggers, segregation, reconciliation, access, monitoring and contingency evidence. The applicant supplies proposed bank, processor, card and other critical-provider materials.

Governance, people and management decisions

SKY7 structures organisation, decision rights, board, senior management and control functions. Candidates provide experience, availability, conflicts and role evidence, join workshops and make timely decisions on model or authority trade-offs.

Financial crime and conduct

Business-wide and customer risk, CDD, monitoring, sanctions, reporting, complaints, disclosures, vulnerable situations and compliance monitoring are tailored to the applicant's customers, channels, systems and accountable owners.

Technology, resilience and critical providers

System architecture, security, access, data, continuity, incidents, testing, ICT providers, oversight and exit arrangements are supported by product demonstrations, proposed contracts and evidence of who controls each dependency.

Responsibility map

Party Primary responsibility Decision boundary
Party SKY7 in-house regulatory team Primary responsibility Strategy, workplan, drafting, evidence coordination, workshops, filing logistics and regulator-response management. Decision boundary SKY7 does not grant authorisation or make a decision for the authority, bank, provider or candidate.
Party Applicant and its management Primary responsibility Accurate facts, ownership evidence, capital, appointments, provider choices, formal approvals and implementation of the proposed operation. Decision boundary Directors and function holders must understand, approve and operate the framework; the application cannot be owned only by advisers.
Party National competent authority Primary responsibility Completeness review, assessment, questions, supervisory judgment and the grant, refusal or conditioning of authorisation. Decision boundary The authority sets the live national procedure and may require additional or updated evidence.

Route facts

Jurisdiction, timing and launch readiness

Home-state substance

Home-state selection is an operating decision. SKY7 tests where the applicant can direct the business, employ credible management, supervise providers and keep its records and controls. There is no reliable EU-wide headcount formula, so we confirm the authority's current position and build a proportionate structure.

Complete-file clock

PSD2 contains a three-month decision clock from receipt of a complete file, applied through EMD2. It is not a three-month approval promise. Perimeter work, incorporation, capital, appointments, provider evidence, drafting and pre-filing sit outside it, while questions affect when the file is treated as complete.

Cross-border and infrastructure readiness

The EMI may provide only authorised services. Cross-border activity uses the applicable notification route and still requires host-state analysis. Banking, safeguarding, card schemes, local payment systems, SEPA and SWIFT are independent workstreams; authorisation does not compel any provider to onboard the firm.

FAQ

Frequently asked questions

01 Is EUR 350,000 the full budget for an EU EMI authorisation?

No. EUR 350,000 is the statutory initial-capital floor, not a quote for the project and not the same as customer funds held under safeguarding. The applicant also needs a funded operating plan and must meet ongoing own-funds requirements. The required runway depends on its forecast, staffing, technology, providers and the selected Member State.

02 Can SKY7 guarantee the authorisation?

No. The national competent authority alone decides whether to grant, refuse or condition authorisation. SKY7 prepares and coordinates the work, tests consistency, readies the team and manages follow-up, but does not control the supervisory judgment.

03 Do we need a safeguarding account before filing?

The application must explain and evidence a compliant safeguarding approach, but the exact evidence and timing depend on the selected authority and method. A prospective bank or other provider retains its own acceptance process. We confirm the national filing requirement and coordinate the readiness work without promising onboarding.

04 How many local directors and key people are required?

There is no responsible one-number answer across the EU. The structure must be robust, proportionate and genuinely operable, while national authorities differ in how they assess local substance and individual roles. We confirm the live expectation for the chosen route and build the staffing plan around the actual model.

05 Does SKY7 provide the software and bank accounts?

The authorisation engagement is provider-neutral. We define the evidence standard, review proposed technology and banking dependencies and coordinate readiness. Technology vendors, banks and infrastructure operators contract and decide independently, and their acceptance is not included in an authorisation promise.

06 How is pricing set?

Pricing is provided on request after the initial perimeter and readiness review. Scope depends on the Member State, requested services, existing materials, ownership complexity, management and recruitment needs, technology evidence and whether safeguarding or other provider workstreams need coordination.

Tell us what you need

Start with an EMI perimeter and readiness assessment

Send the product, target markets, ownership, proposed flow of funds and current team. SKY7's in-house regulatory team will identify the likely perimeter, viable home-state workstream, evidence gaps and the next decision before application drafting begins.