Own EU crypto authorisation

EU MiCA CASP Authorisation

SKY7's in-house regulatory team defines the authorised scope, builds the application and control framework, prepares management, coordinates filing and manages regulator follow-up through one accountable workstream.

Modern glass-fronted institutional building with an EU flag visible outside

Own authorisation after the MiCA transition

This service is for a business seeking authorisation in its own name as a crypto-asset service provider under MiCA. It is different from integrating a third-party CASP into a product. The applicant owns the regulated entity, governance, capital, controls, technology and continuing obligations described in the file.

As of July 2026, the EU MiCA transitional period has ended. ESMA stated that the final EU-wide transition expired on 1 July 2026. A legacy national VASP registration is not MiCA authorisation, and an applicant may provide regulated crypto-asset services only once authorised unless a specific route for an eligible financial entity under MiCA Article 60 applies.

A business that is not authorised cannot use a name, communication or process that suggests it is a CASP. Perimeter and launch sequencing therefore come before marketing claims. SKY7 prepares and coordinates perimeter analysis, route strategy, application development, management readiness, evidence control, filing and regulator follow-up in-house. The selected national competent authority alone decides whether to grant, refuse or condition authorisation, and no adviser can guarantee the outcome or a fixed approval date.

Crypto-asset services and prudential classes

Class Services within the class Annex IV minimum
Class Class 1 Services within the class Execution of orders, placing, transfer services, reception and transmission of orders, advice and portfolio management in crypto-assets. Annex IV minimum EUR 50,000
Class Class 2 Services within the class Any Class 1 service plus custody and administration, exchange of crypto-assets for funds and exchange of crypto-assets for other crypto-assets. Annex IV minimum EUR 125,000
Class Class 3 Services within the class Any Class 2 service plus operation of a trading platform for crypto-assets. Annex IV minimum EUR 150,000

Route facts

Scope, substance and prudential safeguards

Service perimeter

MiCA identifies ten crypto-asset services. SKY7 maps contracts, customer actions, token types, key and asset control, orders, pricing, venues, liquidity, transfers, custody, fiat and data to the requested scope. Over-scoping creates unsupported obligations; under-scoping creates unauthorised-activity risk.

Home-state substance

The CASP needs a registered office in a Member State where it performs at least part of its services, effective management in the Union and at least one EU-resident director. We test ownership, management, languages, markets, outsourcing and real operations rather than publish a universal headcount.

Prudential safeguards

The CASP must maintain the higher of its Annex IV minimum and one quarter of relevant fixed overheads, using projected overheads for its first 12 months. SKY7 models the permitted own-funds, insurance or comparable-guarantee route separately from operating runway, client assets and fiat balances.

SKY7 in-house MiCA authorisation programme

  1. Classify the product and services

    We map customer journeys, token types, custody and key control, orders, venues, exchange, transfers, advice, portfolio activity, fiat touchpoints and every party's role. The output defines the requested MiCA scope and issues requiring separate legal analysis.

  2. Select the home Member State

    We compare viable authorities against the proposed services, ownership, management, substance, language, provider dependencies and target markets, then record the recommended route, trade-offs and conditions that must be met.

  3. Design governance and resources

    We structure the board and senior management, control functions, decision rights, committees, staffing, conflicts, outsourcing oversight and accountability map. The design is tested against the work the entity will actually perform.

  4. Build the programme of operations

    We prepare the three-year operating narrative, markets and marketing approach, client and asset flows, resource plan, outsourcing model, financial forecasts, stress assumptions and prudential-safeguard evidence as one consistent case.

  5. Develop controls and service policies

    We coordinate risk, AML/CFT, conflicts, complaints, continuity, client-asset segregation, ICT, security and provider oversight, plus custody, trading-platform, exchange, execution, advice, portfolio or transfer materials required by the requested services.

  6. Complete suitability evidence

    We organise management and qualifying-holder information, reputation evidence, experience, time commitments, ownership and source-of-funds materials. Workshops prepare the relevant people to explain the model, risks and their personal responsibilities.

  7. Assemble and coordinate filing

    We control forms, versions, declarations, cross-references and evidence, run consistency and readiness reviews, coordinate the filing channel set by the authority and retain a complete submission record.

  8. Manage authority questions

    We triage requests, allocate factual inputs, draft and quality-control responses, update all affected documents and maintain a decision and evidence log through assessment and any remediation cycle.

Overview

Application file and applicant inputs

Ownership, funding and prudential evidence

SKY7 organises corporate documents, LEI, group and ownership charts, qualifying-holder evidence, reputation, source of wealth and funds, committed resources, service class, fixed-overhead calculations and continuing-safeguard monitoring.

Product, token and service map

The applicant provides customer types, target states, tokens, venues, custody and key control, order and transfer journeys, pricing, marketing and every asset, fiat and data handoff. SKY7 converts those facts into the requested perimeter and responsibility map.

Programme, markets and financial model

SKY7 develops the requested services, markets, customers, delivery channels, resources, outsourcing, three-year projections, stress cases, runway and planned non-MiCA activities from management-approved assumptions.

Governance and suitability

The file covers organisation, management and control functions, collective competence, residence, time commitments, conflicts, decision rights and role mandates. Candidates provide their histories, availability and evidence and participate in readiness workshops.

Financial crime and client protection

AML/CFT risk assessment, CDD, monitoring, sanctions, Travel Rule, complaints, disclosures, client-asset and funds segregation, records and escalation are built around the applicant's customers, flows, systems and accountable owners.

ICT, providers and service-specific evidence

Architecture, security, continuity, incidents, testing, provider oversight, audit, concentration and exit controls are supported by contracts and demonstrations. SKY7 adds the custody, platform, exchange, execution, advice, portfolio, transfer, placing or order- reception materials required by the chosen services.

Regulatory boundaries and accountability

Area or party What the file covers Boundary
Area or party DORA and ICT What the file covers ICT risk, continuity, incidents, testing and third-party controls must be designed as an operating framework for the authorised CASP. Boundary A policy pack or software product is not inherently DORA-compliant on its own.
Area or party AML/CFT and Travel Rule What the file covers The file includes the business-wide risk assessment, customer and transaction controls, sanctions, reporting and crypto-transfer information arrangements. Boundary MiCA does not replace financial-crime obligations under EU and national law.
Area or party Fiat payment services What the file covers Fiat accounts, collections, payouts and safeguarding are mapped to the authorised party that performs them and the relevant contracts. Boundary CASP authorisation alone does not authorise payment services under PSD2.
Area or party Token issuance What the file covers Token classification and the applicant's role are reviewed separately from its proposed crypto-asset services. Boundary CASP authorisation does not by itself authorise issuance of e-money tokens or every token offering.
Area or party SKY7 in-house regulatory team What the file covers Perimeter and route strategy, drafting, control design, workshops, evidence coordination, filing logistics and regulator-response management. Boundary SKY7 does not grant authorisation or decide for the authority, bank, provider or individual candidate.
Area or party Applicant and management body What the file covers Accurate facts, ownership and funding evidence, capital, appointments, approvals, systems and real implementation of the proposed operation. Boundary Management must understand and own the framework; continuing MiCA obligations cannot be delegated to an application adviser.
Area or party National competent authority What the file covers Completeness, supervisory questions, suitability and business-model review and the grant, refusal or conditioning of authorisation. Boundary The authority controls the live national process and may require additional evidence or remediation within the MiCA framework.

Filing clocks and cross-border launch

Article 63 sets process clocks for the authority: acknowledgement within five working days, an initial completeness assessment within 25 working days and an assessment period of 40 working days from a complete application. The authority may request further information and suspend the assessment period within the limits set by MiCA.

These are not a total project duration or an approval promise. Perimeter analysis, incorporation, management appointments, capital, technology evidence, policy implementation and pre-filing engagement happen before completeness. A nominally submitted file can remain incomplete. SKY7 plans to evidence gates and tracks the authority clock separately from the applicant's preparation and response time.

Authorisation specifies the crypto-asset services the CASP may provide. Before cross-border provision, the CASP notifies its home authority of the host Member States, services, intended start date and relevant non-MiCA activities. The home authority transmits the information within ten working days. The CASP may begin after receiving confirmation of communication or, at the latest, on the fifteenth calendar day after submission.

That process is not permission to exceed the authorised scope, and it does not remove host- market conduct, consumer, AML, marketing or operational analysis. SKY7 prepares the initial market map and notification data, then sequences each launch against actual authority and provider readiness instead of advertising an automatic passport on approval.

FAQ

Frequently asked questions

01 Can a pending MiCA application keep operating after 1 July 2026?

No. The EU transitional period has ended, and a pending application is not authorisation. The business may provide regulated crypto-asset services only after authorisation unless a specific Article 60 route applies. Any existing unauthorised operation needs separate and immediate legal analysis, including wind-down or client-migration obligations.

02 How many local managers or employees do we need?

MiCA sets core establishment and EU-management conditions, but there is no universal published headcount for every model and Member State. The structure must be proportionate, credible and able to direct the regulated business. We confirm the live supervisory expectation after the service scope and home-state shortlist are defined.

03 Does CASP authorisation include fiat payment services?

No. Fiat payment services require an appropriately authorised delivery chain under the payments framework. We map fiat accounts, collections, payouts and safeguarding separately and align the CASP file with the bank, EMI or payment provider that performs those tasks.

04 Can SKY7 guarantee authorisation or banking?

No. The authority decides authorisation, and banks and providers run independent acceptance processes. SKY7 prepares and coordinates the application, tests evidence, readies the team and manages questions, but cannot promise an external party's decision.

05 How is pricing set?

Pricing is provided on request after the perimeter and readiness review. Scope depends on requested services, home state, ownership, existing documentation, management and hiring, technology evidence, outsourcing and whether adjacent AML, DORA, banking or migration workstreams need coordination.

Tell us what you need

Start with a MiCA perimeter and readiness assessment

Send the product, token and customer map, target Member States, ownership, proposed services, asset and fiat flows and current team. SKY7's in-house regulatory team will identify the likely perimeter, viable route, prudential class, evidence gaps and next decision before drafting.