If you've seen the term "CASP" in recent months in the context of European crypto-asset regulation and weren't sure what it meant or why you should care, this article provides the complete answer. MiCA Regulation —Markets in Crypto-Assets, Regulation (EU) 2023/1114— creates a new legal category in the European financial ecosystem: The Crypto-Asset Service Provider. And that category will redefine which platforms can continue operating in Europe and which cannot.
July 1, 2026, marks the end of the transition period across the EU. From that date, operating as a cryptocurrency service provider without CASP authorization constitutes a breach of European law. For you as a user, your exchange's CASP is not a mere technical detail without consequences: It is the difference between operating with regulatory guarantees or without them.
Important: This article is for educational and informational purposes only. The content does not constitute financial, legal, or tax advice. Cryptocurrencies are high-risk assets whose value can fluctuate significantly. Consult a qualified professional before making any purchase or participation decisions.
What does CASP mean: definition and regulatory context
CASP stands for Crypto-Asset Service Provider, which in Spanish translates as Crypto-Asset Service Provider. It is the figure that the MiCA Regulation expressly creates to regulate all companies that provide services related to crypto assets in the European Union.
The Regulation precisely defines which activities fall under this category. Covered services include the management of cryptocurrency trading platforms (commonly known as exchanges), the exchange of cryptocurrencies for fiat currency and other cryptocurrencies, the custody and administration of cryptocurrencies on behalf of third parties, the execution of buy or sell orders for cryptocurrencies, the placement of cryptocurrencies, the receipt and transmission of orders related to cryptocurrencies, cryptocurrency advice, and the management of cryptocurrency portfolios.
If your exchange does any of these things—and almost all of them do at least the first two—it falls under the scope of MiCA and requires CASP authorization to operate legally. There is no scale or volume threshold that allows you to operate without authorization: the requirement applies regardless of the platform's size.
The process for obtaining CASP authorization
Becoming a CASP is not a routine administrative process. The application is submitted to the competent national authority of the Member State where the company has its registered office, which in the case of Spain is the National Securities Market Commission (CNMV). The regulator has a legal timeframe to resolve the request, and may request additional documentation or clarifications throughout the process.
The requirements a company must meet to obtain authorization are substantial. First, it must demonstrate that it meets the minimum capital requirements, which vary depending on the type of services it provides: 50.000 euros for the most basic class, 125.000 euros for intermediate services and 150.000 euros for the most complex class. In addition, it must maintain as continuing equity the greater of these amounts or one-quarter of its fixed expenses from the previous year.
Beyond capital, the company must demonstrate that it has robust risk management procedures, adequate cybersecurity systems, mechanisms for resolving conflicts of interest, and processes for handling and resolving customer complaints. Its directors must have a good reputation and sufficient expertise, and the company must undergo regular external audits.
In Spain, the CNMV has processed the first applications within three to five months when the file was complete, one of the most efficient processing times in the EU according to industry analysis.
The ongoing obligations that a CASP has
Obtaining CASP authorization is not the end point: it is the beginning of an ongoing regulatory relationship. Authorized CASPs must comply with a series of obligations on an ongoing basis, under the supervision of the competent national authority.
The most relevant aspect for the user is the segregation of funds. An authorized CASP is required to keep its clients' assets completely separate from its own assets. This means that if the company experiences financial difficulties or goes bankrupt, client assets cannot be used to pay the company's creditors. The crypto assets you deposit with a CASP remain yours, not part of the entity's balance sheet.
Furthermore, CASPs are required to publish clear and accessible information about their services, fees, risks, and procedures. They must implement best execution conditions policies so that their clients' orders are processed under the most favorable conditions available. And they must provide channels for clients to submit complaints and receive a response within a reasonable timeframe.
Oversight is not static: the national authority can conduct inspections, request information, and, in cases of non-compliance, impose sanctions or withdraw authorization. This creates a structural incentive for CASPs to maintain their operational standards, something that did not exist under the previous national registration system.
What specific protections do you get when operating with a CASP?
The difference between operating with an authorized CASP and doing so on an unlicensed platform translates into practical and tangible advantages. These aren't absolute guarantees—no regulator eliminates the market risk of crypto assets—but they do significantly reduce operational risks.
With an authorized CASP, your assets are segregated. If the exchange goes bankrupt—something that happened with several centralized platforms between 2022 and 2024—your crypto assets are not part of the bankruptcy estate. You can recover them, although the process can take time. Without segregation, as was the case with many unregulated exchanges, customer assets were mixed with the exchange's own funds and could be partially or totally lost.
With an authorized CASP, there's a regulator to turn to. If you have a dispute with the exchange, you can file a formal complaint, and the regulator can intervene. With an unregulated platform, your options are limited to the contractual terms the exchange unilaterally decides, which often include arbitration clauses in opaque jurisdictions.
With an authorized CASP, information is verifiable. CASPs publish information about their own funds, audits, and procedures. With an unregulated exchange, opacity is the norm, and the information they provide is not subject to external verification.
CASP in Spain as of June 2026
The CNMV has made progress with one of the most active authorization processes in the EU. By early 2026, it had granted authorization to six banking entities—BBVA, Cecabank, Openbank, Renta 4, CaixaBank, and Kutxabank—and five fintechs specializing in crypto assets: Bit2Me, Crossmint, Minos, Criptan, and Fazil Crypto.
Bit2Me —operated by BITCOINFORME, PSC, SL— was the first Spanish-speaking fintech to obtain CASP authorization from the CNMV, in July 2025. This authorization, granted in accordance with Article 59 of the MiCA Regulation, enables it to operate with full authorization throughout the European Economic Area through the European passport mechanism.
The CNMV continues to receive and process applications, so the number of authorized CASPs in Spain may have increased by the time you read this. For the most up-to-date list, consult the official CNMV register and the ESMA register, which is updated weekly to reflect the latest changes.
At the European level, the provisional registration of ESMA It includes around 183-210 authorized entities in 20 countries of the European Economic Area, of which only 14 were authorized to operate crypto asset trading platforms (exchanges in the strict sense) as of early June 2026.
Current status: CASPs authorized in June 2026
The outlook for the European market in June 2026 is significant: of the more than 1.200 providers that operated under national registries before the full implementation of MiCA, only 18% have completed the CASP authorization process. This means that more than 1.000 entities continue to operate under the transitional regime or without any authorization, and that from July 1st they must either obtain a license or cease their activity in the EU.
This situation has led ESMA to publish specific guidelines for unauthorized CASPs, requiring them to have operational orderly closure plans, ensure the transfer of assets to customers, and not increase their European user base before the end of the transition period. National authorities, in turn, must verify the existence and feasibility of these plans.
For authorized platforms, this presents an opportunity: thousands of users of unauthorized platforms will need to migrate to CASP-licensed exchanges within a short period. For users, the message remains the same: verifying your platform's regulatory status before July 1st is the most helpful step you can take right now.
A structural change, not a bureaucratic requirement
It's easy to dismiss the CASP requirement as just another bureaucratic hurdle that complicates things for businesses and drives up the cost of services. While that interpretation is understandable, it overlooks the historical context: the cryptocurrency market has experienced exchange collapses that wiped out the savings of millions of users worldwide, without any compensation mechanism or regulator with real power to intervene.
The CASP model doesn't guarantee that crypto assets won't lose value or that any provider will ever have problems. But it does guarantee that if problems arise, there's a legal framework and a supervisor who can intervene. For people who allocate a portion of their wealth to crypto assets—however small—that difference is significant.
The European cryptocurrency market emerging from July 2026 will be smaller in the number of participants, more concentrated among entities with sufficient operational capacity and resources, and safer for those who choose to participate. Regulation, in this case, is not the obstacle: it's the infrastructure.
