The short answer is yes: a startup can get an EMI license. In EU law and in the EBA’s authorization framework, the test is not whether the applicant is already a famous fintech or a large group. The test is whether the applicant can prove that it is properly capitalized, governable, controllable, and ready to operate as a supervised institution. The EBA authorization guidelines even contemplate applicants that are already incorporated and applicants that are still “in the process of incorporation,” which tells you immediately that the regime is not reserved only for mature incumbents.
That said, startup status does not buy leniency on the fundamentals. Regulators do not license “potential.” They license operating readiness. A young company can apply, but it still needs the same core building blocks: a coherent programme of operations, a defensible three-year business plan, evidence of initial capital, safeguarding arrangements, governance and internal controls, and fit-and-proper management. Under PSD2, applied to EMIs via the E-Money Directive, authorization is granted only where the overall assessment is favorable and the institution has robust governance, effective risk procedures, and adequate internal controls that are proportionate to its business.
Why people think EMI licenses are only for big fintechs
That belief exists for a reason. In practice, many EMI projects are expensive, document-heavy, and operationally demanding. The business plan has to go beyond ambition and show three-year forecasts, stress scenarios, cash flows, and own-funds logic. The structural organization has to show real staff planning, outsourcing control, and internal control ownership. For EMIs specifically, the EBA guidelines also require evidence of initial capital of EUR 350,000 and detailed safeguarding information. That naturally filters out underprepared founders and makes the market look more “institutional” than startup-friendly.
But that still does not mean only large fintechs qualify. It means the licensing bar is institutional. A startup can clear that bar if it is built like a future supervised firm rather than like an early-stage app that hopes to figure out compliance later. The EBA guidelines are explicit that the level of detail should be proportionate to the applicant’s size, internal organization, and the nature, scope, complexity, and riskiness of the services it plans to provide. In other words, the regime recognizes proportionality. It does not recognize shortcuts.
What regulators actually care about
Regulators usually care much less about brand size than founders assume. They are trying to answer different questions.
Can this applicant explain exactly what it will do? Can it show how money will flow, how customers will be onboarded, how safeguarding will work, who is responsible for compliance, how outsourcing will be controlled, and how the firm will remain solvent and governable if growth is slower than planned? For EMI applicants, the EBA guidelines require a programme of operations covering issuance, redemption, distribution, fund-flow diagrams, settlement arrangements, draft contracts, and processing times. They also require a business plan with a marketing plan, financial forecasts, stress scenarios, and cash-flow breakdowns.
This is why a small applicant can succeed while a bigger one can still fail. A startup with clean ownership, real capital, credible managers, a narrow and understandable model, and disciplined documentation may look much stronger than a larger but messy applicant with vague outsourcing, thin local substance, and inconsistent projections. The EBA’s 2025 follow-up peer review reinforces this point: across the EEA, supervisors still report major differences in governance, internal controls, and local substance, and the median authorization process was 9.5 months, with delays often caused by incomplete or poor-quality applications.
Where startups usually fail
Startups usually do not fail because they are “too small.” They fail because they try to apply too early or try to submit a startup story where the regulator expects an institution.
One common mistake is presenting a pitch deck disguised as a business plan. Another is relying too heavily on outsourced providers without showing who inside the EMI controls them. A third is underestimating how much governance regulators expect even at launch. Under PSD2, the competent authority grants authorization only if the applicant has robust governance arrangements, clear lines of responsibility, effective risk procedures, and adequate internal control mechanisms, and those arrangements must be comprehensive and proportionate to the nature, scale, and complexity of the business.
Another weak point is capital realism. The EMI applicant must evidence EUR 350,000 of initial capital, and the business plan must also show how the institution will maintain appropriate systems, resources, and procedures over the first three years. A startup that can scrape together minimum capital but cannot fund compliance, support, governance, safeguarding operations, and outsourced oversight still looks fragile. Regulators tend to see that quickly.
What makes a startup EMI application credible
A startup EMI application becomes credible not when it appears ambitious, but when it clearly demonstrates how the institution will operate as a regulated financial entity. Regulators are not assessing the idea — they are assessing whether the business can function within a supervisory framework, with clear structure, controls, and predictable processes.
First, the applicant must clearly define what exactly it will do: which e-money services it will provide (issuance, redemption, distribution), whether additional payment services are included, and within what scope. This should not be a high-level description, but a precise and limited product perimeter.
A core element is the flow of funds. The regulator expects a transparent, step-by-step explanation of how money moves: from customer onboarding and receipt of funds, to e-money issuance, internal flows, settlement, and redemption. At each stage, it must be clear where funds are held, who is involved, and what risks arise.
Equally critical is safeguarding of client funds. The application must explain where client funds are held, what safeguarding method is used (segregation or insurance), how protection is ensured, and who is operationally responsible for it.
The next layer is the operating model. Regulators will assess how key processes function in practice: customer onboarding (including AML/KYC), transaction processing, execution timelines, systems used, and the level of automation. Where third-party providers are involved, their role must be clearly defined within the overall business architecture.
Where outsourcing is present, particular attention is given to control over third parties. This includes contractual arrangements, monitoring mechanisms, and—most importantly—clear internal ownership of outsourced functions. Even where activities are delegated, accountability must remain within the EMI.
A fundamental component is governance and internal controls. The structure must clearly define roles, responsibilities, and control functions such as compliance, risk, and AML. It is not enough to name these functions — the application must demonstrate how they operate in practice.
The financial section should include a three-year model based on defendable assumptions. Regulators expect clarity on revenue drivers, cost structure, growth dynamics, and how financial projections are directly linked to the operating model rather than standing in isolation.
Another key aspect is capital and financial sustainability. The applicant must demonstrate the required initial capital (at least EUR 350,000) and show how it will maintain adequate own funds as the business develops.
In addition, stress scenarios play an important role. These should demonstrate how the business performs under less favorable conditions — slower growth, higher costs, or reduced revenues — allowing regulators to assess resilience beyond the base case.
Ultimately, a strong EMI application is not a collection of documents, but a coherent operating case, where the business model, fund flows, control framework, financial projections, and capital logic all reinforce each other.
This level of consistency is what turns a startup from an idea into a credible, governable institution ready for supervision.
The legal answer versus the practical answer
Legally, the answer is straightforward: yes, startups can apply. The regulatory framework does not limit EMI authorization to large fintechs. It explicitly accommodates applicants without an operating history and even those still in the process of incorporation. Authorization is granted once the authority is satisfied that the legal requirements are met and the overall assessment is favorable, with a formal decision expected within three months of a complete application.
Practically, however, the standard is significantly higher. A startup can obtain an EMI license only if it already operates like a supervised financial institution in miniature. This means having capital, people, governance, controls, and documentation in place before submission — not as a future plan. The EBA’s follow-up review highlights that low-quality applications remain a key source of delays, which is often where early-stage teams underestimate the level of preparedness required.
Czech Republic angle
For projects targeting the Czech Republic, the CNB process is formalized and fully electronic. Applications must be submitted using prescribed forms and supporting documentation, as recommended by the regulator. This does not inherently disadvantage startups, but it does require that the application file is structured, coherent, and regulator-readable from the outset.
In practice, this means that the submission must stand on its own. An application cannot rely on future clarification or informal explanations — it must already reflect a complete and internally consistent operating case. Founders who approach the process as something that can be “explained later” are typically misaligned with how the regulator reviews the file.
Need help with AML, governance, safeguarding, or the full EMI file?
Final answer
So, can a startup get an EMI license? Yes. But not because regulators are flexible toward startups — rather because the framework is built around readiness, prudence, and control, not company size.
Large fintechs may have structural advantages due to resources, but the license is not reserved for them. A well-prepared startup can succeed if it demonstrates real capital, credible management, a disciplined business plan, proportionate but effective controls, and a business model that can be supervised without ambiguity. In the end, credibility is not a function of scale — it is a function of how clearly the institution can be understood and governed.
FAQ
Can a startup get an EMI license?
Yes. EU regulation does not restrict EMI licenses to large fintechs — any startup can qualify if it demonstrates capital, governance, controls, and a business model that can operate under supervision from day one.
What do regulators actually look for in an EMI application?
Regulators focus on whether the institution is understandable and controllable in practice — including its operating model, fund flows, safeguarding, governance structure, and financial sustainability under both base and stress scenarios.
Does a startup need to be fully operational before applying?
Not fully operational, but operationally defined. The application must clearly show how the business will function in reality, with processes, controls, and responsibilities already designed and documented.
What is the biggest mistake startups make in EMI applications?
The most common mistake is submitting a “startup story” instead of an institutional case — for example, a pitch-style business plan without operational detail, controls, or realistic financial logic.
How important are fund flows in an EMI license application?
They are critical. A clear, step-by-step fund flow explanation allows the regulator to understand how money moves, where risks arise, and how safeguarding and control mechanisms are applied.
What level of governance is expected from a startup EMI?
Even at an early stage, regulators expect a real governance structure with defined roles, accountability, and functioning compliance, risk, and AML controls — not just nominal or future plans
Is the minimum capital of EUR 350,000 enough?
It is only the starting point. Regulators also expect the applicant to demonstrate that it can sustainably fund operations, compliance, controls, and growth over at least the first three years.
What makes one EMI application stronger than another?
Consistency. When the business model, fund flows, governance, financial projections, and capital logic all align and support each other, the application becomes credible and easier for the regulator to assess.
