Regulatory Framework for Wallet Services Under MiCA
Why MiCA changed the rules for crypto wallet providers
The introduction of the Markets in Crypto-Assets Regulation (MiCA) fundamentally reshaped how crypto wallet services are regulated across the European Union. Regulators now assess wallet providers that previously operated under light national regimes as fully regulated crypto-asset service providers (CASPs).
If a wallet platform stores assets for clients, controls private keys, or executes transactions on behalf of users, it falls within MiCA’s licensing perimeter. In such cases, obtaining a CASP license for crypto wallet providers is no longer optional but a legal prerequisite for EU operations.
MiCA aligns wallet services with traditional financial institutions, applying comparable standards in governance, AML controls, IT resilience, and client protection.
How MiCA defines crypto wallet services
MiCA does not regulate all wallets equally. The regulatory treatment depends on the level of control exercised by the provider.
Custodial wallet services
A CASP license is required where the provider:
- Safeguards crypto-assets for clients
- Holds or manages cryptographic keys
- Authorises or processes outgoing transactions
- Integrates wallet functionality with trading, payments, or custody services
These activities, therefore, are classified as custody and administration of crypto-assets on behalf of clients — one of the core regulated CASP services.
Non-custodial wallet solutions
Wallet software may remain outside the licensing scope only if:
- Users exclusively control private keys
- The provider cannot access or recover credentials
- The service is limited to technical or open-source functionality
In practice, many so-called non-custodial wallets introduce recovery features, smart contracts, or compliance layers that bring them back under regulation.
CASP licensing requirements for crypto wallet providers
As a result, securing a CASP license demands evidence of operational readiness rather than merely proving legal incorporation.
Regulatory expectations typically include:
Governance and management structure
Applicants must show a clear organisational hierarchy, fit-and-proper management, and effective EU-based decision-making; moreover, these elements are essential to demonstrate genuine substance within the Union.
AML and financial crime prevention
Wallet services face elevated AML risk. Regulators expect:
- Risk-based AML and KYC frameworks
- Ongoing transaction monitoring
- Sanctions screening and reporting procedures
- Clear escalation and SAR workflows
Supervisory authorities frequently reject template-based AML documentation.
Custody and asset protection model
Authorities assess how client assets are protected in practice, including:
- Key generation and storage mechanisms
- Hot and cold wallet separation
- Internal access controls
- Incident handling and recovery plans
ICT security and operational resilience
MiCA places strong emphasis on IT governance. Wallet providers must document:
- Cybersecurity policies
- System resilience and redundancy
- Business continuity and disaster recovery measures
Financial safeguards
Depending on the scope of services, minimum capital or insurance coverage may be required; moreover, operational and custody risks are mitigated through these requirements.
Typical compliance gaps in wallet licensing applications
Regulators frequently identify weaknesses where wallet providers:
- Mislabel custodial services as technical tools
- Provide insufficient detail on key management
- Lack documented transaction monitoring logic
- Operate without meaningful EU substance
- Underestimate post-licensing compliance obligations
Under MiCA, actual operational reality is focused on by supervisory authorities; consequently, descriptions of services in marketing materials are not relied upon.
Selecting a jurisdiction for CASP wallet authorisation
Although MiCA introduces EU-wide passporting, the initial licensing authority plays a decisive role. Wallet providers should consider:
- Regulatory experience with custody models
- Technical competence of the supervisor
- Review timelines and supervisory approach
Regulators often evaluate countries such as the Czech Republic, Lithuania, and France based on business structure, target markets, and compliance maturity.
Regulatory support for crypto wallet providers
AMS assists wallet providers throughout the full CASP licensing lifecycle, including:
- Regulatory qualification of wallet architecture
- Licensing strategy under MiCA
- AML, custody, and ICT policy development
- Application drafting and regulator interaction
- Ongoing compliance after authorisation
In practice, our work focuses on aligning documentation with real operational processes to ensure full compliance with supervisory expectations.
Summary
MiCA has transformed crypto wallets from lightly regulated products into fully supervised financial services. As a result, custodial wallet providers must obtain a CASP license to ensure legal, scalable, and bankable operations across the EU.
FAQ: CASP License for Crypto Wallet Providers
Are all wallet providers required to obtain a CASP license?
Only providers offering custodial wallet services or controlling private keys fall within mandatory licensing scope.
Can wallet services be offered without an EU entity?
No. Regulated wallet services must be provided through an authorised EU legal entity.
Are wallet providers subject to full AML requirements?
Yes. Custodial wallets are treated as high-risk services and must implement comprehensive AML controls.
Is outsourcing allowed for AML or IT functions?
Outsourcing is permitted, but the licensed CASP remains fully accountable to the regulator.
When should CASP preparation begin?
Compliance planning should start before launch. Late adjustments often lead to delays or refusal.
