A MiCA CASP licence may not be enough. Discover when and why crypto projects require dual authorisation under PSD2 and how to coordinate both licensing processes efficiently.
The regulation of crypto-assets in the European Union entered an entirely new phase with the adoption of the MiCA Regulation. Many companies planning to provide crypto-asset services today automatically assume that obtaining a CASP licence under MiCA will be sufficient for their entire business model. In practice, however, we increasingly encounter situations where a MiCA licence alone is not sufficient and the project simultaneously falls within the regulatory framework of PSD2.
The question of the relationship between MiCA and PSD2 currently represents one of the most complex issues when structuring crypto projects in Europe. In its opinion on the relationship between MiCA and PSD2, the European Banking Authority (EBA) explicitly states that certain types of services may give rise to the obligation of so-called “dual authorisation”, i.e. simultaneous authorisation under both MiCA and PSD2.
In practice, this particularly concerns situations where a CASP project does not work exclusively with crypto-assets but also enters the area of fiat payments, transfer of funds, or the provision of payment services.
MiCA itself does not represent a universal licence for any financial infrastructure related to crypto. It regulates the provision of crypto-asset services, but not all aspects of fiat currency flows or payment transactions. This is precisely where PSD2 begins to apply.
A typical example includes projects enabling clients to deposit fiat currency, execute payment transactions, perform electronic money transfers, or process peer-to-peer payments through EMT tokens. In its opinion, the EBA distinguishes several situations and emphasises that transfers of EMT tokens may constitute a regulated payment service under PSD2 where such tokens are used as a means of payment or for peer-to-peer payments.
On the other hand, not every CASP activity automatically creates the need for a PSD2 licence. In its interpretation, the European Commission states that the mere exchange of crypto-assets for fiat currency or for other crypto-assets, provided that the CASP does not act as an intermediary of a payment transaction between the payer and the payee, does not necessarily constitute a payment service under PSD2.
Incorrectly assessing the boundary between MiCA and PSD2 currently represents one of the most common mistakes made by applicants. Many crypto companies focus exclusively on obtaining a MiCA licence while underestimating the regulatory implications of working with fiat infrastructure. The result is often a situation where, during the licensing process, the regulator identifies the need for PSD2 authorisation, subsequently causing substantial delays to the proceedings, the need to supplement documentation, or even the redesign of the business model.
From a practical perspective, we therefore recommend analysing PSD2 implications already at the earliest stage of the project. This is particularly important for platforms planning:
- custody of fiat funds,
- payment flows between users,
- issuance or transfer of EMT tokens,
- crypto cards,
- IBAN infrastructure,
- embedded finance solutions,
- wallet solutions for retail clients.
In many cases, it may not be necessary to obtain a proprietary PSD2 licence. MiCA expressly contemplates the possibility of partnering with an existing payment service provider (PSP); however, such partner must also hold a CASP authorisation. For certain startups, this model may prove significantly more efficient from the perspective of costs, timing, and regulatory burden.
A PSD2 licence itself represents a separate and comprehensive regulatory regime. In addition to the authorisation process itself, it is necessary to consider further requirements relating to:
- initial capital and own funds,
- AML/KYC framework,
- governance and management body,
- internal control mechanisms,
- IT security and authentication.
The EBA further points out that dual licensing represents a significant administrative burden not only for the companies themselves but also for regulators, particularly in situations where MiCA and PSD2 supervision is exercised by different supervisory authorities. For this reason as well, the proper structuring of the licensing strategy is absolutely crucial before submitting the application itself.
In practice, we often encounter projects addressing MiCA and PSD2 separately, without coordination of documentation. Such an approach, however, leads to duplication of processes, inconsistent internal policies, and unnecessary complications during communication with regulators.
When structured properly, both licensing processes may be coordinated in parallel. The simultaneous preparation of MiCA and PSD2 documentation allows for a more efficient setup of:
- corporate governance,
- AML framework,
- outsourcing,
- ICT documentation,
- risk management,
- internal policies,
- personnel structure.
A coordinated approach currently represents one of the most important factors for a successful licensing process for modern fintech and crypto projects.
For founders of crypto companies, it is therefore essential to realise that the question “Do we also need PSD2?” should be one of the first regulatory analyses conducted even before market entry itself.
Incorrect assessment of this issue is currently among the most common reasons for:
- prolongation of licensing proceedings,
- additional regulatory requirements,
- substantial changes to the business model,
- delays in project launch,
- increased compliance costs.
In many cases, a MiCA licence therefore does not represent the final objective, but rather one component of a broader regulatory infrastructure of the project. In modern crypto-fiat models, it is increasingly necessary to consider MiCA and PSD2 together — not separately.
